Don't create a VaultLib in each method; do it in __init__ instead
This commit is contained in:
parent
ef594f708c
commit
e99395f0c0
1 changed files with 10 additions and 18 deletions
|
@ -227,7 +227,7 @@ class VaultLib:
|
||||||
class VaultEditor:
|
class VaultEditor:
|
||||||
|
|
||||||
def __init__(self, password):
|
def __init__(self, password):
|
||||||
self.password = password
|
self.vault = VaultLib(password)
|
||||||
|
|
||||||
def _edit_file_helper(self, filename, existing_data=None, force_save=False):
|
def _edit_file_helper(self, filename, existing_data=None, force_save=False):
|
||||||
# make sure the umask is set to a sane value
|
# make sure the umask is set to a sane value
|
||||||
|
@ -248,11 +248,8 @@ class VaultEditor:
|
||||||
os.remove(tmp_path)
|
os.remove(tmp_path)
|
||||||
return
|
return
|
||||||
|
|
||||||
# create new vault
|
|
||||||
this_vault = VaultLib(self.password)
|
|
||||||
|
|
||||||
# encrypt new data and write out to tmp
|
# encrypt new data and write out to tmp
|
||||||
enc_data = this_vault.encrypt(tmpdata)
|
enc_data = self.vault.encrypt(tmpdata)
|
||||||
self.write_data(enc_data, tmp_path)
|
self.write_data(enc_data, tmp_path)
|
||||||
|
|
||||||
# shuffle tmp file into place
|
# shuffle tmp file into place
|
||||||
|
@ -280,9 +277,8 @@ class VaultEditor:
|
||||||
raise AnsibleError("%s does not exist" % filename)
|
raise AnsibleError("%s does not exist" % filename)
|
||||||
|
|
||||||
tmpdata = self.read_data(filename)
|
tmpdata = self.read_data(filename)
|
||||||
this_vault = VaultLib(self.password)
|
if self.vault.is_encrypted(tmpdata):
|
||||||
if this_vault.is_encrypted(tmpdata):
|
dec_data = self.vault.decrypt(tmpdata)
|
||||||
dec_data = this_vault.decrypt(tmpdata)
|
|
||||||
if dec_data is None:
|
if dec_data is None:
|
||||||
raise AnsibleError("Decryption failed")
|
raise AnsibleError("Decryption failed")
|
||||||
else:
|
else:
|
||||||
|
@ -296,11 +292,10 @@ class VaultEditor:
|
||||||
|
|
||||||
# decrypt to tmpfile
|
# decrypt to tmpfile
|
||||||
tmpdata = self.read_data(filename)
|
tmpdata = self.read_data(filename)
|
||||||
this_vault = VaultLib(self.password)
|
dec_data = self.vault.decrypt(tmpdata)
|
||||||
dec_data = this_vault.decrypt(tmpdata)
|
|
||||||
|
|
||||||
# let the user edit the data and save
|
# let the user edit the data and save
|
||||||
if this_vault.cipher_name not in CIPHER_WRITE_WHITELIST:
|
if self.vault.cipher_name not in CIPHER_WRITE_WHITELIST:
|
||||||
# we want to get rid of files encrypted with the AES cipher
|
# we want to get rid of files encrypted with the AES cipher
|
||||||
self._edit_file_helper(filename, existing_data=dec_data, force_save=True)
|
self._edit_file_helper(filename, existing_data=dec_data, force_save=True)
|
||||||
else:
|
else:
|
||||||
|
@ -312,8 +307,7 @@ class VaultEditor:
|
||||||
|
|
||||||
# decrypt to tmpfile
|
# decrypt to tmpfile
|
||||||
tmpdata = self.read_data(filename)
|
tmpdata = self.read_data(filename)
|
||||||
this_vault = VaultLib(self.password)
|
dec_data = self.vault.decrypt(tmpdata)
|
||||||
dec_data = this_vault.decrypt(tmpdata)
|
|
||||||
_, tmp_path = tempfile.mkstemp()
|
_, tmp_path = tempfile.mkstemp()
|
||||||
self.write_data(dec_data, tmp_path)
|
self.write_data(dec_data, tmp_path)
|
||||||
|
|
||||||
|
@ -329,9 +323,8 @@ class VaultEditor:
|
||||||
raise AnsibleError("%s does not exist" % filename)
|
raise AnsibleError("%s does not exist" % filename)
|
||||||
|
|
||||||
tmpdata = self.read_data(filename)
|
tmpdata = self.read_data(filename)
|
||||||
this_vault = VaultLib(self.password)
|
if not self.vault.is_encrypted(tmpdata):
|
||||||
if not this_vault.is_encrypted(tmpdata):
|
enc_data = self.vault.encrypt(tmpdata)
|
||||||
enc_data = this_vault.encrypt(tmpdata)
|
|
||||||
self.write_data(enc_data, filename)
|
self.write_data(enc_data, filename)
|
||||||
else:
|
else:
|
||||||
raise AnsibleError("%s is already encrypted" % filename)
|
raise AnsibleError("%s is already encrypted" % filename)
|
||||||
|
@ -342,8 +335,7 @@ class VaultEditor:
|
||||||
|
|
||||||
# decrypt
|
# decrypt
|
||||||
tmpdata = self.read_data(filename)
|
tmpdata = self.read_data(filename)
|
||||||
this_vault = VaultLib(self.password)
|
dec_data = self.vault.decrypt(tmpdata)
|
||||||
dec_data = this_vault.decrypt(tmpdata)
|
|
||||||
|
|
||||||
# create new vault
|
# create new vault
|
||||||
new_vault = VaultLib(new_password)
|
new_vault = VaultLib(new_password)
|
||||||
|
|
Loading…
Add table
Reference in a new issue