moved read_vault_file to CLI from utils and renamed to clearer read_vault_password_file

lib/ansible/cli/__init__.py

@@ -34,6 +34,7 @@ from ansible import constants as C
 from ansible.errors import AnsibleError, AnsibleOptionsError
 from ansible.utils.unicode import to_bytes
 from ansible.utils.display import Display
+from ansible.utils.path import is_executable
 
 class SortedOptParser(optparse.OptionParser):
     '''Optparser which sorts the options by opt before outputting --help'''
@@ -462,3 +463,33 @@ class CLI(object):
         t = self._CONST.sub("`" + r"\1" + "'", t)        # C(word) => `word'
 
         return t
+
+    @staticmethod
+    def read_vault_password_file(vault_password_file):
+        """
+        Read a vault password from a file or if executable, execute the script and
+        retrieve password from STDOUT
+        """
+
+        this_path = os.path.realpath(os.path.expanduser(vault_password_file))
+        if not os.path.exists(this_path):
+            raise AnsibleError("The vault password file %s was not found" % this_path)
+
+        if is_executable(this_path):
+            try:
+                # STDERR not captured to make it easier for users to prompt for input in their scripts
+                p = subprocess.Popen(this_path, stdout=subprocess.PIPE)
+            except OSError as e:
+                raise AnsibleError("Problem running vault password script %s (%s). If this is not a script, remove the executable bit from the file." % (' '.join(this_path), e))
+            stdout, stderr = p.communicate()
+            vault_pass = stdout.strip('\r\n')
+        else:
+            try:
+                f = open(this_path, "rb")
+                vault_pass=f.read().strip()
+                f.close()
+            except (OSError, IOError) as e:
+                raise AnsibleError("Could not read vault password file %s: %s" % (this_path, e))
+
+        return vault_pass
+

lib/ansible/cli/adhoc.py

@@ -24,7 +24,6 @@ from ansible.parsing import DataLoader
 from ansible.parsing.splitter import parse_kv
 from ansible.playbook.play import Play
 from ansible.cli import CLI
-from ansible.utils.vault import read_vault_file
 from ansible.vars import VariableManager
 
 ########################################################
@@ -95,7 +94,7 @@ class AdHocCLI(CLI):
 
         if self.options.vault_password_file:
             # read vault_pass from a file
-            vault_pass = read_vault_file(self.options.vault_password_file)
+            vault_pass = CLI.read_vault_password_file(self.options.vault_password_file)
         elif self.options.ask_vault_pass:
             vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0]
 

lib/ansible/cli/playbook.py

@@ -34,7 +34,6 @@ from ansible.playbook.task import Task
 from ansible.utils.display import Display
 from ansible.utils.unicode import to_unicode
 from ansible.utils.vars import combine_vars
-from ansible.utils.vault import read_vault_file
 from ansible.vars import VariableManager
 
 #---------------------------------------------------------------------------------------------------
@@ -98,7 +97,7 @@ class PlaybookCLI(CLI):
 
         if self.options.vault_password_file:
             # read vault_pass from a file
-            vault_pass = read_vault_file(self.options.vault_password_file)
+            vault_pass = CLI.read_vault_password_file(self.options.vault_password_file)
         elif self.options.ask_vault_pass:
             vault_pass = self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)[0]
 

lib/ansible/cli/pull.py

@@ -28,7 +28,6 @@ from ansible.errors import AnsibleError, AnsibleOptionsError
 from ansible.cli import CLI
 from ansible.plugins import module_loader
 from ansible.utils.display import Display
-from ansible.utils.vault import read_vault_file
 from ansible.utils.cmd_functions import run_cmd
 
 ########################################################

lib/ansible/cli/vault.py

@@ -25,7 +25,6 @@ from ansible.errors import AnsibleError, AnsibleOptionsError
 from ansible.parsing.vault import VaultEditor
 from ansible.cli import CLI
 from ansible.utils.display import Display
-from ansible.utils.vault import read_vault_file
 
 class VaultCLI(CLI):
     """ Vault command line class """
@@ -74,7 +73,7 @@ class VaultCLI(CLI):
 
         if self.options.vault_password_file:
             # read vault_pass from a file
-            self.vault_pass = read_vault_file(self.options.vault_password_file)
+            self.vault_pass = read_vault_password_file(self.options.vault_password_file)
         elif self.options.ask_vault_pass:
             self.vault_pass, _= self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)
 

lib/ansible/utils/vault.py

@@ -1,56 +0,0 @@
-# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
-#
-# This file is part of Ansible
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
-
-# Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-import os
-import subprocess
-
-from ansible import constants as C
-from ansible.errors import AnsibleError
-from ansible.utils.path import is_executable
-
-def read_vault_file(vault_password_file):
-    """
-    Read a vault password from a file or if executable, execute the script and
-    retrieve password from STDOUT
-    """
-
-    this_path = os.path.realpath(os.path.expanduser(vault_password_file))
-    if not os.path.exists(this_path):
-        raise AnsibleError("The vault password file %s was not found" % this_path)
-
-    if is_executable(this_path):
-        try:
-            # STDERR not captured to make it easier for users to prompt for input in their scripts
-            p = subprocess.Popen(this_path, stdout=subprocess.PIPE)
-        except OSError as e:
-            raise AnsibleError("Problem running vault password script %s (%s). If this is not a script, remove the executable bit from the file." % (' '.join(this_path), e))
-        stdout, stderr = p.communicate()
-        vault_pass = stdout.strip('\r\n')
-    else:
-        try:
-            f = open(this_path, "rb")
-            vault_pass=f.read().strip()
-            f.close()
-        except (OSError, IOError) as e:
-            raise AnsibleError("Could not read vault password file %s: %s" % (this_path, e))
-
-    return vault_pass
-