mirror of
https://github.com/saltstack/salt.git
synced 2025-04-17 10:10:20 +00:00
consul_pillar support for limiting pillar exposure via minion targeting
This commit is contained in:
Robin Björklin
parent
186b3c7959
commit
7440582ce8
1 changed files with 41 additions and 11 deletions
|
|
@ -109,6 +109,16 @@ If using the ``role`` or ``environment`` grain in the consul key path, be sure t
|
|||
role: my-minion-role
|
||||
environment: dev
|
||||
|
||||
It's possible to lock down where the pillar values are shared through minion
|
||||
targeting. Note that double quotes ``"`` are required around the target value
|
||||
and cannot be used inside the matching statement. See the section on Compound
|
||||
Matchers for more examples.
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
ext_pillar:
|
||||
- consul: my_consul_config root=salt target="L@salt.example.com and G@osarch:x86_64"
|
||||
|
||||
'''
|
||||
from __future__ import absolute_import
|
||||
|
||||
|
|
@ -116,6 +126,7 @@ from __future__ import absolute_import
|
|||
import logging
|
||||
import re
|
||||
import yaml
|
||||
import salt.utils.minions
|
||||
|
||||
from salt.exceptions import CommandExecutionError
|
||||
from salt.utils.dictupdate import update as dict_merge
|
||||
|
|
@ -147,30 +158,49 @@ def ext_pillar(minion_id,
|
|||
'''
|
||||
Check consul for all data
|
||||
'''
|
||||
comps = conf.split()
|
||||
opts = {}
|
||||
temp = conf
|
||||
target_re = re.compile('target="(.*?)"')
|
||||
match = target_re.search(temp)
|
||||
if match:
|
||||
opts['target'] = match.group(1)
|
||||
temp = temp.strip(match.group(0))
|
||||
checker = salt.utils.minions.CkMinions(__opts__)
|
||||
minions = checker.check_minions(opts['target'], 'compound')
|
||||
if minion_id not in minions:
|
||||
return {}
|
||||
|
||||
profile = None
|
||||
if comps[0]:
|
||||
profile = comps[0]
|
||||
client = get_conn(__opts__, profile)
|
||||
root_re = re.compile('root=(\S*)')
|
||||
match = root_re.search(temp)
|
||||
if match:
|
||||
opts['root'] = match.group(1)
|
||||
temp = temp.strip(match.group(0))
|
||||
else:
|
||||
opts['root'] = ""
|
||||
|
||||
path = ''
|
||||
if len(comps) > 1 and comps[1].startswith('root='):
|
||||
path = comps[1].replace('root=', '')
|
||||
profile_re = re.compile('(?:profile=)?(\S+)')
|
||||
match = profile_re.search(temp)
|
||||
if match:
|
||||
opts['profile'] = match.group(1)
|
||||
temp = temp.strip(match.group(0))
|
||||
else:
|
||||
opts['profile'] = None
|
||||
|
||||
client = get_conn(__opts__, opts['profile'])
|
||||
|
||||
role = __salt__['grains.get']('role')
|
||||
environment = __salt__['grains.get']('environment')
|
||||
# put the minion's ID in the path if necessary
|
||||
path %= {
|
||||
opts['root'] %= {
|
||||
'minion_id': minion_id,
|
||||
'role': role,
|
||||
'environment': environment
|
||||
}
|
||||
|
||||
try:
|
||||
pillar = fetch_tree(client, path)
|
||||
pillar = fetch_tree(client, opts['root'])
|
||||
except KeyError:
|
||||
log.error('No such key in consul profile %s: %s', profile, path)
|
||||
log.error('No such key in consul profile %s: %s', opts['profile'], opts['root'])
|
||||
pillar = {}
|
||||
|
||||
return pillar
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue