feat(keys): allow pillar based management

Introduce managed TSIG keys configuration using pillar data. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-18 16:04:57 +01:00 · 2023-02-18 16:04:57 +01:00 · 9bbffa5f1f
commit 9bbffa5f1f
parent 307ed12b2b
4 changed files with 33 additions and 0 deletions
--- a/nsd/config/init.sls
+++ b/nsd/config/init.sls
@ -6,3 +6,4 @@ include:
  - .config_files
  - .file
  - .zones
+  - .keys
--- a/nsd/config/keys.sls
+++ b/nsd/config/keys.sls
@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+{%- from tplroot ~ "/macros.jinja" import config_file with context %}
+
+{%- set keys = nsd.get('keys', {}) %}
+
+{%- if keys | length > 0 %}
+
+{{    config_file('80-generated-keys', 'generated-keys') }}
+
+{%- endif %}
--- a/nsd/files/default/generated-keys.conf.jinja
+++ b/nsd/files/default/generated-keys.conf.jinja
@ -0,0 +1,11 @@
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+
+{%- for name, config in nsd.get('keys').items() %}
+key:
+  name: "{{ name }}"
+  algorithm: "{{ config['algorithm'] }}"
+  secret: "{{ config['secret'] }}"
+{%- endfor %}
--- a/pillar.example
+++ b/pillar.example
@ -22,6 +22,13 @@ nsd:
  #   # 90-generated-zones is reserved for zones generated by this formula
  #   # 10-salt is reserved for general configuration generated by this formula

+  # If this section is present in your Pillar data,
+  # nsd.conf.d/80-generated-keys will be created and managed
+  keys:
+    examplekey:
+      algorithm: hmac-sha512
+      secret: encryptme
+
  # If this section is present in your Pillar data,
  # nsd.conf.d/90-generated-zones will be created and managed.
  zones: