Merge pull request #39790 from gtmanfred/develop

add get_or_set_hash to sdb
2024-11-07 08:58:59 +00:00 · 2017-03-03 08:23:26 -07:00 · 2017-03-03 08:23:26 -07:00 · 17986d0977
commit 17986d0977
parent 58477d0fb8 00b8b16716
3 changed files with 96 additions and 12 deletions
--- a/salt/modules/sdb.py
+++ b/salt/modules/sdb.py
@ -56,3 +56,39 @@ def delete(uri):
        salt '*' sdb.delete sdb://mymemcached/foo
    '''
    return salt.utils.sdb.sdb_delete(uri, __opts__, __utils__)
+
+
+def get_or_set_hash(uri,
+        length=8,
+        chars='abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'):
+    '''
+    Perform a one-time generation of a hash and write it to sdb.
+    If that value has already been set return the value instead.
+
+    This is useful for generating passwords or keys that are specific to
+    multiple minions that need to be stored somewhere centrally.
+
+    State Example:
+
+    .. code-block:: yaml
+
+        some_mysql_user:
+          mysql_user:
+            - present
+            - host: localhost
+            - password: '{{ salt['sdb.get_or_set_hash']('some_mysql_user_pass') }}'
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' sdb.get_or_set_hash 'SECRET_KEY' 50
+
+    .. warning::
+
+        This function could return strings which may contain characters which are reserved
+        as directives by the YAML parser, such as strings beginning with ``%``. To avoid
+        issues when using the output of this function in an SLS file containing YAML+Jinja,
+        surround the call with single quotes.
+    '''
+    return salt.utils.sdb.sdb_get_or_set_hash(uri, __opts__, length, chars, __utils__)
--- a/salt/runners/sdb.py
+++ b/salt/runners/sdb.py
@ -55,3 +55,29 @@ def delete(uri):
        salt '*' sdb.delete sdb://mymemcached/foo
    '''
    return salt.utils.sdb.sdb_delete(uri, __opts__, __utils__)
+
+
+def get_or_set_hash(uri,
+        length=8,
+        chars='abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'):
+    '''
+    Perform a one-time generation of a hash and write it to sdb.
+    If that value has already been set return the value instead.
+
+    This is useful for generating passwords or keys that are specific to
+    multiple minions that need to be stored somewhere centrally.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt-run sdb.get_or_set_hash 'SECRET_KEY' 50
+
+    .. warning::
+
+        This function could return strings which may contain characters which are reserved
+        as directives by the YAML parser, such as strings beginning with ``%``. To avoid
+        issues when using the output of this function in an SLS file containing YAML+Jinja,
+        surround the call with single quotes.
+    '''
+    return salt.utils.sdb.sdb_get_or_set_hash(uri, __opts__, length, chars, __utils__)
--- a/salt/utils/sdb.py
+++ b/salt/utils/sdb.py
@ -6,8 +6,14 @@ For configuration options, see the docs for specific sdb
 modules.
 '''
 from __future__ import absolute_import
+
+# Import python libs
+import random
+
+# Import salt libs
 import salt.loader
 from salt.ext.six import string_types
+from salt.ext.six.moves import range


 def sdb_get(uri, opts, utils=None):
@ -15,10 +21,7 @@ def sdb_get(uri, opts, utils=None):
    Get a value from a db, using a uri in the form of ``sdb://<profile>/<key>``. If
    the uri provided does not start with ``sdb://``, then it will be returned as-is.
    '''
-    if not isinstance(uri, string_types):
-        return uri
-
-    if not uri.startswith('sdb://'):
+    if not isinstance(uri, string_types) or not uri.startswith('sdb://'):
        return uri

    if utils is None:
@ -49,10 +52,7 @@ def sdb_set(uri, value, opts, utils=None):
    If the uri provided does not start with ``sdb://`` or the value is not
    successfully set, return ``False``.
    '''
-    if not isinstance(uri, string_types):
-        return False
-
-    if not uri.startswith('sdb://'):
+    if not isinstance(uri, string_types) or not uri.startswith('sdb://'):
        return False

    if utils is None:
@ -83,10 +83,7 @@ def sdb_delete(uri, opts, utils=None):
    the uri provided does not start with ``sdb://`` or the value is not successfully
    deleted, return ``False``.
    '''
-    if not isinstance(uri, string_types):
-        return False
-
-    if not uri.startswith('sdb://'):
+    if not isinstance(uri, string_types) or not uri.startswith('sdb://'):
        return False

    if utils is None:
@ -109,3 +106,28 @@ def sdb_delete(uri, opts, utils=None):

    loaded_db = salt.loader.sdb(opts, fun, utils=utils)
    return loaded_db[fun](query, profile=profile)
+
+
+def sdb_get_or_set_hash(uri,
+                        opts,
+                        length=8,
+                        chars='abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)',
+                        utils=None):
+    '''
+    Check if value exists in sdb.  If it does, return, otherwise generate a
+    random string and store it.  This can be used for storing secrets in a
+    centralized place.
+    '''
+    if not isinstance(uri, string_types) or not uri.startswith('sdb://'):
+        return False
+
+    if utils is None:
+        utils = {}
+
+    ret = sdb_get(uri, opts, utils=utils)
+
+    if ret is None:
+        val = ''.join([random.SystemRandom().choice(chars) for _ in range(length)])
+        sdb_set(uri, val, opts, utils)
+
+    return ret or val