diff --git a/bin/ansible-vault b/bin/ansible-vault index 6d994df2f80..bec3e0c4cb1 100755 --- a/bin/ansible-vault +++ b/bin/ansible-vault @@ -37,7 +37,7 @@ from optparse import OptionParser # Utility functions for parsing actions/options #------------------------------------------------------------------------------------- -VALID_ACTIONS = ("create", "decrypt", "edit", "encrypt", "rekey") +VALID_ACTIONS = ("create", "decrypt", "edit", "view", "encrypt", "rekey") def build_option_parser(action): """ @@ -67,6 +67,8 @@ def build_option_parser(action): parser.set_usage("usage: %prog decrypt [options] file_name") elif action == "edit": parser.set_usage("usage: %prog edit [options] file_name") + elif action == "view": + parser.set_usage("usage: %prog view [options] file_name") elif action == "encrypt": parser.set_usage("usage: %prog encrypt [options] file_name") elif action == "rekey": @@ -160,6 +162,22 @@ def execute_edit(args, options, parser): this_editor = VaultEditor(cipher, password, f) this_editor.edit_file() +def execute_view(args, options, parser): + + if len(args) > 1: + raise errors.AnsibleError("view does not accept more than one filename") + + if not options.password_file: + password, new_password = utils.ask_vault_passwords(ask_vault_pass=True) + else: + password = _read_password(options.password_file) + + cipher = None + + for f in args: + this_editor = VaultEditor(cipher, password, f) + this_editor.view_file() + def execute_encrypt(args, options, parser): if not options.password_file: diff --git a/lib/ansible/utils/vault.py b/lib/ansible/utils/vault.py index 12f8a4899f0..c23e7508ca0 100644 --- a/lib/ansible/utils/vault.py +++ b/lib/ansible/utils/vault.py @@ -254,6 +254,22 @@ class VaultEditor(object): # and restore the old umask os.umask(old_mask) + def view_file(self): + + if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH: + raise errors.AnsibleError(CRYPTO_UPGRADE) + + # decrypt to tmpfile + tmpdata = self.read_data(self.filename) + this_vault = VaultLib(self.password) + dec_data = this_vault.decrypt(tmpdata) + _, tmp_path = tempfile.mkstemp() + self.write_data(dec_data, tmp_path) + + # drop the user into vim on the tmp file + call(self._pager_shell_command(tmp_path)) + os.remove(tmp_path) + def encrypt_file(self): if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH: @@ -317,6 +333,13 @@ class VaultEditor(object): return editor + def _pager_shell_command(self, filename): + PAGER = os.environ.get('PAGER','less') + pager = shlex.split(PAGER) + pager.append(filename) + + return pager + ######################################## # CIPHERS # ########################################