o

�N�g�v�@sZ
dZd
dl
Z
d
dlZd
dlZd
dlmZmZ
d
dlZd
dl	Zd
dl
Zd
dlZd
dlZd
dl
Zd
dlZd
dlZd
dlZd
dlZd
dlZd
dlmZ
d
dlmZ
d
dlmZ
d
dlmZ
e
�e�
Zdd	�Zd
d�Z dd
�Z!Gdd�d�Z"Gdd�de�Z#Gdd�de�Z$Gdd�de�Z%dd�Z&ddd�
Z'dd�Z(edkr�ej)�*d�
Z+e%e+�
Z,e,�-�
dSdS) ze
    salt.utils.master
    -----------------

    Utilities that can only be used on a salt master.

�N)�Event�Thread)
�
SaltException)
�CacheCli)
�Process)
�zmqc
	Cs�g}
tj
�|d
d�}tj
�|�
s|
St�|�
D](}tj
�||�}zt||�}|du
r0|
�|�

Wqty@


t�	d|�
Yqw|
S)z0
    Return the running jobs on this minion
    �cachedir�procNz.%s removed during processing by master process)
�os�path�join�isdir�listdir�_read_proc_file�append�OSError�logZtrace)�opts�retZproc_dirZfn_r�data�r�E/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/master.py�get_running_jobs!s










�
�rc	Cs<
tj
j�|d
��9}|��}|��
|rtj�|�
}n zt�	|�

Wnt
y0


t�d|�
Yn
w	Wd�
dSWd�
n1sDw



Y
t
|t�sPdStj
j�|d�
srzt�	|�

WdSt
yq


t�d|�
YdSwt|�
s�|�d�
}|r�t�d|�
zt�	|�

WdSt
y�


t�d|�
YdSw|S)z0
    Return a dict of JID metadata, or None
    �rbzUnable to remove proc file %s.N�pidz7PID %s exists but does not appear to be a salt process.)�salt�utils�files�fopen�read�close�payload�loadsr
�removerr�debug�
isinstance�dict�processZ
os_is_running�_check_cmdline�get�warning)rr�fp_�bufrrrrrr8sH






���


�

�





�

�rc
Cs�tj
j��sd
S|�d�
}
|
sdStj�d�
sd
Stj�d|
�d��
}tj�	|�
s+dSz"tj
j
�|d��}d|��vWd	�
WS1sFw



Y
Wd	St
yW


YdSw)
a9

    In some cases where there are an insane number of processes being created
    on a system a PID can get recycled or assigned to a non-Salt process.
    On Linux this fn checks to make sure the PID we are checking on is actually
    a Salt process.

    For non-Linux systems we punt and just return True
    TrFz/procz/proc/z/cmdlinerssaltN)rr�platformZis_linuxr)r
rr
r�isfilerrrr)rrrr+rrrr(`s"	













(�
�r(c@s�eZ
dZd
Z								ddd�
Zdd	�Zd
d�Zdd
�Zd dd�
Zdd�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Z				d!dd�
ZdS)"�MasterPillarUtila�
    Helper utility for easy access to targeted minion grain and
    pillar data, either from cached data on the master or retrieved
    on demand, or (by default) both.

    The minion pillar data returned in get_minion_pillar() is
    compiled directly from salt.pillar.Pillar on the master to
    avoid any possible 'pillar poisoning' from a compromised or
    untrusted minion.

    ** However, the minion grains are still possibly entirely
    supplied by the minion. **

    Example use case:
        For runner modules that need access minion pillar data,
        MasterPillarUtil.get_minion_pillar should be used instead
        of getting the pillar data by executing the "pillar" module
        on the minions:

        # my_runner.py
        tgt = 'web*'
        pillar_util = salt.utils.master.MasterPillarUtil(tgt, tgt_type='glob', opts=__opts__)
        pillar_data = pillar_util.get_minion_pillar()
    ��globNTc		
Cs�t�
d
|jj�
|durt�d|jj�
t|jj�d��
�
||_|
|_||_||_	||_
||_||_||_
tj�|�
|_t�
d|
||||||�
dS)NzNew instance of %s created.z!%s: Missing master opts init arg.z: Missing master opts init arg.z�Init settings: tgt: '%s', tgt_type: '%s', saltenv: '%s', use_cached_grains: %s, use_cached_pillar: %s, grains_fallback: %s, pillar_fallback: %s)rr$�	__class__�__name__�errorrr�tgt�tgt_type�saltenv�use_cached_grains�use_cached_pillar�grains_fallback�pillar_fallbackr�cache�factory)	�selfr5r6r7r8r9r:r;rrrr�__init__�s2



