Handle the return data sent from the minions. Takes the return, verifies it and fires it on the master event bus. Typically, this event is consumed by the Salt CLI waiting on the other end of the event bus but could be heard by any listener on the bus. :par
(self, load)
| 2729 | ) |
| 2730 | |
| 2731 | def _return(self, load): |
| 2732 | """ |
| 2733 | Handle the return data sent from the minions. |
| 2734 | |
| 2735 | Takes the return, verifies it and fires it on the master event bus. |
| 2736 | Typically, this event is consumed by the Salt CLI waiting on the other |
| 2737 | end of the event bus but could be heard by any listener on the bus. |
| 2738 | |
| 2739 | :param dict load: The minion payload |
| 2740 | """ |
| 2741 | salt.utils.metrics.counter( |
| 2742 | "salt.jobs.completed", |
| 2743 | description="Returns received from minions.", |
| 2744 | ).add( |
| 2745 | 1, |
| 2746 | attributes={ |
| 2747 | "fun": load.get("fun", "") if isinstance(load, dict) else "", |
| 2748 | "success": ( |
| 2749 | str(bool(load.get("success", True))).lower() |
| 2750 | if isinstance(load, dict) |
| 2751 | else "true" |
| 2752 | ), |
| 2753 | }, |
| 2754 | ) |
| 2755 | if self.opts["require_minion_sign_messages"] and "sig" not in load: |
| 2756 | log.critical( |
| 2757 | "_return: Master is requiring minions to sign their " |
| 2758 | "messages, but there is no signature in this payload from " |
| 2759 | "%s.", |
| 2760 | load["id"], |
| 2761 | ) |
| 2762 | return False |
| 2763 | |
| 2764 | if "sig" in load: |
| 2765 | log.trace("Verifying signed event publish from minion") |
| 2766 | sig = load.pop("sig") |
| 2767 | this_minion_pubkey = self.key_cache.fetch("keys", load["id"]) |
| 2768 | serialized_load = salt.serializers.msgpack.serialize(load) |
| 2769 | if not this_minion_pubkey or not salt.crypt.PublicKey.from_str( |
| 2770 | this_minion_pubkey["pub"] |
| 2771 | ).verify(serialized_load, sig, algorithm=self.opts["signing_algorithm"]): |
| 2772 | if not this_minion_pubkey: |
| 2773 | log.error("Failed to fetch pub key for minion %s.", load["id"]) |
| 2774 | else: |
| 2775 | log.info( |
| 2776 | "Failed to verify event signature from minion %s.", load["id"] |
| 2777 | ) |
| 2778 | if self.opts["drop_messages_signature_fail"]: |
| 2779 | log.critical( |
| 2780 | "drop_messages_signature_fail is enabled, dropping " |
| 2781 | "message from %s", |
| 2782 | load["id"], |
| 2783 | ) |
| 2784 | return False |
| 2785 | else: |
| 2786 | log.info( |
| 2787 | "But 'drop_message_signature_fail' is disabled, so message is" |
| 2788 | " still accepted." |