Add CMD_ONCE secret type and fill in/change secret definitions

This commit is contained in:
Alex 2021-01-19 17:53:53 +01:00
parent 9560f80852
commit 1c814f002a
11 changed files with 18 additions and 6 deletions

View file

@ -0,0 +1 @@
CMD openssl rand -hex 32

View file

@ -0,0 +1 @@
SERVICE_PASSWORD easybridge

View file

@ -0,0 +1 @@
CONST easybridge

View file

@ -0,0 +1 @@
CMD openssl rand -hex 32

View file

@ -0,0 +1,2 @@
CMD openssl rand -hex 32

View file

@ -1 +1 @@
USER fb2mx API server token
CMD openssl rand -hex 32

View file

@ -1 +1 @@
USER fb2mx homeserver token
CMD openssl rand -hex 32

View file

@ -0,0 +1 @@
USER Synapse homeserver ed25519 signing key

View file

@ -1 +1 @@
USER Shared secret for homeserver registrations (?)
CMD head -c 32 /dev/urandom | base64

View file

@ -1 +1 @@
CMD openssl rand -base64 32
SERVICE_PASSWORD plume

View file

@ -43,6 +43,9 @@ USER_LONG <description>
CMD <command>
(a secret that is generated by running this command)
CMD_ONCE <command>
(same, but value is not changed when doing a regen)
CONST <constant value>
(the secret has a constant value set here)
@ -81,6 +84,7 @@ consul_server = consul.Consul()
USER = "USER"
USER_LONG = "USER_LONG"
CMD = "CMD"
CMD_ONCE = "CMD_ONCE"
CONST = "CONST"
CONST_LONG = "CONST_LONG"
SERVICE_DN = "SERVICE_DN"
@ -108,7 +112,7 @@ def read_secret(key, file_path):
secret = {"type": stype, "key": key}
if stype in [USER, USER_LONG]:
secret["desc"] = " ".join(l0[1:])
elif stype == CMD:
elif stype in [CMD, CMD_ONCE]:
secret["cmd"] = " ".join(l0[1:])
elif stype == CONST:
secret["value"] = " ".join(l0[1:])
@ -151,6 +155,7 @@ def get_secrets_services(secrets):
if svc not in services:
services[svc] = {
"dn": "cn=%s,%s"%(svc, SERVICE_DN_SUFFIX),
"desc": "(not provided)",
"pass": None,
"dn_at": [],
"pass_at": [],
@ -289,7 +294,7 @@ def gen_secrets_base(secrets, regen):
consul_server.kv.put(key, secret["value"])
print(bcolors.OKCYAN, "Value set.", bcolors.ENDC)
if secret["type"] == CMD:
if secret["type"] == CMD or (secret["type"] == CMD_ONCE and data is None):
print("----")
print(key)
print("Executing command:", secret["cmd"])