|
|
|
@ -17,7 +17,7 @@ from ansible.utils.display import Display
|
|
|
|
|
display = Display()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def do_vault(data, secret, salt=None, vaultid='filter_default', wrap_object=False):
|
|
|
|
|
def do_vault(data, secret, salt=None, vault_id='filter_default', wrap_object=False, vaultid=None):
|
|
|
|
|
|
|
|
|
|
if not isinstance(secret, (string_types, binary_type, Undefined)):
|
|
|
|
|
raise AnsibleFilterTypeError("Secret passed is required to be a string, instead we got: %s" % type(secret))
|
|
|
|
@ -25,11 +25,18 @@ def do_vault(data, secret, salt=None, vaultid='filter_default', wrap_object=Fals
|
|
|
|
|
if not isinstance(data, (string_types, binary_type, Undefined)):
|
|
|
|
|
raise AnsibleFilterTypeError("Can only vault strings, instead we got: %s" % type(data))
|
|
|
|
|
|
|
|
|
|
if vaultid is not None:
|
|
|
|
|
display.deprecated("Use of undocumented 'vaultid', use 'vault_id' instead", version='2.20')
|
|
|
|
|
if vault_id == 'filter_default':
|
|
|
|
|
vault_id = vaultid
|
|
|
|
|
else:
|
|
|
|
|
display.warning("Ignoring vaultid as vault_id is already set.")
|
|
|
|
|
|
|
|
|
|
vault = ''
|
|
|
|
|
vs = VaultSecret(to_bytes(secret))
|
|
|
|
|
vl = VaultLib()
|
|
|
|
|
try:
|
|
|
|
|
vault = vl.encrypt(to_bytes(data), vs, vaultid, salt)
|
|
|
|
|
vault = vl.encrypt(to_bytes(data), vs, vault_id, salt)
|
|
|
|
|
except UndefinedError:
|
|
|
|
|
raise
|
|
|
|
|
except Exception as e:
|
|
|
|
@ -43,7 +50,7 @@ def do_vault(data, secret, salt=None, vaultid='filter_default', wrap_object=Fals
|
|
|
|
|
return vault
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def do_unvault(vault, secret, vaultid='filter_default'):
|
|
|
|
|
def do_unvault(vault, secret, vault_id='filter_default', vaultid=None):
|
|
|
|
|
|
|
|
|
|
if not isinstance(secret, (string_types, binary_type, Undefined)):
|
|
|
|
|
raise AnsibleFilterTypeError("Secret passed is required to be as string, instead we got: %s" % type(secret))
|
|
|
|
@ -51,9 +58,16 @@ def do_unvault(vault, secret, vaultid='filter_default'):
|
|
|
|
|
if not isinstance(vault, (string_types, binary_type, AnsibleVaultEncryptedUnicode, Undefined)):
|
|
|
|
|
raise AnsibleFilterTypeError("Vault should be in the form of a string, instead we got: %s" % type(vault))
|
|
|
|
|
|
|
|
|
|
if vaultid is not None:
|
|
|
|
|
display.deprecated("Use of undocumented 'vaultid', use 'vault_id' instead", version='2.20')
|
|
|
|
|
if vault_id == 'filter_default':
|
|
|
|
|
vault_id = vaultid
|
|
|
|
|
else:
|
|
|
|
|
display.warning("Ignoring vaultid as vault_id is already set.")
|
|
|
|
|
|
|
|
|
|
data = ''
|
|
|
|
|
vs = VaultSecret(to_bytes(secret))
|
|
|
|
|
vl = VaultLib([(vaultid, vs)])
|
|
|
|
|
vl = VaultLib([(vault_id, vs)])
|
|
|
|
|
if isinstance(vault, AnsibleVaultEncryptedUnicode):
|
|
|
|
|
vault.vault = vl
|
|
|
|
|
data = vault.data
|
|
|
|
|