Commit Graph

15919 Commits (1840906f749bc47d578bacf407f07a1cae40f0d0)
 

Author SHA1 Message Date
Toshio Kuratomi ccb24d2919 Merge pull request #12098 from mgedmin/fix-tox-compileall
Don't compile .py files under .tox/
9 years ago
Brian Coca 6c9dc78d8c Merge pull request #12126 from amenonsen/vault-aes-deprecate
Remove deprecated and unused VaultAES encryption code
9 years ago
James Cammarata 1170a453c8 Merge pull request #12114 from ilya-epifanov/devel
fixed hostvars access in conjunction with --limit usage
9 years ago
Abhijit Menon-Sen 4afe1cf422 Update ansible-vault manpage to describe new encrypt/decrypt behaviour 9 years ago
Abhijit Menon-Sen 090cfc9e03 More helpful prompts from ansible-vault encrypt/decrypt
Now we issue a "Reading … from stdin" prompt if our input isatty(), as
gpg does. We also suppress the "x successful" confirmation message at
the end if we're part of a pipeline.

(The latter requires that we not close sys.stdout in VaultEditor, and
for symmetry we do the same for sys.stdin, though it doesn't matter in
that case.)
9 years ago
Abhijit Menon-Sen b6de6e69a6 Also support output to stdout with no arguments
This allows "cat plaintext|ansible-vault encrypt > ciphertext".
9 years ago
Abhijit Menon-Sen e7eebb6954 Implement cat-like filtering behaviour for encrypt/decrypt
This allows the following invocations:

    # Interactive use, like gpg
    ansible-vault encrypt --output x

    # Non-interactive, for scripting
    echo plaintext|ansible-vault encrypt --output x

    # Separate input and output files
    ansible-vault encrypt input.yml --output output.yml

    # Existing usage (in-place encryption) unchanged
    ansible-vault encrypt inout.yml

…and the analogous cases for ansible-vault decrypt as well.

In all cases, the input and output files can be '-' to read from stdin
or write to stdout. This permits sensitive data to be encrypted and
decrypted without ever hitting disk.
9 years ago
Abhijit Menon-Sen 32b38d4e29 Fix add_option indentation for consistency before adding another option 9 years ago
Abhijit Menon-Sen 8fc8bf9439 Simplify VaultEditor methods
We don't need to keep creating VaultLibs everywhere, and we don't need
to keep checking for errors because VaultLib does it already.
9 years ago
Abhijit Menon-Sen e99395f0c0 Don't create a VaultLib in each method; do it in __init__ instead 9 years ago
Brian Coca ef594f708c remove old dead code 9 years ago
Abhijit Menon-Sen 4f3a98eff6 Update Vault tests to make sure AES decryption works
Note that this test was broken in devel because it was really just
duplicating the AES256 test because setting v.cipher_name to 'AES'
no longer selected AES after it was de-write-whitelisted.

