%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/runners/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/runners/venafiapi.pyc

�
���^c@@sdZddlmZmZmZddlZddlZddlZyddlm	Z	e
ZWnOek
r�e
Zyddlm	Z	Wq�ek
r�ddlm	Z	q�XnXddlZddljZddlZddlZddlZddlmZddlmZdZeje�Zd�Zd	�Z d
�Z!dddd�Z#dddddddd
�Z$ddddddddddd�
Z%e%Z&d�Z'd�Z(d�Z)d�Z*d�Z+d�Z,d�Z-d�Z.e.Z/d�Z0d�Z1d�Z2d�Z3dS( u@
Support for Venafi

Before using this module you need to register an account with Venafi, and
configure it in your ``master`` configuration file.

First, you need to add a placeholder to the ``master`` file. This is because
the module will not load unless it finds an ``api_key`` setting, valid or not.
Open up ``/etc/salt/master`` and add:

.. code-block:: yaml

    venafi:
      api_key: None

Then register your email address with Venafi using the following command:

.. code-block:: bash

    salt-run venafi.register <youremail@yourdomain.com>

This command will not return an ``api_key`` to you; that will be sent to you
via email from Venafi. Once you have received that key, open up your ``master``
file and set the ``api_key`` to it:

.. code-block:: yaml

    venafi:
      api_key: abcdef01-2345-6789-abcd-ef0123456789
i(tabsolute_importtprint_functiontunicode_literalsN(tRSA(tCommandExecutionError(tsixuvenaficC@s#tjdi�jd�rtStS(u5
    Only load the module if venafi is installed
    uvenafiuapi_key(t__opts__tgett__virtualname__tFalse(((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt__virtual__>scC@stjdi�jdd�S(u
    Return the base_url
    uvenafiubase_urluhttps://api.venafi.cloud/v1(RR(((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt	_base_urlGscC@stjdi�jdd�S(u
    Return the API key
    uvenafiuapi_keyu(RR(((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt_api_keyPsudefaultc@stddjt�|�dddtdddit�d	6d
d6�}|dd
}tddjt�|�dddtdddit�d	6d
d6�}|dd}xK|D]C}|ddkr�|d}|dd}	|ddd}
q�q�Wt|
�dkrd}
n|	dkrtr]tj|
d�}|j	ddd�fd��}n$tj
d|
�}|jd��}|d"k	rd}
t
jjttj�}y*|j|
|�}||d <||d!<Wn%tk
r�i|d 6|d!6}nX|j|
||�qn|S(#u�
    Generate and return an private_key. If a ``dns_name`` is passed in, the
    private_key will be cached under that name. The type of key and the
    parameters used to generate the key are based on the default certificate
    use policy associated with the specified zone.

    CLI Example:

    .. code-block:: bash

        salt-run venafi.gen_key <minion_id> [dns_name] [zone] [password]
    u
http.queryu{0}/zones/tag/{1}tmethoduGETtdecodetdecode_typeujsontheader_dictutppl-api-keyuapplication/jsonuContent-Typeudictuidu"{0}/certificatepolicies?zoneId={1}ucertificatePoliciesucertificatePolicyTypeuCERTIFICATE_USEukeyTypesiukeyTypeu
keyLengthsiuRSAitcipherudes_ede3_cbctcallbackc@s
tj��S(N(Rtb(tx(tpassword(s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt<lambda>�stbitsuPEMuvenafi/domainsuprivate_keyu	minion_idN(t	__utils__tformatRtTrueRtinttHAS_M2Rtgen_keytas_pemtgeneratet	exportKeytNonetsalttcachetCacheRtsyspathst	CACHE_DIRtfetcht	TypeErrortstore(t	minion_idtdns_nametzoneRtqdatatzone_idtpoliciestpolicytkeyTypestkeygen_typetkey_lentgentprivate_keytbankR#tdata((Rs:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyRWsV





	$


c	C@s�tj�}	tj|	d�d}
tjjttj	�}|j
|
|�}|dkrai}nd|kr�t||||�|d<ndj
|	�}
dj
|	�}tjjj|
d��'}|jtjjj|d��WdQX|dkrtjdi�jd	�}n|dkr<tjdi�jd
�}n|dkrftjdi�jd�}n|dkr�tjdi�jd�}n|dkr�tjdi�jd
�}ndj
||||||�}dj
|
||�}|dk	r|dj
|�7}ntdd|�}d|kr=td��ntjjj|d��"}tjjj|j��}WdQX||d<||d<|j|
||�|S(uE
    Generate a csr using the host's private_key.
    Analogous to:

    .. code-block:: bash

        VCert gencsr -cn [CN Value] -o "Beta Organization" -ou "Beta Group"             -l "Palo Alto" -st "California" -c US

    CLI Example:

