File fix-for-some-cves-bsc1181550.patch of Package salt
From a74b74a640da563618783f309fe1eef391a98f41 Mon Sep 17 00:00:00 2001
From: "Daniel A. Wozniak" <dwozniak@vmware.com>
Date: Fri, 29 Jan 2021 14:30:27 -0700
Subject: [PATCH] Fix for some cves bsc1181550
CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144
CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284
CVE-2021-3197
---
salt/auth/__init__.py | 1 +
salt/client/mixins.py | 71 ++--
salt/client/ssh/client.py | 46 +++
salt/cloud/clouds/qingcloud.py | 57 +--
salt/cloud/clouds/vmware.py | 158 ++++----
salt/config/schemas/vcenter.py | 8 +-
salt/master.py | 2 +-
salt/modules/bigip.py | 25 +-
salt/modules/cmdmod.py | 29 +-
salt/modules/glassfish.py | 32 +-
salt/modules/keystone.py | 148 ++++----
salt/modules/restartcheck.py | 4 +-
salt/modules/vsphere.py | 660 ++++++++++++++++++++++++++++-----
salt/modules/zenoss.py | 26 +-
salt/pillar/vmware_pillar.py | 26 +-
salt/proxy/cimc.py | 31 +-
salt/proxy/panos.py | 28 +-
salt/proxy/vcenter.py | 6 +-
salt/returners/splunk.py | 34 +-
salt/runners/asam.py | 19 +-
salt/states/esxi.py | 228 ++++++------
salt/utils/http.py | 20 +
salt/utils/thin.py | 4 +-
salt/utils/vmware.py | 128 ++++---
salt/wheel/__init__.py | 12 +-
salt/wheel/pillar_roots.py | 21 +-
26 files changed, 1201 insertions(+), 623 deletions(-)
diff --git a/salt/auth/__init__.py b/salt/auth/__init__.py
index 22c54e8048..56f8bd57c8 100644
--- a/salt/auth/__init__.py
+++ b/salt/auth/__init__.py
@@ -270,6 +270,7 @@ class LoadAuth:
if rm_tok:
self.rm_token(tok)
+ return {}
return tdata
diff --git a/salt/client/mixins.py b/salt/client/mixins.py
index b33ee54f27..6f408adbba 100644
--- a/salt/client/mixins.py
+++ b/salt/client/mixins.py
@@ -1,10 +1,7 @@
-# coding: utf-8
"""
A collection of mixins useful for the various *Client interfaces
"""
-# Import Python libs
-from __future__ import absolute_import, print_function, unicode_literals, with_statement
import copy as pycopy
import fnmatch
@@ -14,10 +11,7 @@ import traceback
import weakref
from collections.abc import Mapping, MutableMapping
-# Import Salt libs
import salt.exceptions
-
-# Import 3rd-party libs
import salt.ext.tornado.stack_context
import salt.log.setup
import salt.minion
@@ -122,7 +116,7 @@ class ClientFuncsDict(MutableMapping):
return iter(self.client.functions)
-class SyncClientMixin(object):
+class SyncClientMixin:
"""
A mixin for *Client interfaces to abstract common function execution
"""
@@ -182,7 +176,7 @@ class SyncClientMixin(object):
)
if ret is None:
raise salt.exceptions.SaltClientTimeout(
- "RunnerClient job '{0}' timed out".format(job["jid"]),
+ "RunnerClient job '{}' timed out".format(job["jid"]),
jid=job["jid"],
)
@@ -281,7 +275,7 @@ class SyncClientMixin(object):
return True
try:
- return self.opts["{0}_returns".format(class_name)]
+ return self.opts["{}_returns".format(class_name)]
except KeyError:
# No such option, assume this isn't one we care about gating and
# just return True.
@@ -308,7 +302,7 @@ class SyncClientMixin(object):
tag = low.get("__tag__", salt.utils.event.tagify(jid, prefix=self.tag_prefix))
data = {
- "fun": "{0}.{1}".format(self.client, fun),
+ "fun": "{}.{}".format(self.client, fun),
"jid": jid,
"user": low.get("__user__", "UNKNOWN"),
}
@@ -353,14 +347,14 @@ class SyncClientMixin(object):
# namespace only once per module-- not per func
completed_funcs = []
- for mod_name in six.iterkeys(self_functions):
+ for mod_name in self_functions.keys():
if "." not in mod_name:
continue
mod, _ = mod_name.split(".", 1)
if mod in completed_funcs:
continue
completed_funcs.append(mod)
- for global_key, value in six.iteritems(func_globals):
+ for global_key, value in func_globals.items():
self.functions[mod_name].__globals__[global_key] = value
# There are some discrepancies of what a "low" structure is in the
@@ -398,7 +392,7 @@ class SyncClientMixin(object):
except TypeError as exc:
data[
"return"
- ] = "\nPassed invalid arguments: {0}\n\nUsage:\n{1}".format(
+ ] = "\nPassed invalid arguments: {}\n\nUsage:\n{}".format(
exc, func.__doc__
)
try:
@@ -413,9 +407,9 @@ class SyncClientMixin(object):
)
except (Exception, SystemExit) as ex: # pylint: disable=broad-except
if isinstance(ex, salt.exceptions.NotImplemented):
- data["return"] = six.text_type(ex)
+ data["return"] = str(ex)
else:
- data["return"] = "Exception occurred in {0} {1}: {2}".format(
+ data["return"] = "Exception occurred in {} {}: {}".format(
self.client, fun, traceback.format_exc(),
)
data["success"] = False
@@ -477,7 +471,7 @@ class SyncClientMixin(object):
return salt.utils.doc.strip_rst(docs)
-class AsyncClientMixin(object):
+class AsyncClientMixin:
"""
A mixin for *Client interfaces to enable easy asynchronous function execution
"""
@@ -485,10 +479,34 @@ class AsyncClientMixin(object):
client = None
tag_prefix = None
+ def _proc_function_remote(self, fun, low, user, tag, jid, daemonize=True):
+ """
+ Run this method in a multiprocess target to execute the function on the
+ master and fire the return data on the event bus
+ """
+ if daemonize and not salt.utils.platform.is_windows():
+ # Shutdown the multiprocessing before daemonizing
+ salt.log.setup.shutdown_multiprocessing_logging()
+
+ salt.utils.process.daemonize()
+
+ # Reconfigure multiprocessing logging after daemonizing
+ salt.log.setup.setup_multiprocessing_logging()
+
+ # pack a few things into low
+ low["__jid__"] = jid
+ low["__user__"] = user
+ low["__tag__"] = tag
+
+ try:
+ return self.cmd_sync(low)
+ except salt.exceptions.EauthAuthenticationError as exc:
+ log.error(exc)
+
def _proc_function(self, fun, low, user, tag, jid, daemonize=True):
"""
- Run this method in a multiprocess target to execute the function in a
- multiprocess and fire the return data on the event bus
+ Run this method in a multiprocess target to execute the function
+ locally and fire the return data on the event bus
"""
if daemonize and not salt.utils.platform.is_windows():
# Shutdown the multiprocessing before daemonizing
@@ -504,7 +522,7 @@ class AsyncClientMixin(object):
low["__user__"] = user
low["__tag__"] = tag
- return self.low(fun, low, full_return=False)
+ return self.low(fun, low)
def cmd_async(self, low):
"""
@@ -532,14 +550,18 @@ class AsyncClientMixin(object):
tag = salt.utils.event.tagify(jid, prefix=self.tag_prefix)
return {"tag": tag, "jid": jid}
- def asynchronous(self, fun, low, user="UNKNOWN", pub=None):
+ def asynchronous(self, fun, low, user="UNKNOWN", pub=None, local=True):
"""
Execute the function in a multiprocess and return the event tag to use
to watch for the return
"""
+ if local:
+ proc_func = self._proc_function
+ else:
+ proc_func = self._proc_function_remote
async_pub = pub if pub is not None else self._gen_async_pub()
proc = salt.utils.process.SignalHandlingProcess(
- target=self._proc_function,
+ target=proc_func,
name="ProcessFunc",
args=(fun, low, user, async_pub["tag"], async_pub["jid"]),
)
@@ -577,9 +599,10 @@ class AsyncClientMixin(object):
if suffix == "ret":
# Check if outputter was passed in the return data. If this is the case,
# then the return data will be a dict two keys: 'data' and 'outputter'
- if isinstance(event.get("return"), dict) and set(event["return"]) == set(
- ("data", "outputter")
- ):
+ if isinstance(event.get("return"), dict) and set(event["return"]) == {
+ "data",
+ "outputter",
+ }:
event_data = event["return"]["data"]
outputter = event["return"]["outputter"]
else:
diff --git a/salt/client/ssh/client.py b/salt/client/ssh/client.py
index d2dbdeb00e..2cf42f53e7 100644
--- a/salt/client/ssh/client.py
+++ b/salt/client/ssh/client.py
@@ -43,12 +43,58 @@ class SSHClient:
# Salt API should never offer a custom roster!
self.opts["__disable_custom_roster"] = disable_custom_roster
+ def sanitize_kwargs(self, kwargs):
+ roster_vals = [
+ ("host", str),
+ ("ssh_user", str),
+ ("ssh_passwd", str),
+ ("ssh_port", int),
+ ("ssh_sudo", bool),
+ ("ssh_sudo_user", str),
+ ("ssh_priv", str),
+ ("ssh_priv_passwd", str),
+ ("ssh_identities_only", bool),
+ ("ssh_remote_port_forwards", str),
+ ("ssh_options", list),
+ ("roster_file", str),
+ ("rosters", list),
+ ("ignore_host_keys", bool),
+ ("raw_shell", bool),
+ ]
+ sane_kwargs = {}
+ for name, kind in roster_vals:
+ if name not in kwargs:
+ continue
+ try:
+ val = kind(kwargs[name])
+ except ValueError:
+ log.warn("Unable to cast kwarg %s", name)
+ continue
+ if kind is bool or kind is int:
+ sane_kwargs[name] = val
+ elif kind is str:
+ if val.find("ProxyCommand") != -1:
+ log.warn("Filter unsafe value for kwarg %s", name)
+ continue
+ sane_kwargs[name] = val
+ elif kind is list:
+ sane_val = []
+ for item in val:
+ # This assumes the values are strings
+ if item.find("ProxyCommand") != -1:
+ log.warn("Filter unsafe value for kwarg %s", name)
+ continue
+ sane_val.append(item)
+ sane_kwargs[name] = sane_val
+ return sane_kwargs
+
def _prep_ssh(
self, tgt, fun, arg=(), timeout=None, tgt_type="glob", kwarg=None, **kwargs
):
"""
Prepare the arguments
"""
+ kwargs = self.sanitize_kwargs(kwargs)
opts = copy.deepcopy(self.opts)
opts.update(kwargs)
if timeout:
diff --git a/salt/cloud/clouds/qingcloud.py b/salt/cloud/clouds/qingcloud.py
index b388840dd5..f4632e167c 100644
--- a/salt/cloud/clouds/qingcloud.py
+++ b/salt/cloud/clouds/qingcloud.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
QingCloud Cloud Module
======================
@@ -26,8 +25,6 @@ Set up the cloud configuration at ``/etc/salt/cloud.providers`` or
:depends: requests
"""
-# Import python libs
-from __future__ import absolute_import, print_function, unicode_literals
import base64
import hmac
@@ -46,13 +43,9 @@ from salt.exceptions import (
SaltCloudNotFound,
SaltCloudSystemExit,
)
-
-# Import Salt Libs
-from salt.ext import six
from salt.ext.six.moves import range
from salt.ext.six.moves.urllib.parse import quote as _quote
-# Import Third Party Libs
try:
import requests
@@ -110,12 +103,12 @@ def _compute_signature(parameters, access_key_secret, method, path):
"""
parameters["signature_method"] = "HmacSHA256"
- string_to_sign = "{0}\n{1}\n".format(method.upper(), path)
+ string_to_sign = "{}\n{}\n".format(method.upper(), path)
keys = sorted(parameters.keys())
pairs = []
for key in keys:
- val = six.text_type(parameters[key]).encode("utf-8")
+ val = str(parameters[key]).encode("utf-8")
pairs.append(_quote(key, safe="") + "=" + _quote(val, safe="-_~"))
qs = "&".join(pairs)
string_to_sign += qs
@@ -141,6 +134,14 @@ def query(params=None):
"secret_access_key", get_configured_provider(), __opts__, search_global=False
)
+ verify_ssl = config.get_cloud_config_value(
+ "verify_ssl",
+ get_configured_provider(),
+ __opts__,
+ default=True,
+ search_global=False,
+ )
+
# public interface parameters
real_parameters = {
"access_key_id": access_key_id,
@@ -158,9 +159,9 @@ def query(params=None):
for sk, sv in value[i - 1].items():
if isinstance(sv, dict) or isinstance(sv, list):
sv = salt.utils.json.dumps(sv, separators=(",", ":"))
- real_parameters["{0}.{1}.{2}".format(key, i, sk)] = sv
+ real_parameters["{}.{}.{}".format(key, i, sk)] = sv
else:
- real_parameters["{0}.{1}".format(key, i)] = value[i - 1]
+ real_parameters["{}.{}".format(key, i)] = value[i - 1]
else:
real_parameters[key] = value
@@ -171,15 +172,15 @@ def query(params=None):
# print('parameters:')
# pprint.pprint(real_parameters)
- request = requests.get(path, params=real_parameters, verify=False)
+ request = requests.get(path, params=real_parameters, verify=verify_ssl)
# print('url:')
# print(request.url)
if request.status_code != 200:
raise SaltCloudSystemExit(
- "An error occurred while querying QingCloud. HTTP Code: {0} "
- "Error: '{1}'".format(request.status_code, request.text)
+ "An error occurred while querying QingCloud. HTTP Code: {} "
+ "Error: '{}'".format(request.status_code, request.text)
)
log.debug(request.url)
@@ -222,7 +223,7 @@ def avail_locations(call=None):
for region in items["zone_set"]:
result[region["zone_id"]] = {}
for key in region:
- result[region["zone_id"]][key] = six.text_type(region[key])
+ result[region["zone_id"]][key] = str(region[key])
return result
@@ -233,7 +234,7 @@ def _get_location(vm_=None):
"""
locations = avail_locations()
- vm_location = six.text_type(
+ vm_location = str(
config.get_cloud_config_value("zone", vm_, __opts__, search_global=False)
)
@@ -244,7 +245,7 @@ def _get_location(vm_=None):
return vm_location
raise SaltCloudNotFound(
- "The specified location, '{0}', could not be found.".format(vm_location)
+ "The specified location, '{}', could not be found.".format(vm_location)
)
@@ -302,7 +303,7 @@ def _get_image(vm_):
Return the VM's image. Used by create().
