CLI command fails when run with Ansible playbook
Hello,
I'm struggling to try and get an Ansible playbook that updates a Password in my 1Password vault. Here is the simplified playbook:
```
- name: Configuration of the Bootstrap server
hosts: host1
vars:
onepass_item: FreeIPA (Admin)
onepass_file: /tmp/Item.json
tasks:
- name: Verify that 1Password CLI is available on Controller node.
ansible.builtin.stat:
path: "/usr/bin/op"
delegate_to: localhost
register: onepass_cli
- name: Verify that 1Password CLI is available on Controller node.
ansible.builtin.assert:
that:
- onepass_cli.stat.exists
fail_msg: "1Password CLI could not be found"
delegate_to: localhost
- name: Verify that 1Password CLI is connected to a 1Password Vault on the Controller node.
ansible.builtin.shell:
cmd: "/usr/bin/op item get \"{{ onepass_item }}\" --fields username"
delegate_to: localhost
register: onepass_cli_output
failed_when: onepass_cli_output.rc != 0
changed_when: onepass_cli_output.rc != 0
- name: Generate a new random password for the FreeIPA Admin User
ansible.builtin.set_fact:
refresh_ipa_admin_password: "{{ lookup('ansible.builtin.password', '/dev/null length=20 chars=ascii_letters,digits') }}"
no_log: true
- name: Download the item in the 1Password Vault to a JSON file.
ansible.builtin.shell:
cmd: "/usr/bin/op item get \"{{ onepass_item }}\" --format json > {{ onepass_file }}"
delegate_to: localhost
register: onepass_cli_output
failed_when: onepass_cli_output.rc != 0
changed_when: onepass_cli_output.rc != 0
- name: Modify JSON file
ansible.builtin.shell:
cmd: jq '.fields |= map(if .id == "password" then .value = "{{ refresh_ipa_admin_password }}" else . end)' {{ onepass_file }} > /tmp/Item_modified.json && mv /tmp/Item_modified.json {{ onepass_file }}
delegate_to: localhost
register: result
changed_when: result.rc != 0
- name: Update the 1Password Vault entry for login via UI
ansible.builtin.shell:
cmd: "/usr/bin/op item edit \"{{ onepass_item }}\" --template={{ onepass_file }}"
delegate_to: localhost
```
The final step Update the 1Password Vault entry for login via UI fails with the error
"stderr": "[ERROR] 2024/01/13 16:19:20 cannot edit an item from template and stdin at the same time",
However, when I run the command /usr/bin/op item edit "FreeIPA (Admin)" --template=/tmp/Item.json from a interactive shell the command runs correctly.
I'm using 1Password CLI 2.24.0.
I'm not able to figure out why this is not working when run with Ansible. Any help would be very welcome!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
