golden hour
/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
35 B
Del
OK
__pycache__
-
Del
OK
acme.py
12.74 KB
Del
OK
aix_group.py
4.12 KB
Del
OK
aix_shadow.py
1.93 KB
Del
OK
aixpkg.py
24.15 KB
Del
OK
aliases.py
5.07 KB
Del
OK
alternatives.py
5.71 KB
Del
OK
ansiblegate.py
19.51 KB
Del
OK
apache.py
12.47 KB
Del
OK
apcups.py
2.15 KB
Del
OK
apf.py
3.09 KB
Del
OK
apkpkg.py
16 KB
Del
OK
aptly.py
15.28 KB
Del
OK
aptpkg.py
116.64 KB
Del
OK
archive.py
48.63 KB
Del
OK
arista_pyeapi.py
22.06 KB
Del
OK
artifactory.py
24.78 KB
Del
OK
at.py
10.72 KB
Del
OK
at_solaris.py
8.51 KB
Del
OK
augeas_cfg.py
13.93 KB
Del
OK
aws_sqs.py
6.55 KB
Del
OK
azurearm_compute.py
20.8 KB
Del
OK
azurearm_dns.py
15.8 KB
Del
OK
azurearm_network.py
82.99 KB
Del
OK
azurearm_resource.py
35.75 KB
Del
OK
bamboohr.py
7.36 KB
Del
OK
baredoc.py
11.13 KB
Del
OK
bcache.py
28.97 KB
Del
OK
beacons.py
27.82 KB
Del
OK
bigip.py
69.11 KB
Del
OK
bluez_bluetooth.py
6.76 KB
Del
OK
boto3_elasticache.py
37.34 KB
Del
OK
boto3_elasticsearch.py
53.17 KB
Del
OK
boto3_route53.py
39.82 KB
Del
OK
boto3_sns.py
12.93 KB
Del
OK
boto_apigateway.py
61.86 KB
Del
OK
boto_asg.py
35.69 KB
Del
OK
boto_cfn.py
7.95 KB
Del
OK
boto_cloudfront.py
12.75 KB
Del
OK
boto_cloudtrail.py
14.45 KB
Del
OK
boto_cloudwatch.py
10.99 KB
Del
OK
boto_cloudwatch_event.py
9.48 KB
Del
OK
boto_cognitoidentity.py
14.63 KB
Del
OK
boto_datapipeline.py
6.94 KB
Del
OK
boto_dynamodb.py
14.98 KB
Del
OK
boto_ec2.py
79.27 KB
Del
OK
boto_efs.py
14.05 KB
Del
OK
boto_elasticache.py
23.69 KB
Del
OK
boto_elasticsearch_domain.py
15.85 KB
Del
OK
boto_elb.py
35.53 KB
Del
OK
boto_elbv2.py
10.78 KB
Del
OK
boto_iam.py
75.62 KB
Del
OK
boto_iot.py
26.2 KB
Del
OK
boto_kinesis.py
19.62 KB
Del
OK
boto_kms.py
17.29 KB
Del
OK
boto_lambda.py
35.05 KB
Del
OK
boto_rds.py
34.92 KB
Del
OK
boto_route53.py
32.55 KB
Del
OK
boto_s3.py
4.24 KB
Del
OK
boto_s3_bucket.py
31.8 KB
Del
OK
boto_secgroup.py
25.22 KB
Del
OK
boto_sns.py
7.22 KB
Del
OK
boto_sqs.py
6.43 KB
Del
OK
boto_ssm.py
3.63 KB
Del
OK
boto_vpc.py
113.08 KB
Del
OK
bower.py
5.85 KB
Del
OK
bridge.py
10.81 KB
Del
OK
bsd_shadow.py
6.25 KB
Del
OK
btrfs.py
33.66 KB
Del
OK
cabal.py
3.79 KB
Del
OK
capirca_acl.py
40.04 KB
Del
OK
cassandra_cql.py
54.16 KB
Del
OK
cassandra_mod.py
4.3 KB
Del
OK
celery.py
3.33 KB
Del
OK
ceph.py
15.82 KB
Del
OK
chassis.py
1.52 KB
Del
OK
chef.py
4.66 KB
Del
OK
chocolatey.py
41.55 KB
Del
OK
chronos.py
2.89 KB
Del
OK
chroot.py
11.73 KB
Del
OK
cimc.py
23.02 KB
Del
OK
ciscoconfparse_mod.py
14.79 KB
Del
OK
cisconso.py
3.83 KB
Del
OK
cloud.py
9.39 KB
Del
OK
cmdmod.py
163.73 KB
Del
OK
composer.py
10.31 KB
Del
OK
config.py
16.98 KB
Del
OK
consul.py
69.3 KB
Del
OK
container_resource.py
12.94 KB
Del
OK
cp.py
31.98 KB
Del
OK
cpan.py
5.54 KB
Del
OK
cron.py
28.09 KB
Del
OK
cryptdev.py
10.08 KB
Del
OK
csf.py
16.04 KB
Del
OK
cyg.py
8.32 KB
Del
OK
daemontools.py
5.41 KB
Del
OK
data.py
3.85 KB
Del
OK
datadog_api.py
7.76 KB
Del
OK
ddns.py
7.12 KB
Del
OK
deb_apache.py
7.41 KB
Del
OK
deb_postgres.py
4.18 KB
Del
OK
debconfmod.py
4.06 KB
Del
OK
debian_ip.py
64.91 KB
Del
OK
debian_service.py
6.55 KB
Del
OK
debuild_pkgbuild.py
34.68 KB
Del
OK
defaults.py
6.55 KB
Del
OK
devinfo.py
9.07 KB
Del
OK
devmap.py
627 B
Del
OK
dig.py
8.75 KB
Del
OK
disk.py
30.82 KB
Del
OK
djangomod.py
7.53 KB
Del
OK
dnsmasq.py
5.71 KB
Del
OK
dnsutil.py
11.51 KB
Del
OK
dockercompose.py
32.62 KB
Del
OK
dockermod.py
224.85 KB
Del
OK
dpkg_lowpkg.py
12.94 KB
Del
OK
drac.py
10.97 KB
Del
OK
dracr.py
38.53 KB
Del
OK
drbd.py
7.19 KB
Del
OK
dummyproxy_pkg.py
2.46 KB
Del
OK
dummyproxy_service.py
2.91 KB
Del
OK
ebuildpkg.py
38.74 KB
Del
OK
eix.py
1.58 KB
Del
OK
elasticsearch.py
51.44 KB
Del
OK
environ.py
8.96 KB
Del
OK
eselect.py
4.99 KB
Del
OK
esxcluster.py
1.66 KB
Del
OK
esxdatacenter.py
1.68 KB
Del
OK
esxi.py
2.79 KB
Del
OK
esxvm.py
1.63 KB
Del
OK
etcd_mod.py
8.56 KB
Del
OK
ethtool.py
11.12 KB
Del
OK
event.py
7.67 KB
Del
OK
extfs.py
8.78 KB
Del
OK
file.py
232.18 KB
Del
OK
firewalld.py
20.51 KB
Del
OK
freebsd_sysctl.py
4.99 KB
Del
OK
freebsd_update.py
6.19 KB
Del
OK
freebsdjail.py
7.16 KB
Del
OK
freebsdkmod.py
6.17 KB
Del
OK
freebsdpkg.py
17.04 KB
Del
OK
freebsdports.py
13.13 KB
Del
OK
freebsdservice.py
12.53 KB
Del
OK
freezer.py
10.2 KB
Del
OK
gcp_addon.py
4.07 KB
Del
OK
gem.py
10.6 KB
Del
OK
genesis.py
21.75 KB
Del
OK
gentoo_service.py
9.18 KB
Del
OK
gentoolkitmod.py
8.39 KB
Del
OK
git.py
172.01 KB
Del
OK
github.py
53.19 KB
Del
OK
glanceng.py
4.69 KB
Del
OK
glassfish.py
19.49 KB
Del
OK
glusterfs.py
19.55 KB
Del
OK
gnomedesktop.py
6.85 KB
Del
OK
google_chat.py
1.52 KB
Del
OK
gpg.py
39.09 KB
Del
OK
grafana4.py
30.27 KB
Del
OK
grains.py
21.81 KB
Del
OK
groupadd.py
11.87 KB
Del
OK
grub_legacy.py
3.08 KB
Del
OK
guestfs.py
2.37 KB
Del
OK
hadoop.py
3.76 KB
Del
OK
haproxyconn.py
10.17 KB
Del
OK
hashutil.py
6.77 KB
Del
OK
heat.py
25.25 KB
Del
OK
helm.py
39.27 KB
Del
OK
hg.py
7.16 KB
Del
OK
highstate_doc.py
22.76 KB
Del
OK
hosts.py
10.47 KB
Del
OK
http.py
3.76 KB
Del
OK
icinga2.py
4.46 KB
Del
OK
idem.py
1.75 KB
Del
OK
ifttt.py
2.28 KB
Del
OK
ilo.py
15.98 KB
Del
OK
incron.py
7.68 KB
Del
OK
influxdb08mod.py
15.07 KB
Del
OK
influxdbmod.py
16.13 KB
Del
OK
infoblox.py
17.53 KB
Del
OK
ini_manage.py
14.63 KB
Del
OK
inspectlib
-
Del
OK
inspector.py
8.19 KB
Del
OK
introspect.py
4.02 KB
Del
OK
iosconfig.py
14.78 KB
Del
OK
ipmi.py
25.47 KB
Del
OK
ipset.py
17.97 KB
Del
OK
iptables.py
57.44 KB
Del
OK
iwtools.py
3.99 KB
Del
OK
jboss7.py
20.51 KB
Del
OK
jboss7_cli.py
15.23 KB
Del
OK
jenkinsmod.py
11.9 KB
Del
OK
jinja.py
2.66 KB
Del
OK
jira_mod.py
7.07 KB
Del
OK
junos.py
