Initial implementation of the __pass type.

This commit is contained in:
sparrowhawk 2020-12-17 13:29:03 +01:00
parent 2e02c413b6
commit 1b2d41a34a
No known key found for this signature in database
GPG key ID: 6778C9C29C02D691
6 changed files with 154 additions and 0 deletions

71
type/__pass/gencode-local Executable file
View file

@ -0,0 +1,71 @@
#!/bin/sh -e
#
# 2020 Joachim Desroches (joachim.desroches@epfl.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Length of generated password.
LENGTH=
# Keep password strictly alphanumeric.
NOSYMB=
# Check pass is installed.
command -v pass >/dev/null 2>&1 ||
{
cat <<- EOF >&2
__pass: this type requires pass installed.
See https://www.passwordstore.org/.
EOF
exit 1;
}
# Check for optional length parameter.
if [ -f "${__object:?}/parameter/length" ];
then
LENGTH="$(cat "${__object:?}/parameter/length")"
fi
# Check for optional no symbols parameter.
if [ -f "${__object:?}/parameter/no-symbols" ];
then
NOSYMB="-n"
fi
# Load required GPG ID parameters.
set --
while read -r id;
do
set -- "$@" "$id"
done < "${__object:?}/parameter/gpgid"
# Load required password store location parameter.
PASSWORD_STORE_DIR="$(cat "${__object:?}/parameter/storedir")"
export PASSWORD_STORE_DIR
# Run every time in case GPG IDs are updated.
pass init "$@" >/dev/null
# Generate a password if it does not already exist.
if [ ! -f "${PASSWORD_STORE_DIR}/${__object_id:?}.gpg" ];
then
# shellcheck disable=SC2086
pass generate $NOSYMB "${__object_id:?}" $LENGTH
fi
# Send it out to the messages.
pass "${__object_id:?}" >> "${__messages_out:?}"

79
type/__pass/man.rst Normal file
View file

@ -0,0 +1,79 @@
cdist-type__pass(7)
===================
NAME
----
cdist-type__pass - Generate and use passwords using pass(1).
DESCRIPTION
-----------
This type allows a user to generate and query passwords stored using pass(1) on
the host machine. The password is then printed to the cdist message system, so
types depending on this one should require it. This enables an administrator to
ensure a password exists using this type and then, from another type, use it as
need be.
This type also sets the GPG IDs used to encrypt the password store: beware that
the IDs passed in the last ran invocation of the type will be the ones set for
the store.
REQUIRED PARAMETERS
-------------------
storedir
The host-local directory where the password store is to be found (or
created if it does not exist).
REQUIRED MULTIPLE PARAMETERS
----------------------------
gpgid
The GPG IDs of the public keys used to encrypt the password store.
OPTIONAL PARAMETERS
-------------------
length
The length of the password to be created if it does not exist. Note that if
it exists, this has no effect (and hence will not update the password, even
if the length is different from the one specified).
BOOLEAN PARAMETERS
------------------
no-symbols
If this parameter is set, then a newly generated password will only contain
alphanumeric characters, making it easier for typing by meatware.
EXAMPLES
--------
Assuming that __othertype takes the path of the password as an argument and
looks up in the cdist messages to find it:
.. code-block:: sh
__pass database/services/arandomservice
--storedir password/store/location
--gpgpid 92296965EAA1DD86A93284EF7B21E5AA32FB9810
require='__pass/database/services/arandomservice' \
__othertype --password database/service/arandomservice
--
SEE ALSO
--------
`pass`\ (7)
AUTHORS
-------
Joachim Desroches <joachim.desroches@epfl.ch>
COPYING
-------
Copyright \(C) 2020 Joachim Desroches. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
no-symbols

View file

@ -0,0 +1 @@
length

View file

@ -0,0 +1 @@
storedir

View file

@ -0,0 +1 @@
gpgid