ansible-vars 1.0.0__py3-none-any.whl

ansible_vars/vault_crypt.py

@@ -0,0 +1,181 @@
+# Vault secret loading and management for ansible-vars
+
+# Standard library imports
+import re
+from typing import Type
+
+# External library imports
+import ansible.constants as Ansible
+from ansible.parsing.vault import VaultLib, VaultSecret, AnsibleVaultError
+from ansible.cli import DataLoader, CLI
+
+# Internal module imports
+from .errors import NoMatchingVaultKeyError, NoVaultKeysError, VaultKeyMatchError
+
+class VaultKey():
+    '''
+    Represents a single Ansible vault secret and allows to en- and decrypt vault data with it.
+    Can be initialized directly from an Ansible secrets tuple `(vault_id | None, VaultSecret)` through `VaultKey.from_ansible_secret`.
+    '''
+
+    def __init__(self, secret: str | VaultSecret, vault_id: str | None = None) -> None:
+        '''
+        Create a new VaultKey from an Ansible VaultSecret or directly from a passphrase.
+        Takes an optional vault ID which should be identical to the vault ID used to encrypt any data you wish to decrypt.
+        If no ID is supplied, Ansible's default vault identity value is used, which should match all vault IDs.
+        Note that IDs are not necessarily unique. For example, the default identity may be used for multiple `VaultKey`s.
+        '''
+        # Use default vault ID if none is supplied
+        self.id: str = Ansible.DEFAULT_VAULT_IDENTITY if vault_id is None else vault_id  # type: ignore
+        # Convert passphrase to VaultSecret if necessary
+        self.secret: VaultSecret = VaultSecret(secret.encode('utf-8')) if type(secret) is str else secret # type: ignore
+        # Pass secret to VaultLib (we need an individual instance because `VaultLib.decrypt` doesn't take an explicit secret)
+        self._vaultlib: VaultLib = VaultLib([ self.to_ansible_secret() ])
+
+    @classmethod
+    def from_ansible_secret(VaultKey: Type['VaultKey'], secret: tuple[str | None, VaultSecret]) -> 'VaultKey':
+        '''Converts an Ansible secrets tuple `(vault_id | None, VaultSecret)` to a `VaultKey` instance.'''
+        return VaultKey(secret[1], vault_id=secret[0])
+
+    def to_ansible_secret(self) -> tuple[str, VaultSecret]:
+        '''Converts this `VaultKey` into an Ansible secrets tuple `(vault_id | None, VaultSecret)`.'''
+        return ( self.id, self.secret )
+
+    @property
+    def passphrase(self) -> str | None:
+        '''Returns the passphrase associated with the key's secret, or None if it cannot be decoded.'''
+        return self.secret.bytes.decode('utf-8') if type(self.secret.bytes) is bytes else None
+
+    @staticmethod
+    def is_encrypted(test_me: str) -> bool:
+        '''
+        Tests if a string is an encrypted Ansible vault string.
+        Expects a string with optional YAML tag preamble (`!vault | $ANSIBLE_VAULT;<options>\\n<cipher>`).
+        '''
+        return VaultLib.is_encrypted(VaultKey._strip_vault_tag(test_me))
+
+    def encrypt(self, plain: str) -> str:
+        '''Encrypts a string using this `VaultKey`'s secret.'''
+        # Pass our secret directly to the encrypt call to skip expensive secret matching
+        # Beware: the encrypt function takes a `secret`, but means just the VaultSecret and not a tuple of (vault_id, VaultSecret)
+        # In other calls, `secret` or `secrets` may refer to the tuple(s)
+        return self._vaultlib.encrypt(plain, secret=self.secret, vault_id=self.id).decode('utf-8').strip()
+
+    def decrypt(self, vault_cipher: str) -> str:
+        '''
+        Tries to decrypt a string using this `VaultKey`'s secret.
+        Expects a cipher with optional YAML tag preamble (`!vault | $ANSIBLE_VAULT;<options>\\n<cipher>`).
+        If the secret does not match the cipher, a `VaultKeyMatchError` will be raised.
+        '''
+        vault_cipher = VaultKey._strip_vault_tag(vault_cipher)
+        try:
+            decrypted: bytes = self._vaultlib.decrypt(vault_cipher)
+            return decrypted.decode('utf-8').strip()
+        except AnsibleVaultError as e:
+            if e.message.startswith('Decryption failed (no vault secrets were found that could decrypt)'):
+                raise VaultKeyMatchError(f"Could not match cipher with { self }")
+            raise e
+
+    @staticmethod
+    def _strip_vault_tag(vault_cipher: str) -> str:
+        '''Strips extra whitespace and any YAML vault tag preamble from the cipher.'''
+        EXTRACTION_PATTERN: str = r'^(?:\s*!vault\s*[\|>]?\-?\s*)?(.*)$'
+        match_result: re.Match[str] | None = re.search(EXTRACTION_PATTERN, vault_cipher.strip(), re.DOTALL)
+        return vault_cipher.strip() if match_result is None else match_result.group(1).strip()
+
+    def __repr__(self) -> str:
+        return f"VaultKey({ self.id })"
+
+class VaultKeyring():
+    '''
+    A collection of Ansible vault secrets to be used for en- and decrypting vault data.
+    Tries to infer available secrets from the caller's present working directory, if it is an Ansible home.
+    '''
+
+    def __init__(
+            self,
+            keys: list[VaultKey] | None = None,
+            default_encryption_key: VaultKey | None = None,
+            detect_available_keys: bool = True
+        ) -> None:
+        '''
+        Create a new keyring of `VaultKey`s and optionally populate it with the given `keys`.
+        Tries to infer available Ansible vault secrets from the caller's present working directory, if it is an Ansible home.
+        This is done using the Ansible CLI module. You can disable key inferral by setting `detect_available_keys` to False.
+        When decrypting vault data, inferred keys are tried after the explicitly supplied ones.
+        Note that the inferral process may cause TTY prompts or other unwanted in- and output.
+        
+        When encrypting data, you can specify an explicit `VaultKey` to use. If none is specified, `default_encryption_key` is used.
+        If no explicit or default keys are available, the first key of the `keys` parameter is used.
+        '''
+        self.keys: list[VaultKey] = keys or []
+        self.default_encryption_key: VaultKey | None = default_encryption_key
+        if detect_available_keys:
+            self.keys.extend(VaultKeyring.load_cli_secrets())
+    
+    @property
+    def encryption_key(self) -> VaultKey:
+        '''
+        Get the key used for encryption or raise a `NoVaultKeysError` if none are available.
+        If no `default_encryption_key` is set for this instance, the first key of the `keys` array is used.
+        Note that you can override this behavior by passing an explicit key to the `encrypt` method.
+        '''
+        if not (self.default_encryption_key or self.keys):
+            raise NoVaultKeysError('No vault keys available for encryption')
+        return self.default_encryption_key or self.keys[0]
+
+    def encrypt(self, plain: str, key: VaultKey | None = None) -> str:
+        '''
+        Encrypts the given vault data using the supplied `VaultKey`.
+        If no key is supplied, the `VaultKeyring`'s `default_encryption_key` is used.
+        If that key is also unset, the first key of the `VaultKeyring`'s `keys` is used.
+        '''
+        # If no key is provided, use the default encryption key or first key in `keys`
+        if not key:
+            key = self.encryption_key
+        return key.encrypt(plain)
+
+    def decrypt(self, vault_cipher: str, key: VaultKey | None = None) -> str:
+        '''
+        Tries to decrypt the given vault data using the supplied `VaultKey`.
+        If no key is supplied, all of the `VaultKeyring`'s `keys` are tried in order (by default, inferred keys are last).
+        If no key matches the cipher, a `NoMatchingVaultKeyError` will be raised.
+
+        Expects a cipher with optional YAML tag preamble (`!vault | $ANSIBLE_VAULT;<options>\\n<cipher>`).
+        '''
+        if not key and not self.keys:
+            raise NoVaultKeysError('No vault keys available for decryption')
+        if key:
+            return key.decrypt(vault_cipher)
+        # Search for matching key
+        for key in self.keys:
+            try: return key.decrypt(vault_cipher)
+            except VaultKeyMatchError: pass
+        # No keys matched
+        raise NoMatchingVaultKeyError(f"Found no matching vault key to decrypt cipher in { self }")
+
+    def key_by_id(self, id: str) -> VaultKey:
+        '''
+        Gets a loaded key by its ID or raises `NoMatchingVaultKeyError` if no key matches the ID.
+        If multiple keys share the ID, the first in `keys` is returned.
