wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ansible cli options --ask-vault-password and --vault-pass-file (#63782)

Browse source 
* Move new Ansible cli options '--ask-vault-password' and '--vault-pass-file' to the existing calls to add_argument
* Add changelog fragement
* Change order of ansible cli arguments to use --ask-vault-password and --vault-password-file by default
* Update runme.sh in vault integration tests to test new options --ask-vault-password and --vault-pass-file
This commit is contained in:
ivog74 2019-12-19 18:07:25 +01:00 committed by Sam Doran
parent 3ed0b2c7ea
commit bd989052b1
3 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/63782-add-ansible-ask-vault-password-and-vault-password-file-options.yaml Normal file
View file

@ -0,0 +1,3 @@
minor_changes:
- Add --ask-vault-password and --vault-pass-file options to ansible cli commands
- Change order of arguments in ansible cli to use --ask-vault-password and --vault-password-file by default

4
lib/ansible/cli/arguments/option_helpers.py
View file

@ -363,7 +363,7 @@ def add_vault_options(parser):
parser.add_argument('--vault-id', default=[], dest='vault_ids', action='append', type=str,
help='the vault identity to use')
base_group = parser.add_mutually_exclusive_group()
base_group.add_argument('--ask-vault-pass', default=C.DEFAULT_ASK_VAULT_PASS, dest='ask_vault_pass', action='store_true',
base_group.add_argument('--ask-vault-password', '--ask-vault-pass', default=C.DEFAULT_ASK_VAULT_PASS, dest='ask_vault_pass', action='store_true',
help='ask for vault password')
base_group.add_argument('--vault-password-file', default=[], dest='vault_password_files',
base_group.add_argument('--vault-password-file', '--vault-pass-file', default=[], dest='vault_password_files',
help="vault password file", type=unfrack_path(), action='append')

10
test/integration/targets/vault/runme.sh
View file

@ -106,6 +106,14 @@ if [ -x "$(command -v setsid)" ]; then
setsid sh -c 'tty; echo test-vault-password|ansible-vault view --ask-vault-pass -vvvvv vaulted.inventory' < /dev/null > log 2>&1
echo $?
cat log
# test using --ask-vault-password option
CMD='ansible-playbook -i ../../inventory -vvvvv --ask-vault-password test_vault.yml'
setsid sh -c "echo test-vault-password|${CMD}" < /dev/null > log 2>&1 && :
WRONG_RC=$?
cat log
echo "rc was $WRONG_RC (0 is expected)"
[ $WRONG_RC -eq 0 ]
fi
ansible-vault view "$@" --vault-password-file vault-password-wrong format_1_1_AES256.yml && :
@ -410,6 +418,8 @@ ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-pass
ansible-playbook test_vaulted_inventory.yml -i vaulted.inventory -v "$@" --vault-password-file vault-password
ansible-playbook test_vaulted_template.yml -i ../../inventory -v "$@" --vault-password-file vault-password
# test using --vault-pass-file option
ansible-playbook test_vault.yml -i ../../inventory -v "$@" --vault-pass-file vault-password
# install TOML for parse toml inventory
# test playbooks using vaulted files(toml)