From 16b06320cd3bb3121446717c05b6bc13ae2ff133 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 27 Jul 2011 18:41:27 +0200 Subject: init of trocla module --- lib/puppet/parser/functions/trocla.rb | 7 +++++++ lib/puppet/parser/functions/trocla_get.rb | 9 +++++++++ 2 files changed, 16 insertions(+) create mode 100644 lib/puppet/parser/functions/trocla.rb create mode 100644 lib/puppet/parser/functions/trocla_get.rb (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb new file mode 100644 index 0000000..9fa06bb --- /dev/null +++ b/lib/puppet/parser/functions/trocla.rb @@ -0,0 +1,7 @@ +module Puppet::Parser::Functions + newfunction(:trocla, :type => :rvalue) do |*args| + require File.dirname(__FILE__) + '/../../util/trocla_helper' + + Puppet::Util::TroclaHelper.trocla(:password,true,*args) + end +end \ No newline at end of file diff --git a/lib/puppet/parser/functions/trocla_get.rb b/lib/puppet/parser/functions/trocla_get.rb new file mode 100644 index 0000000..ed8eeab --- /dev/null +++ b/lib/puppet/parser/functions/trocla_get.rb @@ -0,0 +1,9 @@ +module Puppet::Parser::Functions + newfunction(:trocla_get, :type => :rvalue) do |*args| + require File.dirname(__FILE__) + '/../../util/trocla_helper' + if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,*args)).nil? + raise(Puppet::ParseError, "No password for key,format #{args.flatten.inspect} found!") + end + answer + end +end \ No newline at end of file -- cgit v1.2.3 From 20fdb3bcc7201bc86cfbddc269fe807a8e418963 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 3 Aug 2011 19:25:06 +0200 Subject: update doc --- lib/puppet/parser/functions/trocla.rb | 26 ++++++++++++++++++++++++-- lib/puppet/parser/functions/trocla_get.rb | 23 +++++++++++++++++++++-- 2 files changed, 45 insertions(+), 4 deletions(-) (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb index 9fa06bb..487d1fd 100644 --- a/lib/puppet/parser/functions/trocla.rb +++ b/lib/puppet/parser/functions/trocla.rb @@ -1,7 +1,29 @@ module Puppet::Parser::Functions - newfunction(:trocla, :type => :rvalue) do |*args| + newfunction(:trocla, :type => :rvalue, :doc => " +This will create or get a random password from the trocla storage. + +Usage: + + $password_user1 = trocla(key,[format='plain'[,options={}]]) + +Means: + + $password_user1 = trocla('user1') + +Create or get the plain text password for the key 'user1' + + $password_user2 = trocla('user2','mysql') + +Create or get the mysql style sha1 hashed password. + + $options_user3 = { 'username' => 'user3' } # Due to a puppet bug + # this needs to be assigned + # like that. + $password_user3 = trocla('user3','pgsql', $options_user3) + " + ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' Puppet::Util::TroclaHelper.trocla(:password,true,*args) end -end \ No newline at end of file +end diff --git a/lib/puppet/parser/functions/trocla_get.rb b/lib/puppet/parser/functions/trocla_get.rb index ed8eeab..01c4e01 100644 --- a/lib/puppet/parser/functions/trocla_get.rb +++ b/lib/puppet/parser/functions/trocla_get.rb @@ -1,9 +1,28 @@ module Puppet::Parser::Functions - newfunction(:trocla_get, :type => :rvalue) do |*args| + newfunction(:trocla_get, :type => :rvalue, :doc => " + This will only get an already stored password from the trocla storage. + +Usage: + + $password_user1 = trocla_get(key,[format='plain']) + +Means: + + $password_user1 = trocla('user1') + +Get the plain text password for the key 'user1' + + $password_user2 = trocla_get('user2','mysql') + +Get the mysql style sha1 hashed password. + +It will raise a parse error if the password haven't yet been stored in trocla. +" + ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,*args)).nil? raise(Puppet::ParseError, "No password for key,format #{args.flatten.inspect} found!") end answer end -end \ No newline at end of file +end -- cgit v1.2.3 From 0b59b4e84c8d3d2244294e625f0b916709959e28 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 5 Aug 2011 15:24:44 +0200 Subject: introduce trocla_set - useful to migrate existing manifests --- lib/puppet/parser/functions/trocla_set.rb | 65 +++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 lib/puppet/parser/functions/trocla_set.rb (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla_set.rb b/lib/puppet/parser/functions/trocla_set.rb new file mode 100644 index 0000000..5b6079a --- /dev/null +++ b/lib/puppet/parser/functions/trocla_set.rb @@ -0,0 +1,65 @@ +module Puppet::Parser::Functions + newfunction(:trocla_set, :type => :rvalue, :doc => " + This will set a password/hash in the local storage and return itself, + or hashed in another format, if the password is present in plaintext or + in that specific hash format. + + This function is mainly useful to migrate from hashes in manifests to trocla only manifests. + +Usage: + + $password_user1 = trocla_set(key,value,[format='plain',[return_format,[options={}]]]) + +Means: + + $password_user1 = trocla_set('user1','mysecret') + +Will set and return 'mysecret' as plain password. + + $password_user2 = trocla_set('user2','*AAA...','mysql') + +Will set and return the sha1 hashed mysql password for the key user2. + + $password_user3 = trocla_set('user3','mysecret','plain','sha512crypt') + +Will set 'mysecret' as plain password, but return a newly created sha512crypt hash. + + $postgres_user4 = { username => 'user4' } + $password_user4 = trocla_set('user4','mysecret','plain','pgsql',$postgres_user4) + +Will set the plain password 'mysecret' and return a pgsql md5 hash for user5. + + $password_user2 = trocla_set('user2','*AAA...','mysql','sha512crypt') + +This will likely fail, except if you add the plain password or the sha512crypt hash manually to +trocla, for example via cli. +" +) do |*args| + if args[0].is_a?(Array) + args = args[0] + end + + key = args[0] + value = args[1] + raise(Puppet::ParseError, "You need to pass at least key & value as an argument!") if key.nil? || value.nil? + + format = args[2] || 'plain' + return_format = args[3] || format + options = args[4] || {} + + configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") + + raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) + raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? + + require 'rubygems' + require 'trocla' + + result = (trocla=Trocla.new(configfile)).set_password(key,format,value) + if format != return_format && (result = trocla.get_password(key,return_format)).nil? + raise(Puppet::ParseError, "Plaintext password is not present, but required to return password in format #{return_format}") if (return_format == 'plain') || trocla.get_password(key,'plain').nil? + result = trocla.password(key,return_format,options) + end + result + end +end -- cgit v1.2.3 From 64205c93a957bafdfb255a991844f2d7744f11b5 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 6 Sep 2011 15:02:51 +0200 Subject: as setting a hash first is a bit cumbersome, we provide the possibility to pass a yaml string --- lib/puppet/parser/functions/trocla.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb index 487d1fd..e042872 100644 --- a/lib/puppet/parser/functions/trocla.rb +++ b/lib/puppet/parser/functions/trocla.rb @@ -20,6 +20,10 @@ Create or get the mysql style sha1 hashed password. # this needs to be assigned # like that. $password_user3 = trocla('user3','pgsql', $options_user3) + +Options can also be passed as a yaml string: + + $password_user3 = trocla('user3','pgsql', \"username: 'user3'\") " ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' -- cgit v1.2.3 From 02bbc22223f53d979c1ab5724e26aa2ac4c22c7a Mon Sep 17 00:00:00 2001 From: Michael Franz Aigner Date: Thu, 28 Feb 2013 08:17:37 -0500 Subject: Removing calls to Puppet.features.rubygems? This makes the Gem usable in the latest Puppet versions. The handling of RubyGems got revised in Puppet 3.0.1-rc1: http://projects.puppetlabs.com/issues/16757 The new policy is that either bundler and/or rubygems are guaranteed to be loaded and initialized when the Puppet manifest is evaluated, making it unnecessary for Puppet modules to load rubygems. This new policy broke the puppet-trocla module. This is because 'Puppet.features.rubygems?' always evaluates to false now, which causes the module to abort the manifest compilation with a message informing about the necessity of RubyGems to be present. --- lib/puppet/parser/functions/trocla_set.