"""
images = avail_images()
- vm_image = six.text_type(
+ vm_image = str(
config.get_cloud_config_value("image", vm_, __opts__, search_global=False)
)
@@ -313,7 +314,7 @@ def _get_image(vm_):
return vm_image
raise SaltCloudNotFound(
- "The specified image, '{0}', could not be found.".format(vm_image)
+ "The specified image, '{}', could not be found.".format(vm_image)
)
@@ -424,7 +425,7 @@ def _get_size(vm_):
"""
sizes = avail_sizes()
- vm_size = six.text_type(
+ vm_size = str(
config.get_cloud_config_value("size", vm_, __opts__, search_global=False)
)
@@ -435,7 +436,7 @@ def _get_size(vm_):
return vm_size
raise SaltCloudNotFound(
- "The specified size, '{0}', could not be found.".format(vm_size)
+ "The specified size, '{}', could not be found.".format(vm_size)
)
@@ -616,7 +617,7 @@ def show_instance(instance_id, call=None, kwargs=None):
if items["total_count"] == 0:
raise SaltCloudNotFound(
- "The specified instance, '{0}', could not be found.".format(instance_id)
+ "The specified instance, '{}', could not be found.".format(instance_id)
)
full_node = items["instance_set"][0]
@@ -668,7 +669,7 @@ def create(vm_):
__utils__["cloud.fire_event"](
"event",
"starting create",
- "salt/cloud/{0}/creating".format(vm_["name"]),
+ "salt/cloud/{}/creating".format(vm_["name"]),
args=__utils__["cloud.filter_event"](
"creating", vm_, ["name", "profile", "provider", "driver"]
),
@@ -693,7 +694,7 @@ def create(vm_):
__utils__["cloud.fire_event"](
"event",
"requesting instance",
- "salt/cloud/{0}/requesting".format(vm_["name"]),
+ "salt/cloud/{}/requesting".format(vm_["name"]),
args={
"kwargs": __utils__["cloud.filter_event"](
"requesting", params, list(params)
@@ -724,7 +725,7 @@ def create(vm_):
except SaltCloudSystemExit:
pass
finally:
- raise SaltCloudSystemExit(six.text_type(exc))
+ raise SaltCloudSystemExit(str(exc))
private_ip = data["private_ips"][0]
@@ -742,7 +743,7 @@ def create(vm_):
__utils__["cloud.fire_event"](
"event",
"created instance",
- "salt/cloud/{0}/created".format(vm_["name"]),
+ "salt/cloud/{}/created".format(vm_["name"]),
args=__utils__["cloud.filter_event"](
"created", vm_, ["name", "profile", "provider", "driver"]
),
@@ -868,7 +869,7 @@ def destroy(instance_id, call=None):
__utils__["cloud.fire_event"](
"event",
"destroying instance",
- "salt/cloud/{0}/destroying".format(name),
+ "salt/cloud/{}/destroying".format(name),
args={"name": name},
sock_dir=__opts__["sock_dir"],
transport=__opts__["transport"],
@@ -884,7 +885,7 @@ def destroy(instance_id, call=None):
__utils__["cloud.fire_event"](
"event",
"destroyed instance",
- "salt/cloud/{0}/destroyed".format(name),
+ "salt/cloud/{}/destroyed".format(name),
args={"name": name},
sock_dir=__opts__["sock_dir"],
transport=__opts__["transport"],
diff --git a/salt/cloud/clouds/vmware.py b/salt/cloud/clouds/vmware.py
index edaca9618b..851579bf74 100644
--- a/salt/cloud/clouds/vmware.py
+++ b/salt/cloud/clouds/vmware.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
# pylint: disable=C0302
"""
VMware Cloud Module
@@ -114,8 +113,6 @@ To test the connection for ``my-vmware-config`` specified in the cloud
configuration, run :py:func:`test_vcenter_connection`
"""
-# Import python libs
-from __future__ import absolute_import, print_function, unicode_literals
import logging
import os.path
@@ -125,10 +122,7 @@ import subprocess
import time
from random import randint
-# Import salt cloud libs
import salt.config as config
-
-# Import salt libs
import salt.utils.cloud
import salt.utils.network
import salt.utils.stringutils
@@ -136,9 +130,6 @@ import salt.utils.vmware
import salt.utils.xmlutil
from salt.exceptions import SaltCloudSystemExit
-# Import 3rd-party libs
-from salt.ext import six
-
try:
# Attempt to import pyVmomi libs
from pyVmomi import vim # pylint: disable=no-name-in-module
@@ -230,7 +221,7 @@ def _str_to_bool(var):
if isinstance(var, bool):
return var
- if isinstance(var, six.string_types):
+ if isinstance(var, str):
return True if var.lower() == "true" else False
return None
@@ -260,9 +251,15 @@ def _get_si():
port = config.get_cloud_config_value(
"port", get_configured_provider(), __opts__, search_global=False, default=443
)
-
+ verify_ssl = config.get_cloud_config_value(
+ "verify_ssl",
+ get_configured_provider(),
+ __opts__,
+ search_global=False,
+ default=True,
+ )
return salt.utils.vmware.get_service_instance(
- url, username, password, protocol=protocol, port=port
+ url, username, password, protocol=protocol, port=port, verify_ssl=verify_ssl
)
@@ -299,7 +296,7 @@ def _add_new_hard_disk_helper(
disk_spec.device.key = random_key
disk_spec.device.deviceInfo = vim.Description()
disk_spec.device.deviceInfo.label = disk_label
- disk_spec.device.deviceInfo.summary = "{0} GB".format(size_gb)
+ disk_spec.device.deviceInfo.summary = "{} GB".format(size_gb)
disk_spec.device.backing = vim.vm.device.VirtualDisk.FlatVer2BackingInfo()
disk_spec.device.backing.thinProvisioned = thin_provision
@@ -320,7 +317,7 @@ def _add_new_hard_disk_helper(
if not datastore_cluster_ref:
# datastore/datastore cluster specified does not exist
raise SaltCloudSystemExit(
- "Specified datastore/datastore cluster ({0}) for disk ({1}) does not exist".format(
+ "Specified datastore/datastore cluster ({}) for disk ({}) does not exist".format(
datastore, disk_label
)
)
@@ -351,12 +348,12 @@ def _add_new_hard_disk_helper(
if not datastore_ref:
# datastore cluster specified does not have any accessible datastores
raise SaltCloudSystemExit(
- "Specified datastore cluster ({0}) for disk ({1}) does not have any accessible datastores available".format(
+ "Specified datastore cluster ({}) for disk ({}) does not have any accessible datastores available".format(
datastore, disk_label
)
)
- datastore_path = "[" + six.text_type(datastore_ref.name) + "] " + vm_name
+ datastore_path = "[" + str(datastore_ref.name) + "] " + vm_name
disk_spec.device.backing.fileName = datastore_path + "/" + disk_label + ".vmdk"
disk_spec.device.backing.datastore = datastore_ref
log.trace(
@@ -429,11 +426,11 @@ def _edit_existing_network_adapter(
else:
# If switch type not specified or does not match, show error and return
if not switch_type:
- err_msg = "The switch type to be used by '{0}' has not been specified".format(
+ err_msg = "The switch type to be used by '{}' has not been specified".format(
network_adapter.deviceInfo.label
)
else:
- err_msg = "Cannot create '{0}'. Invalid/unsupported switch type '{1}'".format(
+ err_msg = "Cannot create '{}'. Invalid/unsupported switch type '{}'".format(
network_adapter.deviceInfo.label, switch_type
)
raise SaltCloudSystemExit(err_msg)
@@ -516,11 +513,11 @@ def _add_new_network_adapter_helper(
else:
# If switch type not specified or does not match, show error and return
if not switch_type:
- err_msg = "The switch type to be used by '{0}' has not been specified".format(
+ err_msg = "The switch type to be used by '{}' has not been specified".format(
network_adapter_label
)
else:
- err_msg = "Cannot create '{0}'. Invalid/unsupported switch type '{1}'".format(
+ err_msg = "Cannot create '{}'. Invalid/unsupported switch type '{}'".format(
network_adapter_label, switch_type
)
raise SaltCloudSystemExit(err_msg)
@@ -572,11 +569,11 @@ def _add_new_scsi_controller_helper(scsi_controller_label, properties, bus_numbe
else:
# If type not specified or does not match, show error and return
if not adapter_type:
- err_msg = "The type of '{0}' has not been specified".format(
+ err_msg = "The type of '{}' has not been specified".format(
scsi_controller_label
)
else:
- err_msg = "Cannot create '{0}'. Invalid/unsupported type '{1}'".format(
+ err_msg = "Cannot create '{}'. Invalid/unsupported type '{}'".format(
scsi_controller_label, adapter_type
)
raise SaltCloudSystemExit(err_msg)
@@ -653,7 +650,7 @@ def _set_cd_or_dvd_backing_type(drive, device_type, mode, iso_path):
if datastore_ref:
drive.backing.datastore = datastore_ref
- drive.deviceInfo.summary = "ISO {0}".format(iso_path)
+ drive.deviceInfo.summary = "ISO {}".format(iso_path)
elif device_type == "client_device":
if mode == "passthrough":
@@ -735,8 +732,8 @@ def _set_network_adapter_mapping(adapter_specs):
gateway = adapter_specs["gateway"]
adapter_mapping.adapter.gateway = gateway
if "ip" in list(adapter_specs.keys()):
- ip = six.text_type(adapter_specs["ip"])
- subnet_mask = six.text_type(adapter_specs["subnet_mask"])
+ ip = str(adapter_specs["ip"])
+ subnet_mask = str(adapter_specs["subnet_mask"])
adapter_mapping.adapter.ip = vim.vm.customization.FixedIp(ipAddress=ip)
adapter_mapping.adapter.subnetMask = subnet_mask
else:
@@ -823,8 +820,8 @@ def _manage_devices(devices, vm=None, container_ref=None, new_vm_name=None):
if device.capacityInKB > size_kb:
raise SaltCloudSystemExit(
- "The specified disk size '{0}GB' for '{1}' is "
- "smaller than the disk image size '{2}GB'. It must "
+ "The specified disk size '{}GB' for '{}' is "
+ "smaller than the disk image size '{}GB'. It must "
"be equal to or greater than the disk image".format(
float(
devices["disk"][device.deviceInfo.label]["size"]
@@ -908,7 +905,7 @@ def _manage_devices(devices, vm=None, container_ref=None, new_vm_name=None):
else None
)
if bus_sharing and bus_sharing in ["virtual", "physical", "no"]:
- bus_sharing = "{0}Sharing".format(bus_sharing)
+ bus_sharing = "{}Sharing".format(bus_sharing)
if bus_sharing != device.sharedBus:
# Only edit the SCSI controller if bus_sharing is different
scsi_spec = _edit_existing_scsi_controller(
@@ -1112,7 +1109,7 @@ def _manage_devices(devices, vm=None, container_ref=None, new_vm_name=None):
ide_controllers[controller_key] = 0
break
else:
- for ide_controller_key, num_devices in six.iteritems(ide_controllers):
+ for ide_controller_key, num_devices in ide_controllers.items():
if num_devices < 2:
controller_key = ide_controller_key
break
@@ -1145,10 +1142,7 @@ def _wait_for_vmware_tools(vm_ref, max_wait):
vm_ref.name,
time_counter,
)
- if (
- six.text_type(vm_ref.summary.guest.toolsRunningStatus)
- == "guestToolsRunning"
- ):
+ if str(vm_ref.summary.guest.toolsRunningStatus) == "guestToolsRunning":
log.info(
"[ %s ] Successfully got VMware tools running on the guest in "
"%s seconds",
@@ -1314,23 +1308,21 @@ def _format_instance_info_select(vm, selection):
vm_select_info["id"] = vm["name"]
if "image" in selection:
- vm_select_info["image"] = "{0} (Detected)".format(
+ vm_select_info["image"] = "{} (Detected)".format(
defaultto(vm, "config.guestFullName")
)
if "size" in selection:
cpu = defaultto(vm, "config.hardware.numCPU")
- ram = "{0} MB".format(defaultto(vm, "config.hardware.memoryMB"))
- vm_select_info["size"] = "cpu: {0}\nram: {1}".format(cpu, ram)
+ ram = "{} MB".format(defaultto(vm, "config.hardware.memoryMB"))
+ vm_select_info["size"] = "cpu: {}\nram: {}".format(cpu, ram)
vm_select_info["size_dict"] = {
"cpu": cpu,
"memory": ram,
}
if "state" in selection:
- vm_select_info["state"] = six.text_type(
- defaultto(vm, "summary.runtime.powerState")
- )
+ vm_select_info["state"] = str(defaultto(vm, "summary.runtime.powerState"))
if "guest_id" in selection:
vm_select_info["guest_id"] = defaultto(vm, "config.guestId")
@@ -1342,9 +1334,7 @@ def _format_instance_info_select(vm, selection):
vm_select_info["path"] = defaultto(vm, "config.files.vmPathName")
if "tools_status" in selection:
- vm_select_info["tools_status"] = six.text_type(
- defaultto(vm, "guest.toolsStatus")
- )
+ vm_select_info["tools_status"] = str(defaultto(vm, "guest.toolsStatus"))
if "private_ips" in selection or "networks" in selection:
network_full_info = {}
@@ -1585,18 +1575,18 @@ def _format_instance_info(vm):
cpu = vm["config.hardware.numCPU"] if "config.hardware.numCPU" in vm else "N/A"
ram = (
- "{0} MB".format(vm["config.hardware.memoryMB"])
+ "{} MB".format(vm["config.hardware.memoryMB"])
if "config.hardware.memoryMB" in vm
else "N/A"
)
vm_full_info = {
- "id": six.text_type(vm["name"]),
- "image": "{0} (Detected)".format(vm["config.guestFullName"])
+ "id": str(vm["name"]),
+ "image": "{} (Detected)".format(vm["config.guestFullName"])
if "config.guestFullName" in vm
else "N/A",
- "size": "cpu: {0}\nram: {1}".format(cpu, ram),
+ "size": "cpu: {}\nram: {}".format(cpu, ram),
"size_dict": {"cpu": cpu, "memory": ram},
- "state": six.text_type(vm["summary.runtime.powerState"])
+ "state": str(vm["summary.runtime.powerState"])
if "summary.runtime.powerState" in vm
else "N/A",
"private_ips": ip_addresses,
@@ -1604,16 +1594,14 @@ def _format_instance_info(vm):
"devices": device_full_info,
"storage": storage_full_info,
"files": file_full_info,
- "guest_id": six.text_type(vm["config.guestId"])
- if "config.guestId" in vm
- else "N/A",
- "hostname": six.text_type(vm["object"].guest.hostName),
+ "guest_id": str(vm["config.guestId"]) if "config.guestId" in vm else "N/A",
+ "hostname": str(vm["object"].guest.hostName),
"mac_addresses": device_mac_addresses,
"networks": network_full_info,
- "path": six.text_type(vm["config.files.vmPathName"])
+ "path": str(vm["config.files.vmPathName"])
if "config.files.vmPathName" in vm
else "N/A",
- "tools_status": six.text_type(vm["guest.toolsStatus"])
+ "tools_status": str(vm["guest.toolsStatus"])
if "guest.toolsStatus" in vm
else "N/A",
}
@@ -1624,11 +1612,11 @@ def _format_instance_info(vm):
def _get_snapshots(snapshot_list, current_snapshot=None, parent_snapshot_path=""):
snapshots = {}
for snapshot in snapshot_list:
- snapshot_path = "{0}/{1}".format(parent_snapshot_path, snapshot.name)
+ snapshot_path = "{}/{}".format(parent_snapshot_path, snapshot.name)
snapshots[snapshot_path] = {
"name": snapshot.name,
"description": snapshot.description,
- "created": six.text_type(snapshot.createTime).split(".")[0],
+ "created": str(snapshot.createTime).split(".")[0],
"state": snapshot.state,
"path": snapshot_path,
}
@@ -1760,7 +1748,7 @@ def test_vcenter_connection(kwargs=None, call=None):
# Get the service instance object
_get_si()
except Exception as exc: # pylint: disable=broad-except
- return "failed to connect: {0}".format(exc)
+ return "failed to connect: {}".format(exc)
return "connection successful"
@@ -2000,18 +1988,18 @@ def list_nodes(kwargs=None, call=None):
for vm in vm_list:
cpu = vm["config.hardware.numCPU"] if "config.hardware.numCPU" in vm else "N/A"
ram = (
- "{0} MB".format(vm["config.hardware.memoryMB"])
+ "{} MB".format(vm["config.hardware.memoryMB"])
if "config.hardware.memoryMB" in vm
else "N/A"
)
vm_info = {
"id": vm["name"],
- "image": "{0} (Detected)".format(vm["config.guestFullName"])
+ "image": "{} (Detected)".format(vm["config.guestFullName"])
if "config.guestFullName" in vm
else "N/A",
- "size": "cpu: {0}\nram: {1}".format(cpu, ram),
+ "size": "cpu: {}\nram: {}".format(cpu, ram),
"size_dict": {"cpu": cpu, "memory": ram},
- "state": six.text_type(vm["summary.runtime.powerState"])
+ "state": str(vm["summary.runtime.powerState"])
if "summary.runtime.powerState" in vm
else "N/A",
"private_ips": [vm["guest.ipAddress"]] if "guest.ipAddress" in vm else [],
@@ -2660,7 +2648,7 @@ def destroy(name, call=None):
__utils__["cloud.fire_event"](
"event",
"destroying instance",
- "salt/cloud/{0}/destroying".format(name),
+ "salt/cloud/{}/destroying".format(name),
args={"name": name},
sock_dir=__opts__["sock_dir"],
transport=__opts__["transport"],
@@ -2706,7 +2694,7 @@ def destroy(name, call=None):
__utils__["cloud.fire_event"](
"event",
"destroyed instance",
- "salt/cloud/{0}/destroyed".format(name),
+ "salt/cloud/{}/destroyed".format(name),
args={"name": name},
sock_dir=__opts__["sock_dir"],
transport=__opts__["transport"],
@@ -2748,7 +2736,7 @@ def create(vm_):
__utils__["cloud.fire_event"](
"event",
"starting create",
- "salt/cloud/{0}/creating".format(vm_["name"]),
+ "salt/cloud/{}/creating".format(vm_["name"]),
args=__utils__["cloud.filter_event"](
"creating", vm_, ["name", "profile", "provider", "driver"]
),
@@ -2825,10 +2813,10 @@ def create(vm_):
"win_run_once", vm_, __opts__, search_global=False, default=None
)
cpu_hot_add = config.get_cloud_config_value(
- 'cpu_hot_add', vm_, __opts__, search_global=False, default=None
+ "cpu_hot_add", vm_, __opts__, search_global=False, default=None
)
mem_hot_add = config.get_cloud_config_value(
- 'mem_hot_add', vm_, __opts__, search_global=False, default=None
+ "mem_hot_add", vm_, __opts__, search_global=False, default=None
)
# Get service instance object
@@ -2988,7 +2976,7 @@ def create(vm_):
)
if not datastore_ref:
raise SaltCloudSystemExit(
- "Specified datastore: '{0}' does not exist".format(datastore)
+ "Specified datastore: '{}' does not exist".format(datastore)
)
if host:
@@ -3004,7 +2992,7 @@ def create(vm_):
# If the hardware version is specified and if it is different from the current
# hardware version, then schedule a hardware version upgrade
if hardware_version and object_ref is not None:
- hardware_version = "vmx-{0:02}".format(hardware_version)
+ hardware_version = "vmx-{:02}".format(hardware_version)
if hardware_version != object_ref.config.version:
log.debug(
"Scheduling hardware version upgrade from %s to %s",
@@ -3034,7 +3022,7 @@ def create(vm_):
elif memory_unit.lower() == "gb":
memory_mb = int(float(memory_num) * 1024.0)
else:
- err_msg = "Invalid memory type specified: '{0}'".format(memory_unit)
+ err_msg = "Invalid memory type specified: '{}'".format(memory_unit)
log.error(err_msg)
return {"Error": err_msg}
except (TypeError, ValueError):
@@ -3048,19 +3036,19 @@ def create(vm_):
)
config_spec.deviceChange = specs["device_specs"]
- if cpu_hot_add and hasattr(config_spec, 'cpuHotAddEnabled'):
+ if cpu_hot_add and hasattr(config_spec, "cpuHotAddEnabled"):
config_spec.cpuHotAddEnabled = bool(cpu_hot_add)
- if mem_hot_add and hasattr(config_spec, 'memoryHotAddEnabled'):
+ if mem_hot_add and hasattr(config_spec, "memoryHotAddEnabled"):
config_spec.memoryHotAddEnabled = bool(mem_hot_add)
if extra_config:
- for key, value in six.iteritems(extra_config):
+ for key, value in extra_config.items():
