mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2024-09-14 20:13:21 +02:00 
			
		
		
		
	moved read_vault_file to CLI from utils and renamed to clearer read_vault_password_file
This commit is contained in:
		
							parent
							
								
									e4097ed279
								
							
						
					
					
						commit
						fe91f7b506
					
				
					 6 changed files with 34 additions and 63 deletions
				
			
		|  | @ -34,6 +34,7 @@ from ansible import constants as C | |||
| from ansible.errors import AnsibleError, AnsibleOptionsError | ||||
| from ansible.utils.unicode import to_bytes | ||||
| from ansible.utils.display import Display | ||||
| from ansible.utils.path import is_executable | ||||
| 
 | ||||
| class SortedOptParser(optparse.OptionParser): | ||||
|     '''Optparser which sorts the options by opt before outputting --help''' | ||||
|  | @ -462,3 +463,33 @@ class CLI(object): | |||
|         t = self._CONST.sub("`" + r"\1" + "'", t)        # C(word) => `word' | ||||
| 
 | ||||
|         return t | ||||
| 
 | ||||
|     @staticmethod | ||||
|     def read_vault_password_file(vault_password_file): | ||||
|         """ | ||||
|         Read a vault password from a file or if executable, execute the script and | ||||
|         retrieve password from STDOUT | ||||
|         """ | ||||
| 
 | ||||
|         this_path = os.path.realpath(os.path.expanduser(vault_password_file)) | ||||
|         if not os.path.exists(this_path): | ||||
|             raise AnsibleError("The vault password file %s was not found" % this_path) | ||||
| 
 | ||||
|         if is_executable(this_path): | ||||
|             try: | ||||
|                 # STDERR not captured to make it easier for users to prompt for input in their scripts | ||||
|                 p = subprocess.Popen(this_path, stdout=subprocess.PIPE) | ||||
|             except OSError as e: | ||||
|                 raise AnsibleError("Problem running vault password script %s (%s). If this is not a script, remove the executable bit from the file." % (' '.join(this_path), e)) | ||||
|             stdout, stderr = p.communicate() | ||||
|             vault_pass = stdout.strip('\r\n') | ||||
|         else: | ||||
|             try: | ||||
|                 f = open(this_path, "rb") | ||||
|                 vault_pass=f.read().strip() | ||||
|                 f.close() | ||||
|             except (OSError, IOError) as e: | ||||
|                 raise AnsibleError("Could not read vault password file %s: %s" % (this_path, e)) | ||||
| 
 | ||||
|         return vault_pass | ||||
| 
 | ||||
|  |  | |||
|  | @ -24,7 +24,6 @@ from ansible.parsing import DataLoader | |||
| from ansible.parsing.splitter import parse_kv | ||||
| from ansible.playbook.play import Play | ||||
| from ansible.cli import CLI | ||||
| from ansible.utils.vault import read_vault_file | ||||
| from ansible.vars import VariableManager | ||||
| 
 | ||||
| ######################################################## | ||||
|  | @ -95,7 +94,7 @@ class AdHocCLI(CLI): | |||
| 
 | ||||
|         if self.options.vault_password_file: | ||||
|             # read vault_pass from a file | ||||
|             vault_pass = read_vault_file(self.options.vault_password_file) | ||||
|             vault_pass = CLI.read_vault_password_file(self.options.vault_password_file) | ||||
|         elif self.options.ask_vault_pass: | ||||
|             vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0] | ||||
| 
 | ||||
|  |  | |||
|  | @ -34,7 +34,6 @@ from ansible.playbook.task import Task | |||
| from ansible.utils.display import Display | ||||
| from ansible.utils.unicode import to_unicode | ||||
| from ansible.utils.vars import combine_vars | ||||
| from ansible.utils.vault import read_vault_file | ||||
| from ansible.vars import VariableManager | ||||
| 
 | ||||
| #--------------------------------------------------------------------------------------------------- | ||||
|  | @ -98,7 +97,7 @@ class PlaybookCLI(CLI): | |||
| 
