From ad1cc9f6463adfce1622e73c8339d3f6b46cfac6 Mon Sep 17 00:00:00 2001 From: Nico Angelo Date: Fri, 21 Apr 2023 16:50:33 +0200 Subject: [PATCH] switch to JSON mode of cli pass around logger --- src/bitwardenCrdOperator.py | 6 +++--- src/dockerlogin.py | 4 ++-- src/kv.py | 4 ++-- src/lookups/bitwarden_lookup.py | 2 +- src/utils/utils.py | 31 +++++++++++++++++-------------- 5 files changed, 25 insertions(+), 22 deletions(-) diff --git a/src/bitwardenCrdOperator.py b/src/bitwardenCrdOperator.py index 5e11bef..e199950 100755 --- a/src/bitwardenCrdOperator.py +++ b/src/bitwardenCrdOperator.py @@ -9,12 +9,12 @@ from utils.utils import command_wrapper, unlock_bw def bitwarden_signin(logger, **kwargs): if 'BW_HOST' in os.environ: try: - command_wrapper(f"config server {os.getenv('BW_HOST')}") + command_wrapper(logger, f"config server {os.getenv('BW_HOST')}") except BaseException: - logger.warn("Revieved none zero exit code from server config") + logger.warn("Received non-zero exit code from server config") logger.warn("This is expected from startup") pass else: logger.info("BW_HOST not set. Assuming SaaS installation") - command_wrapper("login --apikey") + command_wrapper(logger, "login --apikey") unlock_bw(logger) diff --git a/src/dockerlogin.py b/src/dockerlogin.py index 1ad0f3c..9341ec3 100644 --- a/src/dockerlogin.py +++ b/src/dockerlogin.py @@ -46,7 +46,7 @@ def create_managed_registry_secret(spec, name, namespace, logger, **kwargs): unlock_bw(logger) logger.info(f"Locking up secret with ID: {id}") - secret_json_object = json.loads(get_secret_from_bitwarden(id)) + secret_json_object = get_secret_from_bitwarden(logger, id) api = kubernetes.client.CoreV1Api() @@ -118,7 +118,7 @@ def update_managed_registry_secret( unlock_bw(logger) logger.info(f"Locking up secret with ID: {id}") - secret_json_object = json.loads(get_secret_from_bitwarden(id)) + secret_json_object = get_secret_from_bitwarden(logger, id) api = kubernetes.client.CoreV1Api() diff --git a/src/kv.py b/src/kv.py index 17104e3..cdb07f9 100644 --- a/src/kv.py +++ b/src/kv.py @@ -45,7 +45,7 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs): unlock_bw(logger) logger.info(f"Locking up secret with ID: {id}") - secret_json_object = json.loads(get_secret_from_bitwarden(id)) + secret_json_object = get_secret_from_bitwarden(logger, id) api = kubernetes.client.CoreV1Api() @@ -106,7 +106,7 @@ def update_managed_secret( unlock_bw(logger) logger.info(f"Locking up secret with ID: {id}") - secret_json_object = json.loads(get_secret_from_bitwarden(id)) + secret_json_object = get_secret_from_bitwarden(logger, id) api = kubernetes.client.CoreV1Api() diff --git a/src/lookups/bitwarden_lookup.py b/src/lookups/bitwarden_lookup.py index 8a6965b..159542e 100644 --- a/src/lookups/bitwarden_lookup.py +++ b/src/lookups/bitwarden_lookup.py @@ -4,7 +4,7 @@ from utils.utils import get_secret_from_bitwarden, parse_fields_scope, parse_log def bitwarden_lookup(id, scope, field): - _secret_json = json.loads(get_secret_from_bitwarden(id)) + _secret_json = get_secret_from_bitwarden(None, id) if scope == "login": return parse_login_scope(_secret_json, field) if scope == "fields": diff --git a/src/utils/utils.py b/src/utils/utils.py index 65f4e0a..aac8c61 100644 --- a/src/utils/utils.py +++ b/src/utils/utils.py @@ -7,44 +7,47 @@ class BitwardenCommandException(Exception): pass -def get_secret_from_bitwarden(id): - return command_wrapper(command=f"get item {id}") +def get_secret_from_bitwarden(logger, id): + return command_wrapper(logger, command=f"get item {id}") def unlock_bw(logger): - status_output = command_wrapper("status") - status = json.loads(status_output)['status'] + status_output = command_wrapper(logger, "status", False) + status = status_output['data']['template']['status'] if status == 'unlocked': logger.info("Already unlocked") return - token_output = command_wrapper("unlock --passwordenv BW_PASSWORD") - tokens = token_output.split('"')[1::2] - os.environ["BW_SESSION"] = tokens[1] + token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD") + os.environ["BW_SESSION"] = token_output["data"]["raw"] logger.info("Signin successful. Session exported") -def command_wrapper(command): +def command_wrapper(logger, command, use_success: bool = True): system_env = dict(os.environ) sp = subprocess.Popen( - [f"bw {command}"], + [f"bw --response {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env) out, err = sp.communicate() - if err: - raise BitwardenCommandException(err) - return out.decode(encoding='UTF-8') + resp = json.loads(out.decode(encoding='UTF-8')) + if os.environ["DEBUG"] != None: + logger.info(resp) + if resp["success"] != None and (not use_success or (use_success and resp["success"] == True)): + return resp + logger.warn(resp) + return None def parse_login_scope(secret_json, key): - return secret_json["login"][key] + return secret_json["data"]["login"][key] def parse_fields_scope(secret_json, key): if "fields" not in secret_json: return None - for entry in secret_json["fields"]: + for entry in secret_json["data"]["fields"]: if entry['name'] == key: return entry['value']