forked from Deuxfleurs/infrastructure
45 lines
1.1 KiB
Python
45 lines
1.1 KiB
Python
|
#!/usr/bin/env python3
|
||
|
|
|
||
|
|
"""
|
||
|
|
TODO: this will be a utility to handle secrets in the Consul database
|
||
|
|
for the various components of the Deuxfleurs infrastructure
|
||
|
|
|
||
|
|
Functionnalities:
|
||
|
|
- check that secrets are correctly configured
|
||
|
|
- help user fill in secrets
|
||
|
|
- create LDAP service users and fill in corresponding secrets
|
||
|
|
- maybe one day: manage SSL certificates and keys
|
||
|
|
|
||
|
|
It uses files placed in <module_name>/secrets/* to know what secrets
|
||
|
|
it should handle. These secret files contain directives for what to do
|
||
|
|
about these secrets.
|
||
|
|
|
||
|
|
Example directives:
|
||
|
|
|
||
|
|
USER <description>
|
||
|
|
(a secret that must be filled in by the user)
|
||
|
|
|
||
|
|
USER_LONG <description>
|
||
|
|
(the same, indicates that the secret fits on several lines)
|
||
|
|
|
||
|
|
CONST <constant value>
|
||
|
|
(the secret has a constant value set here)
|
||
|
|
|
||
|
|
CONST_LONG
|
||
|
|
<constant value, several lines>
|
||
|
|
(same)
|
||
|
|
|
||
|
|
SERVICE_DN <service name> <service description>
|
||
|
|
(the LDAP DN of a service user)
|
||
|
|
|
||
|
|
SERVICE_PASSWORD <service name>
|
||
|
|
(the LDAP password for the corresponding service user)
|
||
|
|
|
||
|
|
SSL_CERT <cert name> <list of domains>
|
||
|
|
(a SSL domain for the given domains)
|
||
|
|
|
||
|
|
SSL_KEY <cert name>
|
||
|
|
(the SSL key going with corresponding certificate)
|
||
|
|
"""
|
||
|
|
|