mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-26 03:19:48 +00:00
Add attribute to store root password
We want a non-recoverable form, so hard code it to force it that way.
This commit is contained in:
parent
709ace4c92
commit
09700626b5
@ -97,6 +97,10 @@ node = {
|
||||
'description': ('Classification of node as server or switch'),
|
||||
'validvalues': ('switch', 'server'),
|
||||
},
|
||||
'crypted.rootpassword': {
|
||||
'description': 'The password of the local root password. '
|
||||
'This is stored as a non-recoverable hash.',
|
||||
},
|
||||
'deployment.apikey': {
|
||||
'description': ('Crypt of api key for self api requests by node'),
|
||||
},
|
||||
|
@ -60,6 +60,7 @@ import confluent.util
|
||||
import confluent.netutil as netutil
|
||||
import confluent.exceptions as exc
|
||||
import copy
|
||||
import crypt
|
||||
try:
|
||||
import cPickle
|
||||
except ModuleNotFoundError:
|
||||
@ -475,6 +476,12 @@ def _get_valid_attrname(attrname):
|
||||
return attrname
|
||||
|
||||
|
||||
def hashcrypt_value(value):
|
||||
salt = confluent.util.stringify(base64.b64encode(os.urandom(12)))
|
||||
salt = '$6${0}'.format(salt)
|
||||
return crypt.crypt(value, salt)
|
||||
|
||||
|
||||
def crypt_value(value,
|
||||
key=None,
|
||||
integritykey=None):
|
||||
@ -1760,6 +1767,9 @@ class ConfigManager(object):
|
||||
if 'value' in newdict and attr.startswith("secret."):
|
||||
newdict['cryptvalue'] = crypt_value(newdict['value'])
|
||||
del newdict['value']
|
||||
if 'value' in newdict and attr.startswith("crypted."):
|
||||
newdict['hashvalue'] = hashcrypt_value(newdict['value'])
|
||||
del newdict['value']
|
||||
cfgobj[attr] = newdict
|
||||
if attr == 'nodes':
|
||||
self._sync_nodes_to_group(group=group,
|
||||
@ -2162,6 +2172,9 @@ class ConfigManager(object):
|
||||
if 'value' in newdict and attrname.startswith("secret."):
|
||||
newdict['cryptvalue'] = crypt_value(newdict['value'])
|
||||
del newdict['value']
|
||||
if 'value' in newdict and attrname.startswith("crypted."):
|
||||
newdict['hashvalue'] = hashcrypt_value(newdict['value'])
|
||||
del newdict['value']
|
||||
cfgobj[attrname] = newdict
|
||||
if attrname == 'groups':
|
||||
self._sync_groups_to_node(node=node,
|
||||
|
Loading…
Reference in New Issue
Block a user