saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #65872 from s0undt3ch/hotfix/merge-forward-2

Browse source 
[3007.x] Merge 3006.x into 3007.x
This commit is contained in:
Pedro Algarvio 2024-01-17 15:13:09 +00:00 committed by GitHub
commit 0a096e74e0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
86 changed files with 1054 additions and 986 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.pre-commit-config.yaml
View file

@ -352,6 +352,7 @@ repos:
- --no-emit-index-url
- requirements/static/pkg/darwin.in
- id: pip-tools-compile
alias: compile-pkg-windows-3.8-zmq-requirements
name: Windows Packaging Py3.8 ZeroMQ Requirements
files: ^requirements/((base|zeromq|crypto|windows)\.txt|static/pkg/(windows\.in|py3\.8/windows\.txt))$
@ -559,7 +560,6 @@ repos:
- id: pip-tools-compile
alias: compile-ci-linux-crypto-3.11-requirements
name: Linux CI Py3.11 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.11/linux-crypto\.txt))$
pass_filenames: false
args:
@ -574,7 +574,6 @@ repos:
- id: pip-tools-compile
alias: compile-ci-linux-crypto-3.12-requirements
name: Linux CI Py3.12 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/linux-crypto\.txt))$
pass_filenames: false
args:
@ -709,7 +708,6 @@ repos:
- id: pip-tools-compile
alias: compile-ci-freebsd-crypto-3.10-requirements
name: FreeBSD CI Py3.10 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.10/freebsd-crypto\.txt))$
pass_filenames: false
args:
@ -724,7 +722,6 @@ repos:
- id: pip-tools-compile
alias: compile-ci-freebsd-crypto-3.11-requirements
name: FreeBSD CI Py3.11 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.11/freebsd-crypto\.txt))$
pass_filenames: false
args:
@ -739,7 +736,6 @@ repos:
- id: pip-tools-compile
alias: compile-ci-freebsd-crypto-3.12-requirements
name: FreeBSD CI Py3.12 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/freebsd-crypto\.txt))$
pass_filenames: false
args:
@ -960,6 +956,7 @@ repos:
- --no-emit-index-url
- requirements/static/ci/windows.in
- id: pip-tools-compile
alias: compile-ci-windows-crypto-3.8-requirements
name: Windows CI Py3.8 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.8/windows-crypto\.txt))$

5
changelog/65830.security.md Normal file
View file

@ -0,0 +1,5 @@
Update some requirements which had some security issues:
* Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
* Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
* Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95

2
pytest.ini
View file

@ -8,3 +8,5 @@ python_files=test_*.py
python_classes=Test*
python_functions = test_*
junit_family=xunit2
# Only the tests should count towards timeouts
timeout_func_only = true

2
requirements/constraints.txt
View file

@ -1,3 +1,3 @@
setuptools >= 65.6.3,< 69.0
setuptools-scm < 8.0.0
pip >= 22.3.1,< 23.0
pip >= 23.3,< 24.0

3
requirements/static/ci/linux.in
View file

@ -4,8 +4,7 @@
pyiface
pygit2>=1.10.1
pymysql>=1.0.2
ansible>=4.4.0,<5.0.1; python_version < '3.9'
ansible>=7.0.0; python_version >= '3.9'
ansible>=9.1.0; python_version >= '3.10'
twilio
python-telegram-bot>=13.7
yamllint

2
requirements/static/ci/py3.10/changelog.txt
View file

@ -13,7 +13,7 @@ click==8.1.3
# towncrier
incremental==22.10.0
# via towncrier
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.10/linux.txt
# towncrier

2
requirements/static/ci/py3.10/darwin-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

6
requirements/static/ci/py3.10/darwin.txt
View file

@ -142,7 +142,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -188,7 +188,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.10/darwin.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.10/darwin.txt
# -r requirements/base.txt
@ -320,7 +320,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.10/darwin.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.10/darwin.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.10/docs.txt
View file

@ -58,7 +58,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/py3.10/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.10/linux.txt
# -r requirements/static/ci/docs.in

2
requirements/static/ci/py3.10/freebsd-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

6
requirements/static/ci/py3.10/freebsd.txt
View file

@ -141,7 +141,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -187,7 +187,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# -r requirements/base.txt
@ -324,7 +324,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.10/linux-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

14
requirements/static/ci/py3.10/linux.txt
View file

@ -17,11 +17,11 @@ aiosignal==1.3.1
# via
# -c requirements/static/ci/../pkg/py3.10/linux.txt
# aiohttp
ansible-core==2.15.0
ansible-core==2.16.2
# via ansible
ansible==8.0.0 ; python_version >= "3.9"
ansible==9.1.0 ; python_version >= "3.10"
# via -r requirements/static/ci/linux.in
anyio==3.7.0
anyio==4.1.0
# via httpcore
apache-libcloud==3.7.0 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
@ -157,7 +157,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -165,7 +165,7 @@ h11==0.14.0
# via httpcore
hglib==2.6.2
# via -r requirements/static/ci/linux.in
httpcore==0.17.2
httpcore==0.17.3
# via httpx
httpx==0.24.1
# via python-telegram-bot
@ -211,7 +211,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.10/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.10/linux.txt
# -r requirements/base.txt
@ -350,7 +350,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.10/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.10/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.10/tools.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==3.2.0
# via requests
idna==3.4
# via requests
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/static/ci/tools.in
jmespath==1.0.1
# via

2
requirements/static/ci/py3.10/windows-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

8
requirements/static/ci/py3.10/windows.txt
View file

@ -79,7 +79,7 @@ cherrypy==18.8.0
# -r requirements/static/ci/common.in
click==8.1.3
# via geomet
clr-loader==0.2.4
clr-loader==0.2.6
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# pythonnet
@ -136,7 +136,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -180,7 +180,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# -r requirements/base.txt
@ -277,7 +277,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.11/changelog.txt
View file

@ -13,7 +13,7 @@ click==8.1.3
# towncrier
incremental==17.5.0
# via towncrier
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.11/linux.txt
# towncrier

2
requirements/static/ci/py3.11/darwin-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.7
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

12
requirements/static/ci/py3.11/darwin.txt
View file

@ -52,9 +52,9 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==3.1.0
cachetools==5.3.1
# via google-auth
cassandra-driver==3.23.0
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
certifi==2023.07.22
# via
@ -136,11 +136,11 @@ future==0.18.3
# textfsm
genshi==0.7.7
# via -r requirements/static/ci/common.in
geomet==0.1.2
geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -186,7 +186,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.11/darwin.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.11/darwin.txt
# -r requirements/base.txt
@ -318,7 +318,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.11/darwin.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.11/darwin.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.11/docs.txt
View file

@ -62,7 +62,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/py3.11/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.11/linux.txt
# -r requirements/static/ci/docs.in

2
requirements/static/ci/py3.11/freebsd-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.7
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

10
requirements/static/ci/py3.11/freebsd.txt
View file

@ -52,9 +52,9 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==3.1.0
cachetools==5.3.1
# via google-auth
cassandra-driver==3.24.0
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
certifi==2023.07.22
# via
@ -139,7 +139,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -185,7 +185,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# -r requirements/base.txt
@ -322,7 +322,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.11/linux-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.7
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

16
requirements/static/ci/py3.11/linux.txt
View file

@ -21,9 +21,9 @@ annotated-types==0.6.0
# via
# -c requirements/static/ci/../pkg/py3.11/linux.txt
# pydantic
ansible-core==2.15.0
ansible-core==2.16.2
# via ansible
ansible==8.0.0 ; python_version >= "3.9"
ansible==9.1.0 ; python_version >= "3.10"
# via -r requirements/static/ci/linux.in
anyio==4.1.0
# via httpcore
@ -62,9 +62,9 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==4.2.2
cachetools==5.3.1
# via google-auth
cassandra-driver==3.23.0
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
certifi==2023.07.22
# via
@ -149,11 +149,11 @@ future==0.18.3
# textfsm
genshi==0.7.7
# via -r requirements/static/ci/common.in
geomet==0.1.2
geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -207,7 +207,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.11/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.11/linux.txt
# -r requirements/base.txt
@ -346,7 +346,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.11/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.11/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.11/tools.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==3.2.0
# via requests
idna==3.4
# via requests
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/static/ci/tools.in
jmespath==1.0.1
# via

6
requirements/static/ci/py3.11/windows-crypto.txt
View file

@ -4,9 +4,7 @@
#
# pip-compile --no-emit-index-url --output-file=requirements/static/ci/py3.11/windows-crypto.txt requirements/static/ci/crypto.in
#
m2crypto==0.37.1
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
parameterized==0.8.1
# via m2crypto
pycryptodome==3.10.1
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

18
requirements/static/ci/py3.11/windows.txt
View file

@ -44,9 +44,9 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==3.1.0
cachetools==5.3.1
# via google-auth
cassandra-driver==3.23.0
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
certifi==2023.07.22
# via
@ -79,7 +79,7 @@ cherrypy==18.8.0
# -r requirements/static/ci/common.in
click==8.1.3
# via geomet
clr-loader==0.2.4
clr-loader==0.2.6
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# pythonnet
@ -130,11 +130,11 @@ frozenlist==1.4.0
# aiosignal
genshi==0.7.7
# via -r requirements/static/ci/common.in
geomet==0.1.2
geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -178,7 +178,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -r requirements/base.txt
@ -275,7 +275,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# cffi
pycryptodomex==3.10.1
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -r requirements/crypto.txt
@ -308,7 +308,7 @@ pyopenssl==23.2.0
# etcd3-py
pyrsistent==0.19.3
# via jsonschema
pyspnego==0.10.2
pyspnego==0.9.0
# via requests-ntlm
pytest-custom-exit-code==0.3.0
# via -r requirements/pytest.txt
@ -440,8 +440,6 @@ smmap==5.0.0
# via gitdb
sqlparse==0.4.4
# via -r requirements/static/ci/common.in
sspilib==0.1.0
# via pyspnego
strict-rfc3339==0.7
# via -r requirements/static/ci/common.in
tempora==5.3.0