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla_set.rb b/lib/puppet/parser/functions/trocla_set.rb index 5b6079a..c3c9b49 100644 --- a/lib/puppet/parser/functions/trocla_set.rb +++ b/lib/puppet/parser/functions/trocla_set.rb @@ -50,9 +50,7 @@ trocla, for example via cli. configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) - raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? - - require 'rubygems' + require 'trocla' result = (trocla=Trocla.new(configfile)).set_password(key,format,value) -- cgit v1.2.3 From 0e320508328db93fc2ca8aa29eb1ed22e0f0f22a Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 12 Aug 2015 08:42:35 +0200 Subject: whitespace cleanup --- lib/puppet/parser/functions/trocla_set.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla_set.rb b/lib/puppet/parser/functions/trocla_set.rb index c3c9b49..06da5ae 100644 --- a/lib/puppet/parser/functions/trocla_set.rb +++ b/lib/puppet/parser/functions/trocla_set.rb @@ -38,21 +38,21 @@ trocla, for example via cli. if args[0].is_a?(Array) args = args[0] end - + key = args[0] value = args[1] raise(Puppet::ParseError, "You need to pass at least key & value as an argument!") if key.nil? || value.nil? - + format = args[2] || 'plain' return_format = args[3] || format options = args[4] || {} - + configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") - + raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) require 'trocla' - + result = (trocla=Trocla.new(configfile)).set_password(key,format,value) if format != return_format && (result = trocla.get_password(key,return_format)).nil? raise(Puppet::ParseError, "Plaintext password is not present, but required to return password in format #{return_format}") if (return_format == 'plain') || trocla.get_password(key,'plain').nil? -- cgit v1.2.3 From 402b98284242713fbb7b0173da8aa6eff87fa595 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 12 Aug 2015 08:48:24 +0200 Subject: Fix #14 - allow trocla_get not to raise an error if nothing is found Up to now we raised an error if nothing was found while using trocla_get. The main idea was to ensure that typos in the key/format are easily spotted and not overlooked as no password being returned usually indicates that something is wrong. As outlined in #14 there are use cases where it makes sense to not have this behavior. This change allows us to suppress the error raising and just return the puppet undef if nothing is found. --- lib/puppet/parser/functions/trocla_get.rb | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla_get.rb b/lib/puppet/parser/functions/trocla_get.rb index 01c4e01..fb5cd5a 100644 --- a/lib/puppet/parser/functions/trocla_get.rb +++ b/lib/puppet/parser/functions/trocla_get.rb @@ -4,7 +4,7 @@ module Puppet::Parser::Functions Usage: - $password_user1 = trocla_get(key,[format='plain']) + $password_user1 = trocla_get(key,[format='plain'[,raise_error=true]]) Means: @@ -16,13 +16,23 @@ Get the plain text password for the key 'user1' Get the mysql style sha1 hashed password. -It will raise a parse error if the password haven't yet been stored in trocla. +By default puppet will raise a parse error if the password haven't yet been +stored in trocla. This can be turned off by setting false as a third argument: + + $password_user3 = trocla_get('user2','mysql',false) + +the return value will be undef if the key & format pair is not found. " ) do |*args| + if args[0].is_a?(Array) + args = args[0] + end require File.dirname(__FILE__) + '/../../util/trocla_helper' - if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,*args)).nil? - raise(Puppet::ParseError, "No password for key,format #{args.flatten.inspect} found!") + args[1] ||= 'plain' + raise_error = args[2].nil? ? true : args[2] + if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,[args[0],args[1]])).nil? && raise_error + raise(Puppet::ParseError, "No password for key,format #{args[0..1].flatten.inspect} found!") end - answer + answer.nil? ? :undef : answer end end -- cgit v1.2.3 From 70b87a890319b262641503e78495b83df24f20ea Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 7 Jun 2016 21:59:18 +0200 Subject: whitespace cleanup --- lib/puppet/parser/functions/trocla.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/puppet/parser') diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb index e042872..b1a7b61 100644 --- a/lib/puppet/parser/functions/trocla.rb +++ b/lib/puppet/parser/functions/trocla.rb @@ -27,7 +27,7 @@ Options can also be passed as a yaml string: " ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' - + Puppet::Util::TroclaHelper.trocla(:password,true,*args) end end -- cgit v1.2.3