def get(key, profile=None):
'''
Read pillar data from Confidant via its API.
CLI Example:
salt myminion sdb.get 'sdb://confidant/credentials'
Valid keys are: credentials, credentials_metadata, result. credentials
returns a dict of joined credential_pairs, credentials_metadata returns a
dict of metadata relevant to the credentials mapped to the confidant
service, and result returns a bool that can be used to determine if the sdb
call succeded or failed to fetch credentials from confidant (or from local
cache). If result is false, the data in credentials or credentials_metadata
can't be trusted.
'''
# default to returning failure
ret = {'result': False, 'credentials': None, 'credentials_metadata': None}
profile_data = copy.deepcopy(profile)
if profile_data.get('disabled', False):
ret['result'] = True
return ret.get(key)
token_version = profile_data.get('token_version', 1)
try:
url = profile_data['url']
auth_key = profile_data['auth_key']
auth_context = profile_data['auth_context']
role = auth_context['from']
except (KeyError, TypeError):
msg = ('profile has undefined url, auth_key or auth_context')
log.debug(msg)
return ret.get(key)
region = profile_data.get('region', 'us-east-1')
token_duration = profile_data.get('token_duration', 60)
retries = profile_data.get('retries', 5)
token_cache_file = profile_data.get('token_cache_file')
backoff = profile_data.get('backoff', 1)
client = confidant.client.ConfidantClient(
url,
auth_key,
auth_context,
token_lifetime=token_duration,
token_version=token_version,
token_cache_file=token_cache_file,
region=region,
retries=retries,
backoff=backoff
)
try:
data = client.get_service(
role,
decrypt_blind=True
)
except confidant.client.TokenCreationError:
return ret.get(key)
if not data['result']:
return ret.get(key)
ret = confidant.formatter.combined_credential_pair_format(data)
ret['result'] = True
return ret.get(key)
def get(key, profile=None):
"""
Read pillar data from Confidant via its API.
CLI Example:
.. code-block:: bash
salt myminion sdb.get 'sdb://confidant/credentials'
Valid keys are: credentials, credentials_metadata, result. credentials
returns a dict of joined credential_pairs, credentials_metadata returns a
dict of metadata relevant to the credentials mapped to the confidant
service, and result returns a bool that can be used to determine if the sdb
call succeeded or failed to fetch credentials from confidant (or from local
cache). If result is false, the data in credentials or credentials_metadata
can't be trusted.
"""
# default to returning failure
ret = {"result": False, "credentials": None, "credentials_metadata": None}
profile_data = copy.deepcopy(profile)
if profile_data.get("disabled", False):
ret["result"] = True
return ret.get(key)
token_version = profile_data.get("token_version", 1)
try:
url = profile_data["url"]
auth_key = profile_data["auth_key"]
auth_context = profile_data["auth_context"]
role = auth_context["from"]
except (KeyError, TypeError):
msg = "profile has undefined url, auth_key or auth_context"
log.debug(msg)
return ret.get(key)
region = profile_data.get("region", "us-east-1")
token_duration = profile_data.get("token_duration", 60)
retries = profile_data.get("retries", 5)
token_cache_file = profile_data.get("token_cache_file")
backoff = profile_data.get("backoff", 1)
client = confidant.client.ConfidantClient(
url,
auth_key,
auth_context,
token_lifetime=token_duration,
token_version=token_version,
token_cache_file=token_cache_file,
region=region,
retries=retries,
backoff=backoff,
)
try:
data = client.get_service(role, decrypt_blind=True)
except confidant.client.TokenCreationError:
return ret.get(key)
if not data["result"]:
return ret.get(key)
ret = confidant.formatter.combined_credential_pair_format(data)
ret["result"] = True
return ret.get(key)
def ext_pillar(minion_id, pillar, profile=None):
'''
Read pillar data from Confidant via its API.
