this commit also handles removal of preshared keys. Fixes #5.

6 년 전 · aa2099ae9a
--- a/_states/wireguard.py
+++ b/_states/wireguard.py
@@ -6,8 +6,7 @@ def __virtual__():
    return False


 def present(name, listen_port=None, fwmark=None, private_key=None,
        preshared_key=None):
 def present(name, listen_port=None, fwmark=None, private_key=None):
    """
    Make sure a wireguard interface exists.
    """
@@ -39,10 +38,6 @@ def present(name, listen_port=None, fwmark=None, private_key=None,
        __salt__['wg.set'](name, private_key=private_key)
        ret['changes']['private key'] = 'private key changed.'

    if show.get('preshared key') != preshared_key:
        __salt__['wg.set'](name, preshared_key=preshared_key)
        ret['changes']['preshared key'] = 'preshared key changed.'

    ret['result'] = True

    return ret
@@ -68,7 +63,7 @@ def absent(name):


 def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
                 allowed_ips=None):
                 allowed_ips=None, preshared_key=None):
    ret = dict(name=name, changes=dict(), result=False, comment=None)

    show = __salt__['wg.show'](interface)
@@ -80,7 +75,7 @@ def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
    if not show:
        __salt__['wg.set'](interface, peer=name, endpoint=endpoint,
                persistent_keepalive=persistent_keepalive,
                allowed_ips=','.join(allowed_ips))
                allowed_ips=','.join(allowed_ips), preshared_key=preshared_key)
        ret['changes'][name] = 'Peer created.'
        ret['result'] = True
        return ret
@@ -100,6 +95,13 @@ def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
    if sorted(show.get('allowed ips')) != sorted(allowed_ips):
        __salt__['wg.set'](interface, peer=name, allowed_ips=','.join(allowed_ips))
        ret['changes']['allowed ips'] = dict(new=allowed_ips, old=show.get('allowed ips'))
    if show.get('preshared key') and preshared_key and show.get('preshared key') != preshared_key:
        __salt__['wg.set'](interface, peer=name, preshared_key=preshared_key)
        ret['changes']['preshared key'] = 'preshared key changed.'
    if show.get('preshared key') and not preshared_key:
        __salt__['wg.set'](interface, peer=name, preshared_key='')
        ret['changes']['preshared key'] = 'preshared key deleted.'



    ret['result'] = True
--- a/pillar.example
+++ b/pillar.example
@@ -4,7 +4,6 @@ wireguard:
      listen_port: 51820
      # fwmark: 0x1
      private_key: secret
      # preshared_key: secret
      peers:
        - peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
 	  # the note: will not go into wireguard configuration
@@ -15,6 +14,7 @@ wireguard:
            - 10.0.0.2/32
            - 'fdff::2/128'
          persistent_keepalive: 25
          # preshared_key: secret
        - peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
          endpoint: '[2001:db8::1]:1339'
          allowed_ips:
--- a/wireguard/init.sls
+++ b/wireguard/init.sls
@@ -5,7 +5,7 @@ wireguard_{{ interface }}:
  wg.present:
    - name: {{ interface }}
 {% for k, v in values.items() %}
 {% if k in ['listen_port', 'fwmark', 'private_key', 'preshared_key'] %}
 {% if k in ['listen_port', 'fwmark', 'private_key'] %}
    - {{k}}: {{v}}
 {% endif %}
 {% endfor %} {# values.items() #}
@@ -26,6 +26,9 @@ wireguard_{{ interface }}_peer_{{ peer.get('peer') }}:
 {% for subnet in peer.get('allowed_ips', []) %}
      - {{subnet}}
 {% endfor %}
 {% if peer.get('preshared_key') != None %}
    - preshared_key: {{ peer.get('preshared_key') }}
 {% endif %}
 {% endif %}
 {% endfor %}