-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial 1Password Connect Python SDK Commit
- Loading branch information
0 parents
commit 4032af0
Showing
26 changed files
with
4,182 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,146 @@ | ||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Distribution / packaging | ||
.Python | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
lib/ | ||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
wheels/ | ||
share/python-wheels/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
MANIFEST | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.nox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*.cover | ||
*.py,cover | ||
.hypothesis/ | ||
.pytest_cache/ | ||
cover/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
local_settings.py | ||
db.sqlite3 | ||
db.sqlite3-journal | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
.pybuilder/ | ||
target/ | ||
|
||
# Jupyter Notebook | ||
.ipynb_checkpoints | ||
|
||
# IPython | ||
profile_default/ | ||
ipython_config.py | ||
|
||
# pyenv | ||
# For a library or package, you might want to ignore these files since the code is | ||
# intended to run in multiple environments; otherwise, check them in: | ||
# .python-version | ||
|
||
# pipenv | ||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. | ||
# However, in case of collaboration, if having platform-specific dependencies or dependencies | ||
# having no cross-platform support, pipenv may install dependencies that don't work, or not | ||
# install all needed dependencies. | ||
#Pipfile.lock | ||
|
||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow | ||
__pypackages__/ | ||
|
||
# Celery stuff | ||
celerybeat-schedule | ||
celerybeat.pid | ||
|
||
# SageMath parsed files | ||
*.sage.py | ||
|
||
# Environments | ||
.env | ||
.venv | ||
env/ | ||
venv/ | ||
ENV/ | ||
env.bak/ | ||
venv.bak/ | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
.spyproject | ||
|
||
# Rope project settings | ||
.ropeproject | ||
|
||
# mkdocs documentation | ||
/site | ||
|
||
# mypy | ||
.mypy_cache/ | ||
.dmypy.json | ||
dmypy.json | ||
|
||
# Pyre type checker | ||
.pyre/ | ||
|
||
# pytype static type analyzer | ||
.pytype/ | ||
|
||
# Cython debug symbols | ||
cython_debug/ | ||
|
||
# VScode | ||
.vscode/ | ||
|
||
# Goland | ||
.idea/ | ||
|
||
.DS_Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) [2020] [1Password] | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,189 @@ | ||
# 1Password Connect Python SDK | ||
|
||
The 1Password Connect SDK provides access to the 1Password via 1Password Connect hosted on your infrastructure. The library is intended to be used by Python applications to simplify accessing `items` in 1Password `vaults`. | ||
|
||
## Prerequisites: | ||
|
||
- 1Password Connect deployed in your infrastructure. | ||
## Installation | ||
|
||
`pip install https://github.com/1Password/connect-sdk-python/archive/v{version}.zip` | ||
|
||
## Usage | ||
|
||
**Import 1Password Connect Python SDK** | ||
|
||
```python | ||
import onepasswordconnectsdk | ||
``` | ||
|
||
**Environment Variables** | ||
|
||
- **OP_CONNECT_TOKEN** – The token to be used to authenticate with the 1Password Connect API. | ||
- **OP_VAULT** - The default vault to fetch items from if not specified. | ||
|
||
**Creating a Client** | ||
|
||
There are two methods available for creating a client: | ||
|
||
- `new_client_from_environment`: Builds a new client for interacting with 1Password Connect using the `OP_CONNECT_TOKEN` *environment variable (ie a 1Password Connect API token)* and the hostname of 1Password Connect. | ||
- `new_client`: Builds a new client for interacting with 1Password Connect. Accepts the hostname of 1Password Connect and the API token generated for the application. | ||
|
||
```python | ||
:from onepasswordconnectsdk.client import ( | ||
Client, | ||
new_client_from_environment | ||
) | ||
|
||
# creating client using OP_CONNECT_TOKEN environment variable | ||
client: Client = new_client_from_environment( | ||
"{1Password_Connect_Host}") | ||
|
||
# creating client by supplying hostname and 1Password Connect API token | ||
client: Client = new_client_from_environment( | ||
"{1Password_Connect_Host}", | ||
"{1Password_Connect_API_Token}") | ||
``` | ||
|
||
**Get Item** | ||
|
||
