diff --git a/library/tsig_interpreter.py b/library/tsig_interpreter.py new file mode 100644 index 0000000..693d2de --- /dev/null +++ b/library/tsig_interpreter.py @@ -0,0 +1,115 @@ +#!/usr/bin/python + +# Copyright: (c) 2018, Terry Jones +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = r''' +--- +module: tsig_interpreter + +short_description: Reads BIND9 tsig key files and outputs content to register + +# If this is part of a collection, you need to use semantic versioning, +# i.e. the version is of the form "2.5.0" and not "2.4". +version_added: "1.0.0" + +description: This is my longer description explaining my test module. + +options: + path: + description: Path the keyfile should be found + required: true + type: str + aliases: + - file + - key_file + +author: + - Felix Stupp (@zocker1999net) +''' + +EXAMPLES = r''' +# Gain and use key +- name: Gain key + my_namespace.my_collection.tsig_interpreter: + path: '/etc/bind/rndc.key' + register: key_data + +- name: Use key + nsupdate: + key_algorithm: key_data.key_algorithm + key_name: key_data.key_name + key_secret: key_data.key_secret +''' + +RETURN = r''' +key_algorithm: + description: The algorithm used for the key + type: str + returned: always + sample: 'hmac-md5' +key_file: + description: The file that contained the extracted key + type: str + returned: always + sample: '/my/path/my.key' +key_name: + description: The name of the key + type: str + returned: always + sample: 'key.example.com' +key_secret: + description: The secret of the key + type: str + returned: always + sample: 'ABCDEFG==' +''' + +import os +import re + +from ansible.module_utils.basic import AnsibleModule + +def main(): + content_regex = re.compile(r'^\s*key\s+"?(?P[^"\s{};]+)"?\s+\{\s*algorithm\s+"?(?P[^"\s{};]+)"?\s*;\s*secret\s+"?(?P[^"\s{};]+)"?\s*;\s*}\s*;\s*$') + module_args = { + "path": { + "type": "str", + "required": True, + "aliases": ["file", "key_file"], + }, + } + module = AnsibleModule( + argument_spec=module_args, + supports_check_mode=True, # ignored because only data is retrieved + ) + # get params + path = module.params["path"] + # prepare result + result = { + "changed": False, + "key_file": path, + } + # check file + if not os.path.exists(path): + module.fail_json(msg="file not found: %s" % path) + if not os.access(path, os.R_OK): + module.fail_json(msg="file is not readable: %s" % path) + # gain content + with open(path, 'r') as fh: + content = fh.read() + # interpret content + content = content.replace("\n", " ") + match = content_regex.match(content) + if not match: + module.fail_json(msg="content of file not in expected syntax: %s" % path) + result["key_algorithm"] = match.group("algo") + result["key_name"] = match.group("name") + result["key_secret"] = match.group("secret") + # exit + module.exit_json(**result) + +if __name__ == '__main__': + main()