From a74b74a640da563618783f309fe1eef391a98f41 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Fri, 29 Jan 2021 14:30:27 -0700 Subject: [PATCH] Fix for some cves bsc1181550 CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3197 --- salt/auth/__init__.py | 1 + salt/client/mixins.py | 71 ++-- salt/client/ssh/client.py | 46 +++ salt/cloud/clouds/qingcloud.py | 57 +-- salt/cloud/clouds/vmware.py | 158 ++++---- salt/config/schemas/vcenter.py | 8 +- salt/master.py | 2 +- salt/modules/bigip.py | 25 +- salt/modules/cmdmod.py | 29 +- salt/modules/glassfish.py | 32 +- salt/modules/keystone.py | 148 ++++---- salt/modules/restartcheck.py | 4 +- salt/modules/vsphere.py | 660 ++++++++++++++++++++++++++++----- salt/modules/zenoss.py | 26 +- salt/pillar/vmware_pillar.py | 26 +- salt/proxy/cimc.py | 31 +- salt/proxy/panos.py | 28 +- salt/proxy/vcenter.py | 6 +- salt/returners/splunk.py | 34 +- salt/runners/asam.py | 19 +- salt/states/esxi.py | 228 ++++++------ salt/utils/http.py | 20 + salt/utils/thin.py | 4 +- salt/utils/vmware.py | 128 ++++--- salt/wheel/__init__.py | 12 +- salt/wheel/pillar_roots.py | 21 +- 26 files changed, 1201 insertions(+), 623 deletions(-) diff --git a/salt/auth/__init__.py b/salt/auth/__init__.py index 22c54e8048..56f8bd57c8 100644 --- a/salt/auth/__init__.py +++ b/salt/auth/__init__.py @@ -270,6 +270,7 @@ class LoadAuth: if rm_tok: self.rm_token(tok) + return {} return tdata diff --git a/salt/client/mixins.py b/salt/client/mixins.py index b33ee54f27..6f408adbba 100644 --- a/salt/client/mixins.py +++ b/salt/client/mixins.py @@ -1,10 +1,7 @@ -# coding: utf-8 """ A collection of mixins useful for the various *Client interfaces """ -# Import Python libs -from __future__ import absolute_import, print_function, unicode_literals, with_statement import copy as pycopy import fnmatch @@ -14,10 +11,7 @@ import traceback import weakref from collections.abc import Mapping, MutableMapping -# Import Salt libs import salt.exceptions - -# Import 3rd-party libs import salt.ext.tornado.stack_context import salt.log.setup import salt.minion @@ -122,7 +116,7 @@ class ClientFuncsDict(MutableMapping): return iter(self.client.functions) -class SyncClientMixin(object): +class SyncClientMixin: """ A mixin for *Client interfaces to abstract common function execution """ @@ -182,7 +176,7 @@ class SyncClientMixin(object): ) if ret is None: raise salt.exceptions.SaltClientTimeout( - "RunnerClient job '{0}' timed out".format(job["jid"]), + "RunnerClient job '{}' timed out".format(job["jid"]), jid=job["jid"], ) @@ -281,7 +275,7 @@ class SyncClientMixin(object): return True try: - return self.opts["{0}_returns".format(class_name)] + return self.opts["{}_returns".format(class_name)] except KeyError: # No such option, assume this isn't one we care about gating and # just return True. @@ -308,7 +302,7 @@ class SyncClientMixin(object): tag = low.get("__tag__", salt.utils.event.tagify(jid, prefix=self.tag_prefix)) data = { - "fun": "{0}.{1}".format(self.client, fun), + "fun": "{}.{}".format(self.client, fun), "jid": jid, "user": low.get("__user__", "UNKNOWN"), } @@ -353,14 +347,14 @@ class SyncClientMixin(object): # namespace only once per module-- not per func completed_funcs = [] - for mod_name in six.iterkeys(self_functions): + for mod_name in self_functions.keys(): if "." not in mod_name: continue mod, _ = mod_name.split(".", 1) if mod in completed_funcs: continue completed_funcs.append(mod) - for global_key, value in six.iteritems(func_globals): + for global_key, value in func_globals.items(): self.functions[mod_name].__globals__[global_key] = value # There are some discrepancies of what a "low" structure is in the @@ -398,7 +392,7 @@ class SyncClientMixin(object): except TypeError as exc: data[ "return" - ] = "\nPassed invalid arguments: {0}\n\nUsage:\n{1}".format( + ] = "\nPassed invalid arguments: {}\n\nUsage:\n{}".format( exc, func.__doc__ ) try: @@ -413,9 +407,9 @@ class SyncClientMixin(object): ) except (Exception, SystemExit) as ex: # pylint: disable=broad-except if isinstance(ex, salt.exceptions.NotImplemented): - data["return"] = six.text_type(ex) + data["return"] = str(ex) else: - data["return"] = "Exception occurred in {0} {1}: {2}".format( + data["return"] = "Exception occurred in {} {}: {}".format( self.client, fun, traceback.format_exc(), ) data["success"] = False @@ -477,7 +471,7 @@ class SyncClientMixin(object): return salt.utils.doc.strip_rst(docs) -class AsyncClientMixin(object): +class AsyncClientMixin: """ A mixin for *Client interfaces to enable easy asynchronous function execution """ @@ -485,10 +479,34 @@ class AsyncClientMixin(object): client = None tag_prefix = None + def _proc_function_remote(self, fun, low, user, tag, jid, daemonize=True): + """ + Run this method in a multiprocess target to execute the function on the + master and fire the return data on the event bus + """ + if daemonize and not salt.utils.platform.is_windows(): + # Shutdown the multiprocessing before daemonizing + salt.log.setup.shutdown_multiprocessing_logging() + + salt.utils.process.daemonize() + + # Reconfigure multiprocessing logging after daemonizing + salt.log.setup.setup_multiprocessing_logging() + + # pack a few things into low + low["__jid__"] = jid + low["__user__"] = user + low["__tag__"] = tag + + try: + return self.cmd_sync(low) + except salt.exceptions.EauthAuthenticationError as exc: + log.error(exc) + def _proc_function(self, fun, low, user, tag, jid, daemonize=True): """ - Run this method in a multiprocess target to execute the function in a - multiprocess and fire the return data on the event bus + Run this method in a multiprocess target to execute the function + locally and fire the return data on the event bus """ if daemonize and not salt.utils.platform.is_windows(): # Shutdown the multiprocessing before daemonizing @@ -504,7 +522,7 @@ class AsyncClientMixin(object): low["__user__"] = user low["__tag__"] = tag - return self.low(fun, low, full_return=False) + return self.low(fun, low) def cmd_async(self, low): """ @@ -532,14 +550,18 @@ class AsyncClientMixin(object): tag = salt.utils.event.tagify(jid, prefix=self.tag_prefix) return {"tag": tag, "jid": jid} - def asynchronous(self, fun, low, user="UNKNOWN", pub=None): + def asynchronous(self, fun, low, user="UNKNOWN", pub=None, local=True): """ Execute the function in a multiprocess and return the event tag to use to watch for the return """ + if local: + proc_func = self._proc_function + else: + proc_func = self._proc_function_remote async_pub = pub if pub is not None else self._gen_async_pub() proc = salt.utils.process.SignalHandlingProcess( - target=self._proc_function, + target=proc_func, name="ProcessFunc", args=(fun, low, user, async_pub["tag"], async_pub["jid"]), ) @@ -577,9 +599,10 @@ class AsyncClientMixin(object): if suffix == "ret": # Check if outputter was passed in the return data. If this is the case, # then the return data will be a dict two keys: 'data' and 'outputter' - if isinstance(event.get("return"), dict) and set(event["return"]) == set( - ("data", "outputter") - ): + if isinstance(event.get("return"), dict) and set(event["return"]) == { + "data", + "outputter", + }: event_data = event["return"]["data"] outputter = event["return"]["outputter"] else: diff --git a/salt/client/ssh/client.py b/salt/client/ssh/client.py index d2dbdeb00e..2cf42f53e7 100644 --- a/salt/client/ssh/client.py +++ b/salt/client/ssh/client.py @@ -43,12 +43,58 @@ class SSHClient: # Salt API should never offer a custom roster! self.opts["__disable_custom_roster"] = disable_custom_roster + def sanitize_kwargs(self, kwargs): + roster_vals = [ + ("host", str), + ("ssh_user", str), + ("ssh_passwd", str), + ("ssh_port", int), + ("ssh_sudo", bool), + ("ssh_sudo_user", str), + ("ssh_priv", str), + ("ssh_priv_passwd", str), + ("ssh_identities_only", bool), + ("ssh_remote_port_forwards", str), + ("ssh_options", list), + ("roster_file", str), + ("rosters", list), + ("ignore_host_keys", bool), + ("raw_shell", bool), + ] + sane_kwargs = {} + for name, kind in roster_vals: + if name not in kwargs: + continue + try: + val = kind(kwargs[name]) + except ValueError: + log.warn("Unable to cast kwarg %s", name) + continue + if kind is bool or kind is int: + sane_kwargs[name] = val + elif kind is str: + if val.find("ProxyCommand") != -1: + log.warn("Filter unsafe value for kwarg %s", name) + continue + sane_kwargs[name] = val + elif kind is list: + sane_val = [] + for item in val: + # This assumes the values are strings + if item.find("ProxyCommand") != -1: + log.warn("Filter unsafe value for kwarg %s", name) + continue + sane_val.append(item) + sane_kwargs[name] = sane_val + return sane_kwargs + def _prep_ssh( self, tgt, fun, arg=(), timeout=None, tgt_type="glob", kwarg=None, **kwargs ): """ Prepare the arguments """ + kwargs = self.sanitize_kwargs(kwargs) opts = copy.deepcopy(self.opts) opts.update(kwargs) if timeout: diff --git a/salt/cloud/clouds/qingcloud.py b/salt/cloud/clouds/qingcloud.py index b388840dd5..f4632e167c 100644 --- a/salt/cloud/clouds/qingcloud.py +++ b/salt/cloud/clouds/qingcloud.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ QingCloud Cloud Module ====================== @@ -26,8 +25,6 @@ Set up the cloud configuration at ``/etc/salt/cloud.providers`` or :depends: requests """ -# Import python libs -from __future__ import absolute_import, print_function, unicode_literals import base64 import hmac @@ -46,13 +43,9 @@ from salt.exceptions import ( SaltCloudNotFound, SaltCloudSystemExit, ) - -# Import Salt Libs -from salt.ext import six from salt.ext.six.moves import range from salt.ext.six.moves.urllib.parse import quote as _quote -# Import Third Party Libs try: import requests @@ -110,12 +103,12 @@ def _compute_signature(parameters, access_key_secret, method, path): """ parameters["signature_method"] = "HmacSHA256" - string_to_sign = "{0}\n{1}\n".format(method.upper(), path) + string_to_sign = "{}\n{}\n".format(method.upper(), path) keys = sorted(parameters.keys()) pairs = [] for key in keys: - val = six.text_type(parameters[key]).encode("utf-8") + val = str(parameters[key]).encode("utf-8") pairs.append(_quote(key, safe="") + "=" + _quote(val, safe="-_~")) qs = "&".join(pairs) string_to_sign += qs @@ -141,6 +134,14 @@ def query(params=None): "secret_access_key", get_configured_provider(), __opts__, search_global=False ) + verify_ssl = config.get_cloud_config_value( + "verify_ssl", + get_configured_provider(), + __opts__, + default=True, + search_global=False, + ) + # public interface parameters real_parameters = { "access_key_id": access_key_id, @@ -158,9 +159,9 @@ def query(params=None): for sk, sv in value[i - 1].items(): if isinstance(sv, dict) or isinstance(sv, list): sv = salt.utils.json.dumps(sv, separators=(",", ":")) - real_parameters["{0}.{1}.{2}".format(key, i, sk)] = sv + real_parameters["{}.{}.{}".format(key, i, sk)] = sv else: - real_parameters["{0}.{1}".format(key, i)] = value[i - 1] + real_parameters["{}.{}".format(key, i)] = value[i - 1] else: real_parameters[key] = value @@ -171,15 +172,15 @@ def query(params=None): # print('parameters:') # pprint.pprint(real_parameters) - request = requests.get(path, params=real_parameters, verify=False) + request = requests.get(path, params=real_parameters, verify=verify_ssl) # print('url:') # print(request.url) if request.status_code != 200: raise SaltCloudSystemExit( - "An error occurred while querying QingCloud. HTTP Code: {0} " - "Error: '{1}'".format(request.status_code, request.text) + "An error occurred while querying QingCloud. HTTP Code: {} " + "Error: '{}'".format(request.status_code, request.text) ) log.debug(request.url) @@ -222,7 +223,7 @@ def avail_locations(call=None): for region in items["zone_set"]: result[region["zone_id"]] = {} for key in region: - result[region["zone_id"]][key] = six.text_type(region[key]) + result[region["zone_id"]][key] = str(region[key]) return result @@ -233,7 +234,7 @@ def _get_location(vm_=None): """ locations = avail_locations() - vm_location = six.text_type( + vm_location = str( config.get_cloud_config_value("zone", vm_, __opts__, search_global=False) ) @@ -244,7 +245,7 @@ def _get_location(vm_=None): return vm_location raise SaltCloudNotFound( - "The specified location, '{0}', could not be found.".format(vm_location) + "The specified location, '{}', could not be found.".format(vm_location) ) @@ -302,7 +303,7 @@ def _get_image(vm_): Return the VM's image. Used by create(). """ images = avail_images() - vm_image = six.text_type( + vm_image = str( config.get_cloud_config_value("image", vm_, __opts__, search_global=False) ) @@ -313,7 +314,7 @@ def _get_image(vm_): return vm_image raise SaltCloudNotFound( - "The specified image, '{0}', could not be found.".format(vm_image) + "The specified image, '{}', could not be found.".format(vm_image) ) @@ -424,7 +425,7 @@ def _get_size(vm_): """ sizes = avail_sizes() - vm_size = six.text_type( + vm_size = str( config.get_cloud_config_value("size", vm_, __opts__, search_global=False) ) @@ -435,7 +436,7 @@ def _get_size(vm_): return vm_size raise SaltCloudNotFound( - "The specified size, '{0}', could not be found.".format(vm_size) + "The specified size, '{}', could not be found.".format(vm_size) ) @@ -616,7 +617,7 @@ def show_instance(instance_id, call=None, kwargs=None): if items["total_count"] == 0: raise SaltCloudNotFound( - "The specified instance, '{0}', could not be found.".format(instance_id) + "The specified instance, '{}', could not be found.".format(instance_id) ) full_node = items["instance_set"][0] @@ -668,7 +669,7 @@ def create(vm_): __utils__["cloud.fire_event"]( "event", "starting create", - "salt/cloud/{0}/creating".format(vm_["name"]), + "salt/cloud/{}/creating".format(vm_["name"]), args=__utils__["cloud.filter_event"]( "creating", vm_, ["name", "profile", "provider", "driver"] ), @@ -693,7 +694,7 @@ def create(vm_): __utils__["cloud.fire_event"]( "event", "requesting instance", - "salt/cloud/{0}/requesting".format(vm_["name"]), + "salt/cloud/{}/requesting".format(vm_["name"]), args={ "kwargs": __utils__["cloud.filter_event"]( "requesting", params, list(params) @@ -724,7 +725,7 @@ def create(vm_): except SaltCloudSystemExit: pass finally: - raise SaltCloudSystemExit(six.text_type(exc)) + raise SaltCloudSystemExit(str(exc)) private_ip = data["private_ips"][0] @@ -742,7 +743,7 @@ def create(vm_): __utils__["cloud.fire_event"]( "event", "created instance", - "salt/cloud/{0}/created".format(vm_["name"]), + "salt/cloud/{}/created".format(vm_["name"]), args=__utils__["cloud.filter_event"]( "created", vm_, ["name", "profile", "provider", "driver"] ), @@ -868,7 +869,7 @@ def destroy(instance_id, call=None): __utils__["cloud.fire_event"]( "event", "destroying instance", - "salt/cloud/{0}/destroying".format(name), + "salt/cloud/{}/destroying".format(name), args={"name": name}, sock_dir=__opts__["sock_dir"], transport=__opts__["transport"], @@ -884,7 +885,7 @@ def destroy(instance_id, call=None): __utils__["cloud.fire_event"]( "event", "destroyed instance", - "salt/cloud/{0}/destroyed".format(name), + "salt/cloud/{}/destroyed".format(name), args={"name": name}, sock_dir=__opts__["sock_dir"], transport=__opts__["transport"], diff --git a/salt/cloud/clouds/vmware.py b/salt/cloud/clouds/vmware.py index edaca9618b..851579bf74 100644 --- a/salt/cloud/clouds/vmware.py +++ b/salt/cloud/clouds/vmware.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- # pylint: disable=C0302 """ VMware Cloud Module @@ -114,8 +113,6 @@ To test the connection for ``my-vmware-config`` specified in the cloud configuration, run :py:func:`test_vcenter_connection` """ -# Import python libs -from __future__ import absolute_import, print_function, unicode_literals import logging import os.path @@ -125,10 +122,7 @@ import subprocess import time from random import randint -# Import salt cloud libs import salt.config as config - -# Import salt libs import salt.utils.cloud import salt.utils.network import salt.utils.stringutils @@ -136,9 +130,6 @@ import salt.utils.vmware import salt.utils.xmlutil from salt.exceptions import SaltCloudSystemExit -# Import 3rd-party libs -from salt.ext import six - try: # Attempt to import pyVmomi libs from pyVmomi import vim # pylint: disable=no-name-in-module @@ -230,7 +221,7 @@ def _str_to_bool(var): if isinstance(var, bool): return var - if isinstance(var, six.string_types): + if isinstance(var, str): return True if var.lower() == "true" else False return None @@ -260,9 +251,15 @@ def _get_si(): port = config.get_cloud_config_value( "port", get_configured_provider(), __opts__, search_global=False, default=443 ) - + verify_ssl = config.get_cloud_config_value( + "verify_ssl", + get_configured_provider(), + __opts__, + search_global=False, + default=True, + ) return salt.utils.vmware.get_service_instance( - url, username, password, protocol=protocol, port=port + url, username, password, protocol=protocol, port=port, verify_ssl=verify_ssl ) @@ -299,7 +296,7 @@ def _add_new_hard_disk_helper( disk_spec.device.key = random_key disk_spec.device.deviceInfo = vim.Description() disk_spec.device.deviceInfo.label = disk_label - disk_spec.device.deviceInfo.summary = "{0} GB".format(size_gb) + disk_spec.device.deviceInfo.summary = "{} GB".format(size_gb) disk_spec.device.backing = vim.vm.device.VirtualDisk.FlatVer2BackingInfo() disk_spec.device.backing.thinProvisioned = thin_provision @@ -320,7 +317,7 @@ def _add_new_hard_disk_helper( if not datastore_cluster_ref: # datastore/datastore cluster specified does not exist raise SaltCloudSystemExit( - "Specified datastore/datastore cluster ({0}) for disk ({1}) does not exist".format( + "Specified datastore/datastore cluster ({}) for disk ({}) does not exist".format( datastore, disk_label ) ) @@ -351,12 +348,12 @@ def _add_new_hard_disk_helper( if not datastore_ref: # datastore cluster specified does not have any accessible datastores raise SaltCloudSystemExit( - "Specified datastore cluster ({0}) for disk ({1}) does not have any accessible datastores available".format( + "Specified datastore cluster ({}) for disk ({}) does not have any accessible datastores available".format( datastore, disk_label ) ) - datastore_path = "[" + six.text_type(datastore_ref.name) + "] " + vm_name + datastore_path = "[" + str(datastore_ref.name) + "] " + vm_name disk_spec.device.backing.fileName = datastore_path + "/" + disk_label + ".vmdk" disk_spec.device.backing.datastore = datastore_ref log.trace( @@ -429,11 +426,11 @@ def _edit_existing_network_adapter( else: # If switch type not specified or does not match, show error and return if not switch_type: - err_msg = "The switch type to be used by '{0}' has not been specified".format( + err_msg = "The switch type to be used by '{}' has not been specified".format( network_adapter.deviceInfo.label ) else: - err_msg = "Cannot create '{0}'. Invalid/unsupported switch type '{1}'".format( + err_msg = "Cannot create '{}'. Invalid/unsupported switch type '{}'".format( network_adapter.deviceInfo.label, switch_type ) raise SaltCloudSystemExit(err_msg) @@ -516,11 +513,11 @@ def _add_new_network_adapter_helper( else: # If switch type not specified or does not match, show error and return if not switch_type: - err_msg = "The switch type to be used by '{0}' has not been specified".format( + err_msg = "The switch type to be used by '{}' has not been specified".format( network_adapter_label ) else: - err_msg = "Cannot create '{0}'. Invalid/unsupported switch type '{1}'".format( + err_msg = "Cannot create '{}'. Invalid/unsupported switch type '{}'".format( network_adapter_label, switch_type ) raise SaltCloudSystemExit(err_msg) @@ -572,11 +569,11 @@ def _add_new_scsi_controller_helper(scsi_controller_label, properties, bus_numbe else: # If type not specified or does not match, show error and return if not adapter_type: - err_msg = "The type of '{0}' has not been specified".format( + err_msg = "The type of '{}' has not been specified".format( scsi_controller_label ) else: - err_msg = "Cannot create '{0}'. Invalid/unsupported type '{1}'".format( + err_msg = "Cannot create '{}'. Invalid/unsupported type '{}'".format( scsi_controller_label, adapter_type ) raise SaltCloudSystemExit(err_msg) @@ -653,7 +650,7 @@ def _set_cd_or_dvd_backing_type(drive, device_type, mode, iso_path): if datastore_ref: drive.backing.datastore = datastore_ref - drive.deviceInfo.summary = "ISO {0}".format(iso_path) + drive.deviceInfo.summary = "ISO {}".format(iso_path) elif device_type == "client_device": if mode == "passthrough": @@ -735,8 +732,8 @@ def _set_network_adapter_mapping(adapter_specs): gateway = adapter_specs["gateway"] adapter_mapping.adapter.gateway = gateway if "ip" in list(adapter_specs.keys()): - ip = six.text_type(adapter_specs["ip"]) - subnet_mask = six.text_type(adapter_specs["subnet_mask"]) + ip = str(adapter_specs["ip"]) + subnet_mask = str(adapter_specs["subnet_mask"]) adapter_mapping.adapter.ip = vim.vm.customization.FixedIp(ipAddress=ip) adapter_mapping.adapter.subnetMask = subnet_mask else: @@ -823,8 +820,8 @@ def _manage_devices(devices, vm=None, container_ref=None, new_vm_name=None): if device.capacityInKB > size_kb: raise SaltCloudSystemExit( - "The specified disk size '{0}GB' for '{1}' is " - "smaller than the disk image size '{2}GB'. It must " + "The specified disk size '{}GB' for '{}' is " + "smaller than the disk image size '{}GB'. It must " "be equal to or greater than the disk image".format( float( devices["disk"][device.deviceInfo.label]["size"] @@ -908,7 +905,7 @@ def _manage_devices(devices, vm=None, container_ref=None, new_vm_name=None): else None ) if bus_sharing and bus_sharing in ["virtual", "physical", "no"]: - bus_sharing = "{0}Sharing".format(bus_sharing) + bus_sharing = "{}Sharing".format(bus_sharing) if bus_sharing != device.sharedBus: # Only edit the SCSI controller if bus_sharing is different scsi_spec = _edit_existing_scsi_controller( @@ -1112,7 +1109,7 @@ def _manage_devices(devices, vm=None, container_ref=None, new_vm_name=None): ide_controllers[controller_key] = 0 break else: - for ide_controller_key, num_devices in six.iteritems(ide_controllers): + for ide_controller_key, num_devices in ide_controllers.items(): if num_devices < 2: controller_key = ide_controller_key break @@ -1145,10 +1142,7 @@ def _wait_for_vmware_tools(vm_ref, max_wait): vm_ref.name, time_counter, ) - if ( - six.text_type(vm_ref.summary.guest.toolsRunningStatus) - == "guestToolsRunning" - ): + if str(vm_ref.summary.guest.toolsRunningStatus) == "guestToolsRunning": log.info( "[ %s ] Successfully got VMware tools running on the guest in " "%s seconds", @@ -1314,23 +1308,21 @@ def _format_instance_info_select(vm, selection): vm_select_info["id"] = vm["name"] if "image" in selection: - vm_select_info["image"] = "{0} (Detected)".format( + vm_select_info["image"] = "{} (Detected)".format( defaultto(vm, "config.guestFullName") ) if "size" in selection: cpu = defaultto(vm, "config.hardware.numCPU") - ram = "{0} MB".format(defaultto(vm, "config.hardware.memoryMB")) - vm_select_info["size"] = "cpu: {0}\nram: {1}".format(cpu, ram) + ram = "{} MB".format(defaultto(vm, "config.hardware.memoryMB")) + vm_select_info["size"] = "cpu: {}\nram: {}".format(cpu, ram) vm_select_info["size_dict"] = { "cpu": cpu, "memory": ram, } if "state" in selection: - vm_select_info["state"] = six.text_type( - defaultto(vm, "summary.runtime.powerState") - ) + vm_select_info["state"] = str(defaultto(vm, "summary.runtime.powerState")) if "guest_id" in selection: vm_select_info["guest_id"] = defaultto(vm, "config.guestId") @@ -1342,9 +1334,7 @@ def _format_instance_info_select(vm, selection): vm_select_info["path"] = defaultto(vm, "config.files.vmPathName") if "tools_status" in selection: - vm_select_info["tools_status"] = six.text_type( - defaultto(vm, "guest.toolsStatus") - ) + vm_select_info["tools_status"] = str(defaultto(vm, "guest.toolsStatus")) if "private_ips" in selection or "networks" in selection: network_full_info = {} @@ -1585,18 +1575,18 @@ def _format_instance_info(vm): cpu = vm["config.hardware.numCPU"] if "config.hardware.numCPU" in vm else "N/A" ram = ( - "{0} MB".format(vm["config.hardware.memoryMB"]) + "{} MB".format(vm["config.hardware.memoryMB"]) if "config.hardware.memoryMB" in vm else "N/A" ) vm_full_info = { - "id": six.text_type(vm["name"]), - "image": "{0} (Detected)".format(vm["config.guestFullName"]) + "id": str(vm["name"]), + "image": "{} (Detected)".format(vm["config.guestFullName"]) if "config.guestFullName" in vm else "N/A", - "size": "cpu: {0}\nram: {1}".format(cpu, ram), + "size": "cpu: {}\nram: {}".format(cpu, ram), "size_dict": {"cpu": cpu, "memory": ram}, - "state": six.text_type(vm["summary.runtime.powerState"]) + "state": str(vm["summary.runtime.powerState"]) if "summary.runtime.powerState" in vm else "N/A", "private_ips": ip_addresses, @@ -1604,16 +1594,14 @@ def _format_instance_info(vm): "devices": device_full_info, "storage": storage_full_info, "files": file_full_info, - "guest_id": six.text_type(vm["config.guestId"]) - if "config.guestId" in vm - else "N/A", - "hostname": six.text_type(vm["object"].guest.hostName), + "guest_id": str(vm["config.guestId"]) if "config.guestId" in vm else "N/A", + "hostname": str(vm["object"].guest.hostName), "mac_addresses": device_mac_addresses, "networks": network_full_info, - "path": six.text_type(vm["config.files.vmPathName"]) + "path": str(vm["config.files.vmPathName"]) if "config.files.vmPathName" in vm else "N/A", - "tools_status": six.text_type(vm["guest.toolsStatus"]) + "tools_status": str(vm["guest.toolsStatus"]) if "guest.toolsStatus" in vm else "N/A", } @@ -1624,11 +1612,11 @@ def _format_instance_info(vm): def _get_snapshots(snapshot_list, current_snapshot=None, parent_snapshot_path=""): snapshots = {} for snapshot in snapshot_list: - snapshot_path = "{0}/{1}".format(parent_snapshot_path, snapshot.name) + snapshot_path = "{}/{}".format(parent_snapshot_path, snapshot.name) snapshots[snapshot_path] = { "name": snapshot.name, "description": snapshot.description, - "created": six.text_type(snapshot.createTime).split(".")[0], + "created": str(snapshot.createTime).split(".")[0], "state": snapshot.state, "path": snapshot_path, } @@ -1760,7 +1748,7 @@ def test_vcenter_connection(kwargs=None, call=None): # Get the service instance object _get_si() except Exception as exc: # pylint: disable=broad-except - return "failed to connect: {0}".format(exc) + return "failed to connect: {}".format(exc) return "connection successful" @@ -2000,18 +1988,18 @@ def list_nodes(kwargs=None, call=None): for vm in vm_list: cpu = vm["config.hardware.numCPU"] if "config.hardware.numCPU" in vm else "N/A" ram = ( - "{0} MB".format(vm["config.hardware.memoryMB"]) + "{} MB".format(vm["config.hardware.memoryMB"]) if "config.hardware.memoryMB" in vm else "N/A" ) vm_info = { "id": vm["name"], - "image": "{0} (Detected)".format(vm["config.guestFullName"]) + "image": "{} (Detected)".format(vm["config.guestFullName"]) if "config.guestFullName" in vm else "N/A", - "size": "cpu: {0}\nram: {1}".format(cpu, ram), + "size": "cpu: {}\nram: {}".format(cpu, ram), "size_dict": {"cpu": cpu, "memory": ram}, - "state": six.text_type(vm["summary.runtime.powerState"]) + "state": str(vm["summary.runtime.powerState"]) if "summary.runtime.powerState" in vm else "N/A", "private_ips": [vm["guest.ipAddress"]] if "guest.ipAddress" in vm else [], @@ -2660,7 +2648,7 @@ def destroy(name, call=None): __utils__["cloud.fire_event"]( "event", "destroying instance", - "salt/cloud/{0}/destroying".format(name), + "salt/cloud/{}/destroying".format(name), args={"name": name}, sock_dir=__opts__["sock_dir"], transport=__opts__["transport"], @@ -2706,7 +2694,7 @@ def destroy(name, call=None): __utils__["cloud.fire_event"]( "event", "destroyed instance", - "salt/cloud/{0}/destroyed".format(name), + "salt/cloud/{}/destroyed".format(name), args={"name": name}, sock_dir=__opts__["sock_dir"], transport=__opts__["transport"], @@ -2748,7 +2736,7 @@ def create(vm_): __utils__["cloud.fire_event"]( "event", "starting create", - "salt/cloud/{0}/creating".format(vm_["name"]), + "salt/cloud/{}/creating".format(vm_["name"]), args=__utils__["cloud.filter_event"]( "creating", vm_, ["name", "profile", "provider", "driver"] ), @@ -2825,10 +2813,10 @@ def create(vm_): "win_run_once", vm_, __opts__, search_global=False, default=None ) cpu_hot_add = config.get_cloud_config_value( - 'cpu_hot_add', vm_, __opts__, search_global=False, default=None + "cpu_hot_add", vm_, __opts__, search_global=False, default=None ) mem_hot_add = config.get_cloud_config_value( - 'mem_hot_add', vm_, __opts__, search_global=False, default=None + "mem_hot_add", vm_, __opts__, search_global=False, default=None ) # Get service instance object @@ -2988,7 +2976,7 @@ def create(vm_): ) if not datastore_ref: raise SaltCloudSystemExit( - "Specified datastore: '{0}' does not exist".format(datastore) + "Specified datastore: '{}' does not exist".format(datastore) ) if host: @@ -3004,7 +2992,7 @@ def create(vm_): # If the hardware version is specified and if it is different from the current # hardware version, then schedule a hardware version upgrade if hardware_version and object_ref is not None: - hardware_version = "vmx-{0:02}".format(hardware_version) + hardware_version = "vmx-{:02}".format(hardware_version) if hardware_version != object_ref.config.version: log.debug( "Scheduling hardware version upgrade from %s to %s", @@ -3034,7 +3022,7 @@ def create(vm_): elif memory_unit.lower() == "gb": memory_mb = int(float(memory_num) * 1024.0) else: - err_msg = "Invalid memory type specified: '{0}'".format(memory_unit) + err_msg = "Invalid memory type specified: '{}'".format(memory_unit) log.error(err_msg) return {"Error": err_msg} except (TypeError, ValueError): @@ -3048,19 +3036,19 @@ def create(vm_): ) config_spec.deviceChange = specs["device_specs"] - if cpu_hot_add and hasattr(config_spec, 'cpuHotAddEnabled'): + if cpu_hot_add and hasattr(config_spec, "cpuHotAddEnabled"): config_spec.cpuHotAddEnabled = bool(cpu_hot_add) - if mem_hot_add and hasattr(config_spec, 'memoryHotAddEnabled'): + if mem_hot_add and hasattr(config_spec, "memoryHotAddEnabled"): config_spec.memoryHotAddEnabled = bool(mem_hot_add) if extra_config: - for key, value in six.iteritems(extra_config): + for key, value in extra_config.items(): option = vim.option.OptionValue(key=key, value=value) config_spec.extraConfig.append(option) if annotation: - config_spec.annotation = six.text_type(annotation) + config_spec.annotation = str(annotation) if "clonefrom" in vm_: clone_spec = handle_snapshot(config_spec, object_ref, reloc_spec, template, vm_) @@ -3137,7 +3125,7 @@ def create(vm_): __utils__["cloud.fire_event"]( "event", "requesting instance", - "salt/cloud/{0}/requesting".format(vm_["name"]), + "salt/cloud/{}/requesting".format(vm_["name"]), args=__utils__["cloud.filter_event"]( "requesting", event_kwargs, list(event_kwargs) ), @@ -3190,7 +3178,7 @@ def create(vm_): task = folder_ref.CreateVM_Task(config_spec, resourcepool_ref) salt.utils.vmware.wait_for_task(task, vm_name, "create", 15, "info") except Exception as exc: # pylint: disable=broad-except - err_msg = "Error creating {0}: {1}".format(vm_["name"], exc) + err_msg = "Error creating {}: {}".format(vm_["name"], exc) log.error( err_msg, # Show the traceback if the debug logging level is enabled @@ -3235,7 +3223,7 @@ def create(vm_): __utils__["cloud.fire_event"]( "event", "created instance", - "salt/cloud/{0}/created".format(vm_["name"]), + "salt/cloud/{}/created".format(vm_["name"]), args=__utils__["cloud.filter_event"]( "created", vm_, ["name", "profile", "provider", "driver"] ), @@ -3267,7 +3255,7 @@ def handle_snapshot(config_spec, object_ref, reloc_spec, template, vm_): raise SaltCloudSystemExit( "Invalid disk move type specified" " supported types are" - " {0}".format(" ".join(allowed_types)) + " {}".format(" ".join(allowed_types)) ) return clone_spec @@ -3470,7 +3458,7 @@ def rescan_hba(kwargs=None, call=None): if hba: log.info("Rescanning HBA %s on host %s", hba, host_name) host_ref.configManager.storageSystem.RescanHba(hba) - ret = "rescanned HBA {0}".format(hba) + ret = "rescanned HBA {}".format(hba) else: log.info("Rescanning all HBAs on host %s", host_name) host_ref.configManager.storageSystem.RescanAllHba() @@ -3749,7 +3737,7 @@ def list_hbas(kwargs=None, call=None): if hba_type and hba_type not in ["parallel", "block", "iscsi", "fibre"]: raise SaltCloudSystemExit( - "Specified hba type {0} currently not supported.".format(hba_type) + "Specified hba type {} currently not supported.".format(hba_type) ) host_list = salt.utils.vmware.get_mors_with_properties( @@ -4124,10 +4112,10 @@ def revert_to_snapshot(name, kwargs=None, call=None): task = vm_ref.RevertToCurrentSnapshot(suppressPowerOn=suppress_power_on) else: log.debug("Reverting VM %s to snapshot %s", name, snapshot_name) - msg = "reverted to snapshot {0}".format(snapshot_name) + msg = "reverted to snapshot {}".format(snapshot_name) snapshot_ref = _get_snapshot_ref_by_name(vm_ref, snapshot_name) if snapshot_ref is None: - return "specified snapshot '{0}' does not exist".format(snapshot_name) + return "specified snapshot '{}' does not exist".format(snapshot_name) task = snapshot_ref.snapshot.Revert(suppressPowerOn=suppress_power_on) salt.utils.vmware.wait_for_task(task, name, "revert to snapshot", 5, "info") @@ -4265,7 +4253,7 @@ def convert_to_template(name, kwargs=None, call=None): vm_ref = salt.utils.vmware.get_mor_by_property(_get_si(), vim.VirtualMachine, name) if vm_ref.config.template: - raise SaltCloudSystemExit("{0} already a template".format(name)) + raise SaltCloudSystemExit("{} already a template".format(name)) try: vm_ref.MarkAsTemplate() @@ -4279,7 +4267,7 @@ def convert_to_template(name, kwargs=None, call=None): ) return "failed to convert to teamplate" - return "{0} converted to template".format(name) + return "{} converted to template".format(name) def add_host(kwargs=None, call=None): @@ -4399,7 +4387,7 @@ def add_host(kwargs=None, call=None): ("echo", "-n"), stdout=subprocess.PIPE, stderr=subprocess.PIPE ) p2 = subprocess.Popen( - ("openssl", "s_client", "-connect", "{0}:443".format(host_name)), + ("openssl", "s_client", "-connect", "{}:443".format(host_name)), stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE, @@ -4429,12 +4417,12 @@ def add_host(kwargs=None, call=None): try: if cluster_name: task = cluster_ref.AddHost(spec=spec, asConnected=True) - ret = "added host system to cluster {0}".format(cluster_name) + ret = "added host system to cluster {}".format(cluster_name) if datacenter_name: task = datacenter_ref.hostFolder.AddStandaloneHost( spec=spec, addConnected=True ) - ret = "added host system to datacenter {0}".format(datacenter_name) + ret = "added host system to datacenter {}".format(datacenter_name) salt.utils.vmware.wait_for_task(task, host_name, "add host system", 5, "info") except Exception as exc: # pylint: disable=broad-except if isinstance(exc, vim.fault.SSLVerifyFault): diff --git a/salt/config/schemas/vcenter.py b/salt/config/schemas/vcenter.py index 7db8b67c41..bd82bd1761 100644 --- a/salt/config/schemas/vcenter.py +++ b/salt/config/schemas/vcenter.