option = vim.option.OptionValue(key=key, value=value)
config_spec.extraConfig.append(option)
if annotation:
- config_spec.annotation = six.text_type(annotation)
+ config_spec.annotation = str(annotation)
if "clonefrom" in vm_:
clone_spec = handle_snapshot(config_spec, object_ref, reloc_spec, template, vm_)
@@ -3137,7 +3125,7 @@ def create(vm_):
__utils__["cloud.fire_event"](
"event",
"requesting instance",
- "salt/cloud/{0}/requesting".format(vm_["name"]),
+ "salt/cloud/{}/requesting".format(vm_["name"]),
args=__utils__["cloud.filter_event"](
"requesting", event_kwargs, list(event_kwargs)
),
@@ -3190,7 +3178,7 @@ def create(vm_):
task = folder_ref.CreateVM_Task(config_spec, resourcepool_ref)
salt.utils.vmware.wait_for_task(task, vm_name, "create", 15, "info")
except Exception as exc: # pylint: disable=broad-except
- err_msg = "Error creating {0}: {1}".format(vm_["name"], exc)
+ err_msg = "Error creating {}: {}".format(vm_["name"], exc)
log.error(
err_msg,
# Show the traceback if the debug logging level is enabled
@@ -3235,7 +3223,7 @@ def create(vm_):
__utils__["cloud.fire_event"](
"event",
"created instance",
- "salt/cloud/{0}/created".format(vm_["name"]),
+ "salt/cloud/{}/created".format(vm_["name"]),
args=__utils__["cloud.filter_event"](
"created", vm_, ["name", "profile", "provider", "driver"]
),
@@ -3267,7 +3255,7 @@ def handle_snapshot(config_spec, object_ref, reloc_spec, template, vm_):
raise SaltCloudSystemExit(
"Invalid disk move type specified"
" supported types are"
- " {0}".format(" ".join(allowed_types))
+ " {}".format(" ".join(allowed_types))
)
return clone_spec
@@ -3470,7 +3458,7 @@ def rescan_hba(kwargs=None, call=None):
if hba:
log.info("Rescanning HBA %s on host %s", hba, host_name)
host_ref.configManager.storageSystem.RescanHba(hba)
- ret = "rescanned HBA {0}".format(hba)
+ ret = "rescanned HBA {}".format(hba)
else:
log.info("Rescanning all HBAs on host %s", host_name)
host_ref.configManager.storageSystem.RescanAllHba()
@@ -3749,7 +3737,7 @@ def list_hbas(kwargs=None, call=None):
if hba_type and hba_type not in ["parallel", "block", "iscsi", "fibre"]:
raise SaltCloudSystemExit(
- "Specified hba type {0} currently not supported.".format(hba_type)
+ "Specified hba type {} currently not supported.".format(hba_type)
)
host_list = salt.utils.vmware.get_mors_with_properties(
@@ -4124,10 +4112,10 @@ def revert_to_snapshot(name, kwargs=None, call=None):
task = vm_ref.RevertToCurrentSnapshot(suppressPowerOn=suppress_power_on)
else:
log.debug("Reverting VM %s to snapshot %s", name, snapshot_name)
- msg = "reverted to snapshot {0}".format(snapshot_name)
+ msg = "reverted to snapshot {}".format(snapshot_name)
snapshot_ref = _get_snapshot_ref_by_name(vm_ref, snapshot_name)
if snapshot_ref is None:
- return "specified snapshot '{0}' does not exist".format(snapshot_name)
+ return "specified snapshot '{}' does not exist".format(snapshot_name)
task = snapshot_ref.snapshot.Revert(suppressPowerOn=suppress_power_on)
salt.utils.vmware.wait_for_task(task, name, "revert to snapshot", 5, "info")
@@ -4265,7 +4253,7 @@ def convert_to_template(name, kwargs=None, call=None):
vm_ref = salt.utils.vmware.get_mor_by_property(_get_si(), vim.VirtualMachine, name)
if vm_ref.config.template:
- raise SaltCloudSystemExit("{0} already a template".format(name))
+ raise SaltCloudSystemExit("{} already a template".format(name))
try:
vm_ref.MarkAsTemplate()
@@ -4279,7 +4267,7 @@ def convert_to_template(name, kwargs=None, call=None):
)
return "failed to convert to teamplate"
- return "{0} converted to template".format(name)
+ return "{} converted to template".format(name)
def add_host(kwargs=None, call=None):
@@ -4399,7 +4387,7 @@ def add_host(kwargs=None, call=None):
("echo", "-n"), stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
p2 = subprocess.Popen(
- ("openssl", "s_client", "-connect", "{0}:443".format(host_name)),
+ ("openssl", "s_client", "-connect", "{}:443".format(host_name)),
stdin=p1.stdout,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
@@ -4429,12 +4417,12 @@ def add_host(kwargs=None, call=None):
try:
if cluster_name:
task = cluster_ref.AddHost(spec=spec, asConnected=True)
- ret = "added host system to cluster {0}".format(cluster_name)
+ ret = "added host system to cluster {}".format(cluster_name)
if datacenter_name:
task = datacenter_ref.hostFolder.AddStandaloneHost(
spec=spec, addConnected=True
)
- ret = "added host system to datacenter {0}".format(datacenter_name)
+ ret = "added host system to datacenter {}".format(datacenter_name)
salt.utils.vmware.wait_for_task(task, host_name, "add host system", 5, "info")
except Exception as exc: # pylint: disable=broad-except
if isinstance(exc, vim.fault.SSLVerifyFault):
diff --git a/salt/config/schemas/vcenter.py b/salt/config/schemas/vcenter.py
index 7db8b67c41..bd82bd1761 100644
--- a/salt/config/schemas/vcenter.py
+++ b/salt/config/schemas/vcenter.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
:codeauthor: :email:`Rod McKenzie (roderick.mckenzie@morganstanley.com)`
:codeauthor: :email:`Alexandru Bleotu (alexandru.bleotu@morganstanley.com)`
@@ -9,11 +8,8 @@
VCenter configuration schemas
"""
-# Import Python libs
-from __future__ import absolute_import, print_function, unicode_literals
-# Import Salt libs
-from salt.utils.schema import ArrayItem, IntegerItem, Schema, StringItem
+from salt.utils.schema import ArrayItem, BooleanItem, IntegerItem, Schema, StringItem
class VCenterEntitySchema(Schema):
@@ -48,6 +44,8 @@ class VCenterProxySchema(Schema):
mechanism = StringItem(required=True, enum=["userpass", "sspi"])
username = StringItem()
passwords = ArrayItem(min_items=1, items=StringItem(), unique_items=True)
+ verify_ssl = BooleanItem()
+ ca_bundle = StringItem()
domain = StringItem()
principal = StringItem(default="host")
diff --git a/salt/master.py b/salt/master.py
index 59bb19ce75..fc103ac489 100644
--- a/salt/master.py
+++ b/salt/master.py
@@ -2126,7 +2126,7 @@ class ClearFuncs(TransportMethods):
fun = clear_load.pop("fun")
runner_client = salt.runner.RunnerClient(self.opts)
return runner_client.asynchronous(
- fun, clear_load.get("kwarg", {}), username
+ fun, clear_load.get("kwarg", {}), username, local=True
)
except Exception as exc: # pylint: disable=broad-except
log.error("Exception occurred while introspecting %s: %s", fun, exc)
diff --git a/salt/modules/bigip.py b/salt/modules/bigip.py
index 2b54e4d27c..36168d66b4 100644
--- a/salt/modules/bigip.py
+++ b/salt/modules/bigip.py
@@ -1,21 +1,14 @@
-# -*- coding: utf-8 -*-
"""
An execution module which can manipulate an f5 bigip via iControl REST
:maturity: develop
:platform: f5_bigip_11.6
"""
-# Import python libs
-from __future__ import absolute_import, print_function, unicode_literals
-# Import salt libs
import salt.exceptions
import salt.utils.json
-
-# Import 3rd-party libs
from salt.ext import six
-# Import third party libs
try:
import requests
import requests.exceptions
@@ -52,7 +45,7 @@ def _build_session(username, password, trans_label=None):
bigip = requests.session()
bigip.auth = (username, password)
- bigip.verify = False
+ bigip.verify = True
bigip.headers.update({"Content-Type": "application/json"})
if trans_label:
@@ -109,7 +102,7 @@ def _loop_payload(params):
payload = {}
# set the payload
- for param, value in six.iteritems(params):
+ for param, value in params.items():
if value is not None:
payload[param] = value
@@ -153,7 +146,7 @@ def _determine_toggles(payload, toggles):
Figure out what it likes to hear without confusing the user.
"""
- for toggle, definition in six.iteritems(toggles):
+ for toggle, definition in toggles.items():
# did the user specify anything?
if definition["value"] is not None:
# test for yes_no toggle
@@ -1046,7 +1039,7 @@ def replace_pool_members(hostname, username, password, name, members):
# specify members if provided
if members is not None:
- if isinstance(members, six.string_types):
+ if isinstance(members, str):
members = members.split(",")
pool_members = []
@@ -1583,7 +1576,7 @@ def create_virtual(
payload["vlans"] = "none"
elif vlans == "default":
payload["vlans"] = "default"
- elif isinstance(vlans, six.string_types) and (
+ elif isinstance(vlans, str) and (
vlans.startswith("enabled") or vlans.startswith("disabled")
):
try:
@@ -2016,7 +2009,7 @@ def create_monitor(hostname, username, password, monitor_type, name, **kwargs):
# there's a ton of different monitors and a ton of options for each type of monitor.
# this logic relies that the end user knows which options are meant for which monitor types
- for key, value in six.iteritems(kwargs):
+ for key, value in kwargs.items():
if not key.startswith("__"):
if key not in ["hostname", "username", "password", "type"]:
key = key.replace("_", "-")
@@ -2067,7 +2060,7 @@ def modify_monitor(hostname, username, password, monitor_type, name, **kwargs):
# there's a ton of different monitors and a ton of options for each type of monitor.
# this logic relies that the end user knows which options are meant for which monitor types
- for key, value in six.iteritems(kwargs):
+ for key, value in kwargs.items():
if not key.startswith("__"):
if key not in ["hostname", "username", "password", "type", "name"]:
key = key.replace("_", "-")
@@ -2231,7 +2224,7 @@ def create_profile(hostname, username, password, profile_type, name, **kwargs):
# there's a ton of different profiles and a ton of options for each type of profile.
# this logic relies that the end user knows which options are meant for which profile types
- for key, value in six.iteritems(kwargs):
+ for key, value in kwargs.items():
if not key.startswith("__"):
if key not in ["hostname", "username", "password", "profile_type"]:
key = key.replace("_", "-")
@@ -2322,7 +2315,7 @@ def modify_profile(hostname, username, password, profile_type, name, **kwargs):
# there's a ton of different profiles and a ton of options for each type of profile.
# this logic relies that the end user knows which options are meant for which profile types
- for key, value in six.iteritems(kwargs):
+ for key, value in kwargs.items():
if not key.startswith("__"):
if key not in ["hostname", "username", "password", "profile_type"]:
key = key.replace("_", "-")
diff --git a/salt/modules/cmdmod.py b/salt/modules/cmdmod.py
index c8eb4d2305..bbc303c3f8 100644
--- a/salt/modules/cmdmod.py
+++ b/salt/modules/cmdmod.py
@@ -77,6 +77,12 @@ def __virtual__():
return __virtualname__
+def _log_cmd(cmd):
+ if not isinstance(cmd, list):
+ return cmd.split()[0].strip()
+ return cmd[0].strip()
+
+
def _check_cb(cb_):
"""
If the callback is None or is not callable, return a lambda that returns
@@ -386,22 +392,13 @@ def _run(
)
env[bad_env_key] = ""
- def _get_stripped(cmd):
- # Return stripped command string copies to improve logging.
- if isinstance(cmd, list):
- return [x.strip() if isinstance(x, str) else x for x in cmd]
- elif isinstance(cmd, str):
- return cmd.strip()
- else:
- return cmd
-
if output_loglevel is not None:
# Always log the shell commands at INFO unless quiet logging is
# requested. The command output is what will be controlled by the
# 'loglevel' parameter.
msg = "Executing command {}{}{} {}{}in directory '{}'{}".format(
"'" if not isinstance(cmd, list) else "",
- _get_stripped(cmd),
+ _log_cmd(cmd),
"'" if not isinstance(cmd, list) else "",
"as user '{}' ".format(runas) if runas else "",
"in group '{}' ".format(group) if group else "",
@@ -723,7 +720,7 @@ def _run(
log.error(
"Failed to decode stdout from command %s, non-decodable "
"characters have been replaced",
- cmd,
+ _log_cmd(cmd),
)
try:
@@ -741,7 +738,7 @@ def _run(
log.error(
"Failed to decode stderr from command %s, non-decodable "
"characters have been replaced",
- cmd,
+ _log_cmd(cmd),
)
if rstrip:
@@ -841,7 +838,9 @@ def _run(
if not ignore_retcode and ret["retcode"] != 0:
if output_loglevel < LOG_LEVELS["error"]:
output_loglevel = LOG_LEVELS["error"]
- msg = "Command '{}' failed with return code: {}".format(cmd, ret["retcode"])
+ msg = "Command '{}' failed with return code: {}".format(
+ _log_cmd(cmd), ret["retcode"]
+ )
log.error(log_callback(msg))
if ret["stdout"]:
log.log(output_loglevel, "stdout: %s", log_callback(ret["stdout"]))
@@ -1211,7 +1210,9 @@ def run(
if not ignore_retcode and ret["retcode"] != 0:
if lvl < LOG_LEVELS["error"]:
lvl = LOG_LEVELS["error"]
- msg = "Command '{}' failed with return code: {}".format(cmd, ret["retcode"])
+ msg = "Command '{}' failed with return code: {}".format(
+ _log_cmd(cmd), ret["retcode"]
+ )
log.error(log_callback(msg))
if raise_err:
raise CommandExecutionError(
diff --git a/salt/modules/glassfish.py b/salt/modules/glassfish.py
index 44df1d3cbb..59a171d2e6 100644
--- a/salt/modules/glassfish.py
+++ b/salt/modules/glassfish.py
@@ -1,10 +1,8 @@
-# -*- coding: utf-8 -*-
"""
Module for working with the Glassfish/Payara 4.x management API
.. versionadded:: Carbon
:depends: requests
"""
-from __future__ import absolute_import, print_function, unicode_literals
import salt.defaults.exitcodes
import salt.utils.json
@@ -42,7 +40,7 @@ def __virtual__():
else:
return (
False,
- 'The "{0}" module could not be loaded: '
+ 'The "{}" module could not be loaded: '
'"requests" is not installed.'.format(__virtualname__),
)
@@ -73,9 +71,9 @@ def _get_url(ssl, url, port, path):
Returns the URL of the endpoint
"""
if ssl:
- return "https://{0}:{1}/management/domain/{2}".format(url, port, path)
+ return "https://{}:{}/management/domain/{}".format(url, port, path)
else:
- return "http://{0}:{1}/management/domain/{2}".format(url, port, path)
+ return "http://{}:{}/management/domain/{}".format(url, port, path)
def _get_server(server):
@@ -128,7 +126,7 @@ def _api_get(path, server=None):
url=_get_url(server["ssl"], server["url"], server["port"], path),
auth=_get_auth(server["user"], server["password"]),
headers=_get_headers(),
- verify=False,
+ verify=True,
)
return _api_response(response)
@@ -143,7 +141,7 @@ def _api_post(path, data, server=None):
auth=_get_auth(server["user"], server["password"]),
headers=_get_headers(),
data=salt.utils.json.dumps(data),
- verify=False,
+ verify=True,
)
return _api_response(response)
@@ -158,7 +156,7 @@ def _api_delete(path, data, server=None):
auth=_get_auth(server["user"], server["password"]),
headers=_get_headers(),
params=data,
- verify=False,
+ verify=True,
)
return _api_response(response)
@@ -183,7 +181,7 @@ def _get_element_properties(name, element_type, server=None):
Get an element's properties
"""
properties = {}
- data = _api_get("{0}/{1}/property".format(element_type, name), server)
+ data = _api_get("{}/{}/property".format(element_type, name), server)
# Get properties into a dict
if any(data["extraProperties"]["properties"]):
@@ -199,7 +197,7 @@ def _get_element(name, element_type, server=None, with_properties=True):
"""
element = {}
name = quote(name, safe="")
- data = _api_get("{0}/{1}".format(element_type, name), server)
+ data = _api_get("{}/{}".format(element_type, name), server)
# Format data, get properties if asked, and return the whole thing
if any(data["extraProperties"]["entity"]):
@@ -220,9 +218,9 @@ def _create_element(name, element_type, data, server=None):
data["property"] = ""
for key, value in data["properties"].items():
if not data["property"]:
- data["property"] += "{0}={1}".format(key, value.replace(":", "\\:"))
+ data["property"] += "{}={}".format(key, value.replace(":", "\\:"))
else:
- data["property"] += ":{0}={1}".format(key, value.replace(":", "\\:"))
+ data["property"] += ":{}={}".format(key, value.replace(":", "\\:"))
del data["properties"]
# Send request
@@ -242,7 +240,7 @@ def _update_element(name, element_type, data, server=None):
properties = []
for key, value in data["properties"].items():
properties.append({"name": key, "value": value})
- _api_post("{0}/{1}/property".format(element_type, name), properties, server)
+ _api_post("{}/{}/property".format(element_type, name), properties, server)
del data["properties"]
# If the element only contained properties
@@ -255,10 +253,10 @@ def _update_element(name, element_type, data, server=None):
update_data.update(data)
else:
__context__["retcode"] = salt.defaults.exitcodes.SALT_BUILD_FAIL
- raise CommandExecutionError("Cannot update {0}".format(name))
+ raise CommandExecutionError("Cannot update {}".format(name))
# Finally, update the element
- _api_post("{0}/{1}".format(element_type, name), _clean_data(update_data), server)
+ _api_post("{}/{}".format(element_type, name), _clean_data(update_data), server)
return unquote(name)
@@ -266,7 +264,7 @@ def _delete_element(name, element_type, data, server=None):
"""
Delete an element
"""
- _api_delete("{0}/{1}".format(element_type, quote(name, safe="")), data, server)
+ _api_delete("{}/{}".format(element_type, quote(name, safe="")), data, server)
return name
@@ -692,4 +690,4 @@ def delete_system_properties(name, server=None):
"""
Delete a system property
"""
- _api_delete("system-properties/{0}".format(name), None, server)
+ _api_delete("system-properties/{}".format(name), None, server)
diff --git a/salt/modules/keystone.py b/salt/modules/keystone.py
index 52cb461339..e8dd2fd99d 100644
--- a/salt/modules/keystone.py
+++ b/salt/modules/keystone.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Module for handling openstack keystone calls.
@@ -13,6 +12,7 @@ Module for handling openstack keystone calls.
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
+ keystone.verify_ssl: True
OR (for token based authentication)
@@ -32,6 +32,7 @@ Module for handling openstack keystone calls.
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
+ keystone.verify_ssl: True
openstack2:
keystone.user: admin
@@ -39,6 +40,7 @@ Module for handling openstack keystone calls.
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
+ keystone.verify_ssl: True
With this configuration in place, any of the keystone functions can make use
of a configuration profile by declaring it explicitly.
