Class: Simp::Cli::Config::Utils
- Inherits:
-
Object
- Object
- Simp::Cli::Config::Utils
- Defined in:
- lib/simp/cli/config/utils.rb
Constant Summary collapse
- DEFAULT_PASSWORD_LENGTH =
32
Class Method Summary collapse
-
.encrypt_openldap_hash(string, salt = nil) ⇒ Object
pure-ruby openldap hash generator.
- .generate_certificates(hostnames, ca_dir = '/etc/puppet/environments/simp/FakeCA') ⇒ Object
- .generate_password(length = DEFAULT_PASSWORD_LENGTH) ⇒ Object
- .validate_fqdn(fqdn) ⇒ Object
- .validate_hiera_lookup(x) ⇒ Object
- .validate_hostname(hostname) ⇒ Object
- .validate_ip(ip) ⇒ Object
- .validate_netmask(x) ⇒ Object
- .validate_openldap_hash(x) ⇒ Object
-
.validate_password(password) ⇒ Object
NOTE: requires shell-based cracklib TODO: should we find a better way of returning specific error messages than an exception?.
Class Method Details
.encrypt_openldap_hash(string, salt = nil) ⇒ Object
pure-ruby openldap hash generator
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/simp/cli/config/utils.rb', line 87 def encrypt_openldap_hash( string, salt=nil ) require 'digest/sha1' require 'base64' # Ruby 1.8.7 hack to do Random.new.bytes(4): salt = salt || (x = ''; 4.times{ x += ((rand * 255).floor.chr ) }; x) digest = Digest::SHA1.digest( string + salt ) # NOTE: Digest::SHA1.digest in Ruby 1.9+ returns a String encoding in # ASCII-8BIT, whereas all other Strings in play are UTF-8 if RUBY_VERSION.split('.')[0..1].join('.').to_f > 1.8 digest = digest.force_encoding( 'UTF-8' ) salt = salt.force_encoding( 'UTF-8' ) end "{SSHA}"+Base64.encode64( digest + salt ).chomp end |
.generate_certificates(hostnames, ca_dir = '/etc/puppet/environments/simp/FakeCA') ⇒ Object
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'lib/simp/cli/config/utils.rb', line 111 def generate_certificates( hostnames, ca_dir='/etc/puppet/environments/simp/FakeCA' ) result = true Dir.chdir( ca_dir ) do File.open('togen', 'w'){|file| hostnames.each{ |host| file.puts host }} # NOTE: script must exist in ca_dir result = system('./gencerts_nopass.sh auto') && result # blank file so subsequent runs don't re-key our hosts File.open('togen', 'w'){ |file| file.truncate(0) } end result end |
.generate_password(length = DEFAULT_PASSWORD_LENGTH) ⇒ Object
73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/simp/cli/config/utils.rb', line 73 def generate_password( length = DEFAULT_PASSWORD_LENGTH ) password = '' special_chars = ['#','%','&','*','+','-','.',':','@'] symbols = ('0'..'9').to_a + ('A'..'Z').to_a + ('a'..'z').to_a Integer(length).times { |i| password += (symbols + special_chars)[rand((symbols.length-1 + special_chars.length-1))] } # Ensure that the password does not start or end with a special # character. special_chars.include?(password[0].chr) and password[0] = symbols[rand(symbols.length-1)] special_chars.include?(password[password.length-1].chr) and password[password.length-1] = symbols[rand(symbols.length-1)] password end |
.validate_fqdn(fqdn) ⇒ Object
10 11 12 13 14 15 |
# File 'lib/simp/cli/config/utils.rb', line 10 def validate_fqdn fqdn # snarfed from: # https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html regex = %r{\A((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\Z} ((fqdn =~ regex) ? true : false ) end |
.validate_hiera_lookup(x) ⇒ Object
49 50 51 |
# File 'lib/simp/cli/config/utils.rb', line 49 def validate_hiera_lookup( x ) x.to_s.strip =~ %r@\%\{.+\}@ ? true : false end |
.validate_hostname(hostname) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/simp/cli/config/utils.rb', line 27 def validate_hostname hostname # based on: # http://stackoverflow.com/questions/2532053/validate-a-hostname-string # # nicer solution that only works on ruby1.9+: # ( hostname =~ %r{\A(?!-)[a-z0-9-]{1,63}(?<!-)\Z} ) ? true : false # # ruby1.8-safe version: (( hostname =~ %r{\A[a-z0-9-]{1,63}\Z} ) ? true : false ) && (( hostname !~ %r{^-|-$} ) ? true : false ) end |
.validate_ip(ip) ⇒ Object
18 19 20 21 22 23 24 |
# File 'lib/simp/cli/config/utils.rb', line 18 def validate_ip ip # using the native 'resolv' class in order to minimize non-EL rubygems # snarfed from: # http://stackoverflow.com/questions/3634998/how-do-i-check-whether-a-value-in-a-string-is-an-ip-address require 'resolv' ((ip =~ Resolv::IPv4::Regex) || (ip =~ Resolv::IPv6::Regex)) ? true : false end |
.validate_netmask(x) ⇒ Object
40 41 42 43 44 45 46 |
# File 'lib/simp/cli/config/utils.rb', line 40 def validate_netmask( x ) # a brute-force regexp that validates all possible valid netmasks nums = '(128|192|224|240|248|252|254)' znums = '(0|128|192|224|240|248|252|254)' regex = /^((#{nums}\.0\.0\.0)|(255\.#{znums}\.0\.0)|(255\.255\.#{znums}\.0)|(255\.255\.255\.#{znums}))$/i x =~ regex ? true: false end |
.validate_openldap_hash(x) ⇒ Object
106 107 108 |
# File 'lib/simp/cli/config/utils.rb', line 106 def validate_openldap_hash( x ) (x =~ %r@\{SSHA\}[A-Za-z0-9=+/]+@ ) ? true : false end |
.validate_password(password) ⇒ Object
NOTE: requires shell-based cracklib TODO: should we find a better way of returning specific error messages than an exception?
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/simp/cli/config/utils.rb', line 56 def validate_password( password ) require 'shellwords' if password.length < 8 raise Simp::Cli::Config::PasswordError, "Password must be at least 8 characters long" false else pass_result = `echo #{Shellwords.escape(password)} | cracklib-check`.split(':').last.strip if pass_result == "OK" true else raise Simp::Cli::Config::PasswordError, "Invalid Password: #{pass_result}" false end end end |