From 7b9143832de8e9a469ea29fadd9c065a795ac19f Mon Sep 17 00:00:00 2001
From: syl20bnr <sylvain.benner@gmail.com>
Date: Fri, 16 Dec 2016 08:50:21 -0500
Subject: [PATCH] ansible: add support for company-ansible and ansible-vault

New key bindings to encrypt decrypt ansible-vault encrypted files.
New layer variable ansible-auto-encrypt-descrypt to control seamless edition
of encrypted files.
---
 layers/+tools/ansible/README.org  | 31 ++++++++++++++++++++++++++
 layers/+tools/ansible/config.el   | 11 +++++++--
 layers/+tools/ansible/funcs.el    | 20 ++++++++++++-----
 layers/+tools/ansible/packages.el | 37 ++++++++++++++++++++++++++-----
 4 files changed, 85 insertions(+), 14 deletions(-)

diff --git a/layers/+tools/ansible/README.org b/layers/+tools/ansible/README.org
index ff57bec3a..d4136267e 100644
--- a/layers/+tools/ansible/README.org
+++ b/layers/+tools/ansible/README.org
@@ -5,6 +5,10 @@
 * Table of Contents                                         :TOC_4_gh:noexport:
  - [[#description][Description]]
  - [[#install][Install]]
+ - [[#configuration][Configuration]]
+   - [[#ansible-vault][ansible-vault]]
+     - [[#password][Password]]
+     - [[#automatic-encryption-and-descryption][Automatic encryption and descryption]]
  - [[#key-bindings][Key bindings]]
 
 * Description
@@ -15,8 +19,35 @@ To use this configuration layer, add it to your =~/.spacemacs=. You will need to
 add =ansible= to the existing =dotspacemacs-configuration-layers= list in this
 file.
 
+* Configuration
+** ansible-vault
+*** Password
+To use =ansible-vault= you have to provide the path to a file containing the
+password to use somewhere in you =dotspacemacs/user-config= function.
+For instance:
+
+#+BEGIN_SRC emacs-lisp
+(setq ansible::vault-password-file "path/to/pwd/file")
+#+END_SRC
+
+The default value is the ansible-vault default value: =~/.vault_pass.txt=.
+
+*** Automatic encryption and descryption
+This layer comes preconfigured with automatic encryption/decryption of
+encrypted files using =ansible-vault= so it is possible to edit seamlessly
+any encrypted files.
+
+If you want to disable this feature then set the layer variable
+=ansible-auto-encrypt-descrypt= to =nil=.
+
+#+BEGIN_SRC emacs-lisp
+(ansible :variables ansible-auto-encrypt-descrypt t)
+#+END_SRC
+
 * Key bindings
 
 | Key Binding | Description                              |
 |-------------+------------------------------------------|
+| ~SPC m b d~ | encrypt the buffer using =ansible-vault= |
+| ~SPC m b e~ | decrypt the buffer using =ansible-vault= |
 | ~SPC m h a~ | looks up documentation using [[https://github.com/lunaryorn/ansible-doc.el][ansible-doc]] |
diff --git a/layers/+tools/ansible/config.el b/layers/+tools/ansible/config.el
index e85994397..d92db2acb 100644
--- a/layers/+tools/ansible/config.el
+++ b/layers/+tools/ansible/config.el
@@ -9,7 +9,14 @@
 ;;
 ;;; License: GPLv3
 
+;; variables
+
+(defvar ansible-auto-encrypt-descrypt t
+  "Set it to non-nil to seamlessly edit `ansible-vault' encrypted files.
+If non-nil then encrypted files are automatically decrypted when opened and
+ encrypted when saved.")
+
 ;; detect filenames compatible with Ansible's recommended layout.
 ;; http://docs.ansible.com/playbooks_best_practices.html#directory-layout
-(setq ansible/ansible-filename-re
-      "\\(site\.yml\\|roles/.+\.yml\\|group_vars/.+\\|host_vars/.+\\)")
+(setq spacemacs--ansible-filename-re
+      ".*\\(main\.yml\\|site\.yml\\|encrypted\.yml\\|roles/.+\.yml\\|group_vars/.+\\|host_vars/.+\\)")
diff --git a/layers/+tools/ansible/funcs.el b/layers/+tools/ansible/funcs.el
index 5c7a0fe9a..0b6287f0c 100644
--- a/layers/+tools/ansible/funcs.el
+++ b/layers/+tools/ansible/funcs.el
@@ -8,12 +8,20 @@
 ;; This file is not part of GNU Emacs.
 ;;
 ;;; License: GPLv3
-(defun ansible/ansible-should-enable? ()
+
+(defun spacemacs//ansible-should-enable? ()
   (and (stringp buffer-file-name)
-       (string-match ansible/ansible-filename-re buffer-file-name)))
+       (string-match spacemacs--ansible-filename-re buffer-file-name)))
 
