Add check for encryption

This commit is contained in:
IamTheFij 2017-12-22 11:39:44 -05:00
parent 9305b1e9a5
commit 5903e6b85a
5 changed files with 36 additions and 1 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
tags

6
.pre-commit-hooks.yaml Normal file
View File

@ -0,0 +1,6 @@
- id: encryption-check
name: Ansible Vault Encryption Check
description: Checks that vault files are encrypted
entry: encryption-check.sh
files: ((^|/)vault|vault.y[a]{0,1}ml$|.vault$)
language: script

View File

@ -1,3 +1,8 @@
# ansible-pre-commit # ansible-pre-commit
Pre-commit hooks for working with Ansible A set of [pre-commit](http://pre-commit.com) hooks that help with Ansible
## Hooks
### encryption-check
Verifies that vault files are encrypted. Defaults to checking files starting with `vault`, ending with `.vault.yml` or ending in `.vault`

17
encryption-check.sh Executable file
View File

@ -0,0 +1,17 @@
#! /bin/bash
# Verifies that files passed in are encrypted
set -e
has_error=0
for file in $@ ; do
head -1 "$file" | grep --quiet '^\$ANSIBLE_VAULT;' || {
echo "ERROR: $file is not encrypted"
has_error=1
}
done
if [ $has_error ] ; then
echo "To ignore, use --no-verify"
fi
exit $has_error

6
hooks.yaml Normal file
View File

@ -0,0 +1,6 @@
- id: encryption-check
name: Ansible Vault Encryption Check
description: Checks that vault files are encrypted
entry: encryption-check.sh
files: ((^|/)vault|vault.y[a]{0,1}ml$|.vault$)
language: script