Age | Commit message (Collapse) | Author |
|
|
|
Per puppet function call we now created a new Trocla object. This
is a) a very naive approach and b) obviously can lead to a lot of
inefficiency as we for example need to build up trocla each time
again. Also this means that we are running into problems like
opening a connection to a database system each time a trocla
lookup is done (and we never close the connection :-/).
The proper way to solve this is to make sure we don't create too
many trocla objects. With this change, we should now create once
a global trocla object PER puppet(-master/-server) process and
keep it around for the life time of such a process.
|
|
|
|
|
|
Get path to configuration file from config hash to avoid undefined
variable error.
|
|
* refactoring code for simplicity and easier maintenance.
* prefix the format and options config with default_ to better
represent their intention.
|
|
Only reacts to key namespace trocla::password::<trocla_key>. Looks up
additional parameters via hiera itself as
trocla::options::<trocla_key>::format (string) and
trocla::options::<trocla_key>::options (hash). Looks for <trocla_key> in
trocla as hiera/<source>/<trocla> with <source> iterating over the
configured hiera hierarchy. If not found, creates and returns a new
password with trocla key <trocla_key>.
example entry in hiera.yaml:
backends:
- ...
- trocla
trocla:
- configfile: /etc/puppet/troclarc.yaml
- format: plain
- options:
length: 16
example usage in hiera yaml file:
kerberos::kdc_database_password: "%{hiera('trocla::password::kdc_database_password')}"
trocla::options::kdc_database_password::format: 'plain'
trocla::options::kdc_database_password::options:
length: '71'
|
|
Up to now we raised an error if nothing was found while using
trocla_get. The main idea was to ensure that typos in the key/format
are easily spotted and not overlooked as no password being returned
usually indicates that something is wrong.
As outlined in #14 there are use cases where it makes sense to not
have this behavior.
This change allows us to suppress the error raising and just return
the puppet undef if nothing is found.
|
|
|
|
|
|
|
|
|
|
lookup other 'keys'
|
|
|
|
tilya-charset_option
& simplify charset selection
Conflicts:
lib/trocla.rb
lib/trocla/util.rb
|
|
asquelt-safechars
Conflicts:
lib/trocla.rb
|
|
|
|
integer for ranges
ie. for this to work:
$short_and_safe = {
'shellsafe' => 'true',
'length' => 6, # THIS WILL BE STRING!
}
$x = trocla('foo', 'plain', $short_and_safe)
notify { "test: $x": }
|
|
basically excludes characters that might be dangerous if used in shell.
many passwords generated by trocla may end up in some sort of bash
scripts (initscripts, sourced shell variables, etc) which may yeld
problems with default trocla random generator.
this can be now changed either in troclarc (with "shellsafe: true")
or on (ie. "trocla create foo plain '{ length: 32, shellsafe: true}'").
|
|
integer for ranges
ie. for this to work:
$short_and_safe = {
'shellsafe' => 'true',
'length' => 6, # THIS WILL BE STRING!
}
$x = trocla('foo', 'plain', $short_and_safe)
notify { "test: $x": }
|
|
basically excludes characters that might be dangerous if used in shell.
many passwords generated by trocla may end up in some sort of bash
scripts (initscripts, sourced shell variables, etc) which may yeld
problems with default trocla random generator.
this can be now changed either in troclarc (with "shellsafe: true")
or on (ie. "trocla create foo plain '{ length: 32, shellsafe: true}'").
|
|
basically excludes characters that might be dangerous if used in shell.
many passwords generated by trocla may end up in some sort of bash
scripts (initscripts, sourced shell variables, etc) which may yeld
problems with default trocla random generator.
this can be now changed either in troclarc (with "shellsafe: true")
or on (ie. "trocla create foo plain '{ length: 32, shellsafe: true}'").
|
|
|
|
|
|
|
|
|
|
This makes the Gem usable in the latest Puppet versions.
The handling of RubyGems got revised in Puppet 3.0.1-rc1:
http://projects.puppetlabs.com/issues/16757
The new policy is that either bundler and/or rubygems are guaranteed to
be loaded and initialized when the Puppet manifest is evaluated, making
it unnecessary for Puppet modules to load rubygems.
This new policy broke the puppet-trocla module. This is because
'Puppet.features.rubygems?' always evaluates to false now, which causes
the module to abort the manifest compilation with a message informing
about the necessity of RubyGems to be present.
|
|
|
|
|
|
|
|
|
|
is just crap
|
|
|
|
|
|
|
|
|
|
|
|
Various apps, especially php-apps :/ have a problem with '<' or '>'
as a password character. To reduce the amount of pain from a
freshly generated password, we remove these characters.
|
|
|
|
|
|
|
|
pass a yaml string
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|