saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Adding deprecation decorator to the vault modules for 3009.

Browse source
This commit is contained in:
Gareth J. Greenaway 2023-08-01 09:17:29 -07:00 committed by Megan Wilhite
parent 3880dae74f
commit 5edd1b0cf1
3 changed files with 36 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
salt/modules/vault.py
View file

@ -220,6 +220,12 @@ from salt.exceptions import CommandExecutionError
log = logging.getLogger(__name__)
__deprecated__ = (
3009,
"vault",
"https://github.com/saltstack/saltext-vault",
)
def read_secret(path, key=None, metadata=False, default=NOT_SET):
"""
@ -256,7 +262,7 @@ def read_secret(path, key=None, metadata=False, default=NOT_SET):
path = version2["data"]
log.debug("Reading Vault secret for %s at %s", __grains__["id"], path)
try:
url = "v1/{}".format(path)
url = f"v1/{path}"
response = __utils__["vault.make_request"]("GET", url)
if response.status_code != 200:
response.raise_for_status()
@ -277,7 +283,7 @@ def read_secret(path, key=None, metadata=False, default=NOT_SET):
except Exception as err: # pylint: disable=broad-except
if default is CommandExecutionError:
raise CommandExecutionError(
"Failed to read secret! {}: {}".format(type(err).__name__, err)
f"Failed to read secret! {type(err).__name__}: {err}"
)
return default
@ -299,7 +305,7 @@ def write_secret(path, **kwargs):
path = version2["data"]
data = {"data": data}
try:
url = "v1/{}".format(path)
url = f"v1/{path}"
response = __utils__["vault.make_request"]("POST", url, json=data)
if response.status_code == 200:
return response.json()["data"]
@ -327,7 +333,7 @@ def write_raw(path, raw):
path = version2["data"]
raw = {"data": raw}
try:
url = "v1/{}".format(path)
url = f"v1/{path}"
response = __utils__["vault.make_request"]("POST", url, json=raw)
if response.status_code == 200:
return response.json()["data"]
@ -354,7 +360,7 @@ def delete_secret(path):
if version2["v2"]:
path = version2["data"]
try:
url = "v1/{}".format(path)
url = f"v1/{path}"
response = __utils__["vault.make_request"]("DELETE", url)
if response.status_code != 204:
response.raise_for_status()
@ -386,7 +392,7 @@ def destroy_secret(path, *args):
log.error("Destroy operation is only supported on KV version 2")
return False
try:
url = "v1/{}".format(path)
url = f"v1/{path}"
response = __utils__["vault.make_request"]("POST", url, json=data)
if response.status_code != 204:
response.raise_for_status()
@ -419,7 +425,7 @@ def list_secrets(path, default=NOT_SET):
if version2["v2"]:
path = version2["metadata"]
try:
url = "v1/{}".format(path)
url = f"v1/{path}"
response = __utils__["vault.make_request"]("LIST", url)
if response.status_code != 200:
response.raise_for_status()
@ -427,7 +433,7 @@ def list_secrets(path, default=NOT_SET):
except Exception as err: # pylint: disable=broad-except
if default is CommandExecutionError:
raise CommandExecutionError(
"Failed to list secrets! {}: {}".format(type(err).__name__, err)
f"Failed to list secrets! {type(err).__name__}: {err}"
)
return default

14
salt/runners/vault.py
View file

@ -25,6 +25,12 @@ from salt.exceptions import SaltRunnerError
log = logging.getLogger(__name__)
__deprecated__ = (
3009,
"vault",
"https://github.com/saltstack/saltext-vault",
)
def generate_token(
minion_id, signature, impersonated_by_master=False, ttl=None, uses=None
@ -214,15 +220,15 @@ def _validate_signature(minion_id, signature, impersonated_by_master):
"""
pki_dir = __opts__["pki_dir"]
if impersonated_by_master:
public_key = "{}/master.pub".format(pki_dir)
public_key = f"{pki_dir}/master.pub"
else:
public_key = "{}/minions/{}".format(pki_dir, minion_id)
public_key = f"{pki_dir}/minions/{minion_id}"
log.trace("Validating signature for %s", minion_id)
signature = base64.b64decode(signature)
if not salt.crypt.verify_signature(public_key, minion_id, signature):
raise salt.exceptions.AuthenticationError(
"Could not validate token request from {}".format(minion_id)
f"Could not validate token request from {minion_id}"
)
log.trace("Signature ok")
@ -352,7 +358,7 @@ def _selftoken_expired():
return False
except Exception as e: # pylint: disable=broad-except
raise salt.exceptions.CommandExecutionError(
"Error while looking up self token : {}".format(str(e))
f"Error while looking up self token : {str(e)}"
)

18
salt/states/vault.py
View file

@ -15,6 +15,12 @@ import logging
log = logging.getLogger(__name__)
__deprecated__ = (
3009,
"vault",
"https://github.com/saltstack/saltext-vault",
)
def policy_present(name, rules):
"""
@ -41,7 +47,7 @@ def policy_present(name, rules):
}
"""
url = "v1/sys/policy/{}".format(name)
url = f"v1/sys/policy/{name}"
response = __utils__["vault.make_request"]("GET", url)
try:
if response.status_code == 200:
@ -55,7 +61,7 @@ def policy_present(name, rules):
"name": name,
"changes": {},
"result": False,
"comment": "Failed to get policy: {}".format(e),
"comment": f"Failed to get policy: {e}",
}
@ -69,14 +75,14 @@ def _create_new_policy(name, rules):
}
payload = {"rules": rules}
url = "v1/sys/policy/{}".format(name)
url = f"v1/sys/policy/{name}"
response = __utils__["vault.make_request"]("PUT", url, json=payload)
if response.status_code not in [200, 204]:
return {
"name": name,
"changes": {},
"result": False,
"comment": "Failed to create policy: {}".format(response.reason),
"comment": f"Failed to create policy: {response.reason}",
}
return {
@ -108,14 +114,14 @@ def _handle_existing_policy(name, new_rules, existing_rules):
payload = {"rules": new_rules}
url = "v1/sys/policy/{}".format(name)
url = f"v1/sys/policy/{name}"
response = __utils__["vault.make_request"]("PUT", url, json=payload)
if response.status_code not in [200, 204]:
return {
"name": name,
"changes": {},
"result": False,
"comment": "Failed to change policy: {}".format(response.reason),
"comment": f"Failed to change policy: {response.reason}",
}
ret["result"] = True