73.96 KB
Del
OK
k8s.py
24.87 KB
Del
OK
kapacitor.py
5.37 KB
Del
OK
kerberos.py
5.42 KB
Del
OK
kernelpkg_linux_apt.py
6.71 KB
Del
OK
kernelpkg_linux_yum.py
7.26 KB
Del
OK
key.py
1007 B
Del
OK
keyboard.py
2.64 KB
Del
OK
keystone.py
43.14 KB
Del
OK
keystoneng.py
21.82 KB
Del
OK
keystore.py
7.18 KB
Del
OK
kmod.py
7.65 KB
Del
OK
kubeadm.py
34.64 KB
Del
OK
kubernetesmod.py
46.77 KB
Del
OK
launchctl_service.py
9.69 KB
Del
OK
layman.py
4.22 KB
Del
OK
ldap3.py
18.81 KB
Del
OK
ldapmod.py
5.9 KB
Del
OK
libcloud_compute.py
23.48 KB
Del
OK
libcloud_dns.py
9.73 KB
Del
OK
libcloud_loadbalancer.py
13.14 KB
Del
OK
libcloud_storage.py
12.16 KB
Del
OK
linux_acl.py
7.7 KB
Del
OK
linux_ip.py
5.55 KB
Del
OK
linux_lvm.py
17.86 KB
Del
OK
linux_service.py
4.64 KB
Del
OK
linux_shadow.py
12.96 KB
Del
OK
linux_sysctl.py
7.5 KB
Del
OK
localemod.py
11.84 KB
Del
OK
locate.py
2.58 KB
Del
OK
logadm.py
9.44 KB
Del
OK
logmod.py
1.25 KB
Del
OK
logrotate.py
7.72 KB
Del
OK
lvs.py
11.54 KB
Del
OK
lxc.py
147.27 KB
Del
OK
lxd.py
90.07 KB
Del
OK
mac_assistive.py
11.37 KB
Del
OK
mac_brew_pkg.py
19.91 KB
Del
OK
mac_desktop.py
2.77 KB
Del
OK
mac_group.py
6.62 KB
Del
OK
mac_keychain.py
6.39 KB
Del
OK
mac_pkgutil.py
2.84 KB
Del
OK
mac_portspkg.py
11.36 KB
Del
OK
mac_power.py
13.29 KB
Del
OK
mac_service.py
19.64 KB
Del
OK
mac_shadow.py
14.23 KB
Del
OK
mac_softwareupdate.py
14.52 KB
Del
OK
mac_sysctl.py
5.13 KB
Del
OK
mac_system.py
15.07 KB
Del
OK
mac_timezone.py
8.34 KB
Del
OK
mac_user.py
16.41 KB
Del
OK
mac_xattr.py
6.27 KB
Del
OK
macdefaults.py
2.33 KB
Del
OK
macpackage.py
6.66 KB
Del
OK
makeconf.py
17.31 KB
Del
OK
mandrill.py
6.31 KB
Del
OK
marathon.py
5.36 KB
Del
OK
match.py
13 KB
Del
OK
mattermost.py
3.4 KB
Del
OK
mdadm_raid.py
9.86 KB
Del
OK
mdata.py
3.38 KB
Del
OK
memcached.py
6.13 KB
Del
OK
mine.py
18.84 KB
Del
OK
minion.py
7.68 KB
Del
OK
mod_random.py
7.18 KB
Del
OK
modjk.py
12.48 KB
Del
OK
mongodb.py
29.75 KB
Del
OK
monit.py
5.51 KB
Del
OK
moosefs.py
3.87 KB
Del
OK
mount.py
58.44 KB
Del
OK
mssql.py
14.64 KB
Del
OK
msteams.py
2.11 KB
Del
OK
munin.py
2.4 KB
Del
OK
mysql.py
90.66 KB
Del
OK
nacl.py
9.72 KB
Del
OK
nagios.py
6.53 KB
Del
OK
nagios_rpc.py
5.09 KB
Del
OK
namecheap_domains.py
12.84 KB
Del
OK
namecheap_domains_dns.py
5.93 KB
Del
OK
namecheap_domains_ns.py
4.51 KB
Del
OK
namecheap_ssl.py
25.69 KB
Del
OK
namecheap_users.py
2.4 KB
Del
OK
napalm_bgp.py
9.72 KB
Del
OK
napalm_formula.py
11.33 KB
Del
OK
napalm_mod.py
61.37 KB
Del
OK
napalm_netacl.py
28.59 KB
Del
OK
napalm_network.py
93.22 KB
Del
OK
napalm_ntp.py
10.22 KB
Del
OK
napalm_probes.py
13.25 KB
Del
OK
napalm_route.py
5.09 KB
Del
OK
napalm_snmp.py
7.05 KB
Del
OK
napalm_users.py
6.49 KB
Del
OK
napalm_yang_mod.py
20.28 KB
Del
OK
netaddress.py
1.6 KB
Del
OK
netbox.py
32.22 KB
Del
OK
netbsd_sysctl.py
3.92 KB
Del
OK
netbsdservice.py
6.43 KB
Del
OK
netmiko_mod.py
19.61 KB
Del
OK
netscaler.py
27.02 KB
Del
OK
network.py
63.42 KB
Del
OK
neutron.py
44.92 KB
Del
OK
neutronng.py
15.02 KB
Del
OK
nexus.py
22.95 KB
Del
OK
nfs3.py
3.9 KB
Del
OK
nftables.py
33.58 KB
Del
OK
nginx.py
3.83 KB
Del
OK
nilrt_ip.py
36.18 KB
Del
OK
nix.py
8.03 KB
Del
OK
nova.py
19.6 KB
Del
OK
npm.py
10.4 KB
Del
OK
nspawn.py
41.35 KB
Del
OK
nxos.py
24.65 KB
Del
OK
nxos_api.py
14.72 KB
Del
OK
nxos_upgrade.py
14.74 KB
Del
OK
omapi.py
3.6 KB
Del
OK
openbsd_sysctl.py
3.74 KB
Del
OK
openbsdpkg.py
10.97 KB
Del
OK
openbsdrcctl_service.py
6.33 KB
Del
OK
openbsdservice.py
8.31 KB
Del
OK
openscap.py
2.81 KB
Del
OK
openstack_config.py
3.21 KB
Del
OK
openstack_mng.py
2.71 KB
Del
OK
openvswitch.py
17.19 KB
Del
OK
opkg.py
49.67 KB
Del
OK
opsgenie.py
3.29 KB
Del
OK
oracle.py
5.82 KB
Del
OK
osquery.py
24.93 KB
Del
OK
out.py
2.53 KB
Del
OK
pacmanpkg.py
31.92 KB
Del
OK
pagerduty.py
4.7 KB
Del
OK
pagerduty_util.py
13.48 KB
Del
OK
pam.py
2.01 KB
Del
OK
panos.py
61.05 KB
Del
OK
parallels.py
19.85 KB
Del
OK
parted_partition.py
21.53 KB
Del
OK
pcs.py
14.11 KB
Del
OK
pdbedit.py
10.79 KB
Del
OK
pecl.py
3.79 KB
Del
OK
peeringdb.py
8.39 KB
Del
OK
pf.py
9.51 KB
Del
OK
philips_hue.py
1.55 KB
Del
OK
pillar.py
21.37 KB
Del
OK
pip.py
53.42 KB
Del
OK
pkg_resource.py
12.3 KB
Del
OK
pkgin.py
17.29 KB
Del
OK
pkgng.py
61.07 KB
Del
OK
pkgutil.py
9.85 KB
Del
OK
portage_config.py
22.73 KB
Del
OK
postfix.py
16.24 KB
Del
OK
postgres.py
88.24 KB
Del
OK
poudriere.py
7.85 KB
Del
OK
powerpath.py
2.57 KB
Del
OK
proxy.py
11.49 KB
Del
OK
ps.py
20.89 KB
Del
OK
publish.py
10.25 KB
Del
OK
puppet.py
10.9 KB
Del
OK
purefa.py
33.59 KB
Del
OK
purefb.py
13.69 KB
Del
OK
pushbullet.py
1.88 KB
Del
OK
pushover_notify.py
3.48 KB
Del
OK
pw_group.py
4.62 KB
Del
OK
pw_user.py
12.47 KB
Del
OK
pyenv.py
6.93 KB
Del
OK
qemu_img.py
1.53 KB
Del
OK
qemu_nbd.py
3.28 KB
Del
OK
quota.py
6.43 KB
Del
OK
rabbitmq.py
38.4 KB
Del
OK
rallydev.py
6.09 KB
Del
OK
random_org.py
23.76 KB
Del
OK
rbac_solaris.py
16.05 KB
Del
OK
rbenv.py
10.75 KB
Del
OK
rdp.py
6.08 KB
Del
OK
rebootmgr.py
7.68 KB
Del
OK
redismod.py
16.36 KB
Del
OK
reg.py
16.36 KB
Del
OK
rest_pkg.py
2.26 KB
Del
OK
rest_sample_utils.py
558 B
Del
OK
rest_service.py
3.63 KB
Del
OK
restartcheck.py
24.1 KB
Del
OK
restconf.py
3.15 KB
Del
OK
ret.py
1.27 KB
Del
OK
rh_ip.py
38.55 KB
Del
OK
rh_service.py
16.61 KB
Del
OK
riak.py
5.19 KB
Del
OK
rpm_lowpkg.py
27.67 KB
Del
OK
rpmbuild_pkgbuild.py
24.53 KB
Del
OK
rsync.py
8.04 KB
Del
OK
runit.py
17.17 KB
Del
OK
rvm.py
11.1 KB
Del
OK
s3.py
9.93 KB
Del
OK
s6.py
3.62 KB
Del
OK
salt_proxy.py
4.48 KB
Del
OK
salt_version.py
4.58 KB
Del
OK
saltcheck.py
46.66 KB
Del
OK
saltcloudmod.py
954 B
Del
OK
saltutil.py
57.49 KB
Del
OK
schedule.py
50.81 KB
Del
OK
scp_mod.py
