Pass the filename to the individual VaultEditor methods, not __init__

Now we don't have to recreate VaultEditor objects for each file, and so
on. It also paves the way towards specifying separate input and output
files later.
This commit is contained in:
Abhijit Menon-Sen 2015-08-26 19:17:37 +05:30
parent a27c5741a1
commit 20fd9224bb
2 changed files with 39 additions and 45 deletions

View file

@ -83,6 +83,8 @@ class VaultCLI(CLI):
if not self.vault_pass:
raise AnsibleOptionsError("A password is required to use Ansible's Vault")
self.editor = VaultEditor(self.vault_pass)
self.execute()
def execute_create(self):
@ -90,36 +92,30 @@ class VaultCLI(CLI):
if len(self.args) > 1:
raise AnsibleOptionsError("ansible-vault create can take only one filename argument")
this_editor = VaultEditor(self.vault_pass, self.args[0])
this_editor.create_file()
self.editor.create_file(self.args[0])
def execute_decrypt(self):
for f in self.args:
this_editor = VaultEditor(self.vault_pass, f)
this_editor.decrypt_file()
self.editor.decrypt_file(f)
self.display.display("Decryption successful")
self.display.display("Decryption successful", stderr=True)
def execute_edit(self):
for f in self.args:
this_editor = VaultEditor(self.vault_pass, f)
this_editor.edit_file()
self.editor.edit_file(f)
def execute_view(self):
for f in self.args:
this_editor = VaultEditor(self.vault_pass, f)
this_editor.view_file()
self.editor.view_file(f)
def execute_encrypt(self):
for f in self.args:
this_editor = VaultEditor(self.vault_pass, f)
this_editor.encrypt_file()
self.editor.encrypt_file(f)
self.display.display("Encryption successful")
self.display.display("Encryption successful", stderr=True)
def execute_rekey(self):
for f in self.args:
@ -132,7 +128,6 @@ class VaultCLI(CLI):
__, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
for f in self.args:
this_editor = VaultEditor(self.vault_pass, f)
this_editor.rekey_file(new_password)
self.editor.rekey_file(new_password, f)
self.display.display("Rekey successful")
self.display.display("Rekey successful", stderr=True)

View file

@ -226,11 +226,10 @@ class VaultLib:
class VaultEditor:
def __init__(self, password, filename):
def __init__(self, password):
self.password = password
self.filename = filename
def _edit_file_helper(self, existing_data=None, force_save=False):
def _edit_file_helper(self, filename, existing_data=None, force_save=False):
# make sure the umask is set to a sane value
old_umask = os.umask(0o077)
@ -257,62 +256,62 @@ class VaultEditor:
self.write_data(enc_data, tmp_path)
# shuffle tmp file into place
self.shuffle_files(tmp_path, self.filename)
self.shuffle_files(tmp_path, filename)
# and restore umask
os.umask(old_umask)
def create_file(self):
def create_file(self, filename):
""" create a new encrypted file """
check_prereqs()
if os.path.isfile(self.filename):
raise AnsibleError("%s exists, please use 'edit' instead" % self.filename)
if os.path.isfile(filename):
raise AnsibleError("%s exists, please use 'edit' instead" % filename)
# Let the user specify contents and save file
self._edit_file_helper()
self._edit_file_helper(filename)
def decrypt_file(self):
def decrypt_file(self, filename):
check_prereqs()
if not os.path.isfile(self.filename):
raise AnsibleError("%s does not exist" % self.filename)
if not os.path.isfile(filename):
raise AnsibleError("%s does not exist" % filename)
tmpdata = self.read_data(self.filename)
tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password)
if this_vault.is_encrypted(tmpdata):
dec_data = this_vault.decrypt(tmpdata)
if dec_data is None:
raise AnsibleError("Decryption failed")
else:
self.write_data(dec_data, self.filename)
self.write_data(dec_data, filename)
else:
raise AnsibleError("%s is not encrypted" % self.filename)
raise AnsibleError("%s is not encrypted" % filename)
def edit_file(self):
def edit_file(self, filename):
check_prereqs()
# decrypt to tmpfile
tmpdata = self.read_data(self.filename)
tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password)
dec_data = this_vault.decrypt(tmpdata)
# let the user edit the data and save
if this_vault.cipher_name not in CIPHER_WRITE_WHITELIST:
# we want to get rid of files encrypted with the AES cipher
self._edit_file_helper(existing_data=dec_data, force_save=True)
self._edit_file_helper(filename, existing_data=dec_data, force_save=True)
else:
self._edit_file_helper(existing_data=dec_data, force_save=False)
self._edit_file_helper(filename, existing_data=dec_data, force_save=False)
def view_file(self):
def view_file(self, filename):
check_prereqs()
# decrypt to tmpfile
tmpdata = self.read_data(self.filename)
tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password)
dec_data = this_vault.decrypt(tmpdata)
_, tmp_path = tempfile.mkstemp()
@ -322,27 +321,27 @@ class VaultEditor:
call(self._pager_shell_command(tmp_path))
os.remove(tmp_path)
def encrypt_file(self):
def encrypt_file(self, filename):
check_prereqs()
if not os.path.isfile(self.filename):
raise AnsibleError("%s does not exist" % self.filename)
if not os.path.isfile(filename):
raise AnsibleError("%s does not exist" % filename)
tmpdata = self.read_data(self.filename)
tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password)
if not this_vault.is_encrypted(tmpdata):
enc_data = this_vault.encrypt(tmpdata)
self.write_data(enc_data, self.filename)
self.write_data(enc_data, filename)
else:
raise AnsibleError("%s is already encrypted" % self.filename)
raise AnsibleError("%s is already encrypted" % filename)
def rekey_file(self, new_password):
def rekey_file(self, new_password, filename):
check_prereqs()
# decrypt
tmpdata = self.read_data(self.filename)
tmpdata = self.read_data(filename)
this_vault = VaultLib(self.password)
dec_data = this_vault.decrypt(tmpdata)
@ -351,7 +350,7 @@ class VaultEditor:
# re-encrypt data and re-write file
enc_data = new_vault.encrypt(dec_data)
self.write_data(enc_data, self.filename)
self.write_data(enc_data, filename)
def read_data(self, filename):
f = open(filename, "rb")