ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Don't create a VaultLib in each method; do it in __init__ instead

Browse source
This commit is contained in:
Abhijit Menon-Sen 2015-08-26 21:25:50 +05:30
parent ef594f708c
commit e99395f0c0
1 changed files with 10 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
lib/ansible/parsing/vault/__init__.py
View file

@ -227,7 +227,7 @@ class VaultLib:
class VaultEditor: class VaultEditor:
def __init__(self, password): def __init__(self, password):
self.password = password self.vault = VaultLib(password)
def _edit_file_helper(self, filename, existing_data=None, force_save=False): def _edit_file_helper(self, filename, existing_data=None, force_save=False):
# make sure the umask is set to a sane value # make sure the umask is set to a sane value
@ -248,11 +248,8 @@ class VaultEditor:
os.remove(tmp_path) os.remove(tmp_path)
return return
# create new vault
this_vault = VaultLib(self.password)
# encrypt new data and write out to tmp # encrypt new data and write out to tmp
enc_data = this_vault.encrypt(tmpdata) enc_data = self.vault.encrypt(tmpdata)
self.write_data(enc_data, tmp_path) self.write_data(enc_data, tmp_path)
# shuffle tmp file into place # shuffle tmp file into place
@ -280,9 +277,8 @@ class VaultEditor:
raise AnsibleError("%s does not exist" % filename) raise AnsibleError("%s does not exist" % filename)
tmpdata = self.read_data(filename) tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password) if self.vault.is_encrypted(tmpdata):
if this_vault.is_encrypted(tmpdata): dec_data = self.vault.decrypt(tmpdata)
dec_data = this_vault.decrypt(tmpdata)
if dec_data is None: if dec_data is None:
raise AnsibleError("Decryption failed") raise AnsibleError("Decryption failed")
else: else:
@ -296,11 +292,10 @@ class VaultEditor:
# decrypt to tmpfile # decrypt to tmpfile
tmpdata = self.read_data(filename) tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password) dec_data = self.vault.decrypt(tmpdata)
dec_data = this_vault.decrypt(tmpdata)
# let the user edit the data and save # let the user edit the data and save
if this_vault.cipher_name not in CIPHER_WRITE_WHITELIST: if self.vault.cipher_name not in CIPHER_WRITE_WHITELIST:
# we want to get rid of files encrypted with the AES cipher # we want to get rid of files encrypted with the AES cipher
self._edit_file_helper(filename, existing_data=dec_data, force_save=True) self._edit_file_helper(filename, existing_data=dec_data, force_save=True)
else: else:
@ -312,8 +307,7 @@ class VaultEditor:
# decrypt to tmpfile # decrypt to tmpfile
tmpdata = self.read_data(filename) tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password) dec_data = self.vault.decrypt(tmpdata)
dec_data = this_vault.decrypt(tmpdata)
_, tmp_path = tempfile.mkstemp() _, tmp_path = tempfile.mkstemp()
self.write_data(dec_data, tmp_path) self.write_data(dec_data, tmp_path)
@ -329,9 +323,8 @@ class VaultEditor:
raise AnsibleError("%s does not exist" % filename) raise AnsibleError("%s does not exist" % filename)
tmpdata = self.read_data(filename) tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password) if not self.vault.is_encrypted(tmpdata):
if not this_vault.is_encrypted(tmpdata): enc_data = self.vault.encrypt(tmpdata)
enc_data = this_vault.encrypt(tmpdata)
self.write_data(enc_data, filename) self.write_data(enc_data, filename)
else: else:
raise AnsibleError("%s is already encrypted" % filename) raise AnsibleError("%s is already encrypted" % filename)
@ -342,8 +335,7 @@ class VaultEditor:
# decrypt # decrypt
tmpdata = self.read_data(filename) tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password) dec_data = self.vault.decrypt(tmpdata)
dec_data = this_vault.decrypt(tmpdata)
# create new vault # create new vault
new_vault = VaultLib(new_password) new_vault = VaultLib(new_password)