Add filter "short_key"

2019-06-02 19:56:08 +05:00 · 2019-06-02 19:56:08 +05:00 · 0c8e686bcd
commit 0c8e686bcd
parent 227623ff40
4 changed files with 27 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 /*.retry
+
+__pycache__/
--- a/inventories/production/group_vars/all.yml
+++ b/inventories/production/group_vars/all.yml
@ -7,7 +7,7 @@ yggdrasil_peers:
  - "tcp://146.185.176.36:12345"
  - "tcp://[2a03:b0c0:0:1010::1a7:c001]:12345"
  - "tcp://ams1.y.sota.sh:8080"
-yggdrasil_encryption_public_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-yggdrasil_encryption_private_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-yggdrasil_signing_public_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+yggdrasil_encryption_public_key: "0000000000000000000000000000000000000000000000000000000000000000"
+yggdrasil_encryption_private_key: "0000000000000000000000000000000000000000000000000000000000000000"
+yggdrasil_signing_public_key: "0000000000000000000000000000000000000000000000000000000000000000"
 yggdrasil_signing_private_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--- a/roles/yggdrasil/filter_plugins/yggdrasil_config_escape.py
+++ b/roles/yggdrasil/filter_plugins/yggdrasil_config_escape.py
@ -0,0 +1,19 @@
+import re
+
+from ansible.errors import AnsibleFilterError
+
+SHORT_KEY_RE = re.compile(r'^[0-9a-z]{64}$', re.IGNORECASE)
+
+def short_key(s):
+    s = str(s)
+    if not SHORT_KEY_RE.match(s):
+        raise AnsibleFilterError('Invalid key: %s' % s)
+    return '"%s"' % s.lower()
+
+class FilterModule:
+    '''Filters to validate and escape Yggdrasil configuration variables.'''
+
+    def filters(self):
+        return {
+                'short_key': short_key,
+        }
--- a/roles/yggdrasil/templates/yggdrasil.conf
+++ b/roles/yggdrasil/templates/yggdrasil.conf
@ -11,9 +11,9 @@
    ".*"
  ],
  "AllowedEncryptionPublicKeys": [],
-  "EncryptionPublicKey": "{{ yggdrasil_encryption_public_key }}",
-  "EncryptionPrivateKey": "{{ yggdrasil_encryption_private_key }}",
-  "SigningPublicKey": "{{ yggdrasil_signing_public_key }}",
+  "EncryptionPublicKey":  {{ yggdrasil_encryption_public_key  | short_key }},
+  "EncryptionPrivateKey": {{ yggdrasil_encryption_private_key | short_key }},
+  "SigningPublicKey":     {{ yggdrasil_signing_public_key     | short_key }},
  "SigningPrivateKey": "{{ yggdrasil_signing_private_key }}",
  "LinkLocalTCPPort": 0,
  "IfName": "auto",