Merge pull request #51334 from Ch3LL/merge-2019.2

[2019.2] Merge forward from 2018.3 to 2019.2

doc/_themes/saltstack2/layout.html

@@ -71,6 +71,14 @@
 {%- endmacro %}
 <html>
     <head>
+        <!-- Google Tag Manager -->
+        <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
+        j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
+        'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
+        })(window,document,'script','dataLayer','GTM-MCK7VL3');</script>
+        <!-- End Google Tag Manager -->
+
         <meta charset="{{ encoding }}">
         {{ metatags }}
         <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
@@ -120,6 +128,11 @@
     </head>
 
     <body class="index">
+        <!-- Google Tag Manager (noscript) -->
+        <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MCK7VL3"
+        height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
+        <!-- End Google Tag Manager (noscript) -->
+
         <!--[if lt IE 8]>
             <p>You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser.</a></p>
         <![endif]-->

doc/topics/development/modules/index.rst

@@ -130,7 +130,7 @@ Cloud        ``salt.cloud.clouds`` (:ref:`index <all-salt.clouds>`)           ``
 Engine       ``salt.engines`` (:ref:`index <engines>`)                        ``engines``               ``engines_dirs``
 Execution    ``salt.modules`` (:ref:`index <all-salt.modules>`)               ``modules``               ``module_dirs``
 Executor     ``salt.executors`` (:ref:`index <all-salt.executors>`)           ``executors`` [#no-fs]_   ``executor_dirs``
-File Server  ``salt.fileserver`` (:ref:`index <file-server>`)                 ``fileserver`` [#no-fs]_  ``fileserver_dirs``
+File Server  ``salt.fileserver`` (:ref:`index <file-server>`)                 ``fileserver``            ``fileserver_dirs``
 Grain        ``salt.grains`` (:ref:`index <all-salt.grains>`)                 ``grains``                ``grains_dirs``
 Log Handler  ``salt.log.handlers`` (:ref:`index <external-logging-handlers>`) ``log_handlers``          ``log_handlers_dirs``
 Net API      ``salt.netapi`` (:ref:`index <all-netapi-modules>`)              ``netapi`` [#no-fs]_      ``netapi_dirs``
@@ -143,13 +143,13 @@ Returner     ``salt.returners`` (:ref:`index <all-salt.returners>`)           ``
 Roster       ``salt.roster`` (:ref:`index <all-salt.roster>`)                 ``roster``                ``roster_dirs``
 Runner       ``salt.runners`` (:ref:`index <all-salt.runners>`)               ``runners``               ``runner_dirs``
 SDB          ``salt.sdb`` (:ref:`index <all-salt.sdb>`)                       ``sdb``                   ``sdb_dirs``
-Search       ``salt.search``                                                  ``search`` [#no-fs]_      ``search_dirs``
 Serializer   ``salt.serializers`` (:ref:`index <all-salt.serializers>`)       ``serializers`` [#no-fs]_ ``serializers_dirs``
 SPM pkgdb    ``salt.spm.pkgdb``                                               ``pkgdb`` [#no-fs]_       ``pkgdb_dirs``
 SPM pkgfiles ``salt.spm.pkgfiles``                                            ``pkgfiles`` [#no-fs]_    ``pkgfiles_dirs``
 SSH Wrapper  ``salt.client.ssh.wrapper``                                      ``wrapper`` [#no-fs]_     ``wrapper_dirs``
 State        ``salt.states`` (:ref:`index <all-salt.states>`)                 ``states``                ``states_dirs``
-Thorium      ``salt.thorium`` (:ref:`index <all-salt.thorium>`)               ``thorium`` [#no-fs]_     ``thorium_dirs``
+Thorium      ``salt.thorium`` (:ref:`index <all-salt.thorium>`)               ``thorium``               ``thorium_dirs``
+Tokens       ``salt.tokens``                                                  ``tokens``                ``tokens_dirs``
 Top          ``salt.tops`` (:ref:`index <all-salt.tops>`)                     ``tops``                  ``top_dirs``
 Util         ``salt.utils``                                                   ``utils``                 ``utils_dirs``
 Wheel        ``salt.wheels`` (:ref:`index <all-salt.wheel>`)                  ``wheel``                 ``wheel_dirs``
@@ -223,6 +223,12 @@ object.
 Executor
 --------
 
+.. toctree::
+    :maxdepth: 1
+    :glob:
+
+    /ref/executors/index
+
 Executors control how execution modules get called. The default is to just call
 them, but this can be customized.
 
@@ -322,11 +328,6 @@ SDB
 SDB is a way to store data that's not associated with a minion. See 
 :ref:`Storing Data in Other Databases <sdb>`.
 
-Search
-------
-
-A system for indexing the file server and pillars. Removed in 2018.3.
-
 Serializer
 ----------
 
@@ -375,6 +376,16 @@ Thorium
 
 Modules for use in the :ref:`Thorium <thorium-reactor>` event reactor.
 
+Tokens
+------
+
+Token stores for :ref:`External Authentication <acl-eauth>`. See the
+:py:mod:`salt.tokens` docstring for details.
+
+.. note:
+    The runner to load tokens modules is
+    :py:func:`saltutil.sync_eauth_tokens <salt.runners.saltutil.sync_eauth_tokens>`.
+
 Tops
 ----
 

doc/topics/tutorials/gitfs.rst

@@ -531,7 +531,13 @@ Global Remotes
 
 The ``all_saltenvs`` per-remote configuration parameter overrides the logic
 Salt uses to map branches/tags to fileserver environments (i.e. saltenvs). This
-allows a single branch/tag to appear in *all* saltenvs.
+allows a single branch/tag to appear in *all* GitFS saltenvs.
+
+.. note::
+   ``all_saltenvs`` only works *within* GitFS. That is, files in a branch
+   configured using ``all_saltenvs`` will *not* show up in a fileserver
+   environment defined via some other fileserver backend (e.g.
+   :conf_master:`file_roots`).
 
 This is very useful in particular when working with :ref:`salt formulas
 <conventions-formula>`. Prior to the addition of this feature, it was necessary

salt/modules/ebuild.py

@@ -24,6 +24,7 @@ import datetime
 
 # Import salt libs
 import salt.utils.args
+import salt.utils.compat
 import salt.utils.data
 import salt.utils.functools
 import salt.utils.path
@@ -33,9 +34,6 @@ import salt.utils.versions
 from salt.exceptions import CommandExecutionError, MinionError
 from salt.ext import six
 
-# Workaround for 'reload' builtin of py2.7
-if six.PY3:
-    from importlib import reload  # pylint: disable=no-name-in-module
 
 # Import third party libs
 HAS_PORTAGE = False
@@ -71,13 +69,13 @@ def __virtual__():
 
 def _vartree():
     import portage  # pylint: disable=3rd-party-module-not-gated
-    portage = reload(portage)
+    portage = salt.utils.compat.reload(portage)
     return portage.db[portage.root]['vartree']
 
 
 def _porttree():
     import portage  # pylint: disable=3rd-party-module-not-gated
-    portage = reload(portage)
+    portage = salt.utils.compat.reload(portage)
     return portage.db[portage.root]['porttree']
 
 

salt/modules/portage_config.py

@@ -10,6 +10,7 @@ import os
 import shutil
 
 # Import salt libs
+import salt.utils.compat
 import salt.utils.data
 import salt.utils.files
 import salt.utils.path
@@ -57,7 +58,7 @@ def _get_portage():
     portage module must be reloaded or it can't catch the changes
     in portage.* which had been added after when the module was loaded
     '''
-    return reload(portage)
+    return salt.utils.compat.reload(portage)
 
 
 def _porttree():