-(defun ansible/ansible-maybe-enable ()
-  (when (ansible/ansible-should-enable?) (ansible 1)))
+(defun spacemacs/ansible-maybe-enable ()
+  (when (spacemacs//ansible-should-enable?)
+    (ansible 1)))
 
-(defun ansible/ansible-doc-maybe-enable ()
-  (when (ansible/ansible-should-enable?) (ansible-doc-mode 1)))
+(defun spacemacs/ansible-company-maybe-enable ()
+  "Add the ansible company backend only for when ansible mode is active."
+  (when (spacemacs//ansible-should-enable?)
+    (add-to-list 'company-backends 'company-ansible)))
+
+(defun spacemacs/ansible-doc-maybe-enable ()
+  (when (spacemacs//ansible-should-enable?)
+    (ansible-doc-mode 1)))
diff --git a/layers/+tools/ansible/packages.el b/layers/+tools/ansible/packages.el
index 5494c2853..b3683389f 100644
--- a/layers/+tools/ansible/packages.el
+++ b/layers/+tools/ansible/packages.el
@@ -12,17 +12,32 @@
       '(ansible
         ansible-doc
         company
+        (company-ansible :toggle (configuration-layer/package-usedp 'company))
         jinja2-mode
         yaml-mode))
 
 (defun ansible/init-ansible ()
   (use-package ansible
     :defer t
-    :init (add-to-list 'auto-mode-alist
-                       '("\\(group_vars/.+\\|host_vars/.+\\)" . yaml-mode))))
+    :init
+    (progn
+      (add-hook 'yaml-mode-hook 'spacemacs/ansible-maybe-enable)
+      (if ansible-auto-encrypt-descrypt
+          (add-hook 'ansible-hook 'ansible::auto-decrypt-encrypt)
+        (remove-hook 'ansible-hook 'ansible::auto-decrypt-encrypt))
+      (spacemacs/set-leader-keys-for-minor-mode 'ansible
+        "bd" 'ansible::decrypt-buffer
+        "be" 'ansible::encrypt-buffer))))
 
 (defun ansible/init-ansible-doc ()
-  (use-package ansible-doc :defer t))
+  (use-package ansible-doc
+    :defer t
+    :init
+    (progn
+      (add-hook 'yaml-mode-hook 'spacemacs/ansible-doc-maybe-enable)
+      (spacemacs/set-leader-keys-for-minor-mode 'ansible-doc-mode
+        "ha" 'ansible-doc))
+    :config (spacemacs|hide-lighter ansible-doc-mode)))
 
 (defun ansible/post-init-company ()
   ;; ansible-mode requires ac-user-dictionary-files. If the
@@ -33,12 +48,22 @@
   ;; https://github.com/k1LoW/emacs-ansible/issues/2
   (defvar ac-user-dictionary-files nil))
 
+(defun ansible/init-company-ansible ()
+  (use-package company-ansible
+    :defer t
+    :init
+    ;; append this hook at the end to execute it last so `company-backends'
+    ;; variable is buffer local
+    (add-hook 'yaml-mode-hook 'spacemacs/ansible-company-maybe-enable t)))
+
 (defun ansible/init-jinja2-mode ()
   (use-package jinja2-mode
     :mode ("\\.j2\\'" . jinja2-mode)
     :defer t))
 
 (defun ansible/post-init-yaml-mode ()
-  (spacemacs/set-leader-keys-for-major-mode 'yaml-mode "ha" 'ansible-doc)
-  (spacemacs/add-to-hook 'yaml-mode-hook '(ansible/ansible-maybe-enable
-                                           ansible/ansible-doc-maybe-enable)))
+  ;; maybe move it to the layer owning `yaml-mode' at some point
+  (spacemacs/declare-prefix-for-mode 'yaml-mode "mh" "help")
+  (spacemacs/declare-prefix-for-mode 'yaml-mode "mb" "buffer")
+  (add-to-list 'auto-mode-alist
+               '("\\(group_vars/.+\\|host_vars/.+\\)" . yaml-mode)))