def extract_from_vault(args):
vault_file = args.v
password = get_password(args.p)
editor = VaultEditor(args.c, password, vault_file)
vault_data = {}
if os.path.isfile(vault_file):
encrypted = is_encrypted(vault_file)
if encrypted:
editor.decrypt_file()
try:
with open(vault_file, 'r') as v:
vault_data = yaml.load(v)
for item in args.i:
key, file = item.split('=')
try:
if vault_data[key]:
with open(file, 'wb') as unpack:
unpack.write(base64.b64decode(vault_data[key]))
console('Extracted %s to %s' % (key, file))
except Exception, e:
console('Could not extract %s to %s, %s' % (key, file, e))
except:
if encrypted:
editor.encrypt_file()
def test_methods_exist(self):
v = VaultEditor(None, None, None)
slots = [
'create_file', 'decrypt_file', 'edit_file', 'encrypt_file',
'rekey_file', 'read_data', 'write_data', 'shuffle_files'
]
for slot in slots:
assert hasattr(v, slot), "VaultLib is missing the %s method" % slot
def test_decrypt_1_0_newline(self):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
raise SkipTest
dirpath = tempfile.mkdtemp()
filename = os.path.join(dirpath, "foo-ansible-1.0-ansible-newline-ansible.yml")
shutil.rmtree(dirpath)
shutil.copytree("vault_test_data", dirpath)
ve = VaultEditor(None, "ansible\nansible\n", filename)
# make sure the password functions for the cipher
error_hit = False
try:
ve.decrypt_file()
except errors.AnsibleError, e:
error_hit = True
def test_decrypt_1_0(self):
if self._is_fips():
raise SkipTest(
'Vault-1.0 will not function on FIPS enabled systems')
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
raise SkipTest
dirpath = tempfile.mkdtemp()
filename = os.path.join(dirpath, "foo-ansible-1.0.yml")
shutil.rmtree(dirpath)
shutil.copytree("vault_test_data", dirpath)
ve = VaultEditor(None, "ansible", filename)
# make sure the password functions for the cipher
error_hit = False
try:
ve.decrypt_file()
except errors.AnsibleError, e:
error_hit = True
def add_to_vault(args):
vault_file = args.v
password = get_password(args.p)
editor = VaultEditor(args.c, password, vault_file)
console("Adding entries to %s" % vault_file)
if args.t and os.path.isfile(vault_file):
os.remove(vault_file)
vault_data = {}
if os.path.isfile(vault_file):
if is_encrypted(vault_file):
editor.decrypt_file()
with open(vault_file, 'r') as v:
vault_data = yaml.load(v)
vault_args = parse_vault_args(args.i)
vault_data = dict(vault_data.items() + vault_args.items())
with open(vault_file, 'w') as v:
v.write(yaml.dump(vault_data, default_flow_style=False))
editor.encrypt_file()