+        '''
+        for key in self.keys:
+            if key.id == id:
+                return key
+        raise NoMatchingVaultKeyError(f"No matching key found for ID '{ id }' in { self }")
+
+    @staticmethod
+    def load_cli_secrets() -> list[VaultKey]:
+        '''
+        Tries to infer available Ansible vault secrets from the caller's present working directory, if it is an Ansible home.
+        Inferred secrets are converted into `VaultKey`s and returned.
+        Note that the inferral process may cause TTY prompts or other unwanted in- and output.
+        '''
+        # Ansible.DEFAULT_VAULT_IDENTITY_LIST is a list populated with vault IDs inferred from the PWD
+        # (i.e. has to be run in ANSIBLE_HOME, else the value is [])
+        secrets: list[tuple[str | None, VaultSecret]] = \
+            CLI.setup_vault_secrets(DataLoader(), Ansible.DEFAULT_VAULT_IDENTITY_LIST, auto_prompt=False) # type: ignore
+        return list(map(VaultKey.from_ansible_secret, secrets))
+
+    def __repr__(self) -> str:
+        return f"VaultKeyring({ ', '.join(map(lambda key: key.id, self.keys)) or 'no keys' })"

ansible_vars-1.0.0.dist-info/METADATA

@@ -0,0 +1,254 @@
+Metadata-Version: 2.4
+Name: ansible-vars
+Version: 1.0.0
+Summary: Manage vaults and variable files for Ansible
+Project-URL: Homepage, https://github.com/xorwow/ansible-vars
+Project-URL: Issues, https://github.com/xorwow/ansible-vars/issues
+Author-email: xorwow <pip@xorwow.de>
+License-File: LICENSE
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Requires-Python: >=3.9
+Requires-Dist: ansible
+Requires-Dist: argcomplete
+Requires-Dist: pygments
+Requires-Dist: pyyaml
+Requires-Dist: ruamel-yaml
+Requires-Dist: ruamel-yaml-jinja2
+Requires-Dist: termcolor
+Requires-Dist: watchdog
+Description-Content-Type: text/markdown
+
+# ansible-vars
+
+*Manage vaults and variable files for Ansible.*
+
+## Introduction
+
+This project was motivated by a need to have Ansible vaults readable to humans and external programs like `grep` without a manual decryption step, while keeping secret values in these vaults secure from prying eyes. Ansible actually supports keeping vaults plain-text and only encrypting individual string variables, but this feature is not widely known or used and editing such files is not supported by the `ansible-vault` tool.
+
+`ansible-vars` allows you to do the same things `ansible-vault` does (and more!), but not just for fully encrypted vaults, but also plain variable files and vaults with hybrid encryption (encrypted variables and/or full encryption). This is significantly more complex, as `ansible-vault` can be agnostic to the contents of the file it en-/decrypts, while hybrid encryption requires full round-trip parsing of a vault's Jinja2 YAML code.
+
+The main features are:
+- Create and edit vaults and variable files with hybrid encryption support.
+- Continuously sync a decrypted copy of your vault file(s) to a specified directory.
+- Programatically change a vault's variables from Python or from your shell (experimental).
+- Compare different versions of a vault and optionally log changes.
+
+Many convenience features have been implemented, such as:
+- Convert any of your old fully encrypted vaults to a hybrid vault with just one command.
+- Automatically load vault secrets from the Ansible configuration.
+- Smart search paths for vault files and directories.
+- Full bash/zsh completion.
+
+The extensive help function (`ansible-vars [command] -h`) will explain each feature in detail.
+
+## Installation
+
+You need to have a current version of Python installed. The CLI and library have been tested in Python 3.12, but will likely work with earlier versions as well.
+
+### Using a [virtual environment](https://docs.python.org/3/library/venv.html)
+
+```sh
+# Create and activate virtual environment
+python -m venv venv
+source venv/bin/activate
+# Install pip package
+pip install ansible-vars
+```
+
+Note that the virtual environment must be active when using the command.
+
+### Using [pipx](https://github.com/pypa/pipx)
+
+```sh
+# Install pipx
+pip install pipx
+# Install pip package globally using pipx
+pipx install ansible-vars
+```
+
+### Shell completion
+
+For `bash` and `zsh` users, shell completion for `ansible-vars` can be activated by adding this command to your shell RC file:
+
+```sh
+# Add to .bashrc/.zshrc in your user's home
+# If you installed ansible-vars to a venv, the venv must be active when this command runs
+eval "$(register-python-argcomplete ansible-vars)"
+```
+
+Alternatively, you can install the `argcomplete` completion system [globally](https://github.com/kislyuk/argcomplete#global-completion).
