summaryrefslogtreecommitdiff
path: root/lib/puppet/parser
diff options
context:
space:
mode:
authorkwadronaut <kwadronaut@leap.se>2016-07-25 00:44:22 +0200
committerkwadronaut <kwadronaut@leap.se>2016-07-25 00:44:22 +0200
commit30bc1e889dd0042132c4da21b94780c5a530b67c (patch)
treee430d45f553364c232626961df1647052166169d /lib/puppet/parser
parentc0d2832dff7fb14e056a49b28860087b2f201619 (diff)
parent8c1aac4f23d245cda54994737c72a868d112db87 (diff)
mixed up trocla and puppet_trocla repos, sorryHEADmaster
Diffstat (limited to 'lib/puppet/parser')
-rw-r--r--lib/puppet/parser/functions/trocla.rb33
-rw-r--r--lib/puppet/parser/functions/trocla_get.rb38
-rw-r--r--lib/puppet/parser/functions/trocla_set.rb63
3 files changed, 134 insertions, 0 deletions
diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb
new file mode 100644
index 0000000..b1a7b61
--- /dev/null
+++ b/lib/puppet/parser/functions/trocla.rb
@@ -0,0 +1,33 @@
+module Puppet::Parser::Functions
+ newfunction(:trocla, :type => :rvalue, :doc => "
+This will create or get a random password from the trocla storage.
+
+Usage:
+
+ $password_user1 = trocla(key,[format='plain'[,options={}]])
+
+Means:
+
+ $password_user1 = trocla('user1')
+
+Create or get the plain text password for the key 'user1'
+
+ $password_user2 = trocla('user2','mysql')
+
+Create or get the mysql style sha1 hashed password.
+
+ $options_user3 = { 'username' => 'user3' } # Due to a puppet bug
+ # this needs to be assigned
+ # like that.
+ $password_user3 = trocla('user3','pgsql', $options_user3)
+
+Options can also be passed as a yaml string:
+
+ $password_user3 = trocla('user3','pgsql', \"username: 'user3'\")
+ "
+ ) do |*args|
+ require File.dirname(__FILE__) + '/../../util/trocla_helper'
+
+ Puppet::Util::TroclaHelper.trocla(:password,true,*args)
+ end
+end
diff --git a/lib/puppet/parser/functions/trocla_get.rb b/lib/puppet/parser/functions/trocla_get.rb
new file mode 100644
index 0000000..fb5cd5a
--- /dev/null
+++ b/lib/puppet/parser/functions/trocla_get.rb
@@ -0,0 +1,38 @@
+module Puppet::Parser::Functions
+ newfunction(:trocla_get, :type => :rvalue, :doc => "
+ This will only get an already stored password from the trocla storage.
+
+Usage:
+
+ $password_user1 = trocla_get(key,[format='plain'[,raise_error=true]])
+
+Means:
+
+ $password_user1 = trocla('user1')
+
+Get the plain text password for the key 'user1'
+
+ $password_user2 = trocla_get('user2','mysql')
+
+Get the mysql style sha1 hashed password.
+
+By default puppet will raise a parse error if the password haven't yet been
+stored in trocla. This can be turned off by setting false as a third argument:
+
+ $password_user3 = trocla_get('user2','mysql',false)
+
+the return value will be undef if the key & format pair is not found.
+"
+ ) do |*args|
+ if args[0].is_a?(Array)
+ args = args[0]
+ end
+ require File.dirname(__FILE__) + '/../../util/trocla_helper'
+ args[1] ||= 'plain'
+ raise_error = args[2].nil? ? true : args[2]
+ if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,[args[0],args[1]])).nil? && raise_error
+ raise(Puppet::ParseError, "No password for key,format #{args[0..1].flatten.inspect} found!")
+ end
+ answer.nil? ? :undef : answer
+ end
+end
diff --git a/lib/puppet/parser/functions/trocla_set.rb b/lib/puppet/parser/functions/trocla_set.rb
new file mode 100644
index 0000000..06da5ae
--- /dev/null
+++ b/lib/puppet/parser/functions/trocla_set.rb
@@ -0,0 +1,63 @@
+module Puppet::Parser::Functions
+ newfunction(:trocla_set, :type => :rvalue, :doc => "
+ This will set a password/hash in the local storage and return itself,
+ or hashed in another format, if the password is present in plaintext or
+ in that specific hash format.
+
+ This function is mainly useful to migrate from hashes in manifests to trocla only manifests.
+
+Usage:
+
+ $password_user1 = trocla_set(key,value,[format='plain',[return_format,[options={}]]])
+
+Means:
+
+ $password_user1 = trocla_set('user1','mysecret')
+
+Will set and return 'mysecret' as plain password.
+
+ $password_user2 = trocla_set('user2','*AAA...','mysql')
+
+Will set and return the sha1 hashed mysql password for the key user2.
+
+ $password_user3 = trocla_set('user3','mysecret','plain','sha512crypt')
+
+Will set 'mysecret' as plain password, but return a newly created sha512crypt hash.
+
+ $postgres_user4 = { username => 'user4' }
+ $password_user4 = trocla_set('user4','mysecret','plain','pgsql',$postgres_user4)
+
+Will set the plain password 'mysecret' and return a pgsql md5 hash for user5.
+
+ $password_user2 = trocla_set('user2','*AAA...','mysql','sha512crypt')
+
+This will likely fail, except if you add the plain password or the sha512crypt hash manually to
+trocla, for example via cli.
+"
+) do |*args|
+ if args[0].is_a?(Array)
+ args = args[0]
+ end
+
+ key = args[0]
+ value = args[1]
+ raise(Puppet::ParseError, "You need to pass at least key & value as an argument!") if key.nil? || value.nil?
+
+ format = args[2] || 'plain'
+ return_format = args[3] || format
+ options = args[4] || {}
+
+ configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml")
+
+ raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile)
+
+ require 'trocla'
+
+ result = (trocla=Trocla.new(configfile)).set_password(key,format,value)
+ if format != return_format && (result = trocla.get_password(key,return_format)).nil?
+ raise(Puppet::ParseError, "Plaintext password is not present, but required to return password in format #{return_format}") if (return_format == 'plain') || trocla.get_password(key,'plain').nil?
+ result = trocla.password(key,return_format,options)
+ end
+ result
+ end
+end