Don't pass the cipher around so much

It's unused and unnecessary; VaultLib can decide for itself what cipher
to use when encrypting. There's no need (and no provision) for the user
to override the cipher via options, so there's no need for code to see
if that has been done either.
This commit is contained in:
Abhijit Menon-Sen 2015-08-26 18:20:57 +05:30
parent 017566a2d9
commit f91ad3dabe
2 changed files with 11 additions and 23 deletions

View file

@ -30,7 +30,6 @@ class VaultCLI(CLI):
""" Vault command line class """
VALID_ACTIONS = ("create", "decrypt", "edit", "encrypt", "rekey", "view")
CIPHER = 'AES256'
def __init__(self, args, display=None):
@ -91,15 +90,13 @@ class VaultCLI(CLI):
if len(self.args) > 1:
raise AnsibleOptionsError("ansible-vault create can take only one filename argument")
cipher = getattr(self.options, 'cipher', self.CIPHER)
this_editor = VaultEditor(cipher, self.vault_pass, self.args[0])
this_editor = VaultEditor(self.vault_pass, self.args[0])
this_editor.create_file()
def execute_decrypt(self):
cipher = getattr(self.options, 'cipher', self.CIPHER)
for f in self.args:
this_editor = VaultEditor(cipher, self.vault_pass, f)
this_editor = VaultEditor(self.vault_pass, f)
this_editor.decrypt_file()
self.display.display("Decryption successful")
@ -107,20 +104,19 @@ class VaultCLI(CLI):
def execute_edit(self):
for f in self.args:
this_editor = VaultEditor(None, self.vault_pass, f)
this_editor = VaultEditor(self.vault_pass, f)
this_editor.edit_file()
def execute_view(self):
for f in self.args:
this_editor = VaultEditor(None, self.vault_pass, f)
this_editor = VaultEditor(self.vault_pass, f)
this_editor.view_file()
def execute_encrypt(self):
cipher = getattr(self.options, 'cipher', self.CIPHER)
for f in self.args:
this_editor = VaultEditor(cipher, self.vault_pass, f)
this_editor = VaultEditor(self.vault_pass, f)
this_editor.encrypt_file()
self.display.display("Encryption successful")
@ -136,7 +132,7 @@ class VaultCLI(CLI):
__, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
for f in self.args:
this_editor = VaultEditor(None, self.vault_pass, f)
this_editor = VaultEditor(self.vault_pass, f)
this_editor.rekey_file(new_password)
self.display.display("Rekey successful")

View file

@ -230,13 +230,11 @@ class VaultEditor:
# file I/O, ditto read_file(self, filename) and launch_editor(self, filename)
# ... "Don't Repeat Yourself", etc.
def __init__(self, cipher_name, password, filename):
# instantiates a member variable for VaultLib
self.cipher_name = cipher_name
def __init__(self, password, filename):
self.password = password
self.filename = filename
def _edit_file_helper(self, existing_data=None, cipher=None, force_save=False):
def _edit_file_helper(self, existing_data=None, force_save=False):
# make sure the umask is set to a sane value
old_umask = os.umask(0o077)
@ -257,8 +255,6 @@ class VaultEditor:
# create new vault
this_vault = VaultLib(self.password)
if cipher:
this_vault.cipher_name = cipher
# encrypt new data and write out to tmp
enc_data = this_vault.encrypt(tmpdata)
@ -279,7 +275,7 @@ class VaultEditor:
raise AnsibleError("%s exists, please use 'edit' instead" % self.filename)
# Let the user specify contents and save file
self._edit_file_helper(cipher=self.cipher_name)
self._edit_file_helper()
def decrypt_file(self):
@ -311,9 +307,9 @@ class VaultEditor:
# let the user edit the data and save
if this_vault.cipher_name not in CIPHER_WRITE_WHITELIST:
# we want to get rid of files encrypted with the AES cipher
self._edit_file_helper(existing_data=dec_data, cipher=None, force_save=True)
self._edit_file_helper(existing_data=dec_data, force_save=True)
else:
self._edit_file_helper(existing_data=dec_data, cipher=this_vault.cipher_name, force_save=False)
self._edit_file_helper(existing_data=dec_data, force_save=False)
def view_file(self):
@ -339,7 +335,6 @@ class VaultEditor:
tmpdata = self.read_data(self.filename)
this_vault = VaultLib(self.password)
this_vault.cipher_name = self.cipher_name
if not this_vault.is_encrypted(tmpdata):
enc_data = this_vault.encrypt(tmpdata)
self.write_data(enc_data, self.filename)
@ -358,9 +353,6 @@ class VaultEditor:
# create new vault
new_vault = VaultLib(new_password)
# we want to force cipher to the default
#new_vault.cipher_name = this_vault.cipher_name
# re-encrypt data and re-write file
enc_data = new_vault.encrypt(dec_data)
self.write_data(enc_data, self.filename)