Skip to content
This repository has been archived by the owner on Jan 4, 2021. It is now read-only.

Add a script source to fetch data / secrets #177

Closed
duritong opened this issue Feb 8, 2017 · 4 comments
Closed

Add a script source to fetch data / secrets #177

duritong opened this issue Feb 8, 2017 · 4 comments
Labels
enhancement playbooks

Comments

@duritong
Copy link

duritong commented Feb 8, 2017

Out of #170 :

There should be a way that one can fetch data from a script execution. This would allow to integrate any kind of source very easily.

It should be possible to pass other data as argument, so you could do something like the following as script fetch_password {{{node.fqdn}}} which would allow you to fetch a password from somewhere through that script.

Data should be cached for the time of a playbook execution for the same signature.
@ripienaar ripienaar added this to the 1.0.0 milestone Feb 9, 2017
@ripienaar
Copy link
Collaborator

Not so sure about the caching aspect, only way I have to implement it is as a data store and those are specifically working on a way that what you ask is what you get and it asks each time.

So I could write a shell data store and it would like do command --read key and command --write key with the value in a ENV var, but it would be called each time

@ripienaar
Copy link
Collaborator

ripienaar commented Feb 10, 2017
edited
Loading

I thought about this one and how I think it will work is this, what do you think @duritong?

Valid keys are ^[a-zA-Z0-9_-]+$, no caching.

Configuration

data_stores:
  shell:
    command: store.sh
    timeout: 60
    cwd: /path/to/store
    environment:
       anything: anyvalue

here timeout, cwd and environment is optional - timeout is a way to kill the command if it never responds.

Reading a key

When reading store.sh gets run with store.sh --read some_key and the environment will have CHORIA_DATA_KEY=some_key and CHORIA_DATA_ACTION=read

Writing a key

When reading store.sh gets run with store.sh --write some_key and the environment will have CHORIA_DATA_KEY=some_key, CHORIA_DATA_ACTION=write and CHORIA_DATA_VALUE=the_value

The value goes in environment only so you can store stuff that would be hard to quote or cause issues on the shell

Deleting a key

When deleting store.sh gets run with store.sh --delete some_key and the environment will have CHORIA_DATA_KEY=some_key and CHORIA_DATA_ACTION=delete

@ripienaar ripienaar removed this from the 1.0.0 milestone Feb 10, 2017
ripienaar added a commit that referenced this issue Feb 10, 2017
@ripienaar
(#177) document the base class for stores
e8c64db
@duritong
Copy link
Author

This souns like a good plan, especially handing over potentially secret data over ENV is better, than over the CLI, as it will not show up in the process list.

Minor: For writing a key, I assume you meant: CHORIA_DATA_ACTION=write

@ripienaar
Copy link
Collaborator

yup, write indeed, fixed that - ok then I guess we'll make it this way thanks!

ripienaar added a commit to ripienaar/mcollective-choria that referenced this issue Feb 13, 2017
@ripienaar
(choria-legacy#177) add a shell script based data store
5417c6c
@ripienaar ripienaar mentioned this issue Feb 13, 2017
Merged
ripienaar added a commit to ripienaar/mcollective-choria that referenced this issue Feb 13, 2017
@ripienaar
(choria-legacy#177) add a shell script based data store
f9cd75d
ripienaar added a commit that referenced this issue Feb 13, 2017
@ripienaar
Merge pull request #188 from ripienaar/177
8ea0590 
(#177) add a shell script based data store
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement playbooks
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@duritong @ripienaar