## this file contains several helper functions, please source it to make use of them print_error() { echo -e "\033[1;31mERROR:\033[1;0m $1" } print_success() { echo -e "\033[1;32mSuccess:\033[1;0m $1" } print_info() { echo -e "\033[1;37mInfo:\033[1;0m $1" } ########################### ## varibales from ansible hosts ansible_variable__get() { local _var_name="$1" local _hosts="$2" local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -m debug -a "msg={{ $_var_name }}" | \ jq -r '.plays[].tasks[].hosts[] | select(.failed != true) | .msg' | sort | uniq) if [ $? -ne 0 ] || [ -z "$_result" ]; then print_error "failed to get value of variable '$_var_name' for host(s) '$_hosts'" return 1 fi local _num_results=$(echo "$_result" | wc -l) if [ $_num_results -ne 1 ]; then print_error "the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')" return 2 fi eval "$_var_name"='$(echo "$_result")' return 0 } ########################### ## vault environment handling vault_environment__get() { echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' } vault_environment__set() { unset ANSIBLE_VAULT_IDENTITY_LIST for e in "$@"; do vault_environment__activate $e || return 1 done } vault_environment__activate() { if [ -z "$1" ]; then print_error "please specify an environment" return 2 fi if [ ! -f "gpg/get-vault-pass-$1" ]; then print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" return 1 fi for e in $(vault_environment__get); do if [ "$1" = "$e" ]; then print_info "environment '$1' is already active" return 0 # environment is already activated fi done err_out=$(("gpg/get-vault-pass-$1" > /dev/null) 2>&1) if [ -n "$err_out" ]; then print_error "failed to activate environment: '$1' .. reading passphrase from 'gpg/get-vault-pass-$1' returned an error" return 1 fi if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" else export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" fi print_success "environment '$1' is now active" return 0 } vault_environment__deactivate() { local new_list if [ -z "$1" ]; then print_error "please specify an environment" return 2 fi new_list="" for e in $(vault_environment__get); do if [ "$1" != "$e" ]; then if [ -z "$new_list" ]; then new_list="$e@gpg/get-vault-pass-$e" else new_list="$new_list,$e@gpg/get-vault-pass-$e" fi fi done if [ -z "$new_list" ]; then unset ANSIBLE_VAULT_IDENTITY_LIST else export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" fi print_success "environment '$1' is now deactivated" return 0 }