2
requirements/static/ci/py3.12/changelog.txt
View file

@ -13,7 +13,7 @@ click==8.1.3
# towncrier
incremental==17.5.0
# via towncrier
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.12/linux.txt
# towncrier

8
requirements/static/ci/py3.12/cloud.txt
View file

@ -66,7 +66,7 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==4.2.2
cachetools==5.3.1
# via
# -c requirements/static/ci/py3.12/linux.txt
# google-auth
@ -197,7 +197,7 @@ gitdb==4.0.10
# via
# -c requirements/static/ci/py3.12/linux.txt
# gitpython
gitpython==3.1.40
gitpython==3.1.41
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/static/ci/common.in
@ -257,7 +257,7 @@ jaraco.text==3.11.1
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt
@ -448,7 +448,7 @@ pycparser==2.21
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt

2
requirements/static/ci/py3.12/darwin-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.7
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

34
requirements/static/ci/py3.12/darwin.txt
View file

@ -4,12 +4,15 @@
#
# pip-compile --no-emit-index-url --output-file=requirements/static/ci/py3.12/darwin.txt requirements/darwin.txt requirements/pytest.txt requirements/static/ci/common.in requirements/static/ci/darwin.in requirements/static/pkg/darwin.in
#
aiohttp==3.9.0
aiohttp==3.9.1
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# -r requirements/base.txt
# etcd3-py
aiosignal==1.3.1
# via aiohttp
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# aiohttp
annotated-types==0.6.0
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
@ -20,8 +23,9 @@ asn1crypto==1.5.1
# via
# certvalidator
# oscrypto
attrs==23.1.0
attrs==23.2.0
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# aiohttp
# jsonschema
# pytest
@ -48,9 +52,9 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==3.1.0
cachetools==5.3.1
# via google-auth
cassandra-driver==3.23.0
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
certifi==2023.07.22
# via
@ -121,8 +125,9 @@ filelock==3.13.1
# via virtualenv
flaky==3.7.0
# via -r requirements/pytest.txt
frozenlist==1.3.0
frozenlist==1.4.1
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# aiohttp
# aiosignal
future==0.18.3
@ -131,11 +136,11 @@ future==0.18.3
# textfsm
genshi==0.7.7
# via -r requirements/static/ci/common.in
geomet==0.1.2
geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -181,7 +186,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# -r requirements/base.txt
@ -247,8 +252,9 @@ msgpack==1.0.7
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# -r requirements/base.txt
# pytest-salt-factories
multidict==6.0.2
multidict==6.0.4
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# aiohttp
# yarl
napalm==4.1.0 ; sys_platform != "win32"
@ -312,7 +318,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# -r requirements/crypto.txt
@ -552,8 +558,10 @@ yamllint==1.32.0
# via -r requirements/static/ci/darwin.in
yamlordereddictloader==0.4.0
# via junos-eznc
yarl==1.9.2
# via aiohttp
yarl==1.9.4
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt
# aiohttp
zc.lockfile==3.0.post1
# via
# -c requirements/static/ci/../pkg/py3.12/darwin.txt

4
requirements/static/ci/py3.12/docs.txt
View file

@ -106,7 +106,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/py3.12/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/base.txt
@ -171,7 +171,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/py3.12/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.12/freebsd-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.7
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

10
requirements/static/ci/py3.12/freebsd.txt
View file

@ -52,9 +52,9 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==3.1.0
cachetools==5.3.1
# via google-auth
cassandra-driver==3.24.0
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
certifi==2023.07.22
# via
@ -139,7 +139,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -185,7 +185,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.12/freebsd.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.12/freebsd.txt
# -r requirements/base.txt
@ -322,7 +322,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.12/freebsd.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.12/freebsd.txt
# -r requirements/crypto.txt

12
requirements/static/ci/py3.12/lint.txt
View file

@ -26,11 +26,11 @@ annotated-types==0.6.0
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt
# pydantic
ansible-core==2.15.0
ansible-core==2.16.2
# via
# -c requirements/static/ci/py3.12/linux.txt
# ansible
ansible==8.0.0 ; python_version >= "3.9"
ansible==9.1.0 ; python_version >= "3.10"
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/static/ci/linux.in
@ -80,7 +80,7 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==4.2.2
cachetools==5.3.1
# via
# -c requirements/static/ci/py3.12/linux.txt
# google-auth
@ -203,7 +203,7 @@ gitdb==4.0.10
# via
# -c requirements/static/ci/py3.12/linux.txt
# gitpython
gitpython==3.1.40
gitpython==3.1.41
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/static/ci/common.in
@ -279,7 +279,7 @@ jaraco.text==3.11.1
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt
@ -470,7 +470,7 @@ pycparser==2.21
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -c requirements/static/ci/py3.12/linux.txt

2
requirements/static/ci/py3.12/linux-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.7
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

12
requirements/static/ci/py3.12/linux.txt
View file

@ -21,9 +21,9 @@ annotated-types==0.6.0
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# pydantic
ansible-core==2.15.0
ansible-core==2.16.2
# via ansible
ansible==8.0.0 ; python_version >= "3.9"
ansible==9.1.0 ; python_version >= "3.10"
# via -r requirements/static/ci/linux.in
anyio==4.1.0
# via httpcore
@ -62,7 +62,7 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==4.2.2
cachetools==5.3.1
# via google-auth
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
@ -153,7 +153,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -207,7 +207,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -r requirements/base.txt
@ -346,7 +346,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.12/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.12/tools.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==3.2.0
# via requests
idna==3.4
# via requests
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/static/ci/tools.in
jmespath==1.0.1
# via

6
requirements/static/ci/py3.12/windows-crypto.txt
View file

@ -4,9 +4,7 @@
#
# pip-compile --no-emit-index-url --output-file=requirements/static/ci/py3.12/windows-crypto.txt requirements/static/ci/crypto.in
#
m2crypto==0.37.1
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
parameterized==0.8.1
# via m2crypto
pycryptodome==3.10.1
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

