From 58feee0f45b91cd255214f6ca16cbc024294cc07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Pawe=C5=82=20G=C5=82azik?= <zytek@nuxi.pl>
Date: Thu, 17 Apr 2014 21:13:48 +0200
Subject: [PATCH] ansible-vault view - new command

---
 bin/ansible-vault          | 20 +++++++++++++++++++-
 lib/ansible/utils/vault.py | 23 +++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/bin/ansible-vault b/bin/ansible-vault
index 6d994df2f80..bec3e0c4cb1 100755
--- a/bin/ansible-vault
+++ b/bin/ansible-vault
@@ -37,7 +37,7 @@ from optparse import OptionParser
 # Utility functions for parsing actions/options
 #-------------------------------------------------------------------------------------
 
-VALID_ACTIONS = ("create", "decrypt", "edit", "encrypt", "rekey")
+VALID_ACTIONS = ("create", "decrypt", "edit", "view", "encrypt", "rekey")
 
 def build_option_parser(action):
     """
@@ -67,6 +67,8 @@ def build_option_parser(action):
         parser.set_usage("usage: %prog decrypt [options] file_name")
     elif action == "edit":
         parser.set_usage("usage: %prog edit [options] file_name")
+    elif action == "view":
+        parser.set_usage("usage: %prog view [options] file_name")
     elif action == "encrypt":
         parser.set_usage("usage: %prog encrypt [options] file_name")
     elif action == "rekey":
@@ -160,6 +162,22 @@ def execute_edit(args, options, parser):
         this_editor = VaultEditor(cipher, password, f)
         this_editor.edit_file()
 
+def execute_view(args, options, parser):
+
+    if len(args) > 1:
+        raise errors.AnsibleError("view does not accept more than one filename")        
+
+    if not options.password_file:        
+        password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
+    else:
+        password = _read_password(options.password_file)
+
+    cipher = None
+
+    for f in args:
+        this_editor = VaultEditor(cipher, password, f)
+        this_editor.view_file()
+
 def execute_encrypt(args, options, parser):
 
     if not options.password_file:        
diff --git a/lib/ansible/utils/vault.py b/lib/ansible/utils/vault.py
index 12f8a4899f0..c23e7508ca0 100644
--- a/lib/ansible/utils/vault.py
+++ b/lib/ansible/utils/vault.py
@@ -254,6 +254,22 @@ class VaultEditor(object):
         # and restore the old umask
         os.umask(old_mask)
 
+    def view_file(self):
+
+        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
+            raise errors.AnsibleError(CRYPTO_UPGRADE)
+
+        # decrypt to tmpfile
+        tmpdata = self.read_data(self.filename)
+        this_vault = VaultLib(self.password)
+        dec_data = this_vault.decrypt(tmpdata)
+        _, tmp_path = tempfile.mkstemp()
+        self.write_data(dec_data, tmp_path)
+
+        # drop the user into vim on the tmp file
+        call(self._pager_shell_command(tmp_path))
+        os.remove(tmp_path)
+
     def encrypt_file(self):
 
         if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
@@ -317,6 +333,13 @@ class VaultEditor(object):
 
         return editor
 
+    def _pager_shell_command(self, filename):
+        PAGER = os.environ.get('PAGER','less')
+        pager = shlex.split(PAGER)
+        pager.append(filename)
+
+        return pager
+
 ########################################
 #               CIPHERS                #
 ########################################