(self, opts, autocreate=True)
| 528 | """ |
| 529 | |
| 530 | def __init__(self, opts, autocreate=True): |
| 531 | super().__init__() |
| 532 | self.opts = opts |
| 533 | self.cache = salt.cache.Cache(opts, driver=self.opts["keys.cache_driver"]) |
| 534 | |
| 535 | # we need to differentiate this here because in a multi-master setup, |
| 536 | # if the driver is localfs, each master's key can be different but |
| 537 | # exist with the same name (master.pem); but with a different driver |
| 538 | # the state is shared across all masters, so it would be impossible to |
| 539 | # represent that setup unless the key used is unique (e.g the master |
| 540 | # id). |
| 541 | # when get_keys(name='master') runs it will duplicate the keys to |
| 542 | # ${id}.pem/pub to avoid this scenario. at some point in the future |
| 543 | # master.pem/pub can be removed |
| 544 | self.master_id = self.opts["id"].removesuffix("_master") |
| 545 | |
| 546 | self.cluster_pub_path = None |
| 547 | self.cluster_rsa_path = None |
| 548 | self.cluster_key = None |
| 549 | # XXX |
| 550 | if self.opts["cluster_id"]: |
| 551 | self.cluster_pub_path = os.path.join( |
| 552 | self.opts["cluster_pki_dir"], "cluster.pub" |
| 553 | ) |
| 554 | self.cluster_rsa_path = os.path.join( |
| 555 | self.opts["cluster_pki_dir"], "cluster.pem" |
| 556 | ) |
| 557 | if self.opts["cluster_pki_dir"] != self.opts["pki_dir"]: |
| 558 | # ``cluster_peers`` is configured with bare master names (the |
| 559 | # hostnames or IPs that other masters reach this node on), so |
| 560 | # the shared peer pubkey must be stored under the same bare |
| 561 | # name. ``apply_master_config`` appends ``_master`` to |
| 562 | # ``opts["id"]`` when the operator does not configure ``id`` |
| 563 | # explicitly; strip it back off so the file the cluster |
| 564 | # channel server looks up matches what gets written here. |
| 565 | # See https://github.com/saltstack/salt/issues/68462. |
| 566 | self.cluster_shared_path = os.path.join( |
| 567 | self.opts["cluster_pki_dir"], |
| 568 | "peers", |
| 569 | f"{self.master_id}.pub", |
| 570 | ) |
| 571 | # Note: cluster_key setup is handled in _setup_keys() after |
| 572 | # master keys are initialized. Calling it here would fail because |
| 573 | # the master key has not been generated yet when autocreate=True, |
| 574 | # and because self.__get_keys does not exist. |
| 575 | self.pub_signature = None |
| 576 | |
| 577 | # set names for the signing key-pairs |
| 578 | self.pubkey_signature = None |
| 579 | self.master_pubkey_signature = ( |
| 580 | opts.get("master_pubkey_signature") or f"{opts['id']}_pubkey_signature" |
| 581 | ) |
| 582 | |
| 583 | if autocreate: |
| 584 | self._setup_keys() |
| 585 | |
| 586 | @property |
| 587 | def master_pub_path(self): |
no test coverage detected