예제 #1
0
def get(key, profile=None):
    '''
    Read pillar data from Confidant via its API.

    CLI Example:

        salt myminion sdb.get 'sdb://confidant/credentials'

    Valid keys are: credentials, credentials_metadata, result. credentials
    returns a dict of joined credential_pairs, credentials_metadata returns a
    dict of metadata relevant to the credentials mapped to the confidant
    service, and result returns a bool that can be used to determine if the sdb
    call succeded or failed to fetch credentials from confidant (or from local
    cache). If result is false, the data in credentials or credentials_metadata
    can't be trusted.
    '''
    # default to returning failure
    ret = {'result': False, 'credentials': None, 'credentials_metadata': None}
    profile_data = copy.deepcopy(profile)
    if profile_data.get('disabled', False):
        ret['result'] = True
        return ret.get(key)
    token_version = profile_data.get('token_version', 1)
    try:
        url = profile_data['url']
        auth_key = profile_data['auth_key']
        auth_context = profile_data['auth_context']
        role = auth_context['from']
    except (KeyError, TypeError):
        msg = ('profile has undefined url, auth_key or auth_context')
        log.debug(msg)
        return ret.get(key)
    region = profile_data.get('region', 'us-east-1')
    token_duration = profile_data.get('token_duration', 60)
    retries = profile_data.get('retries', 5)
    token_cache_file = profile_data.get('token_cache_file')
    backoff = profile_data.get('backoff', 1)
    client = confidant.client.ConfidantClient(
        url,
        auth_key,
        auth_context,
        token_lifetime=token_duration,
        token_version=token_version,
        token_cache_file=token_cache_file,
        region=region,
        retries=retries,
        backoff=backoff
    )
    try:
        data = client.get_service(
            role,
            decrypt_blind=True
        )
    except confidant.client.TokenCreationError:
        return ret.get(key)
    if not data['result']:
        return ret.get(key)
    ret = confidant.formatter.combined_credential_pair_format(data)
    ret['result'] = True
    return ret.get(key)
예제 #2
0
def get(key, profile=None):
    """
    Read pillar data from Confidant via its API.

    CLI Example:

    .. code-block:: bash

        salt myminion sdb.get 'sdb://confidant/credentials'