@@ -49,17 +51,11 @@ Module for handling openstack keystone calls.
salt '*' keystone.tenant_list profile=openstack1
"""
-# Import Python libs
-from __future__ import absolute_import, print_function, unicode_literals
import logging
-# Import Salt Libs
import salt.utils.http
-# Import 3rd-party libs
-from salt.ext import six
-
HAS_KEYSTONE = False
try:
# pylint: disable=import-error
@@ -125,6 +121,7 @@ def _get_kwargs(profile=None, **connection_args):
endpoint = get("endpoint", "http://127.0.0.1:35357/v2.0")
user_domain_name = get("user_domain_name", "Default")
project_domain_name = get("project_domain_name", "Default")
+ verify_ssl = get("verify_ssl", True)
if token:
kwargs = {"token": token, "endpoint": endpoint}
else:
@@ -141,6 +138,7 @@ def _get_kwargs(profile=None, **connection_args):
# this ensures it's only passed in when defined
if insecure:
kwargs["insecure"] = True
+ kwargs["verify_ssl"] = verify_ssl
return kwargs
@@ -158,7 +156,7 @@ def api_version(profile=None, **connection_args):
auth_url = kwargs.get("auth_url", kwargs.get("endpoint", None))
try:
return salt.utils.http.query(
- auth_url, decode=True, decode_type="json", verify_ssl=False
+ auth_url, decode=True, decode_type="json", verify_ssl=kwargs["verify_ssl"]
)["dict"]["version"]["id"]
except KeyError:
return None
@@ -269,7 +267,7 @@ def ec2_credentials_delete(
if not user_id:
return {"Error": "Could not resolve User ID"}
kstone.ec2.delete(user_id, access_key)
- return 'ec2 key "{0}" deleted under user id "{1}"'.format(access_key, user_id)
+ return 'ec2 key "{}" deleted under user id "{}"'.format(access_key, user_id)
def ec2_credentials_get(
@@ -373,7 +371,7 @@ def endpoint_get(service, region=None, profile=None, interface=None, **connectio
]
if len(e) > 1:
return {
- "Error": "Multiple endpoints found ({0}) for the {1} service. Please specify region.".format(
+ "Error": "Multiple endpoints found ({}) for the {} service. Please specify region.".format(
e, service
)
}
@@ -396,12 +394,12 @@ def endpoint_list(profile=None, **connection_args):
ret = {}
for endpoint in kstone.endpoints.list():
- ret[endpoint.id] = dict(
- (value, getattr(endpoint, value))
+ ret[endpoint.id] = {
+ value: getattr(endpoint, value)
for value in dir(endpoint)
if not value.startswith("_")
- and isinstance(getattr(endpoint, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(endpoint, value), (str, dict, bool))
+ }
return ret
@@ -487,7 +485,7 @@ def role_create(name, profile=None, **connection_args):
kstone = auth(profile, **connection_args)
if "Error" not in role_get(name=name, profile=profile, **connection_args):
- return {"Error": 'Role "{0}" already exists'.format(name)}
+ return {"Error": 'Role "{}" already exists'.format(name)}
kstone.roles.create(name)
return role_get(name=name, profile=profile, **connection_args)
@@ -518,9 +516,9 @@ def role_delete(role_id=None, name=None, profile=None, **connection_args):
role = kstone.roles.get(role_id)
kstone.roles.delete(role)
- ret = "Role ID {0} deleted".format(role_id)
+ ret = "Role ID {} deleted".format(role_id)
if name:
- ret += " ({0})".format(name)
+ ret += " ({})".format(name)
return ret
@@ -564,12 +562,12 @@ def role_list(profile=None, **connection_args):
kstone = auth(profile, **connection_args)
ret = {}
for role in kstone.roles.list():
- ret[role.name] = dict(
- (value, getattr(role, value))
+ ret[role.name] = {
+ value: getattr(role, value)
for value in dir(role)
if not value.startswith("_")
- and isinstance(getattr(role, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(role, value), (str, dict, bool))
+ }
return ret
@@ -608,7 +606,7 @@ def service_delete(service_id=None, name=None, profile=None, **connection_args):
"id"
]
kstone.services.delete(service_id)
- return 'Keystone service ID "{0}" deleted'.format(service_id)
+ return 'Keystone service ID "{}" deleted'.format(service_id)
def service_get(service_id=None, name=None, profile=None, **connection_args):
@@ -633,12 +631,12 @@ def service_get(service_id=None, name=None, profile=None, **connection_args):
if not service_id:
return {"Error": "Unable to resolve service id"}
service = kstone.services.get(service_id)
- ret[service.name] = dict(
- (value, getattr(service, value))
+ ret[service.name] = {
+ value: getattr(service, value)
for value in dir(service)
if not value.startswith("_")
- and isinstance(getattr(service, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(service, value), (str, dict, bool))
+ }
return ret
@@ -655,12 +653,12 @@ def service_list(profile=None, **connection_args):
kstone = auth(profile, **connection_args)
ret = {}
for service in kstone.services.list():
- ret[service.name] = dict(
- (value, getattr(service, value))
+ ret[service.name] = {
+ value: getattr(service, value)
for value in dir(service)
if not value.startswith("_")
- and isinstance(getattr(service, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(service, value), (str, dict, bool))
+ }
return ret
@@ -741,10 +739,10 @@ def tenant_delete(tenant_id=None, name=None, profile=None, **connection_args):
if not tenant_id:
return {"Error": "Unable to resolve tenant id"}
getattr(kstone, _TENANTS, None).delete(tenant_id)
- ret = "Tenant ID {0} deleted".format(tenant_id)
+ ret = "Tenant ID {} deleted".format(tenant_id)
if name:
- ret += " ({0})".format(name)
+ ret += " ({})".format(name)
return ret
@@ -805,12 +803,12 @@ def tenant_get(tenant_id=None, name=None, profile=None, **connection_args):
if not tenant_id:
return {"Error": "Unable to resolve tenant id"}
tenant = getattr(kstone, _TENANTS, None).get(tenant_id)
- ret[tenant.name] = dict(
- (value, getattr(tenant, value))
+ ret[tenant.name] = {
+ value: getattr(tenant, value)
for value in dir(tenant)
if not value.startswith("_")
- and isinstance(getattr(tenant, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(tenant, value), (str, dict, bool))
+ }
return ret
@@ -863,12 +861,12 @@ def tenant_list(profile=None, **connection_args):
ret = {}
for tenant in getattr(kstone, _TENANTS, None).list():
- ret[tenant.name] = dict(
- (value, getattr(tenant, value))
+ ret[tenant.name] = {
+ value: getattr(tenant, value)
for value in dir(tenant)
if not value.startswith("_")
- and isinstance(getattr(tenant, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(tenant, value), (str, dict, bool))
+ }
return ret
@@ -938,12 +936,12 @@ def tenant_update(
tenant_id, name=name, description=description, enabled=enabled
)
- return dict(
- (value, getattr(updated, value))
+ return {
+ value: getattr(updated, value)
for value in dir(updated)
if not value.startswith("_")
- and isinstance(getattr(updated, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(updated, value), (str, dict, bool))
+ }
def project_update(
@@ -1034,12 +1032,12 @@ def user_list(profile=None, **connection_args):
kstone = auth(profile, **connection_args)
ret = {}
for user in kstone.users.list():
- ret[user.name] = dict(
- (value, getattr(user, value, None))
+ ret[user.name] = {
+ value: getattr(user, value, None)
for value in dir(user)
if not value.startswith("_")
- and isinstance(getattr(user, value, None), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(user, value, None), (str, dict, bool))
+ }
tenant_id = getattr(user, "tenantId", None)
if tenant_id:
ret[user.name]["tenant_id"] = tenant_id
@@ -1070,16 +1068,16 @@ def user_get(user_id=None, name=None, profile=None, **connection_args):
try:
user = kstone.users.get(user_id)
except keystoneclient.exceptions.NotFound:
- msg = "Could not find user '{0}'".format(user_id)
+ msg = "Could not find user '{}'".format(user_id)
log.error(msg)
return {"Error": msg}
- ret[user.name] = dict(
- (value, getattr(user, value, None))
+ ret[user.name] = {
+ value: getattr(user, value, None)
for value in dir(user)
if not value.startswith("_")
- and isinstance(getattr(user, value, None), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(user, value, None), (str, dict, bool))
+ }
tenant_id = getattr(user, "tenantId", None)
if tenant_id:
@@ -1153,10 +1151,10 @@ def user_delete(user_id=None, name=None, profile=None, **connection_args):
if not user_id:
return {"Error": "Unable to resolve user id"}
kstone.users.delete(user_id)
- ret = "User ID {0} deleted".format(user_id)
+ ret = "User ID {} deleted".format(user_id)
if name:
- ret += " ({0})".format(name)
+ ret += " ({})".format(name)
return ret
@@ -1204,7 +1202,7 @@ def user_update(
if description is None:
description = getattr(user, "description", None)
else:
- description = six.text_type(description)
+ description = str(description)
project_id = None
if project:
@@ -1235,7 +1233,7 @@ def user_update(
if tenant_id:
kstone.users.update_tenant(user_id, tenant_id)
- ret = "Info updated for user ID {0}".format(user_id)
+ ret = "Info updated for user ID {}".format(user_id)
return ret
@@ -1313,9 +1311,9 @@ def user_password_update(
kstone.users.update(user=user_id, password=password)
else:
kstone.users.update_password(user=user_id, password=password)
- ret = "Password updated for user ID {0}".format(user_id)
+ ret = "Password updated for user ID {}".format(user_id)
if name:
- ret += " ({0})".format(name)
+ ret += " ({})".format(name)
return ret
@@ -1356,9 +1354,9 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4
"id"
)
else:
- user = next(
- six.iterkeys(user_get(user_id, profile=profile, **connection_args))
- )["name"]
+ user = next(iter(user_get(user_id, profile=profile, **connection_args).keys()))[
+ "name"
+ ]
if not user_id:
return {"Error": "Unable to resolve user id"}
@@ -1368,7 +1366,7 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4
].get("id")
else:
tenant = next(
- six.iterkeys(tenant_get(tenant_id, profile=profile, **connection_args))
+ iter(tenant_get(tenant_id, profile=profile, **connection_args).keys())
)["name"]
if not tenant_id:
return {"Error": "Unable to resolve tenant/project id"}
@@ -1376,9 +1374,9 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4
if role:
role_id = role_get(name=role, profile=profile, **connection_args)[role]["id"]
else:
- role = next(
- six.iterkeys(role_get(role_id, profile=profile, **connection_args))
- )["name"]
+ role = next(iter(role_get(role_id, profile=profile, **connection_args).keys()))[
+ "name"
+ ]
if not role_id:
return {"Error": "Unable to resolve role id"}
@@ -1427,9 +1425,9 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4
"id"
)
else:
- user = next(
- six.iterkeys(user_get(user_id, profile=profile, **connection_args))
- )["name"]
+ user = next(iter(user_get(user_id, profile=profile, **connection_args).keys()))[
+ "name"
+ ]
if not user_id:
return {"Error": "Unable to resolve user id"}
@@ -1439,7 +1437,7 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4
].get("id")
else:
tenant = next(
- six.iterkeys(tenant_get(tenant_id, profile=profile, **connection_args))
+ iter(tenant_get(tenant_id, profile=profile, **connection_args).keys())
)["name"]
if not tenant_id:
return {"Error": "Unable to resolve tenant/project id"}
@@ -1447,7 +1445,7 @@ role_id=ce377245c4ec9b70e1c639c89e8cead4
if role:
role_id = role_get(name=role, profile=profile, **connection_args)[role]["id"]
else:
- role = next(six.iterkeys(role_get(role_id)))["name"]
+ role = next(iter(role_get(role_id).keys()))["name"]
if not role_id:
return {"Error": "Unable to resolve role id"}
@@ -1504,12 +1502,12 @@ tenant_id=7167a092ece84bae8cead4bf9d15bb3b
if _OS_IDENTITY_API_VERSION > 2:
for role in kstone.roles.list(user=user_id, project=tenant_id):
- ret[role.name] = dict(
- (value, getattr(role, value))
+ ret[role.name] = {
+ value: getattr(role, value)
for value in dir(role)
if not value.startswith("_")
- and isinstance(getattr(role, value), (six.string_types, dict, bool))
- )
+ and isinstance(getattr(role, value), (str, dict, bool))
+ }
else:
for role in kstone.roles.roles_for_user(user=user_id, tenant=tenant_id):
ret[role.name] = {
diff --git a/salt/modules/restartcheck.py b/salt/modules/restartcheck.py
index 4d541da357..c996e39dc7 100644
--- a/salt/modules/restartcheck.py
+++ b/salt/modules/restartcheck.py
@@ -11,6 +11,7 @@ https://packages.debian.org/debian-goodies) and psdel by Sam Morris.
"""
import os
import re
+import shlex
import subprocess
import sys
import time
@@ -612,7 +613,8 @@ def restartcheck(ignorelist=None, blacklist=None, excludepid=None, **kwargs):
for package in packages:
_check_timeout(start_time, timeout)
cmd = cmd_pkg_query + package
- paths = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
+ cmd = shlex.split(cmd)
+ paths = subprocess.Popen(cmd, stdout=subprocess.PIPE)
while True:
_check_timeout(start_time, timeout)
diff --git a/salt/modules/vsphere.py b/salt/modules/vsphere.py
index b3de8afb64..8fc2c410f2 100644
--- a/salt/modules/vsphere.py
+++ b/salt/modules/vsphere.py
@@ -336,7 +336,7 @@ def _get_proxy_connection_details():
details = __salt__["esxvm.get_details"]()
else:
raise CommandExecutionError("'{}' proxy is not supported" "".format(proxytype))
- return (
+ proxy_details = [
details.get("vcenter") if "vcenter" in details else details.get("host"),
details.get("username"),
details.get("password"),
@@ -345,7 +345,10 @@ def _get_proxy_connection_details():
details.get("mechanism"),
details.get("principal"),
details.get("domain"),
- )
+ ]
+ if "verify_ssl" in details:
+ proxy_details.append(details.get("verify_ssl"))
+ return tuple(proxy_details)
def supports_proxies(*proxy_types):
@@ -429,7 +432,7 @@ def gets_service_instance_via_proxy(fn):
# case 1: The call was made with enough positional
# parameters to include 'service_instance'
if not args[idx]:
- local_service_instance = salt.utils.vmware.get_service_instance(
+ local_service_instance = salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter
*connection_details
)
# Tuples are immutable, so if we want to change what
@@ -440,7 +443,7 @@ def gets_service_instance_via_proxy(fn):
# case 2: Not enough positional parameters so
# 'service_instance' must be a named parameter
if not kwargs.get("service_instance"):
- local_service_instance = salt.utils.vmware.get_service_instance(
+ local_service_instance = salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter
*connection_details
)
kwargs["service_instance"] = local_service_instance
@@ -448,7 +451,7 @@ def gets_service_instance_via_proxy(fn):
# 'service_instance' is not a paremter in the function definition
# but it will be caught by the **kwargs parameter
if not kwargs.get("service_instance"):
- local_service_instance = salt.utils.vmware.get_service_instance(
+ local_service_instance = salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter
*connection_details
)
kwargs["service_instance"] = local_service_instance
@@ -485,7 +488,9 @@ def get_service_instance_via_proxy(service_instance=None):
See note above
"""
connection_details = _get_proxy_connection_details()
- return salt.utils.vmware.get_service_instance(*connection_details)
+ return salt.utils.vmware.get_service_instance( # pylint: disable=no-value-for-parameter
+ *connection_details
+ )
@depends(HAS_PYVMOMI)
@@ -1587,7 +1592,7 @@ def upload_ssh_key(
ssh_key_file=None,
protocol=None,
port=None,
- certificate_verify=False,
+ certificate_verify=None,
):
"""
Upload an ssh key for root to an ESXi host via http PUT.
@@ -1604,7 +1609,7 @@ def upload_ssh_key(
:param protocol: defaults to https, can be http if ssl is disabled on ESXi
:param port: defaults to 443 for https
:param certificate_verify: If true require that the SSL connection present
- a valid certificate
+ a valid certificate. Default: True
:return: Dictionary with a 'status' key, True if upload is successful.
If upload is unsuccessful, 'status' key will be False and
an 'Error' key will have an informative message.
@@ -1620,6 +1625,8 @@ def upload_ssh_key(
protocol = "https"
if port is None:
port = 443
+ if certificate_verify is None:
+ certificate_verify = True
url = "{}://{}:{}/host/ssh_root_authorized_keys".format(protocol, host, port)
ret = {}
@@ -1662,7 +1669,7 @@ def upload_ssh_key(
@ignores_kwargs("credstore")
def get_ssh_key(
- host, username, password, protocol=None, port=None, certificate_verify=False
+ host, username, password, protocol=None, port=None, certificate_verify=None
):
"""
Retrieve the authorized_keys entry for root.
@@ -1674,7 +1681,7 @@ def get_ssh_key(
:param protocol: defaults to https, can be http if ssl is disabled on ESXi
:param port: defaults to 443 for https
:param certificate_verify: If true require that the SSL connection present
- a valid certificate
+ a valid certificate. Default: True
:return: True if upload is successful
CLI Example:
@@ -1688,6 +1695,8 @@ def get_ssh_key(
protocol = "https"
if port is None:
port = 443
+ if certificate_verify is None:
+ certificate_verify = True
url = "{}://{}:{}/host/ssh_root_authorized_keys".format(protocol, host, port)
ret = {}
@@ -1717,7 +1726,7 @@ def get_ssh_key(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def get_host_datetime(
- host, username, password, protocol=None, port=None, host_names=None
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
):
"""
Get the date/time information for a given host or list of host_names.
@@ -1748,6 +1757,9 @@ def get_host_datetime(
``host`` location instead. This is useful for when service instance connection
information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -1760,7 +1772,12 @@ def get_host_datetime(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -1775,7 +1792,9 @@ def get_host_datetime(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def get_ntp_config(host, username, password, protocol=None, port=None, host_names=None):
+def get_ntp_config(
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
+):
"""
Get the NTP configuration information for a given host or list of host_names.
@@ -1805,6 +1824,9 @@ def get_ntp_config(host, username, password, protocol=None, port=None, host_name
``host`` location instead. This is useful for when service instance connection
information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -1817,7 +1839,12 @@ def get_ntp_config(host, username, password, protocol=None, port=None, host_name
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -1832,7 +1859,14 @@ def get_ntp_config(host, username, password, protocol=None, port=None, host_name
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def get_service_policy(
- host, username, password, service_name, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ service_name,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Get the service name's policy for a given host or list of hosts.
@@ -1879,6 +1913,9 @@ def get_service_policy(
for the ``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -1891,7 +1928,12 @@ def get_service_policy(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
valid_services = [
"DCUI",
@@ -1959,7 +2001,14 @@ def get_service_policy(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def get_service_running(
- host, username, password, service_name, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ service_name,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Get the service name's running state for a given host or list of hosts.
@@ -2006,6 +2055,9 @@ def get_service_running(
for the ``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2018,7 +2070,12 @@ def get_service_running(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
valid_services = [
"DCUI",
@@ -2086,7 +2143,13 @@ def get_service_running(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def get_vmotion_enabled(
- host, username, password, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Get the VMotion enabled status for a given host or a list of host_names. Returns ``True``
@@ -2118,6 +2181,9 @@ def get_vmotion_enabled(
``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2130,7 +2196,12 @@ def get_vmotion_enabled(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -2148,7 +2219,13 @@ def get_vmotion_enabled(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def get_vsan_enabled(
- host, username, password, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Get the VSAN enabled status for a given host or a list of host_names. Returns ``True``
@@ -2181,6 +2258,9 @@ def get_vsan_enabled(
``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2193,7 +2273,12 @@ def get_vsan_enabled(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -2215,7 +2300,13 @@ def get_vsan_enabled(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def get_vsan_eligible_disks(
- host, username, password, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Returns a list of VSAN-eligible disks for a given host or list of host_names.
@@ -2246,6 +2337,9 @@ def get_vsan_eligible_disks(
for the ``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2258,7 +2352,12 @@ def get_vsan_eligible_disks(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
response = _get_vsan_eligible_disks(service_instance, host, host_names)
@@ -2310,7 +2409,9 @@ def test_vcenter_connection(service_instance=None):
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def system_info(host, username, password, protocol=None, port=None):
+def system_info(
+ host, username, password, protocol=None, port=None, verify_ssl=True,
+):
"""
Return system information about a VMware environment.
