blob: d8e459a1d2ebe8da983038196b058ee899f9ac86 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
## this file contains several helper functions, please source it to make use of them
print_error() {
echo -e "\033[1;31mERROR:\033[1;0m $1"
}
print_success() {
echo -e "\033[1;32mSuccess:\033[1;0m $1"
}
print_info() {
echo -e "\033[1;37mInfo:\033[1;0m $1"
}
###########################
## varibales from ansible hosts
ansible_variable__get() {
local _var_name="$1"
local _hosts="$2"
local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -e vault_ansible_become_password="" -m debug -a "msg={{ $_var_name }}" | \
jq -r '.plays[].tasks[].hosts[] | select(.failed != true) | .msg' | sort | uniq)
if [ $? -ne 0 ] || [ -z "$_result" ]; then
print_error "failed to get value of variable '$_var_name' for host(s) '$_hosts'"
return 1
fi
local _num_results=$(echo "$_result" | wc -l)
if [ $_num_results -ne 1 ]; then
print_error "the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')"
return 2
fi
eval "$_var_name"='$(echo "$_result")'
return 0
}
###########################
## vault environment handling
vault_environment__get() {
echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d'
}
vault_environment__set() {
unset ANSIBLE_VAULT_IDENTITY_LIST
for e in "$@"; do
vault_environment__activate $e || return 1
done
}
vault_environment__activate() {
if [ -z "$1" ]; then
print_error "please specify an environment"
return 2
fi
if [ ! -f "gpg/get-vault-pass-$1" ]; then
print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'"
return 1
fi
for e in $(vault_environment__get); do
if [ "$1" = "$e" ]; then
print_info "environment '$1' is already active"
return 0 # environment is already activated
fi
done
err_out=$(("gpg/get-vault-pass-$1" > /dev/null) 2>&1)
if [ -n "$err_out" ]; then
print_error "failed to activate environment: '$1' .. reading passphrase from 'gpg/get-vault-pass-$1' returned an error"
return 1
fi
if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then
export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1"
else
export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1"
fi
print_success "environment '$1' is now active"
return 0
}
vault_environment__deactivate() {
local new_list
if [ -z "$1" ]; then
print_error "please specify an environment"
return 2
fi
new_list=""
for e in $(vault_environment__get); do
if [ "$1" != "$e" ]; then
if [ -z "$new_list" ]; then
new_list="$e@gpg/get-vault-pass-$e"
else
new_list="$new_list,$e@gpg/get-vault-pass-$e"
fi
fi
done
if [ -z "$new_list" ]; then
unset ANSIBLE_VAULT_IDENTITY_LIST
else
export ANSIBLE_VAULT_IDENTITY_LIST="$new_list"
fi
print_success "environment '$1' is now deactivated"
return 0
}
|
