Merge pull request #12899 from bcoca/vault_fixes

simplified vault password functions
author: Brian Coca <bcoca@ansible.com> 2015-10-26 14:14:17 -0400
committer: Brian Coca <bcoca@ansible.com> 2015-10-26 14:14:17 -0400
commit: 4486e136eaf1482a1e231debbd731a59c20796b3 (patch)
tree: 6e963323e7daff770852fab1dacb85b10656ba83
parent: 2b8633cec0b105a50aec384c28cadb1a7e00c75b (diff)
parent: 368f4448dc4b0f110cbfcafe661b7f8de102abb6 (diff)
download: ansible-4486e136eaf1482a1e231debbd731a59c20796b3.tar.gz
4 files changed, 14 insertions, 18 deletions
diff --git a/lib/ansible/cli/__init__.py b/lib/ansible/cli/__init__.py
index 233bee21d3..b0ec708e9a 100644
--- a/lib/ansible/cli/__init__.py
+++ b/lib/ansible/cli/__init__.py
@@ -107,25 +107,18 @@ class CLI(object):
                 self.display.display("No config file found; using defaults")
 
     @staticmethod
-    def ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=False, confirm_vault=False, confirm_new=False):
+    def ask_vault_passwords(ask_new_vault_pass=False, rekey=False):
         ''' prompt for vault password and/or password change '''
 
         vault_pass = None
         new_vault_pass = None
 
         try:
-            if ask_vault_pass:
+            if rekey or not ask_new_vault_pass:
                 vault_pass = getpass.getpass(prompt="Vault password: ")
 
-            if ask_vault_pass and confirm_vault:
-                vault_pass2 = getpass.getpass(prompt="Confirm Vault password: ")
-                if vault_pass != vault_pass2:
-                    raise AnsibleError("Passwords do not match")
-
             if ask_new_vault_pass:
                 new_vault_pass = getpass.getpass(prompt="New Vault password: ")
-
-            if ask_new_vault_pass and confirm_new:
                 new_vault_pass2 = getpass.getpass(prompt="Confirm New Vault password: ")
                 if new_vault_pass != new_vault_pass2:
                     raise AnsibleError("Passwords do not match")
@@ -138,6 +131,9 @@ class CLI(object):
         if new_vault_pass:
             new_vault_pass = to_bytes(new_vault_pass, errors='strict', nonstring='simplerepr').strip()
 
+        if ask_new_vault_pass and not rekey:
+            vault_pass = new_vault_pass
+
         return vault_pass, new_vault_pass
 
 
diff --git a/lib/ansible/cli/adhoc.py b/lib/ansible/cli/adhoc.py
index 77b34fc3a4..f2d6780c93 100644
--- a/lib/ansible/cli/adhoc.py
+++ b/lib/ansible/cli/adhoc.py
@@ -109,7 +109,7 @@ class AdHocCLI(CLI):
             vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader=loader)
             loader.set_vault_password(vault_pass)
         elif self.options.ask_vault_pass:
-            vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0]
+            vault_pass = self.ask_vault_passwords()[0]
             loader.set_vault_password(vault_pass)
 
         variable_manager = VariableManager()
diff --git a/lib/ansible/cli/playbook.py b/lib/ansible/cli/playbook.py
index 417c41c6e9..33414601ed 100644
--- a/lib/ansible/cli/playbook.py
+++ b/lib/ansible/cli/playbook.py
@@ -100,7 +100,7 @@ class PlaybookCLI(CLI):
             vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader=loader)
             loader.set_vault_password(vault_pass)
         elif self.options.ask_vault_pass:
-            vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0]
+            vault_pass = self.ask_vault_passwords()[0]
             loader.set_vault_password(vault_pass)
 
         # initial error check, to make sure all specified playbooks are accessible
diff --git a/lib/ansible/cli/vault.py b/lib/ansible/cli/vault.py
index f3367ea28f..e4909cc255 100644
--- a/lib/ansible/cli/vault.py
+++ b/lib/ansible/cli/vault.py
@@ -93,7 +93,12 @@ class VaultCLI(CLI):
             # read vault_pass from a file
             self.vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader)
         else:
-            self.vault_pass, _= self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)
+            newpass = False
+            rekey = False
+            if self.options.new_vault_password_file:
+                newpass = self.action in ['create', 'rekey', 'encrypt']
+                rekey = self.action == 'rekey'
+            self.vault_pass, self.new_vault_pass = self.ask_vault_passwords(ask_new_vault_pass=newpass, rekey=rekey)
 
         if self.options.new_vault_password_file:
             # for rekey only
@@ -149,12 +154,7 @@ class VaultCLI(CLI):
             if not (os.path.isfile(f)):
                 raise AnsibleError(f + " does not exist")
 
-        if self.new_vault_pass:
-            new_password = self.new_vault_pass
-        else:
-            __, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
-
         for f in self.args:
-            self.editor.rekey_file(f, new_password)
+            self.editor.rekey_file(f, self.new_vault_pass)
 
         self.display.display("Rekey successful", stderr=True)
author	Brian Coca <bcoca@ansible.com>	2015-10-26 14:14:17 -0400
committer	Brian Coca <bcoca@ansible.com>	2015-10-26 14:14:17 -0400
commit	4486e136eaf1482a1e231debbd731a59c20796b3 (patch)
tree	6e963323e7daff770852fab1dacb85b10656ba83
parent	2b8633cec0b105a50aec384c28cadb1a7e00c75b (diff)
parent	368f4448dc4b0f110cbfcafe661b7f8de102abb6 (diff)
download	ansible-4486e136eaf1482a1e231debbd731a59c20796b3.tar.gz