bootstack-ops

Merge bootstack-ops:rm-juju-bundle-export-mask into bootstack-ops:master

  1. Git
  2. lp:bootstack-ops
  3. rm-juju-bundle-export-mask
  4. Merge into master
Proposed by Joe Guo
Status: Merged
Approved by: Xav Paice
Approved revision: a9fbfa0baba7e300f4da7d38ff67b1f07fa7f743
Merged at revision: 2c6ef760296a91c213a3ff60c1a445a1cd952868
Proposed branch: bootstack-ops:rm-juju-bundle-export-mask
Merge into: bootstack-ops:master
Diff against target: 132 lines (+0/-126)
1 file modified
dev/null (+0/-126)
Reviewer Review Type Date Requested Status
Xav Paice (community) Approve
Review via email: mp+384086@code.launchpad.net

Commit message

juju-bundle-export-mask.py: rm redundant script

This script seems to be an older version of `juju_export_bundle.py`.
remove it to avoid confusing.

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Xav Paice (xavpaice) wrote :

+1 let's keep things simple

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 2c6ef760296a91c213a3ff60c1a445a1cd952868

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/bootstack-ops/juju-bundle-export-mask.py b/bootstack-ops/juju-bundle-export-mask.py
2deleted file mode 100755
3index 0df53e1..0000000
4--- a/bootstack-ops/juju-bundle-export-mask.py
5+++ /dev/null
6@@ -1,126 +0,0 @@
7-#!/usr/bin/env python
8-
9-from __future__ import print_function
10-import re
11-import sys
12-import yaml
13-import argparse
14-import math
15-
16-
17-MASK_KEYS = '(.*(ssl-public-key|ssl[_-](ca|cert|key)|secret|password|pagerduty_key|license-file|registration-key|token|accesskey|private-ppa|(http|https)://.*:.+\@|os-credentials).*)|key'
18-
19-
20-def readbundle(filename):
21- try:
22- mybundle = yaml.load(filename.read())
23- except yaml.YAMLError as exc:
24- print(exc)
25-
26- return mybundle
27-
28-
29-def mask_keys_in_dict(mydict, mask, level='ROOT'):
30- for k, v in mydict.iteritems():
31- if isinstance(v, dict):
32- mask_keys_in_dict(v, mask, level=('{}:{}'.format(level, k)))
33- else:
34- result = mask.match(k)
35- if result is not None:
36- mydict[k] = 'THIS_VALUE_IS_MASKED_FOR_SECURITY'
37- elif type(v) in (str,):
38- result = mask.match(v)
39- if result is not None:
40- print('WARNING! Masked keyword "{}" found in value for {}'.format(result.groups()[1], level))
41- print('Check output file, may not be secure.')
42- print()
43- if v == 'truetrue':
44- mydict[k] = 'true'
45- elif v == 'falsetrue':
46- mydict[k] = 'false'
47-
48-
49-def parse_args():
50- parser = argparse.ArgumentParser(
51- description='Mask juju bundle export file secrets')
52- parser.add_argument('-i', dest='infile', nargs='?',
53- type=argparse.FileType('r'), default=sys.stdin)
54- parser.add_argument('-o', dest='outfile', nargs='?',
55- type=argparse.FileType('w'), default=sys.stdout)
56-
57- result = parser.parse_args(sys.argv[1:])
58- return result
59-
60-
61-def shannon_entropy(data, iterator):
62- """
63- Borrowed from http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html
64- """
65- if not data:
66- return 0
67- entropy = 0
68- for x in iterator:
69- p_x = float(data.count(x)) / len(data)
70- if p_x > 0:
71- entropy += - p_x * math.log(p_x, 2)
72- return entropy
73-
74-
75-def get_strings_of_set(word, char_set, threshold=8):
76- count = 0
77- letters = ""
78- strings = []
79- for char in word:
80- if char in char_set:
81- letters += char
82- count += 1
83- else:
84- if count > threshold:
85- strings.append(letters)
86- letters = ""
87- count = 0
88- if count > threshold:
89- strings.append(letters)
90- return strings
91-
92-
93-def check_for_entropy_in_dict(bundle):
94- lines = yaml.dump(bundle).split('\n')
95- stringsFound = []
96- entropy_found = False
97- BASE64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
98- HEX_CHARS = "1234567890abcdefABCDEF"
99- for line in lines:
100- for word in line.split():
101- base64_strings = get_strings_of_set(word, BASE64_CHARS)
102- hex_strings = get_strings_of_set(word, HEX_CHARS)
103- for string in base64_strings:
104- b64Entropy = shannon_entropy(string, BASE64_CHARS)
105- if b64Entropy > 3.8:
106- stringsFound.append(string)
107- entropy_found = True
108- print('WARNING! Entropy found in string "{}"'.format(string))
109- for string in hex_strings:
110- hexEntropy = shannon_entropy(string, HEX_CHARS)
111- if hexEntropy > 3:
112- stringsFound.append(string)
113- entropy_found = True
114- print('WARNING! Entropy found in string "{}"'.format(string))
115-
116- if len(stringsFound) != 0:
117- print('ERROR!!! Check output file for entropy warnings, may not be secure.')
118-
119- return entropy_found
120-
121-
122-def main():
123- args = parse_args()
124- bundle = readbundle(args.infile)
125- mask_regex = re.compile(MASK_KEYS)
126- mask_keys_in_dict(bundle, mask_regex)
127- check_for_entropy_in_dict(bundle)
128- print(yaml.dump(bundle, default_flow_style=False), file=args.outfile)
129-
130-
131-if __name__ == "__main__":
132- main()

Subscribers

People subscribed via source and target branches

to all changes: