%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/runners/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/runners/vault.pyo

�
���^c@@s�dZddlmZmZmZddlZddlZddlZddlZddl	Z	ddl
ZddlZddl
mZeje�Zed�Zd�Zd�Zd�Zd	�Zd
�Zd�Zd�ZdS(
u�
:maintainer:    SaltStack
:maturity:      new
:platform:      all

Runner functions supporting the Vault modules. Configuration instructions are
documented in the execution module docs.
i(tabsolute_importtprint_functiontunicode_literalsN(tsixcC@sTtjd||�t|||�ytd}|jdd!�}|dddkrt�rtjd�dj|d	�}i|dd
d
6}d|dkr�|dd|d<ntj	|d|d
|�}|j
dkr�i|jd6S|j�dd|dd<qnt
|�}i|ddd6}it�jdd�d6|d6t�jdd�d6}	it||�d6dd6|	d6}|dgkr�idd6Stjd�tj	|d |d|d
|�}|j
dkr�i|jd6S|j�d}
i|
dd6|d	d	6|d6SWn$tk
rO}itj|�d6SXd!S("u�
    Generate a Vault token for minion minion_id

    minion_id
        The id of the minion that requests a token

    signature
        Cryptographic signature which validates that the request is indeed sent
        by the minion (or the master, see impersonated_by_master).

    impersonated_by_master
        If the master needs to create a token on behalf of the minion, this is
        True. This happens when the master generates minion pillars.
    u<Token generation request for %s (impersonated by master: %s)uvaultuverifyuauthumethoduapproleu#Vault token expired. Recreating oneu{0}/v1/auth/approle/loginuurlurole_idu	secret_idtjsontverifyi�uerroruclient_tokenutokenu
X-Vault-Tokenu__jid__u<no jid set>u
saltstack-jidusaltstack-minionu__user__u
<no user set>usaltstack-userupoliciesiunum_usesumetauNo policies matched minionu'Sending token creation request to VaulttheadersN(tlogtdebugt_validate_signaturet__opts__tgettNonet_selftoken_expiredtformattrequeststposttstatus_codetreasonRt_get_token_create_urltglobalst
_get_policiesttracet	ExceptionRt	text_type(t	minion_idt	signaturetimpersonated_by_mastertconfigRturltpayloadtresponseRt
audit_datat	auth_datate((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pytgenerate_tokensR

	
"

!c	C@s`xYtddD]I}tddddtji|d6��j�}|dtkrtSqWtS(	uj
    Unseal Vault server

    This function uses the 'keys' from the 'vault' configuration to unseal vault server

    vault:
      keys:
        - n63/TbrQuL3xaIW7ZZpuXj/tIfnK1/MbVxO4vT3wYD2A
        - S9OwCvMRhErEA4NVVELYBs6w/Me6+urgUr24xGK44Uy3
        - F1j4b7JKq850NS6Kboiy5laJ0xY8dWJvB3fcwA+SraYl
        - 1cYtvjKJNDVam9c7HNqJUfINk4PYyAXIpjkpN/sIuzPv
        - 3pPK5X6vGtwLhNOFv1U2elahECz3HpRUfNXJFYLw6lid

    .. note: This function will send unsealed keys until the api returns back
             that the vault has been unsealed

    CLI Examples:

    .. code-block:: bash

        salt-run vault.unseal
    uvaultukeysuvault.make_requestuPUTu
v1/sys/unsealtdataukeyusealed(R
t	__utils__RtdumpstFalsetTrue(tkeytret((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pytunsealcs
/cC@std}t||�S(u�
    Show the Vault policies that are applied to tokens for the given minion

    minion_id
        The minions id

    CLI Example:

    .. code-block:: bash

        salt-run vault.show_policies myminion
    uvault(R
R(RR((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pyt
show_policies�s
cC@s�td}|r"dj|�}ndj||�}tjd|�tj|�}tjj|||�s�tj	j
dj|���ntjd�dS(u^
    Validate that either minion with id minion_id, or the master, signed the
    request
    upki_diru{0}/master.pubu{0}/minions/{1}uValidating signature for %su)Could not validate token request from {0}uSignature okN(R
RRRtbase64t	b64decodetsalttcrypttverify_signaturet
exceptionstAuthenticationError(RRRtpki_dirt
public_key((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pyR	�s
	c	C@s�tjjj|t�\}}}|jdddg�}i|d6|pLid6}g}xl|D]d}y:x3t||�D]"}|j|j|�j	��qyWWq`t
k
r�tjd|�q`Xq`Wtj
d||�|S(uJ
    Get the policies that should be applied to a token for minion_id
    upoliciesusaltstack/minion/{minion}usaltstack/minionsuminionugrainsu#Could not resolve policy pattern %su%s policies: %s(R/tutilstminionstget_minion_dataR
Rt_expand_pattern_liststappendRtlowertKeyErrorRtwarningR(	RRt_tgrainstpolicy_patternstmappingstpoliciestpatterntexpanded_pattern((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pyR�s!

cK@s�g}tj�}x�|j|�D]�\}}}}|dkrFq"n|j|d|�\}}t|t�r"dj|�}g|D]!}|j|t	j
|��^q�}	x'|	D]}
t|
|�}||7}q�W|Sq"W|gS(u�
    Expands the pattern for any list-valued mappings, such that for any list of
    length N in the mappings present in the pattern, N copies of the pattern are
    returned, each with an element of the list substituted.

    pattern:
        A pattern to expand, for example ``by-role/{grains[roles]}``

    mappings:
        A dictionary of variables that can be expanded into the pattern.

    Example: Given the pattern `` by-role/{grains[roles]}`` and the below grains

    .. code-block:: yaml

        grains:
            roles:
                - web
                - database

    This function will expand into two patterns,
    ``[by-role/web, by-role/database]``.

    Note that this method does not expand any non-list patterns.
    u{{{0}}}N(tstringt	FormattertparseRt	get_fieldt
isinstancetlistRtreplaceRRR9(RCRAtexpanded_patternstfR>t
field_nametvaluettokentelemtexpandedt
expanded_itemtresult((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pyR9�s	".
cC@s�y�tdjdd�}djtdd�}dtddkrHtSitdddd6}tj|d|d	|�}|jd
kr�tStSWn7tk
r�}t	j
jdjtj
|����nXdS(
u>
    Validate the current token exists and is still valid
    uvaultuverifyu{0}/v1/auth/token/lookup-selfuurlutokenuauthu
X-Vault-TokenRRi�u'Error while looking up self token : {0}N(R
RRRR(RRR'RR/R2tCommandExecutionErrorRR(RRRRR"((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pyR
�s	cC@sB|jdd�}d}|d}djd�|||fD��S(u-
    Create Vault url for token creation
    u	role_nameu/v1/auth/token/createuurlu/cs@s$|]}|r|jd�VqdS(u/N(tstrip(t.0tx((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pys	<genexpr>
sN(RRtjoin(Rt	role_namet	auth_pathtbase_url((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pyRs
(t__doc__t
__future__RRRR-RtloggingRERt
salt.cryptR/tsalt.exceptionstsalt.extRt	getLoggert__name__RR'R#R+R,R	RR9R
R(((s6/usr/lib/python2.7/site-packages/salt/runners/vault.pyt<module>	s$G					2	

Zerion Mini Shell 1.0