Compare commits
No commits in common. "master" and "0.0.4" have entirely different histories.
|
@ -1,12 +1,3 @@
|
||||||
Autonomic 0.0.5 (2020-04-13)
|
|
||||||
============================
|
|
||||||
|
|
||||||
Features
|
|
||||||
--------
|
|
||||||
|
|
||||||
- Add CoopHost decrypt command. (#5)
|
|
||||||
|
|
||||||
|
|
||||||
Autonomic 0.0.4 (2020-04-12)
|
Autonomic 0.0.4 (2020-04-12)
|
||||||
============================
|
============================
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
from os import chdir, mkdir
|
from os import chdir, mkdir
|
||||||
from os.path import basename, exists
|
from os.path import basename, exists
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from socket import gethostname
|
|
||||||
|
|
||||||
import click
|
import click
|
||||||
|
|
||||||
|
@ -13,7 +12,6 @@ from autonomic.settings import add, get
|
||||||
from autonomic.utils import (
|
from autonomic.utils import (
|
||||||
ensure_config_dir,
|
ensure_config_dir,
|
||||||
ensure_deploy_d_dir,
|
ensure_deploy_d_dir,
|
||||||
exit,
|
|
||||||
input_ask,
|
input_ask,
|
||||||
pass_ask,
|
pass_ask,
|
||||||
question_ask,
|
question_ask,
|
||||||
|
@ -22,86 +20,40 @@ from autonomic.utils import (
|
||||||
yaml_load,
|
yaml_load,
|
||||||
)
|
)
|
||||||
|
|
||||||
hostname = gethostname()
|
|
||||||
|
|
||||||
|
|
||||||
@click.command()
|
@click.command()
|
||||||
@click.pass_context
|
@click.pass_context
|
||||||
def coophost(ctx):
|
def coophost(ctx):
|
||||||
"""Manage CoopHost resources."""
|
"""Manage CoopHost resources."""
|
||||||
ensure_config_dir()
|
ensure_config_dir()
|
||||||
ensure_deploy_d_dir()
|
|
||||||
|
|
||||||
app_dir = Path(".").absolute()
|
choices = ["encrypt"]
|
||||||
app = basename(app_dir)
|
|
||||||
log.info("Auto-detected the {} application".format(app))
|
|
||||||
|
|
||||||
choices = ["encrypt", "decrypt"]
|
|
||||||
operation = question_ask("operation", "Which operation?", choices)
|
operation = question_ask("operation", "Which operation?", choices)
|
||||||
|
|
||||||
if operation == "encrypt":
|
if operation == "encrypt":
|
||||||
encrypt(app, app_dir)
|
encrypt()
|
||||||
elif operation == "decrypt":
|
|
||||||
decrypt(app, app_dir)
|
|
||||||
|
|
||||||
|
|
||||||
def get_vault_pass(app):
|
def encrypt():
|
||||||
"""Retrieve or set the app vault password."""
|
"""Encrypt a secret for a CoopHost package."""
|
||||||
|
ensure_deploy_d_dir()
|
||||||
|
|
||||||
|
app_dir = Path(".").absolute()
|
||||||
|
|
||||||
|
app = basename(Path(".").absolute())
|
||||||
|
log.info("Auto-detected the {} application".format(app))
|
||||||
|
|
||||||
app_settings = get(app)
|
app_settings = get(app)
|
||||||
|
|
||||||
if app_settings is not None and "vault-password" in app_settings:
|
if app_settings is not None and "vault-password" in app_settings:
|
||||||
log.info("Using app vault password stored in {}".format(CONFIG_YAML))
|
log.info("Using app vault password stored in {}".format(CONFIG_YAML))
|
||||||
return app_settings["vault-password"]
|
vault_password = app_settings["vault-password"]
|
||||||
|
else:
|
||||||
|
log.info("No app vault password configured")
|
||||||
|
vault_password = pass_ask("Vault password?")
|
||||||
|
|
||||||
log.info("No app vault password configured")
|
log.info("App vault password stored in {}".format(CONFIG_YAML))
|
||||||
vault_password = pass_ask("Vault password?")
|
add({app: {"vault-password": vault_password}})
|
||||||
|
|
||||||
log.info("App vault password stored in {}".format(CONFIG_YAML))
|
|
||||||
add({app: {"vault-password": vault_password}})
|
|
||||||
|
|
||||||
return vault_password
|
|
||||||
|
|
||||||
|
|
||||||
def decrypt(app, app_dir):
|
|
||||||
"""Decrypt a secret."""
|
|
||||||
vault_password = get_vault_pass(app)
|
|
||||||
name = input_ask("Which variable do you want to decrypt?")
|
|
||||||
|
|
||||||
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
|
|
||||||
var_path = (vault_path / "{}.yml".format(name)).absolute()
|
|
||||||
|
|
||||||
if not exists(var_path):
|
|
||||||
exit("{}.yml is missing?".format(name))
|
|
||||||
|
|
||||||
cmd = [
|
|
||||||
".venv/bin/ansible",
|
|
||||||
hostname,
|
|
||||||
"--inventory",
|
|
||||||
"{},".format(hostname),
|
|
||||||
"-m",
|
|
||||||
"debug",
|
|
||||||
"-a",
|
|
||||||
"var='{}'".format(name),
|
|
||||||
"-e @{}".format(var_path),
|
|
||||||
"--ask-vault-pass",
|
|
||||||
"-e",
|
|
||||||
"ansible_user={}".format(get("username")),
|
|
||||||
]
|
|
||||||
|
|
||||||
decrypted = run(
|
|
||||||
cmd,
|
|
||||||
cwd=INFRA_DIR,
|
|
||||||
output=True,
|
|
||||||
pexpect=True,
|
|
||||||
pexpected={"(?i)vault password:": vault_password},
|
|
||||||
)
|
|
||||||
|
|
||||||
log.info(decrypted)
|
|
||||||
|
|
||||||
|
|
||||||
def encrypt(app, app_dir):
|
|
||||||
"""Encrypt a secret for a CoopHost package."""
|
|
||||||
vault_password = get_vault_pass(app)
|
|
||||||
name = input_ask("Which variable do you want to encrypt?")
|
name = input_ask("Which variable do you want to encrypt?")
|
||||||
value = pass_ask("Variable value to encrypt?")
|
value = pass_ask("Variable value to encrypt?")
|
||||||
|
|
||||||
|
@ -122,7 +74,7 @@ def encrypt(app, app_dir):
|
||||||
)
|
)
|
||||||
|
|
||||||
chdir(app_dir)
|
chdir(app_dir)
|
||||||
log.info("Changed directory back to {}".format(app_dir))
|
log.info("Changed directory back to to {}".format(app_dir))
|
||||||
|
|
||||||
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
|
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
|
||||||
if not exists(vault_path):
|
if not exists(vault_path):
|
||||||
|
|
Reference in New Issue
Block a user