186
requirements/static/ci/py3.12/windows.txt
View file

@ -2,24 +2,24 @@
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile --no-emit-index-url --output-file=requirements/static/ci/py3.11/windows.txt requirements/pytest.txt requirements/static/ci/common.in requirements/static/ci/windows.in requirements/static/pkg/windows.in requirements/windows.txt
# pip-compile --no-emit-index-url --output-file=requirements/static/ci/py3.12/windows.txt requirements/pytest.txt requirements/static/ci/common.in requirements/static/ci/windows.in requirements/static/pkg/windows.in requirements/windows.txt
#
aiohttp==3.9.0
# via etcd3-py
aiohttp==3.9.1
# via
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# etcd3-py
aiosignal==1.3.1
# via aiohttp
# via
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# aiohttp
annotated-types==0.6.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# pydantic
async-timeout==4.0.2
# via aiohttp
attrs==23.1.0
# via
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# aiohttp
# jsonschema
# pytest
@ -29,7 +29,7 @@ attrs==23.1.0
# pytest-system-statistics
autocommand==2.2.2
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# jaraco.text
bcrypt==4.0.1
# via -r requirements/static/ci/common.in
@ -44,19 +44,19 @@ botocore==1.29.152
# boto3
# moto
# s3transfer
cachetools==3.1.0
cachetools==5.3.1
# via google-auth
cassandra-driver==3.23.0
cassandra-driver==3.28.0
# via -r requirements/static/ci/common.in
certifi==2023.07.22
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/static/ci/common.in
# kubernetes
# requests
cffi==1.16.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/static/ci/common.in
# clr-loader
# cryptography
@ -64,53 +64,49 @@ cffi==1.16.0
# pynacl
charset-normalizer==3.2.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# aiohttp
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# requests
cheetah3==3.2.6.post1
# via -r requirements/static/ci/common.in
cheroot==10.0.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# cherrypy
cherrypy==18.8.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# -r requirements/static/ci/common.in
click==8.1.3
# via geomet
clr-loader==0.2.4
clr-loader==0.2.6
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# pythonnet
clustershell==1.9.1
# via -r requirements/static/ci/common.in
colorama==0.4.6
# via pytest
# via
# click
# pytest
contextvars==2.4
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
cryptography==41.0.7
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# etcd3-py
# moto
# pyopenssl
# pyspnego
# requests-ntlm
distlib==0.3.7
# via virtualenv
distro==1.8.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# pytest-skip-markers
dmidecode==0.9.0
@ -127,8 +123,9 @@ filelock==3.13.1
# via virtualenv
flaky==3.7.0
# via -r requirements/pytest.txt
frozenlist==1.3.3
frozenlist==1.4.0
# via
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# aiohttp
# aiosignal
genshi==0.7.7
@ -137,27 +134,27 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
idna==3.4
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# etcd3-py
# requests
# yarl
immutables==0.15
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# contextvars
importlib-metadata==6.6.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
inflect==7.0.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# jaraco.text
iniconfig==2.0.0
# via pytest
@ -165,30 +162,30 @@ ipaddress==1.0.23
# via kubernetes
jaraco.collections==4.1.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# cherrypy
jaraco.context==4.3.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# jaraco.text
jaraco.functools==3.7.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# cheroot
# jaraco.text
# tempora
jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# moto
jmespath==1.0.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# -r requirements/static/ci/common.in
# boto3
@ -203,28 +200,27 @@ kubernetes==3.0.0
# via -r requirements/static/ci/common.in
looseversion==1.3.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
lxml==4.9.1 ; sys_platform == "win32"
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# xmldiff
mako==1.2.4
# via -r requirements/static/ci/common.in
markupsafe==2.1.3
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# jinja2
# mako
# moto
# werkzeug
mock==5.1.0
# via -r requirements/pytest.txt
more-itertools==8.2.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/pytest.txt
# cheroot
# cherrypy
@ -234,18 +230,17 @@ moto==4.1.11
# via -r requirements/static/ci/common.in
msgpack==1.0.7
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# pytest-salt-factories
multidict==6.0.2
multidict==6.0.4
# via
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# aiohttp
# yarl
ntlm-auth==1.5.0
# via requests-ntlm
packaging==23.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# docker
# pytest
@ -255,19 +250,17 @@ patch==1.16
# via -r requirements/static/ci/windows.in
pathspec==0.11.1
# via yamllint
pathtools==0.1.2
# via watchdog
platformdirs==4.0.0
# via virtualenv
pluggy==1.0.0
# via pytest
portend==3.1.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# cherrypy
psutil==5.9.6
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# pytest-salt-factories
# pytest-shell-utilities
@ -280,45 +273,43 @@ pyasn1==0.4.8
# rsa
pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# cffi
pycryptodomex==3.10.1
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/crypto.txt
pydantic-core==2.14.5
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# pydantic
pydantic==2.5.2
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# inflect
pyfakefs==5.3.1
# via -r requirements/pytest.txt
pygit2==1.13.1
# via -r requirements/static/ci/windows.in
pymssql==2.2.7 ; sys_platform == "win32"
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
pymysql==1.1.0
pymysql==1.1.0 ; sys_platform == "win32"
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
pynacl==1.5.0
# via -r requirements/static/ci/common.in
pyopenssl==23.2.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# etcd3-py
pyrsistent==0.19.3
# via jsonschema
pyspnego==0.9.0
# via requests-ntlm
pytest-custom-exit-code==0.3.0
# via -r requirements/pytest.txt
pytest-helpers-namespace==2021.12.29
@ -356,7 +347,7 @@ pytest==7.2.0
# pytest-timeout
python-dateutil==2.8.2
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# botocore
# kubernetes
@ -365,22 +356,21 @@ python-etcd==0.4.5
# via -r requirements/static/ci/common.in
python-gnupg==0.5.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
pythonnet==3.0.3 ; sys_platform == "win32"
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
pytz==2023.3.post1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# moto
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# tempora
pyvmomi==8.0.1.0.1
# via -r requirements/static/ci/common.in
pywin32==306 ; sys_platform == "win32"
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# docker
# pytest-skip-markers
@ -389,29 +379,29 @@ pywinrm==0.4.3
# via -r requirements/static/ci/windows.in
pyyaml==6.0.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# clustershell
# kubernetes
# pytest-salt-factories
# responses
# yamllint
pyzmq==25.1.1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/zeromq.txt
# pytest-salt-factories
requests-ntlm==1.2.0
# via pywinrm
requests==2.31.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
# -r requirements/static/ci/common.in
# docker
# etcd3-py
# kubernetes
# moto
# pyvmomi
# pywinrm
# requests-ntlm
# responses
@ -429,46 +419,50 @@ semantic-version==2.10.0
# via etcd3-py
setproctitle==1.3.2
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
six==1.15.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# cassandra-driver
# etcd3-py
# genshi
# geomet
# google-auth
# jsonschema
# junit-xml
# kubernetes
# python-dateutil
# pyvmomi
# pywinrm
# responses
# websocket-client
smmap==5.0.0
# via gitdb
sqlparse==0.4.4
# via -r requirements/static/ci/common.in
sspilib==0.1.0
# via pyspnego
strict-rfc3339==0.7
# via -r requirements/static/ci/common.in
tempora==5.3.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# portend
timelib==0.3.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
toml==0.10.2
# via -r requirements/static/ci/common.in
tornado==6.3.3
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
types-pyyaml==6.0.12.12
# via responses
typing-extensions==4.8.0
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# inflect
# pydantic
# pydantic-core
@ -476,12 +470,14 @@ typing-extensions==4.8.0
# pytest-system-statistics
urllib3==1.26.18
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# botocore
# docker
# google-auth
# kubernetes
# python-etcd
# requests
# responses
virtualenv==20.24.7
# via
# -r requirements/static/ci/common.in
@ -500,7 +496,7 @@ werkzeug==3.0.1
# pytest-httpserver
wmi==1.5.1 ; sys_platform == "win32"
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# -r requirements/base.txt
xmldiff==2.6.3
# via -r requirements/static/ci/common.in
@ -510,15 +506,17 @@ xmltodict==0.13.0
# pywinrm
yamllint==1.32.0
# via -r requirements/static/ci/windows.in
yarl==1.9.2
# via aiohttp
yarl==1.9.4
# via
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# aiohttp
zc.lockfile==3.0.post1
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# cherrypy
zipp==3.16.2
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -c requirements/static/ci/../pkg/py3.12/windows.txt
# importlib-metadata
# The following packages are considered to be unsafe in a requirements file:

2
requirements/static/ci/py3.8/changelog.txt
View file

@ -13,7 +13,7 @@ click==8.1.3
# towncrier
incremental==22.10.0
# via towncrier
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.8/linux.txt
# towncrier

2
requirements/static/ci/py3.8/docs.txt
View file

@ -66,7 +66,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/py3.8/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.8/linux.txt
# -r requirements/static/ci/docs.in

2
requirements/static/ci/py3.8/freebsd-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

6
requirements/static/ci/py3.8/freebsd.txt
View file

@ -141,7 +141,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -191,7 +191,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.8/freebsd.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.8/freebsd.txt
# -r requirements/base.txt
@ -328,7 +328,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.8/freebsd.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.8/freebsd.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.8/linux-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

24
requirements/static/ci/py3.8/linux.txt
View file

@ -17,11 +17,7 @@ aiosignal==1.3.1
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# aiohttp
ansible-core==2.11.12
# via ansible
ansible==4.10.0 ; python_version < "3.9"
# via -r requirements/static/ci/linux.in
anyio==3.7.0
anyio==4.1.0
# via httpcore
apache-libcloud==3.7.0 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
@ -113,7 +109,6 @@ cryptography==41.0.7
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# -r requirements/base.txt
# ansible-core
# etcd3-py
# moto
# paramiko
@ -157,7 +152,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -165,7 +160,7 @@ h11==0.14.0
# via httpcore
hglib==2.6.2
# via -r requirements/static/ci/linux.in
httpcore==0.17.2
httpcore==0.17.3
# via httpx
httpx==0.24.1
# via python-telegram-bot
@ -215,11 +210,10 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# -r requirements/base.txt
# ansible-core
# junos-eznc
# moto
# napalm
@ -314,7 +308,6 @@ packaging==23.1
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# -r requirements/base.txt
# ansible-core
# docker
# pytest
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
@ -354,7 +347,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# -r requirements/crypto.txt
@ -458,7 +451,6 @@ pyyaml==6.0.1
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# -r requirements/base.txt
# ansible-core
# clustershell
# junos-eznc
# kubernetes
@ -492,9 +484,7 @@ requests==2.31.0
# responses
# twilio
# vcert
resolvelib==0.5.4
# via ansible-core
responses==0.23.1
responses==0.24.1
# via moto
rfc3987==1.3.8
# via -r requirements/static/ci/common.in
@ -584,8 +574,6 @@ ttp==0.9.5
# ttp-templates
twilio==8.2.2
# via -r requirements/static/ci/linux.in
types-pyyaml==6.0.1
# via responses
typing-extensions==4.8.0
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt

2
requirements/static/ci/py3.8/windows-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

8
requirements/static/ci/py3.8/windows.txt
View file

@ -79,7 +79,7 @@ cherrypy==18.8.0
# -r requirements/static/ci/common.in
click==8.1.3
# via geomet
clr-loader==0.2.4
clr-loader==0.2.6
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# pythonnet
@ -136,7 +136,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -184,7 +184,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# -r requirements/base.txt
@ -281,7 +281,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.9/changelog.txt
View file

@ -13,7 +13,7 @@ click==8.1.3
# towncrier
incremental==22.10.0
# via towncrier
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.9/linux.txt
# towncrier

2
requirements/static/ci/py3.9/darwin-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

6
requirements/static/ci/py3.9/darwin.txt
View file

@ -142,7 +142,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -188,7 +188,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.9/darwin.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.9/darwin.txt
# -r requirements/base.txt
@ -320,7 +320,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.9/darwin.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.9/darwin.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.9/docs.txt
View file

@ -62,7 +62,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/py3.9/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/py3.9/linux.txt
# -r requirements/static/ci/docs.in

2
requirements/static/ci/py3.9/freebsd-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

6
requirements/static/ci/py3.9/freebsd.txt
View file

@ -141,7 +141,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -187,7 +187,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# -r requirements/base.txt
@ -324,7 +324,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.9/linux-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

26
requirements/static/ci/py3.9/linux.txt
View file

@ -17,11 +17,7 @@ aiosignal==1.3.1
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# aiohttp
ansible-core==2.15.0
# via ansible
ansible==8.0.0 ; python_version >= "3.9"
# via -r requirements/static/ci/linux.in
anyio==3.7.0
anyio==4.1.0
# via httpcore
apache-libcloud==3.7.0 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
@ -113,7 +109,6 @@ cryptography==41.0.7
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# -r requirements/base.txt
# ansible-core
# etcd3-py
# moto
# paramiko
@ -157,7 +152,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -165,7 +160,7 @@ h11==0.14.0
# via httpcore
hglib==2.6.2
# via -r requirements/static/ci/linux.in
httpcore==0.17.2
httpcore==0.17.3
# via httpx
httpx==0.24.1
# via python-telegram-bot
@ -185,8 +180,6 @@ importlib-metadata==6.6.0
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# -r requirements/base.txt
importlib-resources==5.0.7
# via ansible-core
inflect==6.0.4
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
@ -213,11 +206,10 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# -r requirements/base.txt
# ansible-core
# junos-eznc
# moto
# napalm
@ -312,7 +304,6 @@ packaging==23.1
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# -r requirements/base.txt
# ansible-core
# docker
# pytest
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
@ -352,7 +343,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# -r requirements/crypto.txt
@ -456,7 +447,6 @@ pyyaml==6.0.1
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# -r requirements/base.txt
# ansible-core
# clustershell
# junos-eznc
# kubernetes
@ -490,9 +480,7 @@ requests==2.31.0
# responses
# twilio
# vcert
resolvelib==1.0.1
# via ansible-core
responses==0.23.1
responses==0.24.1
# via moto
rfc3987==1.3.8
# via -r requirements/static/ci/common.in
@ -582,8 +570,6 @@ ttp==0.9.5
# ttp-templates
twilio==8.2.2
# via -r requirements/static/ci/linux.in
types-pyyaml==6.0.1
# via responses
typing-extensions==4.8.0
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt

2
requirements/static/ci/py3.9/tools.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==3.2.0
# via requests
idna==3.4
# via requests
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/static/ci/tools.in
jmespath==1.0.1
# via

2
requirements/static/ci/py3.9/windows-crypto.txt
View file

@ -6,5 +6,5 @@
#
m2crypto==0.38.0
# via -r requirements/static/ci/crypto.in
pycryptodome==3.9.8
pycryptodome==3.19.1
# via -r requirements/static/ci/crypto.in

8
requirements/static/ci/py3.9/windows.txt
View file

@ -79,7 +79,7 @@ cherrypy==18.8.0
# -r requirements/static/ci/common.in
click==8.1.3
# via geomet
clr-loader==0.2.4
clr-loader==0.2.6
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# pythonnet
@ -136,7 +136,7 @@ geomet==0.2.1.post1
# via cassandra-driver
gitdb==4.0.10
# via gitpython
gitpython==3.1.40
gitpython==3.1.41
# via -r requirements/static/ci/common.in
google-auth==2.19.1
# via kubernetes
@ -180,7 +180,7 @@ jaraco.text==3.11.1
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# -r requirements/base.txt
@ -277,7 +277,7 @@ pycparser==2.21
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# -r requirements/crypto.txt

4
requirements/static/pkg/py3.10/darwin.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

4
requirements/static/pkg/py3.10/freebsd.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

4
requirements/static/pkg/py3.10/linux.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

6
requirements/static/pkg/py3.10/windows.txt
View file

@ -26,7 +26,7 @@ cheroot==10.0.0
# via cherrypy
cherrypy==18.8.0
# via -r requirements/base.txt
clr-loader==0.2.4
clr-loader==0.2.6
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
@ -61,7 +61,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -93,7 +93,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

4
requirements/static/pkg/py3.11/darwin.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic

4
requirements/static/pkg/py3.11/freebsd.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic

4
requirements/static/pkg/py3.11/linux.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic

6
requirements/static/pkg/py3.11/windows.txt
View file

@ -26,7 +26,7 @@ cheroot==10.0.0
# via cherrypy
cherrypy==18.8.0
# via -r requirements/base.txt
clr-loader==0.2.4
clr-loader==0.2.6
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
@ -61,7 +61,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -93,7 +93,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.10.1
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic

26
requirements/static/pkg/py3.12/darwin.txt
View file

@ -2,10 +2,16 @@
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile --no-emit-index-url --output-file=requirements/static/pkg/py3.11/darwin.txt requirements/darwin.txt requirements/static/pkg/darwin.in
# pip-compile --no-emit-index-url --output-file=requirements/static/pkg/py3.12/darwin.txt requirements/darwin.txt requirements/static/pkg/darwin.in
#
aiohttp==3.9.1
# via -r requirements/base.txt
aiosignal==1.3.1
# via aiohttp
annotated-types==0.6.0
# via pydantic
attrs==23.2.0
# via aiohttp
autocommand==2.2.2
# via jaraco.text
certifi==2023.07.22
@ -26,8 +32,14 @@ cryptography==41.0.7
# pyopenssl
distro==1.8.0
# via -r requirements/base.txt
frozenlist==1.4.1
# via
# aiohttp
# aiosignal
idna==3.4
# via requests
# via
# requests
# yarl
immutables==0.15
# via contextvars
importlib-metadata==6.6.0
@ -45,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -63,6 +75,10 @@ more-itertools==8.2.0
# jaraco.text
msgpack==1.0.7
# via -r requirements/base.txt
multidict==6.0.4
# via
# aiohttp
# yarl
packaging==23.1
# via -r requirements/base.txt
portend==3.1.0
@ -71,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic
@ -108,6 +124,8 @@ typing-extensions==4.8.0
# pydantic-core
urllib3==1.26.18
# via requests
yarl==1.9.4
# via aiohttp
zc.lockfile==3.0.post1
# via cherrypy
zipp==3.16.2

4
requirements/static/pkg/py3.12/freebsd.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic

4
requirements/static/pkg/py3.12/linux.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic

4
requirements/static/pkg/py3.12/windows.txt
View file

@ -61,7 +61,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -93,7 +93,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.10.1
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic-core==2.14.5
# via pydantic

4
requirements/static/pkg/py3.8/freebsd.txt
View file

@ -59,7 +59,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -89,7 +89,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

4
requirements/static/pkg/py3.8/linux.txt
View file

@ -59,7 +59,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -89,7 +89,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

6
requirements/static/pkg/py3.8/windows.txt
View file

@ -26,7 +26,7 @@ cheroot==10.0.0
# via cherrypy
cherrypy==18.8.0
# via -r requirements/base.txt
clr-loader==0.2.4
clr-loader==0.2.6
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
@ -63,7 +63,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -95,7 +95,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

4
requirements/static/pkg/py3.9/darwin.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

4
requirements/static/pkg/py3.9/freebsd.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

4
requirements/static/pkg/py3.9/linux.txt
View file

@ -57,7 +57,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -87,7 +87,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

6
requirements/static/pkg/py3.9/windows.txt
View file

@ -26,7 +26,7 @@ cheroot==10.0.0
# via cherrypy
cherrypy==18.8.0
# via -r requirements/base.txt
clr-loader==0.2.4
clr-loader==0.2.6
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
@ -61,7 +61,7 @@ jaraco.functools==3.7.0
# tempora
jaraco.text==3.11.1
# via jaraco.collections
jinja2==3.1.2
jinja2==3.1.3
# via -r requirements/base.txt
jmespath==1.0.1
# via -r requirements/base.txt
@ -93,7 +93,7 @@ psutil==5.9.6
# via -r requirements/base.txt
pycparser==2.21
# via cffi
pycryptodomex==3.9.8
pycryptodomex==3.19.1
# via -r requirements/crypto.txt
pydantic==1.10.8
# via inflect

37
salt/utils/aws.py
View file

@ -7,7 +7,7 @@ This is a base library used by a number of AWS services.
:depends: requests
"""
import binascii
import copy
import hashlib
import hmac
@ -15,43 +15,18 @@ import logging
import random
import re
import time
import urllib.parse
import xml.etree.ElementTree as ET
from datetime import datetime
import requests
import salt.config
import salt.utils.hashutils
import salt.utils.xmlutil as xml
try:
import requests
HAS_REQUESTS = True # pylint: disable=W0612
except ImportError:
HAS_REQUESTS = False # pylint: disable=W0612
try:
import binascii
HAS_BINASCII = True # pylint: disable=W0612
except ImportError:
HAS_BINASCII = False # pylint: disable=W0612
try:
import urllib.parse
HAS_URLLIB = True # pylint: disable=W0612
except ImportError:
HAS_URLLIB = False # pylint: disable=W0612
try:
import xml.etree.ElementTree as ET
HAS_ETREE = True # pylint: disable=W0612
except ImportError:
HAS_ETREE = False # pylint: disable=W0612
# pylint: enable=import-error,redefined-builtin,no-name-in-module
log = logging.getLogger(__name__)
DEFAULT_LOCATION = "us-east-1"
DEFAULT_AWS_API_VERSION = "2016-11-15"
AWS_RETRY_CODES = [

