diff options
Diffstat (limited to 'lib/ansible/plugins/filter/encryption.py')
| -rw-r--r-- | lib/ansible/plugins/filter/encryption.py | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/lib/ansible/plugins/filter/encryption.py b/lib/ansible/plugins/filter/encryption.py index b6f4961f..d501879a 100644 --- a/lib/ansible/plugins/filter/encryption.py +++ b/lib/ansible/plugins/filter/encryption.py @@ -8,7 +8,7 @@ from jinja2.runtime import Undefined from jinja2.exceptions import UndefinedError from ansible.errors import AnsibleFilterError, AnsibleFilterTypeError -from ansible.module_utils._text import to_native, to_bytes +from ansible.module_utils.common.text.converters import to_native, to_bytes from ansible.module_utils.six import string_types, binary_type from ansible.parsing.yaml.objects import AnsibleVaultEncryptedUnicode from ansible.parsing.vault import is_encrypted, VaultSecret, VaultLib @@ -17,7 +17,7 @@ from ansible.utils.display import Display display = Display() -def do_vault(data, secret, salt=None, vaultid='filter_default', wrap_object=False): +def do_vault(data, secret, salt=None, vault_id='filter_default', wrap_object=False, vaultid=None): if not isinstance(secret, (string_types, binary_type, Undefined)): raise AnsibleFilterTypeError("Secret passed is required to be a string, instead we got: %s" % type(secret)) @@ -25,11 +25,18 @@ def do_vault(data, secret, salt=None, vaultid='filter_default', wrap_object=Fals if not isinstance(data, (string_types, binary_type, Undefined)): raise AnsibleFilterTypeError("Can only vault strings, instead we got: %s" % type(data)) + if vaultid is not None: + display.deprecated("Use of undocumented 'vaultid', use 'vault_id' instead", version='2.20') + if vault_id == 'filter_default': + vault_id = vaultid + else: + display.warning("Ignoring vaultid as vault_id is already set.") + vault = '' vs = VaultSecret(to_bytes(secret)) vl = VaultLib() try: - vault = vl.encrypt(to_bytes(data), vs, vaultid, salt) + vault = vl.encrypt(to_bytes(data), vs, vault_id, salt) except UndefinedError: raise except Exception as e: @@ -43,7 +50,7 @@ def do_vault(data, secret, salt=None, vaultid='filter_default', wrap_object=Fals return vault -def do_unvault(vault, secret, vaultid='filter_default'): +def do_unvault(vault, secret, vault_id='filter_default', vaultid=None): if not isinstance(secret, (string_types, binary_type, Undefined)): raise AnsibleFilterTypeError("Secret passed is required to be as string, instead we got: %s" % type(secret)) @@ -51,9 +58,16 @@ def do_unvault(vault, secret, vaultid='filter_default'): if not isinstance(vault, (string_types, binary_type, AnsibleVaultEncryptedUnicode, Undefined)): raise AnsibleFilterTypeError("Vault should be in the form of a string, instead we got: %s" % type(vault)) + if vaultid is not None: + display.deprecated("Use of undocumented 'vaultid', use 'vault_id' instead", version='2.20') + if vault_id == 'filter_default': + vault_id = vaultid + else: + display.warning("Ignoring vaultid as vault_id is already set.") + data = '' vs = VaultSecret(to_bytes(secret)) - vl = VaultLib([(vaultid, vs)]) + vl = VaultLib([(vault_id, vs)]) if isinstance(vault, AnsibleVaultEncryptedUnicode): vault.vault = vl data = vault.data |