diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-12-01 23:14:05 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-12-01 23:14:05 +0100 |
commit | 17447210485bbe379beb9c7e9a3034e900110ed9 (patch) | |
tree | 1b911eed4ea5bce52a5bc24f0951dfe200ea3217 /environment.sh | |
parent | fixed acmetool self-signed cert handling (diff) |
moved to multi environment repo structure
Diffstat (limited to 'environment.sh')
-rw-r--r-- | environment.sh | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/environment.sh b/environment.sh new file mode 100644 index 00000000..38a38340 --- /dev/null +++ b/environment.sh @@ -0,0 +1,82 @@ +## +## must be sourced in your interactive shell or by scripts before using vault files +## + +print_error() { + echo "\033[1;31mERROR:\033[1;0m $1" +} + +vault_environment__get() { + echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' +} + +vault_environment__set() { + unset ANSIBLE_VAULT_IDENTITY_LIST + for e in "$@"; do + vault_environment__activate $e + done +} + +vault_environment__activate() { + if [ -z "$1" ]; then + print_error "please specify an environment" + return + fi + + if [ ! -f "gpg/get-vault-pass-$1" ]; then + print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" + return + fi + + for e in $(vault_environment__get); do + if [ "$1" = "$e" ]; then + return + fi + done + + if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then + export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" + else + export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" + fi +} + +vault_environment__deactivate() { + local new_list + + if [ -z "$1" ]; then + print_error "please specify an environment" + return + fi + + new_list="" + for e in $(vault_environment__get); do + if [ "$1" != "$e" ]; then + if [ -z "$new_list" ]; then + new_list="$e@gpg/get-vault-pass-$e" + else + new_list="$new_list,$e@gpg/get-vault-pass-$e" + fi + fi + done + + if [ -z "$new_list" ]; then + unset ANSIBLE_VAULT_IDENTITY_LIST + else + export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" + fi +} + +op="$1" +if [ -n "$op" ]; then + shift +fi + +case $op in + activate|deactivate|set|get) + "vault_environment__$op" "$@" + ;; + *) + print_error "unknown operation: '$op'" + ;; +esac |