@@ -2331,6 +2432,9 @@ def system_info(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2338,7 +2442,12 @@ def system_info(host, username, password, protocol=None, port=None):
salt '*' vsphere.system_info 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
ret = salt.utils.vmware.get_inventory(service_instance).about.__dict__
if "apiType" in ret:
@@ -2351,7 +2460,9 @@ def system_info(host, username, password, protocol=None, port=None):
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_datacenters(host, username, password, protocol=None, port=None):
+def list_datacenters(
+ host, username, password, protocol=None, port=None, verify_ssl=True
+):
"""
Returns a list of datacenters for the specified host.
@@ -2372,6 +2483,9 @@ def list_datacenters(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2380,14 +2494,19 @@ def list_datacenters(host, username, password, protocol=None, port=None):
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_datacenters(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_clusters(host, username, password, protocol=None, port=None):
+def list_clusters(host, username, password, protocol=None, port=None, verify_ssl=True):
"""
Returns a list of clusters for the specified host.
@@ -2408,6 +2527,9 @@ def list_clusters(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2416,14 +2538,21 @@ def list_clusters(host, username, password, protocol=None, port=None):
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_clusters(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_datastore_clusters(host, username, password, protocol=None, port=None):
+def list_datastore_clusters(
+ host, username, password, protocol=None, port=None, verify_ssl=True
+):
"""
Returns a list of datastore clusters for the specified host.
@@ -2444,6 +2573,9 @@ def list_datastore_clusters(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2451,14 +2583,21 @@ def list_datastore_clusters(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_datastore_clusters 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_datastore_clusters(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_datastores(host, username, password, protocol=None, port=None):
+def list_datastores(
+ host, username, password, protocol=None, port=None, verify_ssl=True
+):
"""
Returns a list of datastores for the specified host.
@@ -2479,6 +2618,9 @@ def list_datastores(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2486,14 +2628,19 @@ def list_datastores(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_datastores 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_datastores(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_hosts(host, username, password, protocol=None, port=None):
+def list_hosts(host, username, password, protocol=None, port=None, verify_ssl=True):
"""
Returns a list of hosts for the specified VMware environment.
@@ -2514,6 +2661,9 @@ def list_hosts(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2521,14 +2671,21 @@ def list_hosts(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_hosts 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_hosts(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_resourcepools(host, username, password, protocol=None, port=None):
+def list_resourcepools(
+ host, username, password, protocol=None, port=None, verify_ssl=True
+):
"""
Returns a list of resource pools for the specified host.
@@ -2549,6 +2706,9 @@ def list_resourcepools(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2556,14 +2716,19 @@ def list_resourcepools(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_resourcepools 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_resourcepools(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_networks(host, username, password, protocol=None, port=None):
+def list_networks(host, username, password, protocol=None, port=None, verify_ssl=True):
"""
Returns a list of networks for the specified host.
@@ -2584,6 +2749,9 @@ def list_networks(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2591,14 +2759,19 @@ def list_networks(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_networks 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_networks(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_vms(host, username, password, protocol=None, port=None):
+def list_vms(host, username, password, protocol=None, port=None, verify_ssl=True):
"""
Returns a list of VMs for the specified host.
@@ -2619,6 +2792,9 @@ def list_vms(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2626,14 +2802,19 @@ def list_vms(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_vms 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_vms(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_folders(host, username, password, protocol=None, port=None):
+def list_folders(host, username, password, protocol=None, port=None, verify_ssl=True):
"""
Returns a list of folders for the specified host.
@@ -2654,6 +2835,9 @@ def list_folders(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2661,14 +2845,19 @@ def list_folders(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_folders 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_folders(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_dvs(host, username, password, protocol=None, port=None):
+def list_dvs(host, username, password, protocol=None, port=None, verify_ssl=True):
"""
Returns a list of distributed virtual switches for the specified host.
@@ -2689,6 +2878,9 @@ def list_dvs(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2696,14 +2888,19 @@ def list_dvs(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_dvs 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_dvs(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_vapps(host, username, password, protocol=None, port=None):
+def list_vapps(host, username, password, protocol=None, port=None, verify_ssl=True):
"""
Returns a list of vApps for the specified host.
@@ -2724,6 +2921,9 @@ def list_vapps(host, username, password, protocol=None, port=None):
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2732,14 +2932,21 @@ def list_vapps(host, username, password, protocol=None, port=None):
salt '*' vsphere.list_vapps 1.2.3.4 root bad-password
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
return salt.utils.vmware.list_vapps(service_instance)
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_ssds(host, username, password, protocol=None, port=None, host_names=None):
+def list_ssds(
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
+):
"""
Returns a list of SSDs for the given host or list of host_names.
@@ -2769,6 +2976,9 @@ def list_ssds(host, username, password, protocol=None, port=None, host_names=Non
``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2781,7 +2991,12 @@ def list_ssds(host, username, password, protocol=None, port=None, host_names=Non
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -2798,7 +3013,9 @@ def list_ssds(host, username, password, protocol=None, port=None, host_names=Non
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def list_non_ssds(host, username, password, protocol=None, port=None, host_names=None):
+def list_non_ssds(
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
+):
"""
Returns a list of Non-SSD disks for the given host or list of host_names.
@@ -2835,6 +3052,9 @@ def list_non_ssds(host, username, password, protocol=None, port=None, host_names
``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2847,7 +3067,12 @@ def list_non_ssds(host, username, password, protocol=None, port=None, host_names
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -2865,7 +3090,14 @@ def list_non_ssds(host, username, password, protocol=None, port=None, host_names
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def set_ntp_config(
- host, username, password, ntp_servers, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ ntp_servers,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Set NTP configuration for a given host of list of host_names.
@@ -2900,6 +3132,9 @@ def set_ntp_config(
``host`` location instead. This is useful for when service instance connection
information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -2912,7 +3147,12 @@ def set_ntp_config(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
if not isinstance(ntp_servers, list):
raise CommandExecutionError("'ntp_servers' must be a list.")
@@ -2947,7 +3187,14 @@ def set_ntp_config(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def service_start(
- host, username, password, service_name, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ service_name,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Start the named service for the given host or list of hosts.
@@ -2994,6 +3241,9 @@ def service_start(
location instead. This is useful for when service instance connection information
is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3006,7 +3256,12 @@ def service_start(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
valid_services = [
@@ -3074,7 +3329,14 @@ def service_start(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def service_stop(
- host, username, password, service_name, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ service_name,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Stop the named service for the given host or list of hosts.
@@ -3121,6 +3383,9 @@ def service_stop(
location instead. This is useful for when service instance connection information
is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3133,7 +3398,12 @@ def service_stop(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
valid_services = [
@@ -3199,7 +3469,14 @@ def service_stop(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def service_restart(
- host, username, password, service_name, protocol=None, port=None, host_names=None
+ host,
+ username,
+ password,
+ service_name,
+ protocol=None,
+ port=None,
+ host_names=None,
+ verify_ssl=True,
):
"""
Restart the named service for the given host or list of hosts.
@@ -3246,6 +3523,9 @@ def service_restart(
location instead. This is useful for when service instance connection information
is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3258,7 +3538,12 @@ def service_restart(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
valid_services = [
@@ -3334,6 +3619,7 @@ def set_service_policy(
protocol=None,
port=None,
host_names=None,
+ verify_ssl=True,
):
"""
Set the service name's policy for a given host or list of hosts.
@@ -3383,6 +3669,9 @@ def set_service_policy(
for the ``host`` location instead. This is useful for when service instance
connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3395,7 +3684,12 @@ def set_service_policy(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
valid_services = [
@@ -3481,7 +3775,7 @@ def set_service_policy(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def update_host_datetime(
- host, username, password, protocol=None, port=None, host_names=None
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
):
"""
Update the date/time on the given host or list of host_names. This function should be
@@ -3513,6 +3807,9 @@ def update_host_datetime(
location instead. This is useful for when service instance connection
information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3525,7 +3822,12 @@ def update_host_datetime(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -3550,7 +3852,7 @@ def update_host_datetime(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def update_host_password(
- host, username, password, new_password, protocol=None, port=None
+ host, username, password, new_password, protocol=None, port=None, verify_ssl=True
):
"""
Update the password for a given host.
@@ -3577,6 +3879,9 @@ def update_host_password(
Optionally set to alternate port if the host is not using the default
port. Default port is ``443``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3585,7 +3890,12 @@ def update_host_password(
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
# Get LocalAccountManager object
account_manager = salt.utils.vmware.get_inventory(service_instance).accountManager
@@ -3615,7 +3925,7 @@ def update_host_password(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def vmotion_disable(
- host, username, password, protocol=None, port=None, host_names=None
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
):
"""
Disable vMotion for a given host or list of host_names.
@@ -3646,6 +3956,9 @@ def vmotion_disable(
location instead. This is useful for when service instance connection
information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3658,7 +3971,12 @@ def vmotion_disable(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -3683,7 +4001,14 @@ def vmotion_disable(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
def vmotion_enable(
- host, username, password, protocol=None, port=None, host_names=None, device="vmk0"
+ host,
+ username,
+ password,
+ protocol=None,
+ port=None,
+ host_names=None,
+ device="vmk0",
+ verify_ssl=True,
):
"""
Enable vMotion for a given host or list of host_names.
@@ -3718,6 +4043,9 @@ def vmotion_enable(
The device that uniquely identifies the VirtualNic that will be used for
VMotion for each host. Defaults to ``vmk0``.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3730,7 +4058,12 @@ def vmotion_enable(
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
ret = {}
@@ -3754,7 +4087,9 @@ def vmotion_enable(
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def vsan_add_disks(host, username, password, protocol=None, port=None, host_names=None):
+def vsan_add_disks(
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
+):
"""
Add any VSAN-eligible disks to the VSAN System for the given host or list of host_names.
@@ -3785,6 +4120,9 @@ def vsan_add_disks(host, username, password, protocol=None, port=None, host_name
VSAN system for the ``host`` location instead. This is useful for when service
instance connection information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3797,7 +4135,12 @@ def vsan_add_disks(host, username, password, protocol=None, port=None, host_name
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
host_names = _check_hosts(service_instance, host, host_names)
response = _get_vsan_eligible_disks(service_instance, host, host_names)
@@ -3872,7 +4215,9 @@ def vsan_add_disks(host, username, password, protocol=None, port=None, host_name
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def vsan_disable(host, username, password, protocol=None, port=None, host_names=None):
+def vsan_disable(
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
+):
"""
Disable VSAN for a given host or list of host_names.
@@ -3902,6 +4247,9 @@ def vsan_disable(host, username, password, protocol=None, port=None, host_names=
location instead. This is useful for when service instance connection
information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -3914,7 +4262,12 @@ def vsan_disable(host, username, password, protocol=None, port=None, host_names=
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
# Create a VSAN Configuration Object and set the enabled attribute to True
vsan_config = vim.vsan.host.ConfigInfo()
@@ -3961,7 +4314,9 @@ def vsan_disable(host, username, password, protocol=None, port=None, host_names=
@depends(HAS_PYVMOMI)
@ignores_kwargs("credstore")
-def vsan_enable(host, username, password, protocol=None, port=None, host_names=None):
+def vsan_enable(
+ host, username, password, protocol=None, port=None, host_names=None, verify_ssl=True
+):
"""
Enable VSAN for a given host or list of host_names.
@@ -3991,6 +4346,9 @@ def vsan_enable(host, username, password, protocol=None, port=None, host_names=N
location instead. This is useful for when service instance connection
information is used for a single ESXi host.
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -4003,7 +4361,12 @@ def vsan_enable(host, username, password, protocol=None, port=None, host_names=N
host_names='[esxi-1.host.com, esxi-2.host.com]'
"""
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
# Create a VSAN Configuration Object and set the enabled attribute to True
vsan_config = vim.vsan.host.ConfigInfo()
@@ -7489,6 +7852,7 @@ def add_host_to_dvs(
protocol=None,
port=None,
host_names=None,
+ verify_ssl=True,
):
"""
Adds an ESXi host to a vSphere Distributed Virtual Switch and migrates
@@ -7531,6 +7895,9 @@ def add_host_to_dvs(
host_names:
An array of VMware host names to migrate
+ verify_ssl
+ Verify the SSL certificate. Default: True
+
CLI Example:
.. code-block:: bash
@@ -7658,7 +8025,12 @@ def add_host_to_dvs(
ret["success"] = True
ret["message"] = []
service_instance = salt.utils.vmware.get_service_instance(
- host=host, username=username, password=password, protocol=protocol, port=port
+ host=host,
+ username=username,
+ password=password,
+ protocol=protocol,
+ port=port,
+ verify_ssl=verify_ssl,
)
dvs = salt.utils.vmware._get_dvs(service_instance, dvs_name)
if not dvs:
@@ -9926,7 +10298,7 @@ def _delete_device(device):
return device_spec
-def _get_client(server, username, password):
+def _get_client(server, username, password, verify_ssl=None, ca_bundle=None):
"""
Establish client through proxy or with user provided credentials.
@@ -9936,12 +10308,17 @@ def _get_client(server, username, password):
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:returns:
vSphere Client instance.
:rtype:
vSphere.Client
"""
# Get salted vSphere Client
+ details = None
if not (server and username and password):
# User didn't provide CLI args so use proxy information
details = __salt__["vcenter.get_details"]()
@@ -9949,9 +10326,32 @@ def _get_client(server, username, password):
username = details["username"]
password = details["password"]
+ if verify_ssl is None:
+ if details is None:
+ details = __salt__["vcenter.get_details"]()
+ verify_ssl = details.get("verify_ssl", True)
+ if verify_ssl is None:
+ verify_ssl = True
+
+ if ca_bundle is None:
+ if details is None:
+ details = __salt__["vcenter.get_details"]()
+ ca_bundle = details.get("ca_bundle", None)
+
+ if verify_ssl is False and ca_bundle is not None:
+ log.error("Cannot set verify_ssl to False and ca_bundle together")
+ return False
+
+ if ca_bundle:
+ ca_bundle = salt.utils.http.get_ca_bundle({"ca_bundle": ca_bundle})
+
# Establish connection with client
client = salt.utils.vmware.get_vsphere_client(
- server=server, username=username, password=password
+ server=server,
+ username=username,
+ password=password,
+ verify_ssl=verify_ssl,
+ ca_bundle=ca_bundle,
)
# Will return None if utility function causes Unauthenticated error
return client
@@ -9961,7 +10361,12 @@ def _get_client(server, username, password):
@supports_proxies("vcenter")
@gets_service_instance_via_proxy
def list_tag_categories(
- server=None, username=None, password=None, service_instance=None
+ server=None,
+ username=None,
+ password=None,
+ service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
):
"""
List existing categories a user has access to.
@@ -9978,13 +10383,19 @@ def list_tag_categories(
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:returns:
Value(s) of category_id.
:rtype:
list of str
"""
categories = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
categories = client.tagging.Category.list()
@@ -9994,7 +10405,14 @@ def list_tag_categories(
@depends(HAS_PYVMOMI, HAS_VSPHERE_SDK)
@supports_proxies("vcenter")
@gets_service_instance_via_proxy
-def list_tags(server=None, username=None, password=None, service_instance=None):
+def list_tags(
+ server=None,
+ username=None,
+ password=None,
+ service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
+):
"""
List existing tags a user has access to.
@@ -10010,13 +10428,19 @@ def list_tags(server=None, username=None, password=None, service_instance=None):
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:return:
Value(s) of tag_id.
:rtype:
list of str
"""
tags = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
tags = client.tagging.Tag.list()
@@ -10034,6 +10458,8 @@ def attach_tag(
username=None,
password=None,
service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
):
"""
Attach an existing tag to an input object.
@@ -10066,6 +10492,10 @@ def attach_tag(
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:return:
The list of all tag identifiers that correspond to the
tags attached to the given object.
@@ -10077,7 +10507,9 @@ def attach_tag(
if the user can not be authenticated.
"""
tag_attached = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
# Create dynamic id object associated with a type and an id.
@@ -10110,6 +10542,8 @@ def list_attached_tags(
username=None,
password=None,
service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
):
"""
List existing tags a user has access to.
@@ -10132,6 +10566,10 @@ def list_attached_tags(
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:return:
The list of all tag identifiers that correspond to the
tags attached to the given object.
@@ -10143,7 +10581,9 @@ def list_attached_tags(
if the user can not be authenticated.
"""
attached_tags = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
# Create dynamic id object associated with a type and an id.
@@ -10175,6 +10615,8 @@ def create_tag_category(
username=None,
password=None,
service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
):
"""
Create a category with given cardinality.
@@ -10197,6 +10639,10 @@ def create_tag_category(
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:return:
Identifier of the created category.
:rtype:
@@ -10210,7 +10656,9 @@ def create_tag_category(
if you do not have the privilege to create a category.
"""
category_created = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
if cardinality == "SINGLE":
@@ -10241,7 +10689,13 @@ def create_tag_category(
@supports_proxies("vcenter")
@gets_service_instance_via_proxy
def delete_tag_category(
- category_id, server=None, username=None, password=None, service_instance=None
+ category_id,
+ server=None,
+ username=None,
+ password=None,
+ service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
):
"""
Delete a category.
@@ -10262,6 +10716,10 @@ def delete_tag_category(
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:raise: NotFound
if the tag for the given tag_id does not exist in the system.
:raise: Unauthorized
@@ -10270,7 +10728,9 @@ def delete_tag_category(
if the user can not be authenticated.
"""
category_deleted = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
try:
@@ -10294,6 +10754,8 @@ def create_tag(
username=None,
password=None,
service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
):
"""
Create a tag under a category with given description.
@@ -10316,6 +10778,10 @@ def create_tag(
Given description of tag category.
:param str category_id:
Value of category_id representative of the category created previously.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:return:
The identifier of the created tag.
:rtype:
@@ -10332,7 +10798,9 @@ def create_tag(
if you do not have the privilege to create tag.
"""
tag_created = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
create_spec = client.tagging.Tag.CreateSpec()
@@ -10353,7 +10821,13 @@ def create_tag(
@supports_proxies("vcenter")
@gets_service_instance_via_proxy
def delete_tag(
- tag_id, server=None, username=None, password=None, service_instance=None
+ tag_id,
+ server=None,
+ username=None,
+ password=None,
+ service_instance=None,
+ verify_ssl=None,
+ ca_bundle=None,
):
"""
Delete a tag.
@@ -10374,6 +10848,10 @@ def delete_tag(
Username associated with the vCenter center.
:param basestring password:
Password associated with the vCenter center.
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:raise: AlreadyExists
if the name provided in the create_spec is the name of an already
existing category.
@@ -10383,7 +10861,9 @@ def delete_tag(
if you do not have the privilege to create a category.
