0001-Fix-4648-store-default-values-securely.patch
lib/kafo/configuration.rb | ||
---|---|---|
1 | 1 |
# encoding: UTF-8 |
2 | 2 |
require 'yaml' |
3 |
require 'tmpdir' |
|
3 | 4 |
require 'kafo/puppet_module' |
4 | 5 |
require 'kafo/password_manager' |
5 | 6 | |
... | ... | |
74 | 75 | |
75 | 76 |
def params_default_values |
76 | 77 |
@params_default_values ||= begin |
78 |
@logger.debug "Creating tmp dir within #{app[:default_values_dir]}..." |
|
79 |
temp_dir = Dir.mktmpdir(nil, app[:default_values_dir]) |
|
80 |
KafoConfigure.register_cleanup_path temp_dir |
|
77 | 81 |
@logger.info "Parsing default values from puppet modules..." |
78 |
command = PuppetCommand.new("#{includes} dump_values(#{params})").append('2>&1').command |
|
82 |
command = PuppetCommand.new("$temp_dir=\"#{temp_dir}\" #{includes} dump_values(#{params})").append('2>&1').command
|
|
79 | 83 |
@logger.debug `#{command}` |
80 | 84 |
unless $?.exitstatus == 0 |
81 | 85 |
log = app[:log_dir] + '/' + app[:log_name] |
... | ... | |
84 | 88 |
KafoConfigure.exit(:defaults_error) |
85 | 89 |
end |
86 | 90 |
@logger.info "... finished" |
87 |
YAML.load_file(File.join(KafoConfigure.config.app[:default_values_dir], 'default_values.yaml'))
|
|
91 |
YAML.load_file(File.join(temp_dir, 'default_values.yaml'))
|
|
88 | 92 |
end |
89 | 93 |
end |
90 | 94 |
lib/kafo/kafo_configure.rb | ||
---|---|---|
17 | 17 |
class KafoConfigure < Clamp::Command |
18 | 18 |
include StringHelper |
19 | 19 | |
20 | ||
21 | 20 |
class << self |
22 | 21 |
attr_accessor :config, :root_dir, :config_file, :gem_root, :temp_config_file, |
23 | 22 |
:modules_dir, :kafo_modules_dir, :verbose, :app_options, :logger |
24 | 23 |
attr_writer :hooking |
25 | 24 | |
25 |
def cleanup_paths |
|
26 |
@cleanup_paths ||= [] |
|
27 |
end |
|
28 | ||
26 | 29 |
def hooking |
27 | 30 |
@hooking ||= Hooking.new |
28 | 31 |
end |
... | ... | |
105 | 108 |
end |
106 | 109 | |
107 | 110 |
def self.exit(code) |
111 |
cleanup |
|
108 | 112 |
@exit_code = translate_exit_code(code) |
109 | 113 |
throw :exit |
110 | 114 |
end |
... | ... | |
128 | 132 |
end |
129 | 133 |
end |
130 | 134 | |
135 |
def self.cleanup |
|
136 |
# make sure default values are removed from /tmp |
|
137 |
(self.cleanup_paths + ['/tmp/default_values.yaml']).each do |file| |
|
138 |
logger.debug "Cleaning #{file}" |
|
139 |
FileUtils.rm_rf(file) |
|
140 |
end |
|
141 |
end |
|
142 | ||
143 |
def self.register_cleanup_path(path) |
|
144 |
self.cleanup_paths<< path |
|
145 |
end |
|
146 | ||
147 |
def register_cleanup_path(path) |
|
148 |
self.class.register_cleanup_path(path) |
|
149 |
end |
|
150 | ||
151 |
def cleanup_paths |
|
152 |
self.class.cleanup_paths |
|
153 |
end |
|
154 | ||
131 | 155 |
def help |
132 | 156 |
self.class.help(invocation_path, self) |
133 | 157 |
end |
modules/kafo_configure/lib/puppet/parser/functions/dump_values.rb | ||
---|---|---|
9 | 9 |
[arg, found_value.nil? ? arg : found_value] |
10 | 10 |
end |
11 | 11 |
data = Hash[data] |
12 |
dump_dir = YAML.load_file(lookupvar('kafo_config_file'))[:default_values_dir] |
|
13 |
File.open("#{dump_dir}/default_values.yaml", 'w') { |file| file.write(YAML.dump(data)) } |
|
12 | ||
13 |
dump_dir = lookupvar('temp_dir') |
|
14 |
file_name = "#{dump_dir}/default_values.yaml" |
|
15 | ||
16 |
File.open(file_name, File::WRONLY|File::CREAT|File::EXCL, 0600) { |file| file.write(YAML.dump(data)) } |
|
14 | 17 |
end |
15 | 18 |
end |
16 |
- |