Merge pull request #1 from psvmcc/init

psvmcc · web-flow · commit e20e81b04166 · 2024-03-04T22:11:37.000+02:00
init
diff --git a/.github/workflows/black.yml b/.github/workflows/black.yml
@@ -0,0 +1,13 @@
+name: Lint
+
+on: [push, pull_request]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: psf/black@stable
+        with:
+          options: "--check --verbose"
+          src: "./src"
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,17 @@
+name: Publish to PyPI.org
+on:
+  release:
+    types: [published]
+jobs:
+  pypi:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - run: python3 -m pip install --upgrade build && python3 -m build
+      - name: Publish package
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+dist
+src/ansible_vault_decrypt.egg-info
diff --git a/README.md b/README.md
@@ -1 +1,17 @@
-# ansible-vault-decrypt
+# ansible-vault-decrypt
+
+## usage
+
+```
+ansible-vault-decrypt
+
+positional arguments:
+  encrypted_file        Path to file to decrypt
+
+options:
+  -h, --help            show this help message and exit
+  -v, --version
+  -d                    debug mode output
+  --vault-password-file VAULT_PASSWORD_FILE
+                        vault password file
+```
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,5 @@
+[build-system]
+requires = ["setuptools>=45", "setuptools_scm[toml]>=6.2"]
+build-backend = "setuptools.build_meta"
+
+[tool.setuptools_scm]
diff --git a/setup.cfg b/setup.cfg
@@ -0,0 +1,27 @@
+[metadata]
+name = ansible-vault-decrypt
+description = Ansible Vault Decrypt app.
+long_description_content_type = text/markdown
+url = https://github.com/psvmcc/ansible-vault-decrypt
+project_urls =
+    Bug Tracker = https://github.com/psvmcc/ansible-vault-decrypt/issues
+    Changelog = https://github.com/psvmcc/ansible-vault-decrypt/releases
+classifiers =
+    Programming Language :: Python :: 3
+    License :: OSI Approved :: MIT License
+    Intended Audience :: Developers
+
+[options]
+package_dir =
+    = src
+packages = find:
+python_requires = >=3.6
+install_requires =
+    ansible-core
+
+[options.packages.find]
+where = src
+
+[options.entry_points]
+console_scripts =
+    ansible-vault-decrypt = ansible_vault_decrypt.app:entry_point
diff --git a/src/ansible_vault_decrypt/__init__.py b/src/ansible_vault_decrypt/__init__.py
diff --git a/src/ansible_vault_decrypt/app.py b/src/ansible_vault_decrypt/app.py
@@ -0,0 +1,88 @@
+#!/usr/bin/env python3
+
+from ansible.parsing.utils.yaml import from_yaml
+from ansible.parsing.vault import VaultSecret
+
+import argparse
+import os
+from getpass import getpass
+from importlib.metadata import version
+
+
+parser = argparse.ArgumentParser(description="ansible-vault-decrypt", add_help=False)
+parser.add_argument(
+    "-h", "--help", action="help", help="show this help message and exit"
+)
+parser.add_argument("-v", "--version", action="store_true")
+parser.add_argument(
+    "-d",
+    dest="debug",
+    help="debug mode output",
+    action=argparse.BooleanOptionalAction,
+)
+parser.add_argument(
+    "--vault-password-file",
+    dest="vault_password_file",
+    help="vault password file",
+    default=os.environ.get("ANSIBLE_VAULT_PASSWORD_FILE"),
+)
+parser.add_argument("encrypted_file", type=str, help="Path to file to decrypt")
+
+args = parser.parse_args()
+
+
+def dict_to_yaml(input_dict, indent=0):
+    result = ""
+    for key, value in input_dict.items():
+        if isinstance(value, dict):
+            result += " " * indent + f"{key}:\n"
+            result += dict_to_yaml(value, indent + 2)
+        else:
+            result += " " * indent + f"{key}: {value}\n"
+    return result
+
+
+def read_file(file_path):
+    try:
+        with open(file_path, "r") as file:
+            file = file.read()
+        return file
+    except FileNotFoundError:
+        print(f"File not found: {file_path}")
+        exit(1)
+    except Exception as e:
+        print(f"Error reading file: {e}")
+        exit(1)
+
+
+def main(vault_secret):
+    if args.debug:
+        print(":: [DEBUG] Vault password: %s" % vault_secret)
+    data = read_file(args.encrypted_file)
+    output = ""
+    try:
+        unencrypted = from_yaml(
+            data, vault_secrets=[("default", VaultSecret(vault_secret.encode("utf-8")))]
+        )
+        output = dict_to_yaml(unencrypted)
+    except Exception as e:
+        print(":: [ERROR] Decryption failure...")
+        if args.debug:
+            print(e)
+        exit(1)
+    print(output)
+
+
+if __name__ == "__main__":
+    if args.version:
+        print(version("ansible-vault-decrypt"))
+        exit(0)
+    if not args.vault_password_file:
+        vault_secret = getpass()
+    else:
+        vault_secret = read_file(args.vault_password_file).replace("\n", "")
+    try:
+        main(vault_secret)
+    except KeyboardInterrupt:
+        print("Interrupted")
+        exit(130)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+dist`
	`2`	`+src/ansible_vault_decrypt.egg-info`