pillar_update.py

#!/usr/bin/env python
import json
import os
import subprocess
import tempfile
import yaml


VAULT_BIN = "/usr/local/bin/vault"
VAULT_PATH = "secret/salt/pillar_data"
DEFAULT_EDITOR = "/usr/bin/emacs"


def main():
    if 'VAULT_ADDR' not in os.environ:
        print("you do not have $VAULT_ADDR set")
        print("remember to set that and authenticate yourself before running this")
        return

    # read existing data from vault
    v = subprocess.check_output("%s read -format=yaml %s" % (VAULT_BIN, VAULT_PATH), shell=True)
    d = yaml.load(v)['data']
    print("--- read data from vault ---")

    # save a YAML version to temp file
    with tempfile.NamedTemporaryFile(suffix='yaml') as t:
        t.write(yaml.dump(d, indent=2, default_flow_style=False))
        t.flush()
        print("--- wrote yaml temp file ---")

        # pop the user into an editor to modify
        editor = os.environ.get('EDITOR', DEFAULT_EDITOR)
        subprocess.call([editor, t.name])

        # read it back in
        t.seek(0, 0)
        text = t.read()
    try:
        updated = yaml.load(text)
        print("--- read the yaml back in and parsed it ---")
        # write it out as json (vault can only read json)
        with tempfile.NamedTemporaryFile() as json_out:
            json_out.write(json.dumps(updated))
            json_out.flush()
            print("--- wrote out a JSON version ---")

            # then put it back into vault
            subprocess.call("%s write %s @%s" % (VAULT_BIN, VAULT_PATH, json_out.name), shell=True)
    except yaml.YAMLError, exc:
        print("YAML Error:", exc)
        print("update aborted. please try again")

if __name__ == "__main__":
    main()