Merge pull request #61 from 1Password/scottisloud/issue58

scottisloud · web-flow · commit c503b37fd9d1 · 2024-02-28T16:48:46.000-08:00
updating syntax to use permissions options
diff --git a/account-management/remove-export-all-groups-and-vault.sh b/account-management/remove-export-all-groups-and-vault.sh
@@ -12,7 +12,7 @@
 #
 # This script requires `jq` is installed on your system. See: https://stedolan.github.io/jq/ for installation instructions.
 
-vault_IDs=($(op vault list --format=json | jq --raw-output '.[] .id'))
+vault_IDs=($(op vault list --permission=manage_vault --format=json | jq --raw-output '.[] .id'))
 
 for vault in $vault_IDs 
 do
diff --git a/migration/cleanup-scripts/README.md b/migration/cleanup-scripts/README.md
@@ -2,8 +2,8 @@
 
 This is a collection of scripts that can help you clean up your 1Password account after performing a migration from LastPass. 
 
-> ⚠️ **Warning**  
-> Currently, you must use version 2.21 or older of the 1Password CLI when running these scripts. Version 2.22 and newer introduced changes that prevent these scripts from performing as-expected. Download version 2.21 the 1Password website [here](https://app-updates.agilebits.com/product_history/CLI2#v2210002).
+> 💡 **NOTE**  
+> Many of these scripts require version 2.25 or newer of the 1Password CLI. Download the latest version [here](https://developer.1password.com/docs/cli/get-started).
 
 ## Contents
 
diff --git a/migration/cleanup-scripts/move_items_to_tracked_vault.py b/migration/cleanup-scripts/move_items_to_tracked_vault.py
@@ -17,6 +17,16 @@ def __init__(self, name, uuid, itemCount, created, updated):
         self.updated = updated
 
 
+# Check CLI version
+def checkCLIVersion():
+    r = subprocess.run(["op", "--version", "--format=json"], capture_output=True)
+    major, minor = r.stdout.decode("utf-8").rstrip().split(".", 2)[:2]
+    if not major == 2 and not int(minor) >= 25:
+        sys.exit(
+            "❌ You must be using version 2.25 or greater of the 1Password CLI. Please visit https://developer.1password.com/docs/cli/get-started to download the lastest version."
+        )
+
+
 # Get a list of vaults the logged-in user has access to
 # Skips any Private vaults and the Metadata vault.
 # Fetches all vault details and returns them as a Python object
@@ -37,7 +47,7 @@ def getVaults():
     vaults = []
     try:
         getVaultsCommand = subprocess.run(
-            ["op", "vault", "list", "--group=Owners", "--format=json"],
+            ["op", "vault", "list", "--permission=manage_vault", "--format=json"],
             check=True,
             capture_output=True,
         )
@@ -294,6 +304,7 @@ def revokeUntrackedVaultPermissions(untrackedVaults):
 
 
 def main():
+    checkCLIVersion()
     vaults = []
     vaultGroups = {}
     vaultDetails = getVaults()
diff --git a/migration/cleanup-scripts/remove_imported_prefix.py b/migration/cleanup-scripts/remove_imported_prefix.py
@@ -1,27 +1,53 @@
 import subprocess
 import json
+import sys
+
+
+# Check CLI version
+def checkCLIVersion():
+    r = subprocess.run(["op", "--version", "--format=json"], capture_output=True)
+    major, minor = r.stdout.decode("utf-8").rstrip().split(".", 2)[:2]
+    if not major == 2 and not int(minor) >= 25:
+        sys.exit(
+            "❌ You must be using version 2.25 or greater of the 1Password CLI. Please visit https://developer.1password.com/docs/cli/get-started to download the lastest version."
+        )
 
 
 def getVaults():
     try:
-        return subprocess.run("op vault list --group=Owners --format=json", shell=True, check=True, capture_output=True).stdout
-    except (Exception) as err:
-        print(f"Encountered an error getting the list of vaults you have access to: ", err)
+        return subprocess.run(
+            ["op", "vault", "list", "--permission=manage_vault", "--format=json"],
+            check=True,
+            capture_output=True,
+        ).stdout
+    except Exception as err:
+        print(
+            f"Encountered an error getting the list of vaults you have access to: ", err
+        )
         return
 
