summaryrefslogtreecommitdiff
path: root/bin/ansible-vault
diff options
context:
space:
mode:
authorJames Tanner <tanner.jc@gmail.com>2014-02-24 13:09:36 -0500
committerJames Tanner <tanner.jc@gmail.com>2014-02-24 13:09:36 -0500
commit52a8efefbae9192ed153b89fa907a4086242666e (patch)
tree74b741fa0706d4d1a3ecd5c6c70891c559fff610 /bin/ansible-vault
parent13604e75f49d2c260b7ac62970bd68f04c924492 (diff)
downloadansible-52a8efefbae9192ed153b89fa907a4086242666e.tar.gz
Vault rewrite, pass 1
Diffstat (limited to 'bin/ansible-vault')
-rwxr-xr-xbin/ansible-vault56
1 files changed, 30 insertions, 26 deletions
diff --git a/bin/ansible-vault b/bin/ansible-vault
index 6c793b871a..7d3c7f208c 100755
--- a/bin/ansible-vault
+++ b/bin/ansible-vault
@@ -20,13 +20,13 @@
# example playbook to bootstrap this script in the examples/ dir which
# installs ansible and sets it up to run on cron.
+import os
import sys
import traceback
from ansible import utils
from ansible import errors
-from ansible.utils.vault import *
-from ansible.utils.vault import Vault
+from ansible.utils.vault import VaultEditor
from optparse import OptionParser
@@ -100,32 +100,30 @@ def get_opt(options, k, defval=""):
# Command functions
#-------------------------------------------------------------------------------------
-def _get_vault(filename, options, password):
- this_vault = Vault()
- this_vault.filename = filename
- this_vault.vault_password = password
- this_vault.password = password
- return this_vault
-
def execute_create(args, options, parser):
if len(args) > 1:
- raise errors.AnsibleError("create does not accept more than one filename")
-
+ raise errors.AnsibleError("'create' does not accept more than one filename")
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
- this_vault = _get_vault(args[0], options, password)
- if not hasattr(options, 'cipher'):
- this_vault.cipher = 'AES'
- this_vault.create()
+ cipher = 'AES'
+ if hasattr(options, 'cipher'):
+ cipher = options.cipher
+
+ this_editor = VaultEditor(cipher, password, args[0])
+ this_editor.create_file()
def execute_decrypt(args, options, parser):
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
+ cipher = 'AES'
+ if hasattr(options, 'cipher'):
+ cipher = options.cipher
+
for f in args:
- this_vault = _get_vault(f, options, password)
- this_vault.decrypt()
+ this_editor = VaultEditor(cipher, password, f)
+ this_editor.decrypt_file()
print "Decryption successful"
@@ -136,29 +134,35 @@ def execute_edit(args, options, parser):
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
+ cipher = None
+
for f in args:
- this_vault = _get_vault(f, options, password)
- this_vault.edit()
+ this_editor = VaultEditor(cipher, password, f)
+ this_editor.edit_file()
def execute_encrypt(args, options, parser):
+ if len(args) > 1:
+ raise errors.AnsibleError("'create' does not accept more than one filename")
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
+ cipher = 'AES'
+ if hasattr(options, 'cipher'):
+ cipher = options.cipher
+
for f in args:
- this_vault = _get_vault(f, options, password)
- if not hasattr(options, 'cipher'):
- this_vault.cipher = 'AES'
- this_vault.encrypt()
+ this_editor = VaultEditor(cipher, password, f)
+ this_editor.encrypt_file()
print "Encryption successful"
def execute_rekey(args, options, parser):
password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=True, confirm_new=True)
-
+ cipher = None
for f in args:
- this_vault = _get_vault(f, options, password)
- this_vault.rekey(new_password)
+ this_editor = VaultEditor(cipher, password, f)
+ this_editor.rekey_file(new_password)
print "Rekey successful"