parent
25e3fe04a8
commit
368f4448dc
4 changed files with 14 additions and 18 deletions
lib/ansible/cli
|
@ -107,25 +107,18 @@ class CLI(object):
|
||||||
self.display.display("No config file found; using defaults")
|
self.display.display("No config file found; using defaults")
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=False, confirm_vault=False, confirm_new=False):
|
def ask_vault_passwords(ask_new_vault_pass=False, rekey=False):
|
||||||
''' prompt for vault password and/or password change '''
|
''' prompt for vault password and/or password change '''
|
||||||
|
|
||||||
vault_pass = None
|
vault_pass = None
|
||||||
new_vault_pass = None
|
new_vault_pass = None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if ask_vault_pass:
|
if rekey or not ask_new_vault_pass:
|
||||||
vault_pass = getpass.getpass(prompt="Vault password: ")
|
vault_pass = getpass.getpass(prompt="Vault password: ")
|
||||||
|
|
||||||
if ask_vault_pass and confirm_vault:
|
|
||||||
vault_pass2 = getpass.getpass(prompt="Confirm Vault password: ")
|
|
||||||
if vault_pass != vault_pass2:
|
|
||||||
raise AnsibleError("Passwords do not match")
|
|
||||||
|
|
||||||
if ask_new_vault_pass:
|
if ask_new_vault_pass:
|
||||||
new_vault_pass = getpass.getpass(prompt="New Vault password: ")
|
new_vault_pass = getpass.getpass(prompt="New Vault password: ")
|
||||||
|
|
||||||
if ask_new_vault_pass and confirm_new:
|
|
||||||
new_vault_pass2 = getpass.getpass(prompt="Confirm New Vault password: ")
|
new_vault_pass2 = getpass.getpass(prompt="Confirm New Vault password: ")
|
||||||
if new_vault_pass != new_vault_pass2:
|
if new_vault_pass != new_vault_pass2:
|
||||||
raise AnsibleError("Passwords do not match")
|
raise AnsibleError("Passwords do not match")
|
||||||
|
@ -138,6 +131,9 @@ class CLI(object):
|
||||||
if new_vault_pass:
|
if new_vault_pass:
|
||||||
new_vault_pass = to_bytes(new_vault_pass, errors='strict', nonstring='simplerepr').strip()
|
new_vault_pass = to_bytes(new_vault_pass, errors='strict', nonstring='simplerepr').strip()
|
||||||
|
|
||||||
|
if ask_new_vault_pass and not rekey:
|
||||||
|
vault_pass = new_vault_pass
|
||||||
|
|
||||||
return vault_pass, new_vault_pass
|
return vault_pass, new_vault_pass
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -109,7 +109,7 @@ class AdHocCLI(CLI):
|
||||||
vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader=loader)
|
vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader=loader)
|
||||||
loader.set_vault_password(vault_pass)
|
loader.set_vault_password(vault_pass)
|
||||||
elif self.options.ask_vault_pass:
|
elif self.options.ask_vault_pass:
|
||||||
vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0]
|
vault_pass = self.ask_vault_passwords()[0]
|
||||||
loader.set_vault_password(vault_pass)
|
loader.set_vault_password(vault_pass)
|
||||||
|
|
||||||
variable_manager = VariableManager()
|
variable_manager = VariableManager()
|
||||||
|
|
|
@ -100,7 +100,7 @@ class PlaybookCLI(CLI):
|
||||||
vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader=loader)
|
vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader=loader)
|
||||||
loader.set_vault_password(vault_pass)
|
loader.set_vault_password(vault_pass)
|
||||||
elif self.options.ask_vault_pass:
|
elif self.options.ask_vault_pass:
|
||||||
vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0]
|
vault_pass = self.ask_vault_passwords()[0]
|
||||||
loader.set_vault_password(vault_pass)
|
loader.set_vault_password(vault_pass)
|
||||||
|
|
||||||
# initial error check, to make sure all specified playbooks are accessible
|
# initial error check, to make sure all specified playbooks are accessible
|
||||||
|
|
|
@ -93,7 +93,12 @@ class VaultCLI(CLI):
|
||||||
# read vault_pass from a file
|
# read vault_pass from a file
|
||||||
self.vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader)
|
self.vault_pass = CLI.read_vault_password_file(self.options.vault_password_file, loader)
|
||||||
else:
|
else:
|
||||||
self.vault_pass, _= self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)
|
newpass = False
|
||||||
|
rekey = False
|
||||||
|
if self.options.new_vault_password_file:
|
||||||
|
newpass = self.action in ['create', 'rekey', 'encrypt']
|
||||||
|
rekey = self.action == 'rekey'
|
||||||
|
self.vault_pass, self.new_vault_pass = self.ask_vault_passwords(ask_new_vault_pass=newpass, rekey=rekey)
|
||||||
|
|
||||||
if self.options.new_vault_password_file:
|
if self.options.new_vault_password_file:
|
||||||
# for rekey only
|
# for rekey only
|
||||||
|
@ -149,12 +154,7 @@ class VaultCLI(CLI):
|
||||||
if not (os.path.isfile(f)):
|
if not (os.path.isfile(f)):
|
||||||
raise AnsibleError(f + " does not exist")
|
raise AnsibleError(f + " does not exist")
|
||||||
|
|
||||||
if self.new_vault_pass:
|
|
||||||
new_password = self.new_vault_pass
|
|
||||||
else:
|
|
||||||
__, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
|
|
||||||
|
|
||||||
for f in self.args:
|
for f in self.args:
|
||||||
self.editor.rekey_file(f, new_password)
|
self.editor.rekey_file(f, self.new_vault_pass)
|
||||||
|
|
||||||
self.display.display("Rekey successful", stderr=True)
|
self.display.display("Rekey successful", stderr=True)
|
||||||
|
|
Loading…
Add table
Reference in a new issue