+
 def main():
+    checkCLIVersion()
     vaultList = json.loads(getVaults())
-    print("Removing 'Imported' prefix from all imported vaults in your 1Password account.\n\n")
+    print(
+        "Removing 'Imported' prefix from all imported vaults in your 1Password account.\n\n"
+    )
     for vault in vaultList:
         vaultID = vault["id"]
         vaultName = vault["name"]
-        if (vaultName.startswith("Imported ")):
+        if vaultName.startswith("Imported "):
             trimmedName = vaultName.removeprefix("Imported ")
             try:
-                subprocess.run(["op", "vault", "edit", vaultID, f"--name={trimmedName}"], check=True, capture_output=True)
-                print(f"\t Changed \"{vaultName}\" => \"{trimmedName}\"")
-            except (Exception) as err:
+                subprocess.run(
+                    ["op", "vault", "edit", vaultID, f"--name={trimmedName}"],
+                    check=True,
+                    capture_output=True,
+                )
+                print(f'\t Changed "{vaultName}" => "{trimmedName}"')
+            except Exception as err:
                 print(f"Encountered an error renaming {vaultName}: ", err)
                 continue
 
-main()
+
+main()
diff --git a/migration/cleanup-scripts/vault_dedupe_helper.py b/migration/cleanup-scripts/vault_dedupe_helper.py
@@ -1,52 +1,94 @@
 ###
-# A script that will produce a csv-like report to assist with de-duplication. 
+# A script that will produce a csv-like report to assist with de-duplication.
 # Outputs vaultName, vaultUUID, itemCount, vault creation date, vault updated, number of users
 ###
 import os
 import subprocess
 import csv
 import json
 from datetime import datetime
+import sys
 
 scriptPath = os.path.dirname(__file__)
 outputPath = scriptPath  # Optionally choose an alternative output path here.
 
+
+# Check CLI version
+def checkCLIVersion():
+    r = subprocess.run(["op", "--version", "--format=json"], capture_output=True)
+    major, minor = r.stdout.decode("utf-8").rstrip().split(".", 2)[:2]
+    if not major == 2 and not int(minor) >= 25:
+        sys.exit(
+            "❌ You must be using version 2.25 or greater of the 1Password CLI. Please visit https://developer.1password.com/docs/cli/get-started to download the lastest version."
+        )
+
+
 # Get a list of vaults the logged-in user has access to
 def getVaults():
     try:
-        return subprocess.run("op vault list --group=Owners --format=json", shell=True, check=True, capture_output=True).stdout
-    except (Exception) as err:
-        print(f"Encountered an error getting the list of vaults you have access to: ", err)
+        return subprocess.run(
+            ["op", "vault", "list", "--permission=manage_vault", "--format=json"],
+            check=True,
+            capture_output=True,
+        ).stdout
+    except Exception as err:
+        print(
+            f"Encountered an error getting the list of vaults you have access to: ", err
+        )
         return
-    
+
+
 # Get a list of users and their permissions for a vault
 def getVaultUserList(vaultID):
     try:
-        return subprocess.run(f"op vault user list {vaultID} --format=json", shell=True, check=True, capture_output=True).stdout
-    except (Exception) as err:
-        print(f"Encountered an error getting the list of users for vault {vaultID}: ", err)
+        return subprocess.run(
+            f"op vault user list {vaultID} --format=json",
+            shell=True,
+            check=True,
+            capture_output=True,
+        ).stdout
+    except Exception as err:
+        print(
+            f"Encountered an error getting the list of users for vault {vaultID}: ", err
+        )
         return
 
