|
|
|
@ -3,6 +3,7 @@
|
|
|
|
|
from os import chdir, mkdir
|
|
|
|
|
from os.path import basename, exists
|
|
|
|
|
from pathlib import Path
|
|
|
|
|
from socket import gethostname
|
|
|
|
|
|
|
|
|
|
import click
|
|
|
|
|
|
|
|
|
@ -12,6 +13,7 @@ from autonomic.settings import add, get
|
|
|
|
|
from autonomic.utils import (
|
|
|
|
|
ensure_config_dir,
|
|
|
|
|
ensure_deploy_d_dir,
|
|
|
|
|
exit,
|
|
|
|
|
input_ask,
|
|
|
|
|
pass_ask,
|
|
|
|
|
question_ask,
|
|
|
|
@ -20,40 +22,86 @@ from autonomic.utils import (
|
|
|
|
|
yaml_load,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
hostname = gethostname()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@click.command()
|
|
|
|
|
@click.pass_context
|
|
|
|
|
def coophost(ctx):
|
|
|
|
|
"""Manage CoopHost resources."""
|
|
|
|
|
ensure_config_dir()
|
|
|
|
|
|
|
|
|
|
choices = ["encrypt"]
|
|
|
|
|
operation = question_ask("operation", "Which operation?", choices)
|
|
|
|
|
|
|
|
|
|
if operation == "encrypt":
|
|
|
|
|
encrypt()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def encrypt():
|
|
|
|
|
"""Encrypt a secret for a CoopHost package."""
|
|
|
|
|
ensure_deploy_d_dir()
|
|
|
|
|
|
|
|
|
|
app_dir = Path(".").absolute()
|
|
|
|
|
|
|
|
|
|
app = basename(Path(".").absolute())
|
|
|
|
|
app = basename(app_dir)
|
|
|
|
|
log.info("Auto-detected the {} application".format(app))
|
|
|
|
|
|
|
|
|
|
choices = ["encrypt", "decrypt"]
|
|
|
|
|
operation = question_ask("operation", "Which operation?", choices)
|
|
|
|
|
|
|
|
|
|
if operation == "encrypt":
|
|
|
|
|
encrypt(app, app_dir)
|
|
|
|
|
elif operation == "decrypt":
|
|
|
|
|
decrypt(app, app_dir)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_vault_pass(app):
|
|
|
|
|
"""Retrieve or set the app vault password."""
|
|
|
|
|
app_settings = get(app)
|
|
|
|
|
|
|
|
|
|
if app_settings is not None and "vault-password" in app_settings:
|
|
|
|
|
log.info("Using app vault password stored in {}".format(CONFIG_YAML))
|
|
|
|
|
vault_password = app_settings["vault-password"]
|
|
|
|
|
else:
|
|
|
|
|
return app_settings["vault-password"]
|
|
|
|
|
|
|
|
|
|
log.info("No app vault password configured")
|
|
|
|
|
vault_password = pass_ask("Vault password?")
|
|
|
|
|
|
|
|
|
|
log.info("App vault password stored in {}".format(CONFIG_YAML))
|
|
|
|
|
add({app: {"vault-password": vault_password}})
|
|
|
|
|
|
|
|
|
|
return vault_password
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def decrypt(app, app_dir):
|
|
|
|
|
"""Decrypt a secret."""
|
|
|
|
|
vault_password = get_vault_pass(app)
|
|
|
|
|
name = input_ask("Which variable do you want to decrypt?")
|
|
|
|
|
|
|
|
|
|
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
|
|
|
|
|
var_path = (vault_path / "{}.yml".format(name)).absolute()
|
|
|
|
|
|
|
|
|
|
if not exists(var_path):
|
|
|
|
|
exit("{}.yml is missing?".format(name))
|
|
|
|
|
|
|
|
|
|
cmd = [
|
|
|
|
|
".venv/bin/ansible",
|
|
|
|
|
hostname,
|
|
|
|
|
"--inventory",
|
|
|
|
|
"{},".format(hostname),
|
|
|
|
|
"-m",
|
|
|
|
|
"debug",
|
|
|
|
|
"-a",
|
|
|
|
|
"var='{}'".format(name),
|
|
|
|
|
"-e @{}".format(var_path),
|
|
|
|
|
"--ask-vault-pass",
|
|
|
|
|
"-e",
|
|
|
|
|
"ansible_user={}".format(get("username")),
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
decrypted = run(
|
|
|
|
|
cmd,
|
|
|
|
|
cwd=INFRA_DIR,
|
|
|
|
|
output=True,
|
|
|
|
|
pexpect=True,
|
|
|
|
|
pexpected={"(?i)vault password:": vault_password},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
log.info(decrypted)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def encrypt(app, app_dir):
|
|
|
|
|
"""Encrypt a secret for a CoopHost package."""
|
|
|
|
|
vault_password = get_vault_pass(app)
|
|
|
|
|
name = input_ask("Which variable do you want to encrypt?")
|
|
|
|
|
value = pass_ask("Variable value to encrypt?")
|
|
|
|
|
|
|
|
|
@ -74,7 +122,7 @@ def encrypt():
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
chdir(app_dir)
|
|
|
|
|
log.info("Changed directory back to to {}".format(app_dir))
|
|
|
|
|
log.info("Changed directory back to {}".format(app_dir))
|
|
|
|
|
|
|
|
|
|
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
|
|
|
|
|
if not exists(vault_path):
|
|
|
|
|