    .. code-block:: bash

        salt-run venafi.gen_csr <minion_id> <dns_name>
    i�uvenafi/domainsuprivate_keyu{0}/privu{0}/csruwNuvenafiucountryustateulocuorguorg_unitu'/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}u6openssl req -new -sha256 -key {0} -out {1} -subj '{2}'u -passin pass:{0}usalt.cmducmd.runu#problems making Certificate Requestu�There was a problem generating the CSR. Please ensure that you have the following variables set either on the command line, or in the venafi section of your master configuration file: country, state, loc, org, org_unituru	minion_iducsr(ttempfiletmkdtemptostchmodR"R#R$RR%R&R'R!RRtutilstfilestfopentwritetstringutilstto_strRt__salt__Rt
to_unicodetreadR)(R*R+R,tcountrytstatetloctorgtorg_unitRttmpdirR6R#R7ttmpprivttmpcsrtif_tsubjecttcmdtoutputtof_tcsr((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pytgen_csr�s\	&		!

uUSu
Californiau	Palo AltouBeta Organizationu
Beta GroupcC@s*|	d%k	r1|	jd�r1td|	�}	q1n|
d%kr[tjdi�jd�}
n|
d%kr�|d%k	r�t|�}
n|
d%kr�td��nt||||	�}t||d|d|d|d	|d
|d|d|	�}t	j
jji|
d
6|d6�}
t
ddjt��ddd|
dtdddit�d6dd6�}|dddd}i|d6|d 6|d!6|d"6}d#}t	jjttj�}|j||�}|d%kr�i}n|ji|d$6|d6|d 6|d"6|d!6�|j|||�t||�|S(&u
    Request a new certificate

    Uses the following command:

    .. code-block:: bash

        VCert enroll -z <zone> -k <api key> -cn <domain name>

    CLI Example:

    .. code-block:: bash

        salt-run venafi.request <minion_id> <dns_name>
    usdb://usdb.getuvenafiuzone_idu�Either a zone or a zone_id must be passed in or configured in the master file. This id can be retreived using venafi.show_company <domain>R,RERFRGRHRIRuzoneIducertificateSigningRequestu
http.queryu{0}/certificaterequestsR
uPOSTR7RRujsonRutppl-api-keyuapplication/jsonuContent-TypeudictucertificateRequestsiuidu
request_iduprivate_keyucsruzoneuvenafi/domainsu	minion_idN(R!t
startswithRBRRtget_zone_idRRRSR"R<tjsontdumpsRRRRRR#R$R%R&R'tupdateR)t_id_map(R*R+R,t
request_idRERFRGRHRIRR.R5RRtpdataR-tretR6R#R7((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pytrequestsj	



		
cC@s{d}tjjttj�}|j||�}t|t�sHg}n||krd|j	|�n|j
|||�dS(uA
    Maintain a relationship between a minion and a dns name
    uvenafi/minionsN(R"R#R$RR%R&R't
isinstancetlisttappendR)(R*R+R6R#t	dns_names((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyRYps	cC@s�tddjt��dddtjjji|d6dd6�d	td
tddd
idd6�}|d}tj	|�j
d�s�tj	|�j
d�r�tdj|d���n|jdi�S(u�
    Register a new user account

    CLI Example:

    .. code-block:: bash

        salt-run venafi.register email@example.com
    u
http.queryu{0}/useraccountsR
uPOSTR7uusernameuAPIuuserAccountTypetstatusRRujsonRuapplication/jsonuContent-Typeustatusu4u5uThere was an API error: {0}uerrorudict(
RRRR"R<RVRWRRt	text_typeRTRR(temailR7Rb((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pytregister~s 



0cC@s�tddjt�|�dtdtdddit�d6�}|d	}tj|�jd
�s{tj|�jd�r�tdj|d
���n|j	di�S(u�
    Show company information, especially the company id

    CLI Example:

    .. code-block:: bash

        salt-run venafi.show_company example.com
    u
http.queryu{0}/companies/domain/{1}RbRRujsonRutppl-api-keyustatusu4u5uThere was an API error: {0}uerrorudict(
RRRRRRRcRTRR(tdomainR7Rb((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pytshow_company�s

0cC@s�tddjt��dtdtdddit�d6�}|d	}tj|�jd
�sxtj|�jd�r�tdj|d
���n|j	di�S(u�
    Show certificate requests for this API key

    CLI Example:

    .. code-block:: bash

        salt-run venafi.show_csrs
    u
http.queryu{0}/certificaterequestsRbRRujsonRutppl-api-keyustatusu4u5uThere was an API error: {0}uerrorudict(
RRRRRRRcRTRR(R7Rb((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt	show_csrs�s

0cC@s�tddjt�|�dtdtdddit�d6�}|d	}tj|�jd
�s{tj|�jd�r�tdj|d
���n|ddS(u�
    Get the zone ID for the given zone name

    CLI Example:

    .. code-block:: bash

        salt-run venafi.get_zone_id default
    u
http.queryu{0}/zones/tag/{1}RbRRujsonRutppl-api-keyustatusu4u5uThere was an API error: {0}uerrorudictuid(	RRRRRRRcRTR(t	zone_nameR7Rb((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyRU�s

