diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-10-05 12:24:49 -0400 |
---|---|---|
committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-12-14 23:30:16 +0000 |
commit | affc21ac6c870d068b9dedddce67627f6636dc41 (patch) | |
tree | 308a59b6968dd9434d31a063d69a3ce60da78c8e /config/utils/generate_config.py | |
parent | ff8457dedbdad4207557d9b9d91000a1b2990d34 (diff) |
generate_config: Use eyaml to decrypt secret values
Note: IDF data encryption is not supported. Supporting that is
trivial, but it leads to slightly more complicated code, plus it
breaks support for multiline scalar encrypted data in the PDF ('>'),
forcing us to define each encrypted value as inline string.
While at it, fix silly limitation of jinja2 path residing in a subdir
of CWD.
Change-Id: I441ec754d8b6e4aad2ed73aba0b9b18ed65f05f4
Signed-off-by: agardner <agardner@linuxfoundation.org>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit d2307b5afbf13644bfe6722018ef1975e92680d1)
Diffstat (limited to 'config/utils/generate_config.py')
-rwxr-xr-x | config/utils/generate_config.py | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/config/utils/generate_config.py b/config/utils/generate_config.py index 18af98db..ba4192cb 100755 --- a/config/utils/generate_config.py +++ b/config/utils/generate_config.py @@ -1,10 +1,20 @@ #!/usr/bin/python +############################################################################## +# Copyright (c) 2017 OPNFV and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## """This module does blah blah.""" import argparse import ipaddress +import logging import os import yaml from jinja2 import Environment, FileSystemLoader +from subprocess import CalledProcessError, check_output PARSER = argparse.ArgumentParser() PARSER.add_argument("--yaml", "-y", type=str, required=True) @@ -38,12 +48,20 @@ def dpkg_arch(arch, to_dpkg=True): else: return ARCH_DPKG_TABLE[arch] -ENV = Environment(loader=FileSystemLoader('./')) +ENV = Environment(loader=FileSystemLoader(os.path.dirname(ARGS.jinja2))) ENV.filters['ipaddr_index'] = ipaddr_index ENV.filters['dpkg_arch'] = dpkg_arch -with open(ARGS.yaml) as _: - DICT = yaml.safe_load(_) +# Run `eyaml decrypt` on the whole file, in case any PDF data is encrypted +# Note: eyaml return code is 0 even if keys are not available +try: + DICT = yaml.safe_load(check_output(['eyaml', 'decrypt', '-f', ARGS.yaml])) +except CalledProcessError as ex: + pass +if not DICT: + logging.warn('PDF decryption failed, fallback to using raw data.') + with open(ARGS.yaml) as _: + DICT = yaml.safe_load(_) # If an installer descriptor file (IDF) exists, include it (temporary) IDF_PATH = '/idf-'.join(os.path.split(ARGS.yaml)) @@ -56,6 +74,7 @@ if os.path.exists(IDF_PATH): # print(DICT) # Render template and print generated conf to console -TEMPLATE = ENV.get_template(ARGS.jinja2) +TEMPLATE = ENV.get_template(os.path.basename(ARGS.jinja2)) + #pylint: disable=superfluous-parens print(TEMPLATE.render(conf=DICT)) |