ansible-infra/scripts/gopass-client.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import argparse
import configparser
import logging
import os
import subprocess
import sys

ANSIBLE_ENV_DIR = os.getenv("ANSIBLE_CONFIG")
ANSIBLE_DIR = "/etc/ansible"
CURRENT_DIR = os.getcwd()
HOME_DIR = os.getenv("HOME")

ANSIBLE_CONFIG_SECTION = "gopass"
ANSIBLE_CONFIG_KEY = "key_path"

class ShutdownHandler(logging.Handler):
    def emit(self, record):
        logging.shutdown()
        sys.exit(1)

def find_ansible_config_value(section, key):
    config = configparser.ConfigParser()

    ansible_config_dirs = [CURRENT_DIR, HOME_DIR, ANSIBLE_DIR]
    if ANSIBLE_ENV_DIR:
        ansible_config_dirs.insert(0, ANSIBLE_ENV_DIR)

    for ansible_config_dir in ansible_config_dirs:
        ansible_config_path = os.path.join(ansible_config_dir, "ansible.cfg")
        config.read(ansible_config_path)

        try:
            return config[section][key]
        except KeyError:
            logging.debug(f"Cannot find '{key}' key in '{ansible_config_path}' config file")
    
    ansible_config_paths = ':'.join(ansible_config_dirs)
    raise RuntimeError(f"Cannot find key '{ANSIBLE_CONFIG_KEY}' in {ansible_config_paths}")

def build_arg_parser():
    parser = argparse.ArgumentParser(description='Get a vault password from user keyring')

    parser.add_argument('--vault-id', action='store', default='',
                        dest='vault_id',
                        help='Name of the vault secret to get from keyring')
    return parser

def main():
    logger = logging.getLogger()
    logger.setLevel(logging.NOTSET)

    formatter = logging.Formatter("%(levelname)s: %(message)s")
    
    stdout_handler = logging.StreamHandler(sys.stdout)
    stdout_handler.setLevel(logging.INFO)
    stdout_handler.addFilter(lambda record: record.levelno <= logging.INFO)
    stdout_handler.setFormatter(formatter)
    logger.addHandler(stdout_handler)

    stderr_handler = logging.StreamHandler(sys.stderr)
    stderr_handler.setLevel(logging.WARNING)
    stderr_handler.setFormatter(formatter)
    logger.addHandler(stderr_handler)

    logger.addHandler(ShutdownHandler(level=logging.ERROR))
    
    try:
        ansible_config_value = find_ansible_config_value(ANSIBLE_CONFIG_SECTION, ANSIBLE_CONFIG_KEY)
    except RuntimeError as e:
        logging.error(e)

    arg_parser = build_arg_parser()
    args = arg_parser.parse_args()

    ansible_vault_id = args.vault_id
    gopass_key_path = os.path.join(ansible_config_value, ansible_vault_id)

    gopass_keys_cmd = subprocess.run(["gopass", "ls", "--flat"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    if gopass_keys_cmd.returncode != 0:
        logging.error(gopass_keys_cmd.stderr.decode())
    gopass_keys = map(bytes.decode, gopass_keys_cmd.stdout.splitlines())
    
    try:
        gopass_keyname = next(key for key in gopass_keys if key.endswith(gopass_key_path))
    except StopIteration:
        logging.error(f"Cannot find '{gopass_key_path}' entry in gopass")

    ansible_vault_pass_cmd = subprocess.run(["gopass", "show", "-o", gopass_keyname], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    if ansible_vault_pass_cmd.returncode != 0:
      logging.error(ansible_vault_pass_cmd.stderr.decode())
    print(ansible_vault_pass_cmd.stdout.decode())

if __name__ == '__main__':
    main()
extract mumble and acme roles into separate repos 2020-05-21 22:31:03 +02:00			`#!/usr/bin/env python3`
			`# -- coding: utf-8 --`

			`import argparse`
			`import configparser`
			`import logging`
			`import os`
			`import subprocess`
			`import sys`

