Implement BitwardenLoginCredentialParameter (#151)

2024-04-03 16:01:03 -07:00
parent 999eda9b5d
commit 1d1e29b813
12 changed files with 392 additions and 8 deletions
--- a/skyvern/forge/sdk/workflow/context_manager.py
+++ b/skyvern/forge/sdk/workflow/context_manager.py
@@ -3,8 +3,9 @@ from typing import TYPE_CHECKING, Any

 import structlog

-from skyvern.exceptions import WorkflowRunContextNotInitialized
+from skyvern.exceptions import BitwardenBaseError, WorkflowRunContextNotInitialized
 from skyvern.forge.sdk.api.aws import AsyncAWSClient
+from skyvern.forge.sdk.services.bitwarden import BitwardenService
 from skyvern.forge.sdk.workflow.exceptions import OutputParameterKeyCollisionError
 from skyvern.forge.sdk.workflow.models.parameter import (
    PARAMETER_TYPE,
@@ -113,6 +114,46 @@ class WorkflowRunContext:
                random_secret_id = self.generate_random_secret_id()
                self.secrets[random_secret_id] = secret_value
                self.values[parameter.key] = random_secret_id
+        elif parameter.parameter_type == ParameterType.BITWARDEN_LOGIN_CREDENTIAL:
+            try:
+                # Get the Bitwarden login credentials from AWS secrets
+                client_id = await aws_client.get_secret(parameter.bitwarden_client_id_aws_secret_key)
+                client_secret = await aws_client.get_secret(parameter.bitwarden_client_secret_aws_secret_key)
+                master_password = await aws_client.get_secret(parameter.bitwarden_master_password_aws_secret_key)
+            except Exception as e:
+                LOG.error(f"Failed to get Bitwarden login credentials from AWS secrets. Error: {e}")
+                raise e
+
+            if self.has_parameter(parameter.url_parameter_key) and self.has_value(parameter.url_parameter_key):
+                url = self.values[parameter.url_parameter_key]
+            else:
+                LOG.error(f"URL parameter {parameter.url_parameter_key} not found or has no value")
+                raise ValueError(f"URL parameter for Bitwarden login credentials not found or has no value")
+
+            try:
+                secret_credentials = BitwardenService.get_secret_value_from_url(
+                    client_id,
+                    client_secret,
+                    master_password,
+                    url,
+                )
+                if secret_credentials:
+                    random_secret_id = self.generate_random_secret_id()
+                    # username secret
+                    username_secret_id = f"{random_secret_id}_username"
+                    self.secrets[username_secret_id] = secret_credentials["username"]
+                    # password secret
+                    password_secret_id = f"{random_secret_id}_password"
+                    self.secrets[password_secret_id] = secret_credentials["password"]
+
+                    self.values[parameter.key] = {
+                        "username": username_secret_id,
+                        "password": password_secret_id,
+                    }
+            except BitwardenBaseError as e:
+                BitwardenService.logout()
+                LOG.error(f"Failed to get secret from Bitwarden. Error: {e}")
+                raise e
        elif parameter.parameter_type == ParameterType.CONTEXT:
            # ContextParameter values will be set within the blocks
            return
@@ -133,6 +174,9 @@ class WorkflowRunContext:
        aws_client: AsyncAWSClient,
        parameters: list[PARAMETER_TYPE],
    ) -> None:
+        # BitwardenLoginCredentialParameter should be processed last since it requires the URL parameter to be set
+        parameters.sort(key=lambda x: x.parameter_type != ParameterType.BITWARDEN_LOGIN_CREDENTIAL)
+
        for parameter in parameters:
            if parameter.key in self.parameters:
                LOG.debug(f"Parameter {parameter.key} already registered, skipping")
--- a/skyvern/forge/sdk/workflow/models/block.py
+++ b/skyvern/forge/sdk/workflow/models/block.py
@@ -275,7 +275,7 @@ class ForLoopBlock(Block):
        return context_parameters

