ansible-vars 1.0.14__py3-none-any.whl → 1.0.16__py3-none-any.whl

ansible_vars/cli.py

@@ -178,8 +178,7 @@ The sync works as long as the command is running, after which the target root di
 ''',
     'cmd_get': '''
 Looks up the value of a key in a vault and displays it if it exists.
-If the key resolves to a leaf value, the value is recursively decrypted and displayed.
-For a list or dictionary, the full YAML code is printed, but child values are not automatically decrypted.
+The value will be shown in (recursively) decrypted form.
 
 JSON mode formatting:
 - [ ... ] or { ... } for lists/dictionaries, "<value>" for strings, <value> for numbers
@@ -506,9 +505,12 @@ def print_yaml(code: str) -> None:
         return std_print(code)
     std_print(highlight(code, yaml_highlight_lexer, highlight_formatter).strip('\n'))
 
-def print_diff(diff: str) -> None:
+def print_diff(diff: str | None) -> None:
     '''Print a diff with highlighting if a `color_mode` is available.'''
     _color_map: dict = { '-': Color.TREE_REMOVED, '+': Color.TREE_ADDED, '@': Color.INFO, '*': Color.TREE_UNCHANGED }
+    if not diff:
+        print('Vaults are identical.', Color.TREE_UNCHANGED)
+        return
     for line in diff.split('\n'):
         color: Color = _color_map[line[0]] if (len(line) > 0 and line[0] in [ '-', '+', '@' ]) else _color_map['*']
         print(line, color)
@@ -708,7 +710,7 @@ if config.command in [ 'create', 'edit' ]:
                 new_editable: str = edit_file.read()
                 if editable != new_editable:
                     try:
-                        new_vault: VaultFile = VaultFile.from_editable(vault, new_editable)
+                        new_vault = VaultFile.from_editable(vault, new_editable)
                     except YAMLFormatError as e:
                         print('Invalid YAML format:', Color.BAD)
                         print(e.parent if e.parent else e, Color.BAD)

ansible_vars/vault.py

@@ -30,7 +30,7 @@ class EncryptedVar():
 
     def __init__(self, cipher: str, name: str | None = None) -> None:
         '''Initialize an encrypted variable with an optional variable name. The name is only used for internal representation.'''
-        # Encrypted has to hold a string like '$ANSIBLE_VAULT;1.2;AES256;ramiio\n123456<...>' (the newline is important)
+        # Encrypted has to hold a string like '$ANSIBLE_VAULT;1.2;AES256;someid\n123456<...>' (the newline is important)
         self.cipher: str = cipher
         self.name: str | None = name
 
@@ -107,7 +107,7 @@ class Vault():
         Parses a vault's (potentially encrypted) contents. Automatically detects if the content is wholly encrypted.
         If no keyring is supplied, only plain vars and content are supported.
         '''
-        # If no keyring is supplied, create an empty one which will raise an Error if we try to en-/decrypt anything
+        # If no keyring is supplied, create an empty one which will raise an error if we try to en-/decrypt anything
         self.keyring: VaultKeyring = keyring or VaultKeyring(keys=None, detect_available_keys=False)
         # Full vault encryption, may also contain single encrypted variables either way
         self.full_encryption: bool
@@ -208,7 +208,7 @@ class Vault():
     def has(self, path: DictPath) -> bool:
         '''Checks if the given key path is present in the vault's data.'''
         try: self._traverse(path, decrypt=False)
-        except KeyError: return False
+        except ( KeyError, IndexError ): return False
         return True
 
     def get(
@@ -591,12 +591,13 @@ class Vault():
 
     # Comparing to older versions of this vault
 
-    def diff(self, prev_vault: 'Vault', context_lines: int = 3, show_filenames: bool = True) -> str:
+    def diff(self, prev_vault: 'Vault', context_lines: int = 3, show_filenames: bool = True) -> str | None:
         '''
         Generates a diff for the edit mode Jinja2 YAML vault code (from `Vault.as_editable`) of a previous vault to this one's.
         Set `context_lines` to specify how many lines of context are shown before and after the actual diff lines.
         If `show_filenames` is set to True and the vaults are `VaultFile` objects,
         the previous and current filenames will be shown in the diff header.
+        If there is no difference between the vaults, None is returned.
         '''
         # Generate filenames
         prev_filename: str = 'Previous vault'
@@ -615,7 +616,7 @@ class Vault():
                 n = context_lines,
                 lineterm = ''
             )
-        )
+        ) or None # diff function returns empty list if there are no changes, even skipping the header
     
     def changes(self, prev_vault: 'Vault') -> tuple[ChangeList, ChangeList, ChangeList, ChangeList]:
         '''

ansible_vars/vault_crypt.py

@@ -3,6 +3,7 @@
 # Standard library imports
 import os, re
 from typing import Type, cast
+from contextlib import chdir
 
 # External library imports
 import ansible.constants as Ansible
@@ -202,16 +203,17 @@ class VaultKeyring():
         # Load secrets for discovered vault IDs
         if not vault_ids:
             return []
-        prev_dir: str = os.getcwd()
-        try:
-            # XXX Hacky, but loading a vault ID like 'vaultid@get-password.sh' will be resolved from CWD
-            #     Could possibly be avoided by splitting the detected vault IDs and transforming any right-hand paths
-            os.chdir(pardir)
-            secrets: list[tuple[str | None, VaultSecret]] = \
-                CLI.setup_vault_secrets(DataLoader(), vault_ids, auto_prompt=False, initialize_context=False) # type: ignore
+        # XXX Hacky, but the right-hand path from loading a vault ID like 'vaultid@get-password.sh' will be resolved from CWD
+        #     Could possibly be avoided by splitting the detected vault IDs and transforming any right-hand paths
+        with chdir(pardir):
+            # Seems version-dependent if `initialize_context` is recognized and required
+            try:
+                secrets: list[tuple[str | None, VaultSecret]] = \
+                    CLI.setup_vault_secrets(DataLoader(), vault_ids, auto_prompt=False, initialize_context=False) # type: ignore
+            except TypeError:
+                secrets: list[tuple[str | None, VaultSecret]] = \
+                    CLI.setup_vault_secrets(DataLoader(), vault_ids, auto_prompt=False)
             return list(map(VaultKey.from_ansible_secret, secrets))
-        finally:
-            os.chdir(prev_dir)
 
     def __repr__(self) -> str:
         return f"VaultKeyring({ ', '.join(map(lambda key: key.id, self.keys)) or 'no keys' })"

{ansible_vars-1.0.14.dist-info → ansible_vars-1.0.16.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ansible-vars
-Version: 1.0.14
+Version: 1.0.16
 Summary: Manage vaults and variable files for Ansible
 Project-URL: Homepage, https://github.com/xorwow/ansible-vars
 Project-URL: Issues, https://github.com/xorwow/ansible-vars/issues
@@ -219,7 +219,7 @@ Starts a daemon which mirrors the decrypted contents of one or multiple vault or
 
 #### get
 
-Displays the (optionally recursively decrypted) value of a specified key in a vault or variable file. Supports dictionary and list traversal, and JSON output.
+Displays the (by default recursively decrypted) value of a specified key in a vault or variable file. Supports dictionary and list traversal, and JSON output.
 
 #### set, del (experimental)
 
@@ -269,7 +269,7 @@ Contains the classes `Vault` and `VaultFile`. A `Vault` is initialized using the
 
 The `VaultKey` class represents a single vault secret, comprised of an identifier and an `ansible.parsing.vault.VaultSecret`. Can be initialized using a plain passphrase instead of a `VaultSecret` as well.
 
