golden hour
/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
237 B
Del
OK
__pycache__
-
Del
OK
aggregation.py
5.17 KB
Del
OK
ansible.py
1.48 KB
Del
OK
args.py
18.33 KB
Del
OK
asynchronous.py
4.06 KB
Del
OK
atomicfile.py
5.33 KB
Del
OK
aws.py
20.37 KB
Del
OK
azurearm.py
11.42 KB
Del
OK
beacons.py
517 B
Del
OK
boto3mod.py
8.36 KB
Del
OK
boto_elb_tag.py
3.02 KB
Del
OK
botomod.py
7.98 KB
Del
OK
cache.py
11.49 KB
Del
OK
channel.py
489 B
Del
OK
cloud.py
116.3 KB
Del
OK
color.py
2.72 KB
Del
OK
compat.py
1.89 KB
Del
OK
configcomparer.py
3.88 KB
Del
OK
configparser.py
10.82 KB
Del
OK
context.py
6.8 KB
Del
OK
crypt.py
5 KB
Del
OK
ctx.py
1.42 KB
Del
OK
data.py
53.03 KB
Del
OK
dateutils.py
2.3 KB
Del
OK
debug.py
4.19 KB
Del
OK
decorators
-
Del
OK
dictdiffer.py
16.48 KB
Del
OK
dicttrim.py
3.9 KB
Del
OK
dictupdate.py
11.33 KB
Del
OK
dns.py
35.21 KB
Del
OK
doc.py
2.25 KB
Del
OK
dockermod
-
Del
OK
entrypoints.py
1.83 KB
Del
OK
environment.py
2.2 KB
Del
OK
error.py
1.18 KB
Del
OK
etcd_util.py
33.25 KB
Del
OK
event.py
52.45 KB
Del
OK
extend.py
8.87 KB
Del
OK
extmods.py
6.04 KB
Del
OK
filebuffer.py
3.15 KB
Del
OK
files.py
27.94 KB
Del
OK
find.py
22.08 KB
Del
OK
fsutils.py
3.29 KB
Del
OK
functools.py
6.02 KB
Del
OK
gitfs.py
130.41 KB
Del
OK
github.py
1.52 KB
Del
OK
gzip_util.py
2.86 KB
Del
OK
hashutils.py
5.91 KB
Del
OK
http.py
33.9 KB
Del
OK
iam.py
1.22 KB
Del
OK
icinga2.py
754 B
Del
OK
idem.py
1.22 KB
Del
OK
immutabletypes.py
2.46 KB
Del
OK
itertools.py
2.36 KB
Del
OK
jid.py
3 KB
Del
OK
jinja.py
33.92 KB
Del
OK
job.py
6.89 KB
Del
OK
json.py
3.78 KB
Del
OK
kickstart.py
41.04 KB
Del
OK
kinds.py
493 B
Del
OK
lazy.py
3.06 KB
Del
OK
listdiffer.py
10.9 KB
Del
OK
locales.py
2.06 KB
Del
OK
mac_utils.py
14.01 KB
Del
OK
mako.py
3.97 KB
Del
OK
master.py
29.7 KB
Del
OK
mattermost.py
1.77 KB
Del
OK
memcached.py
3.56 KB
Del
OK
migrations.py
1.46 KB
Del
OK
mine.py
3.68 KB
Del
OK
minion.py
4.13 KB
Del
OK
minions.py
43.38 KB
Del
OK
mount.py
1.15 KB
Del
OK
msazure.py
5.36 KB
Del
OK
msgpack.py
4.69 KB
Del
OK
nacl.py
13.65 KB
Del
OK
namecheap.py
4.32 KB
Del
OK
napalm.py
23.22 KB
Del
OK
nb_popen.py
7.24 KB
Del
OK
network.py
73.86 KB
Del
OK
nxos.py
12.94 KB
Del
OK
nxos_api.py
4 KB
Del
OK
odict.py
13.21 KB
Del
OK
openstack
-
Del
OK
oset.py
6.41 KB
Del
OK
pagerduty.py
3.03 KB
Del
OK
parsers.py
122.69 KB
Del
OK
path.py
11.24 KB
Del
OK
pbm.py
9.81 KB
Del
OK
pkg
-
Del
OK
platform.py
5.84 KB
Del
OK
powershell.py
4.15 KB
Del
OK
preseed.py
2.64 KB
Del
OK
process.py
40.76 KB
Del
OK
profile.py
3.21 KB
Del
OK
proxy.py
331 B
Del
OK
psutil_compat.py
3.63 KB
Del
OK
pushover.py
4.51 KB
Del
OK
pycrypto.py
5.41 KB
Del
OK
pydsl.py
13.74 KB
Del
OK
pyobjects.py
10.75 KB
Del
OK
reactor.py
18.99 KB
Del
OK
reclass.py
752 B
Del
OK
roster_matcher.py
3.55 KB
Del
OK
rsax931.py
8.42 KB
Del
OK
s3.py
8.78 KB
Del
OK
saltclass.py
14.27 KB
Del
OK
sanitizers.py
2.51 KB
Del
OK
schedule.py
71.81 KB
Del
OK
schema.py
54.26 KB
Del
OK
sdb.py
4.04 KB
Del
OK
slack.py
3.58 KB
Del
OK
smb.py
11.16 KB
Del
OK
smtp.py
3.27 KB
Del
OK
ssdp.py
14.75 KB
Del
OK
ssh.py
769 B
Del
OK
state.py
8.43 KB
Del
OK
stringio.py
355 B
Del
OK
stringutils.py
16.95 KB
Del
OK
systemd.py
5.51 KB
Del
OK
templates.py
24.03 KB
Del
OK
textformat.py
5.03 KB
Del
OK
thin.py
31.91 KB
Del
OK
