kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Update cookbooks and add wordpress cookbook

Browse Source
This commit is contained in:
Greg Karékinian
2016-02-19 18:09:49 +01:00
parent 9ba973e3ac
commit 820b0ab3f8
606 changed files with 22421 additions and 14084 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
cookbooks/openssl/libraries/helpers.rb Normal file
View File

@@ -0,0 +1,60 @@
module OpenSSLCookbook
# Helper functions for the OpenSSL cookbook.
module Helpers
def self.included(_base)
require 'openssl' unless defined?(OpenSSL)
end
# Path helpers
def get_key_filename(cert_filename)
cert_file_path, cert_filename = ::File.split(cert_filename)
cert_filename = ::File.basename(cert_filename, ::File.extname(cert_filename))
cert_file_path + ::File::SEPARATOR + cert_filename + '.key'
end
# Validation helpers
def key_length_valid?(number)
number >= 1024 && number & (number - 1) == 0
end
def dhparam_pem_valid?(dhparam_pem_path)
# Check if the dhparam.pem file exists
# Verify the dhparam.pem file contains a key
return false unless File.exist?(dhparam_pem_path)
dhparam = OpenSSL::PKey::DH.new File.read(dhparam_pem_path)
dhparam.params_ok?
end
def key_file_valid?(key_file_path, key_password = nil)
# Check if the key file exists
# Verify the key file contains a private key
return false unless File.exist?(key_file_path)
key = OpenSSL::PKey::RSA.new File.read(key_file_path), key_password
key.private?
end
# Generators
def gen_dhparam(key_length, generator)
fail ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length)
fail TypeError, 'Generator must be an integer' unless generator.is_a?(Integer)
OpenSSL::PKey::DH.new(key_length, generator)
end
def gen_rsa_key(key_length)
fail ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length)
OpenSSL::PKey::RSA.new(key_length)
end
# Key manipulation helpers
# Returns a pem string
def encrypt_rsa_key(rsa_key, key_password)
fail TypeError, 'rsa_key must be a Ruby OpenSSL::PKey::RSA object' unless rsa_key.is_a?(OpenSSL::PKey::RSA)
fail TypeError, 'RSA key password must be a string' unless key_password.is_a?(String)
cipher = OpenSSL::Cipher::Cipher.new('des3')
rsa_key.to_pem(cipher, key_password)
end
end
end

13
cookbooks/openssl/libraries/matchers.rb Normal file
View File

@@ -0,0 +1,13 @@
if defined?(ChefSpec)
def create_x509_certificate(name)
ChefSpec::Matchers::ResourceMatcher.new(:openssl_x509, :create, name)
end
def create_dhparam_pem(name)
ChefSpec::Matchers::ResourceMatcher.new(:openssl_dhparam, :create, name)
end
def create_rsa_key(name)
ChefSpec::Matchers::ResourceMatcher.new(:openssl_rsa_key, :create, name)
end
end

82
cookbooks/openssl/libraries/random_password.rb Normal file
View File

@@ -0,0 +1,82 @@
#
# Cookbook Name:: openssl
# Library:: random_password
# Author:: Seth Vargo <sethvargo@gmail.com>
#
# Copyright 2015, Seth Vargo
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# rubocop:disable UnusedMethodArgument, Style/RaiseArgs
module OpenSSLCookbook
module RandomPassword
# Override the included method to require securerandom if it is not defined.
# This avoids the need to load the class on each Chef run unless the user is
# explicitly requiring it.
def self.included(base)
require 'securerandom' unless defined?(SecureRandom)
end
class InvalidPasswordMode < StandardError
def initialize(given, acceptable)
super <<-EOH
The given password mode '#{given}' is not valid. Valid password modes are :hex,
:base64, and :random_bytes!
EOH
end
end
#
# Generates a random password using {SecureRandom}.
#
# @example Generating a random (hex) password (of 20 characters)
# random_password #=> "1930e99aa035083bdd93d1d8f11cb7ac8f625c9c"
#
# @example Generating a random base64 password that is 50 characters
# random_password(mode: :base64, length: 50) #=> "72o5oVbKHHEVYj1nOgFB2EijnzZfnrbfasVuF+oRH8wMgb0QWoYZF/OkrQricp1ENoI="
#
# @example Generate a password with a forced encoding
# random_password(encoding: "ASCII")
#
# @param [Hash] options
# @option options [Fixnum] :length
# the number of bits to use in the password
# @option options [Symbol] :mode
# the type of random password to generate - valid values are
# `:hex`, `:base64`, or `:random_bytes`
# @option options [String, Symbol, Constant] :encoding
# the encoding to force (default is "UTF-8")
#
# @return [String]
#
def random_password(options = {})
length = options[:length] || 20
mode = options[:mode] || :hex
encoding = options[:encoding] || 'UTF-8'
# Convert to a "proper" length, since the size is actually in bytes
length = case mode
when :hex
length / 2
when :base64
length * 3 / 4
when :random_bytes
length
else
fail InvalidPasswordMode.new(mode)
end
SecureRandom.send(mode, length).force_encoding(encoding)
end
end
end

5
cookbooks/openssl/libraries/secure_password.rb
View File

@@ -18,13 +18,14 @@
# limitations under the License.
#
require 'openssl'
include OpenSSLCookbook::Helpers
module Opscode
module OpenSSL
# Generate secure passwords with OpenSSL
module Password
def secure_password(length = 20)
pw = String.new
pw = ''
while pw.length < length
pw << ::OpenSSL::Random.random_bytes(1).gsub(/\W/, '')