From 35247fabb82446d82a34c72cb6194dfe77105f7e Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Tue, 13 Jan 2015 13:19:51 -0500 Subject: [PATCH] added hash and password_hash functions documented new hashing filters and preexisting hashing filters removed extra sha1 example in others, clarified some of the hashing examples --- docsite/rst/playbooks_variables.rst | 39 ++++++++++++++++++++--- lib/ansible/runner/filter_plugins/core.py | 39 +++++++++++++++++++++++ 2 files changed, 74 insertions(+), 4 deletions(-) diff --git a/docsite/rst/playbooks_variables.rst b/docsite/rst/playbooks_variables.rst index b4c5943ffbf..84cae4daa5f 100644 --- a/docsite/rst/playbooks_variables.rst +++ b/docsite/rst/playbooks_variables.rst @@ -344,6 +344,41 @@ Square root, or the 5th:: Note that jinja2 already provides some like abs() and round(). +.. _hash_filters: + +Hashing filters +-------------------- +.. versionadded:: 1.9 + +To get the sha1 hash of a string:: + + {{ 'test1'|hash('sha1') }} + +To get the md5 hash of a string:: + + {{ 'test1'|hash('md5') }} + +Get a string checksum:: + + {{ 'test2'|checksum }} + +Other hashes (platform dependant):: + + {{ 'test2'|hash('blowfish') }} + +To get a sha512 password hash (random salt):: + + {{ 'passwordsaresecret'|password_hash('sha512') }} + +To get a sha256 password hash with a specific salt:: + + {{ 'secretpassword'|password_hash('sha256', 'mysecretsalt') }} + + +Hash types available depend on the master system running ansible, +'hash' depends on hashlib password_hash depends on crypt. + + .. _other_useful_filters: Other Useful Filters @@ -374,10 +409,6 @@ To work with Base64 encoded strings:: {{ encoded | b64decode }} {{ decoded | b64encode }} -To take a sha1sum of a filename:: - - {{ filename | sha1 }} - To cast values as certain types, such as when you input a string as "True" from a vars_prompt and the system doesn't know it is a boolean value:: diff --git a/lib/ansible/runner/filter_plugins/core.py b/lib/ansible/runner/filter_plugins/core.py index b82120ec8d9..98e9d0ef421 100644 --- a/lib/ansible/runner/filter_plugins/core.py +++ b/lib/ansible/runner/filter_plugins/core.py @@ -24,6 +24,9 @@ import pipes import glob import re import collections +import crypt +import hashlib +import string import operator as py_operator from random import SystemRandom, shuffle @@ -262,6 +265,39 @@ def randomize_list(mylist): pass return mylist +def get_hash(data, hashtype='sha1'): + + try: # see if hash is supported + h = hashlib.new(hashtype) + except: + return None + + h.update(data) + return h.hexdigest() + +def get_encrypted_password(password, hashtype='sha512', salt=None): + + # TODO: find a way to construct dynamically from system + cryptmethod= { + 'md5': '1', + 'blowfish': '2a', + 'sha256': '5', + 'sha512': '6', + } + + hastype = hashtype.lower() + if hashtype in cryptmethod: + if salt is None: + r = SystemRandom() + salt = ''.join([r.choice(string.ascii_letters + string.digits) for _ in range(16)]) + + saltstring = "$%s$%s" % (cryptmethod[hashtype],salt) + encrypted = crypt.crypt(password,saltstring) + return encrypted + + return None + + class FilterModule(object): ''' Ansible core jinja2 filters ''' @@ -314,6 +350,9 @@ class FilterModule(object): 'sha1': checksum_s, # checksum of string as used by ansible for checksuming files 'checksum': checksum_s, + # generic hashing + 'password_hash': get_encrypted_password, + 'hash': get_hash, # file glob 'fileglob': fileglob,