From b1e0bc70beef9c2815e597d21b35b6312bfc5ae7 Mon Sep 17 00:00:00 2001 From: Jay Rogers Date: Wed, 18 Dec 2024 10:13:48 -0600 Subject: [PATCH] Refactor Ansible vault argument handling to support local and Docker runs. The `set_ansible_vault_args` function now accepts a `run_type` parameter, allowing for different vault password file paths based on the execution context. This improves flexibility and clarity in vault management. --- lib/actions/vault.sh | 6 +++--- lib/functions.sh | 7 ++++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/actions/vault.sh b/lib/actions/vault.sh index 7cae2dfd..27c5e81c 100644 --- a/lib/actions/vault.sh +++ b/lib/actions/vault.sh @@ -6,9 +6,6 @@ action_vault(){ "${vault_run_command[@]}" --help | sed 's/ansible-vault/spin vault/g' } - # Read the vault arguments into an array - read -r -a vault_args < <(set_ansible_vault_args) - # Check if ansible-vault is installed locally if [[ $(command -v ansible-vault) ]]; then vault_run_command=("ansible-vault") @@ -18,6 +15,9 @@ action_vault(){ run_type="docker" fi + # Read the vault arguments into an array + read -r -a vault_args < <(set_ansible_vault_args "$run_type") + # Check if any argument is '--help' for arg in "$@"; do if [[ "$arg" == "--help" ]]; then diff --git a/lib/functions.sh b/lib/functions.sh index 8674329e..b43b275f 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -1330,6 +1330,7 @@ send_to_upgrade_script () { set_ansible_vault_args() { local vault_args=() local variable_file=".spin.yml" + local run_type="${1:-docker}" if [[ -f .vault-password ]]; then # Validate the vault password file using Docker @@ -1351,7 +1352,11 @@ set_ansible_vault_args() { fi fi - vault_args+=("--vault-password-file" "/ansible/.vault-password") + if [[ "$run_type" == "local" ]]; then + vault_args+=("--vault-password-file" ".vault-password") + else + vault_args+=("--vault-password-file" "/ansible/.vault-password") + fi elif is_encrypted_with_ansible_vault "$variable_file" || is_encrypted_with_ansible_vault ".spin-inventory.ini"; then echo "${BOLD}${YELLOW}🔐 '.vault-password' file not found. You will be prompted to enter your vault password.${RESET}" >&2 vault_args+=("--ask-vault-pass")