mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Merge pull request #8560 from sivel/ansible-vault-use-script
ansible-vault should support script for --vault-password-file too
This commit is contained in:
commit
d1344ec85d
1 changed files with 14 additions and 20 deletions
|
@ -27,6 +27,8 @@ import os
|
||||||
import sys
|
import sys
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
|
import ansible.constants as C
|
||||||
|
|
||||||
from ansible import utils
|
from ansible import utils
|
||||||
from ansible import errors
|
from ansible import errors
|
||||||
from ansible.utils.vault import VaultEditor
|
from ansible.utils.vault import VaultEditor
|
||||||
|
@ -58,7 +60,7 @@ def build_option_parser(action):
|
||||||
#parser.add_option('-c', '--cipher', dest='cipher', default="AES256", help="cipher to use")
|
#parser.add_option('-c', '--cipher', dest='cipher', default="AES256", help="cipher to use")
|
||||||
parser.add_option('--debug', dest='debug', action="store_true", help="debug")
|
parser.add_option('--debug', dest='debug', action="store_true", help="debug")
|
||||||
parser.add_option('--vault-password-file', dest='password_file',
|
parser.add_option('--vault-password-file', dest='password_file',
|
||||||
help="vault password file")
|
help="vault password file", default=C.DEFAULT_VAULT_PASSWORD_FILE)
|
||||||
|
|
||||||
# options specific to actions
|
# options specific to actions
|
||||||
if action == "create":
|
if action == "create":
|
||||||
|
@ -106,13 +108,6 @@ def get_opt(options, k, defval=""):
|
||||||
# Command functions
|
# Command functions
|
||||||
#-------------------------------------------------------------------------------------
|
#-------------------------------------------------------------------------------------
|
||||||
|
|
||||||
def _read_password(filename):
|
|
||||||
f = open(filename, "rb")
|
|
||||||
data = f.read()
|
|
||||||
f.close()
|
|
||||||
data = data.strip()
|
|
||||||
return data
|
|
||||||
|
|
||||||
def execute_create(args, options, parser):
|
def execute_create(args, options, parser):
|
||||||
if len(args) > 1:
|
if len(args) > 1:
|
||||||
raise errors.AnsibleError("'create' does not accept more than one filename")
|
raise errors.AnsibleError("'create' does not accept more than one filename")
|
||||||
|
@ -120,7 +115,7 @@ def execute_create(args, options, parser):
|
||||||
if not options.password_file:
|
if not options.password_file:
|
||||||
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
|
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
|
||||||
else:
|
else:
|
||||||
password = _read_password(options.password_file)
|
password = utils.read_vault_file(options.password_file)
|
||||||
|
|
||||||
cipher = 'AES256'
|
cipher = 'AES256'
|
||||||
if hasattr(options, 'cipher'):
|
if hasattr(options, 'cipher'):
|
||||||
|
@ -134,7 +129,7 @@ def execute_decrypt(args, options, parser):
|
||||||
if not options.password_file:
|
if not options.password_file:
|
||||||
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
|
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
|
||||||
else:
|
else:
|
||||||
password = _read_password(options.password_file)
|
password = utils.read_vault_file(options.vault_password_file)
|
||||||
|
|
||||||
cipher = 'AES256'
|
cipher = 'AES256'
|
||||||
if hasattr(options, 'cipher'):
|
if hasattr(options, 'cipher'):
|
||||||
|
@ -154,7 +149,7 @@ def execute_edit(args, options, parser):
|
||||||
if not options.password_file:
|
if not options.password_file:
|
||||||
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
|
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
|
||||||
else:
|
else:
|
||||||
password = _read_password(options.password_file)
|
password = utils.read_vault_file(options.password_file)
|
||||||
|
|
||||||
cipher = None
|
cipher = None
|
||||||
|
|
||||||
|
@ -170,7 +165,7 @@ def execute_view(args, options, parser):
|
||||||
if not options.password_file:
|
if not options.password_file:
|
||||||
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
|
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
|
||||||
else:
|
else:
|
||||||
password = _read_password(options.password_file)
|
password = utils.read_vault_file(options.password_file)
|
||||||
|
|
||||||
cipher = None
|
cipher = None
|
||||||
|
|
||||||
|
@ -183,7 +178,7 @@ def execute_encrypt(args, options, parser):
|
||||||
if not options.password_file:
|
if not options.password_file:
|
||||||
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
|
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
|
||||||
else:
|
else:
|
||||||
password = _read_password(options.password_file)
|
password = utils.read_vault_file(options.password_file)
|
||||||
|
|
||||||
cipher = 'AES256'
|
cipher = 'AES256'
|
||||||
if hasattr(options, 'cipher'):
|
if hasattr(options, 'cipher'):
|
||||||
|
@ -200,7 +195,7 @@ def execute_rekey(args, options, parser):
|
||||||
if not options.password_file:
|
if not options.password_file:
|
||||||
password, __ = utils.ask_vault_passwords(ask_vault_pass=True)
|
password, __ = utils.ask_vault_passwords(ask_vault_pass=True)
|
||||||
else:
|
else:
|
||||||
password = _read_password(options.password_file)
|
password = utils.read_vault_file(options.password_file)
|
||||||
|
|
||||||
__, new_password = utils.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
|
__, new_password = utils.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
|
||||||
|
|
||||||
|
@ -238,4 +233,3 @@ def main():
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
main()
|
main()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue