ansible-vars 1.0.13__tar.gz → 1.0.15__tar.gz

{ansible_vars-1.0.13 → ansible_vars-1.0.15}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ansible-vars
-Version: 1.0.13
+Version: 1.0.15
 Summary: Manage vaults and variable files for Ansible
 Project-URL: Homepage, https://github.com/xorwow/ansible-vars
 Project-URL: Issues, https://github.com/xorwow/ansible-vars/issues
@@ -219,7 +219,7 @@ Starts a daemon which mirrors the decrypted contents of one or multiple vault or
 
 #### get
 
-Displays the (optionally recursively decrypted) value of a specified key in a vault or variable file. Supports dictionary and list traversal, and JSON output.
+Displays the (by default recursively decrypted) value of a specified key in a vault or variable file. Supports dictionary and list traversal, and JSON output.
 
 #### set, del (experimental)
 
@@ -269,7 +269,7 @@ Contains the classes `Vault` and `VaultFile`. A `Vault` is initialized using the
 
 The `VaultKey` class represents a single vault secret, comprised of an identifier and an `ansible.parsing.vault.VaultSecret`. Can be initialized using a plain passphrase instead of a `VaultSecret` as well.
 
-The `VaultKeyring` combines a collection of `VaultKey`s. It supports auto-detection of any secrets available in the present working directory using the `ansible.cli` module, appending them to the `<keyring>.keys` collection. While all keys are tried in order for decryption operations, only one key can be used for encrypting data. This key is usually the first key in the `<keyring>.keys` collection, unless explicitly specified otherwise using `<keyring>.default_encryption_key` or passing a key to the `<keyring>.encrypt()` method.
+The `VaultKeyring` combines a collection of `VaultKey`s. It supports auto-detection of any secrets available in the present working directory (or a custom source) using the `ansible.cli` module, appending them to the `<keyring>.keys` collection. While all keys are tried in order for decryption operations, only one key can be used for encrypting data. This key is usually the first key in the `<keyring>.keys` collection, unless explicitly specified otherwise using `<keyring>.default_encryption_key` or passing a key to the `<keyring>.encrypt()` method.
 
 #### util module
 

{ansible_vars-1.0.13 → ansible_vars-1.0.15}/README.md

@@ -197,7 +197,7 @@ Starts a daemon which mirrors the decrypted contents of one or multiple vault or
 
 #### get
 
-Displays the (optionally recursively decrypted) value of a specified key in a vault or variable file. Supports dictionary and list traversal, and JSON output.
+Displays the (by default recursively decrypted) value of a specified key in a vault or variable file. Supports dictionary and list traversal, and JSON output.
 
 #### set, del (experimental)
 
@@ -247,7 +247,7 @@ Contains the classes `Vault` and `VaultFile`. A `Vault` is initialized using the
 
 The `VaultKey` class represents a single vault secret, comprised of an identifier and an `ansible.parsing.vault.VaultSecret`. Can be initialized using a plain passphrase instead of a `VaultSecret` as well.
 
-The `VaultKeyring` combines a collection of `VaultKey`s. It supports auto-detection of any secrets available in the present working directory using the `ansible.cli` module, appending them to the `<keyring>.keys` collection. While all keys are tried in order for decryption operations, only one key can be used for encrypting data. This key is usually the first key in the `<keyring>.keys` collection, unless explicitly specified otherwise using `<keyring>.default_encryption_key` or passing a key to the `<keyring>.encrypt()` method.
+The `VaultKeyring` combines a collection of `VaultKey`s. It supports auto-detection of any secrets available in the present working directory (or a custom source) using the `ansible.cli` module, appending them to the `<keyring>.keys` collection. While all keys are tried in order for decryption operations, only one key can be used for encrypting data. This key is usually the first key in the `<keyring>.keys` collection, unless explicitly specified otherwise using `<keyring>.default_encryption_key` or passing a key to the `<keyring>.encrypt()` method.
 
 #### util module
 

{ansible_vars-1.0.13 → ansible_vars-1.0.15}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "ansible-vars"
-version = "1.0.13"
+version = "1.0.15"
 authors = [
   { name="xorwow", email="pip@xorwow.de" },
 ]

{ansible_vars-1.0.13 → ansible_vars-1.0.15}/src/ansible_vars/cli.py

@@ -178,8 +178,7 @@ The sync works as long as the command is running, after which the target root di
 ''',
     'cmd_get': '''
 Looks up the value of a key in a vault and displays it if it exists.
-If the key resolves to a leaf value, the value is recursively decrypted and displayed.
-For a list or dictionary, the full YAML code is printed, but child values are not automatically decrypted.
+The value will be shown in (recursively) decrypted form.
 
 JSON mode formatting:
 - [ ... ] or { ... } for lists/dictionaries, "<value>" for strings, <value> for numbers

{ansible_vars-1.0.13 → ansible_vars-1.0.15}/src/ansible_vars/vault.py

@@ -30,7 +30,7 @@ class EncryptedVar():
 
     def __init__(self, cipher: str, name: str | None = None) -> None:
         '''Initialize an encrypted variable with an optional variable name. The name is only used for internal representation.'''
-        # Encrypted has to hold a string like '$ANSIBLE_VAULT;1.2;AES256;ramiio\n123456<...>' (the newline is important)
+        # Encrypted has to hold a string like '$ANSIBLE_VAULT;1.2;AES256;someid\n123456<...>' (the newline is important)
         self.cipher: str = cipher
         self.name: str | None = name
 
@@ -107,7 +107,7 @@ class Vault():
         Parses a vault's (potentially encrypted) contents. Automatically detects if the content is wholly encrypted.
         If no keyring is supplied, only plain vars and content are supported.
         '''
-        # If no keyring is supplied, create an empty one which will raise an Error if we try to en-/decrypt anything
+        # If no keyring is supplied, create an empty one which will raise an error if we try to en-/decrypt anything
         self.keyring: VaultKeyring = keyring or VaultKeyring(keys=None, detect_available_keys=False)
         # Full vault encryption, may also contain single encrypted variables either way
         self.full_encryption: bool

{ansible_vars-1.0.13 → ansible_vars-1.0.15}/src/ansible_vars/vault_crypt.py

@@ -3,6 +3,7 @@
 # Standard library imports
 import os, re
 from typing import Type, cast
+from contextlib import chdir
 
 # External library imports
 import ansible.constants as Ansible
@@ -202,16 +203,12 @@ class VaultKeyring():
         # Load secrets for discovered vault IDs
         if not vault_ids:
             return []
-        prev_dir: str = os.getcwd()
-        try:
-            # XXX Hacky, but loading a vault ID like 'vaultid@get-password.sh' will be resolved from CWD
-            #     Could possibly be avoided by splitting the detected vault IDs and transforming any right-hand paths
-            os.chdir(pardir)
+        # XXX Hacky, but the right-hand path from loading a vault ID like 'vaultid@get-password.sh' will be resolved from CWD
+        #     Could possibly be avoided by splitting the detected vault IDs and transforming any right-hand paths
+        with chdir(pardir):
             secrets: list[tuple[str | None, VaultSecret]] = \
-                CLI.setup_vault_secrets(DataLoader(), vault_ids, auto_prompt=False) # type: ignore
+                CLI.setup_vault_secrets(DataLoader(), vault_ids, auto_prompt=False, initialize_context=False) # type: ignore
             return list(map(VaultKey.from_ansible_secret, secrets))
-        finally:
-            os.chdir(prev_dir)
 
     def __repr__(self) -> str:
         return f"VaultKeyring({ ', '.join(map(lambda key: key.id, self.keys)) or 'no keys' })"