golden hour
/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
35 B
Del
OK
__pycache__
-
Del
OK
acme.py
12.74 KB
Del
OK
aix_group.py
4.12 KB
Del
OK
aix_shadow.py
1.93 KB
Del
OK
aixpkg.py
24.15 KB
Del
OK
aliases.py
5.07 KB
Del
OK
alternatives.py
5.71 KB
Del
OK
ansiblegate.py
19.51 KB
Del
OK
apache.py
12.47 KB
Del
OK
apcups.py
2.15 KB
Del
OK
apf.py
3.09 KB
Del
OK
apkpkg.py
16 KB
Del
OK
aptly.py
15.28 KB
Del
OK
aptpkg.py
116.64 KB
Del
OK
archive.py
48.63 KB
Del
OK
arista_pyeapi.py
22.06 KB
Del
OK
artifactory.py
24.78 KB
Del
OK
at.py
10.72 KB
Del
OK
at_solaris.py
8.51 KB
Del
OK
augeas_cfg.py
13.93 KB
Del
OK
aws_sqs.py
6.55 KB
Del
OK
azurearm_compute.py
20.8 KB
Del
OK
azurearm_dns.py
15.8 KB
Del
OK
azurearm_network.py
82.99 KB
Del
OK
azurearm_resource.py
35.75 KB
Del
OK
bamboohr.py
7.36 KB
Del
OK
baredoc.py
11.13 KB
Del
OK
bcache.py
28.97 KB
Del
OK
beacons.py
27.82 KB
Del
OK
bigip.py
69.11 KB
Del
OK
bluez_bluetooth.py
6.76 KB
Del
OK
boto3_elasticache.py
37.34 KB
Del
OK
boto3_elasticsearch.py
53.17 KB
Del
OK
boto3_route53.py
39.82 KB
Del
OK
boto3_sns.py
12.93 KB
Del
OK
boto_apigateway.py
61.86 KB
Del
OK
boto_asg.py
35.69 KB
Del
OK
boto_cfn.py
7.95 KB
Del
OK
boto_cloudfront.py
12.75 KB
Del
OK
boto_cloudtrail.py
14.45 KB
Del
OK
boto_cloudwatch.py
10.99 KB
Del
OK
boto_cloudwatch_event.py
9.48 KB
Del
OK
boto_cognitoidentity.py
14.63 KB
Del
OK
boto_datapipeline.py
6.94 KB
Del
OK
boto_dynamodb.py
14.98 KB
Del
OK
boto_ec2.py
79.27 KB
Del
OK
boto_efs.py
14.05 KB
Del
OK
boto_elasticache.py
23.69 KB
Del
OK
boto_elasticsearch_domain.py
15.85 KB
Del
OK
boto_elb.py
35.53 KB
Del
OK
boto_elbv2.py
10.78 KB
Del
OK
boto_iam.py
75.62 KB
Del
OK
boto_iot.py
26.2 KB
Del
OK
boto_kinesis.py
19.62 KB
Del
OK
boto_kms.py
17.29 KB
Del
OK
boto_lambda.py
35.05 KB
Del
OK
boto_rds.py
34.92 KB
Del
OK
boto_route53.py
32.55 KB
Del
OK
boto_s3.py
4.24 KB
Del
OK
boto_s3_bucket.py
31.8 KB
Del
OK
boto_secgroup.py
25.22 KB
Del
OK
boto_sns.py
7.22 KB
Del
OK
boto_sqs.py
6.43 KB
Del
OK
boto_ssm.py
3.63 KB
Del
OK
boto_vpc.py
113.08 KB
Del
OK
bower.py
5.85 KB
Del
OK
bridge.py
10.81 KB
Del
OK
bsd_shadow.py
6.25 KB
Del
OK
btrfs.py
33.66 KB
Del
OK
cabal.py
3.79 KB
Del
OK
capirca_acl.py
40.04 KB
Del
OK
cassandra_cql.py
54.16 KB
Del
OK
cassandra_mod.py
4.3 KB
Del
OK
celery.py
3.33 KB
Del
OK
ceph.py
15.82 KB
Del
OK
chassis.py
1.52 KB
Del
OK
chef.py
4.66 KB
Del
OK
chocolatey.py
41.55 KB
Del
OK
chronos.py
2.89 KB
Del
OK
chroot.py
11.73 KB
Del
OK
cimc.py
23.02 KB
Del
OK
ciscoconfparse_mod.py
14.79 KB
Del
OK
cisconso.py
3.83 KB
Del
OK
cloud.py
9.39 KB
Del
OK
cmdmod.py
163.73 KB
Del
OK
composer.py
10.31 KB
Del
OK
config.py
16.98 KB
Del
OK
consul.py
69.3 KB
Del
OK
container_resource.py
12.94 KB
Del
OK
cp.py
31.98 KB
Del
OK
cpan.py
5.54 KB
Del
OK
cron.py
28.09 KB
Del
OK
cryptdev.py
10.08 KB
Del
OK
csf.py
16.04 KB
Del
OK
cyg.py
8.32 KB
Del
OK
daemontools.py
5.41 KB
Del
OK
data.py
3.85 KB
Del
OK
datadog_api.py
7.76 KB
Del
OK
ddns.py
7.12 KB
Del
OK
deb_apache.py
7.41 KB
Del
OK
deb_postgres.py
4.18 KB
Del
OK
debconfmod.py
4.06 KB
Del
OK
debian_ip.py
64.91 KB
Del
OK
debian_service.py
6.55 KB
Del
OK
debuild_pkgbuild.py
34.68 KB
Del
OK
defaults.py
6.55 KB
Del
OK
devinfo.py
9.07 KB
Del
OK
devmap.py
627 B
Del
OK
dig.py
8.75 KB
Del
OK
disk.py
30.82 KB
Del
OK
djangomod.py
7.53 KB
Del
OK
dnsmasq.py
5.71 KB
Del
OK
dnsutil.py
11.51 KB
Del
OK
dockercompose.py
32.62 KB
Del
OK
dockermod.py
224.85 KB
Del
OK
dpkg_lowpkg.py
12.94 KB
Del
OK
drac.py
10.97 KB
Del
OK
dracr.py
38.53 KB
Del
OK
drbd.py
7.19 KB
Del
OK
dummyproxy_pkg.py
2.46 KB
Del
OK
dummyproxy_service.py
2.91 KB
Del
OK
ebuildpkg.py
38.74 KB
Del
OK
eix.py
1.58 KB
Del
OK
elasticsearch.py
51.44 KB
Del
OK
environ.py
8.96 KB
Del
OK
eselect.py
4.99 KB
Del
OK
esxcluster.py
1.66 KB
Del
OK
esxdatacenter.py
1.68 KB
Del
OK
esxi.py
2.79 KB
Del
OK
esxvm.py
1.63 KB
Del
OK
etcd_mod.py
8.56 KB
Del
OK
ethtool.py
11.12 KB
Del
OK
event.py
7.67 KB
Del
OK
extfs.py
8.78 KB
Del
OK
file.py
232.18 KB
Del
OK
firewalld.py
20.51 KB
Del
OK
freebsd_sysctl.py
4.99 KB
Del
OK
freebsd_update.py
6.19 KB
Del
OK
freebsdjail.py
7.16 KB
Del
OK
freebsdkmod.py
6.17 KB
Del
OK
freebsdpkg.py
17.04 KB
Del
OK
freebsdports.py
13.13 KB
Del
OK
freebsdservice.py
12.53 KB
Del
OK
freezer.py
10.2 KB
Del
OK
gcp_addon.py
4.07 KB
Del
OK
gem.py
10.6 KB
Del
OK
genesis.py
21.75 KB
Del
OK
gentoo_service.py
9.18 KB
Del
OK
gentoolkitmod.py
8.39 KB
Del
OK
git.py
172.01 KB
Del
OK
github.py
53.19 KB
Del
OK
glanceng.py
4.69 KB
Del
OK
glassfish.py
19.49 KB
Del
OK
glusterfs.py
19.55 KB
Del
OK
gnomedesktop.py
6.85 KB
Del
OK
google_chat.py
1.52 KB
Del
OK
gpg.py
39.09 KB
Del
OK
grafana4.py
30.27 KB
Del
OK
grains.py
21.81 KB
Del
OK
groupadd.py
11.87 KB
Del
OK
grub_legacy.py
3.08 KB
Del
OK
guestfs.py
2.37 KB
Del
OK
hadoop.py
3.76 KB
Del
OK
haproxyconn.py
10.17 KB
Del
OK
hashutil.py
6.77 KB
Del
OK
heat.py
25.25 KB
Del
OK
helm.py
39.27 KB
Del
OK
hg.py
7.16 KB
Del
OK
highstate_doc.py
22.76 KB
Del
OK
hosts.py
10.47 KB
Del
OK
http.py
3.76 KB
Del
OK
icinga2.py
4.46 KB
Del
OK
idem.py
1.75 KB
Del
OK
ifttt.py
2.28 KB
Del
OK
ilo.py
15.98 KB
Del
OK
incron.py
7.68 KB
Del
OK
influxdb08mod.py
15.07 KB
Del
OK
influxdbmod.py
16.13 KB
Del
OK
infoblox.py
17.53 KB
Del
OK
ini_manage.py
14.63 KB
Del
OK
inspectlib
-
Del
OK
inspector.py
8.19 KB
Del
OK
introspect.py
4.02 KB
Del
OK
iosconfig.py
14.78 KB
Del
OK
ipmi.py
25.47 KB
Del
OK
ipset.py
17.97 KB
Del
OK
iptables.py
57.44 KB
Del
OK
iwtools.py
3.99 KB
Del
OK
jboss7.py
20.51 KB
Del
OK
jboss7_cli.py
15.23 KB
Del
OK
jenkinsmod.py
11.9 KB
Del
OK
jinja.py
2.66 KB
Del
OK
jira_mod.py
7.07 KB
Del
OK
junos.py
73.96 KB
Del
OK
k8s.py
24.87 KB
Del
OK
kapacitor.py
5.37 KB
Del
OK
kerberos.py
5.42 KB
Del
OK
kernelpkg_linux_apt.py
6.71 KB
Del
OK
kernelpkg_linux_yum.py
7.26 KB
Del
OK
key.py
1007 B
Del
OK
keyboard.py
2.64 KB
Del
OK
keystone.py
43.14 KB
Del
OK
keystoneng.py
21.82 KB
Del
OK
keystore.py
7.18 KB
Del
OK
kmod.py
7.65 KB
Del
OK
kubeadm.py
34.64 KB
Del
OK
kubernetesmod.py
46.77 KB
Del
OK
launchctl_service.py
9.69 KB
Del
OK
layman.py
4.22 KB
Del
OK
ldap3.py
18.81 KB
Del
OK
ldapmod.py
5.9 KB
Del
OK
libcloud_compute.py
23.48 KB
Del
OK
libcloud_dns.py
9.73 KB
Del
OK
libcloud_loadbalancer.py
13.14 KB
Del
OK
libcloud_storage.py
12.16 KB
Del
OK
linux_acl.py
7.7 KB
Del
OK
linux_ip.py
5.55 KB
Del
OK
linux_lvm.py
17.86 KB
Del
OK
linux_service.py
4.64 KB
Del
OK
linux_shadow.py
12.96 KB
Del
OK
linux_sysctl.py
7.5 KB
Del
OK
localemod.py
11.84 KB
Del
OK
locate.py
2.58 KB
Del
OK
logadm.py
9.44 KB
Del
OK
logmod.py
1.25 KB
Del
OK
logrotate.py
7.72 KB
Del
OK
lvs.py
11.54 KB
Del
OK
lxc.py
147.27 KB
Del
OK
lxd.py
90.07 KB
Del
OK
mac_assistive.py
11.37 KB
Del
OK
mac_brew_pkg.py
19.91 KB
Del
OK
mac_desktop.py
2.77 KB
Del
OK
mac_group.py
6.62 KB
Del
OK
mac_keychain.py
6.39 KB
Del
OK
mac_pkgutil.py
2.84 KB
Del
OK
mac_portspkg.py
11.36 KB
Del
OK
mac_power.py
13.29 KB
Del
OK
mac_service.py
19.64 KB
Del
OK
mac_shadow.py
14.23 KB
Del
OK
mac_softwareupdate.py
14.52 KB
Del
OK
mac_sysctl.py
5.13 KB
Del
OK
mac_system.py
15.07 KB
Del
OK
mac_timezone.py
8.34 KB
Del
OK
mac_user.py
16.41 KB
Del
OK
mac_xattr.py
6.27 KB
Del
OK
macdefaults.py
2.33 KB
Del
OK
macpackage.py
6.66 KB
Del
OK
makeconf.py
17.31 KB
Del
OK
mandrill.py
6.31 KB
Del
OK
marathon.py
5.36 KB
Del
OK
match.py
13 KB
Del
OK
mattermost.py
3.4 KB
Del
OK
mdadm_raid.py
9.86 KB
Del
OK
mdata.py
3.38 KB
Del
OK
memcached.py
6.13 KB
Del
OK
mine.py
18.84 KB
Del
OK
minion.py
7.68 KB
Del
OK
mod_random.py
7.18 KB
Del
OK
modjk.py
12.48 KB
Del
OK
mongodb.py
29.75 KB
Del
OK
monit.py
5.51 KB
Del
OK
moosefs.py
3.87 KB
Del
OK
mount.py
58.44 KB
Del
OK
mssql.py
14.64 KB
Del
OK
msteams.py
2.11 KB
Del
OK
munin.py
2.4 KB
Del
OK
mysql.py
90.66 KB
Del
OK
nacl.py
9.72 KB
Del
OK
nagios.py
6.53 KB
Del
OK
nagios_rpc.py
5.09 KB
Del
OK
namecheap_domains.py
12.84 KB
Del
OK
namecheap_domains_dns.py
5.93 KB
Del
OK
namecheap_domains_ns.py
4.51 KB
Del
OK
namecheap_ssl.py
25.69 KB
Del
OK
namecheap_users.py
2.4 KB
Del
OK
napalm_bgp.py
9.72 KB
Del
OK
napalm_formula.py
11.33 KB
Del
OK
napalm_mod.py
61.37 KB
Del
OK
napalm_netacl.py
28.59 KB
Del
OK
napalm_network.py
93.22 KB
Del
OK
napalm_ntp.py
10.22 KB
Del
OK
napalm_probes.py
13.25 KB
Del
OK
napalm_route.py
5.09 KB
Del
OK
napalm_snmp.py
7.05 KB
Del
OK
napalm_users.py
6.49 KB
Del
OK
napalm_yang_mod.py
20.28 KB
Del
OK
netaddress.py
1.6 KB
Del
OK
netbox.py
32.22 KB
Del
OK
netbsd_sysctl.py
3.92 KB
Del
OK
netbsdservice.py
6.43 KB
Del
OK
netmiko_mod.py
19.61 KB
Del
OK
netscaler.py
27.02 KB
Del
OK
network.py
63.42 KB
Del
OK
neutron.py
44.92 KB
Del
OK
neutronng.py
15.02 KB
Del
OK
nexus.py
22.95 KB
Del
OK
nfs3.py
3.9 KB
Del
OK
nftables.py
33.58 KB
Del
OK
nginx.py
3.83 KB
Del
OK
nilrt_ip.py
36.18 KB
Del
OK
nix.py
8.03 KB
Del
OK
nova.py
19.6 KB
Del
OK
npm.py
10.4 KB
Del
OK
nspawn.py
41.35 KB
Del
OK
nxos.py
24.65 KB
Del
OK
nxos_api.py
14.72 KB
Del
OK
nxos_upgrade.py
14.74 KB
Del
OK
omapi.py
3.6 KB
Del
OK
openbsd_sysctl.py
3.74 KB
Del
OK
openbsdpkg.py
10.97 KB
Del
OK
openbsdrcctl_service.py
6.33 KB
Del
OK
openbsdservice.py
8.31 KB
Del
OK
openscap.py
2.81 KB
Del
OK
openstack_config.py
3.21 KB
Del
OK
openstack_mng.py
2.71 KB
Del
OK
openvswitch.py
17.19 KB
Del
OK
opkg.py
49.67 KB
Del
OK
opsgenie.py
3.29 KB
Del
OK
oracle.py
5.82 KB
Del
OK
osquery.py
24.93 KB
Del
OK
out.py
2.53 KB
Del
OK
pacmanpkg.py
31.92 KB
Del
OK
pagerduty.py
4.7 KB
Del
OK
pagerduty_util.py
13.48 KB
Del
OK
pam.py
2.01 KB
Del
OK
panos.py
61.05 KB
Del
OK
parallels.py
19.85 KB
Del
OK
parted_partition.py
21.53 KB
Del
OK
pcs.py
14.11 KB
Del
OK
pdbedit.py
10.79 KB
Del
OK
pecl.py
3.79 KB
Del
OK
peeringdb.py
8.39 KB
Del
OK
pf.py
9.51 KB
Del
OK
philips_hue.py
1.55 KB
Del
OK
pillar.py
21.37 KB
Del
OK
pip.py
53.42 KB
Del
OK
pkg_resource.py
12.3 KB
Del
OK
pkgin.py
17.29 KB
Del
OK
pkgng.py
61.07 KB
Del
OK
pkgutil.py
9.85 KB
Del
OK
portage_config.py
22.73 KB
Del
OK
postfix.py
16.24 KB
Del
OK
postgres.py
88.24 KB
Del
OK
poudriere.py
7.85 KB
Del
OK
powerpath.py
2.57 KB
Del
OK
proxy.py
11.49 KB
Del
OK
ps.py
20.89 KB
Del
OK
publish.py
10.25 KB
Del
OK
puppet.py
10.9 KB
Del
OK
purefa.py
33.59 KB
Del
OK
purefb.py
13.69 KB
Del
OK
pushbullet.py
1.88 KB
Del
OK
pushover_notify.py
3.48 KB
Del
OK
pw_group.py
4.62 KB
Del
OK
pw_user.py
12.47 KB
Del
OK
pyenv.py
6.93 KB
Del
OK
qemu_img.py
1.53 KB
Del
OK
qemu_nbd.py
3.28 KB
Del
OK
quota.py
6.43 KB
Del
OK
rabbitmq.py
38.4 KB
Del
OK
rallydev.py
6.09 KB
Del
OK
random_org.py
23.76 KB
Del
OK
rbac_solaris.py
16.05 KB
Del
OK
rbenv.py
10.75 KB
Del
OK
rdp.py
6.08 KB
Del
OK
rebootmgr.py
7.68 KB
Del
OK
redismod.py
16.36 KB
Del
OK
reg.py
16.36 KB
Del
OK
rest_pkg.py
2.26 KB
Del
OK
rest_sample_utils.py
558 B
Del
OK
rest_service.py
3.63 KB
Del
OK
restartcheck.py
24.1 KB
Del
OK
restconf.py
3.15 KB
Del
OK
ret.py
1.27 KB
Del
OK
rh_ip.py
38.55 KB
Del
OK
rh_service.py
16.61 KB
Del
OK
riak.py
5.19 KB
Del
OK
rpm_lowpkg.py
27.67 KB
Del
OK
rpmbuild_pkgbuild.py
24.53 KB
Del
OK
rsync.py
8.04 KB
Del
OK
runit.py
17.17 KB
Del
OK
rvm.py
11.1 KB
Del
OK
s3.py
9.93 KB
Del
OK
s6.py
3.62 KB
Del
OK
salt_proxy.py
4.48 KB
Del
OK
salt_version.py
4.58 KB
Del
OK
saltcheck.py
46.66 KB
Del
OK
saltcloudmod.py
954 B
Del
OK
saltutil.py
57.49 KB
Del
OK
schedule.py
50.81 KB
Del
OK
scp_mod.py
6.22 KB
Del
OK
scsi.py
2.66 KB
Del
OK
sdb.py
2.48 KB
Del
OK
seed.py
8.87 KB
Del
OK
selinux.py
24.2 KB
Del
OK
sensehat.py
7.79 KB
Del
OK
sensors.py
1.3 KB
Del
OK
serverdensity_device.py
8.1 KB
Del
OK
servicenow.py
4.36 KB
Del
OK
slack_notify.py
7.83 KB
Del
OK
slackware_service.py
6.84 KB
Del
OK
slsutil.py
19.04 KB
Del
OK
smartos_imgadm.py
12.04 KB
Del
OK
smartos_nictagadm.py
6.46 KB
Del
OK
smartos_virt.py
5.21 KB
Del
OK
smartos_vmadm.py
26.2 KB
Del
OK
smbios.py
10.05 KB
Del
OK
smf_service.py
8.52 KB
Del
OK
smtp.py
5.41 KB
Del
OK
snapper.py
27.14 KB
Del
OK
solaris_fmadm.py
11.2 KB
Del
OK
solaris_group.py
2.8 KB
Del
OK
solaris_shadow.py
7.98 KB
Del
OK
solaris_system.py
3.72 KB
Del
OK
solaris_user.py
11.06 KB
Del
OK
solarisipspkg.py
18.68 KB
Del
OK
solarispkg.py
15.4 KB
Del
OK
solr.py
45.54 KB
Del
OK
solrcloud.py
14.63 KB
Del
OK
splunk.py
8.14 KB
Del
OK
splunk_search.py
8.76 KB
Del
OK
sqlite3.py
2.54 KB
Del
OK
ssh.py
43.89 KB
Del
OK
ssh_pkg.py
1.08 KB
Del
OK
ssh_service.py
3.39 KB
Del
OK
state.py
82.34 KB
Del
OK
status.py
57.79 KB
Del
OK
statuspage.py
14.67 KB
Del
OK
supervisord.py
11.15 KB
Del
OK
suse_apache.py
2.45 KB
Del
OK
suse_ip.py
35.72 KB
Del
OK
svn.py
10.75 KB
Del
OK
swarm.py
13.5 KB
Del
OK
swift.py
5.53 KB
Del
OK
sysbench.py
6.62 KB
Del
OK
sysfs.py
6.61 KB
Del
OK
syslog_ng.py
31.52 KB
Del
OK
sysmod.py
22.59 KB
Del
OK
sysrc.py
3.38 KB
Del
OK
system.py
19.28 KB
Del
OK
system_profiler.py
3.54 KB
Del
OK
systemd_service.py
46.29 KB
Del
OK
telegram.py
3.28 KB
Del
OK
telemetry.py
12.87 KB
Del
OK
temp.py
831 B
Del
OK
test.py
15.4 KB
Del
OK
test_virtual.py
237 B
Del
OK
testinframod.py
9.92 KB
Del
OK
textfsm_mod.py
16.22 KB
Del
OK
timezone.py
19.98 KB
Del
OK
tls.py
58.63 KB
Del
OK
tomcat.py
18.59 KB
Del
OK
trafficserver.py
10.44 KB
Del
OK
transactional_update.py
35.83 KB
Del
OK
travisci.py
2.05 KB
Del
OK
tuned.py
2.34 KB
Del
OK
twilio_notify.py
2.95 KB
Del
OK
udev.py
3.72 KB
Del
OK
upstart_service.py
16.92 KB
Del
OK
uptime.py
3.23 KB
Del
OK
useradd.py
22.63 KB
Del
OK
uwsgi.py
996 B
Del
OK
vagrant.py
20.4 KB
Del
OK
varnish.py
3.08 KB
Del
OK
vault.py
15.61 KB
Del
OK
vbox_guest.py
10.55 KB
Del
OK
vboxmanage.py
14.71 KB
Del
OK
vcenter.py
1.61 KB
Del
OK
victorops.py
6.54 KB
Del
OK
virt.py
287.71 KB
Del
OK
virtualenv_mod.py
15.09 KB
Del
OK
vmctl.py
9.56 KB
Del
OK
vsphere.py
380.41 KB
Del
OK
webutil.py
3.66 KB
Del
OK
win_auditpol.py
4.74 KB
Del
OK
win_autoruns.py
2.29 KB
Del
OK
win_certutil.py
4.55 KB
Del
OK
win_dacl.py
32.27 KB
Del
OK
win_disk.py
1.8 KB
Del
OK
win_dism.py
20.7 KB
Del
OK
win_dns_client.py
4.19 KB
Del
OK
win_dsc.py
27.54 KB
Del
OK
win_event.py
22.32 KB
Del
OK
win_file.py
64.39 KB
Del
OK
win_firewall.py
20.15 KB
Del
OK
win_groupadd.py
11.27 KB
Del
OK
win_iis.py
68.78 KB
Del
OK
win_ip.py
11.43 KB
Del
OK
win_lgpo.py
491.76 KB
Del
OK
win_lgpo_reg.py
17.9 KB
Del
OK
win_license.py
2.72 KB
Del
OK
win_network.py
13.9 KB
Del
OK
win_ntp.py
1.8 KB
Del
OK
win_path.py
11.12 KB
Del
OK
win_pkg.py
86.43 KB
Del
OK
win_pki.py
15.8 KB
Del
OK
win_powercfg.py
9.85 KB
Del
OK
win_psget.py
8.97 KB
Del
OK
win_servermanager.py
14.21 KB
Del
OK
win_service.py
32.96 KB
Del
OK
win_shadow.py
3.03 KB
Del
OK
win_shortcut.py
16.49 KB
Del
OK
win_smtp_server.py
17.67 KB
Del
OK
win_snmp.py
13.38 KB
Del
OK
win_status.py
16.94 KB
Del
OK
win_system.py
40.61 KB
Del
OK
win_task.py
79.17 KB
Del
OK
win_timezone.py
13.3 KB
Del
OK
win_useradd.py
27.39 KB
Del
OK
win_wua.py
38.29 KB
Del
OK
win_wusa.py
5.88 KB
Del
OK
winrepo.py
6.09 KB
Del
OK
wordpress.py
4.71 KB
Del
OK
x509.py
63.1 KB
Del
OK
x509_v2.py
74.15 KB
Del
OK
xapi_virt.py
24.07 KB
Del
OK
xbpspkg.py
15.84 KB
Del
OK
xfs.py
15.35 KB
Del
OK
xml.py
2.14 KB
Del
OK
xmpp.py
5.28 KB
Del
OK
yaml.py
1.94 KB
Del
OK
yumpkg.py
116.5 KB
Del
OK
zabbix.py
97.55 KB
Del
OK
zcbuildout.py
28.16 KB
Del
OK
zenoss.py
5.64 KB
Del
OK
zfs.py
34.44 KB
Del
OK
zk_concurrency.py
11.16 KB
Del
OK
znc.py
2.26 KB
Del
OK
zoneadm.py
15.05 KB
Del
OK
zonecfg.py
21.85 KB
Del
OK
zookeeper.py
14.72 KB
Del
OK
zpool.py
44.02 KB
Del
OK
zypperpkg.py
94.87 KB
Del
OK
Edit: postgres.py
""" Module to provide Postgres compatibility to salt. :configuration: In order to connect to Postgres, certain configuration is required in /etc/salt/minion on the relevant minions. Some sample configs might look like:: postgres.host: 'localhost' postgres.port: '5432' postgres.user: 'postgres' -> db user postgres.pass: '' postgres.maintenance_db: 'postgres' The default for the maintenance_db is 'postgres' and in most cases it can be left at the default setting. This data can also be passed into pillar. Options passed into opts will overwrite options passed into pillar To prevent Postgres commands from running arbitrarily long, a timeout (in seconds) can be set .. code-block:: yaml postgres.timeout: 60 .. versionadded:: 3006.0 :note: This module uses MD5 hashing which may not be compliant with certain security audits. :note: When installing postgres from the official postgres repos, on certain linux distributions, either the psql or the initdb binary is *not* automatically placed on the path. Add a configuration to the location of the postgres bin's path to the relevant minion for this module:: postgres.bins_dir: '/usr/pgsql-9.5/bin/' """ # This pylint error is popping up where there are no colons? # pylint: disable=E8203 import base64 import datetime import hashlib import hmac import io import logging import os import re import shlex import tempfile import salt.utils.files import salt.utils.itertools import salt.utils.odict import salt.utils.path import salt.utils.stringutils from salt.exceptions import CommandExecutionError, SaltInvocationError from salt.ext.saslprep import saslprep from salt.utils.versions import LooseVersion try: import csv HAS_CSV = True except ImportError: HAS_CSV = False try: from secrets import token_bytes except ImportError: # python <3.6 from os import urandom as token_bytes log = logging.getLogger(__name__) _DEFAULT_PASSWORDS_ENCRYPTION = "md5" _DEFAULT_COMMAND_TIMEOUT_SECS = 0 _EXTENSION_NOT_INSTALLED = "EXTENSION NOT INSTALLED" _EXTENSION_INSTALLED = "EXTENSION INSTALLED" _EXTENSION_TO_UPGRADE = "EXTENSION TO UPGRADE" _EXTENSION_TO_MOVE = "EXTENSION TO MOVE" _EXTENSION_FLAGS = ( _EXTENSION_NOT_INSTALLED, _EXTENSION_INSTALLED, _EXTENSION_TO_UPGRADE, _EXTENSION_TO_MOVE, ) _PRIVILEGES_MAP = { "a": "INSERT", "C": "CREATE", "D": "TRUNCATE", "c": "CONNECT", "t": "TRIGGER", "r": "SELECT", "U": "USAGE", "T": "TEMPORARY", "w": "UPDATE", "X": "EXECUTE", "x": "REFERENCES", "d": "DELETE", "*": "GRANT", } _PRIVILEGES_OBJECTS = frozenset( ( "schema", "tablespace", "language", "sequence", "table", "group", "database", "function", ) ) _PRIVILEGE_TYPE_MAP = { "table": "arwdDxt", "tablespace": "C", "language": "U", "sequence": "rwU", "schema": "UC", "database": "CTc", "function": "X", } def __virtual__(): """ Only load this module if the psql bin exist. initdb bin might also be used, but its presence will be detected on runtime. """ utils = ["psql"] if not HAS_CSV: return False for util in utils: if not salt.utils.path.which(util): if not _find_pg_binary(util): return (False, f"{util} was not found") return True def _find_pg_binary(util): """ .. versionadded:: 2016.3.2 Helper function to locate various psql related binaries """ pg_bin_dir = __salt__["config.option"]("postgres.bins_dir") util_bin = salt.utils.path.which(util) if not util_bin: if pg_bin_dir: return salt.utils.path.which(os.path.join(pg_bin_dir, util)) else: return util_bin def _run_psql(cmd, runas=None, password=None, host=None, port=None, user=None): """ Helper function to call psql, because the password requirement makes this too much code to be repeated in each function below """ kwargs = { "reset_system_locale": False, "clean_env": True, "timeout": __salt__["config.option"]( "postgres.timeout", default=_DEFAULT_COMMAND_TIMEOUT_SECS ), } if runas is None: if not host: host = __salt__["config.option"]("postgres.host") if not host or host.startswith("/"): if "FreeBSD" in __grains__["os_family"]: runas = "postgres" elif "OpenBSD" in __grains__["os_family"]: runas = "_postgresql" else: runas = "postgres" if user is None: user = runas if runas: kwargs["runas"] = runas if password is None: password = __salt__["config.option"]("postgres.pass") if password is not None: pgpassfile = salt.utils.files.mkstemp(text=True) with salt.utils.files.fopen(pgpassfile, "w") as fp_: fp_.write( salt.utils.stringutils.to_str( "{}:{}:*:{}:{}".format( "localhost" if not host or host.startswith("/") else host, port if port else "*", user if user else "*", password, ) ) ) __salt__["file.chown"](pgpassfile, runas, "") kwargs["env"] = {"PGPASSFILE": pgpassfile} ret = __salt__["cmd.run_all"](cmd, python_shell=False, **kwargs) if ret.get("retcode", 0) != 0: log.error("Error connecting to Postgresql server") if password is not None and not __salt__["file.remove"](pgpassfile): log.warning("Remove PGPASSFILE failed") return ret def _run_initdb( name, auth="password", user=None, password=None, encoding="UTF8", locale=None, runas=None, waldir=None, checksums=False, ): """ Helper function to call initdb """ if runas is None: if "FreeBSD" in __grains__["os_family"]: runas = "postgres" elif "OpenBSD" in __grains__["os_family"]: runas = "_postgresql" else: runas = "postgres" if user is None: user = runas _INITDB_BIN = _find_pg_binary("initdb") if not _INITDB_BIN: raise CommandExecutionError("initdb executable not found.") cmd = [ _INITDB_BIN, f"--pgdata={name}", f"--username={user}", f"--auth={auth}", f"--encoding={encoding}", ] if locale is not None: cmd.append(f"--locale={locale}") # intentionally use short option, as the long option name has been # renamed from "xlogdir" to "waldir" in PostgreSQL 10 if waldir is not None: cmd.append("-X") cmd.append(waldir) if checksums: cmd.append("--data-checksums") if password is not None: pgpassfile = salt.utils.files.mkstemp(text=True) with salt.utils.files.fopen(pgpassfile, "w") as fp_: fp_.write(salt.utils.stringutils.to_str(f"{password}")) __salt__["file.chown"](pgpassfile, runas, "") cmd.extend([f"--pwfile={pgpassfile}"]) kwargs = dict( runas=runas, clean_env=True, timeout=__salt__["config.option"]( "postgres.timeout", default=_DEFAULT_COMMAND_TIMEOUT_SECS ), ) cmdstr = " ".join([shlex.quote(c) for c in cmd]) ret = __salt__["cmd.run_all"](cmdstr, python_shell=False, **kwargs) if ret.get("retcode", 0) != 0: log.error("Error initilizing the postgres data directory") if password is not None and not __salt__["file.remove"](pgpassfile): log.warning("Removal of PGPASSFILE failed") return ret def version( user=None, host=None, port=None, maintenance_db=None, password=None, runas=None ): """ Return the version of a Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.version """ query = "SELECT setting FROM pg_catalog.pg_settings WHERE name = 'server_version'" cmd = _psql_cmd( "-c", query, "-t", host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) ret = _run_psql( cmd, runas=runas, password=password, host=host, port=port, user=user ) for line in salt.utils.itertools.split(ret["stdout"], "\n"): # Just return the first line return line def _parsed_version( user=None, host=None, port=None, maintenance_db=None, password=None, runas=None ): """ Returns the server version properly parsed and int casted for internal use. If the Postgres server does not respond, None will be returned. """ psql_version = version( user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) if psql_version: return LooseVersion(psql_version) else: log.warning( "Attempt to parse version of Postgres server failed. " "Is the server responding?" ) return None def _connection_defaults(user=None, host=None, port=None, maintenance_db=None): """ Returns a tuple of (user, host, port, db) with config, pillar, or default values assigned to missing values. """ if not user: user = __salt__["config.option"]("postgres.user") if not host: host = __salt__["config.option"]("postgres.host") if not port: port = __salt__["config.option"]("postgres.port") if not maintenance_db: maintenance_db = __salt__["config.option"]("postgres.maintenance_db") return (user, host, port, maintenance_db) def _psql_cmd(*args, **kwargs): """ Return string with fully composed psql command. Accepts optional keyword arguments: user, host, port and maintenance_db, as well as any number of positional arguments to be added to the end of the command. """ (user, host, port, maintenance_db) = _connection_defaults( kwargs.get("user"), kwargs.get("host"), kwargs.get("port"), kwargs.get("maintenance_db"), ) _PSQL_BIN = _find_pg_binary("psql") cmd = [ _PSQL_BIN, "--no-align", "--no-readline", "--no-psqlrc", "--no-password", ] # Never prompt, handled in _run_psql. if user: cmd += ["--username", user] if host: cmd += ["--host", host] if port: cmd += ["--port", str(port)] if not maintenance_db: maintenance_db = "postgres" cmd.extend(["--dbname", maintenance_db]) cmd.extend(args) return cmd def _psql_prepare_and_run( cmd, host=None, port=None, maintenance_db=None, password=None, runas=None, user=None ): rcmd = _psql_cmd( host=host, user=user, port=port, maintenance_db=maintenance_db, *cmd ) cmdret = _run_psql( rcmd, runas=runas, password=password, host=host, port=port, user=user ) return cmdret def psql_query( query, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, write=False, ): """ Run an SQL-Query and return the results as a list. This command only supports SELECT statements. This limitation can be worked around with a query like this: WITH updated AS (UPDATE pg_authid SET rolconnlimit = 2000 WHERE rolname = 'rolename' RETURNING rolconnlimit) SELECT * FROM updated; query The query string. user Database username, if different from config or default. host Database host, if different from config or default. port Database port, if different from the config or default. maintenance_db The database to run the query against. password User password, if different from the config or default. runas User to run the command as. write Mark query as READ WRITE transaction. CLI Example: .. code-block:: bash salt '*' postgres.psql_query 'select * from pg_stat_activity' """ ret = [] csv_query = "COPY ({}) TO STDOUT WITH CSV HEADER".format(query.strip().rstrip(";")) # Mark transaction as R/W to achieve write will be allowed # Commit is necessary due to transaction if write: csv_query = "START TRANSACTION READ WRITE; {}; COMMIT TRANSACTION;".format( csv_query ) # always use the same datestyle settings to allow parsing dates # regardless what server settings are configured cmdret = _psql_prepare_and_run( ["-v", "datestyle=ISO,MDY", "-c", csv_query], runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) if cmdret["retcode"] > 0: return ret csv_file = io.StringIO(cmdret["stdout"]) header = {} for row in csv.reader( csv_file, delimiter=salt.utils.stringutils.to_str(","), quotechar=salt.utils.stringutils.to_str('"'), ): if not row: continue if not header: header = row continue ret.append(dict(zip(header, row))) # Remove 'COMMIT' message if query is inside R/W transction if write: ret = ret[0:-1] return ret # Database related actions def db_list( user=None, host=None, port=None, maintenance_db=None, password=None, runas=None ): """ Return dictionary with information about databases of a Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.db_list """ ret = {} query = ( 'SELECT datname as "Name", pga.rolname as "Owner", ' 'pg_encoding_to_char(encoding) as "Encoding", ' 'datcollate as "Collate", datctype as "Ctype", ' 'datacl as "Access privileges", spcname as "Tablespace" ' "FROM pg_database pgd, pg_roles pga, pg_tablespace pgts " "WHERE pga.oid = pgd.datdba AND pgts.oid = pgd.dattablespace" ) rows = psql_query( query, runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) for row in rows: ret[row["Name"]] = row ret[row["Name"]].pop("Name") return ret def db_exists( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Checks if a database exists on the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.db_exists 'dbname' """ databases = db_list( user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return name in databases # TODO properly implemented escaping def _quote_ddl_value(value, quote="'"): if value is None: return None if quote in value: # detect trivial sqli raise SaltInvocationError(f"Unsupported character {quote} in value: {value}") return "{quote}{value}{quote}".format(quote=quote, value=value) def db_create( name, user=None, host=None, port=None, maintenance_db=None, password=None, tablespace=None, encoding=None, lc_collate=None, lc_ctype=None, owner=None, template=None, runas=None, ): """ Adds a databases to the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.db_create 'dbname' salt '*' postgres.db_create 'dbname' template=template_postgis """ # Base query to create a database query = f'CREATE DATABASE "{name}"' # "With"-options to create a database with_args = salt.utils.odict.OrderedDict( [ ("TABLESPACE", _quote_ddl_value(tablespace, '"')), # owner needs to be enclosed in double quotes so postgres # doesn't get thrown by dashes in the name ("OWNER", _quote_ddl_value(owner, '"')), ("TEMPLATE", template), ("ENCODING", _quote_ddl_value(encoding)), ("LC_COLLATE", _quote_ddl_value(lc_collate)), ("LC_CTYPE", _quote_ddl_value(lc_ctype)), ] ) with_chunks = [] for key, value in with_args.items(): if value is not None: with_chunks += [key, "=", value] # Build a final query if with_chunks: with_chunks.insert(0, " WITH") query += " ".join(with_chunks) # Execute the command ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return ret["retcode"] == 0 def db_alter( name, user=None, host=None, port=None, maintenance_db=None, password=None, tablespace=None, owner=None, owner_recurse=False, runas=None, ): """ Change tablespace or/and owner of database. CLI Example: .. code-block:: bash salt '*' postgres.db_alter dbname owner=otheruser """ if not any((tablespace, owner)): return True # Nothing todo? if owner and owner_recurse: ret = owner_to( name, owner, user=user, host=host, port=port, password=password, runas=runas ) else: queries = [] if owner: queries.append(f'ALTER DATABASE "{name}" OWNER TO "{owner}"') if tablespace: queries.append(f'ALTER DATABASE "{name}" SET TABLESPACE "{tablespace}"') for query in queries: ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) if ret["retcode"] != 0: return False return True def db_remove( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Removes a databases from the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.db_remove 'dbname' """ for query in [ f'REVOKE CONNECT ON DATABASE "{name}" FROM public;', "SELECT pid, pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname =" " '{db}' AND pid <> pg_backend_pid();".format(db=name), f'DROP DATABASE "{name}";', ]: ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, runas=runas, maintenance_db=maintenance_db, password=password, ) if ret["retcode"] != 0: raise Exception(f"Failed: ret={ret}") return True # Tablespace related actions def tablespace_list( user=None, host=None, port=None, maintenance_db=None, password=None, runas=None ): """ Return dictionary with information about tablespaces of a Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.tablespace_list .. versionadded:: 2015.8.0 """ ret = {} query = ( 'SELECT spcname as "Name", pga.rolname as "Owner", spcacl as "ACL", ' 'spcoptions as "Opts", pg_tablespace_location(pgts.oid) as "Location" ' "FROM pg_tablespace pgts, pg_roles pga WHERE pga.oid = pgts.spcowner" ) rows = __salt__["postgres.psql_query"]( query, runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) for row in rows: ret[row["Name"]] = row ret[row["Name"]].pop("Name") return ret def tablespace_exists( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Checks if a tablespace exists on the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.tablespace_exists 'dbname' .. versionadded:: 2015.8.0 """ tablespaces = tablespace_list( user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return name in tablespaces def tablespace_create( name, location, options=None, owner=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Adds a tablespace to the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.tablespace_create tablespacename '/path/datadir' .. versionadded:: 2015.8.0 """ owner_query = "" options_query = "" if owner: owner_query = f'OWNER "{owner}"' # should come out looking like: 'OWNER postgres' if options: optionstext = [f"{k} = {v}" for k, v in options.items()] options_query = "WITH ( {} )".format(", ".join(optionstext)) # should come out looking like: 'WITH ( opt1 = 1.0, opt2 = 4.0 )' query = "CREATE TABLESPACE \"{}\" {} LOCATION '{}' {}".format( name, owner_query, location, options_query ) # Execute the command ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return ret["retcode"] == 0 def tablespace_alter( name, user=None, host=None, port=None, maintenance_db=None, password=None, new_name=None, new_owner=None, set_option=None, reset_option=None, runas=None, ): """ Change tablespace name, owner, or options. CLI Example: .. code-block:: bash salt '*' postgres.tablespace_alter tsname new_owner=otheruser salt '*' postgres.tablespace_alter index_space new_name=fast_raid salt '*' postgres.tablespace_alter test set_option="{'seq_page_cost': '1.1'}" salt '*' postgres.tablespace_alter tsname reset_option=seq_page_cost .. versionadded:: 2015.8.0 """ if not any([new_name, new_owner, set_option, reset_option]): return True # Nothing todo? queries = [] if new_name: queries.append(f'ALTER TABLESPACE "{name}" RENAME TO "{new_name}"') if new_owner: queries.append(f'ALTER TABLESPACE "{name}" OWNER TO "{new_owner}"') if set_option: queries.append( 'ALTER TABLESPACE "{}" SET ({} = {})'.format( name, *(next(iter(set_option.items()))) ) ) if reset_option: queries.append(f'ALTER TABLESPACE "{name}" RESET ({reset_option})') for query in queries: ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) if ret["retcode"] != 0: return False return True def tablespace_remove( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Removes a tablespace from the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.tablespace_remove tsname .. versionadded:: 2015.8.0 """ query = f'DROP TABLESPACE "{name}"' ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, runas=runas, maintenance_db=maintenance_db, password=password, ) return ret["retcode"] == 0 # User related actions def user_list( user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, return_password=False, ): """ Return a dict with information about users of a Postgres server. Set return_password to True to get password hash in the result. CLI Example: .. code-block:: bash salt '*' postgres.user_list """ ret = {} ver = _parsed_version( user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) if ver: if ver >= LooseVersion("9.1"): replication_column = "pg_roles.rolreplication" else: replication_column = "NULL" if ver >= LooseVersion("9.5"): rolcatupdate_column = "NULL" else: rolcatupdate_column = "pg_roles.rolcatupdate" else: log.error("Could not retrieve Postgres version. Is Postgresql server running?") return False # will return empty string if return_password = False _x = lambda s: s if return_password else "" query = "".join( [ 'SELECT pg_roles.rolname as "name",pg_roles.rolsuper as "superuser",' ' pg_roles.rolinherit as "inherits privileges", pg_roles.rolcreaterole as' ' "can create roles", pg_roles.rolcreatedb as "can create databases", {0}' ' as "can update system catalogs", pg_roles.rolcanlogin as "can login", {1}' ' as "replication", pg_roles.rolconnlimit as "connections", (SELECT' " array_agg(pg_roles2.rolname) FROM pg_catalog.pg_auth_members JOIN" " pg_catalog.pg_roles pg_roles2 ON (pg_auth_members.roleid = pg_roles2.oid)" " WHERE pg_auth_members.member = pg_roles.oid) as" ' "groups",pg_roles.rolvaliduntil::timestamp(0) as "expiry time",' ' pg_roles.rolconfig as "defaults variables" ', _x(', COALESCE(pg_shadow.passwd, pg_authid.rolpassword) as "password" '), "FROM pg_roles ", _x("LEFT JOIN pg_authid ON pg_roles.oid = pg_authid.oid "), _x("LEFT JOIN pg_shadow ON pg_roles.oid = pg_shadow.usesysid"), ] ).format(rolcatupdate_column, replication_column) rows = psql_query( query, runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) def get_bool(rowdict, key): """ Returns the boolean value of the key, instead of 't' and 'f' strings. """ if rowdict[key] == "t": return True elif rowdict[key] == "f": return False else: return None for row in rows: retrow = {} for key in ( "superuser", "inherits privileges", "can create roles", "can create databases", "can update system catalogs", "can login", "replication", "connections", ): retrow[key] = get_bool(row, key) for date_key in ("expiry time",): try: retrow[date_key] = datetime.datetime.strptime( row[date_key], "%Y-%m-%d %H:%M:%S" ) except ValueError: retrow[date_key] = None retrow["defaults variables"] = row["defaults variables"] if return_password: retrow["password"] = row["password"] # use csv reader to handle quoted roles correctly retrow["groups"] = list(csv.reader([row["groups"].strip("{}")]))[0] ret[row["name"]] = retrow return ret def role_get( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, return_password=False, ): """ Return a dict with information about users of a Postgres server. Set return_password to True to get password hash in the result. CLI Example: .. code-block:: bash salt '*' postgres.role_get postgres """ all_users = user_list( user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, return_password=return_password, ) try: return all_users.get(name, None) except AttributeError: log.error("Could not retrieve Postgres role. Is Postgres running?") return None def user_exists( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Checks if a user exists on the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.user_exists 'username' """ return bool( role_get( name, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, return_password=False, ) ) def _add_role_flag(string, test, flag, cond=None, prefix="NO", addtxt="", skip=False): if not skip: if cond is None: cond = test if test is not None: if cond: string = f"{string} {flag}" else: string = f"{string} {prefix}{flag}" if addtxt: string = f"{string} {addtxt}" return string def _maybe_encrypt_password(role, password, encrypted=_DEFAULT_PASSWORDS_ENCRYPTION): if password is not None: password = str(password) else: return None if encrypted is True: encrypted = "md5" if encrypted not in (False, "md5", "scram-sha-256"): raise ValueError("Unknown password algorithm: " + str(encrypted)) if encrypted == "scram-sha-256" and not password.startswith("SCRAM-SHA-256"): password = _scram_sha_256(password) elif encrypted == "md5" and not password.startswith("md5"): log.warning("The md5 password algorithm was deprecated in PostgreSQL 10") password = _md5_password(role, password) elif encrypted is False: log.warning("Unencrypted passwords were removed in PostgreSQL 10") return password def _verify_password(role, password, verifier, method): """ Test the given password against the verifier. The given password may already be a verifier, in which case test for simple equality. """ if method == "md5" or method is True: if password.startswith("md5"): expected = password else: expected = _md5_password(role, password) elif method == "scram-sha-256": if password.startswith("SCRAM-SHA-256"): expected = password else: match = re.match(r"^SCRAM-SHA-256\$(\d+):([^\$]+?)\$", verifier) if match: iterations = int(match.group(1)) salt_bytes = base64.b64decode(match.group(2)) expected = _scram_sha_256( password, salt_bytes=salt_bytes, iterations=iterations ) else: expected = object() elif method is False: expected = password else: expected = object() return verifier == expected def _md5_password(role, password): return "md5{}".format( hashlib.md5( # nosec salt.utils.stringutils.to_bytes(f"{password}{role}") ).hexdigest() ) def _scram_sha_256(password, salt_bytes=None, iterations=4096): """ Build a SCRAM-SHA-256 password verifier. Ported from https://doxygen.postgresql.org/scram-common_8c.html """ if salt_bytes is None: salt_bytes = token_bytes(16) password = salt.utils.stringutils.to_bytes(saslprep(password)) salted_password = hashlib.pbkdf2_hmac("sha256", password, salt_bytes, iterations) stored_key = hmac.new(salted_password, b"Client Key", "sha256").digest() stored_key = hashlib.sha256(stored_key).digest() server_key = hmac.new(salted_password, b"Server Key", "sha256").digest() return "SCRAM-SHA-256${}:{}${}:{}".format( iterations, base64.b64encode(salt_bytes).decode("ascii"), base64.b64encode(stored_key).decode("ascii"), base64.b64encode(server_key).decode("ascii"), ) def _role_cmd_args( name, sub_cmd="", typ_="role", encrypted=None, login=None, connlimit=None, inherit=None, createdb=None, createroles=None, superuser=None, groups=None, replication=None, rolepassword=None, valid_until=None, db_role=None, ): if inherit is None: if typ_ in ["user", "group"]: inherit = True if login is None: if typ_ == "user": login = True if typ_ == "group": login = False # defaults to encrypted passwords if encrypted is None: encrypted = _DEFAULT_PASSWORDS_ENCRYPTION skip_passwd = False escaped_password = "" escaped_valid_until = "" if not ( rolepassword is not None # first is passwd set # second is for handling NOPASSWD and (isinstance(rolepassword, str) and bool(rolepassword)) or (isinstance(rolepassword, bool)) ): skip_passwd = True if isinstance(rolepassword, str) and bool(rolepassword): escaped_password = "'{}'".format( _maybe_encrypt_password( name, rolepassword.replace("'", "''"), encrypted=encrypted ) ) if isinstance(valid_until, str) and bool(valid_until): escaped_valid_until = "'{}'".format( valid_until.replace("'", "''"), ) skip_superuser = False if bool(db_role) and bool(superuser) == bool(db_role["superuser"]): skip_superuser = True flags = ( {"flag": "INHERIT", "test": inherit}, {"flag": "CREATEDB", "test": createdb}, {"flag": "CREATEROLE", "test": createroles}, {"flag": "SUPERUSER", "test": superuser, "skip": skip_superuser}, {"flag": "REPLICATION", "test": replication}, {"flag": "LOGIN", "test": login}, { "flag": "CONNECTION LIMIT", "test": bool(connlimit), "addtxt": str(connlimit), "skip": connlimit is None, }, { "flag": "ENCRYPTED", "test": (encrypted is not None and bool(rolepassword)), "skip": skip_passwd or isinstance(rolepassword, bool), "cond": bool(encrypted), "prefix": "UN", }, { "flag": "PASSWORD", "test": bool(rolepassword), "skip": skip_passwd, "addtxt": escaped_password, }, { "flag": "VALID UNTIL", "test": bool(valid_until), "skip": valid_until is None, "addtxt": escaped_valid_until, }, ) for data in flags: sub_cmd = _add_role_flag(sub_cmd, **data) if sub_cmd.endswith("WITH"): sub_cmd = sub_cmd.replace(" WITH", "") if groups: if isinstance(groups, list): groups = ",".join(groups) for group in groups.split(","): sub_cmd = f'{sub_cmd}; GRANT "{group}" TO "{name}"' return sub_cmd def _role_create( name, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, encrypted=None, superuser=None, login=None, connlimit=None, inherit=None, replication=None, rolepassword=None, valid_until=None, typ_="role", groups=None, runas=None, ): """ Creates a Postgres role. Users and Groups are both roles in postgres. However, users can login, groups cannot. """ # check if role exists if user_exists( name, user, host, port, maintenance_db, password=password, runas=runas ): log.info("%s '%s' already exists", typ_.capitalize(), name) return False sub_cmd = f'CREATE ROLE "{name}" WITH' sub_cmd = "{} {}".format( sub_cmd, _role_cmd_args( name, typ_=typ_, encrypted=encrypted, login=login, connlimit=connlimit, inherit=inherit, createdb=createdb, createroles=createroles, superuser=superuser, groups=groups, replication=replication, rolepassword=rolepassword, valid_until=valid_until, ), ) ret = _psql_prepare_and_run( ["-c", sub_cmd], runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) return ret["retcode"] == 0 def user_create( username, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, inherit=None, login=None, connlimit=None, encrypted=None, superuser=None, replication=None, rolepassword=None, valid_until=None, groups=None, runas=None, ): """ Creates a Postgres user. CLI Examples: .. code-block:: bash salt '*' postgres.user_create 'username' user='user' \\ host='hostname' port='port' password='password' \\ rolepassword='rolepassword' valid_until='valid_until' """ return _role_create( username, typ_="user", user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, createdb=createdb, createroles=createroles, inherit=inherit, login=login, connlimit=connlimit, encrypted=encrypted, superuser=superuser, replication=replication, rolepassword=rolepassword, valid_until=valid_until, groups=groups, runas=runas, ) def _role_update( name, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, typ_="role", createroles=None, inherit=None, login=None, connlimit=None, encrypted=None, superuser=None, replication=None, rolepassword=None, valid_until=None, groups=None, runas=None, ): """ Updates a postgres role. """ role = role_get( name, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, return_password=False, ) # check if user exists if not bool(role): log.info("%s '%s' could not be found", typ_.capitalize(), name) return False sub_cmd = f'ALTER ROLE "{name}" WITH' sub_cmd = "{} {}".format( sub_cmd, _role_cmd_args( name, encrypted=encrypted, login=login, connlimit=connlimit, inherit=inherit, createdb=createdb, createroles=createroles, superuser=superuser, groups=groups, replication=replication, rolepassword=rolepassword, valid_until=valid_until, db_role=role, ), ) ret = _psql_prepare_and_run( ["-c", sub_cmd], runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) return ret["retcode"] == 0 def user_update( username, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, encrypted=None, superuser=None, inherit=None, login=None, connlimit=None, replication=None, rolepassword=None, valid_until=None, groups=None, runas=None, ): """ Updates a Postgres user. CLI Examples: .. code-block:: bash salt '*' postgres.user_update 'username' user='user' \\ host='hostname' port='port' password='password' \\ rolepassword='rolepassword' valid_until='valid_until' """ return _role_update( username, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, typ_="user", inherit=inherit, login=login, connlimit=connlimit, createdb=createdb, createroles=createroles, encrypted=encrypted, superuser=superuser, replication=replication, rolepassword=rolepassword, valid_until=valid_until, groups=groups, runas=runas, ) def _role_remove( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Removes a role from the Postgres Server """ # check if user exists if not user_exists( name, user, host, port, maintenance_db, password=password, runas=runas ): log.info("User '%s' does not exist", name) return False # user exists, proceed sub_cmd = f'DROP ROLE "{name}"' _psql_prepare_and_run( ["-c", sub_cmd], runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) if not user_exists( name, user, host, port, maintenance_db, password=password, runas=runas ): return True else: log.info("Failed to delete user '%s'.", name) return False def available_extensions( user=None, host=None, port=None, maintenance_db=None, password=None, runas=None ): """ List available postgresql extensions CLI Example: .. code-block:: bash salt '*' postgres.available_extensions """ exts = [] query = "select * from pg_available_extensions();" ret = psql_query( query, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) exts = {} for row in ret: if "default_version" in row and "name" in row: exts[row["name"]] = row return exts def installed_extensions( user=None, host=None, port=None, maintenance_db=None, password=None, runas=None ): """ List installed postgresql extensions CLI Example: .. code-block:: bash salt '*' postgres.installed_extensions """ exts = [] query = ( "select a.*, b.nspname as schema_name " "from pg_extension a, pg_namespace b where a.extnamespace = b.oid;" ) ret = psql_query( query, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) exts = {} for row in ret: if "extversion" in row and "extname" in row: exts[row["extname"]] = row return exts def get_available_extension( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Get info about an available postgresql extension CLI Example: .. code-block:: bash salt '*' postgres.get_available_extension plpgsql """ return available_extensions( user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ).get(name, None) def get_installed_extension( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Get info about an installed postgresql extension CLI Example: .. code-block:: bash salt '*' postgres.get_installed_extension plpgsql """ return installed_extensions( user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ).get(name, None) def is_available_extension( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Test if a specific extension is available CLI Example: .. code-block:: bash salt '*' postgres.is_available_extension """ exts = available_extensions( user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) if name.lower() in [a.lower() for a in exts]: return True return False def _pg_is_older_ext_ver(a, b): """ Compare versions of extensions using `looseversion.LooseVersion`. Returns ``True`` if version a is lesser than b. """ return LooseVersion(a) < LooseVersion(b) def is_installed_extension( name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Test if a specific extension is installed CLI Example: .. code-block:: bash salt '*' postgres.is_installed_extension """ installed_ext = get_installed_extension( name, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return bool(installed_ext) def create_metadata( name, ext_version=None, schema=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Get lifecycle information about an extension CLI Example: .. code-block:: bash salt '*' postgres.create_metadata adminpack """ installed_ext = get_installed_extension( name, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) ret = [_EXTENSION_NOT_INSTALLED] if installed_ext: ret = [_EXTENSION_INSTALLED] if ext_version is not None and _pg_is_older_ext_ver( installed_ext.get("extversion", ext_version), ext_version ): ret.append(_EXTENSION_TO_UPGRADE) if ( schema is not None and installed_ext.get("extrelocatable", "f") == "t" and installed_ext.get("schema_name", schema) != schema ): ret.append(_EXTENSION_TO_MOVE) return ret def drop_extension( name, if_exists=None, restrict=None, cascade=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Drop an installed postgresql extension CLI Example: .. code-block:: bash salt '*' postgres.drop_extension 'adminpack' """ if cascade is None: cascade = True if if_exists is None: if_exists = False if restrict is None: restrict = False args = ["DROP EXTENSION"] if if_exists: args.append("IF EXISTS") args.append(name) if cascade: args.append("CASCADE") if restrict: args.append("RESTRICT") args.append(";") cmd = " ".join(args) if is_installed_extension( name, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ): _psql_prepare_and_run( ["-c", cmd], runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) ret = not is_installed_extension( name, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) if not ret: log.info("Failed to drop ext: %s", name) return ret def create_extension( name, if_not_exists=None, schema=None, ext_version=None, from_version=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Install a postgresql extension CLI Example: .. code-block:: bash salt '*' postgres.create_extension 'adminpack' """ if if_not_exists is None: if_not_exists = True mtdata = create_metadata( name, ext_version=ext_version, schema=schema, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) installed = _EXTENSION_NOT_INSTALLED not in mtdata installable = is_available_extension( name, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) if installable: if not installed: args = ["CREATE EXTENSION"] if if_not_exists: args.append("IF NOT EXISTS") args.append(f'"{name}"') sargs = [] if schema: sargs.append(f'SCHEMA "{schema}"') if ext_version: sargs.append(f"VERSION {ext_version}") if from_version: sargs.append(f"FROM {from_version}") if sargs: args.append("WITH") args.extend(sargs) args.append(";") cmd = " ".join(args).strip() else: args = [] if schema and _EXTENSION_TO_MOVE in mtdata: args.append(f'ALTER EXTENSION "{name}" SET SCHEMA "{schema}";') if ext_version and _EXTENSION_TO_UPGRADE in mtdata: args.append(f'ALTER EXTENSION "{name}" UPDATE TO {ext_version};') cmd = " ".join(args).strip() if cmd: _psql_prepare_and_run( ["-c", cmd], runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) mtdata = create_metadata( name, ext_version=ext_version, schema=schema, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) ret = True for i in _EXTENSION_FLAGS: if (i in mtdata) and (i != _EXTENSION_INSTALLED): ret = False if not ret: log.info("Failed to create ext: %s", name) return ret def user_remove( username, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Removes a user from the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.user_remove 'username' """ return _role_remove( username, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) # Group related actions def group_create( groupname, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, encrypted=None, login=None, inherit=None, superuser=None, replication=None, rolepassword=None, groups=None, runas=None, ): """ Creates a Postgres group. A group is postgres is similar to a user, but cannot login. CLI Example: .. code-block:: bash salt '*' postgres.group_create 'groupname' user='user' \\ host='hostname' port='port' password='password' \\ rolepassword='rolepassword' """ return _role_create( groupname, user=user, typ_="group", host=host, port=port, maintenance_db=maintenance_db, password=password, createdb=createdb, createroles=createroles, encrypted=encrypted, login=login, inherit=inherit, superuser=superuser, replication=replication, rolepassword=rolepassword, groups=groups, runas=runas, ) def group_update( groupname, user=None, host=None, port=None, maintenance_db=None, password=None, createdb=None, createroles=None, encrypted=None, inherit=None, login=None, superuser=None, replication=None, rolepassword=None, groups=None, runas=None, ): """ Updates a postgres group CLI Examples: .. code-block:: bash salt '*' postgres.group_update 'username' user='user' \\ host='hostname' port='port' password='password' \\ rolepassword='rolepassword' """ return _role_update( groupname, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, createdb=createdb, typ_="group", createroles=createroles, encrypted=encrypted, login=login, inherit=inherit, superuser=superuser, replication=replication, rolepassword=rolepassword, groups=groups, runas=runas, ) def group_remove( groupname, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, ): """ Removes a group from the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.group_remove 'groupname' """ return _role_remove( groupname, user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) def owner_to( dbname, ownername, user=None, host=None, port=None, password=None, runas=None ): """ Set the owner of all schemas, functions, tables, views and sequences to the given username. CLI Example: .. code-block:: bash salt '*' postgres.owner_to 'dbname' 'username' """ sqlfile = tempfile.NamedTemporaryFile() sqlfile.write("begin;\n") sqlfile.write(f'alter database "{dbname}" owner to "{ownername}";\n') queries = ( # schemas ( "alter schema {n} owner to {owner};", "select quote_ident(schema_name) as n from information_schema.schemata;", ), # tables and views ( "alter table {n} owner to {owner};", "select quote_ident(table_schema)||'.'||quote_ident(table_name) as " "n from information_schema.tables where table_schema not in " "('pg_catalog', 'information_schema');", ), # functions ( "alter function {n} owner to {owner};", "select p.oid::regprocedure::text as n from pg_catalog.pg_proc p " "join pg_catalog.pg_namespace ns on p.pronamespace=ns.oid where " "ns.nspname not in ('pg_catalog', 'information_schema') " " and not p.proisagg;", ), # aggregate functions ( "alter aggregate {n} owner to {owner};", "select p.oid::regprocedure::text as n from pg_catalog.pg_proc p " "join pg_catalog.pg_namespace ns on p.pronamespace=ns.oid where " "ns.nspname not in ('pg_catalog', 'information_schema') " "and p.proisagg;", ), # sequences ( "alter sequence {n} owner to {owner};", "select quote_ident(sequence_schema)||'.'||" "quote_ident(sequence_name) as n from information_schema.sequences;", ), ) for fmt, query in queries: ret = psql_query( query, user=user, host=host, port=port, maintenance_db=dbname, password=password, runas=runas, ) for row in ret: sqlfile.write(fmt.format(owner=ownername, n=row["n"]) + "\n") sqlfile.write("commit;\n") sqlfile.flush() os.chmod(sqlfile.name, 0o644) # ensure psql can read the file # run the generated sqlfile in the db cmdret = _psql_prepare_and_run( ["-f", sqlfile.name], user=user, runas=runas, host=host, port=port, password=password, maintenance_db=dbname, ) return cmdret # Schema related actions def schema_create( dbname, name, owner=None, user=None, db_user=None, db_password=None, db_host=None, db_port=None, ): """ Creates a Postgres schema. CLI Example: .. code-block:: bash salt '*' postgres.schema_create dbname name owner='owner' \\ user='user' \\ db_user='user' db_password='password' db_host='hostname' db_port='port' """ # check if schema exists if schema_exists( dbname, name, user=user, db_user=db_user, db_password=db_password, db_host=db_host, db_port=db_port, ): log.info("'%s' already exists in '%s'", name, dbname) return False sub_cmd = f'CREATE SCHEMA "{name}"' if owner is not None: sub_cmd = f'{sub_cmd} AUTHORIZATION "{owner}"' ret = _psql_prepare_and_run( ["-c", sub_cmd], user=db_user, password=db_password, port=db_port, host=db_host, maintenance_db=dbname, runas=user, ) return ret["retcode"] == 0 def schema_remove( dbname, name, user=None, db_user=None, db_password=None, db_host=None, db_port=None ): """ Removes a schema from the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.schema_remove dbname schemaname dbname Database name we work on schemaname The schema's name we'll remove user System user all operations should be performed on behalf of db_user database username if different from config or default db_password user password if any password for a specified user db_host Database host if different from config or default db_port Database port if different from config or default """ # check if schema exists if not schema_exists( dbname, name, user=None, db_user=db_user, db_password=db_password, db_host=db_host, db_port=db_port, ): log.info("Schema '%s' does not exist in '%s'", name, dbname) return False # schema exists, proceed sub_cmd = f'DROP SCHEMA "{name}"' _psql_prepare_and_run( ["-c", sub_cmd], runas=user, maintenance_db=dbname, host=db_host, user=db_user, port=db_port, password=db_password, ) if not schema_exists( dbname, name, user, db_user=db_user, db_password=db_password, db_host=db_host, db_port=db_port, ): return True else: log.info("Failed to delete schema '%s'.", name) return False def schema_exists( dbname, name, user=None, db_user=None, db_password=None, db_host=None, db_port=None ): """ Checks if a schema exists on the Postgres server. CLI Example: .. code-block:: bash salt '*' postgres.schema_exists dbname schemaname dbname Database name we query on name Schema name we look for user The system user the operation should be performed on behalf of db_user database username if different from config or default db_password user password if any password for a specified user db_host Database host if different from config or default db_port Database port if different from config or default """ return bool( schema_get( dbname, name, user=user, db_user=db_user, db_host=db_host, db_port=db_port, db_password=db_password, ) ) def schema_get( dbname, name, user=None, db_user=None, db_password=None, db_host=None, db_port=None ): """ Return a dict with information about schemas in a database. CLI Example: .. code-block:: bash salt '*' postgres.schema_get dbname name dbname Database name we query on name Schema name we look for user The system user the operation should be performed on behalf of db_user database username if different from config or default db_password user password if any password for a specified user db_host Database host if different from config or default db_port Database port if different from config or default """ all_schemas = schema_list( dbname, user=user, db_user=db_user, db_host=db_host, db_port=db_port, db_password=db_password, ) try: return all_schemas.get(name, None) except AttributeError: log.error("Could not retrieve Postgres schema. Is Postgres running?") return False def schema_list( dbname, user=None, db_user=None, db_password=None, db_host=None, db_port=None ): """ Return a dict with information about schemas in a Postgres database. CLI Example: .. code-block:: bash salt '*' postgres.schema_list dbname dbname Database name we query on user The system user the operation should be performed on behalf of db_user database username if different from config or default db_password user password if any password for a specified user db_host Database host if different from config or default db_port Database port if different from config or default """ ret = {} query = "".join( [ "SELECT " 'pg_namespace.nspname as "name",' 'pg_namespace.nspacl as "acl", ' 'pg_roles.rolname as "owner" ' "FROM pg_namespace " "LEFT JOIN pg_roles ON pg_roles.oid = pg_namespace.nspowner " ] ) rows = psql_query( query, runas=user, host=db_host, user=db_user, port=db_port, maintenance_db=dbname, password=db_password, ) for row in rows: retrow = {} for key in ("owner", "acl"): retrow[key] = row[key] ret[row["name"]] = retrow return ret def language_list( maintenance_db, user=None, host=None, port=None, password=None, runas=None ): """ .. versionadded:: 2016.3.0 Return a list of languages in a database. CLI Example: .. code-block:: bash salt '*' postgres.language_list dbname maintenance_db The database to check user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ ret = {} query = 'SELECT lanname AS "Name" FROM pg_language' rows = psql_query( query, runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) for row in rows: ret[row["Name"]] = row["Name"] return ret def language_exists( name, maintenance_db, user=None, host=None, port=None, password=None, runas=None ): """ .. versionadded:: 2016.3.0 Checks if language exists in a database. CLI Example: .. code-block:: bash salt '*' postgres.language_exists plpgsql dbname name Language to check for maintenance_db The database to check in user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ languages = language_list( maintenance_db, user=user, host=host, port=port, password=password, runas=runas ) return name in languages def language_create( name, maintenance_db, user=None, host=None, port=None, password=None, runas=None ): """ .. versionadded:: 2016.3.0 Installs a language into a database CLI Example: .. code-block:: bash salt '*' postgres.language_create plpgsql dbname name Language to install maintenance_db The database to install the language in user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ if language_exists(name, maintenance_db): log.info("Language %s already exists in %s", name, maintenance_db) return False query = f"CREATE LANGUAGE {name}" ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return ret["retcode"] == 0 def language_remove( name, maintenance_db, user=None, host=None, port=None, password=None, runas=None ): """ .. versionadded:: 2016.3.0 Removes a language from a database CLI Example: .. code-block:: bash salt '*' postgres.language_remove plpgsql dbname name Language to remove maintenance_db The database to install the language in user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ if not language_exists(name, maintenance_db): log.info("Language %s does not exist in %s", name, maintenance_db) return False query = f"DROP LANGUAGE {name}" ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, runas=runas, maintenance_db=maintenance_db, password=password, ) return ret["retcode"] == 0 def _make_privileges_list_query(name, object_type, prepend): """ Generate the SQL required for specific object type """ if object_type == "table": query = ( " ".join( [ "SELECT relacl AS name", "FROM pg_catalog.pg_class c", "JOIN pg_catalog.pg_namespace n", "ON n.oid = c.relnamespace", "WHERE nspname = '{0}'", "AND relname = '{1}'", "AND relkind in ('r', 'v')", "ORDER BY relname", ] ) ).format(prepend, name) elif object_type == "sequence": query = ( " ".join( [ "SELECT relacl AS name", "FROM pg_catalog.pg_class c", "JOIN pg_catalog.pg_namespace n", "ON n.oid = c.relnamespace", "WHERE nspname = '{0}'", "AND relname = '{1}'", "AND relkind = 'S'", "ORDER BY relname", ] ) ).format(prepend, name) elif object_type == "schema": query = ( " ".join( [ "SELECT nspacl AS name", "FROM pg_catalog.pg_namespace", "WHERE nspname = '{0}'", "ORDER BY nspname", ] ) ).format(name) elif object_type == "function": query = ( " ".join( [ "SELECT proacl AS name", "FROM pg_catalog.pg_proc p", "JOIN pg_catalog.pg_namespace n", "ON n.oid = p.pronamespace", "WHERE nspname = '{0}'", "AND p.oid::regprocedure::text = '{1}'", "ORDER BY proname, proargtypes", ] ) ).format(prepend, name) elif object_type == "tablespace": query = ( " ".join( [ "SELECT spcacl AS name", "FROM pg_catalog.pg_tablespace", "WHERE spcname = '{0}'", "ORDER BY spcname", ] ) ).format(name) elif object_type == "language": query = ( " ".join( [ "SELECT lanacl AS name", "FROM pg_catalog.pg_language", "WHERE lanname = '{0}'", "ORDER BY lanname", ] ) ).format(name) elif object_type == "database": query = ( " ".join( [ "SELECT datacl AS name", "FROM pg_catalog.pg_database", "WHERE datname = '{0}'", "ORDER BY datname", ] ) ).format(name) elif object_type == "group": query = ( " ".join( [ "SELECT rolname, admin_option", "FROM pg_catalog.pg_auth_members m", "JOIN pg_catalog.pg_roles r", "ON m.member=r.oid", "WHERE m.roleid IN", "(SELECT oid", "FROM pg_catalog.pg_roles", "WHERE rolname='{0}')", "ORDER BY rolname", ] ) ).format(name) return query def _get_object_owner( name, object_type, prepend="public", maintenance_db=None, user=None, host=None, port=None, password=None, runas=None, ): """ Return the owner of a postgres object """ if object_type == "table": query = ( " ".join( [ "SELECT tableowner AS name", "FROM pg_tables", "WHERE schemaname = '{0}'", "AND tablename = '{1}'", ] ) ).format(prepend, name) elif object_type == "sequence": query = ( " ".join( [ "SELECT rolname AS name", "FROM pg_catalog.pg_class c", "JOIN pg_roles r", "ON c.relowner = r.oid", "JOIN pg_catalog.pg_namespace n", "ON n.oid = c.relnamespace", "WHERE relkind='S'", "AND nspname='{0}'", "AND relname = '{1}'", ] ) ).format(prepend, name) elif object_type == "schema": query = ( " ".join( [ "SELECT rolname AS name", "FROM pg_namespace n", "JOIN pg_roles r", "ON n.nspowner = r.oid", "WHERE nspname = '{0}'", ] ) ).format(name) elif object_type == "function": query = ( " ".join( [ "SELECT rolname AS name", "FROM pg_catalog.pg_proc p", "JOIN pg_catalog.pg_namespace n", "ON n.oid = p.pronamespace", "JOIN pg_catalog.pg_roles r", "ON p.proowner = r.oid", "WHERE nspname = '{0}'", "AND p.oid::regprocedure::text = '{1}'", "ORDER BY proname, proargtypes", ] ) ).format(prepend, name) elif object_type == "tablespace": query = ( " ".join( [ "SELECT rolname AS name", "FROM pg_tablespace t", "JOIN pg_roles r", "ON t.spcowner = r.oid", "WHERE spcname = '{0}'", ] ) ).format(name) elif object_type == "language": query = ( " ".join( [ "SELECT rolname AS name", "FROM pg_language l", "JOIN pg_roles r", "ON l.lanowner = r.oid", "WHERE lanname = '{0}'", ] ) ).format(name) elif object_type == "database": query = ( " ".join( [ "SELECT rolname AS name", "FROM pg_database d", "JOIN pg_roles r", "ON d.datdba = r.oid", "WHERE datname = '{0}'", ] ) ).format(name) rows = psql_query( query, runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) try: ret = rows[0]["name"] except IndexError: ret = None return ret def _validate_privileges(object_type, privs, privileges): """ Validate the supplied privileges """ if object_type != "group": _perms = [_PRIVILEGES_MAP[perm] for perm in _PRIVILEGE_TYPE_MAP[object_type]] _perms.append("ALL") if object_type not in _PRIVILEGES_OBJECTS: raise SaltInvocationError(f"Invalid object_type: {object_type} provided") if not set(privs).issubset(set(_perms)): raise SaltInvocationError( "Invalid privilege(s): {} provided for object {}".format( privileges, object_type ) ) else: if privileges: raise SaltInvocationError( "The privileges option should not be set for object_type group" ) def _mod_priv_opts(object_type, privileges): """ Format options """ object_type = object_type.lower() privileges = "" if privileges is None else privileges _privs = re.split(r"\s?,\s?", privileges.upper()) return object_type, privileges, _privs def _process_priv_part(perms): """ Process part """ _tmp = {} previous = None for perm in perms: if previous is None: _tmp[_PRIVILEGES_MAP[perm]] = False previous = _PRIVILEGES_MAP[perm] else: if perm == "*": _tmp[previous] = True else: _tmp[_PRIVILEGES_MAP[perm]] = False previous = _PRIVILEGES_MAP[perm] return _tmp def privileges_list( name, object_type, prepend="public", maintenance_db=None, user=None, host=None, port=None, password=None, runas=None, ): """ .. versionadded:: 2016.3.0 Return a list of privileges for the specified object. CLI Example: .. code-block:: bash salt '*' postgres.privileges_list table_name table maintenance_db=db_name name Name of the object for which the permissions should be returned object_type The object type, which can be one of the following: - table - sequence - schema - tablespace - language - database - group - function prepend Table and Sequence object types live under a schema so this should be provided if the object is not under the default `public` schema maintenance_db The database to connect to user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ object_type = object_type.lower() query = _make_privileges_list_query(name, object_type, prepend) if object_type not in _PRIVILEGES_OBJECTS: raise SaltInvocationError(f"Invalid object_type: {object_type} provided") rows = psql_query( query, runas=runas, host=host, user=user, port=port, maintenance_db=maintenance_db, password=password, ) ret = {} for row in rows: if object_type != "group": result = row["name"] result = result.strip("{}") parts = result.split(",") for part in parts: perms_part, _ = part.split("/") rolename, perms = perms_part.split("=") if rolename == "": rolename = "public" _tmp = _process_priv_part(perms) ret[rolename] = _tmp else: if row["admin_option"] == "t": admin_option = True else: admin_option = False ret[row["rolname"]] = admin_option return ret def has_privileges( name, object_name, object_type, privileges=None, grant_option=None, prepend="public", maintenance_db=None, user=None, host=None, port=None, password=None, runas=None, ): """ .. versionadded:: 2016.3.0 Check if a role has the specified privileges on an object CLI Example: .. code-block:: bash salt '*' postgres.has_privileges user_name table_name table \\ SELECT,INSERT maintenance_db=db_name name Name of the role whose privileges should be checked on object_type object_name Name of the object on which the check is to be performed object_type The object type, which can be one of the following: - table - sequence - schema - tablespace - language - database - group - function privileges Comma separated list of privileges to check, from the list below: - INSERT - CREATE - TRUNCATE - CONNECT - TRIGGER - SELECT - USAGE - TEMPORARY - UPDATE - EXECUTE - REFERENCES - DELETE - ALL grant_option If grant_option is set to True, the grant option check is performed prepend Table and Sequence object types live under a schema so this should be provided if the object is not under the default `public` schema maintenance_db The database to connect to user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ object_type, privileges, _privs = _mod_priv_opts(object_type, privileges) _validate_privileges(object_type, _privs, privileges) if object_type != "group": owner = _get_object_owner( object_name, object_type, prepend=prepend, maintenance_db=maintenance_db, user=user, host=host, port=port, password=password, runas=runas, ) if owner is not None and name == owner: return True _privileges = privileges_list( object_name, object_type, prepend=prepend, maintenance_db=maintenance_db, user=user, host=host, port=port, password=password, runas=runas, ) if name in _privileges: if object_type == "group": if grant_option: retval = _privileges[name] else: retval = True return retval else: _perms = _PRIVILEGE_TYPE_MAP[object_type] if grant_option: perms = {_PRIVILEGES_MAP[perm]: True for perm in _perms} retval = perms == _privileges[name] else: perms = [_PRIVILEGES_MAP[perm] for perm in _perms] if "ALL" in _privs: retval = sorted(perms) == sorted(_privileges[name]) else: retval = set(_privs).issubset(set(_privileges[name])) return retval return False def privileges_grant( name, object_name, object_type, privileges=None, grant_option=None, prepend="public", maintenance_db=None, user=None, host=None, port=None, password=None, runas=None, ): """ .. versionadded:: 2016.3.0 Grant privileges on a postgres object CLI Example: .. code-block:: bash salt '*' postgres.privileges_grant user_name table_name table \\ SELECT,UPDATE maintenance_db=db_name name Name of the role to which privileges should be granted object_name Name of the object on which the grant is to be performed object_type The object type, which can be one of the following: - table - sequence - schema - tablespace - language - database - group - function privileges Comma separated list of privileges to grant, from the list below: - INSERT - CREATE - TRUNCATE - CONNECT - TRIGGER - SELECT - USAGE - TEMPORARY - UPDATE - EXECUTE - REFERENCES - DELETE - ALL grant_option If grant_option is set to True, the recipient of the privilege can in turn grant it to others prepend Table and Sequence object types live under a schema so this should be provided if the object is not under the default `public` schema maintenance_db The database to connect to user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ object_type, privileges, _privs = _mod_priv_opts(object_type, privileges) _validate_privileges(object_type, _privs, privileges) if has_privileges( name, object_name, object_type, privileges, prepend=prepend, maintenance_db=maintenance_db, user=user, host=host, port=port, password=password, runas=runas, ): log.info( "The object: %s of type: %s already has privileges: %s set", object_name, object_type, privileges, ) return False _grants = ",".join(_privs) if object_type in ["table", "sequence"]: on_part = f'{prepend}."{object_name}"' elif object_type == "function": on_part = f"{object_name}" else: on_part = f'"{object_name}"' if grant_option: if object_type == "group": query = f'GRANT {object_name} TO "{name}" WITH ADMIN OPTION' elif object_type in ("table", "sequence") and object_name.upper() == "ALL": query = 'GRANT {} ON ALL {}S IN SCHEMA {} TO "{}" WITH GRANT OPTION'.format( _grants, object_type.upper(), prepend, name ) else: query = 'GRANT {} ON {} {} TO "{}" WITH GRANT OPTION'.format( _grants, object_type.upper(), on_part, name ) else: if object_type == "group": query = f'GRANT {object_name} TO "{name}"' elif object_type in ("table", "sequence") and object_name.upper() == "ALL": query = 'GRANT {} ON ALL {}S IN SCHEMA {} TO "{}"'.format( _grants, object_type.upper(), prepend, name ) else: query = 'GRANT {} ON {} {} TO "{}"'.format( _grants, object_type.upper(), on_part, name ) ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return ret["retcode"] == 0 def privileges_revoke( name, object_name, object_type, privileges=None, prepend="public", maintenance_db=None, user=None, host=None, port=None, password=None, runas=None, ): """ .. versionadded:: 2016.3.0 Revoke privileges on a postgres object CLI Example: .. code-block:: bash salt '*' postgres.privileges_revoke user_name table_name table \\ SELECT,UPDATE maintenance_db=db_name name Name of the role whose privileges should be revoked object_name Name of the object on which the revoke is to be performed object_type The object type, which can be one of the following: - table - sequence - schema - tablespace - language - database - group - function privileges Comma separated list of privileges to revoke, from the list below: - INSERT - CREATE - TRUNCATE - CONNECT - TRIGGER - SELECT - USAGE - TEMPORARY - UPDATE - EXECUTE - REFERENCES - DELETE - ALL maintenance_db The database to connect to user database username if different from config or default password user password if any password for a specified user host Database host if different from config or default port Database port if different from config or default runas System user all operations should be performed on behalf of """ object_type, privileges, _privs = _mod_priv_opts(object_type, privileges) _validate_privileges(object_type, _privs, privileges) if not has_privileges( name, object_name, object_type, privileges, prepend=prepend, maintenance_db=maintenance_db, user=user, host=host, port=port, password=password, runas=runas, ): log.info( "The object: %s of type: %s does not have privileges: %s set", object_name, object_type, privileges, ) return False _grants = ",".join(_privs) if object_type in ["table", "sequence"]: on_part = f"{prepend}.{object_name}" else: on_part = object_name if object_type == "group": query = f"REVOKE {object_name} FROM {name}" else: query = "REVOKE {} ON {} {} FROM {}".format( _grants, object_type.upper(), on_part, name ) ret = _psql_prepare_and_run( ["-c", query], user=user, host=host, port=port, maintenance_db=maintenance_db, password=password, runas=runas, ) return ret["retcode"] == 0 def datadir_init( name, auth="password", user=None, password=None, encoding="UTF8", locale=None, waldir=None, checksums=False, runas=None, ): """ .. versionadded:: 2016.3.0 Initializes a postgres data directory CLI Example: .. code-block:: bash salt '*' postgres.datadir_init '/var/lib/pgsql/data' name The name of the directory to initialize auth The default authentication method for local connections password The password to set for the postgres user user The database superuser name encoding The default encoding for new databases locale The default locale for new databases waldir The transaction log (WAL) directory (default is to keep WAL inside the data directory) .. versionadded:: 2019.2.0 checksums If True, the cluster will be created with data page checksums. .. note:: Data page checksums are supported since PostgreSQL 9.3. .. versionadded:: 2019.2.0 runas The system user the operation should be performed on behalf of """ if datadir_exists(name): log.info("%s already exists", name) return False ret = _run_initdb( name, auth=auth, user=user, password=password, encoding=encoding, locale=locale, waldir=waldir, checksums=checksums, runas=runas, ) return ret["retcode"] == 0 def datadir_exists(name): """ .. versionadded:: 2016.3.0 Checks if postgres data directory has been initialized CLI Example: .. code-block:: bash salt '*' postgres.datadir_exists '/var/lib/pgsql/data' name Name of the directory to check """ _version_file = os.path.join(name, "PG_VERSION") _config_file = os.path.join(name, "postgresql.conf") return os.path.isfile(_version_file) and os.path.isfile(_config_file)
Save