171
tests/pytests/unit/crypt/__init__.py Normal file
View file

@ -0,0 +1,171 @@
PRIVKEY_DATA = (
"-----BEGIN RSA PRIVATE KEY-----\n"
"MIIEpAIBAAKCAQEA75GR6ZTv5JOv90Vq8tKhKC7YQnhDIo2hM0HVziTEk5R4UQBW\n"
"a0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD4ZMsYqLzqjWMekLC8bjhxc+EuPo9\n"
"Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R4hOcMMZNZdi0xLtFoTfwU61UPfFX\n"
"14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttLP3sMXJvc3EvM0JiDVj4l1TWFUHHz\n"
"eFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k6ai4tVzwkTmV5PsriP1ju88Lo3MB\n"
"4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWHAQIDAQABAoIBAGOzBzBYZUWRGOgl\n"
"IY8QjTT12dY/ymC05GM6gMobjxuD7FZ5d32HDLu/QrknfS3kKlFPUQGDAbQhbbb0\n"
"zw6VL5NO9mfOPO2W/3FaG1sRgBQcerWonoSSSn8OJwVBHMFLG3a+U1Zh1UvPoiPK\n"
"S734swIM+zFpNYivGPvOm/muF/waFf8tF/47t1cwt/JGXYQnkG/P7z0vp47Irpsb\n"
"Yjw7vPe4BnbY6SppSxscW3KoV7GtJLFKIxAXbxsuJMF/rYe3O3w2VKJ1Sug1VDJl\n"
"/GytwAkSUer84WwP2b07Wn4c5pCnmLslMgXCLkENgi1NnJMhYVOnckxGDZk54hqP\n"
"9RbLnkkCgYEA/yKuWEvgdzYRYkqpzB0l9ka7Y00CV4Dha9Of6GjQi9i4VCJ/UFVr\n"
"UlhTo5y0ZzpcDAPcoZf5CFZsD90a/BpQ3YTtdln2MMCL/Kr3QFmetkmDrt+3wYnX\n"
"sKESfsa2nZdOATRpl1antpwyD4RzsAeOPwBiACj4fkq5iZJBSI0bxrMCgYEA8GFi\n"
"qAjgKh81/Uai6KWTOW2kX02LEMVRrnZLQ9VPPLGid4KZDDk1/dEfxjjkcyOxX1Ux\n"
"Klu4W8ZEdZyzPcJrfk7PdopfGOfrhWzkREK9C40H7ou/1jUecq/STPfSOmxh3Y+D\n"
"ifMNO6z4sQAHx8VaHaxVsJ7SGR/spr0pkZL+NXsCgYEA84rIgBKWB1W+TGRXJzdf\n"
"yHIGaCjXpm2pQMN3LmP3RrcuZWm0vBt94dHcrR5l+u/zc6iwEDTAjJvqdU4rdyEr\n"
"tfkwr7v6TNlQB3WvpWanIPyVzfVSNFX/ZWSsAgZvxYjr9ixw6vzWBXOeOb/Gqu7b\n"
"cvpLkjmJ0wxDhbXtyXKhZA8CgYBZyvcQb+hUs732M4mtQBSD0kohc5TsGdlOQ1AQ\n"
"McFcmbpnzDghkclyW8jzwdLMk9uxEeDAwuxWE/UEvhlSi6qdzxC+Zifp5NBc0fVe\n"
"7lMx2mfJGxj5CnSqQLVdHQHB4zSXkAGB6XHbBd0MOUeuvzDPfs2voVQ4IG3FR0oc\n"
"3/znuwKBgQChZGH3McQcxmLA28aUwOVbWssfXKdDCsiJO+PEXXlL0maO3SbnFn+Q\n"
"Tyf8oHI5cdP7AbwDSx9bUfRPjg9dKKmATBFr2bn216pjGxK0OjYOCntFTVr0psRB\n"
"CrKg52Qrq71/2l4V2NLQZU40Dr1bN9V+Ftd9L0pvpCAEAWpIbLXGDw==\n"
"-----END RSA PRIVATE KEY-----"
)
PUBKEY_DATA = (
"-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75GR6ZTv5JOv90Vq8tKh\n"
"KC7YQnhDIo2hM0HVziTEk5R4UQBWa0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD\n"
"4ZMsYqLzqjWMekLC8bjhxc+EuPo9Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R\n"
"4hOcMMZNZdi0xLtFoTfwU61UPfFX14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttL\n"
"P3sMXJvc3EvM0JiDVj4l1TWFUHHzeFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k\n"
"6ai4tVzwkTmV5PsriP1ju88Lo3MB4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWH\n"
"AQIDAQAB\n"
"-----END PUBLIC KEY-----"
)
MSG = b"It's me, Mario"
SIG = (
b"\x07\xf3\xb1\xe7\xdb\x06\xf4_\xe2\xdc\xcb!F\xfb\xbex{W\x1d\xe4E"
b"\xd3\r\xc5\x90\xca(\x05\x1d\x99\x8b\x1aug\x9f\x95>\x94\x7f\xe3+"
b"\x12\xfa\x9c\xd4\xb8\x02]\x0e\xa5\xa3LL\xc3\xa2\x8f+\x83Z\x1b\x17"
b'\xbfT\xd3\xc7\xfd\x0b\xf4\xd7J\xfe^\x86q"I\xa3x\xbc\xd3$\xe9M<\xe1'
b"\x07\xad\xf2_\x9f\xfa\xf7g(~\xd8\xf5\xe7\xda-\xa3Ko\xfc.\x99\xcf"
b"\x9b\xb9\xc1U\x97\x82'\xcb\xc6\x08\xaa\xa0\xe4\xd0\xc1+\xfc\x86"
b'\r\xe4y\xb1#\xd3\x1dS\x96D28\xc4\xd5\r\xd4\x98\x1a44"\xd7\xc2\xb4'
b"]\xa7\x0f\xa7Db\x85G\x8c\xd6\x94!\x8af1O\xf6g\xd7\x03\xfd\xb3\xbc"
b"\xce\x9f\xe7\x015\xb8\x1d]AHK\xa0\x14m\xda=O\xa7\xde\xf2\xff\x9b"
b"\x8e\x83\xc8j\x11\x1a\x98\x85\xde\xc5\x91\x07\x84!\x12^4\xcb\xa8"
b"\x98\x8a\x8a&#\xb9(#?\x80\x15\x9eW\xb5\x12\xd1\x95S\xf2<G\xeb\xf1"
b"\x14H\xb2\xc4>\xc3A\xed\x86x~\xcfU\xd5Q\xfe~\x10\xd2\x9b"
)
SIGNATURE = (
b"w\xac\xfe18o\xeb\xfb\x14+\x9e\xd1\xb7\x7fe}\xec\xd6\xe1P\x9e\xab"
b"\xb5\x07\xe0\xc1\xfd\xda#\x04Z\x8d\x7f\x0b\x1f}:~\xb2s\x860u\x02N"
b'\xd4q"\xb7\x86*\x8f\x1f\xd0\x9d\x11\x92\xc5~\xa68\xac>\x12H\xc2%y,'
b"\xe6\xceU\x1e\xa3?\x0c,\xf0u\xbb\xd0[g_\xdd\x8b\xb0\x95:Y\x18\xa5*"
b"\x99\xfd\xf3K\x92\x92 ({\xd1\xff\xd9F\xc8\xd6K\x86e\xf9\xa8\xad\xb0z"
b"\xe3\x9dD\xf5k\x8b_<\xe7\xe7\xec\xf3\"'\xd5\xd2M\xb4\xce\x1a\xe3$"
b"\x9c\x81\xad\xf9\x11\xf6\xf5>)\xc7\xdd\x03&\xf7\x86@ks\xa6\x05\xc2"
b"\xd0\xbd\x1a7\xfc\xde\xe6\xb0\xad!\x12#\xc86Y\xea\xc5\xe3\xe2\xb3"
b"\xc9\xaf\xfa\x0c\xf2?\xbf\x93w\x18\x9e\x0b\xa2a\x10:M\x05\x89\xe2W.Q"
b"\xe8;yGT\xb1\xf2\xc6A\xd2\xc4\xbeN\xb3\xcfS\xaf\x03f\xe2\xb4)\xe7\xf6"
b'\xdbs\xd0Z}8\xa4\xd2\x1fW*\xe6\x1c"\x8b\xd0\x18w\xb9\x7f\x9e\x96\xa3'
b"\xd9v\xf7\x833\x8e\x01"
)
TEST_KEY = (
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtFhsvfbFDFaUgulSEX\n"
"Gl12XriL1DT78Ef2/u8HHaSMmPie37BLWas/zaHwI6066bIyYQJ/nUCahTaoHM7L\n"
"GlWc0wOU6zyfpihCRQHil05Y6F+olFBoZuYbFPvtp7/hJx/D7I/0n2o/c7M5i3Y2\n"
"3sBxAYNooIQHXHUmPQW6C9iu95ylZDW8JQzYy/EI4vCC8yQMdTK8jK1FQV0Sbwny\n"
"qcMxSyAWDoFbnhh2P2TnO8HOWuUOaXR8ZHOJzVcDl+a6ew+medW090x3K5O1f80D\n"
"+WjgnG6b2HG7VQpOCfM2GALD/FrxicPilvZ38X1aLhJuwjmVE4LAAv8DVNJXohaO\n"
"WQIDAQAB\n"
"-----END RSA PUBLIC KEY-----\n"
)