�















�zMasterPillarUtil.__init__c
Gs�d
d�|
D�
}|j�
dd�s|j�
dd�st�d�

|S|
s$|j�d�
}
|
D]}tjj�	|j|�s2q&|j�
d|��d	�}t|t�rE|||<q&|S)
Nc
S�i|]}
|
i�qSrr��.0�	minion_idrrr�
<dictcomp>��z:MasterPillarUtil._get_cached_mine_data.<locals>.<dictcomp>�minion_data_cacheFZenforce_mine_cachezSSkipping cached mine data minion_data_cacheand enfore_mine_cache are both disabled.�minions�minions/�mine)
rr)rr$r<�listrr�verify�valid_id�fetchr%r&)r>�
minion_ids�	mine_datarC�mdatarrr�_get_cached_mine_data�s$

�
�








�
z&MasterPillarUtil._get_cached_mine_datac
Gs�d
d�|
D�
}|��}|j
�dd�st�d�

||fS|
s#|j�d�
}
|
D]:}tjj	�
|j
|�s1q%|j�d|��d�}t|t
�sKt�d	t|�
j|�
q%d
|vrU|d
||<d|vr_|d||<q%||fS)Nc
Sr@rrrArrrrD�rEz<MasterPillarUtil._get_cached_minion_data.<locals>.<dictcomp>rFFz>Skipping cached data because minion_data_cache is not enabled.rGrHrzGcache.fetch should always return a dict. ReturnedType: %s, MinionId: %s�grains�pillar)�copyrr)rr$r<rJrrrKrLrMr%r&r*�typer3)r>rNrR�pillarsrCrPrrr�_get_cached_minion_data�s0















�



�
z(MasterPillarUtil._get_cached_minion_datacCs`t�
d
|
�
tj�|jd�
�}|jd�|
�
d|jddd�Wd�
S1s)w



Y
dS)Nz%Getting live grains for minions: "%s"Z	conf_file�
,zgrains.items�timeoutrJ)rYr6)rr$r�clientZget_local_clientr�cmdr)r>rNrZrrr�_get_live_minion_grains�s





�$�z(MasterPillarUtil._get_live_minion_grainscCsb|
duriS|st�
d
|
�
iSt�d|
�
tj�|j||
|j|jd�}t�d|
�
|��}|S)Nz2Cannot get pillar data for %s: no grains supplied.zGetting live pillar for %sZ
ext_pillarzCompiling pillar for %s)	rr*r$rrSZPillarrr7Zcompile_pillar)r>rC�
minion_grainsrSrrrr�_get_live_minion_pillar�s






�

z(MasterPillarUtil._get_live_minion_pillarc
s

i}|�d
i�}i�i�
|j
rJdd�|��D�
��f
dd�|
D�
}t�d|�
|jr/|�|�
�
ttdd�|
D�
���
t�
���
t����
�
}|S|�|
�
�
�
f
dd�|
D�
}t�d	|�
|jrjd
d�|��D�
�ttdd�|
D�
���
t�
���
t����
�
}|S)N�
cached_grainsc
S�i|]	\}
}|r|
|�qSrr�rBrCZmcacherrrrD
�
�
�z7MasterPillarUtil._get_minion_grains.<locals>.<dictcomp>c
�g|]}
|
�v
r|
�qSrrrA�
�cretrr�
<listcomp>
�
z7MasterPillarUtil._get_minion_grains.<locals>.<listcomp>z#Missed cached minion grains for: %sc
Sr@rrrArrrrD
rEc
rcrrrA�
�lretrrrf#
rgz!Missed live minion grains for: %sc
Sr`rrrarrrrD(
rbc
Sr@rrrArrrrD.
rE)	r)r8�itemsrr$r:r\r&rJ)r>rN�kwargsrr_�missed_minionsr)rerir�_get_minion_grains
sN




�

�






�
��
�


�

�


�
��z#MasterPillarUtil._get_minion_grainsc
s*
i}|�d
i��
|�di�}i�i��j
rUdd�|��D�
��f
dd�|
D�
}t�d|�
�jr:�
�fdd�|D�
�ttd	d�|
D�
���
t����
t����
�
}|S�
�fd
d�|
D�
��f
dd�|
D�
}t�d|�
�jrzd
d�|��D�
�ttdd�|
D�
���
t����
t����
�
}|S)NrR�
cached_pillarc
Sr`rrrarrrrD>
rbz7MasterPillarUtil._get_minion_pillar.<locals>.<dictcomp>c
rcrrrArdrrrfC
rgz7MasterPillarUtil._get_minion_pillar.<locals>.<listcomp>z$Missed cached minion pillars for: %sc

