mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Handle vault decrypt --output=- (#31066)
In cli.CLI.unfrack_path callback, special case if the value of '--output' is '-', and avoid expanding it to a full path. vault cli already has special cases for '-', so it just needs to get the original value to work. Fixes #30550
This commit is contained in:
parent
cf3414d7d7
commit
278ff19bea
2 changed files with 16 additions and 4 deletions
|
@ -406,7 +406,10 @@ class CLI(with_metaclass(ABCMeta, object)):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unfrack_path(option, opt, value, parser):
|
def unfrack_path(option, opt, value, parser):
|
||||||
|
if value != '-':
|
||||||
setattr(parser.values, option.dest, unfrackpath(value))
|
setattr(parser.values, option.dest, unfrackpath(value))
|
||||||
|
else:
|
||||||
|
setattr(parser.values, option.dest, value)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def base_parser(usage="", output_opts=False, runas_opts=False, meta_opts=False, runtask_opts=False, vault_opts=False, module_opts=False,
|
def base_parser(usage="", output_opts=False, runas_opts=False, meta_opts=False, runtask_opts=False, vault_opts=False, module_opts=False,
|
||||||
|
|
|
@ -23,6 +23,8 @@ echo "This is a test file for edit2" > "${TEST_FILE_EDIT2}"
|
||||||
FORMAT_1_1_HEADER="\$ANSIBLE_VAULT;1.1;AES256"
|
FORMAT_1_1_HEADER="\$ANSIBLE_VAULT;1.1;AES256"
|
||||||
FORMAT_1_2_HEADER="\$ANSIBLE_VAULT;1.2;AES256"
|
FORMAT_1_2_HEADER="\$ANSIBLE_VAULT;1.2;AES256"
|
||||||
|
|
||||||
|
VAULT_PASSWORD_FILE=vault-password
|
||||||
|
|
||||||
# old format
|
# old format
|
||||||
ansible-vault view "$@" --vault-password-file vault-password-ansible format_1_0_AES.yml
|
ansible-vault view "$@" --vault-password-file vault-password-ansible format_1_0_AES.yml
|
||||||
|
|
||||||
|
@ -202,9 +204,16 @@ ansible-vault view "$@" --vault-id "tmp_new_password@${NEW_VAULT_PASSWORD}" --va
|
||||||
ansible-vault decrypt "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" "${TEST_FILE}"
|
ansible-vault decrypt "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" "${TEST_FILE}"
|
||||||
|
|
||||||
# reading/writing to/from stdin/stdin (See https://github.com/ansible/ansible/issues/23567)
|
# reading/writing to/from stdin/stdin (See https://github.com/ansible/ansible/issues/23567)
|
||||||
ansible-vault encrypt "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --output="${TEST_FILE_OUTPUT}" < "${TEST_FILE}"
|
ansible-vault encrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output="${TEST_FILE_OUTPUT}" < "${TEST_FILE}"
|
||||||
ansible-vault view "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" - < "${TEST_FILE_OUTPUT}"
|
OUTPUT=$(ansible-vault decrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output=- < "${TEST_FILE_OUTPUT}")
|
||||||
ansible-vault decrypt "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --output=- < "${TEST_FILE_OUTPUT}"
|
echo "${OUTPUT}" | grep 'This is a test file'
|
||||||
|
|
||||||
|
OUTPUT_DASH=$(ansible-vault decrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output=- "${TEST_FILE_OUTPUT}")
|
||||||
|
echo "${OUTPUT_DASH}" | grep 'This is a test file'
|
||||||
|
|
||||||
|
OUTPUT_DASH_SPACE=$(ansible-vault decrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output - "${TEST_FILE_OUTPUT}")
|
||||||
|
echo "${OUTPUT_DASH_SPACE}" | grep 'This is a test file'
|
||||||
|
|
||||||
|
|
||||||
# test using an empty vault password file
|
# test using an empty vault password file
|
||||||
ansible-vault view "$@" --vault-password-file empty-password format_1_1_AES256.yml && :
|
ansible-vault view "$@" --vault-password-file empty-password format_1_1_AES256.yml && :
|
||||||
|
|
Loading…
Reference in a new issue