Merge pull request #9995 from bcoca/hash_filters

Hash filters
10 years ago · 2a9d5054bf
parent 976f51e5f5 35247fabb8
commit 2a9d5054bf
2 changed files with 74 additions and 4 deletions
--- a/docsite/rst/playbooks_variables.rst
+++ b/docsite/rst/playbooks_variables.rst
@ -344,6 +344,41 @@ Square root, or the 5th::
 Note that jinja2 already provides some like abs() and round().


+.. _hash_filters:
+
+Hashing filters
+--------------------
+.. versionadded:: 1.9
+
+To get the sha1 hash of a string::
+
+    {{ 'test1'|hash('sha1') }}
+
+To get the md5 hash of a string::
+
+    {{ 'test1'|hash('md5') }}
+
+Get a string checksum::
+
+    {{ 'test2'|checksum }}
+
+Other hashes (platform dependant)::
+
+    {{ 'test2'|hash('blowfish') }}
+
+To get a sha512 password hash (random salt)::
+
+    {{ 'passwordsaresecret'|password_hash('sha512') }}
+
+To get a sha256 password hash with a specific salt::
+
+    {{ 'secretpassword'|password_hash('sha256', 'mysecretsalt') }}
+
+
+Hash types available depend on the master system running ansible,
+'hash' depends on hashlib password_hash depends on crypt.
+
+
 .. _other_useful_filters:

 Other Useful Filters
@ -374,10 +409,6 @@ To work with Base64 encoded strings::
    {{ encoded | b64decode }}
    {{ decoded | b64encode }}

-To take a sha1sum of a filename::
-
-    {{ filename | sha1 }}
-
 To cast values as certain types, such as when you input a string as "True" from a vars_prompt and the system
 doesn't know it is a boolean value::

--- a/lib/ansible/runner/filter_plugins/core.py
+++ b/lib/ansible/runner/filter_plugins/core.py
@ -24,6 +24,9 @@ import pipes
 import glob
 import re
 import collections
+import crypt
+import hashlib
+import string
 import operator as py_operator
 from random import SystemRandom, shuffle

@ -262,6 +265,39 @@ def randomize_list(mylist):
        pass
    return mylist

+def get_hash(data, hashtype='sha1'):
+
+    try: # see if hash is supported
+        h = hashlib.new(hashtype)
+    except:
+        return None
+
+    h.update(data)
+    return h.hexdigest()
+
+def get_encrypted_password(password, hashtype='sha512', salt=None):
+
+    # TODO: find a way to construct dynamically from system
+    cryptmethod= {
+        'md5':      '1',
+        'blowfish': '2a',
+        'sha256':   '5',
+        'sha512':   '6',
+    }
+
+    hastype = hashtype.lower()
+    if hashtype in cryptmethod:
+        if salt is None:
+            r = SystemRandom()
+            salt = ''.join([r.choice(string.ascii_letters + string.digits) for _ in range(16)])
+
+        saltstring =  "$%s$%s" % (cryptmethod[hashtype],salt)
+        encrypted = crypt.crypt(password,saltstring)
+        return encrypted
+
+    return None
+
+
 class FilterModule(object):
    ''' Ansible core jinja2 filters '''

@ -314,6 +350,9 @@ class FilterModule(object):
            'sha1': checksum_s,
            # checksum of string as used by ansible for checksuming files
            'checksum': checksum_s,
+            # generic hashing
+            'password_hash': get_encrypted_password,
+            'hash': get_hash,

            # file glob
            'fileglob': fileglob,