1#!/usr/local/bin/python3.8 2# -*- coding: utf-8 -*- 3 4from __future__ import (absolute_import, division, print_function) 5__metaclass__ = type 6 7ANSIBLE_METADATA = {'status': ['preview'], 8 'supported_by': 'community', 9 'version': '1.0'} 10 11import argparse 12import sys 13 14# TODO: could read these from the files I suppose... 15secrets = {'vault-password': 'test-vault-password', 16 'vault-password-wrong': 'hunter42', 17 'vault-password-ansible': 'ansible', 18 'password': 'password', 19 'vault-client-password-1': 'password-1', 20 'vault-client-password-2': 'password-2'} 21 22 23def build_arg_parser(): 24 parser = argparse.ArgumentParser(description='Get a vault password from user keyring') 25 26 parser.add_argument('--vault-id', action='store', default=None, 27 dest='vault_id', 28 help='name of the vault secret to get from keyring') 29 parser.add_argument('--username', action='store', default=None, 30 help='the username whose keyring is queried') 31 parser.add_argument('--set', action='store_true', default=False, 32 dest='set_password', 33 help='set the password instead of getting it') 34 return parser 35 36 37def get_secret(keyname): 38 return secrets.get(keyname, None) 39 40 41def main(): 42 rc = 0 43 44 arg_parser = build_arg_parser() 45 args = arg_parser.parse_args() 46 # print('args: %s' % args) 47 48 keyname = args.vault_id or 'ansible' 49 50 if args.set_password: 51 print('--set is not supported yet') 52 sys.exit(1) 53 54 secret = get_secret(keyname) 55 if secret is None: 56 sys.stderr.write('test-vault-client could not find key for vault-id="%s"\n' % keyname) 57 # key not found rc=2 58 return 2 59 60 sys.stdout.write('%s\n' % secret) 61 62 return rc 63 64 65if __name__ == '__main__': 66 sys.exit(main()) 67