codeinthehole · July 22, 2025 13:43
diff --git a/list_1pw_item_users.sh b/list_1pw_item_users.sh
 #!/usr/bin/env bash
 # 
 # List a TSV of users who have access to an item.

 set -e

 export OP_FORMAT=json

 function main() {
    local item_id="$1"

    # Fetch detail of item.
    item_details=$(op item get "$item_id")
    item_name=$(echo "$item_details" | jq -r '.title')
    vault_id=$(echo "$item_details" | jq -r '.vault.id')
    vault_name=$(echo "$item_details" | jq -r '.vault.name')

    # Print headers.
    printf "%s\t%s\t%s\t%s\n" "item_name" "vault_name" "group_name" "user_email"

    item_users "$vault_id" | while IFS=$'\t' read -r group_name email; do
        printf "%s\t%s\t%s\t%s\n" "$item_name" "$vault_name" "$group_name" "$email"
    done
 }

 function item_users() {
    local vault_id="$1"

    # Emit users linked via a group first.
    op group list --vault="$vault_id" | jq -r '.[] | [ .id, .name ] | @tsv' | while read -r group_id group_name; 
    do
        op user list --group="$group_id" | jq -r 'if . == null then [] else . end  | .[].email' | while read -r email; 
        do
            printf "%s\t%s\n" "$group_name" "$email"
        done
    done

    # Emit users linked directly to vault next.
    op user list --vault="$vault_id" | jq -r 'if . == null then [] else . end  | .[].email' | while read -r email; 
    do
        printf "%s\t%s\n" "-" "$email"
    done
 }

 main "$@"
	#!/usr/bin/env bash
	#
	# List a TSV of users who have access to an item.

	set -e

	export OP_FORMAT=json

	function main() {
	local item_id="$1"

	# Fetch detail of item.
	item_details=$(op item get "$item_id")
	item_name=$(echo "$item_details" \| jq -r '.title')
	vault_id=$(echo "$item_details" \| jq -r '.vault.id')
	vault_name=$(echo "$item_details" \| jq -r '.vault.name')

	# Print headers.
	printf "%s\t%s\t%s\t%s\n" "item_name" "vault_name" "group_name" "user_email"

	item_users "$vault_id" \| while IFS=$'\t' read -r group_name email; do
	printf "%s\t%s\t%s\t%s\n" "$item_name" "$vault_name" "$group_name" "$email"
	done
	}

	function item_users() {
	local vault_id="$1"

	# Emit users linked via a group first.
	op group list --vault="$vault_id" \| jq -r '.[] \| [ .id, .name ] \| @tsv' \| while read -r group_id group_name;
	do
	op user list --group="$group_id" \| jq -r 'if . == null then [] else . end \| .[].email' \| while read -r email;
	do
	printf "%s\t%s\n" "$group_name" "$email"
	done
	done

	# Emit users linked directly to vault next.
	op user list --vault="$vault_id" \| jq -r 'if . == null then [] else . end \| .[].email' \| while read -r email;
	do
	printf "%s\t%s\n" "-" "$email"
	done
	}

	main "$@"