Add source
This commit is contained in:
parent
936d87ba9b
commit
677f316176
42
README.md
42
README.md
|
@ -1,2 +1,44 @@
|
|||
# passbolt-salt
|
||||
Script to retrieve Passbolt passwords for Saltstack Pillars
|
||||
|
||||
# Installation
|
||||
|
||||
1. Clone this repo
|
||||
|
||||
2. Go to directory, run
|
||||
```
|
||||
python3 setup.py
|
||||
```
|
||||
|
||||
3. Create an Passbolt account for the Salt master.
|
||||
|
||||
4. Copy the private and public PGP key files to `/etc/salt`.
|
||||
|
||||
5. Create a `/etc/salt/passbolt.ini` file with the following content:
|
||||
```
|
||||
[PASSBOLT]
|
||||
SERVER = https://pass.netzbegruenung.de
|
||||
#SERVER_PUBLIC_KEY_FILE = <optional: server_public.asc>
|
||||
USER_FINGERPRINT = [REPLACE WITH GPG KEY FINGERPRINT]
|
||||
USER_PUBLIC_KEY_FILE = /etc/salt/passbolt_public.asc
|
||||
USER_PRIVATE_KEY_FILE = /etc/salt/passbolt_private.asc
|
||||
PASSPHRASE = [REPLACE WITH PASSBOLT USER PASSWORD]
|
||||
```
|
||||
|
||||
6. Change file permissions:
|
||||
```
|
||||
chown salt /etc/salt/passbolt*
|
||||
chmod 600 /etc/salt/passbolt*
|
||||
```
|
||||
|
||||
7. Create Pillar sls files where required with the content, replace the group UUID. Look into the example directory. Hint: you can find the Group UUID with the network tool of the browser by clicking on a group.
|
||||
```
|
||||
#!py
|
||||
fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
|
||||
```
|
||||
|
||||
8. In state, reference secrets with their UUID. See the `example/salt/important_secrets/files/secret.conf`. Hint: you can find the secret UUID in the URL of your browser by clicking on the checkbox of a secret.
|
||||
```
|
||||
password={{ pillar['passbolt']['3ec2a739-8e51-4c67-89fb-4bbfe9147e17'] }}
|
||||
```
|
||||
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
#!py
|
||||
fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
base:
|
||||
'myappserver*':
|
||||
- passbolt.myapp
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
user=public
|
||||
password={{ pillar['passbolt']['3ec2a739-8e51-4c67-89fb-4bbfe9147e17'] }}
|
|
@ -0,0 +1,6 @@
|
|||
important_secrets:
|
||||
file.managed:
|
||||
- name: /etc/secret.conf
|
||||
- source: salt://important_secrets/files/secret.conf
|
||||
- template: jinja
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
base:
|
||||
'*':
|
||||
- important_secrets
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
#!/usr/bin/env python3
|
||||
"""
|
||||
Setup script
|
||||
"""
|
||||
|
||||
from setuptools import find_packages, setup
|
||||
|
||||
setup(
|
||||
name="salt-passbolt",
|
||||
version="1.0.0",
|
||||
packages=find_packages("src"),
|
||||
package_dir={'': 'src'},
|
||||
include_package_data=True,
|
||||
install_requires=[
|
||||
"passbolt-python-api>=0.1.2",
|
||||
],
|
||||
author="Sven Seeberg (Netzbegrünung e.V.)",
|
||||
author_email="mail@sven-seeberg.de",
|
||||
description="Fetch passwords from Passbolt to build Saltstack pillars",
|
||||
license="MIT",
|
||||
keywords="Passbolt Salt Pillar",
|
||||
url="http://github.com/netzbegruenung/salt-passbolt",
|
||||
classifiers=[
|
||||
'Development Status :: 5 - Production/Stable',
|
||||
'Intended Audience :: Developers',
|
||||
'Programming Language :: Python :: 3.4',
|
||||
'Programming Language :: Python :: 3.5',
|
||||
'Programming Language :: Python :: 3.6',
|
||||
]
|
||||
)
|
|
@ -0,0 +1,28 @@
|
|||
"""
|
||||
Provides functions to fetch passwords from passbolt api
|
||||
"""
|
||||
import passboltapi # pylint: disable=E0401
|
||||
|
||||
def get_password_list(passbolt_obj, group_uuid):
|
||||
result = list()
|
||||
for i in passbolt_obj.get(url="/resources.json?/resources.json?filter[is-shared-with-group]={}&api-version=v2".format(group_uuid))["body"]:
|
||||
result.append({
|
||||
"id": i["id"],
|
||||
"name": i["name"],
|
||||
"username": i["username"],
|
||||
"uri": i["uri"]
|
||||
})
|
||||
return result
|
||||
|
||||
def generate_pillar(passbolt_obj, group_uuid):
|
||||
result = get_password_list(passbolt_obj, group_uuid)
|
||||
salt = {'passbolt': {}}
|
||||
for i in result:
|
||||
resource = passbolt_obj.get("/secrets/resource/{}.json?api-version=v2".format(i["id"]))
|
||||
salt['passbolt'][i["id"]] = passbolt_obj.decrypt(resource["body"]["data"])
|
||||
return salt
|
||||
|
||||
def fetch_passbolt_passwords(group_uuid):
|
||||
with passboltapi.PassboltAPI(config_path="/etc/salt/passbolt.ini") as passbolt:
|
||||
salt = generate_pillar(passbolt_obj=passbolt, group_uuid)
|
||||
return salt
|
Loading…
Reference in New Issue