			`ANSIBLE_ENV_DIR = os.getenv("ANSIBLE_CONFIG")`
			`ANSIBLE_DIR = "/etc/ansible"`
			`CURRENT_DIR = os.getcwd()`
			`HOME_DIR = os.getenv("HOME")`

			`ANSIBLE_CONFIG_SECTION = "gopass"`
			`ANSIBLE_CONFIG_KEY = "key_path"`

			`class ShutdownHandler(logging.Handler):`
			`def emit(self, record):`
			`logging.shutdown()`
			`sys.exit(1)`

			`def find_ansible_config_value(section, key):`
			`config = configparser.ConfigParser()`

			`ansible_config_dirs = [CURRENT_DIR, HOME_DIR, ANSIBLE_DIR]`
			`if ANSIBLE_ENV_DIR:`
			`ansible_config_dirs.insert(0, ANSIBLE_ENV_DIR)`

			`for ansible_config_dir in ansible_config_dirs:`
			`ansible_config_path = os.path.join(ansible_config_dir, "ansible.cfg")`
			`config.read(ansible_config_path)`

			`try:`
			`return config[section][key]`
			`except KeyError:`
			`logging.debug(f"Cannot find '{key}' key in '{ansible_config_path}' config file")`

			`ansible_config_paths = ':'.join(ansible_config_dirs)`
			`raise RuntimeError(f"Cannot find key '{ANSIBLE_CONFIG_KEY}' in {ansible_config_paths}")`

			`def build_arg_parser():`
			`parser = argparse.ArgumentParser(description='Get a vault password from user keyring')`

			`parser.add_argument('--vault-id', action='store', default='',`
			`dest='vault_id',`
			`help='Name of the vault secret to get from keyring')`
			`return parser`

			`def main():`
			`logger = logging.getLogger()`
			`logger.setLevel(logging.NOTSET)`

			`formatter = logging.Formatter("%(levelname)s: %(message)s")`

			`stdout_handler = logging.StreamHandler(sys.stdout)`
			`stdout_handler.setLevel(logging.INFO)`
			`stdout_handler.addFilter(lambda record: record.levelno <= logging.INFO)`
			`stdout_handler.setFormatter(formatter)`
			`logger.addHandler(stdout_handler)`

			`stderr_handler = logging.StreamHandler(sys.stderr)`
			`stderr_handler.setLevel(logging.WARNING)`
			`stderr_handler.setFormatter(formatter)`
			`logger.addHandler(stderr_handler)`

			`logger.addHandler(ShutdownHandler(level=logging.ERROR))`

			`try:`
			`ansible_config_value = find_ansible_config_value(ANSIBLE_CONFIG_SECTION, ANSIBLE_CONFIG_KEY)`
			`except RuntimeError as e:`
			`logging.error(e)`

			`arg_parser = build_arg_parser()`
			`args = arg_parser.parse_args()`

			`ansible_vault_id = args.vault_id`
			`gopass_key_path = os.path.join(ansible_config_value, ansible_vault_id)`

			`gopass_keys_cmd = subprocess.run(["gopass", "ls", "--flat"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)`
			`if gopass_keys_cmd.returncode != 0:`
			`logging.error(gopass_keys_cmd.stderr.decode())`
			`gopass_keys = map(bytes.decode, gopass_keys_cmd.stdout.splitlines())`

			`try:`
			`gopass_keyname = next(key for key in gopass_keys if key.endswith(gopass_key_path))`
			`except StopIteration:`
			`logging.error(f"Cannot find '{gopass_key_path}' entry in gopass")`

			`ansible_vault_pass_cmd = subprocess.run(["gopass", "show", "-o", gopass_keyname], stdout=subprocess.PIPE, stderr=subprocess.PIPE)`
			`if ansible_vault_pass_cmd.returncode != 0:`
			`logging.error(ansible_vault_pass_cmd.stderr.decode())`
			`print(ansible_vault_pass_cmd.stdout.decode())`

			`if __name__ == '__main__':`
			`main()`