+
 # Get the details of a vault
 def getVaultDetails(vaultID):
     try:
-        return subprocess.run(f"op vault get {vaultID} --format=json", shell=True, check=True, capture_output=True).stdout
-    except (Exception) as err:
+        return subprocess.run(
+            f"op vault get {vaultID} --format=json",
+            shell=True,
+            check=True,
+            capture_output=True,
+        ).stdout
+    except Exception as err:
         print(f"Encountered an error getting details for vault {vaultID}: ", err)
         return
 
+
 # Make dates returned from the CLI a bit nicer
 def formatDate(date):
     isoDate = datetime.fromisoformat(date)
     return f"{isoDate.year}-{isoDate.month}-{isoDate.day} {isoDate.hour}:{isoDate.minute}:{isoDate.second}"
 
+
 def main():
+    checkCLIVersion()
     vaultList = json.loads(getVaults())
     with open(f"{outputPath}/vaultreport.csv", "w", newline="") as outputFile:
         csvWriter = csv.writer(outputFile)
-        fields = ["vaultName", "vaultUUD", "itemCount", "vaultCreated", "vaultUpdated", "userCount"]
+        fields = [
+            "vaultName",
+            "vaultUUD",
+            "itemCount",
+            "vaultCreated",
+            "vaultUpdated",
+            "userCount",
+        ]
         csvWriter.writerow(fields)
-        
+
         for vault in vaultList:
             if vault["name"] == "Private":
                 continue
@@ -56,19 +98,25 @@ def main():
             dateCreated = formatDate(vaultDetails["created_at"])
             dateUpdated = formatDate(vaultDetails["updated_at"])
 
-            csvWriter.writerow([
+            csvWriter.writerow(
+                [
+                    vault["name"],
+                    vault["id"],
+                    vaultDetails["items"],
+                    dateCreated,
+                    dateUpdated,
+                    userCount,
+                ]
+            )
+
+            print(
                 vault["name"],
                 vault["id"],
                 vaultDetails["items"],
                 dateCreated,
                 dateUpdated,
-                userCount
-            ]) 
-            
-            print(vault["name"],
-                vault["id"],
-                vaultDetails["items"],
-                dateCreated,
-                dateUpdated,
-                userCount)
-main()
+                userCount,
+            )
+
+
+main()
diff --git a/reporting/README.md b/reporting/README.md
@@ -2,8 +2,8 @@
 
 This directory provides a series of scripts demonstrating how to use the CLI to generate summary reports of vault access, contents, and permissions.
 
-> ⚠️ **Warning**  
-> Currently, you must use version 2.21 or older of the 1Password CLI when running these scripts. Version 2.22 and newer introduced changes that prevent these scripts from performing as-expected. Download version 2.21 the 1Password website [here](https://app-updates.agilebits.com/product_history/CLI2#v2210002).
+> 💡 **NOTE**  
+> Many of these scripts require version 2.25 or newer of the 1Password CLI. Download the latest version [here](https://developer.1password.com/docs/cli/get-started).
 
 ## User vault access reports
 The following scripts provide information about people who are directly granted access to vaults. It does not include groups.  
diff --git a/reporting/user-and-item-list.py b/reporting/user-and-item-list.py
diff --git a/reporting/vault-user-access-report.py b/reporting/vault-user-access-report.py
diff --git a/reporting/vault-user-group-access-report.py b/reporting/vault-user-group-access-report.py

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`#`
`13`	`13`	# This script requires `jq` is installed on your system. See: https://stedolan.github.io/jq/ for installation instructions.
`14`	`14`
`15`		`-vault_IDs=($(op vault list --format=json \| jq --raw-output '.[] .id'))`
	`15`	`+vault_IDs=($(op vault list --permission=manage_vault --format=json \| jq --raw-output '.[] .id'))`
`16`	`16`
`17`	`17`	`for vault in $vault_IDs`
`18`	`18`	`do`