-
-
Save mgwilliams/c24865fb381d482c8855 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import python libs | |
| import logging | |
| # Import third party libs | |
| try: | |
| import gnupg | |
| HAS_GNUPG = True | |
| except ImportError: | |
| HAS_GNUPG = False | |
| # Import Salt libs | |
| import salt.utils | |
| # Set up logger | |
| log = logging.getLogger(__name__) | |
| def __virtual__(): | |
| ''' | |
| Only load the module if gpg and python-gnupg are installed | |
| ''' | |
| if HAS_GNUPG and salt.utils.which('gpg'): | |
| return 'gpg' | |
| return False | |
| def _gpg(): | |
| return gnupg.GPG(gnupghome=__opts__.get('gpg_dir', '/etc/salt/gpg/minion/')) | |
| def _minion_id(): | |
| return __opts__['id'] | |
| def _public_key(): | |
| ''' | |
| Find the public key for this minion | |
| ''' | |
| return _gpg().export_keys(_minion_id()) or None | |
| def generate_key(length=2048): | |
| ''' | |
| Generate the minion's key, if it does not exist. | |
| Returns the public key or None if it already exists. | |
| Returns False if key generation fails. | |
| .. code-block:: bash | |
| salt '*' gpg.generate_key [length=key_length] | |
| length | |
| Length of the key. Default: 2048. | |
| **Examples:** | |
| Generate a key with the default length of 2048: | |
| .. code-block:: bash | |
| salt '*' gpg.generate_key | |
| Generate a longer key: | |
| .. code-block:: bash | |
| salt '*' gpg.generate_key length=4096 | |
| ''' | |
| if _public_key() is not None: | |
| return None | |
| gpg = _gpg() | |
| r = gpg.gen_key(gpg.gen_key_input(name_real=_minion_id(), | |
| name_email=_minion_id(), key_type='RSA', key_length=length)) | |
| return gpg.export_keys(r.fingerprint) or False | |
| def public_key(generate=False, length=2048): | |
| ''' | |
| Return the minion's public key. | |
| .. code-block:: bash | |
| salt '*' gpg.public_key [[generate=(true|false)] length=key_length]] | |
| generate | |
| Generate the minion's key if it does not already exist. | |
| length | |
| Length of the key, if it needs to be generated. | |
| **Examples:** | |
| Get the public key, generating it with the default length of 2048, if needed: | |
| .. code-block:: bash | |
| salt '*' gpg.public_key generate=true | |
| ''' | |
| pub = _public_key() | |
| if pub is None and generate: | |
| return generate_key(length) | |
| else: | |
| return pub | |
| def import_keys(data): | |
| ''' | |
| Import the keys contained in data. | |
| Returns the number of keys if successful or False on error. | |
| .. code-block:: bash | |
| salt '*' gpg.import_keys \\ | |
| "-----BEGIN PGP PUBLIC KEY BLOCK-----\\nVersion: (...) \\n-----END PGP PUBLIC KEY BLOCK-----\\n" | |
| ''' | |
| data = data.replace("\\n", "\n") | |
| r = _gpg().import_keys(data) | |
| if not r.count: | |
| log.warning(r.stderr) | |
| return r.count or False | |
| def decrypt(data): | |
| ''' | |
| Decrypt and verify data. | |
| Returns the decrypted data or False on error. | |
| .. code-block:: bash | |
| salt '*' gpg.decrypt \\ | |
| "-----BEGIN PGP MESSAGE-----\\nVersion: (...) \\n-----END PGP MESSAGE-----\\n" | |
| ''' | |
| data = data.replace("\\n", "\n") | |
| r = _gpg().decrypt(data) | |
| return r.data if r.ok else False |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment