<aside> 💡 SALT-API @Medium

</aside>

Setting up

• API services to use (CherryPY, Tornado, ...)

• salt-api and cherrypy installation

• Generate self-signed certificates

• Enable external auth (eauth)

  external_auth: 
   pam: 
   larry: 
   — .* 
   — ‘@runner’ 
   — ‘@wheel’ 
   darrel: 
   — test.* 
   — ‘@runner’ 
   — ‘@wheel’ 
   darryl: 
   — test.* 
   — network.* 
   — ‘@runner’ 
   — ‘@wheel’
  

• Enable API service configs in salt-master config(port, ssl as crt certificate, debug mode, ...)

First steps after set up

• salt-api running on specified port
• URI's
• POST request to the webserver ( on specified port) to perform login with an user defined on eauth

curl -ski <https://localhost:8000/login> \\
 -H 'Accept': 'application/json' \\
 -d username='osteam' \\
 -d password='fmq#123' \\
 -d eauth='pam'

• Retrieve token and save it. Use it in each request after first login in X-Auth-Token parameter

### Não devolve o resultado, apenas o JID###
### Após este pedido, é necessário guardar o jid e fazer outro pedido com ele mesmo ###

curl -sk <http://172.21.27.69:8000/> \\
-H 'Accept': 'application/json' \\
-H 'X-Auth-Token': '3c2e0c7a66865238fe37a8db2f56679d2ae9aaa2' \\
-d client='local' \\
-d tgt='b93f*' \\
-d fun='test.ping'

<aside> 💡 @external_auth permissions, to retrieve result from a job id there is the need to add the @runner parameter to the desired user *Checking job returns is a master-side operation via Salt's jobs runner. You need to give the XXXX user access to runners via @runner in order to execute them*

</aside>

### Após pedido para /minions ###

curl -sk <https://localhost:8000/jobs/20191106115243869404> \\
-H 'Accept: application/json' \\
-H 'X-Auth-Token: 057f17e60b813b9580b2045bab3c7340b62c3de0'