salt/modules/x509.py

@@ -961,7 +961,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
 
         serial_number = rev_item['serial_number'].replace(':', '')
         # OpenSSL bindings requires this to be a non-unicode string
-        serial_number = salt.utils.stringutils.to_str(serial_number)
+        serial_number = salt.utils.stringutils.to_bytes(serial_number)
 
         if 'not_after' in rev_item and not include_expired:
             not_after = datetime.datetime.strptime(
@@ -976,6 +976,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
         rev_date = datetime.datetime.strptime(
             rev_item['revocation_date'], '%Y-%m-%d %H:%M:%S')
         rev_date = rev_date.strftime('%Y%m%d%H%M%SZ')
+        rev_date = salt.utils.stringutils.to_bytes(rev_date)
 
         rev = OpenSSL.crypto.Revoked()
         rev.set_serial(salt.utils.stringutils.to_bytes(serial_number))
@@ -1576,7 +1577,7 @@ def create_certificate(
             pem_type='CERTIFICATE'
         )
     else:
-        return cert.as_pem()
+        return salt.utils.stringutils.to_str(cert.as_pem())
 # pylint: enable=too-many-locals
 
 

salt/returners/zabbix_return.py

@@ -7,10 +7,8 @@ The following Type: "Zabbix trapper" with "Type of information" Text items are r
 .. code-block:: cfg
 
     Key: salt.trap.info
-    Key: salt.trap.average
     Key: salt.trap.warning
     Key: salt.trap.high
-    Key: salt.trap.disaster
 
 To use the Zabbix returner, append '--return zabbix' to the salt command. ex:
 
@@ -21,15 +19,10 @@ To use the Zabbix returner, append '--return zabbix' to the salt command. ex:
 
 # Import Python libs
 from __future__ import absolute_import, print_function, unicode_literals
-import logging
 import os
 
 # Import Salt libs
 from salt.ext import six
-import salt.utils.files
-
-# Get logging started
-log = logging.getLogger(__name__)
 
 
 # Define the module's virtual name
@@ -55,21 +48,9 @@ def zbx():
         return False
 
 
-def zabbix_send(key, host, output):
-    with salt.utils.files.fopen(zbx()['zabbix_config'], 'r') as file_handle:
-        for line in file_handle:
-            if "ServerActive" in line:
-                flag = "true"
-                server = line.rsplit('=')
-                server = server[1].rsplit(',')
-                for s in server:
-                    cmd = zbx()['sender'] + " -z " + s.replace('\n', '') + " -s " + host + " -k " + key + " -o \"" + output +"\""
-                    __salt__['cmd.shell'](cmd)
-                break
-            else:
-                flag = "false"
-        if flag == 'false':
-            cmd = zbx()['sender'] + " -c " + zbx()['config'] + " -s " + host + " -k " + key + " -o \"" + output +"\""
+def zabbix_send(key, output):
+    cmd = zbx()['sender'] + " -c " + zbx()['config'] + " -k " + key + " -o \"" + output +"\""
+    __salt__['cmd.shell'](cmd)
 
 
 def save_load(jid, load, minions=None):
@@ -80,16 +61,15 @@ def returner(ret):
     changes = False
     errors = False
     job_minion_id = ret['id']
-    host = job_minion_id
 
     if type(ret['return']) is dict:
         for state, item in six.iteritems(ret['return']):
-            if 'comment' in item and 'name' in item and not item['result']:
+            if 'comment' in item and 'name' in item and item['result'] is False:
                 errors = True
-                zabbix_send("salt.trap.high", host, 'SALT:\nname: {0}\ncomment: {1}'.format(item['name'], item['comment']))
-            if 'comment' in item and 'name' in item and item['changes']:
+                zabbix_send("salt.trap.high", 'SALT:\nname: {0}\ncomment: {1}'.format(item['name'], item['comment']))
+            elif 'comment' in item and 'name' in item and item['changes']:
                 changes = True
-                zabbix_send("salt.trap.warning", host, 'SALT:\nname: {0}\ncomment: {1}'.format(item['name'], item['comment']))
+                zabbix_send("salt.trap.warning", 'SALT:\nname: {0}\ncomment: {1}'.format(item['name'], item['comment']))
 
