def gen_signature(priv, pub, signature_path, auto_create=False, keysize=None):
'''
Generate master public-key-signature
'''
skey = get_key(__opts__)
return skey.gen_keys_signature(priv, pub, signature_path, auto_create,
keysize)
def reject_dict(match, include_accepted=False, include_denied=False):
'''
Reject keys based on a dict of keys. Returns a dictionary.
match
The dictionary of keys to reject.
include_accepted
To include accepted keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.reject_dict',
'match': {
'minions': [
'jerry',
'stuart',
'bob',
],
})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.reject(match_dict=match,
include_accepted=include_accepted,
include_denied=include_denied)
def reject_dict(match, include_accepted=False, include_denied=False):
'''
Reject keys based on a dict of keys. Returns a dictionary.
match
The dictionary of keys to reject.
include_accepted
To include accepted keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.reject_dict',
'match': {
'minions': [
'jerry',
'stuart',
'bob',
],
})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.reject(match_dict=match,
include_accepted=include_accepted,
include_denied=include_denied)
def reject(match, include_accepted=False, include_denied=False):
'''
Reject keys based on a glob match
'''
skey = get_key(__opts__)
return skey.reject(match,
include_accepted=include_accepted,
include_denied=include_denied)
def gen_signature(priv, pub, signature_path, auto_create=False, keysize=None):
'''
Generate master public-key-signature
'''
# check given pub-key
if pub:
if not os.path.isfile(pub):
return 'Public-key {0} does not exist'.format(pub)
# default to master.pub
else:
mpub = __opts__['pki_dir'] + '/' + 'master.pub'
if os.path.isfile(mpub):
pub = mpub
# check given priv-key
if priv:
if not os.path.isfile(priv):
return 'Private-key {0} does not exist'.format(priv)
# default to master_sign.pem
else:
mpriv = __opts__['pki_dir'] + '/' + 'master_sign.pem'
if os.path.isfile(mpriv):
priv = mpriv
if not priv:
if auto_create:
log.debug('Generating new signing key-pair {0}.* in {1}'
''.format(__opts__['master_sign_key_name'],
__opts__['pki_dir']))
salt.crypt.gen_keys(__opts__['pki_dir'],
__opts__['master_sign_key_name'], keysize
or __opts__['keysize'], __opts__.get('user'))
priv = __opts__['pki_dir'] + '/' + __opts__[
'master_sign_key_name'] + '.pem'
else:
return 'No usable private-key found'
if not pub:
return 'No usable public-key found'
log.debug('Using public-key {0}'.format(pub))
log.debug('Using private-key {0}'.format(priv))
if signature_path:
if not os.path.isdir(signature_path):
log.debug('target directory {0} does not exist'
''.format(signature_path))
else:
signature_path = __opts__['pki_dir']
sign_path = signature_path + '/' + __opts__['master_pubkey_signature']
skey = get_key(__opts__)
return skey.gen_signature(priv, pub, sign_path)
def delete(match):
'''
Delete keys based on a glob match. Returns a dictionary.
match
The glob match of keys to delete.
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.delete', 'match': 'minion1'})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.delete_key(match)
def delete(match):
'''
Delete keys based on a glob match. Returns a dictionary.
match
The glob match of keys to delete.
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.delete', 'match': 'minion1'})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.delete_key(match)
def list_all():
'''
List all the keys. Returns a dictionary containing lists of the minions in
each salt-key category, including ``minions``, ``minions_rejected``,
``minions_denied``, etc. Returns a dictionary.
.. code-block:: python
>>> wheel.cmd('key.list_all')
{'local': ['master.pem', 'master.pub'], 'minions_rejected': [],
'minions_denied': [], 'minions_pre': [],
'minions': ['minion1', 'minion2', 'minion3']}
'''
skey = get_key(__opts__)
return skey.all_keys()
def list_all():
'''
List all the keys. Returns a dictionary containing lists of the minions in
each salt-key category, including ``minions``, ``minions_rejected``,
``minions_denied``, etc. Returns a dictionary.
.. code-block:: python
>>> wheel.cmd('key.list_all')
{'local': ['master.pem', 'master.pub'], 'minions_rejected': [],
'minions_denied': [], 'minions_pre': [],
'minions': ['minion1', 'minion2', 'minion3']}
'''
skey = get_key(__opts__)
return skey.all_keys()
def finger(match):
'''
Return the matching key fingerprints. Returns a dictionary.
match
The key for with to retrieve the fingerprint.
.. code-block:: python
>>> wheel.cmd('key.finger', ['minion1'])
{'minions': {'minion1': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
'''
skey = get_key(__opts__)
return skey.finger(match)
def finger(match):
'''
Return the matching key fingerprints. Returns a dictionary.
match
The key for with to retrieve the fingerprint.
