(
cls, opts=None, event=None, use_lock=True, owner=False, publisher=None
)
| 223 | |
| 224 | @classmethod |
| 225 | def rotate_secrets( |
| 226 | cls, opts=None, event=None, use_lock=True, owner=False, publisher=None |
| 227 | ): |
| 228 | if opts is None: |
| 229 | opts = {} |
| 230 | |
| 231 | for secret_key, secret_map in cls.secrets.items(): |
| 232 | # should be unnecessary-- since no one else should be modifying |
| 233 | if use_lock: |
| 234 | with secret_map["secret"].get_lock(): |
| 235 | secret_map["secret"].value = salt.utils.stringutils.to_bytes( |
| 236 | secret_map["reload"](remove=owner) |
| 237 | ) |
| 238 | if "serial" in secret_map: |
| 239 | secret_map["serial"].value = 0 |
| 240 | else: |
| 241 | secret_map["secret"].value = salt.utils.stringutils.to_bytes( |
| 242 | secret_map["reload"](remove=owner) |
| 243 | ) |
| 244 | if "serial" in secret_map: |
| 245 | secret_map["serial"].value = 0 |
| 246 | |
| 247 | if publisher: |
| 248 | publisher.send_aes_key_event() |
| 249 | |
| 250 | if event: |
| 251 | event.fire_event({f"rotate_{secret_key}_key": True}, tag="key") |
| 252 | |
| 253 | if opts.get("ping_on_rotate"): |
| 254 | # Ping all minions to get them to pick up the new key |
| 255 | log.debug("Pinging all connected minions due to key rotation") |
| 256 | salt.utils.master.ping_all_connected_minions(opts) |
| 257 | |
| 258 | @classmethod |
| 259 | def rotate_cluster_secret( |
no test coverage detected