samson4649/ansible-secrets.sh

## ansible-secrets.sh
#!/bin/bash

#############################################################################
#                                                                           #
#       _              _ _     _        ____                     _          #
#      / \   _ __  ___(_) |__ | | ___  / ___|  ___  ___ _ __ ___| |_ ___    #
#     / _ \ | '_ \/ __| | '_ \| |/ _ \ \___ \ / _ \/ __| '__/ _ \ __/ __|   #
#    / ___ \| | | \__ \ | |_) | |  __/  ___) |  __/ (__| | |  __/ |_\__ \   #
#   /_/   \_\_| |_|___/_|_.__/|_|\___| |____/ \___|\___|_|  \___|\__|___/   #
#                                                                           #
#                       Created By: Samuel Lock (github.com/samson4649)     #
#                                                                           #
#                                                                           #
# Usage:                                                                    #
#   ./ansible-secrets [ -g | -a ] [ -v ] [ <regex_1> [ <regex_2> ].. ]      #
#                                                                           #
# Description:                                                              #
#   A script to show all secrets from current directory.                    #
#                                                                           #
# Notes:                                                                    #
#   - This does not work well with multi-line variables (ie. no search )    #
#                                                                           #
#############################################################################


WORKDIR=$(pwd)
SEARCH=host_vars
REGEX=""
LOG_LVL=0
# FATAL = 0
# WARN  = 1
# DEBUG = 2

POSITIONAL=()
while [[ $# -gt 0 ]]; do
	key="$1"

	case $key in
		-g|--group)
		SEARCH=group_vars
		shift
		;;
		-a|--all)
		SEARCH="${SEARCH} group_vars"
		shift
		;;
		*)
		if [[ ${key:1} =~ ^v ]]; then
			for c in $( echo "${key:1}" | sed -E 's/(.)/\1 /g' ); do
				if [[ "${c}" -eq "v" ]]; then
					(( LOG_LVL++ ))
				fi
			done
		else
			POSITIONAL+=("$1")
			REGEX="${REGEX}|$1"
		fi
		shift
		;;
	esac
done

set -- "${POSITIONAL[@]}"

function err_exit(){
	e=$1
	shift
	echo "$@"
	exit ${e}
}

function log(){
	MSG=""
	F=${1,,}
	shift
	case ${F} in
		2|debug		) if (( ${LOG_LVL} >= 2 )); then echo "[DEBUG] $@"; fi ;;
		1|warn|warning	) if (( ${LOG_LVL} >= 1 )); then echo "[WARN] $@"; fi ;;
		0|crit|critical	) echo "[FATAL] $@"
	esac
}

log debug "log level: ${LOG_LVL}"
log debug "regex used: '${REGEX:1}'"

for dir in ${SEARCH}; do
	if [ ! -d ./${dir} ]; then
		log debug "No '${dir}' detected"
	else
		if [ "$(find ${dir}/ -mindepth 1 -maxdepth 1 -type d 2>/dev/null | wc -l)" -eq 0 ]; then
			log debug "No configuration directories found in '${dir}'"
		else
			for dir_a in $(find ${dir} -mindepth 1 -maxdepth 1 -type d); do
				for host in $(find ${dir_a} -type f -iname "*.yml"); do
					REAL_REGEX="${REGEX:1}"
					{ ansible-vault view ${host} 2>/dev/null 1>&5 || cat ${host} 2>/dev/null 1>&5 ;} 5>&1 |  egrep -v '^(#|-|$)' | egrep "${REAL_REGEX:-.*}" | sed -E "s@(.*)@${host}::\1@"
				done
			done
		fi
	fi
done
	#!/bin/bash

	#############################################################################
	# #
	# _ _ _ _ ____ _ #
	# / \ _ __ ___(_) \|__ \| \| ___ / ___\| ___ ___ _ __ ___\| \|_ ___ #
	# / _ \ \| '_ \/ __\| \| '_ \\| \|/ _ \ \___ \ / _ \/ __\| '__/ _ \ __/ __\| #
	# / ___ \\| \| \| \__ \ \| \|_) \| \| __/ ___) \| __/ (__\| \| \| __/ \|_\__ \ #
	# /_/ \_\_\| \|_\|___/_\|_.__/\|_\|\___\| \|____/ \___\|\___\|_\| \___\|\__\|___/ #
	# #
	# Created By: Samuel Lock (github.com/samson4649) #
	# #
	# #
	# Usage: #
	# ./ansible-secrets [ -g \| -a ] [ -v ] [ <regex_1> [ <regex_2> ].. ] #
	# #
	# Description: #
	# A script to show all secrets from current directory. #
	# #
	# Notes: #
	# - This does not work well with multi-line variables (ie. no search ) #
	# #
	#############################################################################


	WORKDIR=$(pwd)
	SEARCH=host_vars
	REGEX=""
	LOG_LVL=0
	# FATAL = 0
	# WARN = 1
	# DEBUG = 2

	POSITIONAL=()
	while [[ $# -gt 0 ]]; do
	key="$1"

	case $key in
	-g\|--group)
	SEARCH=group_vars
	shift
	;;
	-a\|--all)
	SEARCH="${SEARCH} group_vars"
	shift
	;;
	*)
	if [[ ${key:1} =~ ^v ]]; then
	for c in $( echo "${key:1}" \| sed -E 's/(.)/\1 /g' ); do
	if [[ "${c}" -eq "v" ]]; then
	(( LOG_LVL++ ))
	fi
	done
	else
	POSITIONAL+=("$1")
	REGEX="${REGEX}\|$1"
	fi
	shift
	;;
	esac
	done

	set -- "${POSITIONAL[@]}"

	function err_exit(){
	e=$1
	shift
	echo "$@"
	exit ${e}
	}

	function log(){
	MSG=""
	F=${1,,}
	shift
	case ${F} in
	2\|debug ) if (( ${LOG_LVL} >= 2 )); then echo "[DEBUG] $@"; fi ;;
	1\|warn\|warning ) if (( ${LOG_LVL} >= 1 )); then echo "[WARN] $@"; fi ;;
	0\|crit\|critical ) echo "[FATAL] $@"
	esac
	}

	log debug "log level: ${LOG_LVL}"
	log debug "regex used: '${REGEX:1}'"

	for dir in ${SEARCH}; do
	if [ ! -d ./${dir} ]; then
	log debug "No '${dir}' detected"
	else
	if [ "$(find ${dir}/ -mindepth 1 -maxdepth 1 -type d 2>/dev/null \| wc -l)" -eq 0 ]; then
	log debug "No configuration directories found in '${dir}'"
	else
	for dir_a in $(find ${dir} -mindepth 1 -maxdepth 1 -type d); do
	for host in $(find ${dir_a} -type f -iname "*.yml"); do
	REAL_REGEX="${REGEX:1}"
	{ ansible-vault view ${host} 2>/dev/null 1>&5 \|\| cat ${host} 2>/dev/null 1>&5 ;} 5>&1 \| egrep -v '^(#\|-\|$)' \| egrep "${REAL_REGEX:-.}" \| sed -E "s@(.)@${host}::\1@"
	done
	done
	fi
	fi
	done