From 0c8e686bcd3fc0410349abdaa50ca81daa3bbea9 Mon Sep 17 00:00:00 2001 From: Alex Kotov Date: Sun, 2 Jun 2019 19:56:08 +0500 Subject: [PATCH] Add filter "short_key" --- .gitignore | 2 ++ inventories/production/group_vars/all.yml | 6 +++--- .../filter_plugins/yggdrasil_config_escape.py | 19 +++++++++++++++++++ roles/yggdrasil/templates/yggdrasil.conf | 6 +++--- 4 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 roles/yggdrasil/filter_plugins/yggdrasil_config_escape.py diff --git a/.gitignore b/.gitignore index 5af6b55..0b57097 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ /*.retry + +__pycache__/ diff --git a/inventories/production/group_vars/all.yml b/inventories/production/group_vars/all.yml index 4406967..8e4a67d 100644 --- a/inventories/production/group_vars/all.yml +++ b/inventories/production/group_vars/all.yml @@ -7,7 +7,7 @@ yggdrasil_peers: - "tcp://146.185.176.36:12345" - "tcp://[2a03:b0c0:0:1010::1a7:c001]:12345" - "tcp://ams1.y.sota.sh:8080" -yggdrasil_encryption_public_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -yggdrasil_encryption_private_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -yggdrasil_signing_public_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +yggdrasil_encryption_public_key: "0000000000000000000000000000000000000000000000000000000000000000" +yggdrasil_encryption_private_key: "0000000000000000000000000000000000000000000000000000000000000000" +yggdrasil_signing_public_key: "0000000000000000000000000000000000000000000000000000000000000000" yggdrasil_signing_private_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" diff --git a/roles/yggdrasil/filter_plugins/yggdrasil_config_escape.py b/roles/yggdrasil/filter_plugins/yggdrasil_config_escape.py new file mode 100644 index 0000000..f5d6847 --- /dev/null +++ b/roles/yggdrasil/filter_plugins/yggdrasil_config_escape.py @@ -0,0 +1,19 @@ +import re + +from ansible.errors import AnsibleFilterError + +SHORT_KEY_RE = re.compile(r'^[0-9a-z]{64}$', re.IGNORECASE) + +def short_key(s): + s = str(s) + if not SHORT_KEY_RE.match(s): + raise AnsibleFilterError('Invalid key: %s' % s) + return '"%s"' % s.lower() + +class FilterModule: + '''Filters to validate and escape Yggdrasil configuration variables.''' + + def filters(self): + return { + 'short_key': short_key, + } diff --git a/roles/yggdrasil/templates/yggdrasil.conf b/roles/yggdrasil/templates/yggdrasil.conf index 0926c92..100bfbd 100644 --- a/roles/yggdrasil/templates/yggdrasil.conf +++ b/roles/yggdrasil/templates/yggdrasil.conf @@ -11,9 +11,9 @@ ".*" ], "AllowedEncryptionPublicKeys": [], - "EncryptionPublicKey": "{{ yggdrasil_encryption_public_key }}", - "EncryptionPrivateKey": "{{ yggdrasil_encryption_private_key }}", - "SigningPublicKey": "{{ yggdrasil_signing_public_key }}", + "EncryptionPublicKey": {{ yggdrasil_encryption_public_key | short_key }}, + "EncryptionPrivateKey": {{ yggdrasil_encryption_private_key | short_key }}, + "SigningPublicKey": {{ yggdrasil_signing_public_key | short_key }}, "SigningPrivateKey": "{{ yggdrasil_signing_private_key }}", "LinkLocalTCPPort": 0, "IfName": "auto",