Merge pull request #16706 from whiteinge/salt-api_gen-keys-download

Added convenience URL to generate minion keys and download as a tarball

salt/netapi/rest_cherrypy/app.py

@@ -194,6 +194,8 @@ import itertools
 import functools
 import logging
 import json
+import StringIO
+import tarfile
 import time
 from multiprocessing import Process, Pipe
 
@@ -955,6 +957,195 @@ class Jobs(LowDataAdapter):
         return ret
 
 
+class Keys(LowDataAdapter):
+    def GET(self, mid=None):
+        '''
+        A convenience URL for showing the list of minion keys or detail on a
+        specific key
+
+        .. http:get:: /keys/(mid)
+
+            List all keys or show a specific key
+
+            :status 200: |200|
+            :status 401: |401|
+            :status 406: |406|
+
+        **Example request:**
+
+        .. code-block:: bash
+
+            curl -i localhost:8000/keys
+
+        .. code-block:: http
+
+            GET /keys HTTP/1.1
+            Host: localhost:8000
+            Accept: application/x-yaml
+
+        **Example response:**
+
+        .. code-block:: http
+
+            HTTP/1.1 200 OK
+            Content-Length: 165
+            Content-Type: application/x-yaml
+
+            return:
+              local:
+              - master.pem
+              - master.pub
+              minions:
+              - jerry
+              minions_pre: []
+              minions_rejected: []
+
+        **Example request:**
+
+        .. code-block:: bash
+
+            curl -i localhost:8000/keys/jerry
+
+        .. code-block:: http
+
+            GET /keys/jerry HTTP/1.1
+            Host: localhost:8000
+            Accept: application/x-yaml
+
+        **Example response:**
+
+        .. code-block:: http
+
+            HTTP/1.1 200 OK
+            Content-Length: 73
+            Content-Type: application/x-yaml
+
+            return:
+              minions:
+                jerry: 51:93:b3:d0:9f:3a:6d:e5:28:67:c2:4b:27:d6:cd:2b
+        '''
+        self._cp_config['tools.salt_token.on'] = True
+
+        if mid:
+            lowstate = [{
+                'client': 'wheel',
+                'fun': 'key.finger',
+                'match': mid,
+            }]
+        else:
+            lowstate = [{
+                'client': 'wheel',
+                'fun': 'key.list_all',
+            }]
+
+        cherrypy.request.lowstate = lowstate
+        result = self.exec_lowstate(token=cherrypy.session.get('token'))
+
+        return {'return': next(result, {}).get('data', {}).get('return', {})}
+
+    def POST(self, mid, keysize=None, force=None, **kwargs):
+        r'''
+        Easily generate keys for a minion and auto-accept the new key
+
+        Example partial kickstart script to bootstrap a new minion:
+
+        .. code-block:: text
+
+            %post
+            mkdir -p /etc/salt/pki/minion
+            curl -sS http://localhost:8000/keys \
+                    -d mid=jerry \
+                    -d username=kickstart \
+                    -d password=kickstart \
+                    -d eauth=pam \
+                | tar -C /etc/salt/pki/minion -xf -
+
+            mkdir -p /etc/salt/minion.d
+            printf 'master: 10.0.0.5\nid: jerry' > /etc/salt/minion.d/id.conf
+            %end
+
+        .. http:post:: /keys
+
+            Generate a public and private key and return both as a tarball
+
+            Authentication credentials must be passed in the request.
+
+            :status 200: |200|
+            :status 401: |401|
+            :status 406: |406|
+
+        **Example request:**
+
+        .. code-block:: bash
+
+            curl -sS http://localhost:8000/keys \
+                    -d mid=jerry \
+                    -d username=kickstart \
+                    -d password=kickstart \
+                    -d eauth=pam \
+                | tar xf -
+
+        .. code-block:: http
+
+            POST /keys HTTP/1.1
+            Host: localhost:8000
+
+        **Example response:**
+
+        .. code-block:: http
+
+            HTTP/1.1 200 OK
+            Content-Length: 10240
+            Content-Disposition: attachment; filename="saltkeys-jerry.tar"
+            Content-Type: application/x-tar
+
+            jerry.pub0000644000000000000000000000070300000000000010730 0ustar  00000000000000
+        '''
+        self._cp_config['tools.hypermedia_out.on'] = False
+        self._cp_config['tools.sessions.on'] = False
+
+        lowstate = [{
+            'client': 'wheel',
+            'fun': 'key.gen_accept',
+            'id_': mid,
+        }]
+
+        if keysize:
+            lowstate[0]['keysize'] = keysize
+
+        if force:
+            lowstate[0]['force'] = force
+
+        lowstate[0].update(kwargs)
+
+        cherrypy.request.lowstate = lowstate
+        result = self.exec_lowstate()
+        ret = next(result, {}).get('data', {}).get('return', {})
+
+        pub_key = ret.get('pub', '')
+        pub_key_file = tarfile.TarInfo('minion.pub')
+        pub_key_file.size = len(pub_key)
+
+        priv_key = ret.get('priv', '')
+        priv_key_file = tarfile.TarInfo('minion.pem')
+        priv_key_file.size = len(priv_key)
+
+        fileobj = StringIO.StringIO()
+        tarball = tarfile.open(fileobj=fileobj, mode='w')
+        tarball.addfile(pub_key_file, StringIO.StringIO(pub_key))
+        tarball.addfile(priv_key_file, StringIO.StringIO(priv_key))
+        tarball.close()
+
+        headers = cherrypy.response.headers
+        headers['Content-Disposition'] = 'attachment; filename="saltkeys-{0}.tar"'.format(mid)
+        headers['Content-Type'] = 'application/x-tar'
+        headers['Content-Length'] = fileobj.len
+        headers['Cache-Control'] = 'no-cache'
+
+        fileobj.seek(0)
+        return fileobj
+
+
 class Login(LowDataAdapter):
     '''
     Log in to receive a session token
@@ -1774,6 +1965,7 @@ class API(object):
         'minions': Minions,
         'run': Run,
         'jobs': Jobs,
+        'keys': Keys,
         'events': Events,
         'stats': Stats,
     }