+
+## Usage
+
+The functions of `ansible-vars` are accessed by specifying a command as the first argument. You can quickly get relevant information by using the help function (`ansible-vars [command] -h`), optionally specifying the command you want more details about.
+
+### Variable encryption
+
+When editing a vault or variable file using `ansible-vars`, you can prefix any string value using the `!enc` tag to have it encrypted automatically:
+
+```yaml
+my_message: !enc this is a super secret message
+```
+
+Encrypted variables will be displayed using this tag when editing, making it easy to view, modify, or decrypt their value.
+
+### Vault secrets
+
+**TL;DR:** Run `ansible-vars` from your Ansible home to auto-detect configured secrets. Add a custom secret using `-k <identifier> <passphrase>`.
+
+To use any functions of `ansible-vars` that require encrypting or decrypting data, you need to provide one or multiple vault secret(s). If you're in an Ansible home directory when running the command, it tries to auto-detect configured vault secrets by calling the Ansible CLI API. You can also specify your own secrets as pairs of identifier and passphrase using `--add-key|-k <identifier> <passphrase>`. The identifier can be anything you want, although it should ideally be unique. Consider using an environment variable or in-line command to retrieve the passphrase from a secure location.
+
+By default, the first loaded key is used for all encryption tasks. Note that auto-detected keys are inserted into the application's keyring *after* your explicitly added ones, so the first key you add will usually be the encryption key. If you want to make sure a certain key is used, reference its identifier using `--encryption-key|-K <identifier>`.
+
+You can disable automatic key detection by flagging `--no-encrypt-keys|-D`. Use `ansible-vars keyring` to view all available keys.
+
+### Diff logging
+
+**TL;DR:** You can use `-l <log directory>` to log changes to edited vaults to a vault-encrypted log file.
+
+You can automatically log any changes performed to a vault by the commands `create`, `edit`, `convert`, `set`, and `del` using the `--log|-l <log path>` or `--log-plain|-L <log path>` flags. The changes will be saved as a YAML-compatible diff with some additional metadata. When using `--log`, the entire log file is encrypted as a vault using your encryption key. This is important as the diffs contain the plain values of encrypted variables. When using `--log-plain` to skip encryption, make sure you're only editing fully plaintext variable files to avoid leaking secrets.
+
+As you cannot mix different encryption keys and/or plain logging in the same log file, consider either using a dedicated logging key (`--logging-key <identifier>`) or specifying a directory as the log path (in which case `ansible-vars` automatically chooses a filename based on the used encryption key's identifier) if you frequently switch between keys.
+
+### Examples
+
+```sh
+# Create the variable file `./host_vars/my_host/main.yml` without full encryption and open it for editing
+ansible-vars create --make-parents --plain host_vars/my_host/main.yml
+# Short version (see `Tips` section to learn about vault search paths)
+ansible-vars create -mp h:my_host
+
+# Decrypt the vault file `./config/logging.yml` in-place
+ansible-vars decrypt file config/logging.yml
+
+# Recursively search vaults and variable files in `./host_vars` for left-over TODOs
+ansible-vars grep '# TODO' h:
+
+# Print a tree structure showing the differences between two versions of the vault `./vars/passwords.yml`
+ansible-vars changes v:passwords.yml.old v:passwords.yml
+
+# Create decrypted mirrors of the directories `./host_vars`, `./group_vars`, and `./vars` in `/tmp/decrypted`
+ansible-vars file-daemon /tmp/decrypted
+
+# Get the decrypted value of `<vault root>['my_key'][4]['133']` in `./group_vars/database_hosts/main.yml` as JSON
+ansible-vars get --json g:database_hosts 'my_key' '[4]' '133'
+```
+
+### Tips
+
+- When a command supports a `--json` flag, the command's help (`ansible-vars <command> -h`) will define the returned structure.
+- The directories `host_vars`, `group_vars`, and `vars` are common vault locations. When in their parent directory, you can use the prefixes `h:`, `g:`, and `v:` in any vault path you specify, followed by a path relative to them. Wherever a directory is not expected as a path, supplying a directory path will also append a `main.yml` to the path automatically. In summary, this lets you type `h:my_host` when you actually mean `./host_vars/my_host/main.yml`. Shell completion for these prefixed paths is provided.
