Compare commits

..

No commits in common. "master" and "0.0.4" have entirely different histories.

2 changed files with 18 additions and 75 deletions

View File

@ -1,12 +1,3 @@
Autonomic 0.0.5 (2020-04-13)
============================
Features
--------
- Add CoopHost decrypt command. (#5)
Autonomic 0.0.4 (2020-04-12)
============================

View File

@ -3,7 +3,6 @@
from os import chdir, mkdir
from os.path import basename, exists
from pathlib import Path
from socket import gethostname
import click
@ -13,7 +12,6 @@ from autonomic.settings import add, get
from autonomic.utils import (
ensure_config_dir,
ensure_deploy_d_dir,
exit,
input_ask,
pass_ask,
question_ask,
@ -22,86 +20,40 @@ from autonomic.utils import (
yaml_load,
)
hostname = gethostname()
@click.command()
@click.pass_context
def coophost(ctx):
"""Manage CoopHost resources."""
ensure_config_dir()
ensure_deploy_d_dir()
app_dir = Path(".").absolute()
app = basename(app_dir)
log.info("Auto-detected the {} application".format(app))
choices = ["encrypt", "decrypt"]
choices = ["encrypt"]
operation = question_ask("operation", "Which operation?", choices)
if operation == "encrypt":
encrypt(app, app_dir)
elif operation == "decrypt":
decrypt(app, app_dir)
encrypt()
def get_vault_pass(app):
"""Retrieve or set the app vault password."""
def encrypt():
"""Encrypt a secret for a CoopHost package."""
ensure_deploy_d_dir()
app_dir = Path(".").absolute()
app = basename(Path(".").absolute())
log.info("Auto-detected the {} application".format(app))
app_settings = get(app)
if app_settings is not None and "vault-password" in app_settings:
log.info("Using app vault password stored in {}".format(CONFIG_YAML))
return app_settings["vault-password"]
vault_password = app_settings["vault-password"]
else:
log.info("No app vault password configured")
vault_password = pass_ask("Vault password?")
log.info("No app vault password configured")
vault_password = pass_ask("Vault password?")
log.info("App vault password stored in {}".format(CONFIG_YAML))
add({app: {"vault-password": vault_password}})
log.info("App vault password stored in {}".format(CONFIG_YAML))
add({app: {"vault-password": vault_password}})
return vault_password
def decrypt(app, app_dir):
"""Decrypt a secret."""
vault_password = get_vault_pass(app)
name = input_ask("Which variable do you want to decrypt?")
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
var_path = (vault_path / "{}.yml".format(name)).absolute()
if not exists(var_path):
exit("{}.yml is missing?".format(name))
cmd = [
".venv/bin/ansible",
hostname,
"--inventory",
"{},".format(hostname),
"-m",
"debug",
"-a",
"var='{}'".format(name),
"-e @{}".format(var_path),
"--ask-vault-pass",
"-e",
"ansible_user={}".format(get("username")),
]
decrypted = run(
cmd,
cwd=INFRA_DIR,
output=True,
pexpect=True,
pexpected={"(?i)vault password:": vault_password},
)
log.info(decrypted)
def encrypt(app, app_dir):
"""Encrypt a secret for a CoopHost package."""
vault_password = get_vault_pass(app)
name = input_ask("Which variable do you want to encrypt?")
value = pass_ask("Variable value to encrypt?")
@ -122,7 +74,7 @@ def encrypt(app, app_dir):
)
chdir(app_dir)
log.info("Changed directory back to {}".format(app_dir))
log.info("Changed directory back to to {}".format(app_dir))
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
if not exists(vault_path):