Pass the filename to the individual VaultEditor methods, not __init__

Now we don't have to recreate VaultEditor objects for each file, and so on. It also paves the way towards specifying separate input and output files later.
9 years ago · 20fd9224bb
parent a27c5741a1
commit 20fd9224bb
2 changed files with 39 additions and 45 deletions
--- a/lib/ansible/cli/vault.py
+++ b/lib/ansible/cli/vault.py
@ -83,6 +83,8 @@ class VaultCLI(CLI):
        if not self.vault_pass:
            raise AnsibleOptionsError("A password is required to use Ansible's Vault")
        self.editor = VaultEditor(self.vault_pass)
        self.execute()
    def execute_create(self):
@ -90,36 +92,30 @@ class VaultCLI(CLI):
        if len(self.args) > 1:
            raise AnsibleOptionsError("ansible-vault create can take only one filename argument")
-        this_editor = VaultEditor(self.vault_pass, self.args[0])
+        self.editor.create_file(self.args[0])
        this_editor.create_file()
    def execute_decrypt(self):
        for f in self.args:
-            this_editor = VaultEditor(self.vault_pass, f)
+            self.editor.decrypt_file(f)
            this_editor.decrypt_file()
-        self.display.display("Decryption successful")
+        self.display.display("Decryption successful", stderr=True)
    def execute_edit(self):
        for f in self.args:
-            this_editor = VaultEditor(self.vault_pass, f)
+            self.editor.edit_file(f)
            this_editor.edit_file()
    def execute_view(self):
        for f in self.args:
-            this_editor = VaultEditor(self.vault_pass, f)
+            self.editor.view_file(f)
            this_editor.view_file()
    def execute_encrypt(self):
        for f in self.args:
-            this_editor = VaultEditor(self.vault_pass, f)
+            self.editor.encrypt_file(f)
            this_editor.encrypt_file()
-        self.display.display("Encryption successful")
+        self.display.display("Encryption successful", stderr=True)
    def execute_rekey(self):
        for f in self.args:
@ -132,7 +128,6 @@ class VaultCLI(CLI):
            __, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
        for f in self.args:
-            this_editor = VaultEditor(self.vault_pass, f)
+            self.editor.rekey_file(new_password, f)
            this_editor.rekey_file(new_password)
-        self.display.display("Rekey successful")
+        self.display.display("Rekey successful", stderr=True)
--- a/lib/ansible/parsing/vault/init.py
+++ b/lib/ansible/parsing/vault/init.py
@ -226,11 +226,10 @@ class VaultLib:
 class VaultEditor:
-    def __init__(self, password, filename):
+    def __init__(self, password):
        self.password = password
        self.filename = filename
-    def _edit_file_helper(self, existing_data=None, force_save=False):
+    def _edit_file_helper(self, filename, existing_data=None, force_save=False):
        # make sure the umask is set to a sane value
        old_umask = os.umask(0o077)
@ -257,62 +256,62 @@ class VaultEditor:
        self.write_data(enc_data, tmp_path)
        # shuffle tmp file into place
-        self.shuffle_files(tmp_path, self.filename)
+        self.shuffle_files(tmp_path, filename)
        # and restore umask
        os.umask(old_umask)
-    def create_file(self):
+    def create_file(self, filename):
        """ create a new encrypted file """
        check_prereqs()
-        if os.path.isfile(self.filename):
+        if os.path.isfile(filename):
-            raise AnsibleError("%s exists, please use 'edit' instead" % self.filename)
+            raise AnsibleError("%s exists, please use 'edit' instead" % filename)
        # Let the user specify contents and save file
-        self._edit_file_helper()
+        self._edit_file_helper(filename)
-    def decrypt_file(self):
+    def decrypt_file(self, filename):
        check_prereqs()
-        if not os.path.isfile(self.filename):
+        if not os.path.isfile(filename):
-            raise AnsibleError("%s does not exist" % self.filename)
+            raise AnsibleError("%s does not exist" % filename)
-        tmpdata = self.read_data(self.filename)
+        tmpdata = self.read_data(filename)
        this_vault = VaultLib(self.password)
        if this_vault.is_encrypted(tmpdata):
            dec_data = this_vault.decrypt(tmpdata)
            if dec_data is None:
                raise AnsibleError("Decryption failed")
            else:
-                self.write_data(dec_data, self.filename)
+                self.write_data(dec_data, filename)
        else:
-            raise AnsibleError("%s is not encrypted" % self.filename)
+            raise AnsibleError("%s is not encrypted" % filename)
-    def edit_file(self):
+    def edit_file(self, filename):
        check_prereqs()
        # decrypt to tmpfile
-        tmpdata = self.read_data(self.filename)
+        tmpdata = self.read_data(filename)
        this_vault = VaultLib(self.password)
        dec_data = this_vault.decrypt(tmpdata)
        # let the user edit the data and save
        if this_vault.cipher_name not in CIPHER_WRITE_WHITELIST:
            # we want to get rid of files encrypted with the AES cipher
-            self._edit_file_helper(existing_data=dec_data, force_save=True)
+            self._edit_file_helper(filename, existing_data=dec_data, force_save=True)
        else:
-            self._edit_file_helper(existing_data=dec_data, force_save=False)
+            self._edit_file_helper(filename, existing_data=dec_data, force_save=False)
-    def view_file(self):
+    def view_file(self, filename):
        check_prereqs()
        # decrypt to tmpfile
-        tmpdata = self.read_data(self.filename)
+        tmpdata = self.read_data(filename)
        this_vault = VaultLib(self.password)
        dec_data = this_vault.decrypt(tmpdata)
        _, tmp_path = tempfile.mkstemp()
@ -322,27 +321,27 @@ class VaultEditor:
        call(self._pager_shell_command(tmp_path))
        os.remove(tmp_path)
-    def encrypt_file(self):
+    def encrypt_file(self, filename):
        check_prereqs()
-        if not os.path.isfile(self.filename):
+        if not os.path.isfile(filename):
-            raise AnsibleError("%s does not exist" % self.filename)
+            raise AnsibleError("%s does not exist" % filename)
-        tmpdata = self.read_data(self.filename)
+        tmpdata = self.read_data(filename)
        this_vault = VaultLib(self.password)
        if not this_vault.is_encrypted(tmpdata):
            enc_data = this_vault.encrypt(tmpdata)
-            self.write_data(enc_data, self.filename)
+            self.write_data(enc_data, filename)
        else:
-            raise AnsibleError("%s is already encrypted" % self.filename)
+            raise AnsibleError("%s is already encrypted" % filename)
-    def rekey_file(self, new_password):
+    def rekey_file(self, new_password, filename):
        check_prereqs()
        # decrypt
-        tmpdata = self.read_data(self.filename)
+        tmpdata = self.read_data(filename)
        this_vault = VaultLib(self.password)
        dec_data = this_vault.decrypt(tmpdata)
@ -351,7 +350,7 @@ class VaultEditor:
        # re-encrypt data and re-write file
        enc_data = new_vault.encrypt(dec_data)
-        self.write_data(enc_data, self.filename)
+        self.write_data(enc_data, filename)
    def read_data(self, filename):
        f = open(filename, "rb")