From 20fd9224bbf82df0260f700e5dcddbefe9965bde Mon Sep 17 00:00:00 2001 From: Abhijit Menon-Sen Date: Wed, 26 Aug 2015 19:17:37 +0530 Subject: [PATCH] Pass the filename to the individual VaultEditor methods, not __init__ Now we don't have to recreate VaultEditor objects for each file, and so on. It also paves the way towards specifying separate input and output files later. --- lib/ansible/cli/vault.py | 27 ++++++------- lib/ansible/parsing/vault/__init__.py | 57 +++++++++++++-------------- 2 files changed, 39 insertions(+), 45 deletions(-) diff --git a/lib/ansible/cli/vault.py b/lib/ansible/cli/vault.py index c68e620a183..d28abacd5ac 100644 --- a/lib/ansible/cli/vault.py +++ b/lib/ansible/cli/vault.py @@ -83,6 +83,8 @@ class VaultCLI(CLI): if not self.vault_pass: raise AnsibleOptionsError("A password is required to use Ansible's Vault") + self.editor = VaultEditor(self.vault_pass) + self.execute() def execute_create(self): @@ -90,36 +92,30 @@ class VaultCLI(CLI): if len(self.args) > 1: raise AnsibleOptionsError("ansible-vault create can take only one filename argument") - this_editor = VaultEditor(self.vault_pass, self.args[0]) - this_editor.create_file() + self.editor.create_file(self.args[0]) def execute_decrypt(self): for f in self.args: - this_editor = VaultEditor(self.vault_pass, f) - this_editor.decrypt_file() + self.editor.decrypt_file(f) - self.display.display("Decryption successful") + self.display.display("Decryption successful", stderr=True) def execute_edit(self): - for f in self.args: - this_editor = VaultEditor(self.vault_pass, f) - this_editor.edit_file() + self.editor.edit_file(f) def execute_view(self): for f in self.args: - this_editor = VaultEditor(self.vault_pass, f) - this_editor.view_file() + self.editor.view_file(f) def execute_encrypt(self): for f in self.args: - this_editor = VaultEditor(self.vault_pass, f) - this_editor.encrypt_file() + self.editor.encrypt_file(f) - self.display.display("Encryption successful") + self.display.display("Encryption successful", stderr=True) def execute_rekey(self): for f in self.args: @@ -132,7 +128,6 @@ class VaultCLI(CLI): __, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True) for f in self.args: - this_editor = VaultEditor(self.vault_pass, f) - this_editor.rekey_file(new_password) + self.editor.rekey_file(new_password, f) - self.display.display("Rekey successful") + self.display.display("Rekey successful", stderr=True) diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index d932c94160c..c9f2c4a4f66 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -226,11 +226,10 @@ class VaultLib: class VaultEditor: - def __init__(self, password, filename): + def __init__(self, password): self.password = password - self.filename = filename - def _edit_file_helper(self, existing_data=None, force_save=False): + def _edit_file_helper(self, filename, existing_data=None, force_save=False): # make sure the umask is set to a sane value old_umask = os.umask(0o077) @@ -257,62 +256,62 @@ class VaultEditor: self.write_data(enc_data, tmp_path) # shuffle tmp file into place - self.shuffle_files(tmp_path, self.filename) + self.shuffle_files(tmp_path, filename) # and restore umask os.umask(old_umask) - def create_file(self): + def create_file(self, filename): """ create a new encrypted file """ check_prereqs() - if os.path.isfile(self.filename): - raise AnsibleError("%s exists, please use 'edit' instead" % self.filename) + if os.path.isfile(filename): + raise AnsibleError("%s exists, please use 'edit' instead" % filename) # Let the user specify contents and save file - self._edit_file_helper() + self._edit_file_helper(filename) - def decrypt_file(self): + def decrypt_file(self, filename): check_prereqs() - if not os.path.isfile(self.filename): - raise AnsibleError("%s does not exist" % self.filename) + if not os.path.isfile(filename): + raise AnsibleError("%s does not exist" % filename) - tmpdata = self.read_data(self.filename) + tmpdata = self.read_data(filename) this_vault = VaultLib(self.password) if this_vault.is_encrypted(tmpdata): dec_data = this_vault.decrypt(tmpdata) if dec_data is None: raise AnsibleError("Decryption failed") else: - self.write_data(dec_data, self.filename) + self.write_data(dec_data, filename) else: - raise AnsibleError("%s is not encrypted" % self.filename) + raise AnsibleError("%s is not encrypted" % filename) - def edit_file(self): + def edit_file(self, filename): check_prereqs() # decrypt to tmpfile - tmpdata = self.read_data(self.filename) + tmpdata = self.read_data(filename) this_vault = VaultLib(self.password) dec_data = this_vault.decrypt(tmpdata) # let the user edit the data and save if this_vault.cipher_name not in CIPHER_WRITE_WHITELIST: # we want to get rid of files encrypted with the AES cipher - self._edit_file_helper(existing_data=dec_data, force_save=True) + self._edit_file_helper(filename, existing_data=dec_data, force_save=True) else: - self._edit_file_helper(existing_data=dec_data, force_save=False) + self._edit_file_helper(filename, existing_data=dec_data, force_save=False) - def view_file(self): + def view_file(self, filename): check_prereqs() # decrypt to tmpfile - tmpdata = self.read_data(self.filename) + tmpdata = self.read_data(filename) this_vault = VaultLib(self.password) dec_data = this_vault.decrypt(tmpdata) _, tmp_path = tempfile.mkstemp() @@ -322,27 +321,27 @@ class VaultEditor: call(self._pager_shell_command(tmp_path)) os.remove(tmp_path) - def encrypt_file(self): + def encrypt_file(self, filename): check_prereqs() - if not os.path.isfile(self.filename): - raise AnsibleError("%s does not exist" % self.filename) + if not os.path.isfile(filename): + raise AnsibleError("%s does not exist" % filename) - tmpdata = self.read_data(self.filename) + tmpdata = self.read_data(filename) this_vault = VaultLib(self.password) if not this_vault.is_encrypted(tmpdata): enc_data = this_vault.encrypt(tmpdata) - self.write_data(enc_data, self.filename) + self.write_data(enc_data, filename) else: - raise AnsibleError("%s is already encrypted" % self.filename) + raise AnsibleError("%s is already encrypted" % filename) - def rekey_file(self, new_password): + def rekey_file(self, new_password, filename): check_prereqs() # decrypt - tmpdata = self.read_data(self.filename) + tmpdata = self.read_data(filename) this_vault = VaultLib(self.password) dec_data = this_vault.decrypt(tmpdata) @@ -351,7 +350,7 @@ class VaultEditor: # re-encrypt data and re-write file enc_data = new_vault.encrypt(dec_data) - self.write_data(enc_data, self.filename) + self.write_data(enc_data, filename) def read_data(self, filename): f = open(filename, "rb")