"""
tag_deleted = None
- client = _get_client(server, username, password)
+ client = _get_client(
+ server, username, password, verify_ssl=verify_ssl, ca_bundle=ca_bundle
+ )
if client:
try:
diff --git a/salt/modules/zenoss.py b/salt/modules/zenoss.py
index 9c6b7de7b5..5cb64bed18 100644
--- a/salt/modules/zenoss.py
+++ b/salt/modules/zenoss.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Module for working with the Zenoss API
@@ -16,18 +15,19 @@ Module for working with the Zenoss API
hostname: https://zenoss.example.com
username: admin
password: admin123
+ verify_ssl: True
+ ca_bundle: /etc/ssl/certs/ca-certificates.crt
"""
-from __future__ import absolute_import, print_function, unicode_literals
-
import logging
import re
+import salt.utils.http
import salt.utils.json
try:
- import requests
+ import requests # pylint: disable=unused-import
HAS_LIBS = True
except ImportError:
@@ -53,7 +53,7 @@ def __virtual__():
else:
return (
False,
- "The '{0}' module could not be loaded: "
+ "The '{}' module could not be loaded: "
"'requests' is not installed.".format(__virtualname__),
)
@@ -79,11 +79,13 @@ def _session():
"""
config = __salt__["config.option"]("zenoss")
- session = requests.session()
- session.auth = (config.get("username"), config.get("password"))
- session.verify = False
- session.headers.update({"Content-type": "application/json; charset=utf-8"})
- return session
+ return salt.utils.http.session(
+ user=config.get("username"),
+ password=config.get("password"),
+ verify_ssl=config.get("verify_ssl", True),
+ ca_bundle=config.get("ca_bundle"),
+ headers={"Content-type": "application/json; charset=utf-8"},
+ )
def _router_request(router, method, data=None):
@@ -99,7 +101,7 @@ def _router_request(router, method, data=None):
config = __salt__["config.option"]("zenoss")
log.debug("Making request to router %s with method %s", router, method)
- url = "{0}/zport/dmd/{1}_router".format(config.get("hostname"), ROUTERS[router])
+ url = "{}/zport/dmd/{}_router".format(config.get("hostname"), ROUTERS[router])
response = _session().post(url, data=req_data)
# The API returns a 200 response code even whe auth is bad.
@@ -212,7 +214,7 @@ def set_prod_state(prod_state, device=None):
device_object = find_device(device)
if not device_object:
- return "Unable to find a device in Zenoss for {0}".format(device)
+ return "Unable to find a device in Zenoss for {}".format(device)
log.info("Setting prodState to %d on %s device", prod_state, device)
data = dict(
diff --git a/salt/pillar/vmware_pillar.py b/salt/pillar/vmware_pillar.py
index a33b394500..08bdb18e56 100644
--- a/salt/pillar/vmware_pillar.py
+++ b/salt/pillar/vmware_pillar.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Pillar data from vCenter or an ESXi host
@@ -142,18 +141,12 @@ Optionally, the following keyword arguments can be passed to the ext_pillar for
part of the pillar regardless of this setting.
"""
-from __future__ import absolute_import, print_function, unicode_literals
-# Import python libs
import logging
-# Import salt libs
import salt.utils.dictupdate as dictupdate
import salt.utils.vmware
-# Import 3rd-party libs
-from salt.ext import six
-
try:
# pylint: disable=no-name-in-module
from pyVmomi import vim
@@ -370,7 +363,12 @@ def ext_pillar(minion_id, pillar, **kwargs): # pylint: disable=W0613
vmware_pillar[pillar_key] = {}
try:
_conn = salt.utils.vmware.get_service_instance(
- host, username, password, protocol, port
+ host,
+ username,
+ password,
+ protocol,
+ port,
+ verify_ssl=kwargs.get("verify_ssl", True),
)
if _conn:
data = None
@@ -410,12 +408,10 @@ def ext_pillar(minion_id, pillar, **kwargs): # pylint: disable=W0613
)
except RuntimeError:
log.error(
- (
- "A runtime error occurred in the vmware_pillar, "
- "this is likely caused by an infinite recursion in "
- "a requested attribute. Verify your requested attributes "
- "and reconfigure the pillar."
- )
+ "A runtime error occurred in the vmware_pillar, "
+ "this is likely caused by an infinite recursion in "
+ "a requested attribute. Verify your requested attributes "
+ "and reconfigure the pillar."
)
return vmware_pillar
@@ -435,7 +431,7 @@ def _recurse_config_to_dict(t_data):
return t_list
elif isinstance(t_data, dict):
t_dict = {}
- for k, v in six.iteritems(t_data):
+ for k, v in t_data.items():
t_dict[k] = _recurse_config_to_dict(v)
return t_dict
else:
diff --git a/salt/proxy/cimc.py b/salt/proxy/cimc.py
index f302eaa6cc..a6002440ef 100644
--- a/salt/proxy/cimc.py
+++ b/salt/proxy/cimc.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Proxy Minion interface module for managing Cisco Integrated Management Controller devices
=========================================================================================
@@ -40,6 +39,7 @@ the ID.
host: <ip or dns name of cimc host>
username: <cimc username>
password: <cimc password>
+ verify_ssl: True
proxytype
^^^^^^^^^
@@ -66,13 +66,10 @@ password
The password used to login to the cimc host. Required.
"""
-from __future__ import absolute_import, print_function, unicode_literals
-# Import Python Libs
import logging
import re
-# Import Salt Libs
import salt.exceptions
from salt._compat import ElementTree as ET
@@ -102,9 +99,7 @@ def _validate_response_code(response_code_to_check, cookie_to_logout=None):
if formatted_response_code not in ["200", "201", "202", "204"]:
if cookie_to_logout:
logout(cookie_to_logout)
- log.error(
- "Received error HTTP status code: {0}".format(formatted_response_code)
- )
+ log.error("Received error HTTP status code: {}".format(formatted_response_code))
raise salt.exceptions.CommandExecutionError(
"Did not receive a valid response from host."
)
@@ -125,7 +120,7 @@ def init(opts):
log.critical("No 'passwords' key found in pillar for this proxy.")
return False
- DETAILS["url"] = "https://{0}/nuova".format(opts["proxy"]["host"])
+ DETAILS["url"] = "https://{}/nuova".format(opts["proxy"]["host"])
DETAILS["headers"] = {
"Content-Type": "application/x-www-form-urlencoded",
"Content-Length": 62,
@@ -136,6 +131,10 @@ def init(opts):
DETAILS["host"] = opts["proxy"]["host"]
DETAILS["username"] = opts["proxy"].get("username")
DETAILS["password"] = opts["proxy"].get("password")
+ verify_ssl = opts["proxy"].get("verify_ssl")
+ if verify_ssl is None:
+ verify_ssl = True
+ DETAILS["verify_ssl"] = verify_ssl
# Ensure connectivity to the device
log.debug("Attempting to connect to cimc proxy host.")
@@ -158,8 +157,8 @@ def set_config_modify(dn=None, inconfig=None, hierarchical=False):
h = "true"
payload = (
- '<configConfMo cookie="{0}" inHierarchical="{1}" dn="{2}">'
- "<inConfig>{3}</inConfig></configConfMo>".format(cookie, h, dn, inconfig)
+ '<configConfMo cookie="{}" inHierarchical="{}" dn="{}">'
+ "<inConfig>{}</inConfig></configConfMo>".format(cookie, h, dn, inconfig)
)
r = __utils__["http.query"](
DETAILS["url"],
@@ -167,7 +166,7 @@ def set_config_modify(dn=None, inconfig=None, hierarchical=False):
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
raise_error=True,
status=True,
headers=DETAILS["headers"],
@@ -195,7 +194,7 @@ def get_config_resolver_class(cid=None, hierarchical=False):
if hierarchical is True:
h = "true"
- payload = '<configResolveClass cookie="{0}" inHierarchical="{1}" classId="{2}"/>'.format(
+ payload = '<configResolveClass cookie="{}" inHierarchical="{}" classId="{}"/>'.format(
cookie, h, cid
)
r = __utils__["http.query"](
@@ -204,7 +203,7 @@ def get_config_resolver_class(cid=None, hierarchical=False):
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
raise_error=True,
status=True,
headers=DETAILS["headers"],
@@ -226,7 +225,7 @@ def logon():
Logs into the cimc device and returns the session cookie.
"""
content = {}
- payload = "<aaaLogin inName='{0}' inPassword='{1}'></aaaLogin>".format(
+ payload = "<aaaLogin inName='{}' inPassword='{}'></aaaLogin>".format(
DETAILS["username"], DETAILS["password"]
)
r = __utils__["http.query"](
@@ -235,7 +234,7 @@ def logon():
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
raise_error=False,
status=True,
headers=DETAILS["headers"],
@@ -265,7 +264,7 @@ def logout(cookie=None):
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
raise_error=True,
headers=DETAILS["headers"],
)
diff --git a/salt/proxy/panos.py b/salt/proxy/panos.py
index 5c298b4f7d..50a4639911 100644
--- a/salt/proxy/panos.py
+++ b/salt/proxy/panos.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Proxy Minion interface module for managing Palo Alto firewall devices
=====================================================================
@@ -53,6 +52,7 @@ the device with username and password.
host: <ip or dns name of panos host>
username: <panos username>
password: <panos password>
+ verify_ssl: True
proxytype
^^^^^^^^^
@@ -203,17 +203,12 @@ apikey
The generated XML API key for the Panorama server. Required.
"""
-from __future__ import absolute_import, print_function, unicode_literals
-# Import Python Libs
import logging
import salt.exceptions
import salt.utils.xmlutil as xml
-
-# Import Salt Libs
from salt._compat import ElementTree as ET
-from salt.ext import six
# This must be present or the Salt loader won't load this module.
__proxyenabled__ = ["panos"]
@@ -270,10 +265,11 @@ def init(opts):
log.critical("No 'passwords' key found in pillar for this proxy.")
return False
- DETAILS["url"] = "https://{0}/api/".format(opts["proxy"]["host"])
+ DETAILS["url"] = "https://{}/api/".format(opts["proxy"]["host"])
# Set configuration details
DETAILS["host"] = opts["proxy"]["host"]
+ DETAILS["verify_ssl"] = opts["proxy"].get("verify_ssl", True)
if "serial" in opts["proxy"]:
DETAILS["serial"] = opts["proxy"].get("serial")
if "apikey" in opts["proxy"]:
@@ -321,7 +317,7 @@ def call(payload=None):
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
status=True,
raise_error=True,
)
@@ -335,7 +331,7 @@ def call(payload=None):
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
status=True,
raise_error=True,
)
@@ -352,7 +348,7 @@ def call(payload=None):
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
status=True,
raise_error=True,
)
@@ -368,7 +364,7 @@ def call(payload=None):
method="POST",
decode_type="plain",
decode=True,
- verify_ssl=False,
+ verify_ssl=DETAILS["verify_ssl"],
status=True,
raise_error=True,
)
@@ -382,21 +378,21 @@ def call(payload=None):
"Did not receive a valid response from host."
)
- if six.text_type(r["status"]) not in ["200", "201", "204"]:
- if six.text_type(r["status"]) == "400":
+ if str(r["status"]) not in ["200", "201", "204"]:
+ if str(r["status"]) == "400":
raise salt.exceptions.CommandExecutionError(
"The server cannot process the request due to a client error."
)
- elif six.text_type(r["status"]) == "401":
+ elif str(r["status"]) == "401":
raise salt.exceptions.CommandExecutionError(
"The server cannot process the request because it lacks valid authentication "
"credentials for the target resource."
)
- elif six.text_type(r["status"]) == "403":
+ elif str(r["status"]) == "403":
raise salt.exceptions.CommandExecutionError(
"The server refused to authorize the request."
)
- elif six.text_type(r["status"]) == "404":
+ elif str(r["status"]) == "404":
raise salt.exceptions.CommandExecutionError(
"The requested resource could not be found."
)
diff --git a/salt/proxy/vcenter.py b/salt/proxy/vcenter.py
index fa1d090bd2..4bbdb0ee66 100644
--- a/salt/proxy/vcenter.py
+++ b/salt/proxy/vcenter.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Proxy Minion interface module for managing VMWare vCenters.
@@ -182,13 +181,10 @@ and that host would reach out over the network and communicate with the ESXi
host.
"""
-# Import Python Libs
-from __future__ import absolute_import, print_function, unicode_literals
import logging
import os
-# Import Salt Libs
import salt.exceptions
from salt.config.schemas.vcenter import VCenterProxySchema
from salt.utils.dictupdate import merge
@@ -277,6 +273,8 @@ def init(opts):
# Save optional
DETAILS["protocol"] = proxy_conf.get("protocol")
DETAILS["port"] = proxy_conf.get("port")
+ DETAILS["verify_ssl"] = proxy_conf.get("verify_ssl")
+ DETAILS["ca_bundle"] = proxy_conf.get("ca_bundle")
# Test connection
if DETAILS["mechanism"] == "userpass":
diff --git a/salt/returners/splunk.py b/salt/returners/splunk.py
index 509eab3cf7..fe4194485e 100644
--- a/salt/returners/splunk.py
+++ b/salt/returners/splunk.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Send json response data to Splunk via the HTTP Event Collector
@@ -11,29 +10,23 @@ Requires the following config values to be specified in config or pillar:
indexer: <hostname/IP of Splunk indexer>
sourcetype: <Destination sourcetype for data>
index: <Destination index for data>
+ verify_ssl: true
Run a test by using ``salt-call test.ping --return splunk``
Written by Scott Pack (github.com/scottjpack)
"""
-# Import Python libs
-from __future__ import absolute_import, print_function, unicode_literals
import logging
import socket
import time
import requests
-
-# Import salt libs
import salt.utils.json
-
-# Import 3rd-party libs
from salt.ext import six
_max_content_bytes = 100000
-http_event_collector_SSL_verify = False
http_event_collector_debug = False
log = logging.getLogger(__name__)
@@ -62,6 +55,9 @@ def _get_options():
indexer = __salt__["config.get"]("splunk_http_forwarder:indexer")
sourcetype = __salt__["config.get"]("splunk_http_forwarder:sourcetype")
index = __salt__["config.get"]("splunk_http_forwarder:index")
+ verify_ssl = __salt__["config.get"](
+ "splunk_http_forwarder:verify_ssl", default=True
+ )
except Exception: # pylint: disable=broad-except
log.error("Splunk HTTP Forwarder parameters not present in config.")
return None
@@ -70,6 +66,7 @@ def _get_options():
"indexer": indexer,
"sourcetype": sourcetype,
"index": index,
+ "verify_ssl": verify_ssl,
}
return splunk_opts
@@ -84,14 +81,17 @@ def _send_splunk(event, index_override=None, sourcetype_override=None):
# Get Splunk Options
opts = _get_options()
log.info(
- str("Options: %s"), # future lint: disable=blacklisted-function
+ "Options: %s", # future lint: disable=blacklisted-function
salt.utils.json.dumps(opts),
)
http_event_collector_key = opts["token"]
http_event_collector_host = opts["indexer"]
+ http_event_collector_verify_ssl = opts["verify_ssl"]
# Set up the collector
splunk_event = http_event_collector(
- http_event_collector_key, http_event_collector_host
+ http_event_collector_key,
+ http_event_collector_host,
+ verify_ssl=http_event_collector_verify_ssl,
)
# init the payload
payload = {}
@@ -109,7 +109,7 @@ def _send_splunk(event, index_override=None, sourcetype_override=None):
# Add the event
payload.update({"event": event})
log.info(
- str("Payload: %s"), # future lint: disable=blacklisted-function
+ "Payload: %s", # future lint: disable=blacklisted-function
salt.utils.json.dumps(payload),
)
# Fire it off
@@ -120,7 +120,7 @@ def _send_splunk(event, index_override=None, sourcetype_override=None):
# Thanks to George Starcher for the http_event_collector class (https://github.com/georgestarcher/)
-class http_event_collector(object):
+class http_event_collector:
def __init__(
self,
token,
@@ -129,11 +129,13 @@ class http_event_collector(object):
http_event_port="8088",
http_event_server_ssl=True,
max_bytes=_max_content_bytes,
+ verify_ssl=True,
):
self.token = token
self.batchEvents = []
self.maxByteLength = max_bytes
self.currentByteLength = 0
+ self.verify_ssl = verify_ssl
# Set host to specified value or default to localhostname if no value provided
if host:
@@ -164,7 +166,7 @@ class http_event_collector(object):
# If eventtime in epoch not passed as optional argument use current system time in epoch
if not eventtime:
- eventtime = six.text_type(int(time.time()))
+ eventtime = str(int(time.time()))
# Fill in local hostname if not manually populated
if "host" not in payload:
@@ -179,7 +181,7 @@ class http_event_collector(object):
self.server_uri,
data=salt.utils.json.dumps(data),
headers=headers,
- verify=http_event_collector_SSL_verify,
+ verify=self.verify_ssl,
)
# Print debug info if flag set
@@ -207,7 +209,7 @@ class http_event_collector(object):
# If eventtime in epoch not passed as optional argument use current system time in epoch
if not eventtime:
- eventtime = six.text_type(int(time.time()))
+ eventtime = str(int(time.time()))
# Update time value on payload if need to use system time
data = {"time": eventtime}
@@ -224,7 +226,7 @@ class http_event_collector(object):
self.server_uri,
data=" ".join(self.batchEvents),
headers=headers,
- verify=http_event_collector_SSL_verify,
+ verify=self.verify_ssl,
)
self.batchEvents = []
self.currentByteLength = 0
diff --git a/salt/runners/asam.py b/salt/runners/asam.py
index f53dfba69d..4c999d3ba2 100644
--- a/salt/runners/asam.py
+++ b/salt/runners/asam.py
@@ -17,9 +17,11 @@ master configuration at ``/etc/salt/master`` or ``/etc/salt/master.d/asam.conf``
prov1.domain.com
username: "testuser"
password: "verybadpass"
+ verify_ssl: true
prov2.domain.com
username: "testuser"
password: "verybadpass"
+ verify_ssl: true
.. note::
@@ -84,6 +86,10 @@ def _get_asam_configuration(driver_url=""):
password = service_config.get("password", None)
protocol = service_config.get("protocol", "https")
port = service_config.get("port", 3451)
+ verify_ssl = service_config.get("verify_ssl")
+
+ if verify_ssl is None:
+ verify_ssl = True
if not username or not password:
log.error(
@@ -108,6 +114,7 @@ def _get_asam_configuration(driver_url=""):
),
"username": username,
"password": password,
+ "verify_ssl": verify_ssl,
}
if (not driver_url) or (driver_url == asam_server):
@@ -206,7 +213,7 @@ def remove_platform(name, server_url):
auth = (config["username"], config["password"])
try:
- html_content = _make_post_request(url, data, auth, verify=False)
+ html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"])
except Exception as exc: # pylint: disable=broad-except
err_msg = "Failed to look up existing platforms on {}".format(server_url)
log.error("%s:\n%s", err_msg, exc)
@@ -222,7 +229,9 @@ def remove_platform(name, server_url):
data["postType"] = "platformRemove"
data["Submit"] = "Yes"
try:
- html_content = _make_post_request(url, data, auth, verify=False)
+ html_content = _make_post_request(
+ url, data, auth, verify=config["verify_ssl"]
+ )
except Exception as exc: # pylint: disable=broad-except
err_msg = "Failed to delete platform from {}".format(server_url)
log.error("%s:\n%s", err_msg, exc)
@@ -261,7 +270,7 @@ def list_platforms(server_url):
auth = (config["username"], config["password"])
try:
- html_content = _make_post_request(url, data, auth, verify=False)
+ html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"])
except Exception as exc: # pylint: disable=broad-except
err_msg = "Failed to look up existing platforms"
log.error("%s:\n%s", err_msg, exc)
@@ -299,7 +308,7 @@ def list_platform_sets(server_url):
auth = (config["username"], config["password"])
try:
- html_content = _make_post_request(url, data, auth, verify=False)
+ html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"])
except Exception as exc: # pylint: disable=broad-except
err_msg = "Failed to look up existing platform sets"
log.error("%s:\n%s", err_msg, exc)
@@ -351,7 +360,7 @@ def add_platform(name, platform_set, server_url):
auth = (config["username"], config["password"])
try:
- html_content = _make_post_request(url, data, auth, verify=False)
+ html_content = _make_post_request(url, data, auth, verify=config["verify_ssl"])
except Exception as exc: # pylint: disable=broad-except
err_msg = "Failed to add platform on {}".format(server_url)
log.error("%s:\n%s", err_msg, exc)
diff --git a/salt/states/esxi.py b/salt/states/esxi.py
index 6f4d44306b..12a592dc29 100644
--- a/salt/states/esxi.py
+++ b/salt/states/esxi.py
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
"""
Manage VMware ESXi Hosts.