PRIV_KEY = """
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAoAsMPt+4kuIG6vKyw9r3+OuZrVBee/2vDdVetW+Js5dTlgrJ
aghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLnyHNJ/HpVhMG0M07MF6FMfILtDrrt8
ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+fu6HYwu96HggmG2pqkOrn3iGfqBvV
YVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpef8vRUrNicRLc7dAcvfhtgt2DXEZ2
d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvTIIPQIjR8htFxGTz02STVXfnhnJ0Z
k8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cYOwIDAQABAoIBABZUJEO7Y91+UnfC
H6XKrZEZkcnH7j6/UIaOD9YhdyVKxhsnax1zh1S9vceNIgv5NltzIsfV6vrb6v2K
Dx/F7Z0O0zR5o+MlO8ZncjoNKskex10gBEWG00Uqz/WPlddiQ/TSMJTv3uCBAzp+
S2Zjdb4wYPUlgzSgb2ygxrhsRahMcSMG9PoX6klxMXFKMD1JxiY8QfAHahPzQXy9
F7COZ0fCVo6BE+MqNuQ8tZeIxu8mOULQCCkLFwXmkz1FpfK/kNRmhIyhxwvCS+z4
JuErW3uXfE64RLERiLp1bSxlDdpvRO2R41HAoNELTsKXJOEt4JANRHm/CeyA5wsh
NpscufUCgYEAxhgPfcMDy2v3nL6KtkgYjdcOyRvsAF50QRbEa8ldO+87IoMDD/Oe
osFERJ5hhyyEO78QnaLVegnykiw5DWEF02RKMhD/4XU+1UYVhY0wJjKQIBadsufB
2dnaKjvwzUhPh5BrBqNHl/FXwNCRDiYqXa79eWCPC9OFbZcUWWq70s8CgYEAztOI
61zRfmXJ7f70GgYbHg+GA7IrsAcsGRITsFR82Ho0lqdFFCxz7oK8QfL6bwMCGKyk
nzk+twh6hhj5UNp18KN8wktlo02zTgzgemHwaLa2cd6xKgmAyuPiTgcgnzt5LVNG
FOjIWkLwSlpkDTl7ZzY2QSy7t+mq5d750fpIrtUCgYBWXZUbcpPL88WgDB7z/Bjg
dlvW6JqLSqMK4b8/cyp4AARbNp12LfQC55o5BIhm48y/M70tzRmfvIiKnEc/gwaE
NJx4mZrGFFURrR2i/Xx5mt/lbZbRsmN89JM+iKWjCpzJ8PgIi9Wh9DIbOZOUhKVB
9RJEAgo70LvCnPTdS0CaVwKBgDJW3BllAvw/rBFIH4OB/vGnF5gosmdqp3oGo1Ik
jipmPAx6895AH4tquIVYrUl9svHsezjhxvjnkGK5C115foEuWXw0u60uiTiy+6Pt
2IS0C93VNMulenpnUrppE7CN2iWFAiaura0CY9fE/lsVpYpucHAWgi32Kok+ZxGL
WEttAoGAN9Ehsz4LeQxEj3x8wVeEMHF6OsznpwYsI2oVh6VxpS4AjgKYqeLVcnNi
TlZFsuQcqgod8OgzA91tdB+Rp86NygmWD5WzeKXpCOg9uA+y/YL+0sgZZHsuvbK6
PllUgXdYxqClk/hdBFB7v9AQoaj7K9Ga22v32msftYDQRJ94xOI=
-----END RSA PRIVATE KEY-----
"""
PUB_KEY = """
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAsMPt+4kuIG6vKyw9r3
+OuZrVBee/2vDdVetW+Js5dTlgrJaghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLny
HNJ/HpVhMG0M07MF6FMfILtDrrt8ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+f
u6HYwu96HggmG2pqkOrn3iGfqBvVYVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpe
f8vRUrNicRLc7dAcvfhtgt2DXEZ2d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvT
IIPQIjR8htFxGTz02STVXfnhnJ0Zk8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cY
OwIDAQAB
-----END PUBLIC KEY-----
"""
PRIV_KEY2 = """
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAp+8cTxguO6Vg+YO92VfHgNld3Zy8aM3JbZvpJcjTnis+YFJ7
Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvTsMBZWvmUoEVUj1Xg8XXQkBvb9Ozy
Gqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc2cKeCVvWFqDi0GRFGzyaXLaX3PPm
M7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbuT1OqDfufXWQl/82JXeiwU2cOpqWq
7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww3oJSwvMbAmgzvOhqqhlqv+K7u0u7
FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQbQIDAQABAoIBAADrqWDQnd5DVZEA
lR+WINiWuHJAy/KaIC7K4kAMBgbxrz2ZbiY9Ok/zBk5fcnxIZDVtXd1sZicmPlro
GuWodIxdPZAnWpZ3UtOXUayZK/vCP1YsH1agmEqXuKsCu6Fc+K8VzReOHxLUkmXn
FYM+tixGahXcjEOi/aNNTWitEB6OemRM1UeLJFzRcfyXiqzHpHCIZwBpTUAsmzcG
QiVDkMTKubwo/m+PVXburX2CGibUydctgbrYIc7EJvyx/cpRiPZXo1PhHQWdu4Y1
SOaC66WLsP/wqvtHo58JQ6EN/gjSsbAgGGVkZ1xMo66nR+pLpR27coS7o03xCks6
DY/0mukCgYEAuLIGgBnqoh7YsOBLd/Bc1UTfDMxJhNseo+hZemtkSXz2Jn51322F
Zw/FVN4ArXgluH+XsOhvG/MFFpojwZSrb0Qq5b1MRdo9qycq8lGqNtlN1WHqosDQ
zW29kpL0tlRrSDpww3wRESsN9rH5XIrJ1b3ZXuO7asR+KBVQMy/+NcUCgYEA6MSC
c+fywltKPgmPl5j0DPoDe5SXE/6JQy7w/vVGrGfWGf/zEJmhzS2R+CcfTTEqaT0T
Yw8+XbFgKAqsxwtE9MUXLTVLI3sSUyE4g7blCYscOqhZ8ItCUKDXWkSpt++rG0Um
1+cEJP/0oCazG6MWqvBC4NpQ1nzh46QpjWqMwokCgYAKDLXJ1p8rvx3vUeUJW6zR
dfPlEGCXuAyMwqHLxXgpf4EtSwhC5gSyPOtx2LqUtcrnpRmt6JfTH4ARYMW9TMef
QEhNQ+WYj213mKP/l235mg1gJPnNbUxvQR9lkFV8bk+AGJ32JRQQqRUTbU+yN2MQ
HEptnVqfTp3GtJIultfwOQKBgG+RyYmu8wBP650izg33BXu21raEeYne5oIqXN+I
R5DZ0JjzwtkBGroTDrVoYyuH1nFNEh7YLqeQHqvyufBKKYo9cid8NQDTu+vWr5UK
tGvHnwdKrJmM1oN5JOAiq0r7+QMAOWchVy449VNSWWV03aeftB685iR5BXkstbIQ
EVopAoGAfcGBTAhmceK/4Q83H/FXBWy0PAa1kZGg/q8+Z0KY76AqyxOVl0/CU/rB
3tO3sKhaMTHPME/MiQjQQGoaK1JgPY6JHYvly2KomrJ8QTugqNGyMzdVJkXAK2AM
GAwC8ivAkHf8CHrHa1W7l8t2IqBjW1aRt7mOW92nfG88Hck0Mbo=
-----END RSA PRIVATE KEY-----
"""
PUB_KEY2 = """
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+8cTxguO6Vg+YO92VfH
gNld3Zy8aM3JbZvpJcjTnis+YFJ7Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvT
sMBZWvmUoEVUj1Xg8XXQkBvb9OzyGqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc
2cKeCVvWFqDi0GRFGzyaXLaX3PPmM7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbu
T1OqDfufXWQl/82JXeiwU2cOpqWq7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww
3oJSwvMbAmgzvOhqqhlqv+K7u0u7FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQ
bQIDAQAB
-----END PUBLIC KEY-----
"""

