Add CMD_ONCE secret type and fill in/change secret definitions
This commit is contained in:
parent
9560f80852
commit
1c814f002a
11 changed files with 18 additions and 6 deletions
1
app/im/secrets/chat/easybridge/as_token
Normal file
1
app/im/secrets/chat/easybridge/as_token
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMD openssl rand -hex 32
|
1
app/im/secrets/chat/easybridge/db_pass
Normal file
1
app/im/secrets/chat/easybridge/db_pass
Normal file
|
@ -0,0 +1 @@
|
||||||
|
SERVICE_PASSWORD easybridge
|
1
app/im/secrets/chat/easybridge/db_user
Normal file
1
app/im/secrets/chat/easybridge/db_user
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CONST easybridge
|
1
app/im/secrets/chat/easybridge/hs_token
Normal file
1
app/im/secrets/chat/easybridge/hs_token
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMD openssl rand -hex 32
|
2
app/im/secrets/chat/easybridge/web_session_key
Normal file
2
app/im/secrets/chat/easybridge/web_session_key
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
CMD openssl rand -hex 32
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
USER fb2mx API server token
|
CMD openssl rand -hex 32
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
USER fb2mx homeserver token
|
CMD openssl rand -hex 32
|
||||||
|
|
1
app/im/secrets/chat/synapse/homeserver.signing.key
Normal file
1
app/im/secrets/chat/synapse/homeserver.signing.key
Normal file
|
@ -0,0 +1 @@
|
||||||
|
USER Synapse homeserver ed25519 signing key
|
|
@ -1 +1 @@
|
||||||
USER Shared secret for homeserver registrations (?)
|
CMD head -c 32 /dev/urandom | base64
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
CMD openssl rand -base64 32
|
SERVICE_PASSWORD plume
|
||||||
|
|
|
@ -43,6 +43,9 @@ USER_LONG <description>
|
||||||
CMD <command>
|
CMD <command>
|
||||||
(a secret that is generated by running this command)
|
(a secret that is generated by running this command)
|
||||||
|
|
||||||
|
CMD_ONCE <command>
|
||||||
|
(same, but value is not changed when doing a regen)
|
||||||
|
|
||||||
CONST <constant value>
|
CONST <constant value>
|
||||||
(the secret has a constant value set here)
|
(the secret has a constant value set here)
|
||||||
|
|
||||||
|
@ -81,6 +84,7 @@ consul_server = consul.Consul()
|
||||||
USER = "USER"
|
USER = "USER"
|
||||||
USER_LONG = "USER_LONG"
|
USER_LONG = "USER_LONG"
|
||||||
CMD = "CMD"
|
CMD = "CMD"
|
||||||
|
CMD_ONCE = "CMD_ONCE"
|
||||||
CONST = "CONST"
|
CONST = "CONST"
|
||||||
CONST_LONG = "CONST_LONG"
|
CONST_LONG = "CONST_LONG"
|
||||||
SERVICE_DN = "SERVICE_DN"
|
SERVICE_DN = "SERVICE_DN"
|
||||||
|
@ -108,7 +112,7 @@ def read_secret(key, file_path):
|
||||||
secret = {"type": stype, "key": key}
|
secret = {"type": stype, "key": key}
|
||||||
if stype in [USER, USER_LONG]:
|
if stype in [USER, USER_LONG]:
|
||||||
secret["desc"] = " ".join(l0[1:])
|
secret["desc"] = " ".join(l0[1:])
|
||||||
elif stype == CMD:
|
elif stype in [CMD, CMD_ONCE]:
|
||||||
secret["cmd"] = " ".join(l0[1:])
|
secret["cmd"] = " ".join(l0[1:])
|
||||||
elif stype == CONST:
|
elif stype == CONST:
|
||||||
secret["value"] = " ".join(l0[1:])
|
secret["value"] = " ".join(l0[1:])
|
||||||
|
@ -151,6 +155,7 @@ def get_secrets_services(secrets):
|
||||||
if svc not in services:
|
if svc not in services:
|
||||||
services[svc] = {
|
services[svc] = {
|
||||||
"dn": "cn=%s,%s"%(svc, SERVICE_DN_SUFFIX),
|
"dn": "cn=%s,%s"%(svc, SERVICE_DN_SUFFIX),
|
||||||
|
"desc": "(not provided)",
|
||||||
"pass": None,
|
"pass": None,
|
||||||
"dn_at": [],
|
"dn_at": [],
|
||||||
"pass_at": [],
|
"pass_at": [],
|
||||||
|
@ -289,7 +294,7 @@ def gen_secrets_base(secrets, regen):
|
||||||
consul_server.kv.put(key, secret["value"])
|
consul_server.kv.put(key, secret["value"])
|
||||||
print(bcolors.OKCYAN, "Value set.", bcolors.ENDC)
|
print(bcolors.OKCYAN, "Value set.", bcolors.ENDC)
|
||||||
|
|
||||||
if secret["type"] == CMD:
|
if secret["type"] == CMD or (secret["type"] == CMD_ONCE and data is None):
|
||||||
print("----")
|
print("----")
|
||||||
print(key)
|
print(key)
|
||||||
print("Executing command:", secret["cmd"])
|
print("Executing command:", secret["cmd"])
|
||||||
|
|
Reference in a new issue