forked from Deuxfleurs/infrastructure
Add CMD_ONCE secret type and fill in/change secret definitions
This commit is contained in:
parent
9560f80852
commit
1c814f002a
11 changed files with 18 additions and 6 deletions
1
app/im/secrets/chat/easybridge/as_token
Normal file
1
app/im/secrets/chat/easybridge/as_token
Normal file
|
@ -0,0 +1 @@
|
|||
CMD openssl rand -hex 32
|
1
app/im/secrets/chat/easybridge/db_pass
Normal file
1
app/im/secrets/chat/easybridge/db_pass
Normal file
|
@ -0,0 +1 @@
|
|||
SERVICE_PASSWORD easybridge
|
1
app/im/secrets/chat/easybridge/db_user
Normal file
1
app/im/secrets/chat/easybridge/db_user
Normal file
|
@ -0,0 +1 @@
|
|||
CONST easybridge
|
1
app/im/secrets/chat/easybridge/hs_token
Normal file
1
app/im/secrets/chat/easybridge/hs_token
Normal file
|
@ -0,0 +1 @@
|
|||
CMD openssl rand -hex 32
|
2
app/im/secrets/chat/easybridge/web_session_key
Normal file
2
app/im/secrets/chat/easybridge/web_session_key
Normal file
|
@ -0,0 +1,2 @@
|
|||
CMD openssl rand -hex 32
|
||||
|
|
@ -1 +1 @@
|
|||
USER fb2mx API server token
|
||||
CMD openssl rand -hex 32
|
||||
|
|
|
@ -1 +1 @@
|
|||
USER fb2mx homeserver token
|
||||
CMD openssl rand -hex 32
|
||||
|
|
1
app/im/secrets/chat/synapse/homeserver.signing.key
Normal file
1
app/im/secrets/chat/synapse/homeserver.signing.key
Normal file
|
@ -0,0 +1 @@
|
|||
USER Synapse homeserver ed25519 signing key
|
|
@ -1 +1 @@
|
|||
USER Shared secret for homeserver registrations (?)
|
||||
CMD head -c 32 /dev/urandom | base64
|
||||
|
|
|
@ -1 +1 @@
|
|||
CMD openssl rand -base64 32
|
||||
SERVICE_PASSWORD plume
|
||||
|
|
|
@ -43,6 +43,9 @@ USER_LONG <description>
|
|||
CMD <command>
|
||||
(a secret that is generated by running this command)
|
||||
|
||||
CMD_ONCE <command>
|
||||
(same, but value is not changed when doing a regen)
|
||||
|
||||
CONST <constant value>
|
||||
(the secret has a constant value set here)
|
||||
|
||||
|
@ -81,6 +84,7 @@ consul_server = consul.Consul()
|
|||
USER = "USER"
|
||||
USER_LONG = "USER_LONG"
|
||||
CMD = "CMD"
|
||||
CMD_ONCE = "CMD_ONCE"
|
||||
CONST = "CONST"
|
||||
CONST_LONG = "CONST_LONG"
|
||||
SERVICE_DN = "SERVICE_DN"
|
||||
|
@ -108,7 +112,7 @@ def read_secret(key, file_path):
|
|||
secret = {"type": stype, "key": key}
|
||||
if stype in [USER, USER_LONG]:
|
||||
secret["desc"] = " ".join(l0[1:])
|
||||
elif stype == CMD:
|
||||
elif stype in [CMD, CMD_ONCE]:
|
||||
secret["cmd"] = " ".join(l0[1:])
|
||||
elif stype == CONST:
|
||||
secret["value"] = " ".join(l0[1:])
|
||||
|
@ -151,6 +155,7 @@ def get_secrets_services(secrets):
|
|||
if svc not in services:
|
||||
services[svc] = {
|
||||
"dn": "cn=%s,%s"%(svc, SERVICE_DN_SUFFIX),
|
||||
"desc": "(not provided)",
|
||||
"pass": None,
|
||||
"dn_at": [],
|
||||
"pass_at": [],
|
||||
|
@ -289,7 +294,7 @@ def gen_secrets_base(secrets, regen):
|
|||
consul_server.kv.put(key, secret["value"])
|
||||
print(bcolors.OKCYAN, "Value set.", bcolors.ENDC)
|
||||
|
||||
if secret["type"] == CMD:
|
||||
if secret["type"] == CMD or (secret["type"] == CMD_ONCE and data is None):
|
||||
print("----")
|
||||
print(key)
|
||||
print("Executing command:", secret["cmd"])
|
||||
|
|
Loading…
Reference in a new issue