     if not changes and not errors:
-        zabbix_send("salt.trap.info", host, 'SALT {0} OK'.format(job_minion_id))
+        zabbix_send("salt.trap.info", 'SALT {0} OK'.format(job_minion_id))

salt/states/file.py

@@ -2593,7 +2593,6 @@ def managed(name,
                 'to True to allow the managed file to be empty.'
                 .format(contents_id)
             )
-
         if isinstance(use_contents, six.binary_type) and b'\0' in use_contents:
             contents = use_contents
         elif isinstance(use_contents, six.text_type) and str('\0') in use_contents:
@@ -2607,9 +2606,10 @@ def managed(name,
                     'contents_grains is not a string or list of strings, and '
                     'is not binary data. SLS is likely malformed.'
                 )
-            contents = os.linesep.join(
-                [line.rstrip('\n').rstrip('\r') for line in validated_contents]
-            )
+            contents = ''
+            for part in validated_contents:
+                for line in part.splitlines():
+                    contents += line.rstrip('\n').rstrip('\r') + os.linesep
             if contents_newline and not contents.endswith(os.linesep):
                 contents += os.linesep
         if template:

salt/states/win_lgpo.py

@@ -261,7 +261,7 @@ def set_(name,
                     for p_name in current_policy[policy_data['output_section']]:
                         if policy_name.lower() == p_name.lower():
                             currently_set = True
-                            pol_id = policy_name
+                            pol_id = p_name
                             break
                 # Check aliases
                 else:

salt/utils/compat.py

@@ -8,6 +8,7 @@ from __future__ import absolute_import, print_function, unicode_literals
 import sys
 import copy
 import types
+import importlib
 
 # Import salt libs
 import salt.loader
@@ -58,3 +59,13 @@ def cmp(x, y):
     Return negative if x<y, zero if x==y, positive if x>y.
     '''
     return (x > y) - (x < y)
+
+
+def reload(mod):
+    '''
+    Compatibility helper function to replace the ``reload`` builtin from Python 2.
+    '''
+    try:
+        return importlib.reload(mod)
+    except AttributeError:
+        return reload(mod)

salt/utils/files.py

@@ -416,11 +416,13 @@ def flopen(*args, **kwargs):
     '''
     Shortcut for fopen with lock and context manager.
     '''
-    with fopen(*args, **kwargs) as f_handle:
+    filename, args = args[0], args[1:]
+    writing = 'wa'
+    with fopen(filename, *args, **kwargs) as f_handle:
         try:
             if is_fcntl_available(check_sunos=True):
                 lock_type = fcntl.LOCK_SH
-                if 'w' in args[1] or 'a' in args[1]:
+                if args and any([write in args[0] for write in writing]):
                     lock_type = fcntl.LOCK_EX
                 fcntl.flock(f_handle.fileno(), lock_type)
             yield f_handle

salt/utils/process.py

@@ -824,7 +824,7 @@ def default_signals(*signals):
     old_signals = {}
     for signum in signals:
         try:
-            old_signals[signum] = signal.getsignal(signum)
+            saved_signal = signal.getsignal(signum)
             signal.signal(signum, signal.SIG_DFL)
         except ValueError as exc:
             # This happens when a netapi module attempts to run a function
@@ -834,6 +834,8 @@ def default_signals(*signals):
                 'Failed to register signal for signum %d: %s',
                 signum, exc
             )
+        else:
+            old_signals[signum] = saved_signal
 
     # Do whatever is needed with the reset signals
     yield

salt/utils/stringutils.py

@@ -333,7 +333,9 @@ def build_whitespace_split_regex(text):
         lexer = shlex.shlex(text)
         lexer.whitespace_split = True
         lexer.commenters = ''
-        if '\'' in text:
+        if r"'\"" in text:
+            lexer.quotes = ''
+        elif '\'' in text:
             lexer.quotes = '"'
         elif '"' in text:
             lexer.quotes = '\''

salt/utils/virtualbox.py

@@ -14,13 +14,11 @@ import re
 import time
 
 # Import salt libs
+import salt.utils.compat
 import salt.utils.data
 from salt.utils.timeout import wait_for
 import salt.ext.six as six
 
-# Workaround for 'reload' builtin of py2.7
-if six.PY3:
-    from importlib import reload  # pylint: disable=no-name-in-module
 
 log = logging.getLogger(__name__)
 
@@ -140,7 +138,7 @@ def vb_get_manager():
     '''
     global _virtualboxManager
     if _virtualboxManager is None and HAS_LIBS:
-        reload(vboxapi)
+        salt.utils.compat.reload(vboxapi)
         _virtualboxManager = vboxapi.VirtualBoxManager(None, None)
 
     return _virtualboxManager

tests/integration/__init__.py

@@ -743,6 +743,12 @@ class TestDaemon(object):
         master_opts['root_dir'] = os.path.join(TMP, 'rootdir')
         master_opts['pki_dir'] = os.path.join(TMP, 'rootdir', 'pki', 'master')
         master_opts['syndic_master'] = 'localhost'
+        file_tree = {
+            'root_dir':  os.path.join(FILES, 'pillar', 'base', 'file_tree'),
+            'follow_dir_links': False,
+            'keep_newline': True,
+        }
+        master_opts['ext_pillar'].append({'file_tree': file_tree})
 
         # This is the syndic for master
         # Let's start with a copy of the syndic master configuration

tests/integration/files/file/base/issue-50221.sls

@@ -0,0 +1,3 @@
+{{ pillar['name'] }}:
+  file.managed:
+    - contents_pillar: issue-50221

tests/integration/files/file/base/issue-51208.sls

@@ -0,0 +1,4 @@
+/tmp/vimrc:
+  file.append:
+    - sources:
+      - salt://test/files/vimrc.stub

tests/integration/files/file/base/issue-51208/vimrc.stub

@@ -0,0 +1,8 @@
+set number
+syntax on
+set paste
+set ruler
+if has("autocmd")
+  au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
+endif
+

tests/integration/files/pillar/base/file_tree/hosts/minion/issue-50221

@@ -0,0 +1,3 @@
+abc
+
+

tests/integration/states/test_file.py

@@ -2624,6 +2624,42 @@ class FileTest(ModuleCase, SaltReturnAssertsMixin):
             '',
         ]).encode('utf-8'))
 
+    @with_tempfile()
+    def test_issue_50221(self, name):
+        expected = 'abc{0}{0}{0}'.format(os.linesep)
+        ret = self.run_function(
+            'pillar.get',
+            ['issue-50221']
+        )
+        assert ret == expected
+        ret = self.run_function(
+            'state.apply',
+            ['issue-50221'],
+            pillar={
+                'name': name
+            },
+        )
+        self.assertSaltTrueReturn(ret)
+        with salt.utils.files.fopen(name, 'r') as fp:
+            contents = fp.read()
+        assert contents == expected
+
+    def test_managed_file_issue_51208(self):
+        '''
+        Test to ensure we can handle a file with escaped double-quotes
+        '''
+        name = os.path.join(TMP, 'issue_51208.txt')
+        ret = self.run_state(
+            'file.managed', name=name, source='salt://issue-51208/vimrc.stub'
+        )
+        src = os.path.join(BASE_FILES, 'issue-51208', 'vimrc.stub')
+        with salt.utils.files.fopen(src, 'r') as fp_:
+            master_data = fp_.read()
+        with salt.utils.files.fopen(name, 'r') as fp_:
+            minion_data = fp_.read()
+        self.assertEqual(master_data, minion_data)
+        self.assertSaltTrueReturn(ret)
+
 
 class BlockreplaceTest(ModuleCase, SaltReturnAssertsMixin):
     marker_start = '# start'

tests/unit/modules/test_x509.py

@@ -176,7 +176,7 @@ c9bcgp7D7xD+TxWWNj4CSXEccJgGr91StV+gFg4ARQ==
                                       authorityKeyIdentifier='keyid,issuer:always',
                                       days_valid=3650,
                                       days_remaining=0)
-        self.assertIn(b'BEGIN CERTIFICATE', ret)
+        self.assertIn('BEGIN CERTIFICATE', ret)
 