Now that we've removed the VaultAES encryption code, we embed static
output from an earlier version and test that we can decrypt it.
9 years ago
Abhijit Menon-Sen 159887a6c9 Remove deprecated and unused VaultAES encryption code
Now that VaultLib always decides to use AES256 to encrypt, we don't need
this broken code any more. We need to be able to decrypt this format for
a while longer, but encryption support can be safely dropped.
9 years ago
maty0609 52e94468c9 Merge remote-tracking branch 'ansible/devel' into devel 9 years ago
maty0609 6f24e6f994 Adding support for Archlinux and Slackware in fallback
In some cases Archlinux and Slackware is not detected by
platform.dist(). This should solve the issue.
9 years ago
Chrrrles Paul 5ba3452b7e merged vmware_: vmkernel_ip_config, dvswitch, host, vmkernel, and dvs_portgroup 9 years ago
Brian Coca b2bfe3502b make sure delimiter is basestring for cvsfile
fixes #12062
9 years ago
Ilya Epifanov 81bf88b6e0 fixed hostvars access in conjunction with --limit usage 9 years ago
James Cammarata 0441a7a217 Finishing off porting of chroot connection plugin 9 years ago
Toshio Kuratomi 017bd7b1cd Fix synchronize lookup of localhost info 9 years ago
James Cammarata 50448d68e1 Implement max_fail_percentage and any_errors_fatal support
Fixes #11997
9 years ago
James Cammarata af41ba929c Add float and percent types for FieldAttributes
Also sets the max_fail_percentage value to the percent type.
9 years ago
Brian Coca 9f95720ef7 Merge pull request #12109 from docschick/devel
ansible-lockdown added, minor editing
9 years ago
Sandra Wills c752149fe7 ansible-lockdown added, minor editing
added info/link for ansible-lockdown to mailing list section, minor editing
(can't help myself it seems) to the paragraph about subscribing from a non-google account
9 years ago
Brian Coca b2ae6945c4 always load vars plugins
fixes #12104
9 years ago
Travis Paul 604f825a8e Update "smart" transport to handle Sun_SSH_1.5 on SmartOS 9 years ago
Toshio Kuratomi 111c0cc204 Merge pull request #12106 from amenonsen/vault-cleanups
Vault cleanups, pass #1
9 years ago
Abhijit Menon-Sen b84053019a Make the filename the first argument to rekey_file 9 years ago
Abhijit Menon-Sen c4b2540ecc Update tests for VaultEditor API changes 9 years ago
Toshio Kuratomi 5df5a14edc Merge pull request #12101 from tquenolle/devel
Synchronize fix error
9 years ago
Abhijit Menon-Sen 20fd9224bb Pass the filename to the individual VaultEditor methods, not __init__
Now we don't have to recreate VaultEditor objects for each file, and so
on. It also paves the way towards specifying separate input and output
files later.
9 years ago
Brian Coca 82603bb2a0 avoids running abspath on None 9 years ago
Abhijit Menon-Sen a27c5741a1 Remove inaccurate outdated comment 9 years ago
Abhijit Menon-Sen f91ad3dabe Don't pass the cipher around so much
It's unused and unnecessary; VaultLib can decide for itself what cipher
to use when encrypting. There's no need (and no provision) for the user
to override the cipher via options, so there's no need for code to see
if that has been done either.
9 years ago
Abhijit Menon-Sen 017566a2d9 Use AES256 if the cipher is not write-whitelisted 9 years ago
Abhijit Menon-Sen 47bcdf5952 Remove incorrect copy-pasted comment 9 years ago
Brian Coca a391857013 added a few cloud modules to changelog 9 years ago
Thomas Quenolle c948af3b1e Synchronize fix error
Fix the error:
 "RuntimeError: dictionary changed size during iteration"
9 years ago
James Cammarata 601a1cc6d9 Multiple fixes for include statements and blocks in general
Fixes #11981
Fixes #11995
Fixes #12039
Fixes #12077
9 years ago
Marius Gedminas b44eae9ebc Don't compile .py files under .tox/
'tox -e py26' would fail for me because python -m compileall would crawl
under .tox/py27 and, unsurprisingly, get SyntaxErrors on files from the
Python 2.7 standard library using syntax features not supported by
Python 2.6.
9 years ago
Toshio Kuratomi 9f9891df2c Add unicode characters to the data that we're testing that ansible-vault can decrypt 9 years ago
Toshio Kuratomi c81cff1977 Add docker connection plugin to changelog 9 years ago
Brian Coca 154754ae50 pushed module_loader to task_queue_manager so all cli's can benefit from it
also normalized -M option across all cli
fixes #12016
9 years ago
Toshio Kuratomi d2c948dd6a Remove decrypted vault temp_file mistakenly left from patch making vault edit idempotent
This bug was introduced in commit f8bf2ba on July 27.  Hasn't gone out
in a release yet.
9 years ago
Toshio Kuratomi 56ae3a032f Merge pull request #12075 from ansible/fix-vault-unicode
Unicode and other fixes for vault
9 years ago
Toshio Kuratomi a3fd4817ef Unicode and other fixes for vault 9 years ago
Toshio Kuratomi 16e8a7dd67 Merge pull request #11767 from amenonsen/vault-new-password-file
add option to ansible-vault to read new password from file for rekey
9 years ago
Toshio Kuratomi 156feec264 Merge pull request #11650 from objectified/feature-docker-connection
allow ansible to connect to docker containers (without using ssh)
9 years ago
Abhijit Menon-Sen 8bf0dbb7a9 Use [x:y] host ranges instead of [x-y]
This commit deprecates the earlier groupname[x-y] syntax in favour of
the inclusive groupname[x:y] syntax. It also makes the subscripting
code simpler and adds explanatory comments.

One problem addressed by the cleanup is that _enumeration_info used to
be called twice, and its results discarded the first time because of the
convoluted control flow.
9 years ago
Abhijit Menon-Sen 73f10de386 Document the behaviour of _match_one_pattern in some detail
The possibilities are complicated enough that I didn't want to make
changes without having a complete description of what it actually
accepts/matches. Note that this text documents current behaviour, not
necessarily the behaviour we want. Some of this is undocumented and may
not be intended.
9 years ago