    def get_loop_over_parameter_values(self, workflow_run_context: WorkflowRunContext) -> list[Any]:
-        if isinstance(self.loop_over, WorkflowParameter):
+        if isinstance(self.loop_over, WorkflowParameter) or isinstance(self.loop_over, OutputParameter):
            parameter_value = workflow_run_context.get_value(self.loop_over.key)
            if isinstance(parameter_value, list):
                return parameter_value
@@ -284,7 +284,6 @@ class ForLoopBlock(Block):
                return [parameter_value]
        else:
            # TODO (kerem): Implement this for context parameters
-            # TODO (kerem): Implement this for output parameters
            raise NotImplementedError

    async def execute(self, workflow_run_id: str, **kwargs: dict) -> OutputParameter | None:
--- a/skyvern/forge/sdk/workflow/models/parameter.py
+++ b/skyvern/forge/sdk/workflow/models/parameter.py
@@ -11,6 +11,7 @@ class ParameterType(StrEnum):
    WORKFLOW = "workflow"
    CONTEXT = "context"
    AWS_SECRET = "aws_secret"
+    BITWARDEN_LOGIN_CREDENTIAL = "bitwarden_login_credential"
    OUTPUT = "output"


@@ -37,6 +38,23 @@ class AWSSecretParameter(Parameter):
    deleted_at: datetime | None = None


+class BitwardenLoginCredentialParameter(Parameter):
+    parameter_type: Literal[ParameterType.BITWARDEN_LOGIN_CREDENTIAL] = ParameterType.BITWARDEN_LOGIN_CREDENTIAL
+    # parameter fields
+    bitwarden_login_credential_parameter_id: str
+    workflow_id: str
+    # bitwarden cli required fields
+    bitwarden_client_id_aws_secret_key: str
+    bitwarden_client_secret_aws_secret_key: str
+    bitwarden_master_password_aws_secret_key: str
+    # url to request the login credentials from bitwarden
+    url_parameter_key: str
+
+    created_at: datetime
+    modified_at: datetime
+    deleted_at: datetime | None = None
+
+
 class WorkflowParameterType(StrEnum):
    STRING = "string"
    INTEGER = "integer"
@@ -92,5 +110,7 @@ class OutputParameter(Parameter):
    deleted_at: datetime | None = None


-ParameterSubclasses = Union[WorkflowParameter, ContextParameter, AWSSecretParameter, OutputParameter]
+ParameterSubclasses = Union[
+    WorkflowParameter, ContextParameter, AWSSecretParameter, BitwardenLoginCredentialParameter, OutputParameter
+]
 PARAMETER_TYPE = Annotated[ParameterSubclasses, Field(discriminator="parameter_type")]
--- a/skyvern/forge/sdk/workflow/models/yaml.py
+++ b/skyvern/forge/sdk/workflow/models/yaml.py
@@ -22,6 +22,21 @@ class AWSSecretParameterYAML(ParameterYAML):
    aws_key: str


+class BitwardenLoginCredentialParameterYAML(ParameterYAML):
+    # There is a mypy bug with Literal. Without the type: ignore, mypy will raise an error:
+    # Parameter 1 of Literal[...] cannot be of type "Any"
+    # This pattern already works in block.py but since the ParameterType is not defined in this file, mypy is not able
+    # to infer the type of the parameter_type attribute.
+    parameter_type: Literal[ParameterType.BITWARDEN_LOGIN_CREDENTIAL] = ParameterType.BITWARDEN_LOGIN_CREDENTIAL  # type: ignore
+
+    # bitwarden cli required fields
+    bitwarden_client_id_aws_secret_key: str
+    bitwarden_client_secret_aws_secret_key: str
+    bitwarden_master_password_aws_secret_key: str
+    # parameter key for the url to request the login credentials from bitwarden
+    url_parameter_key: str
+
+
 class WorkflowParameterYAML(ParameterYAML):
    # There is a mypy bug with Literal. Without the type: ignore, mypy will raise an error:
    # Parameter 1 of Literal[...] cannot be of type "Any"
@@ -80,7 +95,7 @@ class ForLoopBlockYAML(BlockYAML):
    block_type: Literal[BlockType.FOR_LOOP] = BlockType.FOR_LOOP  # type: ignore

    loop_over_parameter_key: str
-    loop_block: BlockYAML
+    loop_block: "BLOCK_YAML_SUBCLASSES"


 class CodeBlockYAML(BlockYAML):
@@ -135,7 +150,13 @@ class SendEmailBlockYAML(BlockYAML):
    file_attachments: list[str] | None = None


