def callback(self, args): file_prefix = os.path.splitext(args.private_key_file)[0] try: if args.vault_password_file is None: vault_password = generate_random_password() args.vault_password_file = "{}.vault_password".format( file_prefix) with open(args.vault_password_file, "w") as f: f.write(vault_password) elif os.path.exists(args.vault_password_file): with open(args.vault_password_file, "r") as f: vault_password = f.read().strip() if vault_password is None: raise YBOpsRuntimeError("Unable to read {}".format( args.vault_password_file)) else: raise YBOpsRuntimeError("Vault password file doesn't exist.") if args.vault_file is None: args.vault_file = "{}.vault".format(file_prefix) rsa_key = validated_key_file(args.private_key_file) except Exception: self._cleanup_dir(os.path.dirname(args.private_key_file)) raise # TODO: validate if the file provided is actually a private key file or not. public_key = format_rsa_key(rsa_key, public_key=True) private_key = format_rsa_key(rsa_key, public_key=False) self.cluster_vault.update(id_rsa=private_key, id_rsa_pub=public_key, authorized_keys=public_key) # These are saved for itest specific improvements. aws_access_key = os.environ.get('AWS_ACCESS_KEY_ID', "") aws_secret = os.environ.get('AWS_SECRET_ACCESS_KEY', "") if aws_access_key and aws_secret: self.cluster_vault.update( AWS_ACCESS_KEY_ID=os.environ['AWS_ACCESS_KEY_ID'], AWS_SECRET_ACCESS_KEY=os.environ['AWS_SECRET_ACCESS_KEY']) vault_data = dict(cluster_server_vault=self.cluster_vault) if args.has_sudo_password: sudo_password = getpass.getpass("SUDO Password: "******"ansible_become_pass": sudo_password}) vault = Vault(vault_password) vault.dump(vault_data, open(args.vault_file, 'w')) print( json.dumps({ "vault_file": args.vault_file, "vault_password": args.vault_password_file }))
def callback(self, args): file_prefix = os.path.splitext(args.private_key_file)[0] if args.vault_password is None: vault_password = generate_random_password() args.vault_password = "******".format(file_prefix) with file(args.vault_password, "w") as f: f.write(vault_password) elif os.path.exists(args.vault_password): with file(args.vault_password) as f: vault_password = f.read().strip() if vault_password is None: raise YBOpsRuntimeError("Unable to read {}".format( args.vault_password)) else: raise YBOpsRuntimeError("Vault password file doesn't exists.") if args.vault_file is None: args.vault_file = "{}.vault".format(file_prefix) rsa_key = validated_key_file(args.private_key_file) # TODO: validate if the file provided is actually a private key file or not. public_key = format_rsa_key(rsa_key, public_key=True) private_key = format_rsa_key(rsa_key, public_key=False) self.cluster_vault.update(id_rsa=private_key, id_rsa_pub=public_key, authorized_keys=public_key) vault_data = dict(cluster_server_vault=self.cluster_vault) if args.has_sudo_password: sudo_password = getpass.getpass("SUDO Password: "******"ansible_become_pass": sudo_password}) vault = Vault(vault_password) vault.dump(vault_data, open(args.vault_file, 'w')) print json.dumps({ "vault_file": args.vault_file, "vault_password": args.vault_password })