0cC@s�tddjt��dtdtdddit�d6�}|d	}tj|�jd
�sxtj|�jd�r�tdj|d
���n|dS(u�
    Show zone details for the API key owner's company

    CLI Example:

    .. code-block:: bash

        salt-run venafi.show_zones
    u
http.queryu{0}/certificatepoliciesRbRRujsonRutppl-api-keyustatusu4u5uThere was an API error: {0}uerrorudict(	RRRRRRRcRTR(R7Rb((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt
show_policies�s

0cC@s�tddjt��dtdtdddit�d6�}|d	}tj|�jd
�sxtj|�jd�r�tdj|d
���n|dS(u�
    Show zone details for the API key owner's company

    CLI Example:

    .. code-block:: bash

        salt-run venafi.show_zones
    u
http.queryu	{0}/zonesRbRRujsonRutppl-api-keyustatusu4u5uThere was an API error: {0}uerrorudict(	RRRRRRRcRTR(R7Rb((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt
show_zoness

0c	
C@s5tddjt�|�didd6dd6dtd	td
it�d6�}|d}tj|�jd
�s�tj|�jd�r�tdj|d���n|j	dd�}tddjt�|�dtdtddd
it�d6�}|d}tj|�jd
�s2tj|�jd�rNtdj|d���n|j	di�}t
|�}d}x@|djd�D]+}|jd�r�|jd�d}q�q�Wtj
jttj�}|jd|�}|d kr�i}n|j	d�|d<|j|�|jd||�||d<|S(!u�
    Show certificate requests for this API key

    CLI Example:

    .. code-block:: bash

        salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef
    u
http.queryu'{0}/certificaterequests/{1}/certificatetparamsuPEMuformatu
ROOT_FIRSTu
chainOrderRbttextRutppl-api-keyustatusu4u5uThere was an API error: {0}uerrorubodyuu{0}/certificaterequests/{1}RRujsonudictucertificateNameu,ucn=u=iuvenafi/domainsuprivate_keyu
request_idN(RRRRRRRcRTRRt_parse_certstsplitR"R#R$RR%R&R'R!RXR)(	tid_R7Rbtcsr_datatcertsR+titemR#tdomain_data((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt	show_cert&sL


0
0	

cC@s8tjjttj�}d}|j||�}|dS(u�
    Show a private RSA key

    CLI Example:

    .. code-block:: bash

        salt-run venafi.show_rsa myminion domain.example.com
    uvenafi/domainsuprivate_key(R"R#R$RR%R&R'(R*R+R#R6R7((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pytshow_rsacs

cC@s%tjjttj�}|jd�S(u�
    List domains that have been cached

    CLI Example:

    .. code-block:: bash

        salt-run venafi.list_domain_cache
    uvenafi/domains(R"R#R$RR%R&R_(R#((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pytlist_domain_cacheus
cC@s�tjjttj�}t|tj�r<|j	d�}nt|t
�sZtd��ng}g}xP|D]H}y!|jd|�|j
|�Wqmtk
r�|j
|�qmXqmWi|d6|d6S(u�
    Delete cached domains from the master

    CLI Example:

    .. code-block:: bash

        salt-run venafi.del_cached_domain domain1.example.com,domain2.example.com
    u,uwYou must pass in either a string containing one or more domains separated by commas, or a list of single domain stringsuvenafi/domainsu	SucceededuFailed(R"R#R$RR%R&R^Rtstring_typesRoR_RtflushR`(tdomainsR#tsuccesstfailedRf((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pytdel_cached_domain�s


cC@sqt}d}g}d}x|j�D]}|j�s=q%nd|krn|jd�}|dj�}q%nd|ks�d|kr�d|kr�||}n
||}|j|�t}q%nd|ks�d	|kr	d|kr�|d
}n
|d
}t}q%n|tkr%||d
}q%q%q%W|jd�}|jd�}	i|	d6|d
6|d6|d6}
|
S(NuuSuccessfully posted requestu for i����uEND CERTIFICATEuEND RSA private_keyuRSAuBEGIN CERTIFICATEuBEGIN RSA private_keyu
iuend_entity_certificateuprivate_keyuroot_certificateuintermediate_certificates(R	t
splitlineststripRoR`Rtpop(R7t	cert_modetcertRrtrsa_keytlinetcompsRZtrcertteecertR\((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyRn�sF






(4t__doc__t
__future__RRRtloggingR:R8tM2CryptoRRRtImportErrorR	tCryptodome.PublicKeytCrypto.PublicKeyt
salt.cacheR"t
salt.syspathsR%tsalt.utils.filestsalt.utils.jsontsalt.utils.stringutilstsalt.exceptionsRtsalt.extRRt	getLoggert__name__tlogR
RRR!RRSR]trenewRYReRgRhRURjRkRutpickupRvRwR}Rn(((s:/usr/lib/python2.7/site-packages/salt/runners/venafiapi.pyt<module>sr


					VU\		 						:			

Zerion Mini Shell 1.0