Handle vault decrypt --output=- (#31066)
In cli.CLI.unfrack_path callback, special case if the value of '--output' is '-', and avoid expanding it to a full path. vault cli already has special cases for '-', so it just needs to get the original value to work. Fixes #30550
This commit is contained in:
parent
cf3414d7d7
commit
278ff19bea
2 changed files with 16 additions and 4 deletions
|
@ -406,7 +406,10 @@ class CLI(with_metaclass(ABCMeta, object)):
|
|||
|
||||
@staticmethod
|
||||
def unfrack_path(option, opt, value, parser):
|
||||
setattr(parser.values, option.dest, unfrackpath(value))
|
||||
if value != '-':
|
||||
setattr(parser.values, option.dest, unfrackpath(value))
|
||||
else:
|
||||
setattr(parser.values, option.dest, value)
|
||||
|
||||
@staticmethod
|
||||
def base_parser(usage="", output_opts=False, runas_opts=False, meta_opts=False, runtask_opts=False, vault_opts=False, module_opts=False,
|
||||
|
|
|
@ -23,6 +23,8 @@ echo "This is a test file for edit2" > "${TEST_FILE_EDIT2}"
|
|||
FORMAT_1_1_HEADER="\$ANSIBLE_VAULT;1.1;AES256"
|
||||
FORMAT_1_2_HEADER="\$ANSIBLE_VAULT;1.2;AES256"
|
||||
|
||||
VAULT_PASSWORD_FILE=vault-password
|
||||
|
||||
# old format
|
||||
ansible-vault view "$@" --vault-password-file vault-password-ansible format_1_0_AES.yml
|
||||
|
||||
|
@ -202,9 +204,16 @@ ansible-vault view "$@" --vault-id "tmp_new_password@${NEW_VAULT_PASSWORD}" --va
|
|||
ansible-vault decrypt "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" "${TEST_FILE}"
|
||||
|
||||
# reading/writing to/from stdin/stdin (See https://github.com/ansible/ansible/issues/23567)
|
||||
ansible-vault encrypt "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --output="${TEST_FILE_OUTPUT}" < "${TEST_FILE}"
|
||||
ansible-vault view "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" - < "${TEST_FILE_OUTPUT}"
|
||||
ansible-vault decrypt "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --output=- < "${TEST_FILE_OUTPUT}"
|
||||
ansible-vault encrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output="${TEST_FILE_OUTPUT}" < "${TEST_FILE}"
|
||||
OUTPUT=$(ansible-vault decrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output=- < "${TEST_FILE_OUTPUT}")
|
||||
echo "${OUTPUT}" | grep 'This is a test file'
|
||||
|
||||
OUTPUT_DASH=$(ansible-vault decrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output=- "${TEST_FILE_OUTPUT}")
|
||||
echo "${OUTPUT_DASH}" | grep 'This is a test file'
|
||||
|
||||
OUTPUT_DASH_SPACE=$(ansible-vault decrypt "$@" --vault-password-file "${VAULT_PASSWORD_FILE}" --output - "${TEST_FILE_OUTPUT}")
|
||||
echo "${OUTPUT_DASH_SPACE}" | grep 'This is a test file'
|
||||
|
||||
|
||||
# test using an empty vault password file
|
||||
ansible-vault view "$@" --vault-password-file empty-password format_1_1_AES256.yml && :
|
||||
|
|
Loading…
Reference in a new issue