autonomic-cooperative
/
autonomic
Archived
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2020-06-17. You can view files and clone it, but cannot push or open issues or pull requests.
autonomic/autonomic/command/coophost.py

89 lines
2.4 KiB
Python
Raw Blame History

"""CoopHost module."""
from os import chdir, mkdir
from os.path import basename, exists
from pathlib import Path
import click
from autonomic.config import CONFIG_YAML, INFRA_DIR
from autonomic.logger import log
from autonomic.settings import add, get
from autonomic.utils import (
ensure_config_dir,
ensure_deploy_d_dir,
input_ask,
pass_ask,
question_ask,
run,
yaml_dump,
yaml_load,
)
@click.command()
@click.pass_context
def coophost(ctx):
"""Manage CoopHost resources."""
ensure_config_dir()
choices = ["encrypt"]
operation = question_ask("operation", "Which operation?", choices)
if operation == "encrypt":
encrypt()
def encrypt():
"""Encrypt a secret for a CoopHost package."""
ensure_deploy_d_dir()
app_dir = Path(".").absolute()
app = basename(Path(".").absolute())
log.info("Auto-detected the {} application".format(app))
app_settings = get(app)
if app_settings is not None and "vault-password" in app_settings:
log.info("Using app vault password stored in {}".format(CONFIG_YAML))
vault_password = app_settings["vault-password"]
else:
log.info("No app vault password configured")
vault_password = pass_ask("Vault password?")
log.info("App vault password stored in {}".format(CONFIG_YAML))
add({app: {"vault-password": vault_password}})
name = input_ask("Which variable do you want to encrypt?")
value = pass_ask("Variable value to encrypt?")
cmd = [".venv/bin/ansible-vault", "encrypt_string", "--name", name, value]
encrypted = run(
cmd,
cwd=INFRA_DIR,
pexpect=True,
pexpected={
"(?i)new vault password:": vault_password,
"(?i)confirm new vault password:": vault_password,
},
)
encrypted = (
encrypted.strip()
.replace("\r", "")
.replace("\nEncryption successful", "")
)
chdir(app_dir)
log.info("Changed directory back to to {}".format(app_dir))
vault_path = (Path(".") / "deploy.d" / "vault").absolute()
if not exists(vault_path):
log.info("Creating {}".format(vault_path))
mkdir(vault_path)
var_path = (vault_path / "{}.yml".format(name)).absolute()
with open(var_path, "w"):
loaded = yaml_load(encrypted, text=True)
yaml_dump(var_path, loaded)
log.success("Encrypted and saved {} in {}".format(name, var_path))
Reference in New Issue View Git Blame Copy Permalink