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ :codeauthor: :email:`Rod McKenzie (roderick.mckenzie@morganstanley.com)` :codeauthor: :email:`Alexandru Bleotu (alexandru.bleotu@morganstanley.com)` @@ -9,11 +8,8 @@ VCenter configuration schemas """ -# Import Python libs -from __future__ import absolute_import, print_function, unicode_literals -# Import Salt libs -from salt.utils.schema import ArrayItem, IntegerItem, Schema, StringItem +from salt.utils.schema import ArrayItem, BooleanItem, IntegerItem, Schema, StringItem class VCenterEntitySchema(Schema): @@ -48,6 +44,8 @@ class VCenterProxySchema(Schema): mechanism = StringItem(required=True, enum=["userpass", "sspi"]) username = StringItem() passwords = ArrayItem(min_items=1, items=StringItem(), unique_items=True) + verify_ssl = BooleanItem() + ca_bundle = StringItem() domain = StringItem() principal = StringItem(default="host") diff --git a/salt/master.py b/salt/master.py index 59bb19ce75..fc103ac489 100644 --- a/salt/master.py +++ b/salt/master.py @@ -2126,7 +2126,7 @@ class ClearFuncs(TransportMethods): fun = clear_load.pop("fun") runner_client = salt.runner.RunnerClient(self.opts) return runner_client.asynchronous( - fun, clear_load.get("kwarg", {}), username + fun, clear_load.get("kwarg", {}), username, local=True ) except Exception as exc: # pylint: disable=broad-except log.error("Exception occurred while introspecting %s: %s", fun, exc) diff --git a/salt/modules/bigip.py b/salt/modules/bigip.py index 2b54e4d27c..36168d66b4 100644 --- a/salt/modules/bigip.py +++ b/salt/modules/bigip.py @@ -1,21 +1,14 @@ -# -*- coding: utf-8 -*- """ An execution module which can manipulate an f5 bigip via iControl REST :maturity: develop :platform: f5_bigip_11.6 """ -# Import python libs -from __future__ import absolute_import, print_function, unicode_literals -# Import salt libs import salt.exceptions import salt.utils.json - -# Import 3rd-party libs from salt.ext import six -# Import third party libs try: import requests import requests.exceptions @@ -52,7 +45,7 @@ def _build_session(username, password, trans_label=None): bigip = requests.session() bigip.auth = (username, password) - bigip.verify = False + bigip.verify = True bigip.headers.update({"Content-Type": "application/json"}) if trans_label: @@ -109,7 +102,7 @@ def _loop_payload(params): payload = {} # set the payload - for param, value in six.iteritems(params): + for param, value in params.items(): if value is not None: payload[param] = value @@ -153,7 +146,7 @@ def _determine_toggles(payload, toggles): Figure out what it likes to hear without confusing the user. """ - for toggle, definition in six.iteritems(toggles): + for toggle, definition in toggles.items(): # did the user specify anything? if definition["value"] is not None: # test for yes_no toggle @@ -1046,7 +1039,7 @@ def replace_pool_members(hostname, username, password, name, members): # specify members if provided if members is not None: - if isinstance(members, six.string_types): + if isinstance(members, str): members = members.split(",") pool_members = [] @@ -1583,7 +1576,7 @@ def create_virtual( payload["vlans"] = "none" elif vlans == "default": payload["vlans"] = "default" - elif isinstance(vlans, six.string_types) and ( + elif isinstance(vlans, str) and ( vlans.startswith("enabled") or vlans.startswith("disabled") ): try: @@ -2016,7 +2009,7 @@ def create_monitor(hostname, username, password, monitor_type, name, **kwargs): # there's a ton of different monitors and a ton of options for each type of monitor. # this logic relies that the end user knows which options are meant for which monitor types - for key, value in six.iteritems(kwargs): + for key, value in kwargs.items(): if not key.startswith("__"): if key not in ["hostname", "username", "password", "type"]: key = key.replace("_", "-") @@ -2067,7 +2060,7 @@ def modify_monitor(hostname, username, password, monitor_type, name, **kwargs): # there's a ton of different monitors and a ton of options for each type of monitor. # this logic relies that the end user knows which options are meant for which monitor types - for key, value in six.iteritems(kwargs): + for key, value in kwargs.items(): if not key.startswith("__"): if key not in ["hostname", "username", "password", "type", "name"]: key = key.replace("_", "-") @@ -2231,7 +2224,7 @@ def create_profile(hostname, username, password, profile_type, name, **kwargs): # there's a ton of different profiles and a ton of options for each type of profile. # this logic relies that the end user knows which options are meant for which profile types - for key, value in six.iteritems(kwargs): + for key, value in kwargs.items(): if not key.startswith("__"): if key not in ["hostname", "username", "password", "profile_type"]: key = key.replace("_", "-") @@ -2322,7 +2315,7 @@ def modify_profile(hostname, username, password, profile_type, name, **kwargs): # there's a ton of different profiles and a ton of options for each type of profile. # this logic relies that the end user knows which options are meant for which profile types - for key, value in six.iteritems(kwargs): + for key, value in kwargs.items(): if not key.startswith("__"): if key not in ["hostname", "username", "password", "profile_type"]: key = key.replace("_", "-") diff --git a/salt/modules/cmdmod.py b/salt/modules/cmdmod.py index c8eb4d2305..bbc303c3f8 100644 --- a/salt/modules/cmdmod.py +++ b/salt/modules/cmdmod.py @@ -77,6 +77,12 @@ def __virtual__(): return __virtualname__ +def _log_cmd(cmd): + if not isinstance(cmd, list): + return cmd.split()[0].strip() + return cmd[0].strip() + + def _check_cb(cb_): """ If the callback is None or is not callable, return a lambda that returns @@ -386,22 +392,13 @@ def _run( ) env[bad_env_key] = "" - def _get_stripped(cmd): - # Return stripped command string copies to improve logging. - if isinstance(cmd, list): - return [x.strip() if isinstance(x, str) else x for x in cmd] - elif isinstance(cmd, str): - return cmd.strip() - else: - return cmd - if output_loglevel is not None: # Always log the shell commands at INFO unless quiet logging is # requested. The command output is what will be controlled by the # 'loglevel' parameter. msg = "Executing command {}{}{} {}{}in directory '{}'{}".format( "'" if not isinstance(cmd, list) else "", - _get_stripped(cmd), + _log_cmd(cmd), "'" if not isinstance(cmd, list) else "", "as user '{}' ".format(runas) if runas else "", "in group '{}' ".format(group) if group else "", @@ -723,7 +720,7 @@ def _run( log.error( "Failed to decode stdout from command %s, non-decodable " "characters have been replaced", - cmd, + _log_cmd(cmd), ) try: @@ -741,7 +738,7 @@ def _run( log.error( "Failed to decode stderr from command %s, non-decodable " "characters have been replaced", - cmd, + _log_cmd(cmd), ) if rstrip: @@ -841,7 +838,9 @@ def _run( if not ignore_retcode and ret["retcode"] != 0: if output_loglevel < LOG_LEVELS["error"]: output_loglevel = LOG_LEVELS["error"] - msg = "Command '{}' failed with return code: {}".format(cmd, ret["retcode"]) + msg = "Command '{}' failed with return code: {}".format( + _log_cmd(cmd), ret["retcode"] + ) log.error(log_callback(msg)) if ret["stdout"]: log.log(output_loglevel, "stdout: %s", log_callback(ret["stdout"])) @@ -1211,7 +1210,9 @@ def run( if not ignore_retcode and ret["retcode"] != 0: if lvl < LOG_LEVELS["error"]: lvl = LOG_LEVELS["error"] - msg = "Command '{}' failed with return code: {}".format(cmd, ret["retcode"]) + msg = "Command '{}' failed with return code: {}".format( + _log_cmd(cmd), ret["retcode"] + ) log.error(log_callback(msg)) if raise_err: raise CommandExecutionError( diff --git a/salt/modules/glassfish.py b/salt/modules/glassfish.py index 44df1d3cbb..59a171d2e6 100644 --- a/salt/modules/glassfish.py +++ b/salt/modules/glassfish.py @@ -1,10 +1,8 @@ -# -*- coding: utf-8 -*- """ Module for working with the Glassfish/Payara 4.x management API .. versionadded:: Carbon :depends: requests """ -from __future__ import absolute_import, print_function, unicode_literals import salt.defaults.exitcodes import salt.utils.json @@ -42,7 +40,7 @@ def __virtual__(): else: return ( False, - 'The "{0}" module could not be loaded: ' + 'The "{}" module could not be loaded: ' '"requests" is not installed.'.format(__virtualname__), ) @@ -73,9 +71,9 @@ def _get_url(ssl, url, port, path): Returns the URL of the endpoint """ if ssl: - return "https://{0}:{1}/management/domain/{2}".format(url, port, path) + return "https://{}:{}/management/domain/{}".format(url, port, path) else: - return "http://{0}:{1}/management/domain/{2}".format(url, port, path) + return "http://{}:{}/management/domain/{}".format(url, port, path) def _get_server(server): @@ -128,7 +126,7 @@ def _api_get(path, server=None): url=_get_url(server["ssl"], server["url"], server["port"], path), auth=_get_auth(server["user"], server["password"]), headers=_get_headers(), - verify=False, + verify=True, ) return _api_response(response) @@ -143,7 +141,7 @@ def _api_post(path, data, server=None): auth=_get_auth(server["user"], server["password"]), headers=_get_headers(), data=salt.utils.json.dumps(data), - verify=False, + verify=True, ) return _api_response(response) @@ -158,7 +156,7 @@ def _api_delete(path, data, server=None): auth=_get_auth(server["user"], server["password"]), headers=_get_headers(), params=data, - verify=False, + verify=True, ) return _api_response(response) @@ -183,7 +181,7 @@ def _get_element_properties(name, element_type, server=None): Get an element's properties """ properties = {} - data = _api_get("{0}/{1}/property".format(element_type, name), server) + data = _api_get("{}/{}/property".format(element_type, name), server) # Get properties into a dict if any(data["extraProperties"]["properties"]): @@ -199,7 +197,7 @@ def _get_element(name, element_type, server=None, with_properties=True): """ element = {} name = quote(name, safe="") - data = _api_get("{0}/{1}".format(element_type, name), server) + data = _api_get("{}/{}".format(element_type, name), server) # Format data, get properties if asked, and return the whole thing if any(data["extraProperties"]["entity"]): @@ -220,9 +218,9 @@ def _create_element(name, element_type, data, server=None): data["property"] = "" for key, value in data["properties"].items(): if not data["property"]: - data["property"] += "{0}={1}".format(key, value.replace(":", "\\:")) + data["property"] += "{}={}".format(key, value.replace(":", "\\:")) else: - data["property"] += ":{0}={1}".format(key, value.replace(":", "\\:")) + data["property"] += ":{}={}".format(key, value.replace(":", "\\:")) del data["properties"] # Send request @@ -242,7 +240,7 @@ def _update_element(name, element_type, data, server=None): properties = [] for key, value in data["properties"].items(): properties.append({"name": key, "value": value}) - _api_post("{0}/{1}/property".format(element_type, name), properties, server) + _api_post("{}/{}/property".format(element_type, name), properties, server) del data["properties"] # If the element only contained properties @@ -255,10 +253,10 @@ def _update_element(name, element_type, data, server=None): update_data.update(data) else: __context__["retcode"] = salt.defaults.exitcodes.SALT_BUILD_FAIL - raise CommandExecutionError("Cannot update {0}".format(name)) + raise CommandExecutionError("Cannot update {}".format(name)) # Finally, update the element - _api_post("{0}/{1}".format(element_type, name), _clean_data(update_data), server) + _api_post("{}/{}".format(element_type, name), _clean_data(update_data), server) return unquote(name) @@ -266,7 +264,7 @@ def _delete_element(name, element_type, data, server=None): """ Delete an element """ - _api_delete("{0}/{1}".format(element_type, quote(name, safe="")), data, server) + _api_delete("{}/{}".format(element_type, quote(name, safe="")), data, server) return name @@ -692,4 +690,4 @@ def delete_system_properties(name, server=None): """ Delete a system property """ - _api_delete("system-properties/{0}".format(name), None, server) + _api_delete("system-properties/{}".format(name), None, server) diff --git a/salt/modules/keystone.py b/salt/modules/keystone.py index 52cb461339..e8dd2fd99d 100644 --- a/salt/modules/keystone.py +++ b/salt/modules/keystone.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Module for handling openstack keystone calls. @@ -13,6 +12,7 @@ Module for handling openstack keystone calls. keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.1:5000/v2.0/' + keystone.verify_ssl: True OR (for token based authentication) @@ -32,6 +32,7 @@ Module for handling openstack keystone calls. keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.1:5000/v2.0/' + keystone.verify_ssl: True openstack2: keystone.user: admin @@ -39,6 +40,7 @@ Module for handling openstack keystone calls. keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.2:5000/v2.0/' + keystone.verify_ssl: True With this configuration in place, any of the keystone functions can make use of a configuration profile by declaring it explicitly. @@ -49,17 +51,11 @@ Module for handling openstack keystone calls. salt '*' keystone.tenant_list profile=openstack1 """ -# Import Python libs -from __future__ import absolute_import, print_function, unicode_literals import logging -# Import Salt Libs import salt.utils.http -# Import 3rd-party libs -from salt.ext import six - HAS_KEYSTONE = False try: # pylint: disable=import-error @@ -125,6 +121,7 @@ def _get_kwargs(profile=None, **connection_args): endpoint = get("endpoint", "http://127.0.0.1:35357/v2.0") user_domain_name = get("user_domain_name", "Default") project_domain_name = get("project_domain_name", "Default") + verify_ssl = get("verify_ssl", True) if token: kwargs = {"token": token, "endpoint": endpoint} else: @@ -141,6 +138,7 @@ def _get_kwargs(profile=None, **connection_args): # this ensures it's only passed in when defined if insecure: kwargs["insecure"] = True + kwargs["verify_ssl"] = verify_ssl return kwargs @@ -158,7 +156,7 @@ def api_version(profile=None, **connection_args): auth_url = kwargs.get("auth_url", kwargs.get("endpoint", None)) try: return salt.utils.http.query( - auth_url, decode=True, decode_type="json", verify_ssl=False + auth_url, decode=True, decode_type="json", verify_ssl=kwargs["verify_ssl"] )["dict"]["version"]["id"] except KeyError: return None @@ -269,7 +267,7 @@ def ec2_credentials_delete( if not user_id: return {"Error": "Could not resolve User ID"} kstone.ec2.delete(user_id, access_key) - return 'ec2 key "{0}" deleted under user id "{1}"'.format(access_key, user_id) + return 'ec2 key "{}" deleted under user id "{}"'.format(access_key, user_id) def ec2_credentials_get( @@ -373,7 +371,7 @@ def endpoint_get(service, region=None, profile=None, interface=None, **connectio ] if len(e) > 1: return { - "Error": "Multiple endpoints found ({0}) for the {1} service. Please specify region.".format( + "Error": "Multiple endpoints found ({}) for the {} service. Please specify region.".format( e, service ) } @@ -396,12 +394,12 @@ def endpoint_list(profile=None, **connection_args): ret = {} for endpoint in kstone.endpoints.list(): - ret[endpoint.id] = dict( - (value, getattr(endpoint, value)) + ret[endpoint.id] = { + value: getattr(endpoint, value) for value in dir(endpoint) if not value.startswith("_") - and isinstance(getattr(endpoint, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(endpoint, value), (str, dict, bool)) + } return ret @@ -487,7 +485,7 @@ def role_create(name, profile=None, **connection_args): kstone = auth(profile, **connection_args) if "Error" not in role_get(name=name, profile=profile, **connection_args): - return {"Error": 'Role "{0}" already exists'.format(name)} + return {"Error": 'Role "{}" already exists'.format(name)} kstone.roles.create(name) return role_get(name=name, profile=profile, **connection_args) @@ -518,9 +516,9 @@ def role_delete(role_id=None, name=None, profile=None, **connection_args): role = kstone.roles.get(role_id) kstone.roles.delete(role) - ret = "Role ID {0} deleted".format(role_id) + ret = "Role ID {} deleted".format(role_id) if name: - ret += " ({0})".format(name) + ret += " ({})".format(name) return ret @@ -564,12 +562,12 @@ def role_list(profile=None, **connection_args): kstone = auth(profile, **connection_args) ret = {} for role in kstone.roles.list(): - ret[role.name] = dict( - (value, getattr(role, value)) + ret[role.name] = { + value: getattr(role, value) for value in dir(role) if not value.startswith("_") - and isinstance(getattr(role, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(role, value), (str, dict, bool)) + } return ret @@ -608,7 +606,7 @@ def service_delete(service_id=None, name=None, profile=None, **connection_args): "id" ] kstone.services.delete(service_id) - return 'Keystone service ID "{0}" deleted'.format(service_id) + return 'Keystone service ID "{}" deleted'.format(service_id) def service_get(service_id=None, name=None, profile=None, **connection_args): @@ -633,12 +631,12 @@ def service_get(service_id=None, name=None, profile=None, **connection_args): if not service_id: return {"Error": "Unable to resolve service id"} service = kstone.services.get(service_id) - ret[service.name] = dict( - (value, getattr(service, value)) + ret[service.name] = { + value: getattr(service, value) for value in dir(service) if not value.startswith("_") - and isinstance(getattr(service, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(service, value), (str, dict, bool)) + } return ret @@ -655,12 +653,12 @@ def service_list(profile=None, **connection_args): kstone = auth(profile, **connection_args) ret = {} for service in kstone.services.list(): - ret[service.name] = dict( - (value, getattr(service, value)) + ret[service.name] = { + value: getattr(service, value) for value in dir(service) if not value.startswith("_") - and isinstance(getattr(service, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(service, value), (str, dict, bool)) + } return ret @@ -741,10 +739,10 @@ def tenant_delete(tenant_id=None, name=None, profile=None, **connection_args): if not tenant_id: return {"Error": "Unable to resolve tenant id"} getattr(kstone, _TENANTS, None).delete(tenant_id) - ret = "Tenant ID {0} deleted".format(tenant_id) + ret = "Tenant ID {} deleted".format(tenant_id) if name: - ret += " ({0})".format(name) + ret += " ({})".format(name) return ret @@ -805,12 +803,12 @@ def tenant_get(tenant_id=None, name=None, profile=None, **connection_args): if not tenant_id: return {"Error": "Unable to resolve tenant id"} tenant = getattr(kstone, _TENANTS, None).get(tenant_id) - ret[tenant.name] = dict( - (value, getattr(tenant, value)) + ret[tenant.name] = { + value: getattr(tenant, value) for value in dir(tenant) if not value.startswith("_") - and isinstance(getattr(tenant, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(tenant, value), (str, dict, bool)) + } return ret @@ -863,12 +861,12 @@ def tenant_list(profile=None, **connection_args): ret = {} for tenant in getattr(kstone, _TENANTS, None).list(): - ret[tenant.name] = dict( - (value, getattr(tenant, value)) + ret[tenant.name] = { + value: getattr(tenant, value) for value in dir(tenant) if not value.startswith("_") - and isinstance(getattr(tenant, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(tenant, value), (str, dict, bool)) + } return ret @@ -938,12 +936,12 @@ def tenant_update( tenant_id, name=name, description=description, enabled=enabled ) - return dict( - (value, getattr(updated, value)) + return { + value: getattr(updated, value) for value in dir(updated) if not value.startswith("_") - and isinstance(getattr(updated, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(updated, value), (str, dict, bool)) + } def project_update( @@ -1034,12 +1032,12 @@ def user_list(profile=None, **connection_args): kstone = auth(profile, **connection_args) ret = {} for user in kstone.users.list(): - ret[user.name] = dict( - (value, getattr(user, value, None)) + ret[user.name] = { + value: getattr(user, value, None) for value in dir(user) if not value.startswith("_") - and isinstance(getattr(user, value, None), (six.string_types, dict, bool)) - ) + and isinstance(getattr(user, value, None), (str, dict, bool)) + } tenant_id = getattr(user, "tenantId", None) if tenant_id: ret[user.name]["tenant_id"] = tenant_id @@ -1070,16 +1068,16 @@ def user_get(user_id=None, name=None, profile=None, **connection_args): try: user = kstone.users.get(user_id) except keystoneclient.exceptions.NotFound: - msg = "Could not find user '{0}'".format(user_id) + msg = "Could not find user '{}'".format(user_id) log.error(msg) return {"Error": msg} - ret[user.name] = dict( - (value, getattr(user, value, None)) + ret[user.name] = { + value: getattr(user, value, None) for value in dir(user) if not value.startswith("_") - and isinstance(getattr(user, value, None), (six.string_types, dict, bool)) - ) + and isinstance(getattr(user, value, None), (str, dict, bool)) + } tenant_id = getattr(user, "tenantId", None) if tenant_id: @@ -1153,10 +1151,10 @@ def user_delete(user_id=None, name=None, profile=None, **connection_args): if not user_id: return {"Error": "Unable to resolve user id"} kstone.users.delete(user_id) - ret = "User ID {0} deleted".format(user_id) + ret = "User ID {} deleted".format(user_id) if name: - ret += " ({0})".format(name) + ret += " ({})".format(name) return ret @@ -1204,7 +1202,7 @@ def user_update( if description is None: description = getattr(user, "description", None) else: - description = six.text_type(description) + description = str(description) project_id = None if project: @@ -1235,7 +1233,7 @@ def user_update( if tenant_id: kstone.users.update_tenant(user_id, tenant_id) - ret = "Info updated for user ID {0}".format(user_id) + ret = "Info updated for user ID {}".format(user_id) return ret @@ -1313,9 +1311,9 @@ def user_password_update( kstone.users.update(user=user_id, password=password) else: kstone.users.update_password(user=user_id, password=password) - ret = "Password updated for user ID {0}".format(user_id) + ret = "Password updated for user ID {}".format(user_id) if name: - ret += " ({0})".format(name) + ret += " ({})".format(name) return ret @@ -1356,9 +1354,9 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4 "id" ) else: - user = next( - six.iterkeys(user_get(user_id, profile=profile, **connection_args)) - )["name"] + user = next(iter(user_get(user_id, profile=profile, **connection_args).keys()))[ + "name" + ] if not user_id: return {"Error": "Unable to resolve user id"} @@ -1368,7 +1366,7 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4 ].get("id") else: tenant = next( - six.iterkeys(tenant_get(tenant_id, profile=profile, **connection_args)) + iter(tenant_get(tenant_id, profile=profile, **connection_args).keys()) )["name"] if not tenant_id: return {"Error": "Unable to resolve tenant/project id"} @@ -1376,9 +1374,9 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4 if role: role_id = role_get(name=role, profile=profile, **connection_args)[role]["id"] else: - role = next( - six.iterkeys(role_get(role_id, profile=profile, **connection_args)) - )["name"] + role = next(iter(role_get(role_id, profile=profile, **connection_args).keys()))[ + "name" + ] if not role_id: return {"Error": "Unable to resolve role id"} @@ -1427,9 +1425,9 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4 "id" ) else: - user = next( - six.iterkeys(user_get(user_id, profile=profile, **connection_args)) - )["name"] + user = next(iter(user_get(user_id, profile=profile, **connection_args).keys()))[ + "name" + ] if not user_id: return {"Error": "Unable to resolve user id"} @@ -1439,7 +1437,7 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4 ].get("id") else: tenant = next( - six.iterkeys(tenant_get(tenant_id, profile=profile, **connection_args)) + iter(tenant_get(tenant_id, profile=profile, **connection_args).keys()) )["name"] if not tenant_id: return {"Error": "Unable to resolve tenant/project id"} @@ -1447,7 +1445,7 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4 if role: role_id = role_get(name=role, profile=profile, **connection_args)[role]["id"] else: - role = next(six.iterkeys(role_get(role_id)))["name"] + role = next(iter(role_get(role_id).keys()))["name"] if not role_id: return {"Error": "Unable to resolve role id"} @@ -1504,12 +1502,12 @@ tenant_id=7167a092ece84bae8cead4bf9d15bb3b if _OS_IDENTITY_API_VERSION > 2: for role in kstone.roles.list(user=user_id, project=tenant_id): - ret[role.name] = dict( - (value, getattr(role, value)) + ret[role.name] = { + value: getattr(role, value) for value in dir(role) if not value.startswith("_") - and isinstance(getattr(role, value), (six.string_types, dict, bool)) - ) + and isinstance(getattr(role, value), (str, dict, bool)) + } else: for role in kstone.roles.roles_for_user(user=user_id, tenant=tenant_id): ret[role.name] = { diff --git a/salt/modules/restartcheck.py b/salt/modules/restartcheck.py index 4d541da357..c996e39dc7 100644 --- a/salt/modules/restartcheck.py +++ b/salt/modules/restartcheck.py @@ -11,6 +11,7 @@ https://packages.debian.org/debian-goodies) and psdel by Sam Morris. """ import os import re +import shlex import subprocess import sys import time @@ -612,7 +613,8 @@ def restartcheck(ignorelist=None, blacklist=None, excludepid=None, **kwargs): for package in packages: _check_timeout(start_time, timeout) cmd = cmd_pkg_query + package - paths = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE) + cmd = shlex.split(cmd) + paths = subprocess.Popen(cmd, stdout=subprocess.PIPE) while True: _check_timeout(start_time, timeout) diff --git a/salt/modules/vsphere.py b/salt/modules/vsphere.py index b3de8afb64..8fc2c410f2 100644 --- a/salt/modules/vsphere.py +++ b/salt/modules/vsphere.py @@ -336,7 +336,7 @@ def _get_proxy_connection_details(): details = __salt__["esxvm.get_details"]() else: raise CommandExecutionError("'{}' proxy is not supported" "".format(proxytype)) - return ( + proxy_details = [ details.get("vcenter") if "vcenter" in details else details.get("host"), details.get("username"), details.get("password"), @@ -345,7 +345,10 @@ def _get_proxy_connection_details(): details.get("mechanism"), details.get("principal"), details.get("domain"), - ) + ] + if "verify_ssl" in details: + proxy_details.append(details.get("verify_ssl")) + return tuple(proxy_details) def supports_proxies(*proxy_types): @@ -429,7 +432,7 @@ def gets_service_instance_via_proxy(fn): # case 1: The call was made with enough positional # parameters to include 'service_instance' if not args[idx]: - local_service_instance = salt.utils.vmware.get_service_instance( + local_service_instance = salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter *connection_details ) # Tuples are immutable, so if we want to change what @@ -440,7 +443,7 @@ def gets_service_instance_via_proxy(fn): # case 2: Not enough positional parameters so # 'service_instance' must be a named parameter if not kwargs.get("service_instance"): - local_service_instance = salt.utils.vmware.get_service_instance( + local_service_instance = salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter *connection_details ) kwargs["service_instance"] = local_service_instance @@ -448,7 +451,7 @@ def gets_service_instance_via_proxy(fn): # 'service_instance' is not a paremter in the function definition # but it will be caught by the **kwargs parameter if not kwargs.get("service_instance"): - local_service_instance = salt.utils.vmware.get_service_instance( + local_service_instance = salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter *connection_details ) kwargs["service_instance"] = local_service_instance @@ -485,7 +488,9 @@ def get_service_instance_via_proxy(service_instance=None): See note above """ connection_details = _get_proxy_connection_details() - return salt.utils.vmware.get_service_instance(*connection_details) + return salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter + *connection_details + ) @depends(HAS_PYVMOMI) @@ -1587,7 +1592,7 @@ def upload_ssh_key( ssh_key_file=None, protocol=None, port=None, - certificate_verify=False, + certificate_verify=None, ): """ Upload an ssh key for root to an ESXi host via http PUT. @@ -1604,7 +1609,7 @@ def upload_ssh_key( :param protocol: defaults to https, can be http if ssl is disabled on ESXi :param port: defaults to 443 for https :param certificate_verify: If true require that the SSL connection present - a valid certificate + a valid certificate. Default: True :return: Dictionary with a 'status' key, True if upload is successful. If upload is unsuccessful, 'status' key will be False and an 'Error' key will have an informative message. @@ -1620,6 +1625,8 @@ def upload_ssh_key( protocol = "https" if port is None: port = 443 + if certificate_verify is None: + certificate_verify = True url = "{}://{}:{}/host/ssh_root_authorized_keys".format(protocol, host, port) ret = {} @@ -1662,7 +1669,7 @@ def upload_ssh_key( @ignores_kwargs("credstore") def get_ssh_key( - host, username, password, protocol=None, port=None, certificate_verify=False + host, username, password, protocol=None, port=None, certificate_verify=None ): """ Retrieve the authorized_keys entry for root. @@ -1674,7 +1681,7 @@ def get_ssh_key( :param protocol: defaults to https, can be http if ssl is disabled on ESXi :param port: defaults to 443 for https :param certificate_verify: If true require that the SSL connection present - a valid certificate + a valid certificate. Default: True :return: True if upload is successful CLI Example: @@ -1688,6 +1695,8 @@ def get_ssh_key( protocol = "https" if port is None: port = 443 + if certificate_verify is None: + certificate_verify = True url = "{}://{}:{}/host/ssh_root_authorized_keys".format(protocol, host, port) ret = {} @@ -1717,7 +1726,7 @@ def get_ssh_key( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def get_host_datetime( - host, username, password, protocol=None, port=None, host_names=None + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True ): """ Get the date/time information for a given host or list of host_names. @@ -1748,6 +1757,9 @@ def get_host_datetime( ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -1760,7 +1772,12 @@ def get_host_datetime( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -1775,7 +1792,9 @@ def get_host_datetime( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def get_ntp_config(host, username, password, protocol=None, port=None, host_names=None): +def get_ntp_config( + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True +): """ Get the NTP configuration information for a given host or list of host_names. @@ -1805,6 +1824,9 @@ def get_ntp_config(host, username, password, protocol=None, port=None, host_name ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -1817,7 +1839,12 @@ def get_ntp_config(host, username, password, protocol=None, port=None, host_name host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -1832,7 +1859,14 @@ def get_ntp_config(host, username, password, protocol=None, port=None, host_name @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def get_service_policy( - host, username, password, service_name, protocol=None, port=None, host_names=None + host, + username, + password, + service_name, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Get the service name's policy for a given host or list of hosts. @@ -1879,6 +1913,9 @@ def get_service_policy( for the ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -1891,7 +1928,12 @@ def get_service_policy( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) valid_services = [ "DCUI", @@ -1959,7 +2001,14 @@ def get_service_policy( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def get_service_running( - host, username, password, service_name, protocol=None, port=None, host_names=None + host, + username, + password, + service_name, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Get the service name's running state for a given host or list of hosts. @@ -2006,6 +2055,9 @@ def get_service_running( for the ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2018,7 +2070,12 @@ def get_service_running( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) valid_services = [ "DCUI", @@ -2086,7 +2143,13 @@ def get_service_running( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def get_vmotion_enabled( - host, username, password, protocol=None, port=None, host_names=None + host, + username, + password, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Get the VMotion enabled status for a given host or a list of host_names. Returns ``True`` @@ -2118,6 +2181,9 @@ def get_vmotion_enabled( ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2130,7 +2196,12 @@ def get_vmotion_enabled( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -2148,7 +2219,13 @@ def get_vmotion_enabled( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def get_vsan_enabled( - host, username, password, protocol=None, port=None, host_names=None + host, + username, + password, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Get the VSAN enabled status for a given host or a list of host_names. Returns ``True`` @@ -2181,6 +2258,9 @@ def get_vsan_enabled( ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2193,7 +2273,12 @@ def get_vsan_enabled( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -2215,7 +2300,13 @@ def get_vsan_enabled( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def get_vsan_eligible_disks( - host, username, password, protocol=None, port=None, host_names=None + host, + username, + password, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Returns a list of VSAN-eligible disks for a given host or list of host_names. @@ -2246,6 +2337,9 @@ def get_vsan_eligible_disks( for the ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2258,7 +2352,12 @@ def get_vsan_eligible_disks( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) response = _get_vsan_eligible_disks(service_instance, host, host_names) @@ -2310,7 +2409,9 @@ def test_vcenter_connection(service_instance=None): @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def system_info(host, username, password, protocol=None, port=None): +def system_info( + host, username, password, protocol=None, port=None, verify_ssl=True, +): """ Return system information about a VMware environment. @@ -2331,6 +2432,9 @@ def system_info(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2338,7 +2442,12 @@ def system_info(host, username, password, protocol=None, port=None): salt '*' vsphere.system_info 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) ret = salt.utils.vmware.get_inventory(service_instance).about.__dict__ if "apiType" in ret: @@ -2351,7 +2460,9 @@ def system_info(host, username, password, protocol=None, port=None): @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_datacenters(host, username, password, protocol=None, port=None): +def list_datacenters( + host, username, password, protocol=None, port=None, verify_ssl=True +): """ Returns a list of datacenters for the specified host. @@ -2372,6 +2483,9 @@ def list_datacenters(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2380,14 +2494,19 @@ def list_datacenters(host, username, password, protocol=None, port=None): """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_datacenters(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_clusters(host, username, password, protocol=None, port=None): +def list_clusters(host, username, password, protocol=None, port=None, verify_ssl=True): """ Returns a list of clusters for the specified host. @@ -2408,6 +2527,9 @@ def list_clusters(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2416,14 +2538,21 @@ def list_clusters(host, username, password, protocol=None, port=None): """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_clusters(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_datastore_clusters(host, username, password, protocol=None, port=None): +def list_datastore_clusters( + host, username, password, protocol=None, port=None, verify_ssl=True +): """ Returns a list of datastore clusters for the specified host. @@ -2444,6 +2573,9 @@ def list_datastore_clusters(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2451,14 +2583,21 @@ def list_datastore_clusters(host, username, password, protocol=None, port=None): salt '*' vsphere.list_datastore_clusters 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_datastore_clusters(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_datastores(host, username, password, protocol=None, port=None): +def list_datastores( + host, username, password, protocol=None, port=None, verify_ssl=True +): """ Returns a list of datastores for the specified host. @@ -2479,6 +2618,9 @@ def list_datastores(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2486,14 +2628,19 @@ def list_datastores(host, username, password, protocol=None, port=None): salt '*' vsphere.list_datastores 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_datastores(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_hosts(host, username, password, protocol=None, port=None): +def list_hosts(host, username, password, protocol=None, port=None, verify_ssl=True): """ Returns a list of hosts for the specified VMware environment. @@ -2514,6 +2661,9 @@ def list_hosts(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2521,14 +2671,21 @@ def list_hosts(host, username, password, protocol=None, port=None): salt '*' vsphere.list_hosts 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_hosts(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_resourcepools(host, username, password, protocol=None, port=None): +def