 | ||||
|         if self.options.vault_password_file: | ||||
|             # read vault_pass from a file | ||||
|             vault_pass = read_vault_file(self.options.vault_password_file) | ||||
|             vault_pass = CLI.read_vault_password_file(self.options.vault_password_file) | ||||
|         elif self.options.ask_vault_pass: | ||||
|             vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0] | ||||
| 
 | ||||
|  |  | |||
|  | @ -28,7 +28,6 @@ from ansible.errors import AnsibleError, AnsibleOptionsError | |||
| from ansible.cli import CLI | ||||
| from ansible.plugins import module_loader | ||||
| from ansible.utils.display import Display | ||||
| from ansible.utils.vault import read_vault_file | ||||
| from ansible.utils.cmd_functions import run_cmd | ||||
| 
 | ||||
| ######################################################## | ||||
|  |  | |||
|  | @ -25,7 +25,6 @@ from ansible.errors import AnsibleError, AnsibleOptionsError | |||
| from ansible.parsing.vault import VaultEditor | ||||
| from ansible.cli import CLI | ||||
| from ansible.utils.display import Display | ||||
| from ansible.utils.vault import read_vault_file | ||||
| 
 | ||||
| class VaultCLI(CLI): | ||||
|     """ Vault command line class """ | ||||
|  | @ -74,7 +73,7 @@ class VaultCLI(CLI): | |||
| 
 | ||||
|         if self.options.vault_password_file: | ||||
|             # read vault_pass from a file | ||||
|             self.vault_pass = read_vault_file(self.options.vault_password_file) | ||||
|             self.vault_pass = read_vault_password_file(self.options.vault_password_file) | ||||
|         elif self.options.ask_vault_pass: | ||||
|             self.vault_pass, _= self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False) | ||||
| 
 | ||||
|  |  | |||
|  | @ -1,56 +0,0 @@ | |||
| # (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com> | ||||
| # | ||||
| # This file is part of Ansible | ||||
| # | ||||
| # Ansible is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # Ansible is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with Ansible.  If not, see <http://www.gnu.org/licenses/>. | ||||
| 
 | ||||
| # Make coding more python3-ish | ||||
| from __future__ import (absolute_import, division, print_function) | ||||
| __metaclass__ = type | ||||
| 
 | ||||
| import os | ||||
| import subprocess | ||||
| 
 | ||||
| from ansible import constants as C | ||||
| from ansible.errors import AnsibleError | ||||
| from ansible.utils.path import is_executable | ||||
| 
 | ||||
| def read_vault_file(vault_password_file): | ||||
|     """ | ||||
|     Read a vault password from a file or if executable, execute the script and | ||||
|     retrieve password from STDOUT | ||||
|     """ | ||||
| 
 | ||||
|     this_path = os.path.realpath(os.path.expanduser(vault_password_file)) | ||||
|     if not os.path.exists(this_path): | ||||
|         raise AnsibleError("The vault password file %s was not found" % this_path) | ||||
| 
 | ||||
|     if is_executable(this_path): | ||||
|         try: | ||||
|             # STDERR not captured to make it easier for users to prompt for input in their scripts | ||||
|             p = subprocess.Popen(this_path, stdout=subprocess.PIPE) | ||||
|         except OSError as e: | ||||
|             raise AnsibleError("Problem running vault password script %s (%s). If this is not a script, remove the executable bit from the file." % (' '.join(this_path), e)) | ||||
|         stdout, stderr = p.communicate() | ||||
|         vault_pass = stdout.strip('\r\n') | ||||
|     else: | ||||
|         try: | ||||
|             f = open(this_path, "rb") | ||||
|             vault_pass=f.read().strip() | ||||
|             f.close() | ||||
|         except (OSError, IOError) as e: | ||||
|             raise AnsibleError("Could not read vault password file %s: %s" % (this_path, e)) | ||||
| 
 | ||||
|     return vault_pass | ||||
| 
 | ||||
		Loading…
	
	Add table
		
		Reference in a new issue