diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-05-16 16:40:34 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-05-16 16:40:34 -0400 |
commit | 6548c501939194cc9927bc9fca3921e3329967f9 (patch) | |
tree | 0bdf2bcf294fe95088b9e81f3dc8f5427dd561e7 /src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py | |
parent | 8b163951cb19c1e70d90ce6f7f8b4a8a6e63da1b (diff) | |
download | bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.gz bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.bz2 bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.zip |
added Cfg drivers for encrypted genshi/cheetah templates
Diffstat (limited to 'src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py index 6ba470fd5..9b2db3100 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py @@ -9,6 +9,22 @@ except ImportError: logger = logging.getLogger(__name__) +def passphrases(): + section = "cfg:encryption" + if SETUP.cfp.has_section(section): + return dict([(o, SETUP.cfp.get(section, o)) + for o in SETUP.cfp.options(section)]) + else: + return dict() + +def decrypt(crypted): + for passwd in passphrases().values(): + try: + return ssl_decrypt(crypted, passwd) + except EVPError: + pass + raise EVPError("Failed to decrypt %s" % self.name) + class CfgEncryptedGenerator(CfgGenerator): __extensions__ = ["crypt"] @@ -19,15 +35,6 @@ class CfgEncryptedGenerator(CfgGenerator): logger.error(msg) raise Bcfg2.Server.Plugin.PluginExecutionError(msg) - @property - def passphrases(self): - section = "cfg:encryption" - if SETUP.cfp.has_section(section): - return dict([(o, SETUP.cfp.get(section, o)) - for o in SETUP.cfp.options(section)]) - else: - return dict() - def handle_event(self, event): if event.code2str() == 'deleted': return @@ -39,14 +46,12 @@ class CfgEncryptedGenerator(CfgGenerator): logger.error("Failed to read %s" % self.name) return # todo: let the user specify a passphrase by name - self.data = None - for passwd in self.passphrases.values(): - try: - self.data = ssl_decrypt(crypted, passwd) - return - except EVPError: - pass - logger.error("Failed to decrypt %s" % self.name) + try: + self.data = decrypt(crypted) + except EVPError: + err = sys.exc_info()[1] + logger.error(err) + raise Bcfg2.Server.Plugin.PluginExecutionError(err) def get_data(self, entry, metadata): if self.data is None: |