     @skipIf(not HAS_M2CRYPTO, 'Skipping, M2Crypto is unavailble')
     def test_create_crl(self):

tests/unit/utils/test_network.py

@@ -232,6 +232,54 @@ class NetworkTestCase(TestCase):
                 log.error('bad host_port value: "%s" failed to trigger ValueError exception', host_port)
                 raise _e_
 
+    def test_dns_check(self):
+        class MockSocket(object):
+            def __init__(self, *args, **kwargs):
+                pass
+
+            def __call__(self, *args, **kwargs):
+                pass
+
+            def setsockopt(self, *args, **kwargs):
+                pass
+
+            def sendto(self, *args, **kwargs):
+                pass
+
+            def connect(self, *args, **kwargs):
+                pass
+
+            def close(self, *args, **kwargs):
+                pass
+
+        hosts = [
+            {'host': '10.10.0.3',
+             'port': '',
+             'mocked': [(2, 1, 6, '', ('10.10.0.3', 0))],
+             'ret': '10.10.0.3'},
+            {'host': '10.10.0.3',
+             'port': '1234',
+             'mocked': [(2, 1, 6, '', ('10.10.0.3', 0))],
+             'ret': '10.10.0.3'},
+            {'host': '2001:0db8:85a3::8a2e:0370:7334',
+             'port': '',
+             'mocked': [(10, 1, 6, '', ('2001:db8:85a3::8a2e:370:7334', 0, 0, 0))],
+             'ret': '2001:db8:85a3::8a2e:370:7334'},
+            {'host': '2001:0db8:85a3::8a2e:370:7334',
+             'port': '1234',
+             'mocked': [(10, 1, 6, '', ('2001:db8:85a3::8a2e:370:7334', 0, 0, 0))],
+             'ret': '2001:db8:85a3::8a2e:370:7334'},
+            {'host': 'salt-master',
+             'port': '1234',
+             'mocked': [(2, 1, 6, '', ('127.0.0.1', 0))],
+             'ret': '127.0.0.1'},
+        ]
+        for host in hosts:
+            with patch.object(socket, 'getaddrinfo', MagicMock(return_value=host['mocked'])):
+                with patch('socket.socket', MockSocket):
+                    ret = network.dns_check(host['host'], host['port'])
+                    self.assertEqual(ret, host['ret'])
+
     def test_is_subnet(self):
         for subnet_data in (IPV4_SUBNETS, IPV6_SUBNETS):
             for item in subnet_data[True]:

tests/unit/utils/test_path.py

@@ -17,6 +17,7 @@ from tests.support.unit import TestCase, skipIf
 from tests.support.mock import patch, NO_MOCK, NO_MOCK_REASON
 
 # Import Salt libs
+import salt.utils.compat
 import salt.utils.path
 import salt.utils.platform
 from salt.exceptions import CommandNotFoundError
@@ -125,7 +126,7 @@ class PathJoinTestCase(TestCase):
         platform.system = lambda: "windows"
 
         for module in (ntpath, os, os.path, tempfile):
-            reload(module)
+            salt.utils.compat.reload(module)
 
     def __unpatch_path(self):
         del sys.modules['nt']
@@ -133,7 +134,7 @@ class PathJoinTestCase(TestCase):
         platform.system = self.PLATFORM_FUNC
 
         for module in (posixpath, os, os.path, tempfile, platform):
-            reload(module)
+            salt.utils.compat.reload(module)
 
 
 @skipIf(NO_MOCK, NO_MOCK_REASON)