list_resourcepools( + host, username, password, protocol=None, port=None, verify_ssl=True +): """ Returns a list of resource pools for the specified host. @@ -2549,6 +2706,9 @@ def list_resourcepools(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2556,14 +2716,19 @@ def list_resourcepools(host, username, password, protocol=None, port=None): salt '*' vsphere.list_resourcepools 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_resourcepools(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_networks(host, username, password, protocol=None, port=None): +def list_networks(host, username, password, protocol=None, port=None, verify_ssl=True): """ Returns a list of networks for the specified host. @@ -2584,6 +2749,9 @@ def list_networks(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2591,14 +2759,19 @@ def list_networks(host, username, password, protocol=None, port=None): salt '*' vsphere.list_networks 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_networks(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_vms(host, username, password, protocol=None, port=None): +def list_vms(host, username, password, protocol=None, port=None, verify_ssl=True): """ Returns a list of VMs for the specified host. @@ -2619,6 +2792,9 @@ def list_vms(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2626,14 +2802,19 @@ def list_vms(host, username, password, protocol=None, port=None): salt '*' vsphere.list_vms 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_vms(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_folders(host, username, password, protocol=None, port=None): +def list_folders(host, username, password, protocol=None, port=None, verify_ssl=True): """ Returns a list of folders for the specified host. @@ -2654,6 +2835,9 @@ def list_folders(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2661,14 +2845,19 @@ def list_folders(host, username, password, protocol=None, port=None): salt '*' vsphere.list_folders 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_folders(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_dvs(host, username, password, protocol=None, port=None): +def list_dvs(host, username, password, protocol=None, port=None, verify_ssl=True): """ Returns a list of distributed virtual switches for the specified host. @@ -2689,6 +2878,9 @@ def list_dvs(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2696,14 +2888,19 @@ def list_dvs(host, username, password, protocol=None, port=None): salt '*' vsphere.list_dvs 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_dvs(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_vapps(host, username, password, protocol=None, port=None): +def list_vapps(host, username, password, protocol=None, port=None, verify_ssl=True): """ Returns a list of vApps for the specified host. @@ -2724,6 +2921,9 @@ def list_vapps(host, username, password, protocol=None, port=None): Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2732,14 +2932,21 @@ def list_vapps(host, username, password, protocol=None, port=None): salt '*' vsphere.list_vapps 1.2.3.4 root bad-password """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) return salt.utils.vmware.list_vapps(service_instance) @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_ssds(host, username, password, protocol=None, port=None, host_names=None): +def list_ssds( + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True +): """ Returns a list of SSDs for the given host or list of host_names. @@ -2769,6 +2976,9 @@ def list_ssds(host, username, password, protocol=None, port=None, host_names=Non ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2781,7 +2991,12 @@ def list_ssds(host, username, password, protocol=None, port=None, host_names=Non host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -2798,7 +3013,9 @@ def list_ssds(host, username, password, protocol=None, port=None, host_names=Non @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def list_non_ssds(host, username, password, protocol=None, port=None, host_names=None): +def list_non_ssds( + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True +): """ Returns a list of Non-SSD disks for the given host or list of host_names. @@ -2835,6 +3052,9 @@ def list_non_ssds(host, username, password, protocol=None, port=None, host_names ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2847,7 +3067,12 @@ def list_non_ssds(host, username, password, protocol=None, port=None, host_names host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -2865,7 +3090,14 @@ def list_non_ssds(host, username, password, protocol=None, port=None, host_names @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def set_ntp_config( - host, username, password, ntp_servers, protocol=None, port=None, host_names=None + host, + username, + password, + ntp_servers, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Set NTP configuration for a given host of list of host_names. @@ -2900,6 +3132,9 @@ def set_ntp_config( ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -2912,7 +3147,12 @@ def set_ntp_config( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) if not isinstance(ntp_servers, list): raise CommandExecutionError("'ntp_servers' must be a list.") @@ -2947,7 +3187,14 @@ def set_ntp_config( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def service_start( - host, username, password, service_name, protocol=None, port=None, host_names=None + host, + username, + password, + service_name, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Start the named service for the given host or list of hosts. @@ -2994,6 +3241,9 @@ def service_start( location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3006,7 +3256,12 @@ def service_start( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) valid_services = [ @@ -3074,7 +3329,14 @@ def service_start( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def service_stop( - host, username, password, service_name, protocol=None, port=None, host_names=None + host, + username, + password, + service_name, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Stop the named service for the given host or list of hosts. @@ -3121,6 +3383,9 @@ def service_stop( location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3133,7 +3398,12 @@ def service_stop( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) valid_services = [ @@ -3199,7 +3469,14 @@ def service_stop( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def service_restart( - host, username, password, service_name, protocol=None, port=None, host_names=None + host, + username, + password, + service_name, + protocol=None, + port=None, + host_names=None, + verify_ssl=True, ): """ Restart the named service for the given host or list of hosts. @@ -3246,6 +3523,9 @@ def service_restart( location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3258,7 +3538,12 @@ def service_restart( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) valid_services = [ @@ -3334,6 +3619,7 @@ def set_service_policy( protocol=None, port=None, host_names=None, + verify_ssl=True, ): """ Set the service name's policy for a given host or list of hosts. @@ -3383,6 +3669,9 @@ def set_service_policy( for the ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3395,7 +3684,12 @@ def set_service_policy( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) valid_services = [ @@ -3481,7 +3775,7 @@ def set_service_policy( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def update_host_datetime( - host, username, password, protocol=None, port=None, host_names=None + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True ): """ Update the date/time on the given host or list of host_names. This function should be @@ -3513,6 +3807,9 @@ def update_host_datetime( location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3525,7 +3822,12 @@ def update_host_datetime( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -3550,7 +3852,7 @@ def update_host_datetime( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def update_host_password( - host, username, password, new_password, protocol=None, port=None + host, username, password, new_password, protocol=None, port=None, verify_ssl=True ): """ Update the password for a given host. @@ -3577,6 +3879,9 @@ def update_host_password( Optionally set to alternate port if the host is not using the default port. Default port is ``443``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3585,7 +3890,12 @@ def update_host_password( """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) # Get LocalAccountManager object account_manager = salt.utils.vmware.get_inventory(service_instance).accountManager @@ -3615,7 +3925,7 @@ def update_host_password( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def vmotion_disable( - host, username, password, protocol=None, port=None, host_names=None + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True ): """ Disable vMotion for a given host or list of host_names. @@ -3646,6 +3956,9 @@ def vmotion_disable( location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3658,7 +3971,12 @@ def vmotion_disable( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -3683,7 +4001,14 @@ def vmotion_disable( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") def vmotion_enable( - host, username, password, protocol=None, port=None, host_names=None, device="vmk0" + host, + username, + password, + protocol=None, + port=None, + host_names=None, + device="vmk0", + verify_ssl=True, ): """ Enable vMotion for a given host or list of host_names. @@ -3718,6 +4043,9 @@ def vmotion_enable( The device that uniquely identifies the VirtualNic that will be used for VMotion for each host. Defaults to ``vmk0``. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3730,7 +4058,12 @@ def vmotion_enable( host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) ret = {} @@ -3754,7 +4087,9 @@ def vmotion_enable( @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def vsan_add_disks(host, username, password, protocol=None, port=None, host_names=None): +def vsan_add_disks( + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True +): """ Add any VSAN-eligible disks to the VSAN System for the given host or list of host_names. @@ -3785,6 +4120,9 @@ def vsan_add_disks(host, username, password, protocol=None, port=None, host_name VSAN system for the ``host`` location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3797,7 +4135,12 @@ def vsan_add_disks(host, username, password, protocol=None, port=None, host_name host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) host_names = _check_hosts(service_instance, host, host_names) response = _get_vsan_eligible_disks(service_instance, host, host_names) @@ -3872,7 +4215,9 @@ def vsan_add_disks(host, username, password, protocol=None, port=None, host_name @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def vsan_disable(host, username, password, protocol=None, port=None, host_names=None): +def vsan_disable( + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True +): """ Disable VSAN for a given host or list of host_names. @@ -3902,6 +4247,9 @@ def vsan_disable(host, username, password, protocol=None, port=None, host_names= location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -3914,7 +4262,12 @@ def vsan_disable(host, username, password, protocol=None, port=None, host_names= host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) # Create a VSAN Configuration Object and set the enabled attribute to True vsan_config = vim.vsan.host.ConfigInfo() @@ -3961,7 +4314,9 @@ def vsan_disable(host, username, password, protocol=None, port=None, host_names= @depends(HAS_PYVMOMI) @ignores_kwargs("credstore") -def vsan_enable(host, username, password, protocol=None, port=None, host_names=None): +def vsan_enable( + host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True +): """ Enable VSAN for a given host or list of host_names. @@ -3991,6 +4346,9 @@ def vsan_enable(host, username, password, protocol=None, port=None, host_names=N location instead. This is useful for when service instance connection information is used for a single ESXi host. + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -4003,7 +4361,12 @@ def vsan_enable(host, username, password, protocol=None, port=None, host_names=N host_names='[esxi-1.host.com, esxi-2.host.com]' """ service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) # Create a VSAN Configuration Object and set the enabled attribute to True vsan_config = vim.vsan.host.ConfigInfo() @@ -7489,6 +7852,7 @@ def add_host_to_dvs( protocol=None, port=None, host_names=None, + verify_ssl=True, ): """ Adds an ESXi host to a vSphere Distributed Virtual Switch and migrates @@ -7531,6 +7895,9 @@ def add_host_to_dvs( host_names: An array of VMware host names to migrate + verify_ssl + Verify the SSL certificate. Default: True + CLI Example: .. code-block:: bash @@ -7658,7 +8025,12 @@ def add_host_to_dvs( ret["success"] = True ret["message"] = [] service_instance = salt.utils.vmware.get_service_instance( - host=host, username=username, password=password, protocol=protocol, port=port + host=host, + username=username, + password=password, + protocol=protocol, + port=port, + verify_ssl=verify_ssl, ) dvs = salt.utils.vmware._get_dvs(service_instance, dvs_name) if not dvs: @@ -9926,7 +10298,7 @@ def _delete_device(device): return device_spec -def _get_client(server, username, password): +def _get_client(server, username, password, verify_ssl=None, ca_bundle=None): """ Establish client through proxy or with user provided credentials. @@ -9936,12 +10308,17 @@ def _get_client(server, username, password): Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :returns: vSphere Client instance. :rtype: vSphere.Client """ # Get salted vSphere Client + details = None if not (server and username and password): # User didn't provide CLI args so use proxy information details = __salt__["vcenter.get_details"]() @@ -9949,9 +10326,32 @@ def _get_client(server, username, password): username = details["username"] password = details["password"] + if verify_ssl is None: + if details is None: + details = __salt__["vcenter.get_details"]() + verify_ssl = details.get("verify_ssl", True) + if verify_ssl is None: + verify_ssl = True + + if ca_bundle is None: + if details is None: + details = __salt__["vcenter.get_details"]() + ca_bundle = details.get("ca_bundle", None) + + if verify_ssl is False and ca_bundle is not None: + log.error("Cannot set verify_ssl to False and ca_bundle together") + return False + + if ca_bundle: + ca_bundle = salt.utils.http.get_ca_bundle({"ca_bundle": ca_bundle}) + # Establish connection with client client = salt.utils.vmware.get_vsphere_client( - server=server, username=username, password=password + server=server, + username=username, + password=password, + verify_ssl=verify_ssl, + ca_bundle=ca_bundle, ) # Will return None if utility function causes Unauthenticated error return client @@ -9961,7 +10361,12 @@ def _get_client(server, username, password): @supports_proxies("vcenter") @gets_service_instance_via_proxy def list_tag_categories( - server=None, username=None, password=None, service_instance=None + server=None, + username=None, + password=None, + service_instance=None, + verify_ssl=None, + ca_bundle=None, ): """ List existing categories a user has access to. @@ -9978,13 +10383,19 @@ def list_tag_categories( Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :returns: Value(s) of category_id. :rtype: list of str """ categories = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: categories = client.tagging.Category.list() @@ -9994,7 +10405,14 @@ def list_tag_categories( @depends(HAS_PYVMOMI, HAS_VSPHERE_SDK) @supports_proxies("vcenter") @gets_service_instance_via_proxy -def list_tags(server=None, username=None, password=None, service_instance=None): +def list_tags( + server=None, + username=None, + password=None, + service_instance=None, + verify_ssl=None, + ca_bundle=None, +): """ List existing tags a user has access to. @@ -10010,13 +10428,19 @@ def list_tags(server=None, username=None, password=None, service_instance=None): Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :return: Value(s) of tag_id. :rtype: list of str """ tags = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: tags = client.tagging.Tag.list() @@ -10034,6 +10458,8 @@ def attach_tag( username=None, password=None, service_instance=None, + verify_ssl=None, + ca_bundle=None, ): """ Attach an existing tag to an input object. @@ -10066,6 +10492,10 @@ def attach_tag( Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :return: The list of all tag identifiers that correspond to the tags attached to the given object. @@ -10077,7 +10507,9 @@ def attach_tag( if the user can not be authenticated. """ tag_attached = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: # Create dynamic id object associated with a type and an id. @@ -10110,6 +10542,8 @@ def list_attached_tags( username=None, password=None, service_instance=None, + verify_ssl=None, + ca_bundle=None, ): """ List existing tags a user has access to. @@ -10132,6 +10566,10 @@ def list_attached_tags( Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :return: The list of all tag identifiers that correspond to the tags attached to the given object. @@ -10143,7 +10581,9 @@ def list_attached_tags( if the user can not be authenticated. """ attached_tags = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: # Create dynamic id object associated with a type and an id. @@ -10175,6 +10615,8 @@ def create_tag_category( username=None, password=None, service_instance=None, + verify_ssl=None, + ca_bundle=None, ): """ Create a category with given cardinality. @@ -10197,6 +10639,10 @@ def create_tag_category( Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :return: Identifier of the created category. :rtype: @@ -10210,7 +10656,9 @@ def create_tag_category( if you do not have the privilege to create a category. """ category_created = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: if cardinality == "SINGLE": @@ -10241,7 +10689,13 @@ def create_tag_category( @supports_proxies("vcenter") @gets_service_instance_via_proxy def delete_tag_category( - category_id, server=None, username=None, password=None, service_instance=None + category_id, + server=None, + username=None, + password=None, + service_instance=None, + verify_ssl=None, + ca_bundle=None, ): """ Delete a category. @@ -10262,6 +10716,10 @@ def delete_tag_category( Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :raise: NotFound if the tag for the given tag_id does not exist in the system. :raise: Unauthorized @@ -10270,7 +10728,9 @@ def delete_tag_category( if the user can not be authenticated. """ category_deleted = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: try: @@ -10294,6 +10754,8 @@ def create_tag( username=None, password=None, service_instance=None, + verify_ssl=None, + ca_bundle=None, ): """ Create a tag under a category with given description. @@ -10316,6 +10778,10 @@ def create_tag( Given description of tag category. :param str category_id: Value of category_id representative of the category created previously. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :return: The identifier of the created tag. :rtype: @@ -10332,7 +10798,9 @@ def create_tag( if you do not have the privilege to create tag. """ tag_created = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: create_spec = client.tagging.Tag.CreateSpec() @@ -10353,7 +10821,13 @@ def create_tag( @supports_proxies("vcenter") @gets_service_instance_via_proxy def delete_tag( - tag_id, server=None, username=None, password=None, service_instance=None + tag_id, + server=None, + username=None, + password=None, + service_instance=None, + verify_ssl=None, + ca_bundle=None, ): """ Delete a tag. @@ -10374,6 +10848,10 @@ def delete_tag( Username associated with the vCenter center. :param basestring password: Password associated with the vCenter center. + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :raise: AlreadyExists if the name provided in the create_spec is the name of an already existing category. @@ -10383,7 +10861,9 @@ def delete_tag( if you do not have the privilege to create a category. """ tag_deleted = None - client = _get_client(server, username, password) + client = _get_client( + server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle + ) if client: try: diff --git a/salt/modules/zenoss.py b/salt/modules/zenoss.py index 9c6b7de7b5..5cb64bed18 100644 --- a/salt/modules/zenoss.py +++ b/salt/modules/zenoss.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Module for working with the Zenoss API @@ -16,18 +15,19 @@ Module for working with the Zenoss API hostname: https://zenoss.example.com username: admin password: admin123 + verify_ssl: True + ca_bundle: /etc/ssl/certs/ca-certificates.crt """ -from __future__ import absolute_import, print_function, unicode_literals - import logging import re +import salt.utils.http import salt.utils.json try: - import requests + import requests # pylint: disable=unused-import HAS_LIBS = True except ImportError: @@ -53,7 +53,7 @@ def __virtual__(): else: return ( False, - "The '{0}' module could not be loaded: " + "The '{}' module could not be loaded: " "'requests' is not installed.".format(__virtualname__), ) @@ -79,11 +79,13 @@ def _session(): """ config = __salt__["config.option"]("zenoss") - session = requests.session() - session.auth = (config.get("username"), config.get("password")) - session.verify = False - session.headers.update({"Content-type": "application/json; charset=utf-8"}) - return session + return salt.utils.http.session( + user=config.get("username"), + password=config.get("password"), + verify_ssl=config.get("verify_ssl", True), + ca_bundle=config.get("ca_bundle"), + headers={"Content-type": "application/json; charset=utf-8"}, + ) def _router_request(router, method, data=None): @@ -99,7 +101,7 @@ def _router_request(router, method, data=None): config = __salt__["config.option"]("zenoss") log.debug("Making request to router %s with method %s", router, method) - url = "{0}/zport/dmd/{1}_router".format(config.get("hostname"), ROUTERS[router]) + url = "{}/zport/dmd/{}_router".format(config.get("hostname"), ROUTERS[router]) response = _session().post(url, data=req_data) # The API returns a 200 response code even whe auth is bad. @@ -212,7 +214,7 @@ def set_prod_state(prod_state, device=None): device_object = find_device(device) if not device_object: - return "Unable to find a device in Zenoss for {0}".format(device) + return "Unable to find a device in Zenoss for {}".format(device) log.info("Setting prodState to %d on %s device", prod_state, device) data = dict( diff --git a/salt/pillar/vmware_pillar.py b/salt/pillar/vmware_pillar.py index a33b394500..08bdb18e56 100644 --- a/salt/pillar/vmware_pillar.py +++ b/salt/pillar/vmware_pillar.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Pillar data from vCenter or an ESXi host @@ -142,18 +141,12 @@ Optionally, the following keyword arguments can be passed to the ext_pillar for part of the pillar regardless of this setting. """ -from __future__ import absolute_import, print_function, unicode_literals -# Import python libs import logging -# Import salt libs import salt.utils.dictupdate as dictupdate import salt.utils.vmware -# Import 3rd-party libs -from salt.ext import six - try: # pylint: disable=no-name-in-module from pyVmomi import vim @@ -370,7 +363,12 @@ def ext_pillar(minion_id, pillar, **kwargs): # pylint: disable=W0613 vmware_pillar[pillar_key] = {} try: _conn = salt.utils.vmware.get_service_instance( - host, username, password, protocol, port + host, + username, + password, + protocol, + port, + verify_ssl=kwargs.get("verify_ssl", True), ) if _conn: data = None @@ -410,12 +408,10 @@ def ext_pillar(minion_id, pillar, **kwargs): # pylint: disable=W0613 ) except RuntimeError: log.error( - ( - "A runtime error occurred in the vmware_pillar, " - "this is likely caused by an infinite recursion in " - "a requested attribute. Verify your requested attributes " - "and reconfigure the pillar." - ) + "A runtime error occurred in the vmware_pillar, " + "this is likely caused by an infinite recursion in " + "a requested attribute. Verify your requested attributes " + "and reconfigure the pillar." ) return vmware_pillar @@ -435,7 +431,7 @@ def _recurse_config_to_dict(t_data): return t_list elif isinstance(t_data, dict): t_dict = {} - for k, v in six.iteritems(t_data): + for k, v in t_data.items(): t_dict[k] = _recurse_config_to_dict(v) return t_dict else: diff --git a/salt/proxy/cimc.py b/salt/proxy/cimc.py index f302eaa6cc..a6002440ef 100644 --- a/salt/proxy/cimc.py +++ b/salt/proxy/cimc.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Proxy Minion interface module for managing Cisco Integrated Management Controller devices ========================================================================================= @@ -40,6 +39,7 @@ the ID. host: username: password: + verify_ssl: True proxytype ^^^^^^^^^ @@ -66,13 +66,10 @@ password The password used to login to the cimc host. Required. """ -from __future__ import absolute_import, print_function, unicode_literals -# Import Python Libs import logging import re -# Import Salt Libs import salt.exceptions from salt._compat import ElementTree as ET @@ -102,9 +99,7 @@ def _validate_response_code(response_code_to_check, cookie_to_logout=None): if formatted_response_code not in ["200", "201", "202", "204"]: if cookie_to_logout: logout(cookie_to_logout) - log.error( - "Received error HTTP status code: {0}".format(formatted_response_code) - ) + log.error("Received error HTTP status code: {}".format(formatted_response_code)) raise salt.exceptions.CommandExecutionError( "Did not receive a valid response from host." ) @@ -125,7 +120,7 @@ def init(opts): log.critical("No 'passwords' key found in pillar for this proxy.") return False - DETAILS["url"] = "https://{0}/nuova".format(opts["proxy"]["host"]) + DETAILS["url"] = "https://{}/nuova".format(opts["proxy"]["host"]) DETAILS["headers"] = { "Content-Type": "application/x-www-form-urlencoded", "Content-Length": 62, @@ -136,6 +131,10 @@ def init(opts): DETAILS["host"] = opts["proxy"]["host"] DETAILS["username"] = opts["proxy"].get("username") DETAILS["password"] = opts["proxy"].get("password") + verify_ssl = opts["proxy"].get("verify_ssl") + if verify_ssl is None: + verify_ssl = True + DETAILS["verify_ssl"] = verify_ssl # Ensure connectivity to the device log.debug("Attempting to connect to cimc proxy host.") @@ -158,8 +157,8 @@ def set_config_modify(dn=None, inconfig=None, hierarchical=False): h = "true" payload = ( - '' - "{3}".format(cookie, h, dn, inconfig) + '' + "{}".format(cookie, h, dn, inconfig) ) r = __utils__["http.query"]( DETAILS["url"], @@ -167,7 +166,7 @@ def set_config_modify(dn=None, inconfig=None, hierarchical=False): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], raise_error=True, status=True, headers=DETAILS["headers"], @@ -195,7 +194,7 @@ def get_config_resolver_class(cid=None, hierarchical=False): if hierarchical is True: h = "true" - payload = ''.format( + payload = ''.format( cookie, h, cid ) r = __utils__["http.query"]( @@ -204,7 +203,7 @@ def get_config_resolver_class(cid=None, hierarchical=False): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], raise_error=True, status=True, headers=DETAILS["headers"], @@ -226,7 +225,7 @@ def logon(): Logs into the cimc device and returns the session cookie. """ content = {} - payload = "".format( + payload = "".format( DETAILS["username"], DETAILS["password"] ) r = __utils__["http.query"]( @@ -235,7 +234,7 @@ def logon(): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], raise_error=False, status=True, headers=DETAILS["headers"], @@ -265,7 +264,7 @@ def logout(cookie=None): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], raise_error=True, headers=DETAILS["headers"], ) diff --git a/salt/proxy/panos.py b/salt/proxy/panos.py index 5c298b4f7d..50a4639911 100644 --- a/salt/proxy/panos.py +++ b/salt/proxy/panos.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Proxy Minion interface module for managing Palo Alto firewall devices ===================================================================== @@ -53,6 +52,7 @@ the device with username and password. host: username: password: + verify_ssl: True proxytype ^^^^^^^^^ @@ -203,17 +203,12 @@ apikey The generated XML API key for the Panorama server. Required. """ -from __future__ import absolute_import, print_function, unicode_literals -# Import Python Libs import logging import salt.exceptions import salt.utils.xmlutil as xml - -# Import Salt Libs from salt._compat import ElementTree as ET -from salt.ext import six # This must be present or the Salt loader won't load this module. __proxyenabled__ = ["panos"] @@ -270,10 +265,11 @@ def init(opts): log.critical("No 'passwords' key found in pillar for this proxy.") return False - DETAILS["url"] = "https://{0}/api/".format(opts["proxy"]["host"]) + DETAILS["url"] = "https://{}/api/".format(opts["proxy"]["host"]) # Set configuration details DETAILS["host"] = opts["proxy"]["host"] + DETAILS["verify_ssl"] = opts["proxy"].get("verify_ssl", True) if "serial" in opts["proxy"]: DETAILS["serial"] = opts["proxy"].get("serial") if "apikey" in opts["proxy"]: @@ -321,7 +317,7 @@ def call(payload=None): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], status=True, raise_error=True, ) @@ -335,7 +331,7 @@ def call(payload=None): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], status=True, raise_error=True, ) @@ -352,7 +348,7 @@ def call(payload=None): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], status=True, raise_error=True, ) @@ -368,7 +364,7 @@ def call(payload=None): method="POST", decode_type="plain", decode=True, - verify_ssl=False, + verify_ssl=DETAILS["verify_ssl"], status=True, raise_error=True, ) @@ -382,21 +378,21 @@ def call(payload=None): "Did not receive a valid response from host." ) - if six.text_type(r["status"]) not in ["200", "201", "204"]: - if six.text_type(r["status"]) == "400": + if str(r["status"]) not in ["200", "201", "204"]: + if str(r["status"]) == "400": raise salt.exceptions.CommandExecutionError( "The server cannot process the request due to a client error." ) - elif six.text_type(r["status"]) == "401": + elif str(r["status"]) == "401": raise salt.exceptions.CommandExecutionError( "The server cannot process the request because it lacks valid authentication " "credentials for the target resource." ) - elif six.text_type(r["status"]) == "403": + elif str(r["status"]) == "403": raise salt.exceptions.CommandExecutionError( "The server refused to authorize the request." ) - elif six.text_type(r["status"]) == "404": + elif str(r["status"]) == "404": raise salt.exceptions.CommandExecutionError( "The requested resource could not be found." ) diff --git a/salt/proxy/vcenter.py b/salt/proxy/vcenter.py index fa1d090bd2..4bbdb0ee66 100644 --- a/salt/proxy/vcenter.py +++ b/salt/proxy/vcenter.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Proxy Minion interface module for managing VMWare vCenters. @@ -182,13 +181,10 @@ and that host would reach out over the network and communicate with the ESXi host. """ -# Import Python Libs -from __future__ import absolute_import, print_function, unicode_literals import logging import os -# Import Salt Libs import salt.exceptions from salt.config.schemas.vcenter import VCenterProxySchema from salt.utils.dictupdate import merge @@ -277,6 +273,8 @@ def init(opts): # Save optional DETAILS["protocol"] = proxy_conf.get("protocol") DETAILS["port"] = proxy_conf.get("port") + DETAILS["verify_ssl"] = proxy_conf.get("verify_ssl") + DETAILS["ca_bundle"] = proxy_conf.get("ca_bundle") # Test connection if DETAILS["mechanism"] == "userpass": diff --git a/salt/returners/splunk.py b/salt/returners/splunk.py index 509eab3cf7..fe4194485e 100644 --- a/salt/returners/splunk.py +++ b/salt/returners/splunk.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Send json response data to Splunk via the HTTP Event Collector @@ -11,29 +10,23 @@ Requires the following config values to be specified in config or pillar: indexer: sourcetype: index: + verify_ssl: true Run a test by using ``salt-call test.ping --return splunk`` Written by Scott Pack (github.com/scottjpack) """ -# Import Python libs -from __future__ import absolute_import, print_function, unicode_literals import logging import socket import time import requests - -# Import salt libs import salt.utils.json - -# Import 3rd-party libs from salt.ext import six _max_content_bytes = 100000 -http_event_collector_SSL_verify = False http_event_collector_debug = False log = logging.getLogger(__name__) @@ -62,6 +55,9 @@ def _get_options(): indexer = __salt__["config.get"]("splunk_http_forwarder:indexer") sourcetype = __salt__["config.get"]("splunk_http_forwarder:sourcetype") index = __salt__["config.get"]("splunk_http_forwarder:index") + verify_ssl = __salt__["config.get"]( + "splunk_http_forwarder:verify_ssl", default=True + ) except Exception: # pylint: disable=broad-except log.error("Splunk HTTP Forwarder parameters not present in config.") return None @@ -70,6 +66,7 @@ def _get_options(): "indexer": indexer, "sourcetype": sourcetype, "index": index, + "verify_ssl": verify_ssl, } return splunk_opts @@ -84,14 +81,17 @@ def _send_splunk(event, index_override=None, sourcetype_override=None): # Get Splunk Options opts = _get_options() log.info( - str("Options: %s"), # future lint: disable=blacklisted-function + "Options: %s", # future lint: disable=blacklisted-function salt.utils.json.dumps(opts), ) http_event_collector_key = opts["token"] http_event_collector_host = opts["indexer"] + http_event_collector_verify_ssl = opts["verify_ssl"] # Set up the collector splunk_event = http_event_collector( - http_event_collector_key, http_event_collector_host + http_event_collector_key, + http_event_collector_host, + verify_ssl=http_event_collector_verify_ssl, ) # init the payload payload = {} @@ -109,7 +109,7 @@ def _send_splunk(event, index_override=None, sourcetype_override=None): # Add the event payload.update({"event": event}) log.info( - str("Payload: %s"), # future lint: disable=blacklisted-function + "Payload: %s", # future lint: disable=blacklisted-function salt.utils.json.dumps(payload), ) # Fire it off @@ -120,7 +120,7 @@ def _send_splunk(event, index_override=None, sourcetype_override=None): # Thanks to George Starcher for the http_event_collector class (https://github.com/georgestarcher/) -class http_event_collector(object): +class http_event_collector: def __init__( self, token, @@ -129,11 +129,13 @@ class http_event_collector(object): http_event_port="8088", http_event_server_ssl=True, max_bytes=_max_content_bytes, + verify_ssl=True, ): self.token = token self.batchEvents = [] self.maxByteLength = max_bytes self.currentByteLength = 0 + self.verify_ssl = verify_ssl # Set host to specified value or default to localhostname if no value provided if host: @@ -164,7 +166,7 @@ class http_event_collector(object): # If eventtime in epoch not passed as optional argument use current system time in epoch if not eventtime: - eventtime = six.text_type(int(time.time())) + eventtime = str(int(time.time())) # Fill in local hostname if not manually populated if "host" not in payload: @@ -179,7 +181,7 @@ class http_event_collector(object): self.server_uri, data=salt.utils.json.dumps(data), headers=headers, - verify=http_event_collector_SSL_verify, + verify=self.verify_ssl, ) # Print debug info if flag set @@ -207,7 +209,7 @@ class http_event_collector(object): # If eventtime in epoch not passed as optional argument use current system time in epoch if not eventtime: - eventtime = six.text_type(int(time.time())) + eventtime = str(int(time.time())) # Update time value on payload if need to use system time data = {"time": eventtime} @@ -224,7 +226,7 @@ class http_event_collector(object): self.server_uri, data=" ".join(self.batchEvents), headers=headers, - verify=http_event_collector_SSL_verify, + verify=self.verify_ssl, ) self.batchEvents = [] self.currentByteLength = 0 diff --git a/salt/runners/asam.py b/salt/runners/asam.py index f53dfba69d..4c999d3ba2 100644 --- a/salt/runners/asam.py +++ b/salt/runners/asam.py @@ -17,9 +17,11 @@ master configuration at ``/etc/salt/master`` or ``/etc/salt/master.d/asam.conf`` prov1.domain.com username: "testuser" password: "verybadpass" + verify_ssl: true prov2.domain.com username: "testuser" password: "verybadpass" + verify_ssl: true .. note:: @@ -84,6 +86,10 @@ def _get_asam_configuration(driver_url=""): password = service_config.get("password", None) protocol = service_config.get("protocol", "https") port = service_config.get("port", 3451) + verify_ssl = service_config.get("verify_ssl") + + if verify_ssl is None: + verify_ssl = True if not username or not password: log.error( @@ -108,6 +114,7 @@ def _get_asam_configuration(driver_url=""): ), "username": username, "password": password, + "verify_ssl": verify_ssl, } if (not driver_url) or (driver_url == asam_server): @@ -206,7 +213,7 @@ def remove_platform(name, server_url): auth = (config["username"], config["password"]) try: - html_content = _make_post_request(url, data, auth, verify=False) + html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"]) except Exception as exc: # pylint: disable=broad-except err_msg = "Failed to look up existing platforms on {}".format(server_url) log.error("%s:\n%s", err_msg, exc) @@ -222,7 +229,9 @@ def remove_platform(name, server_url): data["postType"] = "platformRemove" data["Submit"] = "Yes" try: - html_content = _make_post_request(url, data, auth, verify=False) + html_content = _make_post_request( + url, data, auth, verify=config["verify_ssl"] + ) except Exception as exc: # pylint: disable=broad-except err_msg = "Failed to delete platform from {}".format(server_url) log.error("%s:\n%s", err_msg, exc) @@ -261,7 +270,7 @@ def list_platforms(server_url): auth = (config["username"], config["password"]) try: - html_content = _make_post_request(url, data, auth, verify=False) + html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"]) except Exception as exc: # pylint: disable=broad-except err_msg = "Failed to look up existing platforms" log.error("%s:\n%s", err_msg, exc) @@ -299,7 +308,7 @@ def list_platform_sets(server_url): auth = (config["username"], config["password"]) try: - html_content = _make_post_request(url, data, auth, verify=False) + html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"]) except Exception as exc: # pylint: disable=broad-except err_msg = "Failed to look up existing platform sets" log.error("%s:\n%s", err_msg, exc) @@ -351,7 +360,7 @@ def add_platform(name, platform_set, server_url): auth = (config["username"], config["password"]) try: - html_content = _make_post_request(url, data, auth, verify=False) + html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"]) except Exception as exc: # pylint: disable=broad-except err_msg = "Failed to add platform on {}".format(server_url) log.error("%s:\n%s", err_msg, exc) diff --git a/salt/states/esxi.py b/salt/states/esxi.py index 6f4d44306b..12a592dc29 100644 --- a/salt/states/esxi.py +++ b/salt/states/esxi.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Manage VMware ESXi Hosts. @@ -91,8 +90,6 @@ configuration examples, dependency installation instructions, how to run remote execution functions against ESXi hosts via a Salt Proxy Minion, and a larger state example. """ -# Import Python Libs -from __future__ import absolute_import, print_function, unicode_literals import logging import re @@ -108,8 +105,6 @@ from salt.exceptions import ( VMwareObjectRetrievalError, VMwareSaltError, ) - -# Import Salt Libs from salt.ext import six from salt.utils.decorators import depends @@ -201,7 +196,7 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500 current_config = __salt__[esxi_cmd]("get_coredump_network_config").get(host) error = current_config.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret current_config = current_config.get("Coredump Config") @@ -217,7 +212,7 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500 ).get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret # Allow users to disable core dump, but then return since @@ -252,9 +247,9 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500 changes = True current_port = current_config.get("port") - if current_port != six.text_type(dump_port): + if current_port != str(dump_port): ret["changes"].update( - {"dump_port": {"old": current_port, "new": six.text_type(dump_port)}} + {"dump_port": {"old": current_port, "new": str(dump_port)}} ) changes = True @@ -270,7 +265,7 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500 msg = response.get("stderr") if not msg: msg = response.get("stdout") - ret["comment"] = "Error: {0}".format(msg) + ret["comment"] = "Error: {}".format(msg) return ret ret["result"] = True @@ -328,7 +323,7 @@ def password_present(name, password): __salt__[esxi_cmd]("update_host_password", new_password=password) except CommandExecutionError as err: ret["result"] = False - ret["comment"] = "Error: {0}".format(err) + ret["comment"] = "Error: {}".format(err) return ret return ret @@ -400,7 +395,7 @@ def ntp_configured( ntp_running = __salt__[esxi_cmd]("get_service_running", service_name=ntpd).get(host) error = ntp_running.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ntp_running = ntp_running.get(ntpd) @@ -413,7 +408,7 @@ def ntp_configured( ).get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret # Set changes dictionary for ntp_servers ret["changes"].update({"ntp_servers": {"old": ntp_config, "new": ntp_servers}}) @@ -429,7 +424,7 @@ def ntp_configured( ) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret # Stop ntpd if service_running=False else: @@ -438,7 +433,7 @@ def ntp_configured( ) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( {"service_running": {"old": ntp_running, "new": service_running}} @@ -451,7 +446,7 @@ def ntp_configured( ).get(host) error = current_service_policy.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret current_service_policy = current_service_policy.get(ntpd) @@ -465,7 +460,7 @@ def ntp_configured( ).get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( { @@ -483,7 +478,7 @@ def ntp_configured( response = __salt__[esxi_cmd]("update_host_datetime").get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( {"update_datetime": {"old": "", "new": "Host datetime was updated."}} @@ -498,7 +493,7 @@ def ntp_configured( ) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( {"service_restart": {"old": "", "new": "NTP Daemon Restarted."}} @@ -559,14 +554,14 @@ def vmotion_configured(name, enabled, device="vmk0"): response = __salt__[esxi_cmd]("vmotion_enable", device=device).get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret # Disable VMotion if enabled=False else: response = __salt__[esxi_cmd]("vmotion_disable").get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( {"enabled": {"old": current_vmotion_enabled, "new": enabled}} @@ -618,7 +613,7 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False): current_vsan_enabled = __salt__[esxi_cmd]("get_vsan_enabled").get(host) error = current_vsan_enabled.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret current_vsan_enabled = current_vsan_enabled.get("VSAN Enabled") @@ -631,14 +626,14 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False): response = __salt__[esxi_cmd]("vsan_enable").get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret # Disable VSAN if enabled=False else: response = __salt__[esxi_cmd]("vsan_disable").get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( {"enabled": {"old": current_vsan_enabled, "new": enabled}} @@ -649,7 +644,7 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False): current_eligible_disks = __salt__[esxi_cmd]("get_vsan_eligible_disks").get(host) error = current_eligible_disks.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret disks = current_eligible_disks.get("Eligible") @@ -659,7 +654,7 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False): response = __salt__[esxi_cmd]("vsan_add_disks").get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update({"add_disks_to_vsan": {"old": "", "new": disks}}) @@ -683,7 +678,7 @@ def ssh_configured( ssh_key_file=None, service_policy=None, service_restart=False, - certificate_verify=False, + certificate_verify=None, ): """ Manage the SSH configuration for a host including whether or not SSH is running or @@ -724,7 +719,7 @@ def ssh_configured( certificate_verify If set to ``True``, the SSL connection must present a valid certificate. - Default is ``False``. + Default is ``True``. Example: @@ -739,6 +734,8 @@ def ssh_configured( - certificate_verify: True """ + if certificate_verify is None: + certificate_verify = True ret = {"name": name, "result": False, "changes": {}, "comment": ""} esxi_cmd = "esxi.cmd" host = __pillar__["proxy"]["host"] @@ -747,7 +744,7 @@ def ssh_configured( ssh_running = __salt__[esxi_cmd]("get_service_running", service_name=ssh).get(host) error = ssh_running.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ssh_running = ssh_running.get(ssh) @@ -760,14 +757,14 @@ def ssh_configured( enable = __salt__[esxi_cmd]("service_start", service_name=ssh).get(host) error = enable.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret # Disable SSH if service_running=False else: disable = __salt__[esxi_cmd]("service_stop", service_name=ssh).get(host) error = disable.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( @@ -783,7 +780,7 @@ def ssh_configured( ) error = current_ssh_key.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret current_ssh_key = current_ssh_key.get("key") if current_ssh_key: @@ -822,7 +819,7 @@ def ssh_configured( ) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( { @@ -840,7 +837,7 @@ def ssh_configured( ).get(host) error = current_service_policy.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret current_service_policy = current_service_policy.get(ssh) @@ -854,7 +851,7 @@ def ssh_configured( ).get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( { @@ -872,7 +869,7 @@ def ssh_configured( response = __salt__[esxi_cmd]("service_restart", service_name=ssh).get(host) error = response.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret ret["changes"].update( {"service_restart": {"old": "", "new": "SSH service restarted."}} @@ -965,17 +962,17 @@ def syslog_configured( reset = __salt__[esxi_cmd]( "reset_syslog_config", syslog_config=reset_configs ).get(host) - for key, val in six.iteritems(reset): + for key, val in reset.items(): if isinstance(val, bool): continue if not val.get("success"): msg = val.get("message") if not msg: msg = ( - "There was an error resetting a syslog config '{0}'." + "There was an error resetting a syslog config '{}'." "Please check debug logs.".format(val) ) - ret["comment"] = "Error: {0}".format(msg) + ret["comment"] = "Error: {}".format(msg) return ret ret["changes"].update( @@ -985,7 +982,7 @@ def syslog_configured( current_firewall = __salt__[esxi_cmd]("get_firewall_status").get(host) error = current_firewall.get("Error") if error: - ret["comment"] = "Error: {0}".format(error) + ret["comment"] = "Error: {}".format(error) return ret current_firewall = current_firewall.get("rulesets").get("syslog") @@ -1000,23 +997,23 @@ def syslog_configured( if enabled.get("retcode") != 0: err = enabled.get("stderr") out = enabled.get("stdout") - ret["comment"] = "Error: {0}".format(err if err else out) + ret["comment"] = "Error: {}".format(err if err else out) return ret ret["changes"].update({"firewall": {"old": current_firewall, "new": firewall}}) current_syslog_config = __salt__[esxi_cmd]("get_syslog_config").get(host) - for key, val in six.iteritems(syslog_configs): + for key, val in syslog_configs.items(): # The output of get_syslog_config has different keys than the keys # Used to set syslog_config values. We need to look them up first. try: lookup_key = _lookup_syslog_config(key) except KeyError: - ret["comment"] = "'{0}' is not a valid config variable.".format(key) + ret["comment"] = "'{}' is not a valid config variable.".format(key) return ret current_val = current_syslog_config[lookup_key] - if six.text_type(current_val) != six.text_type(val): + if str(current_val) != str(val): # Only run the command if not using test=True if not __opts__["test"]: response = __salt__[esxi_cmd]( @@ -1031,7 +1028,7 @@ def syslog_configured( msg = response.get(key).get("message") if not msg: msg = ( - "There was an error setting syslog config '{0}'. " + "There was an error setting syslog config '{}'. " "Please check debug logs.".format(key) ) ret["comment"] = msg @@ -1101,7 +1098,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): if not proxy_details.get("vcenter") else proxy_details["esxi_host"] ) - log.info("Running state {0} for host '{1}'".format(name, hostname)) + log.info("Running state {} for host '{}'".format(name, hostname)) # Variable used to return the result of the invocation ret = {"name": name, "result": None, "changes": {}, "comments": None} # Signals if errors have been encountered @@ -1124,23 +1121,20 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): host_disks = __salt__["vsphere.list_disks"](service_instance=si) if not host_disks: raise VMwareObjectRetrievalError( - "No disks retrieved from host '{0}'".format(hostname) + "No disks retrieved from host '{}'".format(hostname) ) scsi_addr_to_disk_map = {d["scsi_address"]: d for d in host_disks} - log.trace("scsi_addr_to_disk_map = {0}".format(scsi_addr_to_disk_map)) + log.trace("scsi_addr_to_disk_map = {}".format(scsi_addr_to_disk_map)) existing_diskgroups = __salt__["vsphere.list_diskgroups"](service_instance=si) cache_disk_to_existing_diskgroup_map = { dg["cache_disk"]: dg for dg in existing_diskgroups } except CommandExecutionError as err: - log.error("Error: {0}".format(err)) + log.error("Error: {}".format(err)) if si: __salt__["vsphere.disconnect"](si) ret.update( - { - "result": False if not __opts__["test"] else None, - "comment": six.text_type(err), - } + {"result": False if not __opts__["test"] else None, "comment": str(err),} ) return ret @@ -1149,7 +1143,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): # Check for cache disk if not dg["cache_scsi_addr"] in scsi_addr_to_disk_map: comments.append( - "No cache disk with scsi address '{0}' was " + "No cache disk with scsi address '{}' was " "found.".format(dg["cache_scsi_addr"]) ) log.error(comments[-1]) @@ -1158,7 +1152,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): # Check for capacity disks cache_disk_id = scsi_addr_to_disk_map[dg["cache_scsi_addr"]]["id"] - cache_disk_display = "{0} (id:{1})".format(dg["cache_scsi_addr"], cache_disk_id) + cache_disk_display = "{} (id:{})".format(dg["cache_scsi_addr"], cache_disk_id) bad_scsi_addrs = [] capacity_disk_ids = [] capacity_disk_displays = [] @@ -1168,13 +1162,13 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): continue capacity_disk_ids.append(scsi_addr_to_disk_map[scsi_addr]["id"]) capacity_disk_displays.append( - "{0} (id:{1})".format(scsi_addr, capacity_disk_ids[-1]) + "{} (id:{})".format(scsi_addr, capacity_disk_ids[-1]) ) if bad_scsi_addrs: comments.append( - "Error in diskgroup #{0}: capacity disks with " - "scsi addresses {1} were not found." - "".format(idx, ", ".join(["'{0}'".format(a) for a in bad_scsi_addrs])) + "Error in diskgroup #{}: capacity disks with " + "scsi addresses {} were not found." + "".format(idx, ", ".join(["'{}'".format(a) for a in bad_scsi_addrs])) ) log.error(comments[-1]) errors = True @@ -1182,14 +1176,14 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): if not cache_disk_to_existing_diskgroup_map.get(cache_disk_id): # A new diskgroup needs to be created - log.trace("erase_disks = {0}".format(erase_disks)) + log.trace("erase_disks = {}".format(erase_disks)) if erase_disks: if __opts__["test"]: comments.append( - "State {0} will " - "erase all disks of disk group #{1}; " - "cache disk: '{2}', " - "capacity disk(s): {3}." + "State {} will " + "erase all disks of disk group #{}; " + "cache disk: '{}', " + "capacity disk(s): {}." "".format( name, idx, @@ -1206,13 +1200,13 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): disk_id=disk_id, service_instance=si ) comments.append( - "Erased disks of diskgroup #{0}; " - "cache disk: '{1}', capacity disk(s): " - "{2}".format( + "Erased disks of diskgroup #{}; " + "cache disk: '{}', capacity disk(s): " + "{}".format( idx, cache_disk_display, ", ".join( - ["'{0}'".format(a) for a in capacity_disk_displays] + ["'{}'".format(a) for a in capacity_disk_displays] ), ) ) @@ -1220,13 +1214,13 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): if __opts__["test"]: comments.append( - "State {0} will create " - "the disk group #{1}; cache disk: '{2}', " - "capacity disk(s): {3}.".format( + "State {} will create " + "the disk group #{}; cache disk: '{}', " + "capacity disk(s): {}.".format( name, idx, cache_disk_display, - ", ".join(["'{0}'".format(a) for a in capacity_disk_displays]), + ", ".join(["'{}'".format(a) for a in capacity_disk_displays]), ) ) log.info(comments[-1]) @@ -1241,15 +1235,15 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): ) except VMwareSaltError as err: comments.append( - "Error creating disk group #{0}: " "{1}.".format(idx, err) + "Error creating disk group #{}: " "{}.".format(idx, err) ) log.error(comments[-1]) errors = True continue - comments.append("Created disk group #'{0}'.".format(idx)) + comments.append("Created disk group #'{}'.".format(idx)) log.info(comments[-1]) - diskgroup_changes[six.text_type(idx)] = { + diskgroup_changes[str(idx)] = { "new": {"cache": cache_disk_display, "capacity": capacity_disk_displays} } changes = True @@ -1257,12 +1251,12 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): # The diskgroup exists; checking the capacity disks log.debug( - "Disk group #{0} exists. Checking capacity disks: " - "{1}.".format(idx, capacity_disk_displays) + "Disk group #{} exists. Checking capacity disks: " + "{}.".format(idx, capacity_disk_displays) ) existing_diskgroup = cache_disk_to_existing_diskgroup_map.get(cache_disk_id) existing_capacity_disk_displays = [ - "{0} (id:{1})".format( + "{} (id:{})".format( [d["scsi_address"] for d in host_disks if d["id"] == disk_id][0], disk_id, ) @@ -1280,7 +1274,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): ][0] added_capacity_disk_ids.append(disk_id) added_capacity_disk_displays.append( - "{0} (id:{1})".format(disk_scsi_addr, disk_id) + "{} (id:{})".format(disk_scsi_addr, disk_id) ) for disk_id in existing_diskgroup["capacity_disks"]: if disk_id not in capacity_disk_ids: @@ -1289,12 +1283,12 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): ][0] removed_capacity_disk_ids.append(disk_id) removed_capacity_disk_displays.append( - "{0} (id:{1})".format(disk_scsi_addr, disk_id) + "{} (id:{})".format(disk_scsi_addr, disk_id) ) log.debug( - "Disk group #{0}: existing capacity disk ids: {1}; added " - "capacity disk ids: {2}; removed capacity disk ids: {3}" + "Disk group #{}: existing capacity disk ids: {}; added " + "capacity disk ids: {}; removed capacity disk ids: {}" "".format( idx, existing_capacity_disk_displays, @@ -1306,11 +1300,11 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): # TODO revisit this when removing capacity disks is supported if removed_capacity_disk_ids: comments.append( - "Error removing capacity disk(s) {0} from disk group #{1}; " + "Error removing capacity disk(s) {} from disk group #{}; " "operation is not supported." "".format( ", ".join( - ["'{0}'".format(id) for id in removed_capacity_disk_displays] + ["'{}'".format(id) for id in removed_capacity_disk_displays] ), idx, ) @@ -1324,11 +1318,11 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): # Building a string representation of the capacity disks # that need to be added - s = ", ".join(["'{0}'".format(id) for id in added_capacity_disk_displays]) + s = ", ".join(["'{}'".format(id) for id in added_capacity_disk_displays]) if __opts__["test"]: comments.append( - "State {0} will add " - "capacity disk(s) {1} to disk group #{2}." + "State {} will add " + "capacity disk(s) {} to disk group #{}." "".format(name, s, idx) ) log.info(comments[-1]) @@ -1343,17 +1337,17 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): ) except VMwareSaltError as err: comments.append( - "Error adding capacity disk(s) {0} to " - "disk group #{1}: {2}.".format(s, idx, err) + "Error adding capacity disk(s) {} to " + "disk group #{}: {}.".format(s, idx, err) ) log.error(comments[-1]) errors = True continue - com = "Added capacity disk(s) {0} to disk group #{1}" "".format(s, idx) + com = "Added capacity disk(s) {} to disk group #{}" "".format(s, idx) log.info(com) comments.append(com) - diskgroup_changes[six.text_type(idx)] = { + diskgroup_changes[str(idx)] = { "new": { "cache": cache_disk_display, "capacity": capacity_disk_displays, @@ -1367,9 +1361,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False): continue # No capacity needs to be added - s = "Disk group #{0} is correctly configured. Nothing to be done." "".format( - idx - ) + s = "Disk group #{} is correctly configured. Nothing to be done." "".format(idx) log.info(s) comments.append(s) __salt__["vsphere.disconnect"](si) @@ -1532,11 +1524,11 @@ def host_cache_configured( ) if not existing_disks: raise VMwareObjectRetrievalError( - "Disk with scsi address '{0}' was not found in host '{1}'" + "Disk with scsi address '{}' was not found in host '{}'" "".format(datastore["backing_disk_scsi_addr"], hostname) ) backing_disk = existing_disks[0] - backing_disk_display = "{0} (id:{1})".format( + backing_disk_display = "{} (id:{})".format( backing_disk["scsi_address"], backing_disk["id"] ) log.trace("backing_disk = %s", backing_disk_display) @@ -1547,8 +1539,8 @@ def host_cache_configured( if erase_backing_disk: if __opts__["test"]: comments.append( - "State {0} will erase " - "the backing disk '{1}' on host '{2}'." + "State {} will erase " + "the backing disk '{}' on host '{}'." "".format(name, backing_disk_display, hostname) ) log.info(comments[-1]) @@ -1558,16 +1550,16 @@ def host_cache_configured( disk_id=backing_disk["id"], service_instance=si ) comments.append( - "Erased backing disk '{0}' on host " - "'{1}'.".format(backing_disk_display, hostname) + "Erased backing disk '{}' on host " + "'{}'.".format(backing_disk_display, hostname) ) log.info(comments[-1]) # Create the datastore if __opts__["test"]: comments.append( - "State {0} will create " - "the datastore '{1}', with backing disk " - "'{2}', on host '{3}'." + "State {} will create " + "the datastore '{}', with backing disk " + "'{}', on host '{}'." "".format(name, datastore["name"], backing_disk_display, hostname) ) log.info(comments[-1]) @@ -1582,7 +1574,7 @@ def host_cache_configured( non_mbr_partitions = [p for p in partitions if p["format"] != "mbr"] if len(non_mbr_partitions) > 0: raise VMwareApiError( - "Backing disk '{0}' has unexpected partitions" + "Backing disk '{}' has unexpected partitions" "".format(backing_disk_display) ) __salt__["vsphere.create_vmfs_datastore"]( @@ -1592,8 +1584,8 @@ def host_cache_configured( service_instance=si, ) comments.append( - "Created vmfs datastore '{0}', backed by " - "disk '{1}', on host '{2}'." + "Created vmfs datastore '{}', backed by " + "disk '{}', on host '{}'." "".format(datastore["name"], backing_disk_display, hostname) ) log.info(comments[-1]) @@ -1615,21 +1607,21 @@ def host_cache_configured( # Check datastore is backed by the correct disk if not existing_datastores[0].get("backing_disk_ids"): raise VMwareSaltError( - "Datastore '{0}' doesn't have a " + "Datastore '{}' doesn't have a " "backing disk" "".format(datastore["name"]) ) if backing_disk["id"] not in existing_datastores[0]["backing_disk_ids"]: raise VMwareSaltError( - "Datastore '{0}' is not backed by the correct disk: " - "expected '{1}'; got {2}" + "Datastore '{}' is not backed by the correct disk: " + "expected '{}'; got {}" "".format( datastore["name"], backing_disk["id"], ", ".join( [ - "'{0}'".format(disk) + "'{}'".format(disk) for disk in existing_datastores[0]["backing_disk_ids"] ] ), @@ -1637,8 +1629,8 @@ def host_cache_configured( ) comments.append( - "Datastore '{0}' already exists on host '{1}' " - "and is backed by disk '{2}'. Nothing to be " + "Datastore '{}' already exists on host '{}' " + "and is backed by disk '{}'. Nothing to be " "done.".format(datastore["name"], hostname, backing_disk_display) ) existing_datastore = existing_datastores[0] @@ -1686,8 +1678,8 @@ def host_cache_configured( if needs_setting: if __opts__["test"]: comments.append( - "State {0} will configure " - "the host cache on host '{1}' to: {2}." + "State {} will configure " + "the host cache on host '{}' to: {}." "".format( name, hostname, @@ -1702,8 +1694,8 @@ def host_cache_configured( if (existing_datastore["capacity"] / 1024.0 ** 2) < swap_size_MiB: raise ArgumentValueError( - "Capacity of host cache datastore '{0}' ({1} MiB) is " - "smaller than the required swap size ({2} MiB)" + "Capacity of host cache datastore '{}' ({} MiB) is " + "smaller than the required swap size ({} MiB)" "".format( existing_datastore["name"], existing_datastore["capacity"] / 1024.0 ** 2, @@ -1717,11 +1709,11 @@ def host_cache_configured( service_instance=si, ) comments.append( - "Host cache configured on host " "'{0}'.".format(hostname) + "Host cache configured on host " "'{}'.".format(hostname) ) else: comments.append( - "Host cache on host '{0}' is already correctly " + "Host cache on host '{}' is already correctly " "configured. Nothing to be done.".format(hostname) ) result = True diff --git a/salt/utils/http.py b/salt/utils/http.py index 9522bd6ee4..c532da63d5 100644 --- a/salt/utils/http.py +++ b/salt/utils/http.py @@ -1062,3 +1062,23 @@ def _sanitize_url_components(comp_list, field): ret = "{}&".format(comp_list[0]) comp_list.remove(comp_list[0]) return ret + _sanitize_url_components(comp_list, field) + + +def session(user=None, password=None, verify_ssl=True, ca_bundle=None, headers=None): + """ + create a requests session + """ + session = requests.session() + if user and password: + session.auth = (user, password) + if ca_bundle and not verify_ssl: + log.error("You cannot use both ca_bundle and verify_ssl False together") + return False + if ca_bundle: + opts = {"ca_bundle": ca_bundle} + session.verify = get_ca_bundle(opts) + if not verify_ssl: + session.verify = False + if headers: + session.headers.update(headers) + return session diff --git a/salt/utils/thin.py b/salt/utils/thin.py index ce48957374..60ddd0e67c 100644 --- a/salt/utils/thin.py +++ b/salt/utils/thin.py @@ -217,8 +217,8 @@ def get_tops_python(py_ver, exclude=None, ext_py_ver=None): "{} does not exist. Could not auto detect dependencies".format(py_ver) ) return {} - py_shell_cmd = "{0} -c 'import {1}; print({1}.__file__)'".format(py_ver, mod) - cmd = subprocess.Popen(py_shell_cmd, stdout=subprocess.PIPE, shell=True) + py_shell_cmd = [py_ver, "-c", "import {0}; print({0}.__file__)".format(mod)] + cmd = subprocess.Popen(py_shell_cmd, stdout=subprocess.PIPE) stdout, _ = cmd.communicate() mod_file = os.path.abspath(salt.utils.data.decode(stdout).rstrip("\n")) diff --git a/salt/utils/vmware.py b/salt/utils/vmware.py index 57aa2aaa69..f801ba2aab 100644 --- a/salt/utils/vmware.py +++ b/salt/utils/vmware.py @@ -80,7 +80,6 @@ import ssl import time from http.client import BadStatusLine -import requests import salt.exceptions import salt.modules.cmdmod import salt.utils.path @@ -182,7 +181,9 @@ def esxcli( return ret -def get_vsphere_client(server, username, password, session=None): +def get_vsphere_client( + server, username, password, session=None, verify_ssl=True, ca_bundle=None +): """ Internal helper method to create an instance of the vSphere API client. Please provide username and password to authenticate. @@ -196,6 +197,10 @@ def get_vsphere_client(server, username, password, session=None): :param Session session: Request HTTP session instance. If not specified, one is automatically created and used + :param boolean verify_ssl: + Verify the SSL certificate. Default: True + :param basestring ca_bundle: + Path to the ca bundle to use when verifying SSL certificates. :returns: Vsphere Client instance @@ -204,9 +209,7 @@ def get_vsphere_client(server, username, password, session=None): """ if not session: # Create an https session to be used for a vSphere client - session = requests.session() - # If client uses own SSL cert, session should not verify - session.verify = False + session = salt.utils.http.session(verify_ssl=verify_ssl, ca_bundle=ca_bundle) client = None try: client = create_vsphere_client( @@ -218,7 +221,15 @@ def get_vsphere_client(server, username, password, session=None): def _get_service_instance( - host, username, password, protocol, port, mechanism, principal, domain + host, + username, + password, + protocol, + port, + mechanism, + principal, + domain, + verify_ssl=True, ): """ Internal method to authenticate with a vCenter server or ESX/ESXi host @@ -253,21 +264,26 @@ def _get_service_instance( raise salt.exceptions.CommandExecutionError( "Unsupported mechanism: '{}'".format(mechanism) ) + + log.trace( + "Connecting using the '%s' mechanism, with username '%s'", mechanism, username, + ) + default_msg = ( + "Could not connect to host '{}'. " + "Please check the debug log for more information.".format(host) + ) + try: - log.trace( - "Connecting using the '%s' mechanism, with username '%s'", - mechanism, - username, - ) - service_instance = SmartConnect( - host=host, - user=username, - pwd=password, - protocol=protocol, - port=port, - b64token=token, - mechanism=mechanism, - ) + if verify_ssl: + service_instance = SmartConnect( + host=host, + user=username, + pwd=password, + protocol=protocol, + port=port, + b64token=token, + mechanism=mechanism, + ) except TypeError as exc: if "unexpected keyword argument" in exc.message: log.error( @@ -280,30 +296,33 @@ def _get_service_instance( raise except Exception as exc: # pylint: disable=broad-except # pyVmomi's SmartConnect() actually raises Exception in some cases. - default_msg = ( - "Could not connect to host '{}'. " - "Please check the debug log for more information.".format(host) - ) + if ( + isinstance(exc, vim.fault.HostConnectFault) + and "[SSL: CERTIFICATE_VERIFY_FAILED]" in exc.msg + ) or "[SSL: CERTIFICATE_VERIFY_FAILED]" in str(exc): + err_msg = ( + "Could not verify the SSL certificate. You can use " + "verify_ssl: False if you do not want to verify the " + "SSL certificate. This is not recommended as it is " + "considered insecure." + ) + else: + log.exception(exc) + err_msg = exc.msg if hasattr(exc, "msg") else default_msg + raise salt.exceptions.VMwareConnectionError(err_msg) + if not verify_ssl: try: - if ( - isinstance(exc, vim.fault.HostConnectFault) - and "[SSL: CERTIFICATE_VERIFY_FAILED]" in exc.msg - ) or "[SSL: CERTIFICATE_VERIFY_FAILED]" in str(exc): - service_instance = SmartConnect( - host=host, - user=username, - pwd=password, - protocol=protocol, - port=port, - sslContext=ssl._create_unverified_context(), - b64token=token, - mechanism=mechanism, - ) - else: - log.exception(exc) - err_msg = exc.msg if hasattr(exc, "msg") else default_msg - raise salt.exceptions.VMwareConnectionError(err_msg) + service_instance = SmartConnect( + host=host, + user=username, + pwd=password, + protocol=protocol, + port=port, + sslContext=ssl._create_unverified_context(), + b64token=token, + mechanism=mechanism, + ) except Exception as exc: # pylint: disable=broad-except # pyVmomi's SmartConnect() actually raises Exception in some cases. if "certificate verify failed" in str(exc): @@ -330,6 +349,7 @@ def _get_service_instance( err_msg = exc.msg if hasattr(exc, "msg") else default_msg log.trace(exc) raise salt.exceptions.VMwareConnectionError(err_msg) + atexit.register(Disconnect, service_instance) return service_instance @@ -384,6 +404,7 @@ def get_service_instance( mechanism="userpass", principal=None, domain=None, + verify_ssl=True, ): """ Authenticate with a vCenter server or ESX/ESXi host and return the service instance object. @@ -416,6 +437,9 @@ def get_service_instance( domain Kerberos user domain. Required if mechanism is ``sspi`` + + verify_ssl + Verify the SSL certificate. Default: True """ if protocol is None: @@ -438,7 +462,15 @@ def get_service_instance( if not service_instance: service_instance = _get_service_instance( - host, username, password, protocol, port, mechanism, principal, domain + host, + username, + password, + protocol, + port, + mechanism, + principal, + domain, + verify_ssl=verify_ssl, ) # Test if data can actually be retrieved or connection has gone stale @@ -449,7 +481,15 @@ def get_service_instance( log.trace("Session no longer authenticating. Reconnecting") Disconnect(service_instance) service_instance = _get_service_instance( - host, username, password, protocol, port, mechanism, principal, domain + host, + username, + password, + protocol, + port, + mechanism, + principal, + domain, + verify_ssl=verify_ssl, ) except vim.fault.NoPermission as exc: log.exception(exc) diff --git a/salt/wheel/__init__.py b/salt/wheel/__init__.py index 38792a10f6..53c3d8527f 100644 --- a/salt/wheel/__init__.py +++ b/salt/wheel/__init__.py @@ -1,8 +1,6 @@ -# -*- coding: utf-8 -*- """ Modules used to control the master itself """ -from __future__ import absolute_import, print_function, unicode_literals from collections.abc import Mapping @@ -15,7 +13,7 @@ import salt.utils.zeromq class WheelClient( - salt.client.mixins.SyncClientMixin, salt.client.mixins.AsyncClientMixin, object + salt.client.mixins.SyncClientMixin, salt.client.mixins.AsyncClientMixin ): """ An interface to Salt's wheel modules @@ -123,8 +121,8 @@ class WheelClient( }) {'jid': '20131219224744416681', 'tag': 'salt/wheel/20131219224744416681'} """ - fun = low.pop("fun") - return self.asynchronous(fun, low) + fun = low.get("fun") + return self.asynchronous(fun, low, local=False) def cmd( self, @@ -143,9 +141,7 @@ class WheelClient( >>> wheel.cmd('key.finger', ['jerry']) {'minions': {'jerry': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}} """ - return super(WheelClient, self).cmd( - fun, arg, pub_data, kwarg, print_event, full_return - ) + return super().cmd(fun, arg, pub_data, kwarg, print_event, full_return) Wheel = WheelClient # for backward-compat diff --git a/salt/wheel/pillar_roots.py b/salt/wheel/pillar_roots.py index 2c242ef3a7..7504d28777 100644 --- a/salt/wheel/pillar_roots.py +++ b/salt/wheel/pillar_roots.py @@ -1,19 +1,14 @@ -# -*- coding: utf-8 -*- """ The `pillar_roots` wheel module is used to manage files under the pillar roots directories on the master server. """ -# Import python libs -from __future__ import absolute_import, print_function, unicode_literals import os -# Import salt libs import salt.utils.files import salt.utils.path - -# Import 3rd-party libs +import salt.utils.verify from salt.ext import six @@ -86,7 +81,7 @@ def read(path, saltenv="base"): ret = [] files = find(path, saltenv) for fn_ in files: - full = next(six.iterkeys(fn_)) + full = next(iter(fn_.keys())) form = fn_[full] if form == "txt": with salt.utils.files.fopen(full, "rb") as fp_: @@ -100,19 +95,23 @@ def write(data, path, saltenv="base", index=0): index of the file can be specified to write to a lower priority file root """ if saltenv not in __opts__["pillar_roots"]: - return "Named environment {0} is not present".format(saltenv) + return "Named environment {} is not present".format(saltenv) if len(__opts__["pillar_roots"][saltenv]) <= index: - return "Specified index {0} in environment {1} is not present".format( + return "Specified index {} in environment {} is not present".format( index, saltenv ) if os.path.isabs(path): return ( - "The path passed in {0} is not relative to the environment " "{1}" + "The path passed in {} is not relative to the environment " "{}" ).format(path, saltenv) + roots_dir = __opts__["pillar_roots"][saltenv][index] + dest = os.path.join(roots_dir, path) + if not salt.utils.verify.clean_path(roots_dir, dest): + return "Invalid path" dest = os.path.join(__opts__["pillar_roots"][saltenv][index], path) dest_dir = os.path.dirname(dest) if not os.path.isdir(dest_dir): os.makedirs(dest_dir) with salt.utils.files.fopen(dest, "w+") as fp_: fp_.write(salt.utils.stringutils.to_str(data)) - return "Wrote data to file {0}".format(dest) + return "Wrote data to file {}".format(dest) -- 2.30.1