.. code-block:: python
>>> wheel.cmd('key.finger', ['minion1'])
{'minions': {'minion1': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
'''
skey = get_key(__opts__)
return skey.finger(match)
def key_str(match):
'''
Return information about the key. Returns a dictionary.
match
The key to return information about.
.. code-block:: python
>>> wheel.cmd('key.key_str', ['minion1'])
{'minions': {'minion1': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0B
...
TWugEQpPt\niQIDAQAB\n-----END PUBLIC KEY-----'}}
'''
skey = get_key(__opts__)
return skey.key_str(match)
def key_str(match):
'''
Return information about the key. Returns a dictionary.
match
The key to return information about.
.. code-block:: python
>>> wheel.cmd('key.key_str', ['minion1'])
{'minions': {'minion1': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0B
...
TWugEQpPt\niQIDAQAB\n-----END PUBLIC KEY-----'}}
'''
skey = get_key(__opts__)
return skey.key_str(match)
def list_(match):
'''
List all the keys under a named status. Returns a dictionary.
match
The type of keys to list. The ``pre``, ``un``, and ``unaccepted``
options will list unaccepted/unsigned keys. ``acc`` or ``accepted`` will
list accepted/signed keys. ``rej`` or ``rejected`` will list rejected keys.
Finally, ``all`` will list all keys.
.. code-block:: python
>>> wheel.cmd('key.list', ['accepted'])
{'minions': ['minion1', 'minion2', 'minion3']}
'''
skey = get_key(__opts__)
return skey.list_status(match)
def list_(match):
'''
List all the keys under a named status. Returns a dictionary.
match
The type of keys to list. The ``pre``, ``un``, and ``unaccepted``
options will list unaccepted/unsigned keys. ``acc`` or ``accepted`` will
list accepted/signed keys. ``rej`` or ``rejected`` will list rejected keys.
Finally, ``all`` will list all keys.
.. code-block:: python
>>> wheel.cmd('key.list', ['accepted'])
{'minions': ['minion1', 'minion2', 'minion3']}
'''
skey = get_key(__opts__)
return skey.list_status(match)
def accept_dict(match):
'''
Accept keys based on a dict of keys
Example to move a list of keys from the `minions_pre` (pending) directory
to the `minions` (accepted) directory:
.. code-block:: python
{
'minions_pre': [
'jerry',
'stuart',
'bob',
],
}
'''
skey = get_key(__opts__)
return skey.accept(match_dict=match)
def delete_dict(match):
'''
Delete keys based on a dict of keys. Returns a dictionary.
match
The dictionary of keys to delete.
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.delete_dict',
'match': {
'minions': [
'jerry',
'stuart',
'bob',
],
})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.delete_key(match_dict=match)
def finger(match, hash_type=None):
'''
Return the matching key fingerprints. Returns a dictionary.
match
The key for with to retrieve the fingerprint.
hash_type
The hash algorithm used to calculate the fingerprint
.. code-block:: python
>>> wheel.cmd('key.finger', ['minion1'])
{'minions': {'minion1': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
'''
if hash_type is None:
hash_type = __opts__['hash_type']
skey = get_key(__opts__)
return skey.finger(match, hash_type)
def delete_dict(match):
'''
Delete keys based on a dict of keys. Returns a dictionary.
match
The dictionary of keys to delete.
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.delete_dict',
'match': {
'minions': [
'jerry',
'stuart',
'bob',
],
})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.delete_key(match_dict=match)
def accept_dict(match, include_rejected=False, include_denied=False):
"""
Accept keys based on a dict of keys. Returns a dictionary.
match
The dictionary of keys to accept.
include_rejected
To include rejected keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
Example to move a list of keys from the ``minions_pre`` (pending) directory
to the ``minions`` (accepted) directory:
.. code-block:: python
>>> wheel.cmd('key.accept_dict',
{
'minions_pre': [
'jerry',
'stuart',
'bob',
],
})
{'minions': ['jerry', 'stuart', 'bob']}
"""
skey = get_key(__opts__)
return skey.accept(
match_dict=match,
include_rejected=include_rejected,
include_denied=include_denied,
)
def accept(match, include_rejected=False, include_denied=False):
'''
Accept keys based on a glob match. Returns a dictionary.
match
The glob match of keys to accept.
include_rejected
To include rejected keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. code-block:: python
>>> wheel.cmd('key.accept', ['minion1'])
{'minions': ['minion1']}
'''
skey = get_key(__opts__)
return skey.accept(match, include_rejected=include_rejected, include_denied=include_denied)
def reject(match, include_accepted=False, include_denied=False):
'''
Reject keys based on a glob match. Returns a dictionary.
match
The glob match of keys to reject.