timed_subprocess.py
4.06 KB
Del
OK
timeout.py
1.53 KB
Del
OK
timeutil.py
2.4 KB
Del
OK
url.py
5 KB
Del
OK
user.py
11.86 KB
Del
OK
validate
-
Del
OK
value.py
247 B
Del
OK
vault.py
21.74 KB
Del
OK
verify.py
25.34 KB
Del
OK
versions.py
17.17 KB
Del
OK
virt.py
3.24 KB
Del
OK
virtualbox.py
22.43 KB
Del
OK
vmware.py
129.74 KB
Del
OK
vsan.py
17.18 KB
Del
OK
vt.py
31.47 KB
Del
OK
vt_helper.py
4.4 KB
Del
OK
win_chcp.py
3.7 KB
Del
OK
win_dacl.py
95.49 KB
Del
OK
win_dotnet.py
4.74 KB
Del
OK
win_functions.py
12.69 KB
Del
OK
win_lgpo_auditpol.py
8.48 KB
Del
OK
win_lgpo_netsh.py
17.87 KB
Del
OK
win_lgpo_reg.py
16.98 KB
Del
OK
win_network.py
16.35 KB
Del
OK
win_osinfo.py
2.83 KB
Del
OK
win_pdh.py
13.85 KB
Del
OK
win_reg.py
30.82 KB
Del
OK
win_runas.py
10.53 KB
Del
OK
win_service.py
5.2 KB
Del
OK
win_system.py
14.47 KB
Del
OK
win_update.py
40.36 KB
Del
OK
winapi.py
818 B
Del
OK
x509.py
73.19 KB
Del
OK
xdg.py
316 B
Del
OK
xmlutil.py
13.91 KB
Del
OK
yaml.py
349 B
Del
OK
yamldumper.py
3.37 KB
Del
OK
yamlencoding.py
1.55 KB
Del
OK
yamllint.py
1.61 KB
Del
OK
yamlloader.py
6.04 KB
Del
OK
yamlloader_old.py
8.15 KB
Del
OK
yast.py
619 B
Del
OK
zeromq.py
1.74 KB
Del
OK
zfs.py
19.15 KB
Del
OK
Edit: nacl.py
""" Common code shared between the nacl module and runner. """ import base64 import os import salt.syspaths import salt.utils.files import salt.utils.platform import salt.utils.stringutils import salt.utils.versions import salt.utils.win_dacl import salt.utils.win_functions REQ_ERROR = None try: import nacl.public import nacl.secret except (ImportError, OSError) as e: REQ_ERROR = ( "PyNaCl import error, perhaps missing python PyNaCl package or should update." ) __virtualname__ = "nacl" def __virtual__(): if __opts__["fips_mode"] is True: return False, "nacl utils not available in FIPS mode" return check_requirements() def check_requirements(): """ Check required libraries are available """ return (REQ_ERROR is None, REQ_ERROR) def _get_config(**kwargs): """ Return configuration """ sk_file = kwargs.get("sk_file") if not sk_file: sk_file = os.path.join(kwargs["opts"].get("pki_dir"), "master/nacl") pk_file = kwargs.get("pk_file") if not pk_file: pk_file = os.path.join(kwargs["opts"].get("pki_dir"), "master/nacl.pub") config = { "box_type": kwargs.get("box_type", "sealedbox"), "sk": None, "sk_file": sk_file, "pk": None, "pk_file": pk_file, } config_key = "{}.config".format(__virtualname__) try: config.update(__salt__["config.get"](config_key, {})) except (NameError, KeyError) as e: # likely using salt-run so fallback to __opts__ config.update(kwargs["opts"].get(config_key, {})) # pylint: disable=C0201 for k in set(config.keys()) & set(kwargs.keys()): config[k] = kwargs[k] return config def _get_sk(**kwargs): """ Return sk """ config = _get_config(**kwargs) key = None if config["sk"]: key = salt.utils.stringutils.to_str(config["sk"]) sk_file = config["sk_file"] if not key and sk_file: try: with salt.utils.files.fopen(sk_file, "rb") as keyf: key = salt.utils.stringutils.to_unicode(keyf.read()).rstrip("\n") except OSError: raise Exception("no key or sk_file found") return base64.b64decode(key) def _get_pk(**kwargs): """ Return pk """ config = _get_config(**kwargs) pubkey = None if config["pk"]: pubkey = salt.utils.stringutils.to_str(config["pk"]) pk_file = config["pk_file"] if not pubkey and pk_file: try: with salt.utils.files.fopen(pk_file, "rb") as keyf: pubkey = salt.utils.stringutils.to_unicode(keyf.read()).rstrip("\n") except OSError: raise Exception("no pubkey or pk_file found") pubkey = str(pubkey) return base64.b64decode(pubkey) def keygen(sk_file=None, pk_file=None, **kwargs): """ Use PyNaCl to generate a keypair. If no `sk_file` is defined return a keypair. If only the `sk_file` is defined `pk_file` will use the same name with a postfix `.pub`. When the `sk_file` is already existing, but `pk_file` is not. The `pk_file` will be generated using the `sk_file`. CLI Examples: .. code-block:: bash salt-call nacl.keygen salt-call nacl.keygen sk_file=/etc/salt/pki/master/nacl salt-call nacl.keygen sk_file=/etc/salt/pki/master/nacl pk_file=/etc/salt/pki/master/nacl.pub salt-call --local nacl.keygen sk_file Path to where there secret key exists. The argrument ``keyfile`` was deprecated in favor of ``sk_file``. ``keyfile`` will continue to work to ensure backwards compatbility, but please use the preferred ``sk_file``. """ if "keyfile" in kwargs: sk_file = kwargs["keyfile"] if sk_file is None: kp = nacl.public.PrivateKey.generate() return { "sk": base64.b64encode(kp.encode()), "pk": base64.b64encode(kp.public_key.encode()), } if pk_file is None: pk_file = "{}.pub".format(sk_file) if sk_file and pk_file is None: if not os.path.isfile(sk_file): kp = nacl.public.PrivateKey.generate() with salt.utils.files.fopen(sk_file, "wb") as keyf: keyf.write(base64.b64encode(kp.encode())) if salt.utils.platform.is_windows(): cur_user = salt.utils.win_functions.get_current_user() salt.utils.win_dacl.set_owner(sk_file, cur_user) salt.utils.win_dacl.set_permissions( sk_file, cur_user, "full_control", "grant", reset_perms=True, protected=True, ) else: # chmod 0600 file os.chmod(sk_file, 1536) return "saved sk_file: {}".format(sk_file) else: raise Exception("sk_file:{} already exist.".format(sk_file)) if sk_file is None and pk_file: raise Exception("sk_file: Must be set inorder to generate a public key.") if os.path.isfile(sk_file) and os.path.isfile(pk_file): raise Exception( "sk_file:{} and pk_file:{} already exist.".format(sk_file, pk_file) ) if os.path.isfile(sk_file) and not os.path.isfile(pk_file): # generate pk using the sk with salt.utils.files.fopen(sk_file, "rb") as keyf: sk = salt.utils.stringutils.to_unicode(keyf.read()).rstrip("\n") sk = base64.b64decode(sk) kp = nacl.public.PublicKey(sk) with salt.utils.files.fopen(pk_file, "wb") as keyf: keyf.write(base64.b64encode(kp.encode())) return "saved pk_file: {}".format(pk_file) kp = nacl.public.PublicKey.generate() with salt.utils.files.fopen(sk_file, "wb") as keyf: keyf.write(base64.b64encode(kp.encode())) if salt.utils.platform.is_windows(): cur_user = salt.utils.win_functions.get_current_user() salt.utils.win_dacl.set_owner(sk_file, cur_user) salt.utils.win_dacl.set_permissions( sk_file, cur_user, "full_control", "grant", reset_perms=True, protected=True ) else: # chmod 0600 file os.chmod(sk_file, 1536) with salt.utils.files.fopen(pk_file, "wb") as keyf: keyf.write(base64.b64encode(kp.encode())) return "saved sk_file:{} pk_file: {}".format(sk_file, pk_file) def enc(data, **kwargs): """ Alias to `{box_type}_encrypt` box_type: secretbox, sealedbox(default) sk_file Path to where there secret key exists. The argrument ``keyfile`` was deprecated in favor of ``sk_file``. ``keyfile`` will continue to work to ensure backwards compatbility, but please use the preferred ``sk_file``. sk Secret key contents. The argument ``key`` was deprecated in favor of ``sk``. ``key`` will continue to work to ensure backwards compatibility, but please use the preferred ``sk``. """ if "keyfile" in kwargs: kwargs["sk_file"] = kwargs["keyfile"] # set boxtype to `secretbox` to maintain backward compatibility kwargs["box_type"] = "secretbox" if "key" in kwargs: kwargs["sk"] = kwargs["key"] # set boxtype to `secretbox` to maintain backward compatibility kwargs["box_type"] = "secretbox" box_type = _get_config(**kwargs)["box_type"] if box_type == "secretbox": return secretbox_encrypt(data, **kwargs) return sealedbox_encrypt(data, **kwargs) def enc_file(name, out=None, **kwargs): """ This is a helper function to encrypt a file and return its contents. You can provide an optional output file using `out` `name` can be a local file or when not using `salt-run` can be a url like `salt://`, `https://` etc. CLI Examples: .. code-block:: bash salt-run nacl.enc_file name=/tmp/id_rsa salt-call nacl.enc_file name=salt://crt/mycert out=/tmp/cert salt-run nacl.enc_file name=/tmp/id_rsa box_type=secretbox \ sk_file=/etc/salt/pki/master/nacl.pub """ try: data = __salt__["cp.get_file_str"](name) except Exception as e: # pylint: disable=broad-except # likly using salt-run so fallback to local filesystem with salt.utils.files.fopen(name, "rb") as f: data = salt.utils.stringutils.to_unicode(f.read()) d = enc(data, **kwargs) if out: if os.path.isfile(out): raise Exception("file:{} already exist.".format(out)) with salt.utils.files.fopen(out, "wb") as f: f.write(salt.utils.stringutils.to_bytes(d)) return "Wrote: {}".format(out) return d def dec(data, **kwargs): """ Alias to `{box_type}_decrypt` box_type: secretbox, sealedbox(default) sk_file Path to where there secret key exists. The argrument ``keyfile`` was deprecated in favor of ``sk_file``. ``keyfile`` will continue to work to ensure backwards compatbility, but please use the preferred ``sk_file``. sk Secret key contents. The argument ``key`` was deprecated in favor of ``sk``. ``key`` will continue to work to ensure backwards compatibility, but please use the preferred ``sk``. """ if "keyfile" in kwargs: kwargs["sk_file"] = kwargs["keyfile"] # set boxtype to `secretbox` to maintain backward compatibility kwargs["box_type"] = "secretbox" if "key" in kwargs: kwargs["sk"] = kwargs["key"] # set boxtype to `secretbox` to maintain backward compatibility kwargs["box_type"] = "secretbox" box_type = _get_config(**kwargs)["box_type"] if box_type == "secretbox": return secretbox_decrypt(data, **kwargs) return sealedbox_decrypt(data, **kwargs) def dec_file(name, out=None, **kwargs): """ This is a helper function to decrypt a file and return its contents. You can provide an optional output file using `out` `name` can be a local file or when not using `salt-run` can be a url like `salt://`, `https://` etc. CLI Examples: .. code-block:: bash salt-run nacl.dec_file name=/tmp/id_rsa.nacl salt-call nacl.dec_file name=salt://crt/mycert.nacl out=/tmp/id_rsa salt-run nacl.dec_file name=/tmp/id_rsa.nacl box_type=secretbox \ sk_file=/etc/salt/pki/master/nacl.pub """ try: data = __salt__["cp.get_file_str"](name) except Exception as e: # pylint: disable=broad-except # likly using salt-run so fallback to local filesystem with salt.utils.files.fopen(name, "rb") as f: data = salt.utils.stringutils.to_unicode(f.read()) d = dec(data, **kwargs) if out: if os.path.isfile(out): raise Exception("file:{} already exist.".format(out)) with salt.utils.files.fopen(out, "wb") as f: f.write(salt.utils.stringutils.to_bytes(d)) return "Wrote: {}".format(out) return d def sealedbox_encrypt(data, **kwargs): """ Encrypt data using a public key generated from `nacl.keygen`. The encryptd data can be decrypted using `nacl.sealedbox_decrypt` only with the secret key. CLI Examples: .. code-block:: bash salt-run nacl.sealedbox_encrypt datatoenc salt-call --local nacl.sealedbox_encrypt datatoenc pk_file=/etc/salt/pki/master/nacl.pub salt-call --local nacl.sealedbox_encrypt datatoenc pk='vrwQF7cNiNAVQVAiS3bvcbJUnF0cN6fU9YTZD9mBfzQ=' """ # ensure data is in bytes data = salt.utils.stringutils.to_bytes(data) pk = _get_pk(**kwargs) keypair = nacl.public.PublicKey(pk) b = nacl.public.SealedBox(keypair) return base64.b64encode(b.encrypt(data)) def sealedbox_decrypt(data, **kwargs): """ Decrypt data using a secret key that was encrypted using a public key with `nacl.sealedbox_encrypt`. CLI Examples: .. code-block:: bash salt-call nacl.sealedbox_decrypt pEXHQM6cuaF7A= salt-call --local nacl.sealedbox_decrypt data='pEXHQM6cuaF7A=' sk_file=/etc/salt/pki/master/nacl salt-call --local nacl.sealedbox_decrypt data='pEXHQM6cuaF7A=' sk='YmFkcGFzcwo=' """ if data is None: return None # ensure data is in bytes data = salt.utils.stringutils.to_bytes(data) sk = _get_sk(**kwargs) keypair = nacl.public.PrivateKey(sk) b = nacl.public.SealedBox(keypair) return b.decrypt(base64.b64decode(data)) def secretbox_encrypt(data, **kwargs): """ Encrypt data using a secret key generated from `nacl.keygen`. The same secret key can be used to decrypt the data using `nacl.secretbox_decrypt`. CLI Examples: .. code-block:: bash salt-run nacl.secretbox_encrypt datatoenc salt-call --local nacl.secretbox_encrypt datatoenc sk_file=/etc/salt/pki/master/nacl salt-call --local nacl.secretbox_encrypt datatoenc sk='YmFkcGFzcwo=' """ # ensure data is in bytes data = salt.utils.stringutils.to_bytes(data) sk = _get_sk(**kwargs) b = nacl.secret.SecretBox(sk) return base64.b64encode(b.encrypt(data)) def secretbox_decrypt(data, **kwargs): """ Decrypt data that was encrypted using `nacl.secretbox_encrypt` using the secret key that was generated from `nacl.keygen`. CLI Examples: .. code-block:: bash salt-call nacl.secretbox_decrypt pEXHQM6cuaF7A= salt-call --local nacl.secretbox_decrypt data='pEXHQM6cuaF7A=' sk_file=/etc/salt/pki/master/nacl salt-call --local nacl.secretbox_decrypt data='pEXHQM6cuaF7A=' sk='YmFkcGFzcwo=' """ if data is None: return None # ensure data is in bytes data = salt.utils.stringutils.to_bytes(data) key = _get_sk(**kwargs) b = nacl.secret.SecretBox(key=key) return b.decrypt(base64.b64decode(data))
Save