@@ -91,8 +90,6 @@ configuration examples, dependency installation instructions, how to run remote
execution functions against ESXi hosts via a Salt Proxy Minion, and a larger state
example.
"""
-# Import Python Libs
-from __future__ import absolute_import, print_function, unicode_literals
import logging
import re
@@ -108,8 +105,6 @@ from salt.exceptions import (
VMwareObjectRetrievalError,
VMwareSaltError,
)
-
-# Import Salt Libs
from salt.ext import six
from salt.utils.decorators import depends
@@ -201,7 +196,7 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500
current_config = __salt__[esxi_cmd]("get_coredump_network_config").get(host)
error = current_config.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
current_config = current_config.get("Coredump Config")
@@ -217,7 +212,7 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500
).get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
# Allow users to disable core dump, but then return since
@@ -252,9 +247,9 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500
changes = True
current_port = current_config.get("port")
- if current_port != six.text_type(dump_port):
+ if current_port != str(dump_port):
ret["changes"].update(
- {"dump_port": {"old": current_port, "new": six.text_type(dump_port)}}
+ {"dump_port": {"old": current_port, "new": str(dump_port)}}
)
changes = True
@@ -270,7 +265,7 @@ def coredump_configured(name, enabled, dump_ip, host_vnic="vmk0", dump_port=6500
msg = response.get("stderr")
if not msg:
msg = response.get("stdout")
- ret["comment"] = "Error: {0}".format(msg)
+ ret["comment"] = "Error: {}".format(msg)
return ret
ret["result"] = True
@@ -328,7 +323,7 @@ def password_present(name, password):
__salt__[esxi_cmd]("update_host_password", new_password=password)
except CommandExecutionError as err:
ret["result"] = False
- ret["comment"] = "Error: {0}".format(err)
+ ret["comment"] = "Error: {}".format(err)
return ret
return ret
@@ -400,7 +395,7 @@ def ntp_configured(
ntp_running = __salt__[esxi_cmd]("get_service_running", service_name=ntpd).get(host)
error = ntp_running.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ntp_running = ntp_running.get(ntpd)
@@ -413,7 +408,7 @@ def ntp_configured(
).get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
# Set changes dictionary for ntp_servers
ret["changes"].update({"ntp_servers": {"old": ntp_config, "new": ntp_servers}})
@@ -429,7 +424,7 @@ def ntp_configured(
)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
# Stop ntpd if service_running=False
else:
@@ -438,7 +433,7 @@ def ntp_configured(
)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{"service_running": {"old": ntp_running, "new": service_running}}
@@ -451,7 +446,7 @@ def ntp_configured(
).get(host)
error = current_service_policy.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
current_service_policy = current_service_policy.get(ntpd)
@@ -465,7 +460,7 @@ def ntp_configured(
).get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{
@@ -483,7 +478,7 @@ def ntp_configured(
response = __salt__[esxi_cmd]("update_host_datetime").get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{"update_datetime": {"old": "", "new": "Host datetime was updated."}}
@@ -498,7 +493,7 @@ def ntp_configured(
)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{"service_restart": {"old": "", "new": "NTP Daemon Restarted."}}
@@ -559,14 +554,14 @@ def vmotion_configured(name, enabled, device="vmk0"):
response = __salt__[esxi_cmd]("vmotion_enable", device=device).get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
# Disable VMotion if enabled=False
else:
response = __salt__[esxi_cmd]("vmotion_disable").get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{"enabled": {"old": current_vmotion_enabled, "new": enabled}}
@@ -618,7 +613,7 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False):
current_vsan_enabled = __salt__[esxi_cmd]("get_vsan_enabled").get(host)
error = current_vsan_enabled.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
current_vsan_enabled = current_vsan_enabled.get("VSAN Enabled")
@@ -631,14 +626,14 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False):
response = __salt__[esxi_cmd]("vsan_enable").get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
# Disable VSAN if enabled=False
else:
response = __salt__[esxi_cmd]("vsan_disable").get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{"enabled": {"old": current_vsan_enabled, "new": enabled}}
@@ -649,7 +644,7 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False):
current_eligible_disks = __salt__[esxi_cmd]("get_vsan_eligible_disks").get(host)
error = current_eligible_disks.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
disks = current_eligible_disks.get("Eligible")
@@ -659,7 +654,7 @@ def vsan_configured(name, enabled, add_disks_to_vsan=False):
response = __salt__[esxi_cmd]("vsan_add_disks").get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update({"add_disks_to_vsan": {"old": "", "new": disks}})
@@ -683,7 +678,7 @@ def ssh_configured(
ssh_key_file=None,
service_policy=None,
service_restart=False,
- certificate_verify=False,
+ certificate_verify=None,
):
"""
Manage the SSH configuration for a host including whether or not SSH is running or
@@ -724,7 +719,7 @@ def ssh_configured(
certificate_verify
If set to ``True``, the SSL connection must present a valid certificate.
- Default is ``False``.
+ Default is ``True``.
Example:
@@ -739,6 +734,8 @@ def ssh_configured(
- certificate_verify: True
"""
+ if certificate_verify is None:
+ certificate_verify = True
ret = {"name": name, "result": False, "changes": {}, "comment": ""}
esxi_cmd = "esxi.cmd"
host = __pillar__["proxy"]["host"]
@@ -747,7 +744,7 @@ def ssh_configured(
ssh_running = __salt__[esxi_cmd]("get_service_running", service_name=ssh).get(host)
error = ssh_running.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ssh_running = ssh_running.get(ssh)
@@ -760,14 +757,14 @@ def ssh_configured(
enable = __salt__[esxi_cmd]("service_start", service_name=ssh).get(host)
error = enable.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
# Disable SSH if service_running=False
else:
disable = __salt__[esxi_cmd]("service_stop", service_name=ssh).get(host)
error = disable.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
@@ -783,7 +780,7 @@ def ssh_configured(
)
error = current_ssh_key.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
current_ssh_key = current_ssh_key.get("key")
if current_ssh_key:
@@ -822,7 +819,7 @@ def ssh_configured(
)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{
@@ -840,7 +837,7 @@ def ssh_configured(
).get(host)
error = current_service_policy.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
current_service_policy = current_service_policy.get(ssh)
@@ -854,7 +851,7 @@ def ssh_configured(
).get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{
@@ -872,7 +869,7 @@ def ssh_configured(
response = __salt__[esxi_cmd]("service_restart", service_name=ssh).get(host)
error = response.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
ret["changes"].update(
{"service_restart": {"old": "", "new": "SSH service restarted."}}
@@ -965,17 +962,17 @@ def syslog_configured(
reset = __salt__[esxi_cmd](
"reset_syslog_config", syslog_config=reset_configs
).get(host)
- for key, val in six.iteritems(reset):
+ for key, val in reset.items():
if isinstance(val, bool):
continue
if not val.get("success"):
msg = val.get("message")
if not msg:
msg = (
- "There was an error resetting a syslog config '{0}'."
+ "There was an error resetting a syslog config '{}'."
"Please check debug logs.".format(val)
)
- ret["comment"] = "Error: {0}".format(msg)
+ ret["comment"] = "Error: {}".format(msg)
return ret
ret["changes"].update(
@@ -985,7 +982,7 @@ def syslog_configured(
current_firewall = __salt__[esxi_cmd]("get_firewall_status").get(host)
error = current_firewall.get("Error")
if error:
- ret["comment"] = "Error: {0}".format(error)
+ ret["comment"] = "Error: {}".format(error)
return ret
current_firewall = current_firewall.get("rulesets").get("syslog")
@@ -1000,23 +997,23 @@ def syslog_configured(
if enabled.get("retcode") != 0:
err = enabled.get("stderr")
out = enabled.get("stdout")
- ret["comment"] = "Error: {0}".format(err if err else out)
+ ret["comment"] = "Error: {}".format(err if err else out)
return ret
ret["changes"].update({"firewall": {"old": current_firewall, "new": firewall}})
current_syslog_config = __salt__[esxi_cmd]("get_syslog_config").get(host)
- for key, val in six.iteritems(syslog_configs):
+ for key, val in syslog_configs.items():
# The output of get_syslog_config has different keys than the keys
# Used to set syslog_config values. We need to look them up first.
try:
lookup_key = _lookup_syslog_config(key)
except KeyError:
- ret["comment"] = "'{0}' is not a valid config variable.".format(key)
+ ret["comment"] = "'{}' is not a valid config variable.".format(key)
return ret
current_val = current_syslog_config[lookup_key]
- if six.text_type(current_val) != six.text_type(val):
+ if str(current_val) != str(val):
# Only run the command if not using test=True
if not __opts__["test"]:
response = __salt__[esxi_cmd](
@@ -1031,7 +1028,7 @@ def syslog_configured(
msg = response.get(key).get("message")
if not msg:
msg = (
- "There was an error setting syslog config '{0}'. "
+ "There was an error setting syslog config '{}'. "
"Please check debug logs.".format(key)
)
ret["comment"] = msg
@@ -1101,7 +1098,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
if not proxy_details.get("vcenter")
else proxy_details["esxi_host"]
)
- log.info("Running state {0} for host '{1}'".format(name, hostname))
+ log.info("Running state {} for host '{}'".format(name, hostname))
# Variable used to return the result of the invocation
ret = {"name": name, "result": None, "changes": {}, "comments": None}
# Signals if errors have been encountered
@@ -1124,23 +1121,20 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
host_disks = __salt__["vsphere.list_disks"](service_instance=si)
if not host_disks:
raise VMwareObjectRetrievalError(
- "No disks retrieved from host '{0}'".format(hostname)
+ "No disks retrieved from host '{}'".format(hostname)
)
scsi_addr_to_disk_map = {d["scsi_address"]: d for d in host_disks}
- log.trace("scsi_addr_to_disk_map = {0}".format(scsi_addr_to_disk_map))
+ log.trace("scsi_addr_to_disk_map = {}".format(scsi_addr_to_disk_map))
existing_diskgroups = __salt__["vsphere.list_diskgroups"](service_instance=si)
cache_disk_to_existing_diskgroup_map = {
dg["cache_disk"]: dg for dg in existing_diskgroups
}
except CommandExecutionError as err:
- log.error("Error: {0}".format(err))
+ log.error("Error: {}".format(err))
if si:
__salt__["vsphere.disconnect"](si)
ret.update(
- {
- "result": False if not __opts__["test"] else None,
- "comment": six.text_type(err),
- }
+ {"result": False if not __opts__["test"] else None, "comment": str(err),}
)
return ret
@@ -1149,7 +1143,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
# Check for cache disk
if not dg["cache_scsi_addr"] in scsi_addr_to_disk_map:
comments.append(
- "No cache disk with scsi address '{0}' was "
+ "No cache disk with scsi address '{}' was "
"found.".format(dg["cache_scsi_addr"])
)
log.error(comments[-1])
@@ -1158,7 +1152,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
# Check for capacity disks
cache_disk_id = scsi_addr_to_disk_map[dg["cache_scsi_addr"]]["id"]
- cache_disk_display = "{0} (id:{1})".format(dg["cache_scsi_addr"], cache_disk_id)
+ cache_disk_display = "{} (id:{})".format(dg["cache_scsi_addr"], cache_disk_id)
bad_scsi_addrs = []
capacity_disk_ids = []
capacity_disk_displays = []
@@ -1168,13 +1162,13 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
continue
capacity_disk_ids.append(scsi_addr_to_disk_map[scsi_addr]["id"])
capacity_disk_displays.append(
- "{0} (id:{1})".format(scsi_addr, capacity_disk_ids[-1])
+ "{} (id:{})".format(scsi_addr, capacity_disk_ids[-1])
)
if bad_scsi_addrs:
comments.append(
- "Error in diskgroup #{0}: capacity disks with "
- "scsi addresses {1} were not found."
- "".format(idx, ", ".join(["'{0}'".format(a) for a in bad_scsi_addrs]))
+ "Error in diskgroup #{}: capacity disks with "
+ "scsi addresses {} were not found."
+ "".format(idx, ", ".join(["'{}'".format(a) for a in bad_scsi_addrs]))
)
log.error(comments[-1])
errors = True
@@ -1182,14 +1176,14 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
if not cache_disk_to_existing_diskgroup_map.get(cache_disk_id):
# A new diskgroup needs to be created
- log.trace("erase_disks = {0}".format(erase_disks))
+ log.trace("erase_disks = {}".format(erase_disks))
if erase_disks:
if __opts__["test"]:
comments.append(
- "State {0} will "
- "erase all disks of disk group #{1}; "
- "cache disk: '{2}', "
- "capacity disk(s): {3}."
+ "State {} will "
+ "erase all disks of disk group #{}; "
+ "cache disk: '{}', "
+ "capacity disk(s): {}."
"".format(
name,
idx,
@@ -1206,13 +1200,13 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
disk_id=disk_id, service_instance=si
)
comments.append(
- "Erased disks of diskgroup #{0}; "
- "cache disk: '{1}', capacity disk(s): "
- "{2}".format(
+ "Erased disks of diskgroup #{}; "
+ "cache disk: '{}', capacity disk(s): "
+ "{}".format(
idx,
cache_disk_display,
", ".join(
- ["'{0}'".format(a) for a in capacity_disk_displays]
+ ["'{}'".format(a) for a in capacity_disk_displays]
),
)
)
@@ -1220,13 +1214,13 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
if __opts__["test"]:
comments.append(
- "State {0} will create "
- "the disk group #{1}; cache disk: '{2}', "
- "capacity disk(s): {3}.".format(
+ "State {} will create "
+ "the disk group #{}; cache disk: '{}', "
+ "capacity disk(s): {}.".format(
name,
idx,
cache_disk_display,
- ", ".join(["'{0}'".format(a) for a in capacity_disk_displays]),
+ ", ".join(["'{}'".format(a) for a in capacity_disk_displays]),
)
)
log.info(comments[-1])
@@ -1241,15 +1235,15 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
)
except VMwareSaltError as err:
comments.append(
- "Error creating disk group #{0}: " "{1}.".format(idx, err)
+ "Error creating disk group #{}: " "{}.".format(idx, err)
)
log.error(comments[-1])
errors = True
continue
- comments.append("Created disk group #'{0}'.".format(idx))
+ comments.append("Created disk group #'{}'.".format(idx))
log.info(comments[-1])
- diskgroup_changes[six.text_type(idx)] = {
+ diskgroup_changes[str(idx)] = {
"new": {"cache": cache_disk_display, "capacity": capacity_disk_displays}
}
changes = True
@@ -1257,12 +1251,12 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
# The diskgroup exists; checking the capacity disks
log.debug(
- "Disk group #{0} exists. Checking capacity disks: "
- "{1}.".format(idx, capacity_disk_displays)
+ "Disk group #{} exists. Checking capacity disks: "
+ "{}.".format(idx, capacity_disk_displays)
)
existing_diskgroup = cache_disk_to_existing_diskgroup_map.get(cache_disk_id)
existing_capacity_disk_displays = [
- "{0} (id:{1})".format(
+ "{} (id:{})".format(
[d["scsi_address"] for d in host_disks if d["id"] == disk_id][0],
disk_id,
)
@@ -1280,7 +1274,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
][0]
added_capacity_disk_ids.append(disk_id)
added_capacity_disk_displays.append(
- "{0} (id:{1})".format(disk_scsi_addr, disk_id)
+ "{} (id:{})".format(disk_scsi_addr, disk_id)
)
for disk_id in existing_diskgroup["capacity_disks"]:
if disk_id not in capacity_disk_ids:
@@ -1289,12 +1283,12 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
][0]
removed_capacity_disk_ids.append(disk_id)
removed_capacity_disk_displays.append(
- "{0} (id:{1})".format(disk_scsi_addr, disk_id)
+ "{} (id:{})".format(disk_scsi_addr, disk_id)
)
log.debug(
- "Disk group #{0}: existing capacity disk ids: {1}; added "
- "capacity disk ids: {2}; removed capacity disk ids: {3}"
+ "Disk group #{}: existing capacity disk ids: {}; added "
+ "capacity disk ids: {}; removed capacity disk ids: {}"
"".format(
idx,
existing_capacity_disk_displays,
@@ -1306,11 +1300,11 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
# TODO revisit this when removing capacity disks is supported
if removed_capacity_disk_ids:
comments.append(
- "Error removing capacity disk(s) {0} from disk group #{1}; "
+ "Error removing capacity disk(s) {} from disk group #{}; "
"operation is not supported."
"".format(
", ".join(
- ["'{0}'".format(id) for id in removed_capacity_disk_displays]
+ ["'{}'".format(id) for id in removed_capacity_disk_displays]
),
idx,
)
@@ -1324,11 +1318,11 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
# Building a string representation of the capacity disks
# that need to be added
- s = ", ".join(["'{0}'".format(id) for id in added_capacity_disk_displays])
+ s = ", ".join(["'{}'".format(id) for id in added_capacity_disk_displays])
if __opts__["test"]:
comments.append(
- "State {0} will add "
- "capacity disk(s) {1} to disk group #{2}."
