def get_password(self, account_id):
"""This method enables users to retrieve the password of an
existing account that is identified by its Account ID.
"""
api_endpoint = 'WebServices/PIMServices.svc/Accounts/{account_id}/Credentials'.format(
account_id=account_id)
v = vault.VaultLib([
(to_bytes(account_id),
vault.VaultSecret(
to_bytes(
self.cyberark_connection.get('password',
ANSIBLE_CYBERARK_PASSWORD))))
])
if self._cache and to_bytes(account_id) in self._cache:
result = v.decrypt(self._cache.get(to_bytes(account_id)))
else:
try:
response = self.request(api_endpoint=api_endpoint)
result = to_text(response.read())
if self._cache:
self._cache[to_bytes(account_id)] = v.encrypt(result)
except HTTPError as e:
return
return result
def generate_secrets(self):
"""
Generates secrets from a global setting pointing to a vault file, to be
used for de/encryption.
"""
vault_path = self.nvim.vars.get("ansible_vault_path", "vault")
with open(vault_path) as vault_file:
secret_text = vault_file.read().strip()
secret_bytes = to_bytes(secret_text)
secrets = vault.VaultSecret(secret_bytes)
secrets.load()
return secrets
def _load_secrets(secrets_path, env_lookup_key=None):
if not env_lookup_key:
base, _ext = os.path.splitext(os.path.basename(secrets_path))
path_key = "%s_PASS" % base.upper()
else:
path_key = env_lookup_key
path_pass = os.getenv(path_key)
if not path_pass:
raise LookupError("Unable to find password for '%s'"
" under environment key '%s'" %
(secrets_path, path_key))
dl = dataloader.DataLoader()
if hasattr(dl, 'set_vault_password'):
dl.set_vault_password(path_pass)
else:
dl.set_vault_secrets([(C.DEFAULT_VAULT_IDENTITY,
vault.VaultSecret(path_pass))])
return _dictify(dl.load_from_file(secrets_path))
def test_bytes(self):
some_text = u'私はガラスを食べられます。それは私を傷つけません。'
_bytes = to_bytes(some_text)
secret = vault.VaultSecret(_bytes)
secret.load()
self.assertEqual(secret.bytes, _bytes)
def test(self):
secret = vault.VaultSecret()
secret.load()
self.assertIsNone(secret._bytes)
