Merge branch 'carlanton-pr_fix2' into devel

pull/7717/head
James Cammarata 11 years ago
commit 50364bb079

@ -110,30 +110,32 @@ def main(args):
su_pass = None su_pass = None
vault_pass = None vault_pass = None
if not options.listhosts and not options.syntax and not options.listtasks: options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
if options.listhosts or options.syntax or options.listtasks:
(_, _, _, vault_pass) = utils.ask_passwords(ask_vault_pass=options.ask_vault_pass)
else:
options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
# Never ask for an SSH password when we run with local connection # Never ask for an SSH password when we run with local connection
if options.connection == "local": if options.connection == "local":
options.ask_pass = False options.ask_pass = False
options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
(sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass) (sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
options.sudo_user = options.sudo_user or C.DEFAULT_SUDO_USER options.sudo_user = options.sudo_user or C.DEFAULT_SUDO_USER
options.su_user = options.su_user or C.DEFAULT_SU_USER options.su_user = options.su_user or C.DEFAULT_SU_USER
if options.vault_password_file: if options.vault_password_file:
this_path = os.path.expanduser(options.vault_password_file) this_path = os.path.expanduser(options.vault_password_file)
try: try:
f = open(this_path, "rb") f = open(this_path, "rb")
tmp_vault_pass=f.read().strip() tmp_vault_pass=f.read().strip()
f.close() f.close()
except (OSError, IOError), e: except (OSError, IOError), e:
raise errors.AnsibleError("Could not read %s: %s" % (this_path, e)) raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
if not options.ask_vault_pass: if not options.ask_vault_pass:
vault_pass = tmp_vault_pass vault_pass = tmp_vault_pass
extra_vars = {} extra_vars = {}
for extra_vars_opt in options.extra_vars: for extra_vars_opt in options.extra_vars:
@ -207,7 +209,8 @@ def main(args):
playnum = 0 playnum = 0
for (play_ds, play_basedir) in zip(pb.playbook, pb.play_basedirs): for (play_ds, play_basedir) in zip(pb.playbook, pb.play_basedirs):
playnum += 1 playnum += 1
play = ansible.playbook.Play(pb, play_ds, play_basedir) play = ansible.playbook.Play(pb, play_ds, play_basedir,
vault_password=pb.vault_password)
label = play.name label = play.name
hosts = pb.inventory.list_hosts(play.hosts) hosts = pb.inventory.list_hosts(play.hosts)

@ -14,7 +14,9 @@ else
CREDENTIALS_ARG = CREDENTIALS_ARG =
endif endif
all: non_destructive destructive check_mode test_hash test_handlers test_group_by VAULT_PASSWORD_FILE = vault-password
all: non_destructive destructive check_mode test_hash test_handlers test_group_by test_var_in_vault
non_destructive: non_destructive:
ansible-playbook non_destructive.yml -i $(INVENTORY) -e @$(VARS_FILE) $(CREDENTIALS_ARG) -v $(TEST_FLAGS) ansible-playbook non_destructive.yml -i $(INVENTORY) -e @$(VARS_FILE) $(CREDENTIALS_ARG) -v $(TEST_FLAGS)
@ -38,6 +40,12 @@ test_hash:
test_var_precedence: test_var_precedence:
ansible-playbook test_var_precedence.yml -i $(INVENTORY) $(CREDENTIALS_ARG) -v -e 'extra_var=extra_var' ansible-playbook test_var_precedence.yml -i $(INVENTORY) $(CREDENTIALS_ARG) -v -e 'extra_var=extra_var'
test_vault:
ansible-playbook test_vault.yml -i $(INVENTORY) $(CREDENTIALS_ARG) -v $(TEST_FLAGS) --vault-password-file $(VAULT_PASSWORD_FILE) --list-tasks
ansible-playbook test_vault.yml -i $(INVENTORY) $(CREDENTIALS_ARG) -v $(TEST_FLAGS) --vault-password-file $(VAULT_PASSWORD_FILE) --list-hosts
ansible-playbook test_vault.yml -i $(INVENTORY) $(CREDENTIALS_ARG) -v $(TEST_FLAGS) --vault-password-file $(VAULT_PASSWORD_FILE) --syntax-check
ansible-playbook test_vault.yml -i $(INVENTORY) $(CREDENTIALS_ARG) -v $(TEST_FLAGS) --vault-password-file $(VAULT_PASSWORD_FILE)
cloud: amazon rackspace cloud: amazon rackspace
cloud_cleanup: amazon_cleanup rackspace_cleanup cloud_cleanup: amazon_cleanup rackspace_cleanup

@ -0,0 +1,11 @@
- hosts: testhost
vars_files:
- vars/test_var_encrypted.yml
gather_facts: False
tasks:
- assert:
that:
- 'secret_var == "secret"'

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
66316432306130656439343231643731643637663362643633316161663034353135333661393064
3533653862643531613737323332393862396430396633610a363330646130373966393830623738
33616137323034333830663164326666613839366533326531396636323030636435393866613437
3634386461363430310a333330326166626363393039363739363730366234393634333431346436
33323132373035663965306166313761343432303962623962323531653934616130

@ -0,0 +1 @@
test-vault-password
Loading…
Cancel
Save