Puppet Function: simplib::passgen::legacy::get

Defined in:
lib/puppet/functions/simplib/passgen/legacy/get.rb
Function type:
Ruby 4.x API

Overview

simplib::passgen::legacy::get(String[1] $identifier)Hash

Retrieves a generated password and any stored attributes that have been stored in files on the local file system at ‘Puppet.settings/simp/environments/$environment/simp_autofiles/gen_passwd/`

Terminates catalog compilation if a legacy password file is inaccessible by the user.

Parameters:

  • identifier (String[1])

    Unique ‘String` to identify the password usage. Must conform to the following:

    • Identifier must contain only the following characters:

      • a-z

      • A-Z

      • 0-9

      • The following special characters: ‘._:-`

Returns:

  • (Hash)

    Password information or {} if the password does not exist

    • ‘value’- Hash containing ‘password’ and ‘salt’ attributes

    • ‘metadata’ - Hash containing ‘history’ attribute.

      • ‘history’ is an Array of <password,hash> pairs that will contain at most 1 entry.

      • No other metadata is provided in legacy mode.

Raises:

  • Exception if a legacy password file is inaccessible by the user



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/puppet/functions/simplib/passgen/legacy/get.rb', line 7

Puppet::Functions.create_function(:'simplib::passgen::legacy::get') do
  # @param identifier Unique `String` to identify the password usage.
  #   Must conform to the following:
  #   * Identifier must contain only the following characters:
  #     * a-z
  #     * A-Z
  #     * 0-9
  #     * The following special characters:  `._:-`
  #
  # @return [Hash] Password information or {} if the password does not exist
  #
  #   * 'value'- Hash containing 'password' and 'salt' attributes
  #   * 'metadata' - Hash containing 'history' attribute.
  #     * 'history' is an Array of  <password,hash> pairs that will contain at most
  #       1 entry.
  #     * No other metadata is provided in legacy mode.
  #
  # @raise Exception if a legacy password file is inaccessible by the user
  #
  dispatch :get do
    required_param 'String[1]', :identifier
  end

  def get(identifier)
    settings = call_function('simplib::passgen::legacy::common_settings')
    password, salt = get_password_info(settings['keydir'], identifier, :current)

    password_info = {}
    unless password.nil?
      password_info = { 'value' => {}, 'metadata' => { 'history' => [] } }
      password_info['value']['password'] = password
      password_info['value']['salt'] = salt

      prev_password, prev_salt = get_password_info(settings['keydir'], identifier, :previous)
      unless prev_password.nil?
        password_info['metadata']['history'] << [ prev_password, prev_salt]
      end
    end

    password_info
  end

  # Read in password and salt information from file
  def get_password_info(keydir, identifier, type)
    password_file = nil
    salt_file = nil
    if type == :current
      password_file = File.join(keydir, identifier)
      salt_file = File.join(keydir, "#{identifier}.salt")
    else
      password_file = File.join(keydir, "#{identifier}.last")
      salt_file = File.join(keydir, "#{identifier}.salt.last")
    end

    password = nil
    salt = nil
    if File.exist?(password_file)
      password = IO.readlines(password_file)[0].to_s.chomp
      if password.empty?
        password = nil
      else
        salt = if File.exist?(salt_file)
                 IO.readlines(salt_file)[0].to_s.chomp
               else
                 ''
               end
      end
    end
    [ password, salt ]
  end
end