class AnsibleVaultDataSource

Public Instance Methods

global_values() click to toggle source
# File lib/tiller/data/ansible_vault.rb, line 51
def global_values
  return {} unless Tiller::config.has_key?('ansible_vault')
  @ansible_vault
end
setup() click to toggle source
# File lib/tiller/data/ansible_vault.rb, line 12
def setup

  @ansible_vault_config = Tiller::AnsibleVault.defaults

  unless Tiller::config.has_key?('ansible_vault')
    Tiller::log.info('No Ansible vault configuration block for this environment')
    return
  end

  @ansible_vault_config.deep_merge!(Tiller::config['ansible_vault'])

  # Get the password
  if ENV.has_key?(@ansible_vault_config['vault_password_env'])
    Tiller::log.debug("#{self} : Using password from environment variable #{@ansible_vault_config['vault_password_env']}")
    @password = ENV[@ansible_vault_config['vault_password_env']]
  elsif @ansible_vault_config.has_key?('vault_password')
    Tiller::log.debug('#{self} : Using password from configuration block')
    @password = @ansible_vault_config['vault_password']
  elsif @ansible_vault_config.has_key?('vault_password_file')
    Tiller::log.debug("#{self} : Using password from file #{@ansible_vault_config['vault_password_file']}")
    @password = File.read(@ansible_vault_config['vault_password_file'])
  else
    raise('No Ansible Vault password provided')
  end

  # Open and decrypt the vault
  begin
    contents = Ansible::Vault.read(path: @ansible_vault_config['vault_file'], password: @password)
    @ansible_vault = YAML.load(contents)
  rescue Psych::SyntaxError
    raise('ERROR : Decrypted Ansible Vault file is not valid YAML')
  rescue Errno::ENOENT
    raise("Could not open Ansible Vault file #{@ansible_vault_config['vault_file']}")
  end


end