include_accepted
To include accepted keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.reject', 'match': 'minion1'})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.reject(match, include_accepted=include_accepted, include_denied=include_denied)
def accept(match, include_rejected=False, include_denied=False):
'''
Accept keys based on a glob match. Returns a dictionary.
match
The glob match of keys to accept.
include_rejected
To include rejected keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. code-block:: python
>>> wheel.cmd('key.accept', ['minion1'])
{'minions': ['minion1']}
'''
skey = get_key(__opts__)
return skey.accept(match, include_rejected=include_rejected, include_denied=include_denied)
def reject(match, include_accepted=False, include_denied=False):
'''
Reject keys based on a glob match. Returns a dictionary.
match
The glob match of keys to reject.
include_accepted
To include accepted keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. code-block:: python
>>> wheel.cmd_async({'fun': 'key.reject', 'match': 'minion1'})
{'jid': '20160826201244808521', 'tag': 'salt/wheel/20160826201244808521'}
'''
skey = get_key(__opts__)
return skey.reject(match, include_accepted=include_accepted, include_denied=include_denied)
def accept_dict(match, include_rejected=False, include_denied=False):
'''
Accept keys based on a dict of keys. Returns a dictionary.
match
The dictionary of keys to accept.
include_rejected
To include rejected keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
include_denied
To include denied keys in the match along with pending keys, set this
to ``True``. Defaults to ``False``.
.. versionadded:: 2016.3.4
Example to move a list of keys from the ``minions_pre`` (pending) directory
to the ``minions`` (accepted) directory:
.. code-block:: python
>>> wheel.cmd('accept_dict',
{
'minions_pre': [
'jerry',
'stuart',
'bob',
],
})
{'minions': ['jerry', 'stuart', 'bob']}
'''
skey = get_key(__opts__)
return skey.accept(match_dict=match,
include_rejected=include_rejected,
include_denied=include_denied)
def accept_dict(match):
'''
Accept keys based on a dict of keys. Returns a dictionary.
match
The dictionary of keys to accept.
Example to move a list of keys from the ``minions_pre`` (pending) directory
to the ``minions`` (accepted) directory:
.. code-block:: python
>>> wheel.cmd('accept_dict',
{
'minions_pre': [
'jerry',
'stuart',
'bob',
],
})
{'minions': ['jerry', 'stuart', 'bob']}
'''
skey = get_key(__opts__)
return skey.accept(match_dict=match)
def reject_dict(match):
'''
Reject keys based on a dict of keys
'''
skey = get_key(__opts__)
return skey.reject(match_dict=match)
def gen_keys(keydir=None, keyname=None, keysize=None, user=None):
'''
Generate minion RSA public keypair
'''
skey = get_key(__opts__)
return skey.gen_keys(keydir, keyname, keysize, user)
def gen_keys(keydir=None, keyname=None, keysize=None, user=None):
'''
Generate minion RSA public keypair
'''
skey = get_key(__opts__)
return skey.gen_keys(keydir, keyname, keysize, user)
def gen_signature(priv, pub, signature_path, auto_create=False, keysize=None):
'''
Generate master public-key-signature
'''
skey = get_key(__opts__)
return skey.gen_keys_signature(priv, pub, signature_path, auto_create, keysize)
def name_match(match):
'''
List all the keys based on a glob match
'''
skey = get_key(__opts__)
return skey.name_match(match)
def __init__(self):
Base_Class.__init__(self)
self.__opt = config.master_config('/etc/salt/master')
self.__key = key.get_key(self.__opt)
def name_match(match):
"""
List all the keys based on a glob match
"""
skey = get_key(__opts__)
return skey.name_match(match)
def __init__(self):
Base_Class.__init__(self)
self.__opt = config.master_config('/etc/salt/master')
self.__key = key.get_key(self.__opt)
self.__Client = salt.client.LocalClient()
self.timeout = 60
def finger(match):
'''
Return the matching key fingerprints
'''
skey = get_key(__opts__)
return skey.finger(match)
def __init__(self):
self.opts = config.master_config('/etc/salt/master')
self.key = key.get_key(self.opts)
self.all_keys = self.key.list_keys()
def list_(match):
'''
List all the keys under a named status
'''
skey = get_key(__opts__)
return skey.list_status(match)
def delete_dict(match):
'''
Delete keys based on a dict of keys
'''
skey = get_key(__opts__)
return skey.delete_key(match_dict=match)
def delete(match):
'''
Delete keys based on a glob match
'''
skey = get_key(__opts__)
return skey.delete_key(match)
def list_all():
'''
List all the keys
'''
skey = get_key(__opts__)
return skey.all_keys()
def name_match(match):
'''
List all the keys based on a glob match
'''
skey = get_key(__opts__)
return skey.name_match(match)
def key_str(match):
'''
Return the key strings
'''
skey = get_key(__opts__)
return skey.key_str(match)