Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
ansible
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
OpenEdx
ansible
Commits
52a8efef
Commit
52a8efef
authored
Feb 24, 2014
by
James Tanner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Vault rewrite, pass 1
parent
13604e75
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
40 additions
and
35 deletions
+40
-35
bin/ansible-vault
+30
-26
lib/ansible/utils/__init__.py
+10
-9
lib/ansible/utils/vault.py
+0
-0
No files found.
bin/ansible-vault
View file @
52a8efef
...
...
@@ -20,13 +20,13 @@
# example playbook to bootstrap this script in the examples/ dir which
# installs ansible and sets it up to run on cron.
import
os
import
sys
import
traceback
from
ansible
import
utils
from
ansible
import
errors
from
ansible.utils.vault
import
*
from
ansible.utils.vault
import
Vault
from
ansible.utils.vault
import
VaultEditor
from
optparse
import
OptionParser
...
...
@@ -100,32 +100,30 @@ def get_opt(options, k, defval=""):
# Command functions
#-------------------------------------------------------------------------------------
def
_get_vault
(
filename
,
options
,
password
):
this_vault
=
Vault
()
this_vault
.
filename
=
filename
this_vault
.
vault_password
=
password
this_vault
.
password
=
password
return
this_vault
def
execute_create
(
args
,
options
,
parser
):
if
len
(
args
)
>
1
:
raise
errors
.
AnsibleError
(
"create does not accept more than one filename"
)
raise
errors
.
AnsibleError
(
"'create' does not accept more than one filename"
)
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
,
confirm_vault
=
True
)
this_vault
=
_get_vault
(
args
[
0
],
options
,
password
)
if
not
hasattr
(
options
,
'cipher'
):
this_vault
.
cipher
=
'AES'
this_vault
.
create
()
cipher
=
'AES'
if
hasattr
(
options
,
'cipher'
):
cipher
=
options
.
cipher
this_editor
=
VaultEditor
(
cipher
,
password
,
args
[
0
])
this_editor
.
create_file
()
def
execute_decrypt
(
args
,
options
,
parser
):
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
)
cipher
=
'AES'
if
hasattr
(
options
,
'cipher'
):
cipher
=
options
.
cipher
for
f
in
args
:
this_
vault
=
_get_vault
(
f
,
options
,
password
)
this_
vault
.
decrypt
()
this_
editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_
editor
.
decrypt_file
()
print
"Decryption successful"
...
...
@@ -136,29 +134,35 @@ def execute_edit(args, options, parser):
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
)
cipher
=
None
for
f
in
args
:
this_
vault
=
_get_vault
(
f
,
options
,
password
)
this_
vault
.
edit
()
this_
editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_
editor
.
edit_file
()
def
execute_encrypt
(
args
,
options
,
parser
):
if
len
(
args
)
>
1
:
raise
errors
.
AnsibleError
(
"'create' does not accept more than one filename"
)
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
,
confirm_vault
=
True
)
cipher
=
'AES'
if
hasattr
(
options
,
'cipher'
):
cipher
=
options
.
cipher
for
f
in
args
:
this_vault
=
_get_vault
(
f
,
options
,
password
)
if
not
hasattr
(
options
,
'cipher'
):
this_vault
.
cipher
=
'AES'
this_vault
.
encrypt
()
this_editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_editor
.
encrypt_file
()
print
"Encryption successful"
def
execute_rekey
(
args
,
options
,
parser
):
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
,
ask_new_vault_pass
=
True
,
confirm_new
=
True
)
cipher
=
None
for
f
in
args
:
this_
vault
=
_get_vault
(
f
,
options
,
password
)
this_
vault
.
rekey
(
new_password
)
this_
editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_
editor
.
rekey_file
(
new_password
)
print
"Rekey successful"
...
...
lib/ansible/utils/__init__.py
View file @
52a8efef
...
...
@@ -43,7 +43,8 @@ import getpass
import
sys
import
textwrap
import
vault
#import vault
from
vault
import
VaultLib
VERBOSITY
=
0
...
...
@@ -501,14 +502,14 @@ def parse_yaml_from_file(path, vault_password=None):
data
=
None
#VAULT
if
vault
.
is_encrypted
(
path
):
data
=
vault
.
decrypt
(
path
,
vault_password
)
else
:
try
:
data
=
open
(
path
)
.
read
(
)
except
IOError
:
raise
errors
.
AnsibleError
(
"file could not read:
%
s"
%
path
)
try
:
data
=
open
(
path
)
.
read
()
except
IOError
:
raise
errors
.
AnsibleError
(
"file could not read:
%
s"
%
path
)
vault
=
VaultLib
(
password
=
vault_password
)
if
vault
.
is_encrypted
(
data
)
:
data
=
vault
.
decrypt
(
data
)
try
:
return
parse_yaml
(
data
)
...
...
lib/ansible/utils/vault.py
View file @
52a8efef
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment