Commit graph

10 commits

Author SHA1 Message Date
Matt Martz
87aa59af79 Legacy pep8 updates for setup.py and tests 2017-02-11 16:04:52 -08:00
Brian Coca
a2c38c47aa added docs for vault and made trigger shorter: !vault (#20985)
* added docs for vault and made trigger shorter: !vault

* added single var valuting

* Update playbooks_vault.rst

Edit pass for spelling and grammar. Ship it!

* Update playbooks_vault.rst

Typo fixes.
2017-02-03 15:28:50 -05:00
Adrian Likins
c771ab34c7 Add a encode() to AnsibleVaultEncryptedUnicode (#19840)
* Add a encode() to AnsibleVaultEncryptedUnicode

Without it, calling encode() on it results in a bytestring
of the encrypted !vault-encrypted string.

ssh connection plugin triggers this if ansible_password
is from a var using !vault-encrypted. That path ends up
calling .encode() instead of using the __str__.

Fixes #19795

* Fix str.encode() errors on py2.6

py2.6 str.encode() does not take keyword arguments.
2017-01-04 12:17:19 -05:00
Adrian Likins
51e3ef89a9 Add error info if tabs are found in the yaml (#18343)
If a yaml file fails to load because of tabs being used
for formatting, detect that and show a error message
with more details.
2016-11-08 11:43:08 -05:00
Toshio Kuratomi
4ed88512e4 Move uses of to_bytes, to_text, to_native to use the module_utils version (#17423)
We couldn't copy to_unicode, to_bytes, to_str into module_utils because
of licensing.  So once created it we had two sets of functions that did
the same things but had different implementations.  To remedy that, this
change removes the ansible.utils.unicode versions of those functions.
2016-09-06 22:54:17 -07:00
Adrian Likins
e396d5d508 Implement vault encrypted yaml variables. (#16274)
Make !vault-encrypted create a AnsibleVaultUnicode
yaml object that can be used as a regular string object.

This allows a playbook to include a encrypted vault
blob for the value of a yaml variable. A 'secret_password'
variable can have it's value encrypted instead of having
to vault encrypt an entire vars file.

Add __ENCRYPTED__ to the vault yaml types so
template.Template can treat it similar
to __UNSAFE__ flags.

vault.VaultLib api changes:
    - Split VaultLib.encrypt to encrypt and encrypt_bytestring

    - VaultLib.encrypt() previously accepted the plaintext data
      as either a byte string or a unicode string.
      Doing the right thing based on the input type would fail
      on py3 if given a arg of type 'bytes'. To simplify the
      API, vaultlib.encrypt() now assumes input plaintext is a
      py2 unicode or py3 str. It will encode to utf-8 then call
      the new encrypt_bytestring(). The new methods are less
      ambiguous.

    - moved VaultLib.is_encrypted logic to vault module scope
      and split to is_encrypted() and is_encrypted_file().

Add a test/unit/mock/yaml_helper.py
It has some helpers for testing parsing/yaml

Integration tests added as roles test_vault and test_vault_embedded
2016-08-23 20:03:11 -04:00
Toshio Kuratomi
7cb29cdbec Workaround py2.6's StringIO 2016-02-26 17:59:00 -08:00
Toshio Kuratomi
b70bf3b056 Use io.StringIO and io.BytesIO instead of StringIO.StringIO for compat with py3 2016-02-26 16:43:05 -08:00
Matt Martz
2cd3a1be00 assertRaises should be given an exception type. Fixes 11441 2015-06-30 11:02:33 -05:00
James Cammarata
ce3ef7f4c1 Making the switch to v2 2015-05-03 21:47:26 -05:00