Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
ansible
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
OpenEdx
ansible
Commits
8a253bf5
Commit
8a253bf5
authored
Feb 24, 2014
by
jctanner
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #6151 from jctanner/vault_rewrite
Vault rewrite, pass 1
parents
e999881f
9c9f15ac
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
40 additions
and
35 deletions
+40
-35
bin/ansible-vault
+30
-26
lib/ansible/utils/__init__.py
+10
-9
lib/ansible/utils/vault.py
+0
-0
No files found.
bin/ansible-vault
View file @
8a253bf5
...
...
@@ -20,13 +20,13 @@
# example playbook to bootstrap this script in the examples/ dir which
# installs ansible and sets it up to run on cron.
import
os
import
sys
import
traceback
from
ansible
import
utils
from
ansible
import
errors
from
ansible.utils.vault
import
*
from
ansible.utils.vault
import
Vault
from
ansible.utils.vault
import
VaultEditor
from
optparse
import
OptionParser
...
...
@@ -100,32 +100,30 @@ def get_opt(options, k, defval=""):
# Command functions
#-------------------------------------------------------------------------------------
def
_get_vault
(
filename
,
options
,
password
):
this_vault
=
Vault
()
this_vault
.
filename
=
filename
this_vault
.
vault_password
=
password
this_vault
.
password
=
password
return
this_vault
def
execute_create
(
args
,
options
,
parser
):
if
len
(
args
)
>
1
:
raise
errors
.
AnsibleError
(
"create does not accept more than one filename"
)
raise
errors
.
AnsibleError
(
"'create' does not accept more than one filename"
)
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
,
confirm_vault
=
True
)
this_vault
=
_get_vault
(
args
[
0
],
options
,
password
)
if
not
hasattr
(
options
,
'cipher'
):
this_vault
.
cipher
=
'AES'
this_vault
.
create
()
cipher
=
'AES'
if
hasattr
(
options
,
'cipher'
):
cipher
=
options
.
cipher
this_editor
=
VaultEditor
(
cipher
,
password
,
args
[
0
])
this_editor
.
create_file
()
def
execute_decrypt
(
args
,
options
,
parser
):
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
)
cipher
=
'AES'
if
hasattr
(
options
,
'cipher'
):
cipher
=
options
.
cipher
for
f
in
args
:
this_
vault
=
_get_vault
(
f
,
options
,
password
)
this_
vault
.
decrypt
()
this_
editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_
editor
.
decrypt_file
()
print
"Decryption successful"
...
...
@@ -136,29 +134,35 @@ def execute_edit(args, options, parser):
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
)
cipher
=
None
for
f
in
args
:
this_
vault
=
_get_vault
(
f
,
options
,
password
)
this_
vault
.
edit
()
this_
editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_
editor
.
edit_file
()
def
execute_encrypt
(
args
,
options
,
parser
):
if
len
(
args
)
>
1
:
raise
errors
.
AnsibleError
(
"'create' does not accept more than one filename"
)
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
,
confirm_vault
=
True
)
cipher
=
'AES'
if
hasattr
(
options
,
'cipher'
):
cipher
=
options
.
cipher
for
f
in
args
:
this_vault
=
_get_vault
(
f
,
options
,
password
)
if
not
hasattr
(
options
,
'cipher'
):
this_vault
.
cipher
=
'AES'
this_vault
.
encrypt
()
this_editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_editor
.
encrypt_file
()
print
"Encryption successful"
def
execute_rekey
(
args
,
options
,
parser
):
password
,
new_password
=
utils
.
ask_vault_passwords
(
ask_vault_pass
=
True
,
ask_new_vault_pass
=
True
,
confirm_new
=
True
)
cipher
=
None
for
f
in
args
:
this_
vault
=
_get_vault
(
f
,
options
,
password
)
this_
vault
.
rekey
(
new_password
)
this_
editor
=
VaultEditor
(
cipher
,
password
,
f
)
this_
editor
.
rekey_file
(
new_password
)
print
"Rekey successful"
...
...
lib/ansible/utils/__init__.py
View file @
8a253bf5
...
...
@@ -43,7 +43,8 @@ import getpass
import
sys
import
textwrap
import
vault
#import vault
from
vault
import
VaultLib
VERBOSITY
=
0
...
...
@@ -501,14 +502,14 @@ def parse_yaml_from_file(path, vault_password=None):
data
=
None
#VAULT
if
vault
.
is_encrypted
(
path
):
data
=
vault
.
decrypt
(
path
,
vault_password
)
else
:
try
:
data
=
open
(
path
)
.
read
(
)
except
IOError
:
raise
errors
.
AnsibleError
(
"file could not read:
%
s"
%
path
)
try
:
data
=
open
(
path
)
.
read
()
except
IOError
:
raise
errors
.
AnsibleError
(
"file could not read:
%
s"
%
path
)
vault
=
VaultLib
(
password
=
vault_password
)
if
vault
.
is_encrypted
(
data
)
:
data
=
vault
.
decrypt
(
data
)
try
:
return
parse_yaml
(
data
)
...
...
lib/ansible/utils/vault.py
View file @
8a253bf5
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment