MCPcopy
hub / github.com/saltstack/salt / rotate_secrets

Method rotate_secrets

salt/master.py:225–256  ·  view source on GitHub ↗
(
        cls, opts=None, event=None, use_lock=True, owner=False, publisher=None
    )

Source from the content-addressed store, hash-verified

223
224 @classmethod
225 def rotate_secrets(
226 cls, opts=None, event=None, use_lock=True, owner=False, publisher=None
227 ):
228 if opts is None:
229 opts = {}
230
231 for secret_key, secret_map in cls.secrets.items():
232 # should be unnecessary-- since no one else should be modifying
233 if use_lock:
234 with secret_map["secret"].get_lock():
235 secret_map["secret"].value = salt.utils.stringutils.to_bytes(
236 secret_map["reload"](remove=owner)
237 )
238 if "serial" in secret_map:
239 secret_map["serial"].value = 0
240 else:
241 secret_map["secret"].value = salt.utils.stringutils.to_bytes(
242 secret_map["reload"](remove=owner)
243 )
244 if "serial" in secret_map:
245 secret_map["serial"].value = 0
246
247 if publisher:
248 publisher.send_aes_key_event()
249
250 if event:
251 event.fire_event({f"rotate_{secret_key}_key": True}, tag="key")
252
253 if opts.get("ping_on_rotate"):
254 # Ping all minions to get them to pick up the new key
255 log.debug("Pinging all connected minions due to key rotation")
256 salt.utils.master.ping_all_connected_minions(opts)
257
258 @classmethod
259 def rotate_cluster_secret(

Callers 2

get_serialMethod · 0.80
handle_key_rotateMethod · 0.80

Calls 5

send_aes_key_eventMethod · 0.80
debugMethod · 0.80
itemsMethod · 0.45
fire_eventMethod · 0.45
getMethod · 0.45

Tested by

no test coverage detected