%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/pillar/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/pillar/vault.pyo

�
���^c@@scdZddlmZmZmZddlZeje�Zidd6Z	d�Z
dd�ZdS(u
Vault Pillar Module

:maintainer:    SaltStack
:maturity:      New
:platform:      all

.. versionadded:: 2016.11.0

This module allows pillar data to be stored in Hashicorp Vault.

Base configuration instructions are documented in the :ref:`execution module docs <vault-setup>`.
Below are noted extra configuration required for the pillar module, but the base
configuration must also be completed.

After the base Vault configuration is created, add the configuration below to
the ext_pillar section in the Salt master configuration.

.. code-block:: yaml

    ext_pillar:
      - vault: path=secret/salt

Each key needs to have all the key-value pairs with the names you
require. Avoid naming every key 'password' as you they will collide:

If you want to nest results under a nesting_key name use the following format:

    ext_pillar:
      - vault:
          conf: path=secret/salt
          nesting_key: vault_key_name

.. code-block:: bash

    $ vault write secret/salt auth=my_password master=127.0.0.1

The above will result in two pillars being available, ``auth`` and ``master``.

You can then use normal pillar requests to get each key pair directly from
pillar root. Example:

.. code-block:: bash

    $ salt-ssh '*' pillar.get auth

Multiple Vault sources may also be used:

.. code-block:: yaml

    ext_pillar:
      - vault: path=secret/salt
      - vault: path=secret/root
      - vault: path=secret/minions/{minion}/pass

You can also use nesting here as well.  Identical nesting keys will get merged.

.. code-block:: yaml

    ext_pillar:
      - vault:
           conf: path=secret/salt
           nesting_key: keyname1
      - vault:
           conf: path=secret/root
           nesting_key: keyname1
      - vault:
           conf: path=secret/minions/{minion}/pass
           nesting_key: keyname2

The difference between the return with and without the nesting key is shown below.
This example takes the key value pairs returned from vault as follows:

path=secret/salt

Key             Value
---             -----
salt-passwd     badpasswd1

path=secret/root

Key             Value
---             -----
root-passwd     rootbadpasswd1

path=secret/minions/{minion}/pass

Key             Value
---             -----
minion-passwd   minionbadpasswd1


.. code-block:: yaml

    #Nesting Key not defined

    local:
        ----------
        salt-passwd:
            badpasswd1
        root-passwd:
            rootbadpasswd1
        minion-passwd:
            minionbadpasswd1

    #Nesting Key defined

    local:
        ----------
        keyname1:
            ----------
                salt-passwd:
                    badpasswd1
                root-passwd:
                    rootbadpasswd1
        keyname2:
            ----------
                minion-passwd:
                    minionbadpasswd1

i(tabsolute_importtprint_functiontunicode_literalsNusetuset_cC@stS(u2
    This module has no external dependencies
    (tTrue(((s5/usr/lib/python2.7/site-packages/salt/pillar/vault.pyt__virtual__�scC@s|j�}g|D]}|jd�r|^q}|sNtjd|�iSi}y�|djdd�}|ji|d6�}dj|�}	tdd|	�}
|
jd	kr�|
j�j	d
i�}ntj
d|�Wn!tk
rtjd|�nX|ri||6}n|S(
uD
    Get pillar data from Vault for the configuration ``conf``.
    upath=u+"%s" is not a valid Vault ext_pillar configiuuminionuv1/{0}uvault.make_requestuGETi�udatauVault secret not found for: %suNo such path in Vault: %s(tsplitt
startswithtlogterrortreplacetformatt	__utils__tstatus_codetjsontgettinfotKeyError(t	minion_idtpillartconftnesting_keytcompstcomptpathstvault_pillartpathturltresponse((s5/usr/lib/python2.7/site-packages/salt/pillar/vault.pyt
ext_pillar�s&(
(
t__doc__t
__future__RRRtloggingt	getLoggert__name__Rt__func_alias__RtNoneR(((s5/usr/lib/python2.7/site-packages/salt/pillar/vault.pyt<module>zs


Zerion Mini Shell 1.0