ansible-plugin/src/main/resources/vault-client.py at 6058f2d4531e29c76afd2e67f7fff46e764be1f7 · rundeck-plugins/ansible-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/env python3
import sys
import os
import getpass
import logging
from logging import handlers
import argparse

log = logging.getLogger('')
log.setLevel(logging.DEBUG)
log_path=os.getenv('LOG_PATH', None)

parser = argparse.ArgumentParser(description='Get a vault password from user keyring')
parser.add_argument('--vault-id', action='store', default="None",
                    dest='vault_id',
                    help='name of the vault secret to get from keyring')

args = parser.parse_args()
vault_id = args.vault_id

if log_path:
    fh = handlers.RotatingFileHandler(log_path)
    log.addHandler(fh)
    log.info("Enter Password ("+vault_id+"):")

secret=os.getenv('VAULT_ID_SECRET', None)

if secret:
    sys.stdout.write('%s\n' % (secret))
    sys.exit(0)

if sys.stdin.isatty():
    secret = getpass.getpass()
else:
    secret = ''
    while 1:
        c = sys.stdin.read(1)
        if c == chr(3) or len(c) == 0: # end of text or nothing read
            break
        secret = secret + c

if secret is None:
    sys.stderr.write('ERROR: secret is not set\n')
    sys.exit(1)

sys.stdout.write('%s\n' % (secret))
sys.exit(0)