Merge pull request #38627 from cachedout/pr-38476

Pr 38476

salt/key.py

@@ -338,11 +338,11 @@ class MultiKeyCLI(KeyCLI):
     def print_all(self):
         self._call_all('print_all')
 
-    def finger(self, match):
-        self._call_all('finger', match)
+    def finger(self, match, hash_type):
+        self._call_all('finger', match, hash_type)
 
-    def finger_all(self):
-        self._call_all('finger_all')
+    def finger_all(self, hash_type):
+        self._call_all('finger_all', hash_type)
 
     def prep_signature(self):
         self._call_all('prep_signature')
@@ -897,10 +897,13 @@ class Key(object):
             salt.crypt.dropfile(self.opts['cachedir'], self.opts['user'])
         return self.list_keys()
 
-    def finger(self, match):
+    def finger(self, match, hash_type=None):
         '''
         Return the fingerprint for a specified key
         '''
+        if hash_type is None:
+            hash_type = __opts__['hash_type']
+
         matches = self.name_match(match, True)
         ret = {}
         for status, keys in six.iteritems(matches):
@@ -910,13 +913,16 @@ class Key(object):
                     path = os.path.join(self.opts['pki_dir'], key)
                 else:
                     path = os.path.join(self.opts['pki_dir'], status, key)
-                ret[status][key] = salt.utils.pem_finger(path, sum_type=self.opts['hash_type'])
+                ret[status][key] = salt.utils.pem_finger(path, sum_type=hash_type)
         return ret
 
-    def finger_all(self):
+    def finger_all(self, hash_type=None):
         '''
         Return fingerprints for all keys
         '''
+        if hash_type is None:
+            hash_type = __opts__['hash_type']
+
         ret = {}
         for status, keys in six.iteritems(self.all_keys()):
             ret[status] = {}
@@ -925,7 +931,7 @@ class Key(object):
                     path = os.path.join(self.opts['pki_dir'], key)
                 else:
                     path = os.path.join(self.opts['pki_dir'], status, key)
-                ret[status][key] = salt.utils.pem_finger(path, sum_type=self.opts['hash_type'])
+                ret[status][key] = salt.utils.pem_finger(path, sum_type=hash_type)
         return ret
 
 
@@ -1322,10 +1328,13 @@ class RaetKey(Key):
         self.check_minion_cache()
         return self.list_keys()
 
-    def finger(self, match):
+    def finger(self, match, hash_type=None):
         '''
         Return the fingerprint for a specified key
         '''
+        if hash_type is None:
+            hash_type = __opts__['hash_type']
+
         matches = self.name_match(match, True)
         ret = {}
         for status, keys in six.iteritems(matches):
@@ -1338,10 +1347,13 @@ class RaetKey(Key):
                 ret[status][key] = self._get_key_finger(path)
         return ret
 
-    def finger_all(self):
+    def finger_all(self, hash_type=None):
         '''
         Return fingerprints for all keys
         '''
+        if hash_type is None:
+            hash_type = __opts__['hash_type']
+
         ret = {}
         for status, keys in six.iteritems(self.list_keys()):
             ret[status] = {}

salt/modules/key.py

@@ -11,31 +11,43 @@ import os
 import salt.utils
 
 
-def finger():
+def finger(hash_type=None):
     '''
     Return the minion's public key fingerprint
 
+    hash_type
+        The hash algorithm used to calculate the fingerprint
+
     CLI Example:
 
     .. code-block:: bash
 
         salt '*' key.finger
     '''
-    # MD5 here is temporary. Change to SHA256 when retired.
-    return salt.utils.pem_finger(os.path.join(__opts__['pki_dir'], 'minion.pub'),
-                                 sum_type=__opts__.get('hash_type', 'md5'))
+    if hash_type is None:
+        hash_type = __opts__['hash_type']
+
+    return salt.utils.pem_finger(
+        os.path.join(__opts__['pki_dir'], 'minion.pub'),
+        sum_type=hash_type)
 
 
-def finger_master():
+def finger_master(hash_type=None):
     '''
     Return the fingerprint of the master's public key on the minion.
 
+    hash_type
+        The hash algorithm used to calculate the fingerprint
+
     CLI Example:
 
     .. code-block:: bash
 
         salt '*' key.finger_master
     '''
-    # MD5 here is temporary. Change to SHA256 when retired.
-    return salt.utils.pem_finger(os.path.join(__opts__['pki_dir'], 'minion_master.pub'),
-                                 sum_type=__opts__.get('hash_type', 'md5'))
+    if hash_type is None:
+        hash_type = __opts__['hash_type']
+
+    return salt.utils.pem_finger(
+        os.path.join(__opts__['pki_dir'], 'minion_master.pub'),
+        sum_type=hash_type)

salt/wheel/key.py

@@ -274,21 +274,48 @@ def key_str(match):
     return skey.key_str(match)
 
 
-def finger(match):
+def finger(match, hash_type=None):
     '''
     Return the matching key fingerprints. Returns a dictionary.
 
     match
         The key for with to retrieve the fingerprint.
 
+    hash_type
+        The hash algorithm used to calculate the fingerprint
+
     .. code-block:: python
 
         >>> wheel.cmd('key.finger', ['minion1'])
         {'minions': {'minion1': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
 
     '''
+    if hash_type is None:
+        hash_type = __opts__['hash_type']
+
     skey = get_key(__opts__)
-    return skey.finger(match)
+    return skey.finger(match, hash_type)
+
+
+def finger_master(hash_type=None):
+    '''
+    Return the fingerprint of the master's public key
+
+    hash_type
+        The hash algorithm used to calculate the fingerprint
+
+    .. code-block:: python
+
+        >>> wheel.cmd('key.finger_master')
+        {'local': {'master.pub': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
+    '''
+    keyname = 'master.pub'
+    if hash_type is None:
+        hash_type = __opts__['hash_type']
+
+    fingerprint = salt.utils.pem_finger(
+        os.path.join(__opts__['pki_dir'], keyname), sum_type=hash_type)
+    return {'local': {keyname: fingerprint}}
 
 
 def gen(id_=None, keysize=2048):