mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Addresses #6188 Add --vault-password-file to bin/ansible and bin/ansible-playbook
This commit is contained in:
parent
168e3cf685
commit
35def422a3
3 changed files with 48 additions and 4 deletions
24
bin/ansible
24
bin/ansible
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
########################################################
|
########################################################
|
||||||
|
|
||||||
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from ansible.runner import Runner
|
from ansible.runner import Runner
|
||||||
|
@ -75,6 +76,9 @@ class Cli(object):
|
||||||
"and su arguments ('-su', '--su-user', and '--ask-su-pass') are "
|
"and su arguments ('-su', '--su-user', and '--ask-su-pass') are "
|
||||||
"mutually exclusive")
|
"mutually exclusive")
|
||||||
|
|
||||||
|
if (options.ask_vault_pass and options.vault_password_file):
|
||||||
|
parser.error("--ask-vault-pass and --vault-password-file are mutually exclusive")
|
||||||
|
|
||||||
return (options, args)
|
return (options, args)
|
||||||
|
|
||||||
# ----------------------------------------------
|
# ----------------------------------------------
|
||||||
|
@ -107,14 +111,34 @@ class Cli(object):
|
||||||
sshpass = None
|
sshpass = None
|
||||||
sudopass = None
|
sudopass = None
|
||||||
su_pass = None
|
su_pass = None
|
||||||
|
vault_pass = None
|
||||||
|
|
||||||
options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
|
options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
|
||||||
# Never ask for an SSH password when we run with local connection
|
# Never ask for an SSH password when we run with local connection
|
||||||
if options.connection == "local":
|
if options.connection == "local":
|
||||||
options.ask_pass = False
|
options.ask_pass = False
|
||||||
options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
|
options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
|
||||||
options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
|
options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
|
||||||
|
options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
|
||||||
|
|
||||||
(sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
|
(sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
|
||||||
|
|
||||||
|
# read vault_pass from a file
|
||||||
|
if options.vault_password_file:
|
||||||
|
this_path = os.path.expanduser(options.vault_password_file)
|
||||||
|
try:
|
||||||
|
f = open(this_path, "rb")
|
||||||
|
tmp_vault_pass=f.read()
|
||||||
|
f.close()
|
||||||
|
except (OSError, IOError), e:
|
||||||
|
raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
|
||||||
|
|
||||||
|
# get rid of newline chars
|
||||||
|
tmp_vault_pass = tmp_vault_pass.strip()
|
||||||
|
|
||||||
|
if not options.ask_vault_pass:
|
||||||
|
vault_pass = tmp_vault_pass
|
||||||
|
|
||||||
inventory_manager = inventory.Inventory(options.inventory)
|
inventory_manager = inventory.Inventory(options.inventory)
|
||||||
if options.subset:
|
if options.subset:
|
||||||
inventory_manager.subset(options.subset)
|
inventory_manager.subset(options.subset)
|
||||||
|
|
|
@ -92,6 +92,9 @@ def main(args):
|
||||||
"and su arguments ('-su', '--su-user', and '--ask-su-pass') are "
|
"and su arguments ('-su', '--su-user', and '--ask-su-pass') are "
|
||||||
"mutually exclusive")
|
"mutually exclusive")
|
||||||
|
|
||||||
|
if (options.ask_vault_pass and options.vault_password_file):
|
||||||
|
parser.error("--ask-vault-pass and --vault-password-file are mutually exclusive")
|
||||||
|
|
||||||
inventory = ansible.inventory.Inventory(options.inventory)
|
inventory = ansible.inventory.Inventory(options.inventory)
|
||||||
inventory.subset(options.subset)
|
inventory.subset(options.subset)
|
||||||
if len(inventory.list_hosts()) == 0:
|
if len(inventory.list_hosts()) == 0:
|
||||||
|
@ -110,10 +113,25 @@ def main(args):
|
||||||
options.ask_pass = False
|
options.ask_pass = False
|
||||||
options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
|
options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
|
||||||
options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
|
options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
|
||||||
|
options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
|
||||||
(sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
|
(sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
|
||||||
options.sudo_user = options.sudo_user or C.DEFAULT_SUDO_USER
|
options.sudo_user = options.sudo_user or C.DEFAULT_SUDO_USER
|
||||||
options.su_user = options.su_user or C.DEFAULT_SU_USER
|
options.su_user = options.su_user or C.DEFAULT_SU_USER
|
||||||
|
|
||||||
|
if options.vault_password_file:
|
||||||
|
this_path = os.path.expanduser(options.vault_password_file)
|
||||||
|
try:
|
||||||
|
f = open(this_path, "rb")
|
||||||
|
tmp_vault_pass=f.read()
|
||||||
|
f.close()
|
||||||
|
except (OSError, IOError), e:
|
||||||
|
raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
|
||||||
|
|
||||||
|
# get rid of newline chars
|
||||||
|
tmp_vault_pass = tmp_vault_pass.strip()
|
||||||
|
|
||||||
|
if not options.ask_vault_pass:
|
||||||
|
vault_pass = tmp_vault_pass
|
||||||
|
|
||||||
extra_vars = {}
|
extra_vars = {}
|
||||||
for extra_vars_opt in options.extra_vars:
|
for extra_vars_opt in options.extra_vars:
|
||||||
|
|
|
@ -702,10 +702,12 @@ def base_parser(constants=C, usage="", output_opts=False, runas_opts=False,
|
||||||
help='use this file to authenticate the connection')
|
help='use this file to authenticate the connection')
|
||||||
parser.add_option('-K', '--ask-sudo-pass', default=False, dest='ask_sudo_pass', action='store_true',
|
parser.add_option('-K', '--ask-sudo-pass', default=False, dest='ask_sudo_pass', action='store_true',
|
||||||
help='ask for sudo password')
|
help='ask for sudo password')
|
||||||
parser.add_option('--ask-su-pass', default=False, dest='ask_su_pass',
|
parser.add_option('--ask-su-pass', default=False, dest='ask_su_pass', action='store_true',
|
||||||
action='store_true', help='ask for su password')
|
help='ask for su password')
|
||||||
parser.add_option('--ask-vault-pass', default=False, dest='ask_vault_pass',
|
parser.add_option('--ask-vault-pass', default=False, dest='ask_vault_pass', action='store_true',
|
||||||
action='store_true', help='ask for vault password')
|
help='ask for vault password')
|
||||||
|
parser.add_option('--vault-password-file', default=None, dest='vault_password_file',
|
||||||
|
help="vault password file")
|
||||||
parser.add_option('--list-hosts', dest='listhosts', action='store_true',
|
parser.add_option('--list-hosts', dest='listhosts', action='store_true',
|
||||||
help='outputs a list of matching hosts; does not execute anything else')
|
help='outputs a list of matching hosts; does not execute anything else')
|
||||||
parser.add_option('-M', '--module-path', dest='module_path',
|
parser.add_option('-M', '--module-path', dest='module_path',
|
||||||
|
|
Loading…
Reference in a new issue