Add vault view command (#707)

Signed-off-by: Christian Berendt <berendt@osism.tech>
osism · Nov 29, 2023 · f210602 · f210602
1 parent 5a31752
commit f210602
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/osism/commands/vault.py b/osism/commands/vault.py
@@ -4,6 +4,7 @@
 #       It's not ready in that form yet.
 
 import os
+import subprocess
 
 from cliff.command import Command
 from cryptography.fernet import Fernet
@@ -43,3 +44,18 @@ def get_parser(self, prog_name):
 
     def take_action(self, parsed_args):
         redis.delete("ansible_vault_password")
+
+
+class View(Command):
+    def get_parser(self, prog_name):
+        parser = super(View, self).get_parser(prog_name)
+        parser.add_argument(
+            "path", nargs="?", type=str, help="Path to the secret.yml file"
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        path = parsed_args.path
+        if not os.path.isabs(path):
+            path = os.path.join("/opt/configuration", path)
+        subprocess.call(f"/usr/local/bin/ansible-vault view {path}", shell=True)
diff --git a/releasenotes/notes/vault-view-command-09887cfd02679002.yaml b/releasenotes/notes/vault-view-command-09887cfd02679002.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    With `vault view` it is possible to view an encrypted file
+    inside the configuration repository. It is possible to use
+    absolute (`/opt/configuration/environments/..`) and relative
+    (`environments/..`) paths.
diff --git a/setup.cfg b/setup.cfg
@@ -93,5 +93,6 @@ osism.commands:
     validate = osism.commands.validate:Run
     vault password set = osism.commands.vault:SetPassword
     vault password unset = osism.commands.vault:UnsetPassword
+    vault view = osism.commands.vault:View
     wait = osism.commands.wait:Run
     worker = osism.commands.worker:Run