+    - These three directories are also default sources for the `file-daemon` command.
+- When referencing vault traversal keys, you can specify numbers to access lists and number-indexed dictionaries. However, just specifying `2` as a key segment will resolve into the string `'2'`. Instead, you should write `[2]` to mark it as a number index. If you need to specify the string `'[2]'` for some reason, you can escape it by adding another set of brackets (and so on).
+
+### Commands
+
+A brief overview of the available commands. You can change a lot of the default behavior described here using command flags. Use the command help to get additional information and available flags (`ansible-vars <command> -h`).
+
+#### keyring
+
+Displays the loaded vault secrets, including any auto-detected ones, along with their passphrase. Supports JSON output.
+
+#### create
+
+Creates a new vault or variable file. By default, full encryption is enabled to avoid accidentally leaking secrets. Use the `--plain|-p` flag to create a file with hybrid encryption, i.e. completely plain or with individually encrypted variables. After creating the file, it will open in edit mode (see `edit` command below).
+
+#### edit
+
+Opens a vault or variable file in the configured editor (`EDITOR` environment variable or passed using the `--edit-command|-e` flag) in decrypted form. Here, you can en-/decrypt, add, remove, and change variables. After saving the file and closing the editor, the file will be re-parsed and re-encrypted.
+
+*Note: When choosing a custom edit command, make sure the command exits after the file is saved, as `ansible-vars` will read a finished command as the cue to start re-parsing the file contents.*
+
+#### view
+
+Prints the contents of a vault or variable file to the terminal, fully decrypted without any encryption markers. Supports JSON output.
+
+#### info
+
+Shows the amounts of encrypted and decrypted variables in a vault file. Supports JSON output.
+
+#### encrypt, decrypt, is-encrypted
+
+En-/Decrypts or checks the encryption status of a file or string value. No loaded secrets are required for `is-encrypted`.
+
+#### convert
+
+Convenience function to convert between fully encrypted vaults and hybrid vaults. Useful if you wish to convert your "legacy" fully encrypted vaults to plain files with all string values individually encrypted. Works both ways.
+
+#### grep
+
+Searches one or multiple vault(s) for matches on a pattern, either in their full text or limited to keys/values. Supports recursively searching directories and JSON output. Note that non-variable/-vault files are not included in the search.
+
+#### diff
+
+Compares two vaults or variable files and prints the line diff.
+
+#### changes
+
+Compares two vaults or variable files and prints a tree structure showing differences between their variables. Supports JSON output.
+
+#### file-daemon
+
+Starts a daemon which mirrors the decrypted contents of one or multiple vault or variable file(s)/directories to a target directory. By default, this includes the directories `./host_vars`, `./group_vars`, and `./vars`. Changes to the source files are reflected in the decrypted targets. Changes to the target files are ignored.
+
+#### get
+
+Displays the (decrypted) value of a specified key in a vault or variable file. Supports dictionary and list traversal, and JSON output.
+
+#### set, del (experimental)
+
+Creates, updates, or deletes a key-value pair from a vault or variable file. When setting a value, you may provide a YAML string which will be parsed into the corresponding objects. Note that these are experimental features, as the current parser has difficulty preserving the metadata for programmatic variable changes. Comments and Jinja2 blocks between the affected key and the next key in the file may be lost.
+
+### Python library
+
+When using `ansible-vars` as a library, these are the relevant modules.
+
+#### vault module
+
+Contains the classes `Vault` and `VaultFile`. A `Vault` is initialized using the contents of a vault or variable file, while `VaultFile` wraps around a `Vault` instance and manages reading from and writing to a file directly. These are the main classes you'll likely use, as they contain the means of loading, manipulating and exporting vault and variable data. Both can also be initialized using an 'editable' (the output of `<vault>.as_editable()`, contains encryption markers and an optional explanatory comment header). A `vault_crypt.VaultKeyring` is required for en-/decryption operations.
+
+`EncryptedVar` represents an encrypted value. The stored cipher can be decrypted using a `vault_crypt.VaultKey(ring)`. Will be dumped as `!vault`-tagged values on exporting.
+
+`ProtoEncryptedVar` is used for parsing, as the `!enc` tag parses into such a proto-var and is then converted to an `EncryptedVar`, and vice-versa for exporting.