-PARAMETER_YAML_SUBCLASSES = AWSSecretParameterYAML | WorkflowParameterYAML | ContextParameterYAML | OutputParameterYAML
+PARAMETER_YAML_SUBCLASSES = (
+    AWSSecretParameterYAML
+    | BitwardenLoginCredentialParameterYAML
+    | WorkflowParameterYAML
+    | ContextParameterYAML
+    | OutputParameterYAML
+)
 PARAMETER_YAML_TYPES = Annotated[PARAMETER_YAML_SUBCLASSES, Field(discriminator="parameter_type")]

 BLOCK_YAML_SUBCLASSES = (
--- a/skyvern/forge/sdk/workflow/service.py
+++ b/skyvern/forge/sdk/workflow/service.py
@@ -351,6 +351,26 @@ class WorkflowService:
            workflow_id=workflow_id, aws_key=aws_key, key=key, description=description
        )

+    async def create_bitwarden_login_credential_parameter(
+        self,
+        workflow_id: str,
+        bitwarden_client_id_aws_secret_key: str,
+        bitwarden_client_secret_aws_secret_key: str,
+        bitwarden_master_password_aws_secret_key: str,
+        url_parameter_key: str,
+        key: str,
+        description: str | None = None,
+    ) -> Parameter:
+        return await app.DATABASE.create_bitwarden_login_credential_parameter(
+            workflow_id=workflow_id,
+            bitwarden_client_id_aws_secret_key=bitwarden_client_id_aws_secret_key,
+            bitwarden_client_secret_aws_secret_key=bitwarden_client_secret_aws_secret_key,
+            bitwarden_master_password_aws_secret_key=bitwarden_master_password_aws_secret_key,
+            url_parameter_key=url_parameter_key,
+            key=key,
+            description=description,
+        )
+
    async def create_output_parameter(
        self, workflow_id: str, key: str, description: str | None = None
    ) -> OutputParameter:
@@ -643,6 +663,16 @@ class WorkflowService:
                        key=parameter.key,
                        description=parameter.description,
                    )
+                elif parameter.parameter_type == ParameterType.BITWARDEN_LOGIN_CREDENTIAL:
+                    parameters[parameter.key] = await self.create_bitwarden_login_credential_parameter(
+                        workflow_id=workflow.workflow_id,
+                        bitwarden_client_id_aws_secret_key=parameter.bitwarden_client_id_aws_secret_key,
+                        bitwarden_client_secret_aws_secret_key=parameter.bitwarden_client_secret_aws_secret_key,
+                        bitwarden_master_password_aws_secret_key=parameter.bitwarden_master_password_aws_secret_key,
+                        url_parameter_key=parameter.url_parameter_key,
+                        key=parameter.key,
+                        description=parameter.description,
+                    )
                elif parameter.parameter_type == ParameterType.WORKFLOW:
                    parameters[parameter.key] = await self.create_workflow_parameter(
                        workflow_id=workflow.workflow_id,
@@ -708,10 +738,12 @@ class WorkflowService:
                max_retries=block_yaml.max_retries,
            )
        elif block_yaml.block_type == BlockType.FOR_LOOP:
+            loop_block = await WorkflowService.block_yaml_to_block(block_yaml.loop_block, parameters)
+            loop_over_parameter = parameters[block_yaml.loop_over_parameter_key]
            return ForLoopBlock(
                label=block_yaml.label,
-                loop_over_parameter_key=parameters[block_yaml.loop_over_parameter_key],
-                loop_block=WorkflowService.block_yaml_to_block(block_yaml.loop_block, parameters),
+                loop_over=loop_over_parameter,
+                loop_block=loop_block,
                output_parameter=output_parameter,
            )
        elif block_yaml.block_type == BlockType.CODE: