File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/__pycache__/rest_wsgi.cpython-310.pyc
o
�����N�g�#�����������������������@���s����d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�d�d�d�d�d d
��Z�d�Z�e�� e���Z
d�d
��Z�G�d�d���d�e���Z
d�d���Z�d�d���Z�d�d���Z�d%d�d���Z�d�d���Z�d�d���Z�d�d���Z�d�d���Z�d d!��Z�d"d#��Z�e�d$k�rie�����d�S�d�S�)&a����
A minimalist REST API for Salt
==============================
This ``rest_wsgi`` module provides a no-frills REST interface for sending
commands to the Salt master. There are no dependencies.
Extra care must be taken when deploying this module into production. Please
read this documentation in entirety.
All authentication is done through Salt's :ref:`external auth <acl-eauth>`
system.
Usage
=====
* All requests must be sent to the root URL (``/``).
* All requests must be sent as a POST request with JSON content in the request
body.
* All responses are in JSON.
.. seealso:: :py:mod:`rest_cherrypy <salt.netapi.rest_cherrypy.app>`
The :py:mod:`rest_cherrypy <salt.netapi.rest_cherrypy.app>` module is
more full-featured, production-ready, and has builtin security features.
Deployment
==========
The ``rest_wsgi`` netapi module is a standard Python WSGI app. It can be
deployed one of two ways.
Using a WSGI-compliant web server
---------------------------------
This module may be run via any WSGI-compliant production server such as Apache
with mod_wsgi or Nginx with FastCGI.
It is strongly recommended that this app be used with a server that supports
HTTPS encryption since raw Salt authentication credentials must be sent with
every request. Any apps that access Salt through this interface will need to
manually manage authentication credentials (either username and password or a
Salt token). Tread carefully.
:program:`salt-api` using a development-only server
---------------------------------------------------
If run directly via the salt-api daemon it uses the `wsgiref.simple_server()`__
that ships in the Python standard library. This is a single-threaded server
that is intended for testing and development. **This server does not use
encryption**; please note that raw Salt authentication credentials must be sent
with every HTTP request.
**Running this module via salt-api is not recommended!**
In order to start this module via the ``salt-api`` daemon the following must be
put into the Salt master config::
rest_wsgi:
port: 8001
.. __: http://docs.python.org/2/library/wsgiref.html#module-wsgiref.simple_server
Usage examples
==============
.. http:post:: /
**Example request** for a basic ``test.ping``::
% curl -sS -i \
-H 'Content-Type: application/json' \
-d '[{"eauth":"pam","username":"saltdev","password":"saltdev","client":"local","tgt":"*","fun":"test.ping"}]' localhost:8001
**Example response**:
.. code-block:: http
HTTP/1.0 200 OK
Content-Length: 89
Content-Type: application/json
{"return": [{"ms--4": true, "ms--3": true, "ms--2": true, "ms--1": true, "ms--0": true}]}
**Example request** for an asynchronous ``test.ping``::
% curl -sS -i \
-H 'Content-Type: application/json' \
-d '[{"eauth":"pam","username":"saltdev","password":"saltdev","client":"local_async","tgt":"*","fun":"test.ping"}]' localhost:8001
**Example response**:
.. code-block:: http
HTTP/1.0 200 OK
Content-Length: 103
Content-Type: application/json
{"return": [{"jid": "20130412192112593739", "minions": ["ms--4", "ms--3", "ms--2", "ms--1", "ms--0"]}]}
**Example request** for looking up a job ID::
% curl -sS -i \
-H 'Content-Type: application/json' \
-d '[{"eauth":"pam","username":"saltdev","password":"saltdev","client":"runner","fun":"jobs.lookup_jid","jid":"20130412192112593739"}]' localhost:8001
**Example response**:
.. code-block:: http
HTTP/1.0 200 OK
Content-Length: 89
Content-Type: application/json
{"return": [{"ms--4": true, "ms--3": true, "ms--2": true, "ms--1": true, "ms--0": true}]}
:form lowstate: A list of lowstate data appropriate for the
:ref:`client <client-apis>` interface you are calling.
:status 200: success
:status 401: authentication required
�����Nz�200 OKz�400 BAD REQUESTz�401 UNAUTHORIZEDz
404 NOT FOUNDz�405 METHOD NOT ALLOWEDz�406 NOT ACCEPTABLEz�500 INTERNAL SERVER ERROR)��������������i�����������������Z rest_wsgic��������������������C���s����t���t�i���}�d�|�v�r�t�S�d�S�)�N��portF)���__opts__��get��__virtualname__)���mod_opts��r
����I/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/rest_wsgi.py��__virtual__����s������������r����c��������������������@���s����e�Z�d�Z�d�Z�d�d���Z�d�S�)�� HTTPErrorzM
A custom exception that can take action based on an HTTP error code
c��������������������C���s ���|�|�_�t���|�|���d�|���������d�S�)�Nz�: )���code� Exception��__init__)���selfr������messager
���r
���r����r��������s��������z�HTTPError.__init__N)���__name__�
__module__��__qualname__��__doc__r����r
���r
���r
���r����r��������s����������r����c����������������
���C���sT���z�t���|�����W�d�S���t�y)��}���z�|�j�t�j�k�r�t�j���|���r�n���W�Y�d�}�~�d�S�d�}�~�w�w�)�z?
mkdir -p
http://stackoverflow.com/a/600612/127816
N)���os��makedirs��OSError��errnoZ�EEXIST��path��isdir)�r������excr
���r
���r������mkdir_p����s����������������������r!���c��������������������C���s.���|���d�d���}�|�d�k�r�d�n�t�|���}�|�d�����|���S�)�z6
Pull the body from the request and return it
Z�CONTENT_LENGTH��0��r����z
wsgi.input)�r
�����int��read)���environ��lengthr
���r
���r����� read_body����s����������r(���c����������������
���C���sV���|���d�d���}�|�d�k�r�t�d�d�����z
t�j�j���t�|�����W�S���t�y*��}���z�t�d�|�����d�}�~�w�w�)�z)
Return the request body as JSON
Z�CONTENT_TYPEr#�����application/jsonr����z
JSON requiredr����N)�r
���r������salt��utils��json��loadsr(����
ValueError)�r&�����content_typer ���r
���r
���r������get_json����s��������
�������
�����r0���c��������������������C���s*���d�t�t�|�����i�}�|�r�|���|�����t�|�������S�)�z�
Takes the response data as well as any additional headers and returns a
tuple of tuples of headers suitable for passing to start_response()
z�Content-Length)���str��len��update��list��items)���dataZ
extra_headersZ�response_headersr
���r
���r������get_headers����s
���������
���r7���c��������������������c���s$�����|�d���}�|�D�]�}�|���|���V���q�d�S�)�z]
Expects a list of lowstate dictionaries that are executed and returned in
order
��SALT_APIClientN)���run)�r&���Z�lowstate��client��chunkr
���r
���r����� run_chunk����s
�������������r<���c��������������������C���s<���|�d�������}�|�d�k�r�d�S�|�d�k�r�t�|���}�t�|�|���S�t�d�d�����)�z|
Do any path/method dispatching here and return a JSON-serializable data
structure appropriate for the response
Z�REQUEST_METHODZ�GETzFThey found me. I don't know how, but they found me. Run for it, Marty!��POSTr����z�Method Not Allowed)���upperr0���r<���r����)�r&�����methodr6���r
���r
���r������dispatch����s��������������
�
�r@���c��������������������C���sD���d�t���v�r�d�d�l�}�|�j���t�j���d�d�����}�|�|�d�<�|�j���|���|�d�<�d�S�)�zO
Make Salt's opts dict and the APIClient available in the WSGI environ
r ���r����N��SALT_MASTER_CONFIG��/etc/salt/masterZ SALT_OPTSr8���) ��locals��salt.config��config�
client_configr����r&���r
���Z�netapiZ�NetapiClient)�r&���r*���r ���r
���r
���r������saltenviron����s����
�������������rG���c����������������
���C���s����t�|�����z
t�t�|�����}�d�}�W�nI��t�y'��}���z
|�j�}�t�|���}�W�Y�d�}�~�n5d�}�~�w���t�j�j�y@��}���z�d�}�t�|���}�W�Y�d�}�~�n�d�}�~�w���t yW��}���z�d�}�t�|���}�W�Y�d�}�~�n�d�}�~�w�w�z�t�j
j���d�|�i���}�W�n���t
y{��}���z�d�}�t�|���}�W�Y�d�}�~�n�d�}�~�w�w�|�t�|���t�|�d�d�i�������|�f�S�)�zp
Process the request and return a JSON response. Catch errors and return the
appropriate HTTP code.
r����Nr����r������returnz�Content-Typer)���)�rG���r4���r@���r����r����r1���r*����
exceptionsZ�EauthAuthenticationErrorr����r+���r,�����dumps� TypeError��Hr7���)�r&���Z�start_responseZ�respr����r �����retr
���r
���r������application����s4�������������������������������������������������������rN���c��������������������C���s����d�d�l�}�|�j���t�j���d�d�����S�)�z3
Return the Salt master config as __opts__
r����NrA���rB���)�rD���rE���rF���r����r&���r
���)�r*���r
���r
���r������get_opts(���s������������rO���c��������������������C���sv���d�d�l�m�}���d�t���v�r�t���t���d�<�t���d�u�r�t�d�����t���t�i���}�|�d�|�d���t ��}�z�|��
����W�d�S���t�y:������t�d�����w�) z�
Start simple_server()
r����)���make_serverr ���F�����Z localhostr����N)�Z�wsgiref.simple_serverrP�����globalsrO���r�����
SystemExitr ���r
���r����rN���Z
serve_forever��KeyboardInterrupt)�rP���r����Z�httpdr
���r
���r������start3���s������
���
�����������������rU�����__main__)�N)�r����r������loggingr����r*���Z�salt.netapiZ�salt.utils.jsonrL���r����� getLogger��loggerr����r����r����r!���r(���r0���r7���r<���r@���rG���rN���rO���rU���r����r
���r
���r
���r������<module>����s@������{���������������������������
���� �
���
����������"����
���