13
tests/pytests/unit/crypt/conftest.py Normal file
View file

@ -0,0 +1,13 @@
import pytest
import salt.utils.files
from . import TEST_KEY
@pytest.fixture
def key_to_test(tmp_path):
key_path = tmp_path / "cryptodom-3.4.6.pub"
with salt.utils.files.fopen(key_path, "wb") as fd:
fd.write(TEST_KEY.encode())
return key_path

195
tests/pytests/unit/crypt/test_crypt.py Normal file
View file

@ -0,0 +1,195 @@
"""
tests.pytests.unit.test_crypt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unit tests for salt's crypt module
"""
import uuid
import pytest
import salt.crypt
import salt.master
import salt.payload
import salt.utils.files
from tests.support.helpers import dedent
from . import PRIV_KEY, PRIV_KEY2, PUB_KEY, PUB_KEY2
def test_get_rsa_pub_key_bad_key(tmp_path):
"""
get_rsa_pub_key raises InvalidKeyError when encoutering a bad key
"""
key_path = str(tmp_path / "key")
with salt.utils.files.fopen(key_path, "w") as fp:
fp.write("")
with pytest.raises(salt.crypt.InvalidKeyError):
salt.crypt.get_rsa_pub_key(key_path)
def test_cryptical_dumps_no_nonce():
master_crypt = salt.crypt.Crypticle({}, salt.crypt.Crypticle.generate_key_string())
data = {"foo": "bar"}
ret = master_crypt.dumps(data)
# Validate message structure
assert isinstance(ret, bytes)
une = master_crypt.decrypt(ret)
une.startswith(master_crypt.PICKLE_PAD)
assert salt.payload.loads(une[len(master_crypt.PICKLE_PAD) :]) == data
# Validate load back to orig data
assert master_crypt.loads(ret) == data
def test_cryptical_dumps_valid_nonce():
nonce = uuid.uuid4().hex
master_crypt = salt.crypt.Crypticle({}, salt.crypt.Crypticle.generate_key_string())
data = {"foo": "bar"}
ret = master_crypt.dumps(data, nonce=nonce)
assert isinstance(ret, bytes)
une = master_crypt.decrypt(ret)
une.startswith(master_crypt.PICKLE_PAD)
nonce_and_data = une[len(master_crypt.PICKLE_PAD) :]
assert nonce_and_data.startswith(nonce.encode())
assert salt.payload.loads(nonce_and_data[len(nonce) :]) == data
assert master_crypt.loads(ret, nonce=nonce) == data
def test_cryptical_dumps_invalid_nonce():
nonce = uuid.uuid4().hex
master_crypt = salt.crypt.Crypticle({}, salt.crypt.Crypticle.generate_key_string())
data = {"foo": "bar"}
ret = master_crypt.dumps(data, nonce=nonce)
assert isinstance(ret, bytes)
with pytest.raises(salt.crypt.SaltClientError, match="Nonce verification error"):
assert master_crypt.loads(ret, nonce="abcde")
def test_verify_signature(tmp_path):
tmp_path.joinpath("foo.pem").write_text(PRIV_KEY.strip())
tmp_path.joinpath("foo.pub").write_text(PUB_KEY.strip())
tmp_path.joinpath("bar.pem").write_text(PRIV_KEY2.strip())
tmp_path.joinpath("bar.pub").write_text(PUB_KEY2.strip())
msg = b"foo bar"
sig = salt.crypt.sign_message(str(tmp_path.joinpath("foo.pem")), msg)
assert salt.crypt.verify_signature(str(tmp_path.joinpath("foo.pub")), msg, sig)
def test_verify_signature_bad_sig(tmp_path):
tmp_path.joinpath("foo.pem").write_text(PRIV_KEY.strip())
tmp_path.joinpath("foo.pub").write_text(PUB_KEY.strip())
tmp_path.joinpath("bar.pem").write_text(PRIV_KEY2.strip())
tmp_path.joinpath("bar.pub").write_text(PUB_KEY2.strip())
msg = b"foo bar"
sig = salt.crypt.sign_message(str(tmp_path.joinpath("foo.pem")), msg)
assert not salt.crypt.verify_signature(str(tmp_path.joinpath("bar.pub")), msg, sig)
def test_read_or_generate_key_string(tmp_path):
keyfile = tmp_path / ".aes"
assert not keyfile.exists()
first_key = salt.crypt.Crypticle.read_key(keyfile)
assert first_key is None
assert not keyfile.exists()
salt.crypt.Crypticle.write_key(keyfile)
second_key = salt.crypt.Crypticle.read_key(keyfile)
assert second_key is not None
def test_dropfile_contents(tmp_path, master_opts):
salt.crypt.dropfile(str(tmp_path), master_opts["user"], master_id=master_opts["id"])
with salt.utils.files.fopen(str(tmp_path / ".dfn"), "r") as fp:
assert master_opts["id"] == fp.read()
def test_master_keys_without_cluster_id(tmp_path, master_opts):
master_opts["pki_dir"] = str(tmp_path)
assert master_opts["cluster_id"] is None
assert master_opts["cluster_pki_dir"] is None
mkeys = salt.crypt.MasterKeys(master_opts)
expected_master_pub = str(tmp_path / "master.pub")
expected_master_rsa = str(tmp_path / "master.pem")
assert expected_master_pub == mkeys.master_pub_path
assert expected_master_rsa == mkeys.master_rsa_path
assert mkeys.cluster_pub_path is None
assert mkeys.cluster_rsa_path is None
assert mkeys.pub_path == expected_master_pub
assert mkeys.rsa_path == expected_master_rsa
assert mkeys.key == mkeys.master_key
def test_master_keys_with_cluster_id(tmp_path, master_opts):
master_pki_path = tmp_path / "master_pki"
cluster_pki_path = tmp_path / "cluster_pki"
# The paths need to exist
master_pki_path.mkdir()
cluster_pki_path.mkdir()
(cluster_pki_path / "peers").mkdir()
master_opts["pki_dir"] = str(master_pki_path)
master_opts["cluster_id"] = "cluster1"
master_opts["cluster_pki_dir"] = str(cluster_pki_path)
mkeys = salt.crypt.MasterKeys(master_opts)
expected_master_pub = str(master_pki_path / "master.pub")
expected_master_rsa = str(master_pki_path / "master.pem")
expected_cluster_pub = str(cluster_pki_path / "cluster.pub")
expected_cluster_rsa = str(cluster_pki_path / "cluster.pem")
assert expected_master_pub == mkeys.master_pub_path
assert expected_master_rsa == mkeys.master_rsa_path
assert expected_cluster_pub == mkeys.cluster_pub_path
assert expected_cluster_rsa == mkeys.cluster_rsa_path
assert mkeys.pub_path == expected_cluster_pub
assert mkeys.rsa_path == expected_cluster_rsa
assert mkeys.key == mkeys.cluster_key
def test_pwdata_decrypt():
key_string = dedent(
"""-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzhBRyyHa7b63RLE71uKMKgrpulcAJjaIaN68ltXcCvy4w9pi
Kj+4I3Qp6RvUaHOEmymqyjOMjQc6iwpe0scCFqh3nUk5YYaLZ3WAW0htQVlnesgB
ZiBg9PBeTQY/LzqtudL6RCng/AX+fbnCsddlIysRxnUoNVMvz0gAmCY2mnTDjcTt
pyxuk2T0AHSHNCKCalm75L1bWDFF+UzFemf536tBfBUGRWR6jWTij85vvCntxHS/
HdknaTJ50E7XGVzwBJpCyV4Y2VXuW/3KrCNTqXw+jTmEw0vlcshfDg/vb3IxsUSK
5KuHalKq/nUIc+F4QCJOl+A10goGdIfYC1/67QIDAQABAoIBAAOP+qoFWtCTZH22
hq9PWVb8u0+yY1lFxhPyDdaZueUiu1r/coUCdv996Z+TEJgBr0AzdzVpsLtbbaKr
ujnwoNOdc/vvISPTfKN8P4zUcrcXgZd4z7VhR+vUH/0652q8m/ZDdHorMy2IOP8Z
cAk9DQ2PmA4TRm+tkX0G5KO8vWLsK921aRMWdsKJyQ0lYxl7M8JWupFsCJFr/U+8
dAVtwnUiS7RnhBABZ1cfNTHYhXVAh4d+a9y/gZ00a66OGqPxiXfhjjDUZ6fGvWKN
FlhKWEg6YqIx/H4aNXkLI5Rzzhdx/c2ukNm7+X2veRcAW7bcTwk8wxJxciEP5pBi
1el9VE0CgYEA/lbzdE2M4yRBvTfYYC6BqZcn+BqtrAUc2h3fEy+p7lwlet0af1id
gWpYpOJyLc0AUfR616/m2y3PwEH/nMKDSTuU7o/qKNtlHW0nQcnhDCjTUydS3+J/
JM3dhfgVqi03rjqNcgHA2eOEwcu/OBZtiaC0wqKbuRZRtfGffyoO3ssCgYEAz2iw
wqu/NkA+MdQIxz/a3Is7gGwoFu6h7O+XU2uN8Y2++jSBw9AzzWj31YCvyjuJPAE+
gxHm6yOnNoLVn423NtibHejhabzHNIK6UImH99bSTKabsxfF2BX6v982BimU1jwc
bYykzws37oN/poPb5FTpEiAUrsd2bAMn/1S43icCgYEAulHkY0z0aumCpyUkA8HO
BvjOtPiGRcAxFLBRXPLL3+vtIQachLHcIJRRf+jLkDXfiCo7W4pm6iWzTbqLkMEG
AD3/qowPFAM1Hct6uL01efzmYsIp+g0o60NMhvnolRQu+Bm4yM30AyqjdHzYBjSX
5fyuru8EeSCal1j8aOHcpuUCgYEAhGhDH6Pg59NPYSQJjpm3MMA59hwV473n5Yh2
xKyO6zwgRT6r8MPDrkhqnwQONT6Yt5PbwnT1Q/t4zhXsJnWkFwFk1U1MSeJYEa+7
HZsPECs2CfT6xPRSO0ac00y+AmUdPT8WruDwfbSdukh8f2MCR9vlBsswKPvxH7dM
G3aMplUCgYEAmMFgB/6Ox4OsQPPC6g4G+Ezytkc4iVkMEcjiVWzEsYATITjq3weO
/XDGBYJoBhYwWPi9oBufFc/2pNtWy1FKKXPuVyXQATdA0mfEPbtsHjMFQNZbeKnm
0na/SysSDCK3P+9ijlbjqLjMmPEmhJxGWTJ7khnTTkfre7/w9ZxJxi8=
-----END RSA PRIVATE KEY-----"""
)
pwdata = (
b"V\x80+b\xca\x06M\xb6\x12\xc6\xe8\xf2\xb5\xbb\xd8m\xc0\x97\x9a\xeb\xb9q\x19\xc3"
b'\xcdi\xb84\x90\xaf\x12kT\xe2@u\xd6\xe8T\x89\xa3\xc7\xb2Y\xd1N\x00\xa9\xc0"\xbe'
b"\xed\xb1\xc3\xb7^\xbf\xbd\x8b\x13\xd3/L\x1b\xa1`\xe2\xea\x03\x98\x82\xf3uS&|"
b'\xe5\xd8J\xce\xfc\x97\x8d\x0b\x949\xc0\xbd^\xef\xc6\xfd\xce\xbb\x1e\xd0"(m\xe1'
b"\x95\xfb\xc8/\x07\x93\xb8\xda\x8f\x99\xfe\xdc\xd5\xcb\xdb\xb2\xf11M\xdbD\xcf"
b"\x95\x13p\r\xa4\x1c{\xd5\xdb\xc7\xe5\xaf\x95F\x97\xa9\x00p~\xb5\xec\xa4.\xd0"
b"\xa4\xb4\xf4f\xcds,Y/\xa1:WF\xb8\xc7\x07\xaa\x0b<'~\x1b$D9\xd4\x8d\xf0x\xc5"
b"\xee\xa8:\xe6\x00\x10\xc5i\x11\xc7]C8\x05l\x8b\x9b\xc3\x83e\xf7y\xadi:0\xb4R"
b"\x1a(\x04&yL8\x19s\n\x11\x81\xfd?\xfb2\x80Ll\xa1\xdc\xc9\xb6P\xca\x8d'\x11\xc1"
b"\x07\xa5\xa1\x058\xc7\xce\xbeb\x92\xbf\x0bL\xec\xdf\xc3M\x83\xfb$\xec\xd5\xf9"
)
assert "1234", salt.crypt.pwdata_decrypt(key_string, pwdata)

124
tests/pytests/unit/crypt/test_crypt_cryptodome.py Normal file
View file

@ -0,0 +1,124 @@
import logging
import os
import pytest
import salt.crypt
from tests.support.mock import MagicMock, MockCall, mock_open, patch
from . import MSG, PRIVKEY_DATA, PUBKEY_DATA, SIG
RSA = pytest.importorskip("Cryptodome.PublicKey.RSA")
try:
import M2Crypto # pylint: disable=unused-import
HAS_M2 = True
except ImportError:
HAS_M2 = False
log = logging.getLogger(__name__)
pytestmark = [
pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed"),
]
@pytest.mark.slow_test
def test_gen_keys(tmp_path):
key_path = str(tmp_path / "keydir")
open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+")
open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+")
real_is_file = os.path.isfile
def is_file(path):
if path.startswith(str(tmp_path)):
return False
return real_is_file(path)
with patch.multiple(
os,
umask=MagicMock(),
chmod=MagicMock(),
access=MagicMock(return_value=True),
):
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"os.path.isfile", return_value=True
):
result = salt.crypt.gen_keys(key_path, "keyname", 2048)
assert result == os.path.join(key_path, "keyname.pem")
assert open_priv_wb not in m_open.calls
assert open_pub_wb not in m_open.calls
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"os.path.isfile", is_file
):
salt.crypt.gen_keys(key_path, "keyname", 2048)
assert open_priv_wb in m_open.calls
assert open_pub_wb in m_open.calls
@pytest.mark.slow_test
def test_gen_keys_with_passphrase(tmp_path):
key_path = str(tmp_path / "keydir")
open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+")
open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+")
real_is_file = os.path.isfile
def is_file(path):
if path.startswith(str(tmp_path)):
return False
return real_is_file(path)
with patch.multiple(
os,
umask=MagicMock(),
chmod=MagicMock(),
access=MagicMock(return_value=True),
):
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"os.path.isfile", return_value=True
):
result = salt.crypt.gen_keys(
key_path, "keyname", 2048, passphrase="password"
)
assert result == os.path.join(key_path, "keyname.pem")
assert open_priv_wb not in m_open.calls
assert open_pub_wb not in m_open.calls
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"salt.crypt.os.path.isfile", is_file
):
salt.crypt.gen_keys(key_path, "keyname", 2048)
assert open_priv_wb in m_open.calls
assert open_pub_wb in m_open.calls
def test_sign_message():
key = RSA.importKey(PRIVKEY_DATA)
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message("/keydir/keyname.pem", MSG)
def test_sign_message_with_passphrase():
key = RSA.importKey(PRIVKEY_DATA)
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message(
"/keydir/keyname.pem", MSG, passphrase="password"
)
def test_verify_signature():
with patch("salt.utils.files.fopen", mock_open(read_data=PUBKEY_DATA)):
assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG)
def test_bad_key(key_to_test):
"""
Load public key with an invalid header and validate it without m2crypto
"""
key = salt.crypt.get_rsa_pub_key(key_to_test)
assert key.can_encrypt()

