Add collection management commands and non-interactive unlock#351
Open
FluffyDiscord wants to merge 7 commits into
Open
Add collection management commands and non-interactive unlock#351FluffyDiscord wants to merge 7 commits into
FluffyDiscord wants to merge 7 commits into
Conversation
cd53784 to
7b97220
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This adds organization collection management to
rbw, plus a non-interactive unlock path so the agent can run headless (servers, cron) without a pinentry prompt.New commands
list-collections(aliaslsc)--rawfor JSON)create-collection <name> --org-id <id>rename-collection <id> --organizationid <id> <name>delete-collection <collection-id> --org-id <id>edit-collections <entry-id> <collections>propagate-collection-permissions [--org-id <id>] [--apply] [-v]propagate-collection-permissionsCollections in Vaultwarden/Bitwarden are flat names with
/as a path separator (e.g.Projects/foo,Projects/foo/Dev). This command walks each member's grants and, for the topmost collection they hold, gives them can edit, then can manage on every collection nested beneath it.--applyis required to write.--applyis idempotent.collections/details, which batches every collection'susers[]), one PUT per changed collection, and zero writes in steady state, so it's safe to run daily/on-demand.accessAllmembers, and unconfirmed invitations; only confirmed Users/Managers are eligible.Non-interactive unlock (
BW_ACCOUNT_PASSWORD)The agent now reads the master password from the
BW_ACCOUNT_PASSWORDenvironment variable before falling back to pinentry, for both login and unlock. This letsrbwrun on a headless server or from cron — set the env var once and the agent unlocks/logs in without prompting. When the variable is unset, behaviour is unchanged (pinentry as before), so it's fully opt-in.Implementation notes
src/api.rs):org_users,collections_details,set_collection_users, plus collection create/rename/delete, following the existingapi.rs → actions.rs → commands.rslayering.set_collection_usersmerges into each collection's existingusers[](the PUT is a full replace upstream), so other members' and groups' access is preserved.Commits
Agent - support non-interactive unlock via BW_ACCOUNT_PASSWORD envCollections - add management commandsCollections - add delete commandCollections - add permission propagation