6.22 KB
Del
OK
scsi.py
2.66 KB
Del
OK
sdb.py
2.48 KB
Del
OK
seed.py
8.87 KB
Del
OK
selinux.py
24.2 KB
Del
OK
sensehat.py
7.79 KB
Del
OK
sensors.py
1.3 KB
Del
OK
serverdensity_device.py
8.1 KB
Del
OK
servicenow.py
4.36 KB
Del
OK
slack_notify.py
7.83 KB
Del
OK
slackware_service.py
6.84 KB
Del
OK
slsutil.py
19.04 KB
Del
OK
smartos_imgadm.py
12.04 KB
Del
OK
smartos_nictagadm.py
6.46 KB
Del
OK
smartos_virt.py
5.21 KB
Del
OK
smartos_vmadm.py
26.2 KB
Del
OK
smbios.py
10.05 KB
Del
OK
smf_service.py
8.52 KB
Del
OK
smtp.py
5.41 KB
Del
OK
snapper.py
27.14 KB
Del
OK
solaris_fmadm.py
11.2 KB
Del
OK
solaris_group.py
2.8 KB
Del
OK
solaris_shadow.py
7.98 KB
Del
OK
solaris_system.py
3.72 KB
Del
OK
solaris_user.py
11.06 KB
Del
OK
solarisipspkg.py
18.68 KB
Del
OK
solarispkg.py
15.4 KB
Del
OK
solr.py
45.54 KB
Del
OK
solrcloud.py
14.63 KB
Del
OK
splunk.py
8.14 KB
Del
OK
splunk_search.py
8.76 KB
Del
OK
sqlite3.py
2.54 KB
Del
OK
ssh.py
43.89 KB
Del
OK
ssh_pkg.py
1.08 KB
Del
OK
ssh_service.py
3.39 KB
Del
OK
state.py
82.34 KB
Del
OK
status.py
57.79 KB
Del
OK
statuspage.py
14.67 KB
Del
OK
supervisord.py
11.15 KB
Del
OK
suse_apache.py
2.45 KB
Del
OK
suse_ip.py
35.72 KB
Del
OK
svn.py
10.75 KB
Del
OK
swarm.py
13.5 KB
Del
OK
swift.py
5.53 KB
Del
OK
sysbench.py
6.62 KB
Del
OK
sysfs.py
6.61 KB
Del
OK
syslog_ng.py
31.52 KB
Del
OK
sysmod.py
22.59 KB
Del
OK
sysrc.py
3.38 KB
Del
OK
system.py
19.28 KB
Del
OK
system_profiler.py
3.54 KB
Del
OK
systemd_service.py
46.29 KB
Del
OK
telegram.py
3.28 KB
Del
OK
telemetry.py
12.87 KB
Del
OK
temp.py
831 B
Del
OK
test.py
15.4 KB
Del
OK
test_virtual.py
237 B
Del
OK
testinframod.py
9.92 KB
Del
OK
textfsm_mod.py
16.22 KB
Del
OK
timezone.py
19.98 KB
Del
OK
tls.py
58.63 KB
Del
OK
tomcat.py
18.59 KB
Del
OK
trafficserver.py
10.44 KB
Del
OK
transactional_update.py
35.83 KB
Del
OK
travisci.py
2.05 KB
Del
OK
tuned.py
2.34 KB
Del
OK
twilio_notify.py
2.95 KB
Del
OK
udev.py
3.72 KB
Del
OK
upstart_service.py
16.92 KB
Del
OK
uptime.py
3.23 KB
Del
OK
useradd.py
22.63 KB
Del
OK
uwsgi.py
996 B
Del
OK
vagrant.py
20.4 KB
Del
OK
varnish.py
3.08 KB
Del
OK
vault.py
15.61 KB
Del
OK
vbox_guest.py
10.55 KB
Del
OK
vboxmanage.py
14.71 KB
Del
OK
vcenter.py
1.61 KB
Del
OK
victorops.py
6.54 KB
Del
OK
virt.py
287.71 KB
Del
OK
virtualenv_mod.py
15.09 KB
Del
OK
vmctl.py
9.56 KB
Del
OK
vsphere.py
380.41 KB
Del
OK
webutil.py
3.66 KB
Del
OK
win_auditpol.py
4.74 KB
Del
OK
win_autoruns.py
2.29 KB
Del
OK
win_certutil.py
4.55 KB
Del
OK
win_dacl.py
32.27 KB
Del
OK
win_disk.py
1.8 KB
Del
OK
win_dism.py
20.7 KB
Del
OK
win_dns_client.py
4.19 KB
Del
OK
win_dsc.py
27.54 KB
Del
OK
win_event.py
22.32 KB
Del
OK
win_file.py
64.39 KB
Del
OK
win_firewall.py
20.15 KB
Del
OK
win_groupadd.py
11.27 KB
Del
OK
win_iis.py
68.78 KB
Del
OK
win_ip.py
11.43 KB
Del
OK
win_lgpo.py
491.76 KB
Del
OK
win_lgpo_reg.py
17.9 KB
Del
OK
win_license.py
2.72 KB
Del
OK
win_network.py
13.9 KB
Del
OK
win_ntp.py
1.8 KB
Del
OK
win_path.py
11.12 KB
Del
OK
win_pkg.py
86.43 KB
Del
OK
win_pki.py
15.8 KB
Del
OK
win_powercfg.py
9.85 KB
Del
OK
win_psget.py
8.97 KB
Del
OK
win_servermanager.py
14.21 KB
Del
OK
win_service.py
32.96 KB
Del
OK
win_shadow.py
3.03 KB
Del
OK
win_shortcut.py
16.49 KB
Del
OK
win_smtp_server.py
17.67 KB
Del
OK
win_snmp.py
13.38 KB
Del
OK
win_status.py
16.94 KB
Del
OK
win_system.py
40.61 KB
Del
OK
win_task.py
79.17 KB
Del
OK
win_timezone.py
13.3 KB
Del
OK
win_useradd.py
27.39 KB
Del
OK
win_wua.py
38.29 KB
Del
OK
win_wusa.py
5.88 KB
Del
OK
winrepo.py
6.09 KB
Del
OK
wordpress.py
4.71 KB
Del
OK
x509.py
63.1 KB
Del
OK
x509_v2.py
74.15 KB
Del
OK
xapi_virt.py
24.07 KB
Del
OK
xbpspkg.py
15.84 KB
Del
OK
xfs.py
15.35 KB
Del
OK
xml.py
2.14 KB
Del
OK
xmpp.py
5.28 KB
Del
OK
yaml.py
1.94 KB
Del
OK
yumpkg.py
116.5 KB
Del
OK
zabbix.py
97.55 KB
Del
OK
zcbuildout.py
28.16 KB
Del
OK
zenoss.py
5.64 KB
Del
OK
zfs.py
34.44 KB
Del
OK
zk_concurrency.py
11.16 KB
Del
OK
znc.py
2.26 KB
Del
OK
zoneadm.py
15.05 KB
Del
OK
zonecfg.py
21.85 KB
Del
OK
zookeeper.py
14.72 KB
Del
OK
zpool.py
44.02 KB
Del
OK
zypperpkg.py
94.87 KB
Del
OK
Edit: gpg.py
""" Manage a GPG keychains, add keys, create keys, retrieve keys from keyservers. Sign, encrypt and sign plus encrypt text and files. .. versionadded:: 2015.5.0 .. note:: The ``python-gnupg`` library and ``gpg`` binary are required to be installed. Be aware that the alternate ``gnupg`` and ``pretty-bad-protocol`` libraries are not supported. """ import functools import logging import os import re import time import salt.utils.files import salt.utils.path import salt.utils.stringutils from salt.exceptions import SaltInvocationError log = logging.getLogger(__name__) # Define the module's virtual name __virtualname__ = "gpg" LETTER_TRUST_DICT = { "e": "Expired", "q": "Unknown", "n": "Not Trusted", "f": "Fully Trusted", "m": "Marginally Trusted", "u": "Ultimately Trusted", "r": "Revoked", "-": "Unknown", } NUM_TRUST_DICT = { "expired": "1", "unknown": "2", "not_trusted": "3", "marginally": "4", "fully": "5", "ultimately": "6", } INV_NUM_TRUST_DICT = { "1": "Expired", "2": "Unknown", "3": "Not Trusted", "4": "Marginally", "5": "Fully Trusted", "6": "Ultimately Trusted", } VERIFY_TRUST_LEVELS = { "0": "Undefined", "1": "Never", "2": "Marginal", "3": "Fully", "4": "Ultimate", } _DEFAULT_KEY_SERVER = "keys.openpgp.org" try: import gnupg HAS_GPG_BINDINGS = True except ImportError: HAS_GPG_BINDINGS = False def _gpg(): """ Returns the path to the gpg binary """ # Get the path to the gpg binary. return salt.utils.path.which("gpg") def __virtual__(): """ Makes sure that python-gnupg and gpg are available. """ if not _gpg(): return ( False, "The gpg execution module cannot be loaded: gpg binary is not in the path.", ) return ( __virtualname__ if HAS_GPG_BINDINGS else ( False, "The gpg execution module cannot be loaded; the gnupg python module is not" " installed.", ) ) def _get_user_info(user=None): """ Wrapper for user.info Salt function """ if not user: # Get user Salt running as user = __salt__["config.option"]("user") userinfo = __salt__["user.info"](user) if not userinfo: if user == "salt": # Special case with `salt` user: # if it doesn't exist then fall back to user Salt running as userinfo = _get_user_info() else: raise SaltInvocationError("User {} does not exist".format(user)) return userinfo def _get_user_gnupghome(user): """ Return default GnuPG home directory path for a user """ if user == "salt": gnupghome = os.path.join(__salt__["config.get"]("config_dir"), "gpgkeys") else: gnupghome = os.path.join(_get_user_info(user)["home"], ".gnupg") return gnupghome def _restore_ownership(func): @functools.wraps(func) def func_wrapper(*args, **kwargs): """ Wrap gpg function calls to fix permissions """ user = kwargs.get("user") gnupghome = kwargs.get("gnupghome") if not gnupghome: gnupghome = _get_user_gnupghome(user) userinfo = _get_user_info(user) run_user = _get_user_info() if userinfo["uid"] != run_user["uid"] and os.path.exists(gnupghome): # Given user is different from one who runs Salt process, # need to fix ownership permissions for GnuPG home dir group = __salt__["file.gid_to_group"](run_user["gid"]) for path in [gnupghome] + __salt__["file.find"](gnupghome): __salt__["file.chown"](path, run_user["name"], group) # Filter special kwargs for key in list(kwargs): if key.startswith("__"): del kwargs[key] ret = func(*args, **kwargs) if userinfo["uid"] != run_user["uid"]: group = __salt__["file.gid_to_group"](userinfo["gid"]) for path in [gnupghome] + __salt__["file.find"](gnupghome): __salt__["file.chown"](path, user, group) return ret return func_wrapper def _create_gpg(user=None, gnupghome=None): """ Create the GPG object """ if not gnupghome: gnupghome = _get_user_gnupghome(user) gpg = gnupg.GPG(gnupghome=gnupghome) return gpg def _list_keys(user=None, gnupghome=None, secret=False): """ Helper function for Listing keys """ gpg = _create_gpg(user, gnupghome) _keys = gpg.list_keys(secret) return _keys def _search_keys(text, keyserver, user=None): """ Helper function for searching keys from keyserver """ gpg = _create_gpg(user) if keyserver: _keys = gpg.search_keys(text, keyserver) else: _keys = gpg.search_keys(text) return _keys def search_keys(text, keyserver=None, user=None): """ Search keys from keyserver text Text to search the keyserver for, e.g. email address, keyID or fingerprint. keyserver Keyserver to use for searching for GPG keys, defaults to keys.openpgp.org. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. CLI Example: .. code-block:: bash salt '*' gpg.search_keys user@example.com salt '*' gpg.search_keys user@example.com keyserver=keyserver.ubuntu.com salt '*' gpg.search_keys user@example.com keyserver=keyserver.ubuntu.com user=username """ if not keyserver: keyserver = _DEFAULT_KEY_SERVER _keys = [] for _key in _search_keys(text, keyserver, user): tmp = {"keyid": _key["keyid"], "uids": _key["uids"]} expires = _key.get("expires", None) date = _key.get("date", None) length = _key.get("length", None) if expires: tmp["expires"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["expires"])) ) if date: tmp["created"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["date"])) ) if length: tmp["keyLength"] = _key["length"] _keys.append(tmp) return _keys def list_keys(user=None, gnupghome=None): """ List keys in GPG keychain user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt '*' gpg.list_keys """ _keys = [] for _key in _list_keys(user, gnupghome): tmp = { "keyid": _key["keyid"], "fingerprint": _key["fingerprint"], "uids": _key["uids"], } expires = _key.get("expires", None) date = _key.get("date", None) length = _key.get("length", None) owner_trust = _key.get("ownertrust", None) trust = _key.get("trust", None) if expires: tmp["expires"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["expires"])) ) if date: tmp["created"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["date"])) ) if length: tmp["keyLength"] = _key["length"] if owner_trust: tmp["ownerTrust"] = LETTER_TRUST_DICT[_key["ownertrust"]] if trust: tmp["trust"] = LETTER_TRUST_DICT[_key["trust"]] _keys.append(tmp) return _keys def list_secret_keys(user=None, gnupghome=None): """ List secret keys in GPG keychain user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt '*' gpg.list_secret_keys """ _keys = [] for _key in _list_keys(user, gnupghome, secret=True): tmp = { "keyid": _key["keyid"], "fingerprint": _key["fingerprint"], "uids": _key["uids"], } expires = _key.get("expires", None) date = _key.get("date", None) length = _key.get("length", None) owner_trust = _key.get("ownertrust", None) trust = _key.get("trust", None) if expires: tmp["expires"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["expires"])) ) if date: tmp["created"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["date"])) ) if length: tmp["keyLength"] = _key["length"] if owner_trust: tmp["ownerTrust"] = LETTER_TRUST_DICT[_key["ownertrust"]] if trust: tmp["trust"] = LETTER_TRUST_DICT[_key["trust"]] _keys.append(tmp) return _keys @_restore_ownership def create_key( key_type="RSA", key_length=1024, name_real="Autogenerated Key", name_comment="Generated by SaltStack", name_email=None, subkey_type=None, subkey_length=None, expire_date=None, use_passphrase=False, user=None, gnupghome=None, ): """ Create a key in the GPG keychain .. note:: GPG key generation requires *a lot* of entropy and randomness. Difficult to do over a remote connection, consider having another process available which is generating randomness for the machine. Also especially difficult on virtual machines, consider the `rng-tools <http://www.gnu.org/software/hurd/user/tlecarrour/rng-tools.html>`_ package. The create_key process takes awhile so increasing the timeout may be necessary, e.g. -t 15. key_type The type of the primary key to generate. It must be capable of signing. 'RSA' or 'DSA'. key_length The length of the primary key in bits. name_real The real name of the user identity which is represented by the key. name_comment A comment to attach to the user id. name_email An email address for the user. subkey_type The type of the secondary key to generate. subkey_length The length of the secondary key in bits. expire_date The expiration date for the primary and any secondary key. You can specify an ISO date, A number of days/weeks/months/years, an epoch value, or 0 for a non-expiring key. use_passphrase Whether to use a passphrase with the signing key. Passphrase is received from Pillar. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt -t 15 '*' gpg.create_key """ ret = {"res": True, "fingerprint": "", "message": ""} create_params = { "key_type": key_type, "key_length": key_length, "name_real": name_real, "name_comment": name_comment, } gpg = _create_gpg(user, gnupghome) if name_email: create_params["name_email"] = name_email if subkey_type: create_params["subkey_type"] = subkey_type if subkey_length: create_params["subkey_length"] = subkey_length if expire_date: create_params["expire_date"] = expire_date if use_passphrase: gpg_passphrase = __salt__["pillar.get"]("gpg_passphrase") if not gpg_passphrase: ret["res"] = False ret["message"] = "gpg_passphrase not available in pillar." return ret else: create_params["passphrase"] = gpg_passphrase else: create_params["no_protection"] = True input_data = gpg.gen_key_input(**create_params) # This includes "%no-protection" in the input file for # passphraseless key generation in GnuPG >= 2.1 when the # python-gnupg library doesn't do that. if "No-Protection: True" in input_data: temp_data = input_data.splitlines() temp_data.remove("No-Protection: True") temp_data.insert(temp_data.index("%commit"), "%no-protection") input_data = "\n".join(temp_data) + "\n" key = gpg.gen_key(input_data) if key.fingerprint: ret["fingerprint"] = key.fingerprint ret["message"] = "GPG key pair successfully generated." else: ret["res"] = False ret["message"] = "Unable to generate GPG key pair." return ret def delete_key( keyid=None, fingerprint=None, delete_secret=False, user=None, gnupghome=None, use_passphrase=True, ): """ Get a key from the GPG keychain keyid The keyid of the key to be deleted. fingerprint The fingerprint of the key to be deleted. delete_secret Whether to delete a corresponding secret key prior to deleting the public key. Secret keys must be deleted before deleting any corresponding public keys. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. use_passphrase Whether to use a passphrase with the signing key. Passphrase is received from Pillar. .. versionadded:: 3003 CLI Example: .. code-block:: bash salt '*' gpg.delete_key keyid=3FAD9F1E salt '*' gpg.delete_key fingerprint=53C96788253E58416D20BCD352952C84C3252192 salt '*' gpg.delete_key keyid=3FAD9F1E user=username salt '*' gpg.delete_key keyid=3FAD9F1E user=username delete_secret=True """ ret = {"res": True, "message": ""} if fingerprint and keyid: ret["res"] = False ret["message"] = "Only specify one argument, fingerprint or keyid" return ret if not fingerprint and not keyid: ret["res"] = False ret["message"] = "Required argument, fingerprint or keyid" return ret gpg = _create_gpg(user, gnupghome) key = get_key(keyid, fingerprint, user) def __delete_key(fingerprint, secret, use_passphrase): if use_passphrase: gpg_passphrase = __salt__["pillar.get"]("gpg_passphrase") if not gpg_passphrase: ret["res"] = False ret["message"] = "gpg_passphrase not available in pillar." return ret else: out = gpg.delete_keys(fingerprint, secret, passphrase=gpg_passphrase) else: out = gpg.delete_keys(fingerprint, secret, expect_passphrase=False) return out if key: fingerprint = key["fingerprint"] skey = get_secret_key(keyid, fingerprint, user) if skey: if not delete_secret: ret["res"] = False ret[ "message" ] = "Secret key exists, delete first or pass delete_secret=True." return ret else: if str(__delete_key(fingerprint, True, use_passphrase)) == "ok": # Delete the secret key ret["message"] = "Secret key for {} deleted\n".format(fingerprint) # Delete the public key if str(__delete_key(fingerprint, False, use_passphrase)) == "ok": ret["message"] += "Public key for {} deleted".format(fingerprint) ret["res"] = True return ret else: ret["res"] = False ret["message"] = "Key not available in keychain." return ret def get_key(keyid=None, fingerprint=None, user=None, gnupghome=None): """ Get a key from the GPG keychain keyid The key ID (short or long) of the key to be retrieved. fingerprint The fingerprint of the key to be retrieved. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt '*' gpg.get_key keyid=3FAD9F1E salt '*' gpg.get_key fingerprint=53C96788253E58416D20BCD352952C84C3252192 salt '*' gpg.get_key keyid=3FAD9F1E user=username """ tmp = {} for _key in _list_keys(user, gnupghome): if ( _key["fingerprint"] == fingerprint or _key["keyid"] == keyid or _key["keyid"][8:] == keyid ): tmp["keyid"] = _key["keyid"] tmp["fingerprint"] = _key["fingerprint"] tmp["uids"] = _key["uids"] expires = _key.get("expires", None) date = _key.get("date", None) length = _key.get("length", None) owner_trust = _key.get("ownertrust", None) trust = _key.get("trust", None) if expires: tmp["expires"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["expires"])) ) if date: tmp["created"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["date"])) ) if length: tmp["keyLength"] = _key["length"] if owner_trust: tmp["ownerTrust"] = LETTER_TRUST_DICT[_key["ownertrust"]] if trust: tmp["trust"] = LETTER_TRUST_DICT[_key["trust"]] if not tmp: return False else: return tmp def get_secret_key(keyid=None, fingerprint=None, user=None, gnupghome=None): """ Get a key from the GPG keychain keyid The key ID (short or long) of the key to be retrieved. fingerprint The fingerprint of the key to be retrieved. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt '*' gpg.get_secret_key keyid=3FAD9F1E salt '*' gpg.get_secret_key fingerprint=53C96788253E58416D20BCD352952C84C3252192 salt '*' gpg.get_secret_key keyid=3FAD9F1E user=username """ tmp = {} for _key in _list_keys(user, gnupghome, secret=True): if ( _key["fingerprint"] == fingerprint or _key["keyid"] == keyid or _key["keyid"][8:] == keyid ): tmp["keyid"] = _key["keyid"] tmp["fingerprint"] = _key["fingerprint"] tmp["uids"] = _key["uids"] expires = _key.get("expires", None) date = _key.get("date", None) length = _key.get("length", None) owner_trust = _key.get("ownertrust", None) trust = _key.get("trust", None) if expires: tmp["expires"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["expires"])) ) if date: tmp["created"] = time.strftime( "%Y-%m-%d", time.localtime(float(_key["date"])) ) if length: tmp["keyLength"] = _key["length"] if owner_trust: tmp["ownerTrust"] = LETTER_TRUST_DICT[_key["ownertrust"]] if trust: tmp["trust"] = LETTER_TRUST_DICT[_key["trust"]] if not tmp: return False else: return tmp @_restore_ownership def import_key(text=None, filename=None, user=None, gnupghome=None): r""" Import a key from text or file text The text containing to import. filename The filename containing the key to import. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt '*' gpg.import_key text='-----BEGIN PGP PUBLIC KEY BLOCK-----\n ... -----END PGP PUBLIC KEY BLOCK-----' salt '*' gpg.import_key filename='/path/to/public-key-file' """ ret = {"res": True, "message": ""} gpg = _create_gpg(user, gnupghome) if not text and not filename: raise SaltInvocationError("filename or text must be passed.") if filename: try: with salt.utils.files.flopen(filename, "rb") as _fp: text = salt.utils.stringutils.to_unicode(_fp.read()) except OSError: raise SaltInvocationError("filename does not exist.") imported_data = gpg.import_keys(text) if imported_data.imported or imported_data.imported_rsa: ret["message"] = "Successfully imported key(s)." elif imported_data.unchanged: ret["message"] = "Key(s) already exist in keychain." elif imported_data.not_imported: ret["res"] = False ret["message"] = "Unable to import key." elif not imported_data.count: ret["res"] = False ret["message"] = "Unable to import key." return ret def export_key( keyids=None, secret=False, user=None, gnupghome=None, use_passphrase=False, output=None, bare=False, ): """ Export a key from the GPG keychain keyids The key ID(s) of the key(s) to be exported. Can be specified as a comma separated string or a list. Anything which GnuPG itself accepts to identify a key for example, the key ID, fingerprint, user ID or email address could be used. secret Export the secret key identified by the ``keyids`` information passed. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. use_passphrase Whether to use a passphrase to export the secret key. Passphrase is received from Pillar. .. versionadded:: 3003 output The filename where the exported key data will be written to, default is standard out. .. versionadded:: 3006.0 bare If ``True``, return the (armored) exported key block as a string without the standard comment/res dict. .. versionadded:: 3006.0 CLI Example: .. code-block:: bash salt '*' gpg.export_key keyids=3FAD9F1E salt '*' gpg.export_key keyids=3FAD9F1E secret=True salt '*' gpg.export_key keyids="['3FAD9F1E','3FBD8F1E']" user=username """ ret = {"res": True} gpg = _create_gpg(user, gnupghome) if isinstance(keyids, str): keyids = keyids.split(",") if secret and use_passphrase: gpg_passphrase = __salt__["pillar.get"]("gpg_passphrase") if not gpg_passphrase: raise SaltInvocationError("gpg_passphrase not available in pillar.") result = gpg.export_keys(keyids, secret, passphrase=gpg_passphrase) else: result = gpg.export_keys(keyids, secret, expect_passphrase=False) if result and output: with salt.utils.files.flopen(output, "w") as fout: fout.write(salt.utils.stringutils.to_str(result)) if result: if not bare: if output: ret["comment"] = "Exported key data has been written to {}".format( output ) else: ret["comment"] = result else: ret = result else: if not bare: ret["res"] = False else: ret = False return ret @_restore_ownership def receive_keys(keyserver=None, keys=None, user=None, gnupghome=None): """ Receive key(s) from keyserver and add them to keychain keyserver Keyserver to use for searching for GPG keys, defaults to keys.openpgp.org keys The keyID(s) to retrieve from the keyserver. Can be specified as a comma separated string or a list. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt '*' gpg.receive_keys keys='3FAD9F1E' salt '*' gpg.receive_keys keys="['3FAD9F1E','3FBD9F2E']" salt '*' gpg.receive_keys keys=3FAD9F1E user=username """ ret = {"res": True, "changes": {}, "message": []} gpg = _create_gpg(user, gnupghome) if not keyserver: keyserver = _DEFAULT_KEY_SERVER if isinstance(keys, str): keys = keys.split(",") recv_data = gpg.recv_keys(keyserver, *keys) for result in recv_data.results: if "ok" in result: if result["ok"] == "1": ret["message"].append( "Key {} added to keychain".format(result["fingerprint"]) ) elif result["ok"] == "0": ret["message"].append( "Key {} already exists in keychain".format(result["fingerprint"]) ) elif "problem" in result: ret["message"].append("Unable to add key to keychain") return ret def trust_key(keyid=None, fingerprint=None, trust_level=None, user=None): """ Set the trust level for a key in GPG keychain keyid The keyid of the key to set the trust level for. fingerprint The fingerprint of the key to set the trust level for. trust_level The trust level to set for the specified key, must be one of the following: expired, unknown, not_trusted, marginally, fully, ultimately user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. CLI Example: .. code-block:: bash salt '*' gpg.trust_key keyid='3FAD9F1E' trust_level='marginally' salt '*' gpg.trust_key fingerprint='53C96788253E58416D20BCD352952C84C3252192' trust_level='not_trusted' salt '*' gpg.trust_key keys=3FAD9F1E trust_level='ultimately' user='username' """ ret = {"res": True, "message": ""} _VALID_TRUST_LEVELS = [ "expired", "unknown", "not_trusted", "marginally", "fully", "ultimately", ] if fingerprint and keyid: ret["res"] = False ret["message"] = "Only specify one argument, fingerprint or keyid" return ret if not fingerprint: if keyid: key = get_key(keyid, user=user) if key: if "fingerprint" not in key: ret["res"] = False ret["message"] = "Fingerprint not found for keyid {}".format(keyid) return ret fingerprint = key["fingerprint"] else: ret["res"] = False ret["message"] = "KeyID {} not in GPG keychain".format(keyid) return ret else: ret["res"] = False ret["message"] = "Required argument, fingerprint or keyid" return ret if trust_level not in _VALID_TRUST_LEVELS: return "ERROR: Valid trust levels - {}".format(",".join(_VALID_TRUST_LEVELS)) stdin = "{}:{}\n".format(fingerprint, NUM_TRUST_DICT[trust_level]) cmd = [_gpg(), "--import-ownertrust"] _user = user if user == "salt": homeDir = os.path.join(__salt__["config.get"]("config_dir"), "gpgkeys") cmd.extend(["--homedir", homeDir]) _user = "root" res = __salt__["cmd.run_all"](cmd, stdin=stdin, runas=_user, python_shell=False) if not res["retcode"] == 0: ret["res"] = False ret["message"] = res["stderr"] else: if res["stderr"]: _match = re.findall(r"\d", res["stderr"]) if len(_match) == 2: ret["fingerprint"] = fingerprint ret["message"] = "Changing ownership trust from {} to {}.".format( INV_NUM_TRUST_DICT[_match[0]], INV_NUM_TRUST_DICT[_match[1]] ) else: ret["fingerprint"] = fingerprint ret["message"] = "Setting ownership trust to {}.".format( INV_NUM_TRUST_DICT[_match[0]] ) else: ret["message"] = res["stderr"] return ret def sign( user=None, keyid=None, text=None, filename=None, output=None, use_passphrase=False, gnupghome=None, ): """ Sign message or file user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. keyid The keyid of the key to set the trust level for, defaults to first key in the secret keyring. text The text to sign. filename The filename to sign. output The filename where the signed file will be written, default is standard out. use_passphrase Whether to use a passphrase with the signing key. Passphrase is received from Pillar. gnupghome Specify the location where GPG keyring and related files are stored. CLI Example: .. code-block:: bash salt '*' gpg.sign text='Hello there. How are you?' salt '*' gpg.sign filename='/path/to/important.file' salt '*' gpg.sign filename='/path/to/important.file' use_passphrase=True """ gpg = _create_gpg(user, gnupghome) if use_passphrase: gpg_passphrase = __salt__["pillar.get"]("gpg_passphrase") if not gpg_passphrase: raise SaltInvocationError("gpg_passphrase not available in pillar.") else: gpg_passphrase = None if text: signed_data = gpg.sign(text, keyid=keyid, passphrase=gpg_passphrase) elif filename: with salt.utils.files.flopen(filename, "rb") as _fp: signed_data = gpg.sign_file(_fp, keyid=keyid, passphrase=gpg_passphrase) if output: with salt.utils.files.flopen(output, "wb") as fout: fout.write(salt.utils.stringutils.to_bytes(signed_data.data)) else: raise SaltInvocationError("filename or text must be passed.") return signed_data.data def verify( text=None, user=None, filename=None, gnupghome=None, signature=None, trustmodel=None ): """ Verify a message or file text The text to verify. filename The filename to verify. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. gnupghome Specify the location where GPG keyring and related files are stored. signature Specify the filename of a detached signature. .. versionadded:: 2018.3.0 trustmodel Explicitly define the used trust model. One of: - pgp - classic - tofu - tofu+pgp - direct - always - auto .. versionadded:: 2019.2.0 CLI Example: .. code-block:: bash salt '*' gpg.verify text='Hello there. How are you?' salt '*' gpg.verify filename='/path/to/important.file' salt '*' gpg.verify filename='/path/to/important.file' use_passphrase=True salt '*' gpg.verify filename='/path/to/important.file' trustmodel=direct """ gpg = _create_gpg(user, gnupghome) trustmodels = ("pgp", "classic", "tofu", "tofu+pgp", "direct", "always", "auto") if trustmodel and trustmodel not in trustmodels: msg = "Invalid trustmodel defined: {}. Use one of: {}".format( trustmodel, ", ".join(trustmodels) ) log.warning(msg) return {"res": False, "message": msg} extra_args = [] if trustmodel: extra_args.extend(["--trust-model", trustmodel]) if text: verified = gpg.verify(text, extra_args=extra_args) elif filename: if signature: # need to call with fopen instead of flopen due to: # https://bitbucket.org/vinay.sajip/python-gnupg/issues/76/verify_file-closes-passed-file-handle with salt.utils.files.fopen(signature, "rb") as _fp: verified = gpg.verify_file(_fp, filename, extra_args=extra_args) else: with salt.utils.files.flopen(filename, "rb") as _fp: verified = gpg.verify_file(_fp, extra_args=extra_args) else: raise SaltInvocationError("filename or text must be passed.") ret = {} if verified.trust_level is not None: ret["res"] = True ret["username"] = verified.username ret["key_id"] = verified.key_id ret["trust_level"] = VERIFY_TRUST_LEVELS[str(verified.trust_level)] ret["message"] = "The signature is verified." else: ret["res"] = False ret["message"] = "The signature could not be verified." return ret def encrypt( user=None, recipients=None, text=None, filename=None, output=None, sign=None, use_passphrase=False, always_trust=False, gnupghome=None, bare=False, ): """ Encrypt a message or file user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. recipients The key ID, fingerprint, user ID or email address associated with the recipients key can be used. text The text to encrypt. filename The filename to encrypt. output The filename where the signed file will be written, default is standard out. sign Whether to sign, in addition to encrypt, the data. ``True`` to use default key or fingerprint to specify a different key to sign with. use_passphrase Whether to use a passphrase with the signing key. Passphrase is received from Pillar. always_trust Skip key validation and assume that used keys are fully trusted. .. versionadded:: 3006.0 gnupghome Specify the location where GPG keyring and related files are stored. bare If ``True``, return the (armored) encrypted block as a string without the standard comment/res dict. CLI Example: .. code-block:: bash salt '*' gpg.encrypt text='Hello there. How are you?' recipients=recipient@example.com salt '*' gpg.encrypt filename='/path/to/important.file' recipients=recipient@example.com salt '*' gpg.encrypt filename='/path/to/important.file' sign=True use_passphrase=True \\ recipients=recipient@example.com """ ret = {"res": True, "comment": ""} gpg = _create_gpg(user, gnupghome) if sign and use_passphrase: gpg_passphrase = __salt__["pillar.get"]("gpg_passphrase") if not gpg_passphrase: raise SaltInvocationError("gpg_passphrase not available in pillar.") else: gpg_passphrase = None if text: result = gpg.encrypt( text, recipients, sign=sign, passphrase=gpg_passphrase, always_trust=always_trust, output=output, ) elif filename: with salt.utils.files.flopen(filename, "rb") as _fp: result = gpg.encrypt_file( _fp, recipients, sign=sign, passphrase=gpg_passphrase, always_trust=always_trust, output=output, ) else: raise SaltInvocationError("filename or text must be passed.") if result.ok: if not bare: if output: ret["comment"] = "Encrypted data has been written to {}".format(output) else: ret["comment"] = result.data else: ret = result.data else: if not bare: ret["res"] = False ret["comment"] = "{}.\nPlease check the salt-minion log.".format( result.status ) else: ret = False log.error(result.stderr) return ret def decrypt( user=None, text=None, filename=None, output=None, use_passphrase=False, gnupghome=None, bare=False, ): """ Decrypt a message or file user Which user's keychain to access, defaults to user Salt is running as. Passing the user as ``salt`` will set the GnuPG home directory to the ``/etc/salt/gpgkeys``. text The encrypted text to decrypt. filename The encrypted filename to decrypt. output The filename where the decrypted data will be written, default is standard out. use_passphrase Whether to use a passphrase with the signing key. Passphrase is received from Pillar. gnupghome Specify the location where GPG keyring and related files are stored. bare If ``True``, return the (armored) decrypted block as a string without the standard comment/res dict. CLI Example: .. code-block:: bash salt '*' gpg.decrypt filename='/path/to/important.file.gpg' salt '*' gpg.decrypt filename='/path/to/important.file.gpg' use_passphrase=True """ ret = {"res": True, "comment": ""} gpg = _create_gpg(user, gnupghome) if use_passphrase: gpg_passphrase = __salt__["pillar.get"]("gpg_passphrase") if not gpg_passphrase: raise SaltInvocationError("gpg_passphrase not available in pillar.") else: gpg_passphrase = None if text: result = gpg.decrypt(text, passphrase=gpg_passphrase) elif filename: with salt.utils.files.flopen(filename, "rb") as _fp: if output: result = gpg.decrypt_file(_fp, passphrase=gpg_passphrase, output=output) else: result = gpg.decrypt_file(_fp, passphrase=gpg_passphrase) else: raise SaltInvocationError("filename or text must be passed.") if result.ok: if not bare: if output: ret["comment"] = "Decrypted data has been written to {}".format(output) else: ret["comment"] = result.data else: ret = result.data else: if not bare: ret["res"] = False ret["comment"] = "{}.\nPlease check the salt-minion log.".format( result.status ) else: ret = False log.error(result.stderr) return ret
Save