+ "State {} will add "
+ "capacity disk(s) {} to disk group #{}."
"".format(name, s, idx)
)
log.info(comments[-1])
@@ -1343,17 +1337,17 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
)
except VMwareSaltError as err:
comments.append(
- "Error adding capacity disk(s) {0} to "
- "disk group #{1}: {2}.".format(s, idx, err)
+ "Error adding capacity disk(s) {} to "
+ "disk group #{}: {}.".format(s, idx, err)
)
log.error(comments[-1])
errors = True
continue
- com = "Added capacity disk(s) {0} to disk group #{1}" "".format(s, idx)
+ com = "Added capacity disk(s) {} to disk group #{}" "".format(s, idx)
log.info(com)
comments.append(com)
- diskgroup_changes[six.text_type(idx)] = {
+ diskgroup_changes[str(idx)] = {
"new": {
"cache": cache_disk_display,
"capacity": capacity_disk_displays,
@@ -1367,9 +1361,7 @@ def diskgroups_configured(name, diskgroups, erase_disks=False):
continue
# No capacity needs to be added
- s = "Disk group #{0} is correctly configured. Nothing to be done." "".format(
- idx
- )
+ s = "Disk group #{} is correctly configured. Nothing to be done." "".format(idx)
log.info(s)
comments.append(s)
__salt__["vsphere.disconnect"](si)
@@ -1532,11 +1524,11 @@ def host_cache_configured(
)
if not existing_disks:
raise VMwareObjectRetrievalError(
- "Disk with scsi address '{0}' was not found in host '{1}'"
+ "Disk with scsi address '{}' was not found in host '{}'"
"".format(datastore["backing_disk_scsi_addr"], hostname)
)
backing_disk = existing_disks[0]
- backing_disk_display = "{0} (id:{1})".format(
+ backing_disk_display = "{} (id:{})".format(
backing_disk["scsi_address"], backing_disk["id"]
)
log.trace("backing_disk = %s", backing_disk_display)
@@ -1547,8 +1539,8 @@ def host_cache_configured(
if erase_backing_disk:
if __opts__["test"]:
comments.append(
- "State {0} will erase "
- "the backing disk '{1}' on host '{2}'."
+ "State {} will erase "
+ "the backing disk '{}' on host '{}'."
"".format(name, backing_disk_display, hostname)
)
log.info(comments[-1])
@@ -1558,16 +1550,16 @@ def host_cache_configured(
disk_id=backing_disk["id"], service_instance=si
)
comments.append(
- "Erased backing disk '{0}' on host "
- "'{1}'.".format(backing_disk_display, hostname)
+ "Erased backing disk '{}' on host "
+ "'{}'.".format(backing_disk_display, hostname)
)
log.info(comments[-1])
# Create the datastore
if __opts__["test"]:
comments.append(
- "State {0} will create "
- "the datastore '{1}', with backing disk "
- "'{2}', on host '{3}'."
+ "State {} will create "
+ "the datastore '{}', with backing disk "
+ "'{}', on host '{}'."
"".format(name, datastore["name"], backing_disk_display, hostname)
)
log.info(comments[-1])
@@ -1582,7 +1574,7 @@ def host_cache_configured(
non_mbr_partitions = [p for p in partitions if p["format"] != "mbr"]
if len(non_mbr_partitions) > 0:
raise VMwareApiError(
- "Backing disk '{0}' has unexpected partitions"
+ "Backing disk '{}' has unexpected partitions"
"".format(backing_disk_display)
)
__salt__["vsphere.create_vmfs_datastore"](
@@ -1592,8 +1584,8 @@ def host_cache_configured(
service_instance=si,
)
comments.append(
- "Created vmfs datastore '{0}', backed by "
- "disk '{1}', on host '{2}'."
+ "Created vmfs datastore '{}', backed by "
+ "disk '{}', on host '{}'."
"".format(datastore["name"], backing_disk_display, hostname)
)
log.info(comments[-1])
@@ -1615,21 +1607,21 @@ def host_cache_configured(
# Check datastore is backed by the correct disk
if not existing_datastores[0].get("backing_disk_ids"):
raise VMwareSaltError(
- "Datastore '{0}' doesn't have a "
+ "Datastore '{}' doesn't have a "
"backing disk"
"".format(datastore["name"])
)
if backing_disk["id"] not in existing_datastores[0]["backing_disk_ids"]:
raise VMwareSaltError(
- "Datastore '{0}' is not backed by the correct disk: "
- "expected '{1}'; got {2}"
+ "Datastore '{}' is not backed by the correct disk: "
+ "expected '{}'; got {}"
"".format(
datastore["name"],
backing_disk["id"],
", ".join(
[
- "'{0}'".format(disk)
+ "'{}'".format(disk)
for disk in existing_datastores[0]["backing_disk_ids"]
]
),
@@ -1637,8 +1629,8 @@ def host_cache_configured(
)
comments.append(
- "Datastore '{0}' already exists on host '{1}' "
- "and is backed by disk '{2}'. Nothing to be "
+ "Datastore '{}' already exists on host '{}' "
+ "and is backed by disk '{}'. Nothing to be "
"done.".format(datastore["name"], hostname, backing_disk_display)
)
existing_datastore = existing_datastores[0]
@@ -1686,8 +1678,8 @@ def host_cache_configured(
if needs_setting:
if __opts__["test"]:
comments.append(
- "State {0} will configure "
- "the host cache on host '{1}' to: {2}."
+ "State {} will configure "
+ "the host cache on host '{}' to: {}."
"".format(
name,
hostname,
@@ -1702,8 +1694,8 @@ def host_cache_configured(
if (existing_datastore["capacity"] / 1024.0 ** 2) < swap_size_MiB:
raise ArgumentValueError(
- "Capacity of host cache datastore '{0}' ({1} MiB) is "
- "smaller than the required swap size ({2} MiB)"
+ "Capacity of host cache datastore '{}' ({} MiB) is "
+ "smaller than the required swap size ({} MiB)"
"".format(
existing_datastore["name"],
existing_datastore["capacity"] / 1024.0 ** 2,
@@ -1717,11 +1709,11 @@ def host_cache_configured(
service_instance=si,
)
comments.append(
- "Host cache configured on host " "'{0}'.".format(hostname)
+ "Host cache configured on host " "'{}'.".format(hostname)
)
else:
comments.append(
- "Host cache on host '{0}' is already correctly "
+ "Host cache on host '{}' is already correctly "
"configured. Nothing to be done.".format(hostname)
)
result = True
diff --git a/salt/utils/http.py b/salt/utils/http.py
index 9522bd6ee4..c532da63d5 100644
--- a/salt/utils/http.py
+++ b/salt/utils/http.py
@@ -1062,3 +1062,23 @@ def _sanitize_url_components(comp_list, field):
ret = "{}&".format(comp_list[0])
comp_list.remove(comp_list[0])
return ret + _sanitize_url_components(comp_list, field)
+
+
+def session(user=None, password=None, verify_ssl=True, ca_bundle=None, headers=None):
+ """
+ create a requests session
+ """
+ session = requests.session()
+ if user and password:
+ session.auth = (user, password)
+ if ca_bundle and not verify_ssl:
+ log.error("You cannot use both ca_bundle and verify_ssl False together")
+ return False
+ if ca_bundle:
+ opts = {"ca_bundle": ca_bundle}
+ session.verify = get_ca_bundle(opts)
+ if not verify_ssl:
+ session.verify = False
+ if headers:
+ session.headers.update(headers)
+ return session
diff --git a/salt/utils/thin.py b/salt/utils/thin.py
index ce48957374..60ddd0e67c 100644
--- a/salt/utils/thin.py
+++ b/salt/utils/thin.py
@@ -217,8 +217,8 @@ def get_tops_python(py_ver, exclude=None, ext_py_ver=None):
"{} does not exist. Could not auto detect dependencies".format(py_ver)
)
return {}
- py_shell_cmd = "{0} -c 'import {1}; print({1}.__file__)'".format(py_ver, mod)
- cmd = subprocess.Popen(py_shell_cmd, stdout=subprocess.PIPE, shell=True)
+ py_shell_cmd = [py_ver, "-c", "import {0}; print({0}.__file__)".format(mod)]
+ cmd = subprocess.Popen(py_shell_cmd, stdout=subprocess.PIPE)
stdout, _ = cmd.communicate()
mod_file = os.path.abspath(salt.utils.data.decode(stdout).rstrip("\n"))
diff --git a/salt/utils/vmware.py b/salt/utils/vmware.py
index 57aa2aaa69..f801ba2aab 100644
--- a/salt/utils/vmware.py
+++ b/salt/utils/vmware.py
@@ -80,7 +80,6 @@ import ssl
import time
from http.client import BadStatusLine
-import requests
import salt.exceptions
import salt.modules.cmdmod
import salt.utils.path
@@ -182,7 +181,9 @@ def esxcli(
return ret
-def get_vsphere_client(server, username, password, session=None):
+def get_vsphere_client(
+ server, username, password, session=None, verify_ssl=True, ca_bundle=None
+):
"""
Internal helper method to create an instance of the vSphere API client.
Please provide username and password to authenticate.
@@ -196,6 +197,10 @@ def get_vsphere_client(server, username, password, session=None):
:param Session session:
Request HTTP session instance. If not specified, one
is automatically created and used
+ :param boolean verify_ssl:
+ Verify the SSL certificate. Default: True
+ :param basestring ca_bundle:
+ Path to the ca bundle to use when verifying SSL certificates.
:returns:
Vsphere Client instance
@@ -204,9 +209,7 @@ def get_vsphere_client(server, username, password, session=None):
"""
if not session:
# Create an https session to be used for a vSphere client
- session = requests.session()
- # If client uses own SSL cert, session should not verify
- session.verify = False
+ session = salt.utils.http.session(verify_ssl=verify_ssl, ca_bundle=ca_bundle)
client = None
try:
client = create_vsphere_client(
@@ -218,7 +221,15 @@ def get_vsphere_client(server, username, password, session=None):
def _get_service_instance(
- host, username, password, protocol, port, mechanism, principal, domain
+ host,
+ username,
+ password,
+ protocol,
+ port,
+ mechanism,
+ principal,
+ domain,
+ verify_ssl=True,
):
"""
Internal method to authenticate with a vCenter server or ESX/ESXi host
@@ -253,21 +264,26 @@ def _get_service_instance(
raise salt.exceptions.CommandExecutionError(
"Unsupported mechanism: '{}'".format(mechanism)
)
+
+ log.trace(
+ "Connecting using the '%s' mechanism, with username '%s'", mechanism, username,
+ )
+ default_msg = (
+ "Could not connect to host '{}'. "
+ "Please check the debug log for more information.".format(host)
+ )
+
try:
- log.trace(
- "Connecting using the '%s' mechanism, with username '%s'",
- mechanism,
- username,
- )
- service_instance = SmartConnect(
- host=host,
- user=username,
- pwd=password,
- protocol=protocol,
- port=port,
- b64token=token,
- mechanism=mechanism,
- )
+ if verify_ssl:
+ service_instance = SmartConnect(
+ host=host,
+ user=username,
+ pwd=password,
+ protocol=protocol,
+ port=port,
+ b64token=token,
+ mechanism=mechanism,
+ )
except TypeError as exc:
if "unexpected keyword argument" in exc.message:
log.error(
@@ -280,30 +296,33 @@ def _get_service_instance(
raise
except Exception as exc: # pylint: disable=broad-except
# pyVmomi's SmartConnect() actually raises Exception in some cases.
- default_msg = (
- "Could not connect to host '{}'. "
- "Please check the debug log for more information.".format(host)
- )
+ if (
+ isinstance(exc, vim.fault.HostConnectFault)
+ and "[SSL: CERTIFICATE_VERIFY_FAILED]" in exc.msg
+ ) or "[SSL: CERTIFICATE_VERIFY_FAILED]" in str(exc):
+ err_msg = (
+ "Could not verify the SSL certificate. You can use "
+ "verify_ssl: False if you do not want to verify the "
+ "SSL certificate. This is not recommended as it is "
+ "considered insecure."
+ )
+ else:
+ log.exception(exc)
+ err_msg = exc.msg if hasattr(exc, "msg") else default_msg
+ raise salt.exceptions.VMwareConnectionError(err_msg)
+ if not verify_ssl:
try:
- if (
- isinstance(exc, vim.fault.HostConnectFault)
- and "[SSL: CERTIFICATE_VERIFY_FAILED]" in exc.msg
- ) or "[SSL: CERTIFICATE_VERIFY_FAILED]" in str(exc):
- service_instance = SmartConnect(
- host=host,
- user=username,
- pwd=password,
- protocol=protocol,
- port=port,
- sslContext=ssl._create_unverified_context(),
- b64token=token,
- mechanism=mechanism,
- )
- else:
- log.exception(exc)
- err_msg = exc.msg if hasattr(exc, "msg") else default_msg
- raise salt.exceptions.VMwareConnectionError(err_msg)
+ service_instance = SmartConnect(
+ host=host,
+ user=username,
+ pwd=password,
+ protocol=protocol,
+ port=port,
+ sslContext=ssl._create_unverified_context(),
+ b64token=token,
+ mechanism=mechanism,
+ )
except Exception as exc: # pylint: disable=broad-except
# pyVmomi's SmartConnect() actually raises Exception in some cases.
if "certificate verify failed" in str(exc):
@@ -330,6 +349,7 @@ def _get_service_instance(
err_msg = exc.msg if hasattr(exc, "msg") else default_msg
log.trace(exc)
raise salt.exceptions.VMwareConnectionError(err_msg)
+
atexit.register(Disconnect, service_instance)
return service_instance
@@ -384,6 +404,7 @@ def get_service_instance(
mechanism="userpass",
principal=None,
domain=None,
+ verify_ssl=True,
):
"""
Authenticate with a vCenter server or ESX/ESXi host and return the service instance object.
@@ -416,6 +437,9 @@ def get_service_instance(
domain
Kerberos user domain. Required if mechanism is ``sspi``
+
+ verify_ssl
+ Verify the SSL certificate. Default: True
"""
if protocol is None:
@@ -438,7 +462,15 @@ def get_service_instance(
if not service_instance:
service_instance = _get_service_instance(
- host, username, password, protocol, port, mechanism, principal, domain
+ host,
+ username,
+ password,
+ protocol,
+ port,
+ mechanism,
+ principal,
+ domain,
+ verify_ssl=verify_ssl,
)
# Test if data can actually be retrieved or connection has gone stale
@@ -449,7 +481,15 @@ def get_service_instance(
log.trace("Session no longer authenticating. Reconnecting")
Disconnect(service_instance)
service_instance = _get_service_instance(
- host, username, password, protocol, port, mechanism, principal, domain
+ host,
+ username,
+ password,
+ protocol,
+ port,
+ mechanism,
+ principal,
+ domain,
+ verify_ssl=verify_ssl,
)
except vim.fault.NoPermission as exc:
log.exception(exc)
diff --git a/salt/wheel/__init__.py b/salt/wheel/__init__.py
index 38792a10f6..53c3d8527f 100644
--- a/salt/wheel/__init__.py
+++ b/salt/wheel/__init__.py
@@ -1,8 +1,6 @@
-# -*- coding: utf-8 -*-
"""
Modules used to control the master itself
"""
-from __future__ import absolute_import, print_function, unicode_literals
from collections.abc import Mapping
@@ -15,7 +13,7 @@ import salt.utils.zeromq
class WheelClient(
- salt.client.mixins.SyncClientMixin, salt.client.mixins.AsyncClientMixin, object
+ salt.client.mixins.SyncClientMixin, salt.client.mixins.AsyncClientMixin
):
"""
An interface to Salt's wheel modules
@@ -123,8 +121,8 @@ class WheelClient(
})
{'jid': '20131219224744416681', 'tag': 'salt/wheel/20131219224744416681'}
"""
- fun = low.pop("fun")
- return self.asynchronous(fun, low)
+ fun = low.get("fun")
+ return self.asynchronous(fun, low, local=False)
def cmd(
self,
@@ -143,9 +141,7 @@ class WheelClient(
>>> wheel.cmd('key.finger', ['jerry'])
{'minions': {'jerry': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
"""
- return super(WheelClient, self).cmd(
- fun, arg, pub_data, kwarg, print_event, full_return
- )
+ return super().cmd(fun, arg, pub_data, kwarg, print_event, full_return)
Wheel = WheelClient # for backward-compat
diff --git a/salt/wheel/pillar_roots.py b/salt/wheel/pillar_roots.py
index 2c242ef3a7..7504d28777 100644
--- a/salt/wheel/pillar_roots.py
+++ b/salt/wheel/pillar_roots.py
@@ -1,19 +1,14 @@
-# -*- coding: utf-8 -*-
"""
The `pillar_roots` wheel module is used to manage files under the pillar roots
directories on the master server.
"""
-# Import python libs
-from __future__ import absolute_import, print_function, unicode_literals
import os
-# Import salt libs
import salt.utils.files
import salt.utils.path
-
-# Import 3rd-party libs
+import salt.utils.verify
from salt.ext import six
@@ -86,7 +81,7 @@ def read(path, saltenv="base"):
ret = []
files = find(path, saltenv)
for fn_ in files:
- full = next(six.iterkeys(fn_))
+ full = next(iter(fn_.keys()))
form = fn_[full]
if form == "txt":
with salt.utils.files.fopen(full, "rb") as fp_:
@@ -100,19 +95,23 @@ def write(data, path, saltenv="base", index=0):
index of the file can be specified to write to a lower priority file root
"""
if saltenv not in __opts__["pillar_roots"]:
- return "Named environment {0} is not present".format(saltenv)
+ return "Named environment {} is not present".format(saltenv)
if len(__opts__["pillar_roots"][saltenv]) <= index:
- return "Specified index {0} in environment {1} is not present".format(
+ return "Specified index {} in environment {} is not present".format(
index, saltenv
)
if os.path.isabs(path):
return (
- "The path passed in {0} is not relative to the environment " "{1}"
+ "The path passed in {} is not relative to the environment " "{}"
).format(path, saltenv)
+ roots_dir = __opts__["pillar_roots"][saltenv][index]
+ dest = os.path.join(roots_dir, path)
+ if not salt.utils.verify.clean_path(roots_dir, dest):
+ return "Invalid path"
dest = os.path.join(__opts__["pillar_roots"][saltenv][index], path)
dest_dir = os.path.dirname(dest)
if not os.path.isdir(dest_dir):
os.makedirs(dest_dir)
with salt.utils.files.fopen(dest, "w+") as fp_:
fp_.write(salt.utils.stringutils.to_str(data))
- return "Wrote data to file {0}".format(dest)
+ return "Wrote data to file {}".format(dest)
--
2.30.1