Get a specific item by item and vault uuids: | ||
|
||
```python | ||
client.get_item("{item_id}", "{vault_id}") | ||
``` | ||
|
||
**Get Item By Title** | ||
|
||
Get item by item title and vault id | ||
|
||
```python | ||
client.get_item_by_title("{item_title}", "{vault_id}") | ||
``` | ||
|
||
**Get Items** | ||
|
||
Get a summarized list of all items for a specified vault | ||
|
||
```python | ||
client.get_items("{vault_id}") | ||
``` | ||
|
||
**Delete Item** | ||
|
||
Delete an item by item and vault ids: | ||
|
||
```python | ||
client.delete_item("{item_id}", "{vault_id}") | ||
``` | ||
|
||
**Create Item** | ||
|
||
Create an item in the specified vault. | ||
|
||
```python | ||
# Example item creation. Create an item with your desired arguments. | ||
item = onepasswordconnectsdk.models.FullItem(vault=ItemVault(id="av223f76ydutdngislnkbz6z5u"), | ||
id="kp2td65r4wbuhocwhhijpdbfqq", | ||
title="newtitle", | ||
category="LOGIN", | ||
tags=["1password-connect"], | ||
fields=[FullItemAllOfFields(value="new_user", | ||
purpose="USERNAME")], | ||
) | ||
client.create_item("{vault_id}", item) | ||
``` | ||
|
||
**Update Item** | ||
|
||
Item the item with the specified item and vault ids. The existing item will be overwritten with the newly supplied item. | ||
|
||
```python | ||
# Example item creation. Create an item with your desired arguments. | ||
item = onepasswordconnectsdk.models.FullItem(vault=ItemVault(id="av223f76ydutdngislnkbz6z5u"), | ||
id="kp2td65r4wbuhocwhhijpdbfqq", | ||
title="newtitle", | ||
category="LOGIN", | ||
tags=["1password-connect"], | ||
fields=[FullItemAllOfFields(value="new_user", | ||
purpose="USERNAME")], | ||
) | ||
client.update_item("{item_id}", "{vault_id}", item) | ||
``` | ||
|
||
**Get Vault** | ||
|
||
Get vault by vault id | ||
|
||
```python | ||
client.get_vault("{vault_id}") | ||
``` | ||
|
||
**Get Vaults** | ||
|
||
Retrieve all vaults available to the service account. | ||
|
||
```python | ||
client.get_vaults() | ||
``` | ||
|
||
**Load Configuration** | ||
|
||
Users can create `classes` or `dicts` that describe fields they wish to get the values from in 1Password. Two convienience methods are provided that will handle the fetching of values for these fields: | ||
|
||
- **load_dict**: Takes a dictionary with keys specifying the user desired naming scheme of the values to return. Each key's value is a dictionary that includes information on where to find the item field value in 1Password. This returns a dictionary of user specified keys with values retrieved from 1Password | ||
- **load**: Takes an object with class attributes annotated with tags describing where to find desired fields in 1Password. Manipulates given object and fills attributes in with 1Password item field values. | ||
|
||
```python | ||
# example dict configuration for onepasswordconnectsdk.load_dict(CONFIG) | ||
CONFIG = { | ||
"server": { | ||
"opitem": "My database item", | ||
"opfield": "specific_section.hostname", | ||
"opvault": "some_vault_id", | ||
}, | ||
"database": { | ||
"opitem": "My database item", | ||
"opfield": ".database", | ||
}, | ||
"username": { | ||
"opitem": "My database item", | ||
"opfield": ".username", | ||
}, | ||
"password": { | ||
"opitem": "My database item", | ||
"opfield": ".password", | ||
}, | ||
} | ||
|
||
values_dict = onepasswordconnectsdk.load_dict(CONFIG) | ||
``` | ||
|
||
```python | ||
# example class configuration for onepasswordconnectsdk.load(CONFIG) | ||
class Config: | ||
server: 'opitem:"My database item" opvault:some_vault_id opfield:specific_section.hostname' = None | ||
database: 'opitem:"My database item" opfield:.database' = None | ||
username: 'opitem:"My database item" opfield:.username' = None | ||
password: 'opitem:"My database item" opfield:.password' = None | ||
|
||
CONFIG = Config() | ||
|
||
values_object = onepasswordconnectsdk.load(CONFIG) | ||
``` | ||
|
||
## Development | ||
|
||
**Testing** | ||
|
||
```bash | ||
$ pytest | ||
``` | ||
|
||
## Security | ||
|
||
1Password requests you practice responsible disclosure if you discover a vulnerability. | ||
|
||
Please file requests via [**BugCrowd**](https://bugcrowd.com/agilebits). | ||
|
||
For information about security practices, please visit our [Security homepage](https://bugcrowd.com/agilebits). |
Oops, something went wrong.