add script to modify passwords file
- add new script that will edit the passwords.yml file. The script will be called from the cli so that the passwords file can be set up to be only edited by this script. Users will not be able to have access to the passwords file directly. - moved change_property from ansible/property to utils so it can be used by the script. Still to do: - hook script into a cli command - package script properly into rpm with appropriate restrictive permissions - add password key list
This commit is contained in:
parent
d2f42180cb
commit
15b2ab00b0
|
@ -17,6 +17,7 @@ import yaml
|
|||
|
||||
from kollacli.utils import get_kolla_etc
|
||||
from kollacli.utils import get_kolla_home
|
||||
from kollacli.utils import change_property
|
||||
|
||||
ALLVARS_PATH = 'ansible/group_vars/all.yml'
|
||||
GLOBALS_FILENAME = 'globals.yml'
|
||||
|
@ -101,7 +102,7 @@ class AnsibleProperties(object):
|
|||
|
||||
def get_all_unique(self):
|
||||
unique_list = []
|
||||
for key, value in self.unique_properties.items():
|
||||
for _, value in self.unique_properties.items():
|
||||
unique_list.append(value)
|
||||
return sorted(unique_list, key=lambda x: x.name)
|
||||
|
||||
|
@ -120,17 +121,9 @@ class AnsibleProperties(object):
|
|||
# We only manipulate values in the globals.yml file so look up the key
|
||||
# and if it is there, we will parse through the file to replace that
|
||||
# line. if the key doesn't exist we append to the end of the file
|
||||
contents = self.file_contents[self.globals_path]
|
||||
try:
|
||||
if contents is not None:
|
||||
if property_key in contents:
|
||||
self._change_property(property_key, property_value)
|
||||
else:
|
||||
self._change_property(property_key, property_value,
|
||||
append=True)
|
||||
else:
|
||||
self._change_property(property_key, property_value,
|
||||
append=True)
|
||||
change_property(self.globals_path, property_key,
|
||||
property_value, clear=False)
|
||||
except Exception as e:
|
||||
raise e
|
||||
|
||||
|
@ -138,39 +131,8 @@ class AnsibleProperties(object):
|
|||
# We only manipulate values in the globals.yml file so if the variable
|
||||
# does not exist we will do nothing. if it does exist we need to find
|
||||
# the line and nuke it.
|
||||
contents = self.file_contents[self.globals_path]
|
||||
if contents is not None:
|
||||
if property_key in contents:
|
||||
self._change_property(property_key, None, clear=True)
|
||||
|
||||
def _change_property(self, property_key, property_value, append=False,
|
||||
clear=False):
|
||||
try:
|
||||
# the file handle returned from mkstemp must be closed or else
|
||||
# if this is called many times you will have an unpleasant
|
||||
# file handle leak
|
||||
file_contents = []
|
||||
with open(self.globals_path, 'r+') as globals_file:
|
||||
new_line = '%s: "%s"\n' % (property_key, property_value)
|
||||
for line in globals_file:
|
||||
if append is False:
|
||||
if line.startswith(property_key):
|
||||
if clear:
|
||||
line = ''
|
||||
else:
|
||||
line = new_line
|
||||
file_contents.append(line)
|
||||
else:
|
||||
file_contents.append(line)
|
||||
if append is True:
|
||||
file_contents.append(new_line)
|
||||
|
||||
globals_file.seek(0)
|
||||
globals_file.truncate()
|
||||
|
||||
with open(self.globals_path, 'w') as globals_file:
|
||||
for line in file_contents:
|
||||
globals_file.write(line)
|
||||
change_property(property_key, None, clear=True)
|
||||
except Exception as e:
|
||||
raise e
|
||||
|
||||
|
|
|
@ -101,3 +101,44 @@ def run_cmd(cmd, print_output=True):
|
|||
err_flag = True
|
||||
output.append('%s' % e)
|
||||
return err_flag, output
|
||||
|
||||
|
||||
def change_property(file_path, property_key, property_value, clear=False):
|
||||
"""change property with a file
|
||||
|
||||
file_path: path to property file
|
||||
property_key: property name
|
||||
property value: property value
|
||||
clear: flag to remove property
|
||||
|
||||
If clear and property doesn't exists, nothing is done.
|
||||
If not clear, and key is not found, the new property will be appended.
|
||||
If not clear, and key is found, edit property in place
|
||||
"""
|
||||
try:
|
||||
file_contents = []
|
||||
with open(file_path, 'r+') as property_file:
|
||||
new_line = '%s: "%s"\n' % (property_key, property_value)
|
||||
property_key_found = False
|
||||
for line in property_file:
|
||||
if line[0:len(property_key)] == property_key:
|
||||
property_key_found = True
|
||||
if clear:
|
||||
# clear existing property
|
||||
line = ''
|
||||
else:
|
||||
# edit existing property
|
||||
line = new_line
|
||||
file_contents.append(line)
|
||||
if not property_key_found and not clear:
|
||||
# add new property to file
|
||||
file_contents.append(new_line)
|
||||
|
||||
property_file.seek(0)
|
||||
property_file.truncate()
|
||||
|
||||
with open(file_path, 'w') as property_file:
|
||||
for line in file_contents:
|
||||
property_file.write(line)
|
||||
except Exception as e:
|
||||
raise e
|
||||
|
|
|
@ -0,0 +1,58 @@
|
|||
#!/usr/bin/env python
|
||||
# Copyright(c) 2015, Oracle and/or its affiliates. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
import getopt
|
||||
import sys
|
||||
|
||||
from kollacli import utils
|
||||
|
||||
|
||||
def main():
|
||||
"""edit password in passwords.yml file
|
||||
|
||||
sys.argv:
|
||||
-p path # path to passwords.yaml
|
||||
-k key # key of password
|
||||
-v value # value of password
|
||||
-c # flag to clear the password
|
||||
-l # return a csv string of the existing keys
|
||||
"""
|
||||
opts, _ = getopt.getopt(sys.argv[1:], 'p:k:v:cal')
|
||||
path = ''
|
||||
pwd_key = ''
|
||||
pwd_value = ''
|
||||
clear_flag = False
|
||||
list_flag = False
|
||||
for opt, arg in opts:
|
||||
if opt == '-p':
|
||||
path = arg
|
||||
elif opt == '-k':
|
||||
pwd_key = arg
|
||||
elif opt == '-v':
|
||||
pwd_value = arg
|
||||
elif opt == '-c':
|
||||
clear_flag = True
|
||||
elif opt == '-l':
|
||||
list_flag = True
|
||||
|
||||
if list_flag:
|
||||
# return the password keys
|
||||
pass
|
||||
else:
|
||||
# edit a password
|
||||
utils.change_property(path, pwd_key, pwd_value, clear=clear_flag)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in New Issue