diff options
Diffstat (limited to 'test/integration/targets/ansible-vault/test-vault-client.py')
| -rwxr-xr-x | test/integration/targets/ansible-vault/test-vault-client.py | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/test/integration/targets/ansible-vault/test-vault-client.py b/test/integration/targets/ansible-vault/test-vault-client.py new file mode 100755 index 0000000..ee46188 --- /dev/null +++ b/test/integration/targets/ansible-vault/test-vault-client.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +ANSIBLE_METADATA = {'status': ['preview'], + 'supported_by': 'community', + 'version': '1.0'} + +import argparse +import sys + +# TODO: could read these from the files I suppose... +secrets = {'vault-password': 'test-vault-password', + 'vault-password-wrong': 'hunter42', + 'vault-password-ansible': 'ansible', + 'password': 'password', + 'vault-client-password-1': 'password-1', + 'vault-client-password-2': 'password-2'} + + +def build_arg_parser(): + parser = argparse.ArgumentParser(description='Get a vault password from user keyring') + + parser.add_argument('--vault-id', action='store', default=None, + dest='vault_id', + help='name of the vault secret to get from keyring') + parser.add_argument('--username', action='store', default=None, + help='the username whose keyring is queried') + parser.add_argument('--set', action='store_true', default=False, + dest='set_password', + help='set the password instead of getting it') + return parser + + +def get_secret(keyname): + return secrets.get(keyname, None) + + +def main(): + rc = 0 + + arg_parser = build_arg_parser() + args = arg_parser.parse_args() + # print('args: %s' % args) + + keyname = args.vault_id or 'ansible' + + if args.set_password: + print('--set is not supported yet') + sys.exit(1) + + secret = get_secret(keyname) + if secret is None: + sys.stderr.write('test-vault-client could not find key for vault-id="%s"\n' % keyname) + # key not found rc=2 + return 2 + + sys.stdout.write('%s\n' % secret) + + return rc + + +if __name__ == '__main__': + sys.exit(main()) |