def main():
config = ConfigManager()
username = get_ini_config_value(
config._parsers[config._config_file],
dict(section='vault', key='username')
) or getpass.getuser()
keyname = get_ini_config_value(
config._parsers[config._config_file],
dict(section='vault', key='keyname')
) or 'ansible'
if len(sys.argv) == 2 and sys.argv[1] == 'set':
intro = 'Storing password in "{}" user keyring using key name: {}\n'
sys.stdout.write(intro.format(username, keyname))
password = getpass.getpass()
confirm = getpass.getpass('Confirm password: '******'Passwords do not match\n')
sys.exit(1)
else:
sys.stdout.write('{0}\n'.format(keyring.get_password(keyname,
username)))
sys.exit(0)
def main():
config = ConfigManager()
username = get_ini_config_value(
config._parser,
dict(section='vault', key='username')
) or getpass.getuser()
keyname = get_ini_config_value(
config._parser,
dict(section='vault', key='keyname')
) or 'ansible'
if len(sys.argv) == 2 and sys.argv[1] == 'set':
intro = 'Storing password in "{}" user keyring using key name: {}\n'
sys.stdout.write(intro.format(username, keyname))
password = getpass.getpass()
confirm = getpass.getpass('Confirm password: '******'Passwords do not match\n')
sys.exit(1)
else:
sys.stdout.write('{0}\n'.format(keyring.get_password(keyname,
username)))
sys.exit(0)
def get_config(parser,
section,
key,
env_var,
default_value,
value_type=None,
expand_relative_paths=False):
''' kept for backwarsd compatibility, but deprecated '''
_deprecated(
'ansible.constants.get_config() is deprecated. There is new config API, see porting docs.'
)
value = None
# small reconstruction of the old code env/ini/default
value = os.environ.get(env_var, None)
if value is None:
try:
value = get_ini_config_value(parser, {
'key': key,
'section': section
})
except:
pass
if value is None:
value = default_value
value = ensure_type(value, value_type)
return value
def get_config(parser, section, key, env_var, default_value, value_type=None, expand_relative_paths=False):
''' kept for backwarsd compatibility, but deprecated '''
_deprecated('ansible.constants.get_config() is deprecated. There is new config API, see porting docs.')
value = None
# small reconstruction of the old code env/ini/default
value = os.environ.get(env_var, None)
if value is None:
try:
value = get_ini_config_value(parser, {'key': key, 'section': section})
except:
pass
if value is None:
value = default_value
value = ensure_type(value, value_type)
return value
import binascii
from ansible import errors
from ansible.config.manager import ConfigManager, get_ini_config_value
from cryptography.fernet import Fernet, InvalidToken
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
# Section in config file
CONFIG_SECTION = 'vault_filter'
# Read config values
config_manager = ConfigManager()
config_parser = config_manager._parsers.values()[0]
VAULT_FILTER_KEY = get_ini_config_value(
config_parser, dict(section=CONFIG_SECTION, key='key')) or 'vault.key'
VAULT_FILTER_SALT = get_ini_config_value(
config_parser, dict(section=CONFIG_SECTION, key='salt')) or None
VAULT_FILTER_ITERATIONS = get_ini_config_value(
config_parser, dict(section=CONFIG_SECTION, key='iterations')) or 1000000
VAULT_FILTER_GENERATE_KEY = get_ini_config_value(
config_parser, dict(section=CONFIG_SECTION, key='generate_key')) or False
DEFAULT_VAULT_PASSWORD_FILE = config_manager.data.get_setting(
'DEFAULT_VAULT_PASSWORD_FILE').value
# Read environment variables
VAULT_FILTER_KEY = os.getenv('VAULT_FILTER_KEY', VAULT_FILTER_KEY)
VAULT_FILTER_SALT = os.getenv('VAULT_FILTER_SALT', VAULT_FILTER_SALT)
VAULT_FILTER_ITERATIONS = os.getenv('VAULT_FILTER_ITERATIONS',
VAULT_FILTER_ITERATIONS)
VAULT_FILTER_GENERATE_KEY = os.getenv('VAULT_FILTER_GENERATE_KEY',
import binascii
from ansible import errors
from ansible.config.manager import ConfigManager, get_ini_config_value
from cryptography.fernet import Fernet, InvalidToken
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
# Section in config file
CONFIG_SECTION = 'vault_filter'
# Read config values
config_manager = ConfigManager()
config_parser = config_manager._parsers.values()[0]
VAULT_FILTER_KEY = get_ini_config_value(config_parser, dict(section=CONFIG_SECTION, key='key')) or 'vault.key'
VAULT_FILTER_SALT = get_ini_config_value(config_parser, dict(section=CONFIG_SECTION, key='salt')) or None
VAULT_FILTER_ITERATIONS = get_ini_config_value(config_parser, dict(section=CONFIG_SECTION, key='iterations')) or 1000000
VAULT_FILTER_GENERATE_KEY = get_ini_config_value(config_parser, dict(section=CONFIG_SECTION, key='generate_key')) or False
DEFAULT_VAULT_PASSWORD_FILE = config_manager.data.get_setting('DEFAULT_VAULT_PASSWORD_FILE').value
# Read environment variables
VAULT_FILTER_KEY = os.getenv('VAULT_FILTER_KEY', VAULT_FILTER_KEY)
VAULT_FILTER_SALT = os.getenv('VAULT_FILTER_SALT', VAULT_FILTER_SALT)
VAULT_FILTER_ITERATIONS = os.getenv('VAULT_FILTER_ITERATIONS', VAULT_FILTER_ITERATIONS)
VAULT_FILTER_GENERATE_KEY = os.getenv('VAULT_FILTER_GENERATE_KEY', VAULT_FILTER_GENERATE_KEY)
VAULT_FILTER_KEY = os.path.abspath(VAULT_FILTER_KEY)
verbose = True
def vault(cipher):
