added Cfg drivers for encrypted genshi/cheetah templates

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-05-16 16:40:34 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-05-16 16:40:34 -0400
commit: 6548c501939194cc9927bc9fca3921e3329967f9 (patch)
tree: 0bdf2bcf294fe95088b9e81f3dc8f5427dd561e7 /src
parent: 8b163951cb19c1e70d90ce6f7f8b4a8a6e63da1b (diff)
download: bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.gz
bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.bz2
bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.zip
3 files changed, 71 insertions, 17 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py
new file mode 100644
index 000000000..3911cff62
--- /dev/null
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py
@@ -0,0 +1,14 @@
+import logging
+from Bcfg2.Server.Plugins.Cfg.CfgCheetahGenerator import CfgCheetahGenerator
+from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import CfgEncryptedGenerator
+
+logger = logging.getLogger(__name__)
+
+class CfgEncryptedCheetahGenerator(CfgCheetahGenerator, CfgEncryptedGenerator):
+    __extensions__ = ['cheetah.crypt', 'crypt.cheetah']
+
+    def handle_event(self, event):
+        CfgEncryptedGenerator.handle_event(self, event)
+
+    def get_data(self, entry, metadata):
+        CfgCheetahGenerator.get_data(self, entry, metadata)
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
index 6ba470fd5..9b2db3100 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
@@ -9,6 +9,22 @@ except ImportError:
 
 logger = logging.getLogger(__name__)
 
+def passphrases():
+    section = "cfg:encryption"
+    if SETUP.cfp.has_section(section):
+        return dict([(o, SETUP.cfp.get(section, o))
+                     for o in SETUP.cfp.options(section)])
+    else:
+        return dict()
+
+def decrypt(crypted):
+    for passwd in passphrases().values():
+        try:
+            return ssl_decrypt(crypted, passwd)
+        except EVPError:
+            pass
+    raise EVPError("Failed to decrypt %s" % self.name)
+
 class CfgEncryptedGenerator(CfgGenerator):
     __extensions__ = ["crypt"]
 
@@ -19,15 +35,6 @@ class CfgEncryptedGenerator(CfgGenerator):
             logger.error(msg)
             raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
 
-    @property
-    def passphrases(self):
-        section = "cfg:encryption"
-        if SETUP.cfp.has_section(section):
-            return dict([(o, SETUP.cfp.get(section, o))
-                         for o in SETUP.cfp.options(section)])
-        else:
-            return dict()
-
     def handle_event(self, event):
         if event.code2str() == 'deleted':
             return
@@ -39,14 +46,12 @@ class CfgEncryptedGenerator(CfgGenerator):
             logger.error("Failed to read %s" % self.name)
             return
         # todo: let the user specify a passphrase by name
-        self.data = None
-        for passwd in self.passphrases.values():
-            try:
-                self.data = ssl_decrypt(crypted, passwd)
-                return
-            except EVPError:
-                pass
-        logger.error("Failed to decrypt %s" % self.name)
+        try:
+            self.data = decrypt(crypted)
+        except EVPError:
+            err = sys.exc_info()[1]
+            logger.error(err)
+            raise Bcfg2.Server.Plugin.PluginExecutionError(err)
 
     def get_data(self, entry, metadata):
         if self.data is None:
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py
new file mode 100644
index 000000000..3845c438b
--- /dev/null
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py
@@ -0,0 +1,35 @@
+import logging
+from Bcfg2.Bcfg2Py3k import StringIO
+from Bcfg2.Server.Plugins.Cfg import SETUP
+from Bcfg2.Server.Plugins.Cfg.CfgGenshiGenerator import CfgGenshiGenerator
+from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import decrypt, \
+    CfgEncryptedGenerator
+
+logger = logging.getLogger(__name__)
+
+try:
+    from genshi.template import TemplateLoader, loader
+except ImportError:
+    # CfgGenshiGenerator will raise errors if genshi doesn't exist
+    pass
+
+def crypted_loader(filename):
+    loadfunc = loader.directory(os.path.dirname(filename))
+    filepath, filename, fileobj, uptodate = loadfunc(filename)
+    return (filepath, filename, StringIO(decrypt(fileobj.read())), uptodate)
+    
+
+class CfgEncryptedGenshiGenerator(CfgGenshiGenerator, CfgEncryptedGenerator):
+    __extensions__ = ['genshi.crypt', 'crypt.genshi']
+
+    def __init__(self, fname, spec, encoding):
+        CfgEncryptedGenerator.__init__(self, fname, spec, encoding)
+        CfgGenshiGenerator.__init__(self, fname, spec, encoding)
+        self.loader = TemplateLoader([crypted_loader])
+
+    def handle_event(self, event):
+        CfgEncryptedGenerator.handle_event(self, event)
+        CfgGenshiGenerator.handle_event(self, event)
+
+    def get_data(self, entry, metadata):
+        CfgGenshiGenerator.get_data(self, entry, metadata)
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-05-16 16:40:34 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-05-16 16:40:34 -0400
commit	6548c501939194cc9927bc9fca3921e3329967f9 (patch)
tree	0bdf2bcf294fe95088b9e81f3dc8f5427dd561e7 /src
parent	8b163951cb19c1e70d90ce6f7f8b4a8a6e63da1b (diff)
download	bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.gz bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.bz2 bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.zip