def test_ensure_type_with_vaulted_str(self, value_type):
class MockVault:
def decrypt(self, value):
return value
vault_var = AnsibleVaultEncryptedUnicode(b"vault text")
vault_var.vault = MockVault()
actual_value = ensure_type(vault_var, value_type)
assert actual_value == "vault text"
def test_entry_as_vault_var(self):
class MockVault:
def decrypt(self, value, filename=None, obj=None):
return value
vault_var = AnsibleVaultEncryptedUnicode(b"vault text")
vault_var.vault = MockVault()
actual_value, actual_origin = self.manager._loop_entries({'name': vault_var}, [{'name': 'name'}])
assert actual_value == "vault text"
assert actual_origin == "name"
def _decode_map(self, value):
if value.get('__ansible_unsafe', False):
value = wrap_var(value.get('__ansible_unsafe'))
elif value.get('__ansible_vault', False):
value = AnsibleVaultEncryptedUnicode(value.get('__ansible_vault'))
if self._vaults:
value.vault = self._vaults['default']
else:
for k in value:
if isinstance(value[k], Mapping):
value[k] = self._decode_map(value[k])
return value
def object_hook(self, pairs):
for key in pairs:
value = pairs[key]
if key == '__ansible_vault':
value = AnsibleVaultEncryptedUnicode(value)
if self._vaults:
value.vault = self._vaults['default']
return value
elif key == '__ansible_unsafe':
return wrap_var(value)
return pairs
def construct_vault_encrypted_unicode(self, node):
value = self.construct_scalar(node)
ciphertext_data = to_bytes(value)
if self._vault_password is None:
raise ConstructorError(None, None,
"found vault but no vault password provided", node.start_mark)
# could pass in a key id here to choose the vault to associate with
vault = self._vaults['default']
ret = AnsibleVaultEncryptedUnicode(ciphertext_data)
ret.vault = vault
return ret
def _decode_map(self, value):
if value.get('__ansible_unsafe', False):
value = wrap_var(value.get('__ansible_unsafe'))
elif value.get('__ansible_vault', False):
value = AnsibleVaultEncryptedUnicode(value.get('__ansible_vault'))
if self._vaults:
value.vault = self._vaults['default']
else:
for k in value:
if isinstance(value[k], Mapping):
value[k] = self._decode_map(value[k])
return value
def construct_vault_encrypted_unicode(self, node):
value = self.construct_scalar(node)
b_ciphertext_data = to_bytes(value)
# could pass in a key id here to choose the vault to associate with
# TODO/FIXME: plugin vault selector
vault = self._vaults['default']
if vault.secrets is None:
raise ConstructorError(context=None, context_mark=None,
problem="found !vault but no vault password provided",
problem_mark=node.start_mark,
note=None)
ret = AnsibleVaultEncryptedUnicode(b_ciphertext_data)
ret.vault = vault
return ret
def construct_vault_encrypted_unicode(self, node):
value = self.construct_scalar(node)
b_ciphertext_data = to_bytes(value)
# could pass in a key id here to choose the vault to associate with
# TODO/FIXME: plugin vault selector
vault = self._vaults['default']
if vault.secrets is None:
raise ConstructorError(context=None, context_mark=None,
problem="found !vault but no vault password provided",
problem_mark=node.start_mark,
note=None)
ret = AnsibleVaultEncryptedUnicode(b_ciphertext_data)
ret.vault = vault
return ret