+
+#### vault_crypt module
+
+The `VaultKey` class represents a single vault secret, comprised of an identifier and an `ansible.parsing.vault.VaultSecret`. Can be initialized using a plain passphrase instead of a `VaultSecret` as well.
+
+The `VaultKeyring` combines a collection of `VaultKey`s. It supports auto-detection of any secrets available in the present working directory using the `ansible.cli` module, appending them to the `<keyring>.keys` collection. While all keys are tried in order for decryption operations, only one key can be used for encrypting data. This key is usually the first key in the `<keyring>.keys` collection, unless explicitly specified otherwise using `<keyring>.default_encryption_key` or passing a key to the `<keyring>.encrypt()` method.
+
+#### util module
+
+The `DiffLogger` with its wrapper `DiffFileLogger` generate log entries for changes to a vault and can save them to an encrypted or plain log file. A method decorator (`@<file logger>.log_changes(<vault used in wrapped method>)`) is available for your convenience.
+
+The `VaultDaemon` syncs changes from a source file or directory to a target using the `watchdog` library, decrypting any vaults encountered on the way.
+
+#### constants & errors modules
+
+Custom types and exceptions, and static values. Mostly useful for type hints.
+
+## Known issues and limitations
+
+- YAML round-trip parser
+    - Trailing comments and Jinja2 blocks may be misaligned and a trailing newline may be inserted/removed when switching between folded (`|`, `>`) and non-foldes values.
+    - The `set` and `del` commands may remove trailing comments and Jinja2 blocks.
+    - Explicit start/end markers (`---`, `...`) are not preserved.
+    - Supports lists, dictionaries, and scalar values.
+    - Does not support custom YAML tags (`!tag`).
+- Ansible
+    - Ansible only directly supports encrypted string values (although you can work around this with the `from_yaml` filter).
+    - Ansible-encrypted strings must include a newline between the envelope and the cipher.
+    - Ansible vault and variable file roots must be a dictionary.
+- `grep` command
+    - Will ignore files which cannot be parsed as an Ansible YAML file.
+- `file-daemon` command
+    - Changes to file metadata (permissions, ...) are not mirrored.
+
+## Extension plans
+
+- I'm debating creating my own Jinja2 YAML round-trip parser to alleviate the metadata preservation issues of the current parser.
+- I may add an Ansible action plugin for updating vault variables directly from an Ansible task (useful e.g. for automatically storing passwords that are set to a random value by Ansible). I am currently using a small script for this task.
+- I want to create `ansible-vars` system packages for common repositories.

ansible_vars-1.0.0.dist-info/RECORD

@@ -0,0 +1,12 @@
+ansible_vars/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+ansible_vars/cli.py,sha256=-Ig1_oidQRmPMPb3FrALWILxhSS8SOaGy9mZm-0PFEI,55338
+ansible_vars/constants.py,sha256=Nd3sIuSoOvyfUfHfnsnJBDGMW7eNzbMm1NAvEQio9hE,1624
+ansible_vars/errors.py,sha256=VnViEBMR3rIeioMj460DgdBA5S5FYiDObaDDhG2FMBs,857
+ansible_vars/util.py,sha256=BzS7n3UzaKqVZ3W78HVkJtdVCYofprqQDtU8wYH1d0Q,21325
+ansible_vars/vault.py,sha256=_dp1K5_UAFGgcg6iO4on4-L_BaJO2cHP6My3EU6enA4,45593
+ansible_vars/vault_crypt.py,sha256=JcFc6dTZ6EqhKXv_C5ofggTpBK8hWG3ZwrBrDNYcEIg,9501
+ansible_vars-1.0.0.dist-info/METADATA,sha256=kHUaYax79kV2Di2_FNy0890sV_m3UeZq7HRknaI8o58,15689
+ansible_vars-1.0.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+ansible_vars-1.0.0.dist-info/entry_points.txt,sha256=RrhkEH0MbfRzflguVrfYfthsFC5V2fkFnizUG3uHMtQ,55
+ansible_vars-1.0.0.dist-info/licenses/LICENSE,sha256=ocyJHLG5wD12qB4uam2pqWTHIJmzloiyNyTex6Q2DKo,1062
+ansible_vars-1.0.0.dist-info/RECORD,,

ansible_vars-1.0.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.27.0
+Root-Is-Purelib: true
+Tag: py3-none-any

ansible_vars-1.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+ansible-vars = ansible_vars.cli:main

ansible_vars-1.0.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 xorwow
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.