[SM-983] - init

[tangowithfoxtrot]

🎟️ Tracking

🚧 Type of change

• 🚀 New feature development
• 🤖 Build/deploy pipeline (DevOps)

📔 Objective

This is the initial upload of the Bitwarden Secrets Manager Ansible lookup plugin. It includes a sample workflow that can publish to Ansible Galaxy. The workflow will need to be modified according to our needs.

This relies on the Python SDK, so bitwarden/sdk/#369 and a publishing workflow should be completed before we publish the Ansible plugin anywhere.

📋 Code changes

• plugins/lookup/bitwarden_sm.py: The plugin itself. It uses the Python SDK it retrieve secrets and outputs them to Ansible. It can also be executed as a standalone script for easy development.
• .github/workflows/publish-to-galaxy.yml: Rudimentary publishing workflow. The secrets for this workflow do not currently exist, as we do not have a bitwarden namespace on Ansible Galaxy. We will need to create one and update the secrets in the workflow. For now, we should probably disable it until we're ready to publish it.
• ansible.cfg: Ansible configuration that points to the local plugin to aid in testing it locally
• examples/test*.yml: Rudimentary Ansible playbooks for testing
• galaxy.yml: The manifest used for the Ansible Galaxy page. We will need to reserve the bitwarden namespace. The license type can be updated before publishing as well, if need be.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[michalchecinski]

The .github/workflows/publish-to-galaxy.yml workflow is failing. Other than that I don't see any issues 😃

[tangowithfoxtrot]

Thanks, @michalchecinski. I updated my PR notes about that file. I was thinking that we'd disable the workflow until we have a bitwarden namespace on Ansible Galaxy and update the secret retrieval step to retrieve the API key for our new account.

I tested this workflow by publishing to my personal namespace, and I used Bitwarden Secrets Manager to retrieve the secrets 😊 . Of course, once we have a bitwarden account on Ansible Galaxy, feel free to swap that out with whatever secrets management solution that DevOps would like to use.

[Thomas-Avery]

This is looking good, great work! A couple minor things to look over.

I did notice that it looks like prettier isn't currently setup and ran on the repo.

Feel free to reach out, and we can work on getting a separate PR for that.

[Thomas-Avery]

Looks great, code is easy to read and understand!

General question are these Ansible modules expected to log as they process?

For example, in the sm-action we have:

Parsing secrets input
Authenticating to Bitwarden
Setting Secrets
Completed setting secrets as environment variables.

[tangowithfoxtrot]

General question are these Ansible modules expected to log as they process?

For example, in the sm-action we have:

Parsing secrets input
Authenticating to Bitwarden
Setting Secrets
Completed setting secrets as environment variables.

Good question! By default, the output of the module is generally just the requested lookup data, but you can supply -v, -vv, etc. when you run the ansible-playbook command to specify output verbosity. I see that there are correlating functions that I can use to provide additional output in that case. I'll make it so that if they run ansible-playbook -v, it'll provide similar output.

[Thomas-Avery]

Looks good, thank you!