moved to multi environment repo structure

author: Christian Pointner <equinox@spreadspace.org> 2018-12-01 23:14:05 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2018-12-01 23:14:05 +0100
commit: 17447210485bbe379beb9c7e9a3034e900110ed9 (patch)
tree: 1b911eed4ea5bce52a5bc24f0951dfe200ea3217 /environment.sh
parent: fixed acmetool self-signed cert handling (diff)
1 files changed, 82 insertions, 0 deletions
diff --git a/environment.sh b/environment.sh
new file mode 100644
index 00000000..38a38340
--- /dev/null
+++ b/environment.sh
@@ -0,0 +1,82 @@
+##
+## must be sourced in your interactive shell or by scripts before using vault files
+##
+
+print_error() {
+  echo "\033[1;31mERROR:\033[1;0m $1"
+}
+
+vault_environment__get() {
+  echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d'
+}
+
+vault_environment__set() {
+  unset ANSIBLE_VAULT_IDENTITY_LIST
+  for e in "$@"; do
+    vault_environment__activate $e
+  done
+}
+
+vault_environment__activate() {
+  if [ -z "$1" ]; then
+    print_error "please specify an environment"
+    return
+  fi
+
+  if [ ! -f "gpg/get-vault-pass-$1" ]; then
+    print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'"
+    return
+  fi
+
+  for e in $(vault_environment__get); do
+    if [ "$1" = "$e" ]; then
+      return
+    fi
+  done
+
+  if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then
+    export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1"
+  else
+    export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1"
+  fi
+}
+
+vault_environment__deactivate() {
+  local new_list
+
+  if [ -z "$1" ]; then
+    print_error "please specify an environment"
+    return
+  fi
+
+  new_list=""
+  for e in $(vault_environment__get); do
+    if [ "$1" != "$e" ]; then
+      if [ -z "$new_list" ]; then
+        new_list="$e@gpg/get-vault-pass-$e"
+      else
+        new_list="$new_list,$e@gpg/get-vault-pass-$e"
+      fi
+    fi
+  done
+
+  if [ -z "$new_list" ]; then
+    unset ANSIBLE_VAULT_IDENTITY_LIST
+  else
+    export ANSIBLE_VAULT_IDENTITY_LIST="$new_list"
+  fi
+}
+
+op="$1"
+if [ -n "$op" ]; then
+  shift
+fi
+
+case $op in
+  activate|deactivate|set|get)
+    "vault_environment__$op" "$@"
+    ;;
+  *)
+    print_error "unknown operation: '$op'"
+    ;;
+esac
author	Christian Pointner <equinox@spreadspace.org>	2018-12-01 23:14:05 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2018-12-01 23:14:05 +0100
commit	17447210485bbe379beb9c7e9a3034e900110ed9 (patch)
tree	1b911eed4ea5bce52a5bc24f0951dfe200ea3217 /environment.sh
parent	fixed acmetool self-signed cert handling (diff)