Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ansible cli options --ask-vault-password and --vault-pass-file #63782

Merged
merged 6 commits into from Dec 19, 2019
Merged

Add ansible cli options --ask-vault-password and --vault-pass-file #63782

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a268df8
Add ansible cli options --ask-vault-password and --vault-pass-file
Oct 22, 2019
7613f98
Move new Ansible cli options '--ask-vault-password' and '--vault-pass…
Oct 23, 2019
fff0f05
63782 Add changelog fragement
Oct 23, 2019
32cf426
63782 Change order of ansible cli arguments to use --ask-vault-passwo…
Oct 23, 2019
8888d58
63782 Update changelog fragment
Oct 23, 2019
93f43a9
Update runme.sh in vault integration tests to test new options --ask-…
Dec 17, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions ...elogs/fragments/63782-add-ansible-ask-vault-password-and-vault-password-file-options.yaml
View file
Open in desktop
@@ -0,0 +1,3 @@
minor_changes:
- Add --ask-vault-password and --vault-pass-file options to ansible cli commands
- Change order of arguments in ansible cli to use --ask-vault-password and --vault-password-file by default
4 changes: 2 additions & 2 deletions lib/ansible/cli/arguments/option_helpers.py
View file
Open in desktop
Expand Up @@ -363,7 +363,7 @@ def add_vault_options(parser):
parser.add_argument('--vault-id', default=[], dest='vault_ids', action='append', type=str,
help='the vault identity to use')
base_group = parser.add_mutually_exclusive_group()
base_group.add_argument('--ask-vault-pass', default=C.DEFAULT_ASK_VAULT_PASS, dest='ask_vault_pass', action='store_true',
base_group.add_argument('--ask-vault-password', '--ask-vault-pass', default=C.DEFAULT_ASK_VAULT_PASS, dest='ask_vault_pass', action='store_true',
help='ask for vault password')
base_group.add_argument('--vault-password-file', default=[], dest='vault_password_files',
base_group.add_argument('--vault-password-file', '--vault-pass-file', default=[], dest='vault_password_files',
help="vault password file", type=unfrack_path(), action='append')
10 changes: 10 additions & 0 deletions test/integration/targets/vault/runme.sh
View file
Open in desktop
Expand Up @@ -106,6 +106,14 @@ if [ -x "$(command -v setsid)" ]; then
setsid sh -c 'tty; echo test-vault-password|ansible-vault view --ask-vault-pass -vvvvv vaulted.inventory' < /dev/null > log 2>&1
echo $?
cat log

# test using --ask-vault-password option
CMD='ansible-playbook -i ../../inventory -vvvvv --ask-vault-password test_vault.yml'
setsid sh -c "echo test-vault-password|${CMD}" < /dev/null > log 2>&1 && :
WRONG_RC=$?
cat log
echo "rc was $WRONG_RC (0 is expected)"
[ $WRONG_RC -eq 0 ]
fi

ansible-vault view "$@" --vault-password-file vault-password-wrong format_1_1_AES256.yml && :
Expand Down Expand Up @@ -410,6 +418,8 @@ ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-pass
ansible-playbook test_vaulted_inventory.yml -i vaulted.inventory -v "$@" --vault-password-file vault-password
ansible-playbook test_vaulted_template.yml -i ../../inventory -v "$@" --vault-password-file vault-password

# test using --vault-pass-file option
ansible-playbook test_vault.yml -i ../../inventory -v "$@" --vault-pass-file vault-password

# install TOML for parse toml inventory
# test playbooks using vaulted files(toml)
Expand Down