Initial implementation of the __pass type.
This commit is contained in:
parent
2e02c413b6
commit
1b2d41a34a
6 changed files with 154 additions and 0 deletions
71
type/__pass/gencode-local
Executable file
71
type/__pass/gencode-local
Executable file
|
@ -0,0 +1,71 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Joachim Desroches (joachim.desroches@epfl.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
# Length of generated password.
|
||||
LENGTH=
|
||||
|
||||
# Keep password strictly alphanumeric.
|
||||
NOSYMB=
|
||||
|
||||
# Check pass is installed.
|
||||
command -v pass >/dev/null 2>&1 ||
|
||||
{
|
||||
cat <<- EOF >&2
|
||||
__pass: this type requires pass installed.
|
||||
See https://www.passwordstore.org/.
|
||||
EOF
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# Check for optional length parameter.
|
||||
if [ -f "${__object:?}/parameter/length" ];
|
||||
then
|
||||
LENGTH="$(cat "${__object:?}/parameter/length")"
|
||||
fi
|
||||
|
||||
# Check for optional no symbols parameter.
|
||||
if [ -f "${__object:?}/parameter/no-symbols" ];
|
||||
then
|
||||
NOSYMB="-n"
|
||||
fi
|
||||
|
||||
# Load required GPG ID parameters.
|
||||
set --
|
||||
while read -r id;
|
||||
do
|
||||
set -- "$@" "$id"
|
||||
done < "${__object:?}/parameter/gpgid"
|
||||
|
||||
# Load required password store location parameter.
|
||||
PASSWORD_STORE_DIR="$(cat "${__object:?}/parameter/storedir")"
|
||||
export PASSWORD_STORE_DIR
|
||||
|
||||
# Run every time in case GPG IDs are updated.
|
||||
pass init "$@" >/dev/null
|
||||
|
||||
# Generate a password if it does not already exist.
|
||||
if [ ! -f "${PASSWORD_STORE_DIR}/${__object_id:?}.gpg" ];
|
||||
then
|
||||
# shellcheck disable=SC2086
|
||||
pass generate $NOSYMB "${__object_id:?}" $LENGTH
|
||||
fi
|
||||
|
||||
# Send it out to the messages.
|
||||
pass "${__object_id:?}" >> "${__messages_out:?}"
|
79
type/__pass/man.rst
Normal file
79
type/__pass/man.rst
Normal file
|
@ -0,0 +1,79 @@
|
|||
cdist-type__pass(7)
|
||||
===================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__pass - Generate and use passwords using pass(1).
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type allows a user to generate and query passwords stored using pass(1) on
|
||||
the host machine. The password is then printed to the cdist message system, so
|
||||
types depending on this one should require it. This enables an administrator to
|
||||
ensure a password exists using this type and then, from another type, use it as
|
||||
need be.
|
||||
|
||||
This type also sets the GPG IDs used to encrypt the password store: beware that
|
||||
the IDs passed in the last ran invocation of the type will be the ones set for
|
||||
the store.
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
storedir
|
||||
The host-local directory where the password store is to be found (or
|
||||
created if it does not exist).
|
||||
|
||||
|
||||
REQUIRED MULTIPLE PARAMETERS
|
||||
----------------------------
|
||||
gpgid
|
||||
The GPG IDs of the public keys used to encrypt the password store.
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
length
|
||||
The length of the password to be created if it does not exist. Note that if
|
||||
it exists, this has no effect (and hence will not update the password, even
|
||||
if the length is different from the one specified).
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
no-symbols
|
||||
If this parameter is set, then a newly generated password will only contain
|
||||
alphanumeric characters, making it easier for typing by meatware.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
Assuming that __othertype takes the path of the password as an argument and
|
||||
looks up in the cdist messages to find it:
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__pass database/services/arandomservice
|
||||
--storedir password/store/location
|
||||
--gpgpid 92296965EAA1DD86A93284EF7B21E5AA32FB9810
|
||||
|
||||
require='__pass/database/services/arandomservice' \
|
||||
__othertype --password database/service/arandomservice
|
||||
|
||||
--
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
`pass`\ (7)
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Joachim Desroches. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
1
type/__pass/parameter/boolean
Normal file
1
type/__pass/parameter/boolean
Normal file
|
@ -0,0 +1 @@
|
|||
no-symbols
|
1
type/__pass/parameter/optional
Normal file
1
type/__pass/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
|||
length
|
1
type/__pass/parameter/required
Normal file
1
type/__pass/parameter/required
Normal file
|
@ -0,0 +1 @@
|
|||
storedir
|
1
type/__pass/parameter/required_multiple
Normal file
1
type/__pass/parameter/required_multiple
Normal file
|
@ -0,0 +1 @@
|
|||
gpgid
|
Loading…
Reference in a new issue