Make vault file creation use a tempfile

pull/9394/head
Toshio Kuratomi 10 years ago
parent 694e0420ab
commit da9d87b1d4

@ -181,6 +181,35 @@ class VaultEditor(object):
self.password = password self.password = password
self.filename = filename self.filename = filename
def _edit_file_helper(self, existing_data=None, cipher=None):
# make sure the umask is set to a sane value
old_umask = os.umask(0077)
# Create a tempfile
_, tmp_path = tempfile.mkstemp()
if existing_data:
self.write_data(data, tmp_path)
# drop the user into an editor on the tmp file
call(self._editor_shell_command(tmp_path))
tmpdata = self.read_data(tmp_path)
# create new vault
this_vault = VaultLib(self.password)
if cipher:
this_vault.cipher_name = cipher
# encrypt new data and write out to tmp
enc_data = this_vault.encrypt(tmpdata)
self.write_data(enc_data, tmp_path)
# shuffle tmp file into place
self.shuffle_files(tmp_path, self.filename)
# and restore umask
os.umask(old_umask)
def create_file(self): def create_file(self):
""" create a new encrypted file """ """ create a new encrypted file """
@ -190,15 +219,8 @@ class VaultEditor(object):
if os.path.isfile(self.filename): if os.path.isfile(self.filename):
raise errors.AnsibleError("%s exists, please use 'edit' instead" % self.filename) raise errors.AnsibleError("%s exists, please use 'edit' instead" % self.filename)
# drop the user into vim on file # Let the user specify contents and save file
old_umask = os.umask(0077) self._edit_file_helper(cipher=self.cipher_name)
call(self._editor_shell_command(self.filename))
tmpdata = self.read_data(self.filename)
this_vault = VaultLib(self.password)
this_vault.cipher_name = self.cipher_name
enc_data = this_vault.encrypt(tmpdata)
self.write_data(enc_data, self.filename)
os.umask(old_umask)
def decrypt_file(self): def decrypt_file(self):
@ -224,35 +246,17 @@ class VaultEditor(object):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH: if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
raise errors.AnsibleError(CRYPTO_UPGRADE) raise errors.AnsibleError(CRYPTO_UPGRADE)
# make sure the umask is set to a sane value
old_mask = os.umask(0077)
# decrypt to tmpfile # decrypt to tmpfile
tmpdata = self.read_data(self.filename) tmpdata = self.read_data(self.filename)
this_vault = VaultLib(self.password) this_vault = VaultLib(self.password)
dec_data = this_vault.decrypt(tmpdata) dec_data = this_vault.decrypt(tmpdata)
_, tmp_path = tempfile.mkstemp()
self.write_data(dec_data, tmp_path)
# drop the user into vim on the tmp file # let the user edit the data and save
call(self._editor_shell_command(tmp_path)) self._edit_file_helper(existing_data=dec_data)
new_data = self.read_data(tmp_path) ###we want the cipher to default to AES256 (get rid of files
# encrypted with the AES cipher)
# create new vault #self._edit_file_helper(existing_data=dec_data, cipher=this_vault.cipher_name)
new_vault = VaultLib(self.password)
# we want the cipher to default to AES256
#new_vault.cipher_name = this_vault.cipher_name
# encrypt new data a write out to tmp
enc_data = new_vault.encrypt(new_data)
self.write_data(enc_data, tmp_path)
# shuffle tmp file into place
self.shuffle_files(tmp_path, self.filename)
# and restore the old umask
os.umask(old_mask)
def view_file(self): def view_file(self):

Loading…
Cancel
Save