�"i|]
}
|
�
�|
��
|
i���qSr�r^r)rA�rRr>rrrDH
��
��c
Sr@rrrArrrrDO
rEc

rorrprArqrrrDT
rrc
rcrrrArhrrrfZ
rgz"Missed live minion pillars for: %sc
Sr`rrrarrrrD_
rbc
Sr@rrrArrrrDe
rE)r)r9rjrr$r;r&rJ)r>rNrkrrnrlr)rerRrir>r�_get_minion_pillar4
sX





�

�

�


�
����

�

�


�
��z#MasterPillarUtil._get_minion_pillarc
Cs^g}
tj
j�|j�
}|�|j|j�}|d
}
|
s#t�	d|j|j�
iSt�	d|j|j|
�
|
S)NrGz1No minions matched for tgt="%s" and tgt_type="%s"z3Matching minions for tgt="%s" and tgt_type="%s": %s)
rrrG�	CkMinionsrZ
check_minionsr5r6rr$)r>rNZ	ckminionsZ_resrrr�_tgt_to_listk
s$







�




�zMasterPillarUtil._tgt_to_listc
Cs�i}
i}|��}|j
r|siStd
d�|j|j|j|jfD�
�
r-t�d�

|j	|�\}}ni}i}t�d|�
|j
|d|i
�
}t�d|�
|j|||d��
}
|
S)a�
        Get pillar data for the targeted minions, either by fetching the
        cached minion data on the master, or by compiling the minion's
        pillar data on the master.

        For runner modules that need access minion pillar data, this
        function should be used instead of getting the pillar data by
        executing the pillar module on the minions.

        By default, this function tries hard to get the pillar data:
            - Try to get the cached minion grains and pillar if the
                master has minion_data_cache: True
            - If the pillar data for the minion is cached, use it.
            - If there is no cached grains/pillar data for a minion,
                then try to get the minion grains directly from the minion.
            - Use the minion grains to compile the pillar directly from the
                master using salt.pillar.Pillar
        c
s��|]}
|
V
qdS�
Nr�rB�argrrr�	<genexpr>�
s
��
�z5MasterPillarUtil.get_minion_pillar.<locals>.<genexpr>zGetting cached minion data�!Getting minion grain data for: %sr_z"Getting minion pillar data for: %s)rRrn)rur5�anyr8r9r:r;rr$rWrmrs)r>Zminion_pillarsr]rN�cached_minion_grains�cached_minion_pillarsrrr�get_minion_pillar�
s:








��
	


�



�
�

�z"MasterPillarUtil.get_minion_pillarc
Csli}
|��}|s
iSt
d
d�|j|jfD�
�
r$t�d�

|j|�\}}ni}t�d|�
|j|d|i
�
}
|
S)a5
        Get grains data for the targeted minions, either by fetching the
        cached minion data on the master, or by fetching the grains
        directly on the minion.

        By default, this function tries hard to get the grains data:
            - Try to get the cached minion grains if the master
                has minion_data_cache: True
            - If the grains data for the minion is cached, use it.
            - If there is no cached grains data for a minion,
                then try to get the minion grains directly from the minion.
        c
srvrwrrxrrrrz�
s�z5MasterPillarUtil.get_minion_grains.<locals>.<genexpr>zGetting cached minion data.r{r_)rur|r8r:rr$rWrm)r>r]rNr}r~rrr�get_minion_grains�
s"









�


�
�z"MasterPillarUtil.get_minion_grainsc
Cs&i}
|��}t
�d
|�
|j|�}
|
S)z@
        Get cached mine data for the targeted minions.
        z Getting cached mine data for: %s)rurr$rQ)r>rOrNrrr�get_cached_mine_data�
s





z%MasterPillarUtil.get_cached_mine_dataFcCs�
g}|
r	|�d
�

|r|�d�

|r|�d�

|du
r$|�d|�d��

|s-t
�d�

dS|��}t
�d	d
�|�
|�
|
|krDi}i}n|j|�\}}z�|j�d�
}	|D]{}
tj	j
�|j|
�s`qT|
|	v
reqTd|
��}|�
|
d�}|�
|
d�}
|
rz|s�|
r~|
r�|r�|s�|j�|d
�
n|
r�|
r�|j�|d
d|
i
�
n|r�|r�|j�|d
d
|i
�
|r�|j�|d�
qT|du
r�|j�|d�}t|t�r�|�
|d�r�|j�|d|�
qTWdSty�


YdSw)zG
        Clear the cached data/files for the targeted minions.
        rSrRrINzmine_func: '�
'z,No cached data types specified for clearing.FzClearing cached %s data for: %sz, rGrHrT)rrr$rurrWr<rJrrrKrLr�pop�flush�storerMr%r&r)r>Zclear_pillarZclear_grainsZ
clear_mineZclear_mine_funcZ
clear_whatrNrRrVZ	c_minionsrCZbankZ
minion_pillarr]rOrrr�clear_cached_minion_data�
st



























�
�����









�� �
�z)MasterPillarUtil.clear_cached_minion_data)r0r1NTTTTN)NN)FFFN)r3�
__module__�__qualname__�__doc__r?rQrWr\r^rmrsrurr�r�r�rrrrr/zs4








�)
,72


�r/c@s eZ
dZd
Zdd�Zdd�ZdS)�
CacheTimerzw
    A basic timer class the fires timer-events every second.
    This is used for cleanup by the ConnectedCache()
    cCs6t�
|�

|
|_||_d
|_tj�|jdd�|_dS)NT�sock_dir�
con_timer.ipc)	rr?r�stopped�daemonr
rr�
timer_sock)r>r�eventrrrr?(s






zCacheTimer.__init__c
Cs�t�
�}
|
�tj�
}|�tjd
�
|�d|j�

d}t�	d�

|j
�d�
sA|�t
j�|�
�

|d7}|dkr9d}|j
�d�
r&dSdS)z=
        main loop that fires the event every second
        �d�ipc://r
zConCache-Timer started�
�<N)r�Context�socketZPUB�
setsockopt�LINGER�bindr�rr$r��wait�sendrr!�dumps)r>�contextr��countrrr�run/s







�zCacheTimer.runN)r3r�r�r�r?r�rrrrr�"s
r�cs(eZ
dZd
Z�f
dd�Zdd�Z�ZS)�CacheWorkerz�
    Worker for ConnectedCache which runs in its
    own process to prevent blocking of ConnectedCache
    main-loop when refreshing minion-list
    cst�j
di|�
�

|
|_d
S)z<
        Sets up the zmq-connection to the ConCache
        Nr)�superr?r�r>rrk�
r2rrr?Js

zCacheWorker.__init__c
CsDtt
jj�|j�
���
}
t|j�
}|��
|�	|
g
�

t
�d
�

dS)zI
        Gather currently connected minions and update the cache
        z$ConCache CacheWorker update finishedN)rJrrrGrtr�
connected_ids�	cache_cliZ
get_cachedZ	put_cacherr$)r>Znew_minsZccrrrr�Qs





zCacheWorker.run)r3r�r�r�r?r��
__classcell__rrr�rr�Cs
r�csHeZ
dZd
Z�f
dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	�Z
S)�ConnectedCachez�
    Provides access to all minions ids that the master has
    successfully authenticated. The cache is cleaned up regularly by
    comparing it to the IPs that have open connections to
    the master publisher port.
    cs�t�j
di|�
�

t�d
�

|
|_g|_tj�|jdd�|_	tj�|jdd�|_
tj�|jdd�|_|��
t
�|_t|j|j�|_|j��
d|_dS)	z=
        starts the timer and inits the cache itself
        zConCache initializing...r�z
con_cache.ipczcon_upd.ipcr�TNr)r�r?rr$rrGr
rr�
cache_sock�update_sock�
upd_t_sock�cleanupr�
timer_stopr��timer�start�runningr�r�rrr?ds









zConnectedCache.__init__cCs|��
d
S)z-
        handle signals and shutdown
        N)
�stop)r>�sig�framerrr�signal_handler~szConnectedCache.signal_handlerc

Cs`t�
d
�

tj�|j�
rt�|j�

tj�|j�
rt�|j�

tj�|j�
r.t�|j�

dSdS)z,
        remove sockets on shutdown
        zConCache cleaning upN)	rr$r
r�existsr�r#r�r��
r>rrrr��s






�zConnectedCache.cleanupc

Csft�
d
�

tj�|j�
rt�|jd�
tj�|j�
r!t�|jd�
tj�|j�
r1t�|jd�
dSdS)z9
        secure the sockets for root-only access
        zConCache securing socketsi�
N)	rr$r
rr�r��chmodr�r�r�rrr�secure�s






�zConnectedCache.securec

Cs0|��
|j
rd
|_
|j��
|j��
dSdS)z(
        shutdown cache process
        FN)r�r�r��setr�rr�rrrr��s




�zConnectedCache.stopc

Cs$t�
�}
|
�tj�
}|�tjd
�
|�d|j�

|
�tj�
}|�tj	d�
|�tjd
�
|�d|j
�

|
�tj�
}|�tj	d�
|�tjd
�
|�d|j�

t�
�}|�|tj�
|�|tj�
|�|tj�
t�tj|j�
|��
t�d�

|j�
rwz	t|�d�
�
}Wn-ty�


|��
Yn!tjy�
}
zt�d�

t�|�

|��
WYd}~nd}~w
w|�|�
tjkr�tj �!|�"��
}t�#d|�
t$|t%�r�|d	kr�tj �&|j'�
}	|�(|	�

|�|�
tjk�
rQtj �!|�"��
}
t$|
t)�s�t�d
�

~
q{z9|
�
s	t�#d�

Wq{|
d}t$|t%��
r(||j'v
�
r't�#d
|
d�
|j'�*|�

nt$|t)��
r6t�#d�

||_'Wnt+�
yG


t�#d�

~
Yn
wt�dt,|j'�
�
|�|�
tjk�
rttj �!|�"��
}t-|d�
dk�
rtt.|j/�
}
|
�0�
|js|��
|�1�
|�1�
|�1�
|
�2�
t�#d�

dS)zw
        Main loop of the ConCache, starts updates in intervals and
        answers requests from the MWorkers
        r�r��zConCache startedr�zConCache ZeroMQ-Error occurredNzConCache Received request: %srGz(ConCache Worker returned unusable resultz%ConCache Got empty update from workerr
z"ConCache Adding minion %s to cachez*ConCache Replacing minion list from workerz.ConCache Got malformed result dict from workerzConCache %s entries in cache�zConCache Shutting down)3rr�r�ZREPr�r�r�r�ZSUBZ	SUBSCRIBEr��connectr�ZPoller�register�POLLIN�signal�SIGINTr�r�r�infor�r&�poll�KeyboardInterruptr�ZZMQErrorr4�	exceptionr)rr!r"�recvr$r%�strr�rGr�rJr�
IndexError�len�intr�rr�r Zterm)r>r�Zcreq_inZcupd_inZtimer_inZpollerZsocksZzmq_err�msgZreplyZ
new_c_datarZ	sec_eventZcwrrrr��s�




















��

















��


�


�



�L




zConnectedCache.run)r3r�r�r�r?r�r�r�r�r�r�rrr�rr�\s
r�c
Csl|d
rtt
jj�|�
���
}
d}nd}
d}t
j���}|j|
d|d�
Wd�
dS1s/w



Y
dS)z%
    Ping all connected minions.
    rFrJ�
*r1z	test.ping)
r6N)	rJrrrGrtr�rZZLocalClientZ	cmd_async)rr5ZformrZrrr�ping_all_connected_minionss




"�r�FcCs�|d
kr|
�dd
�d
kr|
�dd
�}|�
d�
r|
�dd
�}tjj��r)|�dd�}tj�	|
dd|�d��}tjj
�|
d||�
z tjj�
|d	��
}|��Wd
�
WS1sZw



Y
Wd
Styk


YdSw)z 
    Return the master key.
    �root�userZsudo_�
\�
_r�
.Z_key�
rNr0)r)�
startswithrrr-Z
is_windows�replacer
rrrKZcheck_path_traversalrrrr)Zkey_userrZskip_perm_errors�keyfile�keyrrr�get_master_key-s 








(��r�cCs0g}|D]}tj
j�|
|�r|�||�

q|S)
zL
    Check a whitelist and/or blacklist to see if the value matches it.
    )rrZstringutilsZ
expr_match�extend)Zpattern_dictZ	user_namer�exprrrr�get_values_of_matching_keysFs


�
r��__main__z/etc/salt/master)
F).r��loggingr
r��	threadingrrZ
salt.cacherZsalt.clientZsalt.configZsalt.payloadZsalt.pillarZsalt.utils.atomicfileZsalt.utils.filesZsalt.utils.minionsZsalt.utils.platformZsalt.utils.stringutilsZsalt.utils.verifyZsalt.exceptionsrZsalt.utils.cacherr�Zsalt.utils.processrZsalt.utils.zeromqr�	getLoggerr3rrrr(r/r�r�r�r�r�r�ZconfigZ
master_configrZconcr�rrrr�<module>
sP

















(+!D

