internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-07 13:52:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

add a vault --encrypt-vault-to specify vault id to use for encrypt (#31067)

Browse Source 
Enforce that there can be only one --new-vault-id or
--new-vault-password-file and use this instead of
--encrypt-vault-id

* Add a config option for default vault encrypt id
This commit is contained in:
Adrian Likins
2018-01-22 17:12:10 -05:00
committed by GitHub
parent 866239e01a
commit ffe0ddea96
5 changed files with 110 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/ansible/cli/__init__.py
View File

@@ -367,7 +367,7 @@ class CLI(with_metaclass(ABCMeta, object)):
if self.options.ask_su_pass or self.options.su_user:
_dep('su')
def validate_conflicts(self, vault_opts=False, runas_opts=False, fork_opts=False):
def validate_conflicts(self, vault_opts=False, runas_opts=False, fork_opts=False, vault_rekey_opts=False):
''' check for conflicting options '''
op = self.options
@@ -377,6 +377,10 @@ class CLI(with_metaclass(ABCMeta, object)):
if (op.ask_vault_pass and op.vault_password_files):
self.parser.error("--ask-vault-pass and --vault-password-file are mutually exclusive")
if vault_rekey_opts:
if (op.new_vault_id and op.new_vault_password_file):
self.parser.error("--new-vault-password-file and --new-vault-id are mutually exclusive")
if runas_opts:
# Check for privilege escalation conflicts
if ((op.su or op.su_user) and (op.sudo or op.sudo_user) or
@@ -452,8 +456,8 @@ class CLI(with_metaclass(ABCMeta, object)):
help='the vault identity to use')
if vault_rekey_opts:
parser.add_option('--new-vault-password-file', default=[], dest='new_vault_password_files',
help="new vault password file for rekey", action="callback", callback=CLI.unfrack_paths, type='string')
parser.add_option('--new-vault-password-file', default=None, dest='new_vault_password_file',
help="new vault password file for rekey", action="callback", callback=CLI.unfrack_path, type='string')
parser.add_option('--new-vault-id', default=None, dest='new_vault_id', type='string',
help='the new vault identity to use for rekey')