91 lines
3.5 KiB
Python
91 lines
3.5 KiB
Python
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from getpass import getpass
|
|
import logging
|
|
|
|
from pegleg.engine.catalogs import passphrase_catalog
|
|
from pegleg.engine.catalogs.passphrase_catalog import PassphraseCatalog
|
|
from pegleg.engine.generators.base_generator import BaseGenerator
|
|
from pegleg.engine.util.cryptostring import CryptoString
|
|
from pegleg.engine.util import files
|
|
from pegleg.engine.util.pegleg_secret_management import PeglegSecretManagement
|
|
|
|
__all__ = ['PassphraseGenerator']
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
KIND = 'Passphrase'
|
|
KIND_PATH = 'passphrases'
|
|
|
|
|
|
class PassphraseGenerator(BaseGenerator):
|
|
"""
|
|
Generates passphrases for a given environment, specified in a
|
|
passphrase catalog.
|
|
"""
|
|
|
|
def __init__(self, sitename, save_location, author):
|
|
"""Constructor for ``PassphraseGenerator``.
|
|
|
|
:param str sitename: Site name for which passphrases are generated.
|
|
:param str save_location: The base directory to store the generated
|
|
passphrase documents.
|
|
:param str author: Identifying name of the author generating new
|
|
certificates.
|
|
"""
|
|
|
|
super(PassphraseGenerator, self).__init__(
|
|
sitename, save_location, author)
|
|
self._catalog = PassphraseCatalog(
|
|
self._sitename, documents=self._documents)
|
|
self._pass_util = CryptoString()
|
|
|
|
def generate(self, interactive=False):
|
|
"""
|
|
For each passphrase entry in the passphrase catalog, generate a
|
|
random passphrase string, based on a passphrase specification in the
|
|
catalog. Create a pegleg managed document, wrap the generated
|
|
passphrase document in the pegleg managed document, and encrypt the
|
|
passphrase. Write the wrapped and encrypted document in a file at
|
|
<repo_name>/site/<site_name>/secrets/passphrases/passphrase_name.yaml.
|
|
"""
|
|
for p_name in self._catalog.get_passphrase_names:
|
|
passphrase = None
|
|
if interactive:
|
|
passphrase = getpass(
|
|
prompt="Input passphrase for {}. Leave blank to "
|
|
"auto-generate:\n".format(p_name))
|
|
if not passphrase:
|
|
passphrase = self._pass_util.get_crypto_string(
|
|
self._catalog.get_length(p_name))
|
|
docs = list()
|
|
storage_policy = self._catalog.get_storage_policy(p_name)
|
|
docs.append(self.generate_doc(
|
|
KIND,
|
|
p_name,
|
|
storage_policy,
|
|
passphrase))
|
|
save_path = self.get_save_path(p_name)
|
|
if storage_policy == passphrase_catalog.P_ENCRYPTED:
|
|
PeglegSecretManagement(
|
|
docs=docs, generated=True, author=self._author,
|
|
catalog=self._catalog).encrypt_secrets(
|
|
save_path)
|
|
else:
|
|
files.write(save_path, docs)
|
|
|
|
@property
|
|
def kind_path(self):
|
|
return KIND_PATH
|