Python VaultEditor примеры использования

Пример #1

Файл: create_vault.py Проект: sgargan/ansible-vault-tools

def extract_from_vault(args):

    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):

        encrypted = is_encrypted(vault_file)
        if encrypted:
            editor.decrypt_file()

        try:
            with open(vault_file, 'r') as v:
                vault_data = yaml.load(v)

            for item in args.i:
                key, file = item.split('=')
                try:
                    if vault_data[key]:
                        with open(file, 'wb') as unpack:
                            unpack.write(base64.b64decode(vault_data[key]))
                        console('Extracted %s to %s' % (key, file))
                except Exception, e:
                    console('Could not extract %s to %s, %s' % (key, file, e))
        except:
            if encrypted:
                editor.encrypt_file()

Пример #2

    def test_decrypt_1_0_newline(self):
        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
            raise SkipTest
        dirpath = tempfile.mkdtemp()
        filename = os.path.join(dirpath, "foo-ansible-1.0-ansible-newline-ansible.yml")
        shutil.rmtree(dirpath)
        shutil.copytree("vault_test_data", dirpath)
        ve = VaultEditor(None, "ansible\nansible\n", filename)

        # make sure the password functions for the cipher
        error_hit = False
        try:        
            ve.decrypt_file()
        except errors.AnsibleError, e:
            error_hit = True

Пример #3

 def test_methods_exist(self):
     v = VaultEditor(None, None, None)
     slots = [
         'create_file', 'decrypt_file', 'edit_file', 'encrypt_file',
         'rekey_file', 'read_data', 'write_data', 'shuffle_files'
     ]
     for slot in slots:
         assert hasattr(v, slot), "VaultLib is missing the %s method" % slot

Пример #4

Файл: TestVaultEditor.py Проект: dataxu/ansible

    def test_decrypt_1_0(self):
        if self._is_fips():
            raise SkipTest('Vault-1.0 will not function on FIPS enabled systems')
        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
            raise SkipTest
        dirpath = tempfile.mkdtemp()
        filename = os.path.join(dirpath, "foo-ansible-1.0.yml")
        shutil.rmtree(dirpath)
        shutil.copytree("vault_test_data", dirpath)
        ve = VaultEditor(None, "ansible", filename)

        # make sure the password functions for the cipher
        error_hit = False
        try:        
            ve.decrypt_file()
        except errors.AnsibleError, e:
            error_hit = True

Пример #5

    def test_decrypt_1_0(self):
        if self._is_fips():
            raise SkipTest(
                'Vault-1.0 will not function on FIPS enabled systems')
        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
            raise SkipTest
        dirpath = tempfile.mkdtemp()
        filename = os.path.join(dirpath, "foo-ansible-1.0.yml")
        shutil.rmtree(dirpath)
        shutil.copytree("vault_test_data", dirpath)
        ve = VaultEditor(None, "ansible", filename)

        # make sure the password functions for the cipher
        error_hit = False
        try:
            ve.decrypt_file()
        except errors.AnsibleError, e:
            error_hit = True

Пример #6

def extract_from_vault(args):

    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):

        encrypted = is_encrypted(vault_file)
        if encrypted:
            editor.decrypt_file()

        try:
            with open(vault_file, 'r') as v:
                vault_data = yaml.load(v)

            for item in args.i:
                key, file = item.split('=')
                try:
                    if vault_data[key]:
                        with open(file, 'wb') as unpack:
                            unpack.write(base64.b64decode(vault_data[key]))
                        console('Extracted %s to %s' % (key, file))
                except Exception, e:
                    console('Could not extract %s to %s, %s' % (key, file, e))
        except:
            if encrypted:
                editor.encrypt_file()

Пример #7

Файл: post_gen_project.py Проект: ephes/cookiecutter-django-ansible

def create_ansible_vault():
    '''
    Create ansible vault with random passphrase and set SECRET_KEY.
    '''
    def generate_passphrase():
        import random
        import string
        chars = string.ascii_uppercase + string.ascii_lowercase + string.digits
        return ''.join(random.choice(chars) for _ in range(20))

    # write the ansible vault password to disk
    passphrase = generate_passphrase()
    with open('ansible/.vault_pass.txt', 'w') as vp_file:
        vp_file.write('{}\n'.format(passphrase))

    # create ansible vault
    from ansible.utils.vault import VaultEditor
    vault_path = 'ansible/group_vars/all/vault.yml'
    vault_editor = VaultEditor('AES256', passphrase, vault_path)
    data = '--- \nSECRET_KEY: {}'.format(generate_passphrase())
    vault_editor.write_data(data, vault_path)
    vault_editor.encrypt_file()

Пример #8

Файл: ansivault.py Проект: bdastur/spam

    def decrypt_file(self, filename):
        '''
        Decrypt File
        Args:
            filename: Pass the filename to encrypt.
        Returns:
            No return.
        '''
        if not os.path.exists(filename):
            print "Invalid filename %s. Does not exist" % filename
            return

        if self.vault_password is None:
            print "ENV Variable PYANSI_VAULT_PASSWORD not set"
            return

        if not self.is_file_encrypted(filename):
            # No need to do anything.
            return

        cipher = 'AES256'
        vaulteditor = VaultEditor(cipher, self.vault_password, filename)
        vaulteditor.decrypt_file()

Пример #9

Файл: create_vault.py Проект: sgargan/ansible-vault-tools

def add_to_vault(args):
    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    console("Adding entries to %s" % vault_file)
    if args.t and os.path.isfile(vault_file):
        os.remove(vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):
        if is_encrypted(vault_file):
            editor.decrypt_file()
        with open(vault_file, 'r') as v:
            vault_data = yaml.load(v)

    vault_args = parse_vault_args(args.i)
    vault_data = dict(vault_data.items() + vault_args.items())

    with open(vault_file, 'w') as v:
        v.write( yaml.dump(vault_data, default_flow_style=False) )

    editor.encrypt_file()

Пример #10

def add_to_vault(args):
    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    console("Adding entries to %s" % vault_file)
    if args.t and os.path.isfile(vault_file):
        os.remove(vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):
        if is_encrypted(vault_file):
            editor.decrypt_file()
        with open(vault_file, 'r') as v:
            vault_data = yaml.load(v)

    vault_args = parse_vault_args(args.i)
    vault_data = dict(vault_data.items() + vault_args.items())

    with open(vault_file, 'w') as v:
        v.write(yaml.dump(vault_data, default_flow_style=False))

    editor.encrypt_file()