-The `VaultKeyring` combines a collection of `VaultKey`s. It supports auto-detection of any secrets available in the present working directory using the `ansible.cli` module, appending them to the `<keyring>.keys` collection. While all keys are tried in order for decryption operations, only one key can be used for encrypting data. This key is usually the first key in the `<keyring>.keys` collection, unless explicitly specified otherwise using `<keyring>.default_encryption_key` or passing a key to the `<keyring>.encrypt()` method.
+The `VaultKeyring` combines a collection of `VaultKey`s. It supports auto-detection of any secrets available in the present working directory (or a custom source) using the `ansible.cli` module, appending them to the `<keyring>.keys` collection. While all keys are tried in order for decryption operations, only one key can be used for encrypting data. This key is usually the first key in the `<keyring>.keys` collection, unless explicitly specified otherwise using `<keyring>.default_encryption_key` or passing a key to the `<keyring>.encrypt()` method.
 
 #### util module
 

ansible_vars-1.0.16.dist-info/RECORD

@@ -0,0 +1,13 @@
+ansible_vars/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+ansible_vars/cli.py,sha256=cp891u9-kZoJireRIsTh-zy_9cTZPifLio2U7NqRoQM,66428
+ansible_vars/constants.py,sha256=VNr78qbzdJ0Vn0psbzjjQngNG3VbHhk6NXTz30VNUno,1622
+ansible_vars/errors.py,sha256=6dzyksPKWira9O2-Ir3MIOwr4XjN9MSBiRp5e6siY6Q,1256
+ansible_vars/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+ansible_vars/util.py,sha256=UwGPBT19pee7lBpWuBzLPAvcrHUBAn6i1MrJvzM9OQ4,21265
+ansible_vars/vault.py,sha256=pBZVz64qdj1vstC9rZBIJ3O9n-_AHhhbySN1Q7eMWho,47199
+ansible_vars/vault_crypt.py,sha256=ZXa6QywyWdRVhY3YkFuk-COYs50MG252uakqe3bUUog,12116
+ansible_vars-1.0.16.dist-info/METADATA,sha256=QqgRP-yb3BHIis97g15QFpQNn5kL2stPVRmz5KZmQ6A,21071
+ansible_vars-1.0.16.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+ansible_vars-1.0.16.dist-info/entry_points.txt,sha256=RrhkEH0MbfRzflguVrfYfthsFC5V2fkFnizUG3uHMtQ,55
+ansible_vars-1.0.16.dist-info/licenses/LICENSE,sha256=ocyJHLG5wD12qB4uam2pqWTHIJmzloiyNyTex6Q2DKo,1062
+ansible_vars-1.0.16.dist-info/RECORD,,

ansible_vars-1.0.14.dist-info/RECORD

@@ -1,12 +0,0 @@
-ansible_vars/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ansible_vars/cli.py,sha256=0RScnMrG__L5mXu_OmEgxB3x4lTJ1lAyowlOJvQNcrE,66476
-ansible_vars/constants.py,sha256=VNr78qbzdJ0Vn0psbzjjQngNG3VbHhk6NXTz30VNUno,1622
-ansible_vars/errors.py,sha256=6dzyksPKWira9O2-Ir3MIOwr4XjN9MSBiRp5e6siY6Q,1256
-ansible_vars/util.py,sha256=UwGPBT19pee7lBpWuBzLPAvcrHUBAn6i1MrJvzM9OQ4,21265
-ansible_vars/vault.py,sha256=aGTU_GmJLw0QGjBQiNlRE_E-rRMEVVbwdr8IV2U2duk,47011
-ansible_vars/vault_crypt.py,sha256=58CECQrjHSKubUGL38TLuYF9h8KmO2e70swRgkS-Rn0,11870
-ansible_vars-1.0.14.dist-info/METADATA,sha256=iGS5L6S7IQF8agJHlDDvL5NvAv3eFcjbBhS9XtkIogA,21050
-ansible_vars-1.0.14.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-ansible_vars-1.0.14.dist-info/entry_points.txt,sha256=RrhkEH0MbfRzflguVrfYfthsFC5V2fkFnizUG3uHMtQ,55
-ansible_vars-1.0.14.dist-info/licenses/LICENSE,sha256=ocyJHLG5wD12qB4uam2pqWTHIJmzloiyNyTex6Q2DKo,1062
-ansible_vars-1.0.14.dist-info/RECORD,,