mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-19 21:41:41 +02:00
faba3a3d7c
Now that misc/get_key.py checks if the vault file passed to it exists,
we cannot pass paths only resolvable from the root directory. Instead,
use paths that make sense relative to the current directory and avoid
calling chdir when loading the vault file.
Fixes: 7754214604
("Rewrite get_key.py to use click instead of typer")
82 lines
1.9 KiB
Python
Executable File
82 lines
1.9 KiB
Python
Executable File
#!/usr/bin/python3
|
|
|
|
import json
|
|
import os
|
|
import sys
|
|
from contextlib import contextmanager
|
|
from enum import Enum
|
|
from pathlib import Path
|
|
from typing import List
|
|
import click
|
|
import yaml
|
|
|
|
|
|
@contextmanager
|
|
def chdir(path):
|
|
oldcwd = os.getcwd()
|
|
os.chdir(path)
|
|
try:
|
|
yield
|
|
finally:
|
|
os.chdir(oldcwd)
|
|
|
|
|
|
root = Path(__file__).resolve().parents[1]
|
|
|
|
with chdir(root):
|
|
from ansible.cli import CLI
|
|
from ansible.constants import DEFAULT_VAULT_IDENTITY_LIST
|
|
from ansible.parsing.dataloader import DataLoader
|
|
from ansible.parsing.vault import VaultLib
|
|
|
|
data_loader = DataLoader()
|
|
data_loader.set_basedir(root)
|
|
|
|
vault_lib = VaultLib(
|
|
CLI.setup_vault_secrets(
|
|
data_loader, DEFAULT_VAULT_IDENTITY_LIST, auto_prompt=False
|
|
)
|
|
)
|
|
|
|
|
|
def load_vault(path):
|
|
return yaml.load(
|
|
vault_lib.decrypt(Path(path).read_text()), Loader=yaml.SafeLoader
|
|
)
|
|
|
|
|
|
class OutputFormat(str, Enum):
|
|
BARE = "bare"
|
|
ENV = "env"
|
|
JSON = "json"
|
|
|
|
def __str__(self):
|
|
return self.value
|
|
|
|
@click.command()
|
|
@click.argument('vault', type=click.Path(exists=True))
|
|
@click.argument('keys', nargs=-1)
|
|
@click.option('--format', default=OutputFormat.BARE, type=click.Choice([e.value for e in OutputFormat]), help='Output format')
|
|
def main(vault, keys, format):
|
|
"""
|
|
Get a bunch of entries from the vault located at VAULT.
|
|
|
|
Use KEYS to choose which keys in the vault you want to output.
|
|
"""
|
|
vault = load_vault(vault)
|
|
filtered = {vault_key: vault[vault_key] for vault_key in keys}
|
|
|
|
if format == OutputFormat.BARE:
|
|
for secret in filtered.values():
|
|
print(secret)
|
|
elif format == OutputFormat.ENV:
|
|
for key, secret in filtered.items():
|
|
print(f"{key}={secret}")
|
|
elif format == OutputFormat.JSON:
|
|
json.dump(filtered, sys.stdout)
|
|
print()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|