    Valid keys are: credentials, credentials_metadata, result. credentials
    returns a dict of joined credential_pairs, credentials_metadata returns a
    dict of metadata relevant to the credentials mapped to the confidant
    service, and result returns a bool that can be used to determine if the sdb
    call succeeded or failed to fetch credentials from confidant (or from local
    cache). If result is false, the data in credentials or credentials_metadata
    can't be trusted.
    """
    # default to returning failure
    ret = {"result": False, "credentials": None, "credentials_metadata": None}
    profile_data = copy.deepcopy(profile)
    if profile_data.get("disabled", False):
        ret["result"] = True
        return ret.get(key)
    token_version = profile_data.get("token_version", 1)
    try:
        url = profile_data["url"]
        auth_key = profile_data["auth_key"]
        auth_context = profile_data["auth_context"]
        role = auth_context["from"]
    except (KeyError, TypeError):
        msg = "profile has undefined url, auth_key or auth_context"
        log.debug(msg)
        return ret.get(key)
    region = profile_data.get("region", "us-east-1")
    token_duration = profile_data.get("token_duration", 60)
    retries = profile_data.get("retries", 5)
    token_cache_file = profile_data.get("token_cache_file")
    backoff = profile_data.get("backoff", 1)
    client = confidant.client.ConfidantClient(
        url,
        auth_key,
        auth_context,
        token_lifetime=token_duration,
        token_version=token_version,
        token_cache_file=token_cache_file,
        region=region,
        retries=retries,
        backoff=backoff,
    )
    try:
        data = client.get_service(role, decrypt_blind=True)
    except confidant.client.TokenCreationError:
        return ret.get(key)
    if not data["result"]:
        return ret.get(key)
    ret = confidant.formatter.combined_credential_pair_format(data)
    ret["result"] = True
    return ret.get(key)
예제 #3
0
파일: confidant.py 프로젝트: bryson/salt
def ext_pillar(minion_id, pillar, profile=None):
    '''
    Read pillar data from Confidant via its API.
    '''
    if profile is None:
        profile = {}
    # default to returning failure
    ret = {
        'credentials_result': False,
        'credentials': None,
        'credentials_metadata': None
    }
    profile_data = copy.deepcopy(profile)
    if profile_data.get('disabled', False):
        ret['result'] = True
        return ret
    token_version = profile_data.get('token_version', 1)
    try:
        url = profile_data['url']
        auth_key = profile_data['auth_key']
        auth_context = profile_data['auth_context']
        role = auth_context['from']
    except (KeyError, TypeError):
        msg = ('profile has undefined url, auth_key or auth_context')
        log.debug(msg)
        return ret
    region = profile_data.get('region', 'us-east-1')
    token_duration = profile_data.get('token_duration', 60)
    retries = profile_data.get('retries', 5)
    token_cache_file = profile_data.get('token_cache_file')
    backoff = profile_data.get('backoff', 1)
    client = confidant.client.ConfidantClient(
        url,
        auth_key,
        auth_context,
        token_lifetime=token_duration,
        token_version=token_version,
        token_cache_file=token_cache_file,
        region=region,
        retries=retries,
        backoff=backoff
    )
    try:
        data = client.get_service(
            role,
            decrypt_blind=True
        )
    except confidant.client.TokenCreationError:
        return ret
    if not data['result']:
        return ret
    ret = confidant.formatter.combined_credential_pair_format(data)
    ret['credentials_result'] = True
    return ret
예제 #4
0
def ext_pillar(minion_id, pillar, profile=None):
    """
    Read pillar data from Confidant via its API.
    """
    if profile is None:
        profile = {}
    # default to returning failure
    ret = {
        "credentials_result": False,
        "credentials": None,
        "credentials_metadata": None,
    }
    profile_data = copy.deepcopy(profile)
    if profile_data.get("disabled", False):
        ret["result"] = True
        return ret
    token_version = profile_data.get("token_version", 1)
    try:
        url = profile_data["url"]
        auth_key = profile_data["auth_key"]
        auth_context = profile_data["auth_context"]
        role = auth_context["from"]
    except (KeyError, TypeError):
        msg = "profile has undefined url, auth_key or auth_context"
        log.debug(msg)
        return ret
    region = profile_data.get("region", "us-east-1")
    token_duration = profile_data.get("token_duration", 60)
    retries = profile_data.get("retries", 5)
    token_cache_file = profile_data.get("token_cache_file")
    backoff = profile_data.get("backoff", 1)
    client = confidant.client.ConfidantClient(
        url,
        auth_key,
        auth_context,
        token_lifetime=token_duration,
        token_version=token_version,
        token_cache_file=token_cache_file,
        region=region,
        retries=retries,
        backoff=backoff,
    )
    try:
        data = client.get_service(role, decrypt_blind=True)
    except confidant.client.TokenCreationError:
        return ret
    if not data["result"]:
        return ret
    ret = confidant.formatter.combined_credential_pair_format(data)
    ret["credentials_result"] = True
    return ret
예제 #5
0
파일: confidant.py 프로젝트: cldeluna/salt
def ext_pillar(minion_id, pillar, profile=None):
    '''
    Read pillar data from Confidant via its API.
    '''
    if profile is None:
        profile = {}
    # default to returning failure
    ret = {
        'credentials_result': False,
        'credentials': None,
        'credentials_metadata': None
    }
    profile_data = copy.deepcopy(profile)
    if profile_data.get('disabled', False):
        ret['result'] = True
        return ret
    token_version = profile_data.get('token_version', 1)
    try:
        url = profile_data['url']
        auth_key = profile_data['auth_key']
        auth_context = profile_data['auth_context']
        role = auth_context['from']
    except (KeyError, TypeError):
        msg = ('profile has undefined url, auth_key or auth_context')
        log.debug(msg)
        return ret
    region = profile_data.get('region', 'us-east-1')
    token_duration = profile_data.get('token_duration', 60)
    retries = profile_data.get('retries', 5)
    token_cache_file = profile_data.get('token_cache_file')
    backoff = profile_data.get('backoff', 1)
    client = confidant.client.ConfidantClient(
        url,
        auth_key,
        auth_context,
        token_lifetime=token_duration,
        token_version=token_version,
        token_cache_file=token_cache_file,
        region=region,
        retries=retries,
        backoff=backoff)
    try:
        data = client.get_service(role, decrypt_blind=True)
    except confidant.client.TokenCreationError:
        return ret
    if not data['result']:
        return ret
    ret = confidant.formatter.combined_credential_pair_format(data)
    ret['credentials_result'] = True
    return ret