Delete public keys. If "match" is passed, it is evaluated as a glob. Pre-gathered matches can also be passed via "match_dict". To preserve the master caches of minions who are matched, set preserve_minions
(
self, match=None, match_dict=None, preserve_minions=None, revoke_auth=False
)
| 796 | return self.accept(match="*") |
| 797 | |
| 798 | def delete_key( |
| 799 | self, match=None, match_dict=None, preserve_minions=None, revoke_auth=False |
| 800 | ): |
| 801 | """ |
| 802 | Delete public keys. If "match" is passed, it is evaluated as a glob. |
| 803 | Pre-gathered matches can also be passed via "match_dict". |
| 804 | |
| 805 | To preserve the master caches of minions who are matched, set preserve_minions |
| 806 | """ |
| 807 | if match is not None: |
| 808 | matches = self.glob_match(match) |
| 809 | elif match_dict is not None and isinstance(match_dict, dict): |
| 810 | matches = match_dict |
| 811 | else: |
| 812 | matches = {} |
| 813 | with salt.client.get_local_client(mopts=self.opts) as client: |
| 814 | for status, keys in matches.items(): |
| 815 | for key in keys: |
| 816 | try: |
| 817 | if revoke_auth: |
| 818 | if self.opts.get("rotate_aes_key") is False: |
| 819 | print( |
| 820 | "Immediate auth revocation specified but AES key" |
| 821 | " rotation not allowed. Minion will not be" |
| 822 | " disconnected until the master AES key is rotated." |
| 823 | ) |
| 824 | else: |
| 825 | try: |
| 826 | client.cmd_async(key, "saltutil.revoke_auth") |
| 827 | except salt.exceptions.SaltClientError: |
| 828 | print( |
| 829 | "Cannot contact Salt master. " |
| 830 | "Connection for {} will remain up until " |
| 831 | "master AES key is rotated or auth is revoked " |
| 832 | "with 'saltutil.revoke_auth'.".format(key) |
| 833 | ) |
| 834 | if status == "minions_denied": |
| 835 | self.cache.flush("denied_keys", key) |
| 836 | else: |
| 837 | self.cache.flush("keys", key) |
| 838 | eload = {"result": True, "act": "delete", "id": key} |
| 839 | self.event.fire_event( |
| 840 | eload, salt.utils.event.tagify(prefix="key") |
| 841 | ) |
| 842 | except OSError: |
| 843 | pass |
| 844 | if self.opts.get("preserve_minions") is True: |
| 845 | self.check_minion_cache(preserve_minions=matches.get("minions", [])) |
| 846 | else: |
| 847 | self.check_minion_cache() |
| 848 | if self.opts.get("rotate_aes_key"): |
| 849 | salt.crypt.dropfile( |
| 850 | self.opts["cachedir"], self.opts["user"], self.opts["id"] |
| 851 | ) |
| 852 | |
| 853 | return self.glob_match(match) if match is not None else self.dict_match(matches) |
| 854 | |
| 855 | def delete_den(self): |