added hash and password_hash functions

documented new hashing filters and preexisting hashing filters
removed extra sha1 example in others, clarified some of the hashing examples
This commit is contained in:
Brian Coca 2015-01-13 13:19:51 -05:00
parent 21a5a5f50f
commit 35247fabb8
2 changed files with 74 additions and 4 deletions

View file

@ -344,6 +344,41 @@ Square root, or the 5th::
Note that jinja2 already provides some like abs() and round().
.. _hash_filters:
Hashing filters
--------------------
.. versionadded:: 1.9
To get the sha1 hash of a string::
{{ 'test1'|hash('sha1') }}
To get the md5 hash of a string::
{{ 'test1'|hash('md5') }}
Get a string checksum::
{{ 'test2'|checksum }}
Other hashes (platform dependant)::
{{ 'test2'|hash('blowfish') }}
To get a sha512 password hash (random salt)::
{{ 'passwordsaresecret'|password_hash('sha512') }}
To get a sha256 password hash with a specific salt::
{{ 'secretpassword'|password_hash('sha256', 'mysecretsalt') }}
Hash types available depend on the master system running ansible,
'hash' depends on hashlib password_hash depends on crypt.
.. _other_useful_filters:
Other Useful Filters
@ -374,10 +409,6 @@ To work with Base64 encoded strings::
{{ encoded | b64decode }}
{{ decoded | b64encode }}
To take a sha1sum of a filename::
{{ filename | sha1 }}
To cast values as certain types, such as when you input a string as "True" from a vars_prompt and the system
doesn't know it is a boolean value::

View file

@ -24,6 +24,9 @@ import pipes
import glob
import re
import collections
import crypt
import hashlib
import string
import operator as py_operator
from random import SystemRandom, shuffle
@ -262,6 +265,39 @@ def randomize_list(mylist):
pass
return mylist
def get_hash(data, hashtype='sha1'):
try: # see if hash is supported
h = hashlib.new(hashtype)
except:
return None
h.update(data)
return h.hexdigest()
def get_encrypted_password(password, hashtype='sha512', salt=None):
# TODO: find a way to construct dynamically from system
cryptmethod= {
'md5': '1',
'blowfish': '2a',
'sha256': '5',
'sha512': '6',
}
hastype = hashtype.lower()
if hashtype in cryptmethod:
if salt is None:
r = SystemRandom()
salt = ''.join([r.choice(string.ascii_letters + string.digits) for _ in range(16)])
saltstring = "$%s$%s" % (cryptmethod[hashtype],salt)
encrypted = crypt.crypt(password,saltstring)
return encrypted
return None
class FilterModule(object):
''' Ansible core jinja2 filters '''
@ -314,6 +350,9 @@ class FilterModule(object):
'sha1': checksum_s,
# checksum of string as used by ansible for checksuming files
'checksum': checksum_s,
# generic hashing
'password_hash': get_encrypted_password,
'hash': get_hash,
# file glob
'fileglob': fileglob,