saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

note permission errors for /dev/stdin and possibility of using "-" for stdin

Browse source
This commit is contained in:
merlinz01 2024-04-24 13:57:29 -04:00 committed by GitHub
parent f310d513df
commit 6a788482cf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
salt/states/cmd.py
View file

@ -248,10 +248,18 @@ in combination with the slots feature. Example:
.. code-block:: yaml
my-command --read-password-from-stdin:
my-command --read-secret-from-stdin:
cmd.run:
- stdin: __slot__:salt:pillar.get(example:secret)
Some commands read from stdin when "-" is passed as an input file:
.. code-block:: yaml
gcc - -x c -o ./myprogram:
cmd.run:
- stdin: __slot__:salt:pillar.get(example:my_super_secret_c_code)
If your command can read from a file and is running on a Unix-ish system,
pass /dev/stdin as the file and feed the data to stdin. Example:
@ -260,6 +268,10 @@ pass /dev/stdin as the file and feed the data to stdin. Example:
step ca certificate server.example.com cert.pem key.pem --provisioner JWK --provisioner-password-file /dev/stdin:
cmd.run:
- stdin: __slot__:salt:pillar.get(server:provisioner_password)
- unless: step certificate needs-renewal cert.pem 2>&1 | grep "certificate does not need renewal"
Note: The use of the runas option or sudo will cause permission errors when reading /dev/stdin.
If you need to run as a specific user the command will have to read from the usual internal stdin file descriptor.
The use of the slots feature keeps minions who can render the state file from stealing the password.
"""