Only expose rekey options to ansible-vault command
`ansible-vault` is the only cli command which knows how to handle the rekey options `--new-vault-id` and `--new-vault-password-file`. No point in exposing those rekey options to any of the other ansible commands. On a practical level I think this matters most in ensuring that `--help` doesn't produce any false/unhelpful output.
This commit is contained in:
parent
a0dc776f56
commit
b78ab37a94
2 changed files with 6 additions and 3 deletions
|
@ -413,7 +413,7 @@ class CLI(with_metaclass(ABCMeta, object)):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def base_parser(usage="", output_opts=False, runas_opts=False, meta_opts=False, runtask_opts=False, vault_opts=False, module_opts=False,
|
def base_parser(usage="", output_opts=False, runas_opts=False, meta_opts=False, runtask_opts=False, vault_opts=False, module_opts=False,
|
||||||
async_opts=False, connect_opts=False, subset_opts=False, check_opts=False, inventory_opts=False, epilog=None, fork_opts=False,
|
async_opts=False, connect_opts=False, subset_opts=False, check_opts=False, inventory_opts=False, epilog=None, fork_opts=False,
|
||||||
runas_prompt_opts=False, desc=None, basedir_opts=False):
|
runas_prompt_opts=False, desc=None, basedir_opts=False, vault_rekey_opts=False):
|
||||||
''' create an options parser for most ansible scripts '''
|
''' create an options parser for most ansible scripts '''
|
||||||
|
|
||||||
# base opts
|
# base opts
|
||||||
|
@ -446,10 +446,12 @@ class CLI(with_metaclass(ABCMeta, object)):
|
||||||
help='ask for vault password')
|
help='ask for vault password')
|
||||||
parser.add_option('--vault-password-file', default=[], dest='vault_password_files',
|
parser.add_option('--vault-password-file', default=[], dest='vault_password_files',
|
||||||
help="vault password file", action="callback", callback=CLI.unfrack_paths, type='string')
|
help="vault password file", action="callback", callback=CLI.unfrack_paths, type='string')
|
||||||
parser.add_option('--new-vault-password-file', default=[], dest='new_vault_password_files',
|
|
||||||
help="new vault password file for rekey", action="callback", callback=CLI.unfrack_paths, type='string')
|
|
||||||
parser.add_option('--vault-id', default=[], dest='vault_ids', action='append', type='string',
|
parser.add_option('--vault-id', default=[], dest='vault_ids', action='append', type='string',
|
||||||
help='the vault identity to use')
|
help='the vault identity to use')
|
||||||
|
|
||||||
|
if vault_rekey_opts:
|
||||||
|
parser.add_option('--new-vault-password-file', default=[], dest='new_vault_password_files',
|
||||||
|
help="new vault password file for rekey", action="callback", callback=CLI.unfrack_paths, type='string')
|
||||||
parser.add_option('--new-vault-id', default=None, dest='new_vault_id', type='string',
|
parser.add_option('--new-vault-id', default=None, dest='new_vault_id', type='string',
|
||||||
help='the new vault identity to use for rekey')
|
help='the new vault identity to use for rekey')
|
||||||
|
|
||||||
|
|
|
@ -110,6 +110,7 @@ class VaultCLI(CLI):
|
||||||
|
|
||||||
self.parser = CLI.base_parser(
|
self.parser = CLI.base_parser(
|
||||||
vault_opts=True,
|
vault_opts=True,
|
||||||
|
vault_rekey_opts=True,
|
||||||
usage="usage: %%prog [%s] [options] [vaultfile.yml]" % "|".join(self.VALID_ACTIONS),
|
usage="usage: %%prog [%s] [options] [vaultfile.yml]" % "|".join(self.VALID_ACTIONS),
|
||||||
desc="encryption/decryption utility for Ansible data files",
|
desc="encryption/decryption utility for Ansible data files",
|
||||||
epilog="\nSee '%s <command> --help' for more information on a specific command.\n\n" % os.path.basename(sys.argv[0])
|
epilog="\nSee '%s <command> --help' for more information on a specific command.\n\n" % os.path.basename(sys.argv[0])
|
||||||
|
|
Loading…
Reference in a new issue