'''
if profile is None:
profile = {}
# default to returning failure
ret = {
'credentials_result': False,
'credentials': None,
'credentials_metadata': None
}
profile_data = copy.deepcopy(profile)
if profile_data.get('disabled', False):
ret['result'] = True
return ret
token_version = profile_data.get('token_version', 1)
try:
url = profile_data['url']
auth_key = profile_data['auth_key']
auth_context = profile_data['auth_context']
role = auth_context['from']
except (KeyError, TypeError):
msg = ('profile has undefined url, auth_key or auth_context')
log.debug(msg)
return ret
region = profile_data.get('region', 'us-east-1')
token_duration = profile_data.get('token_duration', 60)
retries = profile_data.get('retries', 5)
token_cache_file = profile_data.get('token_cache_file')
backoff = profile_data.get('backoff', 1)
client = confidant.client.ConfidantClient(
url,
auth_key,
auth_context,
token_lifetime=token_duration,
token_version=token_version,
token_cache_file=token_cache_file,
region=region,
retries=retries,
backoff=backoff
)
try:
data = client.get_service(
role,
decrypt_blind=True
)
except confidant.client.TokenCreationError:
return ret
if not data['result']:
return ret
ret = confidant.formatter.combined_credential_pair_format(data)
ret['credentials_result'] = True
return ret
def ext_pillar(minion_id, pillar, profile=None):
"""
Read pillar data from Confidant via its API.
"""
if profile is None:
profile = {}
# default to returning failure
ret = {
"credentials_result": False,
"credentials": None,
"credentials_metadata": None,
}
profile_data = copy.deepcopy(profile)
if profile_data.get("disabled", False):
ret["result"] = True
return ret
token_version = profile_data.get("token_version", 1)
try:
url = profile_data["url"]
auth_key = profile_data["auth_key"]
auth_context = profile_data["auth_context"]
role = auth_context["from"]
except (KeyError, TypeError):
msg = "profile has undefined url, auth_key or auth_context"
log.debug(msg)
return ret
region = profile_data.get("region", "us-east-1")
token_duration = profile_data.get("token_duration", 60)
retries = profile_data.get("retries", 5)
token_cache_file = profile_data.get("token_cache_file")
backoff = profile_data.get("backoff", 1)
client = confidant.client.ConfidantClient(
url,
auth_key,
auth_context,
token_lifetime=token_duration,
token_version=token_version,
token_cache_file=token_cache_file,
region=region,
retries=retries,
backoff=backoff,
)
try:
data = client.get_service(role, decrypt_blind=True)
except confidant.client.TokenCreationError:
return ret
if not data["result"]:
return ret
ret = confidant.formatter.combined_credential_pair_format(data)
ret["credentials_result"] = True
return ret
def ext_pillar(minion_id, pillar, profile=None):
'''
Read pillar data from Confidant via its API.
'''
if profile is None:
profile = {}
# default to returning failure
ret = {
'credentials_result': False,
'credentials': None,
'credentials_metadata': None
}
profile_data = copy.deepcopy(profile)
if profile_data.get('disabled', False):
ret['result'] = True
return ret
token_version = profile_data.get('token_version', 1)
try:
url = profile_data['url']
auth_key = profile_data['auth_key']
auth_context = profile_data['auth_context']
role = auth_context['from']
except (KeyError, TypeError):
msg = ('profile has undefined url, auth_key or auth_context')
log.debug(msg)
return ret
region = profile_data.get('region', 'us-east-1')
token_duration = profile_data.get('token_duration', 60)
retries = profile_data.get('retries', 5)
token_cache_file = profile_data.get('token_cache_file')
backoff = profile_data.get('backoff', 1)
client = confidant.client.ConfidantClient(
url,
auth_key,
auth_context,
token_lifetime=token_duration,
token_version=token_version,
token_cache_file=token_cache_file,
region=region,
retries=retries,
backoff=backoff)
try:
data = client.get_service(role, decrypt_blind=True)
except confidant.client.TokenCreationError:
return ret
if not data['result']:
return ret
ret = confidant.formatter.combined_credential_pair_format(data)
ret['credentials_result'] = True
return ret