From 910ed81ee9e71b7c58d4e3767d3ef8406c5f768b Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Tue, 24 May 2022 21:47:31 +0200
Subject: [PATCH] [vault] Enable "/" segmentation in the vault
---
vars_plugins/pass.py | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/vars_plugins/pass.py b/vars_plugins/pass.py
index e736dcda..3797200b 100644
--- a/vars_plugins/pass.py
+++ b/vars_plugins/pass.py
@@ -45,7 +45,7 @@ class VarsModule(BaseVarsPlugin):
if crans_submodule:
password_store /= config.get('pass', 'crans_password_store_submodule',
fallback=os.getenv('CRANS_PASSWORD_STORE_SUBMODULE', 'crans'))
- full_command = ['gpg', '-d', password_store / f'{name}.gpg']
+ full_command = ['gpg', '-q', '-d', password_store / f'{name}.gpg']
proc = subprocess.run(full_command, capture_output=True, close_fds=True)
clear_text = proc.stdout.decode('UTF-8')
sys.stderr.write(proc.stderr.decode('UTF-8'))
@@ -109,12 +109,17 @@ class VarsModule(BaseVarsPlugin):
# Load vault passwords
if entity.get_name() == 'all':
passwords['vault'] = {}
- # Backward compatibility with old ansible_vault
- passwords['vault'] = loader.load(
- VarsModule.decrypt_password('ansible_vault', True))
for file in files:
- passwords['vault'][file.removeprefix('ansible/')] = loader.load(
- VarsModule.decrypt_password(file, True))
+ paths = file.removeprefix('ansible/').split('/')
+ d = passwords['vault']
+ for path in paths[:-1]:
+ if path not in d:
+ d[path] = {}
+ d = d[path]
+ try:
+ d[paths[-1]] = loader.load(VarsModule.decrypt_password(file, True))
+ except Exception as e:
+ print(file)
# Load become password
become_password = VarsModule.become_password(entity)
--
GitLab