|
|
@ -181,6 +181,35 @@ class VaultEditor(object):
|
|
|
|
self.password = password
|
|
|
|
self.password = password
|
|
|
|
self.filename = filename
|
|
|
|
self.filename = filename
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _edit_file_helper(self, existing_data=None, cipher=None):
|
|
|
|
|
|
|
|
# make sure the umask is set to a sane value
|
|
|
|
|
|
|
|
old_umask = os.umask(0077)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Create a tempfile
|
|
|
|
|
|
|
|
_, tmp_path = tempfile.mkstemp()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if existing_data:
|
|
|
|
|
|
|
|
self.write_data(data, tmp_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# drop the user into an editor on the tmp file
|
|
|
|
|
|
|
|
call(self._editor_shell_command(tmp_path))
|
|
|
|
|
|
|
|
tmpdata = self.read_data(tmp_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# create new vault
|
|
|
|
|
|
|
|
this_vault = VaultLib(self.password)
|
|
|
|
|
|
|
|
if cipher:
|
|
|
|
|
|
|
|
this_vault.cipher_name = cipher
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# encrypt new data and write out to tmp
|
|
|
|
|
|
|
|
enc_data = this_vault.encrypt(tmpdata)
|
|
|
|
|
|
|
|
self.write_data(enc_data, tmp_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# shuffle tmp file into place
|
|
|
|
|
|
|
|
self.shuffle_files(tmp_path, self.filename)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# and restore umask
|
|
|
|
|
|
|
|
os.umask(old_umask)
|
|
|
|
|
|
|
|
|
|
|
|
def create_file(self):
|
|
|
|
def create_file(self):
|
|
|
|
""" create a new encrypted file """
|
|
|
|
""" create a new encrypted file """
|
|
|
|
|
|
|
|
|
|
|
@ -190,15 +219,8 @@ class VaultEditor(object):
|
|
|
|
if os.path.isfile(self.filename):
|
|
|
|
if os.path.isfile(self.filename):
|
|
|
|
raise errors.AnsibleError("%s exists, please use 'edit' instead" % self.filename)
|
|
|
|
raise errors.AnsibleError("%s exists, please use 'edit' instead" % self.filename)
|
|
|
|
|
|
|
|
|
|
|
|
# drop the user into vim on file
|
|
|
|
# Let the user specify contents and save file
|
|
|
|
old_umask = os.umask(0077)
|
|
|
|
self._edit_file_helper(cipher=self.cipher_name)
|
|
|
|
call(self._editor_shell_command(self.filename))
|
|
|
|
|
|
|
|
tmpdata = self.read_data(self.filename)
|
|
|
|
|
|
|
|
this_vault = VaultLib(self.password)
|
|
|
|
|
|
|
|
this_vault.cipher_name = self.cipher_name
|
|
|
|
|
|
|
|
enc_data = this_vault.encrypt(tmpdata)
|
|
|
|
|
|
|
|
self.write_data(enc_data, self.filename)
|
|
|
|
|
|
|
|
os.umask(old_umask)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def decrypt_file(self):
|
|
|
|
def decrypt_file(self):
|
|
|
|
|
|
|
|
|
|
|
@ -224,35 +246,17 @@ class VaultEditor(object):
|
|
|
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
|
|
|
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
|
|
|
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
|
|
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
|
|
|
|
|
|
|
|
|
|
|
# make sure the umask is set to a sane value
|
|
|
|
|
|
|
|
old_mask = os.umask(0077)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# decrypt to tmpfile
|
|
|
|
# decrypt to tmpfile
|
|
|
|
tmpdata = self.read_data(self.filename)
|
|
|
|
tmpdata = self.read_data(self.filename)
|
|
|
|
this_vault = VaultLib(self.password)
|
|
|
|
this_vault = VaultLib(self.password)
|
|
|
|
dec_data = this_vault.decrypt(tmpdata)
|
|
|
|
dec_data = this_vault.decrypt(tmpdata)
|
|
|
|
_, tmp_path = tempfile.mkstemp()
|
|
|
|
|
|
|
|
self.write_data(dec_data, tmp_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# drop the user into vim on the tmp file
|
|
|
|
# let the user edit the data and save
|
|
|
|
call(self._editor_shell_command(tmp_path))
|
|
|
|
self._edit_file_helper(existing_data=dec_data)
|
|
|
|
new_data = self.read_data(tmp_path)
|
|
|
|
###we want the cipher to default to AES256 (get rid of files
|
|
|
|
|
|
|
|
# encrypted with the AES cipher)
|
|
|
|
# create new vault
|
|
|
|
#self._edit_file_helper(existing_data=dec_data, cipher=this_vault.cipher_name)
|
|
|
|
new_vault = VaultLib(self.password)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# we want the cipher to default to AES256
|
|
|
|
|
|
|
|
#new_vault.cipher_name = this_vault.cipher_name
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# encrypt new data a write out to tmp
|
|
|
|
|
|
|
|
enc_data = new_vault.encrypt(new_data)
|
|
|
|
|
|
|
|
self.write_data(enc_data, tmp_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# shuffle tmp file into place
|
|
|
|
|
|
|
|
self.shuffle_files(tmp_path, self.filename)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# and restore the old umask
|
|
|
|
|
|
|
|
os.umask(old_mask)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def view_file(self):
|
|
|
|
def view_file(self):
|
|
|
|
|
|
|
|
|
|
|
|