mirror of
https://github.com/netzbegruenung/passbolt-salt
synced 2024-05-05 13:53:40 +02:00
Add source
This commit is contained in:
parent
936d87ba9b
commit
677f316176
42
README.md
42
README.md
|
@ -1,2 +1,44 @@
|
||||||
# passbolt-salt
|
# passbolt-salt
|
||||||
Script to retrieve Passbolt passwords for Saltstack Pillars
|
Script to retrieve Passbolt passwords for Saltstack Pillars
|
||||||
|
|
||||||
|
# Installation
|
||||||
|
|
||||||
|
1. Clone this repo
|
||||||
|
|
||||||
|
2. Go to directory, run
|
||||||
|
```
|
||||||
|
python3 setup.py
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Create an Passbolt account for the Salt master.
|
||||||
|
|
||||||
|
4. Copy the private and public PGP key files to `/etc/salt`.
|
||||||
|
|
||||||
|
5. Create a `/etc/salt/passbolt.ini` file with the following content:
|
||||||
|
```
|
||||||
|
[PASSBOLT]
|
||||||
|
SERVER = https://pass.netzbegruenung.de
|
||||||
|
#SERVER_PUBLIC_KEY_FILE = <optional: server_public.asc>
|
||||||
|
USER_FINGERPRINT = [REPLACE WITH GPG KEY FINGERPRINT]
|
||||||
|
USER_PUBLIC_KEY_FILE = /etc/salt/passbolt_public.asc
|
||||||
|
USER_PRIVATE_KEY_FILE = /etc/salt/passbolt_private.asc
|
||||||
|
PASSPHRASE = [REPLACE WITH PASSBOLT USER PASSWORD]
|
||||||
|
```
|
||||||
|
|
||||||
|
6. Change file permissions:
|
||||||
|
```
|
||||||
|
chown salt /etc/salt/passbolt*
|
||||||
|
chmod 600 /etc/salt/passbolt*
|
||||||
|
```
|
||||||
|
|
||||||
|
7. Create Pillar sls files where required with the content, replace the group UUID. Look into the example directory. Hint: you can find the Group UUID with the network tool of the browser by clicking on a group.
|
||||||
|
```
|
||||||
|
#!py
|
||||||
|
fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
|
||||||
|
```
|
||||||
|
|
||||||
|
8. In state, reference secrets with their UUID. See the `example/salt/important_secrets/files/secret.conf`. Hint: you can find the secret UUID in the URL of your browser by clicking on the checkbox of a secret.
|
||||||
|
```
|
||||||
|
password={{ pillar['passbolt']['3ec2a739-8e51-4c67-89fb-4bbfe9147e17'] }}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
3
example/pillars/passbolt/myapp.sls
Normal file
3
example/pillars/passbolt/myapp.sls
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#!py
|
||||||
|
fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
|
||||||
|
|
4
example/pillars/top.sls
Normal file
4
example/pillars/top.sls
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
base:
|
||||||
|
'myappserver*':
|
||||||
|
- passbolt.myapp
|
||||||
|
|
2
example/states/important_secret/files/secret.conf
Normal file
2
example/states/important_secret/files/secret.conf
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
user=public
|
||||||
|
password={{ pillar['passbolt']['3ec2a739-8e51-4c67-89fb-4bbfe9147e17'] }}
|
6
example/states/important_secret/init.sls
Normal file
6
example/states/important_secret/init.sls
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
important_secrets:
|
||||||
|
file.managed:
|
||||||
|
- name: /etc/secret.conf
|
||||||
|
- source: salt://important_secrets/files/secret.conf
|
||||||
|
- template: jinja
|
||||||
|
|
4
example/states/top.sls
Normal file
4
example/states/top.sls
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
base:
|
||||||
|
'*':
|
||||||
|
- important_secrets
|
||||||
|
|
30
setup.py
Normal file
30
setup.py
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
"""
|
||||||
|
Setup script
|
||||||
|
"""
|
||||||
|
|
||||||
|
from setuptools import find_packages, setup
|
||||||
|
|
||||||
|
setup(
|
||||||
|
name="salt-passbolt",
|
||||||
|
version="1.0.0",
|
||||||
|
packages=find_packages("src"),
|
||||||
|
package_dir={'': 'src'},
|
||||||
|
include_package_data=True,
|
||||||
|
install_requires=[
|
||||||
|
"passbolt-python-api>=0.1.2",
|
||||||
|
],
|
||||||
|
author="Sven Seeberg (Netzbegrünung e.V.)",
|
||||||
|
author_email="mail@sven-seeberg.de",
|
||||||
|
description="Fetch passwords from Passbolt to build Saltstack pillars",
|
||||||
|
license="MIT",
|
||||||
|
keywords="Passbolt Salt Pillar",
|
||||||
|
url="http://github.com/netzbegruenung/salt-passbolt",
|
||||||
|
classifiers=[
|
||||||
|
'Development Status :: 5 - Production/Stable',
|
||||||
|
'Intended Audience :: Developers',
|
||||||
|
'Programming Language :: Python :: 3.4',
|
||||||
|
'Programming Language :: Python :: 3.5',
|
||||||
|
'Programming Language :: Python :: 3.6',
|
||||||
|
]
|
||||||
|
)
|
28
src/salt_passbolt.py
Normal file
28
src/salt_passbolt.py
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
"""
|
||||||
|
Provides functions to fetch passwords from passbolt api
|
||||||
|
"""
|
||||||
|
import passboltapi # pylint: disable=E0401
|
||||||
|
|
||||||
|
def get_password_list(passbolt_obj, group_uuid):
|
||||||
|
result = list()
|
||||||
|
for i in passbolt_obj.get(url="/resources.json?/resources.json?filter[is-shared-with-group]={}&api-version=v2".format(group_uuid))["body"]:
|
||||||
|
result.append({
|
||||||
|
"id": i["id"],
|
||||||
|
"name": i["name"],
|
||||||
|
"username": i["username"],
|
||||||
|
"uri": i["uri"]
|
||||||
|
})
|
||||||
|
return result
|
||||||
|
|
||||||
|
def generate_pillar(passbolt_obj, group_uuid):
|
||||||
|
result = get_password_list(passbolt_obj, group_uuid)
|
||||||
|
salt = {'passbolt': {}}
|
||||||
|
for i in result:
|
||||||
|
resource = passbolt_obj.get("/secrets/resource/{}.json?api-version=v2".format(i["id"]))
|
||||||
|
salt['passbolt'][i["id"]] = passbolt_obj.decrypt(resource["body"]["data"])
|
||||||
|
return salt
|
||||||
|
|
||||||
|
def fetch_passbolt_passwords(group_uuid):
|
||||||
|
with passboltapi.PassboltAPI(config_path="/etc/salt/passbolt.ini") as passbolt:
|
||||||
|
salt = generate_pillar(passbolt_obj=passbolt, group_uuid)
|
||||||
|
return salt
|
Loading…
Reference in a new issue