208
tests/pytests/unit/crypt/test_crypt_m2crypto.py Normal file
View file

@ -0,0 +1,208 @@
import os
import pytest
import salt.crypt
import salt.utils.stringutils
from tests.support.mock import MagicMock, mock_open, patch
from . import MSG, PRIVKEY_DATA, PUBKEY_DATA, SIG, SIGNATURE
M2Crypto = pytest.importorskip("M2Crypto")
@pytest.mark.slow_test
def test_gen_keys():
with patch("os.umask", MagicMock()), patch("os.chmod", MagicMock()), patch(
"os.access", MagicMock(return_value=True)
):
with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem, patch(
"M2Crypto.RSA.RSA.save_pub_key", MagicMock()
) as save_pub:
with patch("os.path.isfile", return_value=True):
assert (
salt.crypt.gen_keys("/keydir", "keyname", 2048)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_not_called()
save_pub.assert_not_called()
with patch("os.path.isfile", return_value=False):
assert (
salt.crypt.gen_keys("/keydir", "keyname", 2048)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_called_once_with(
f"/keydir{os.sep}keyname.pem", cipher=None
)
save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub")
@pytest.mark.slow_test
def test_gen_keys_with_passphrase():
with patch("os.umask", MagicMock()), patch("os.chmod", MagicMock()), patch(
"os.chown", MagicMock()
), patch("os.access", MagicMock(return_value=True)):
with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem, patch(
"M2Crypto.RSA.RSA.save_pub_key", MagicMock()
) as save_pub:
with patch("os.path.isfile", return_value=True):
assert (
salt.crypt.gen_keys(
"/keydir", "keyname", 2048, passphrase="password"
)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_not_called()
save_pub.assert_not_called()
with patch("os.path.isfile", return_value=False):
assert (
salt.crypt.gen_keys(
"/keydir", "keyname", 2048, passphrase="password"
)
== f"/keydir{os.sep}keyname.pem"
)
callback = save_pem.call_args[1]["callback"]
save_pem.assert_called_once_with(
f"/keydir{os.sep}keyname.pem",
cipher="des_ede3_cbc",
callback=callback,
)
assert callback(None) == b"password"
save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub")
def test_sign_message():
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message("/keydir/keyname.pem", MSG)
def test_sign_message_with_passphrase():
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message(
"/keydir/keyname.pem", MSG, passphrase="password"
)
def test_verify_signature():
with patch(
"salt.utils.files.fopen",
mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)),
):
assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG)
def test_encrypt_decrypt_bin():
priv_key = M2Crypto.RSA.load_key_string(
salt.utils.stringutils.to_bytes(PRIVKEY_DATA)
)
pub_key = M2Crypto.RSA.load_pub_key_bio(
M2Crypto.BIO.MemoryBuffer(salt.utils.stringutils.to_bytes(PUBKEY_DATA))
)
encrypted = salt.crypt.private_encrypt(priv_key, b"salt")
decrypted = salt.crypt.public_decrypt(pub_key, encrypted)
assert b"salt" == decrypted
def test_m2crypto_verify_bytes_47124():
message = salt.utils.stringutils.to_unicode("meh")
with patch(
"salt.utils.files.fopen",
mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)),
):
salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE)
def test_m2_bad_key(key_to_test):
"""
Load public key with an invalid header using m2crypto and validate it
"""
key = salt.crypt.get_rsa_pub_key(key_to_test)
assert key.check_key() == 1
@pytest.mark.slow_test
def test_m2_gen_keys():
with patch("os.umask", MagicMock()), patch("os.chmod", MagicMock()), patch(
"os.access", MagicMock(return_value=True)
):
with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem, patch(
"M2Crypto.RSA.RSA.save_pub_key", MagicMock()
) as save_pub:
with patch("os.path.isfile", return_value=True):
assert (
salt.crypt.gen_keys("/keydir", "keyname", 2048)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_not_called()
save_pub.assert_not_called()
with patch("os.path.isfile", return_value=False):
assert (
salt.crypt.gen_keys("/keydir", "keyname", 2048)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_called_once_with(
f"/keydir{os.sep}keyname.pem", cipher=None
)
save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub")
def test_m2_sign_message_with_passphrase():
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message(
"/keydir/keyname.pem", MSG, passphrase="password"
)
def test_m2_verify_signature():
with patch(
"salt.utils.files.fopen",
mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)),
):
assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG)
def test_m2_encrypt_decrypt_bin():
priv_key = M2Crypto.RSA.load_key_string(
salt.utils.stringutils.to_bytes(PRIVKEY_DATA)
)
pub_key = M2Crypto.RSA.load_pub_key_bio(
M2Crypto.BIO.MemoryBuffer(salt.utils.stringutils.to_bytes(PUBKEY_DATA))
)
encrypted = salt.crypt.private_encrypt(priv_key, b"salt")
decrypted = salt.crypt.public_decrypt(pub_key, encrypted)
assert b"salt" == decrypted
def test_m2crypto_verify_unicode_47124():
message = salt.utils.stringutils.to_bytes("meh")
with patch(
"salt.utils.files.fopen",
mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)),
):
salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE)
def test_m2crypto_sign_bytes_47124():
message = salt.utils.stringutils.to_unicode("meh")
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
signature = salt.crypt.sign_message(
"/keydir/keyname.pem", message, passphrase="password"
)
assert SIGNATURE == signature
def test_m2crypto_sign_unicode_47124():
message = salt.utils.stringutils.to_bytes("meh")
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
signature = salt.crypt.sign_message(
"/keydir/keyname.pem", message, passphrase="password"
)
assert SIGNATURE == signature

633
tests/pytests/unit/test_crypt.py
View file

@ -1,633 +0,0 @@
"""
tests.pytests.unit.test_crypt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unit tests for salt's crypt module
"""
import os
import uuid
import pytest
import salt.crypt
import salt.master
import salt.utils.files
from tests.support.helpers import dedent
from tests.support.mock import MagicMock, MockCall, mock_open, patch
try:
import M2Crypto
HAS_M2 = True
except ImportError:
HAS_M2 = False
try:
from Cryptodome.PublicKey import RSA
HAS_PYCRYPTO_RSA = True
except ImportError:
HAS_PYCRYPTO_RSA = False
if not HAS_PYCRYPTO_RSA:
try:
from Crypto.PublicKey import RSA # nosec
HAS_PYCRYPTO_RSA = True
except ImportError:
HAS_PYCRYPTO_RSA = False
PRIV_KEY = """
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAoAsMPt+4kuIG6vKyw9r3+OuZrVBee/2vDdVetW+Js5dTlgrJ
aghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLnyHNJ/HpVhMG0M07MF6FMfILtDrrt8
ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+fu6HYwu96HggmG2pqkOrn3iGfqBvV
YVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpef8vRUrNicRLc7dAcvfhtgt2DXEZ2
d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvTIIPQIjR8htFxGTz02STVXfnhnJ0Z
k8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cYOwIDAQABAoIBABZUJEO7Y91+UnfC
H6XKrZEZkcnH7j6/UIaOD9YhdyVKxhsnax1zh1S9vceNIgv5NltzIsfV6vrb6v2K
Dx/F7Z0O0zR5o+MlO8ZncjoNKskex10gBEWG00Uqz/WPlddiQ/TSMJTv3uCBAzp+
S2Zjdb4wYPUlgzSgb2ygxrhsRahMcSMG9PoX6klxMXFKMD1JxiY8QfAHahPzQXy9
F7COZ0fCVo6BE+MqNuQ8tZeIxu8mOULQCCkLFwXmkz1FpfK/kNRmhIyhxwvCS+z4
JuErW3uXfE64RLERiLp1bSxlDdpvRO2R41HAoNELTsKXJOEt4JANRHm/CeyA5wsh
NpscufUCgYEAxhgPfcMDy2v3nL6KtkgYjdcOyRvsAF50QRbEa8ldO+87IoMDD/Oe
osFERJ5hhyyEO78QnaLVegnykiw5DWEF02RKMhD/4XU+1UYVhY0wJjKQIBadsufB
2dnaKjvwzUhPh5BrBqNHl/FXwNCRDiYqXa79eWCPC9OFbZcUWWq70s8CgYEAztOI
61zRfmXJ7f70GgYbHg+GA7IrsAcsGRITsFR82Ho0lqdFFCxz7oK8QfL6bwMCGKyk
nzk+twh6hhj5UNp18KN8wktlo02zTgzgemHwaLa2cd6xKgmAyuPiTgcgnzt5LVNG
FOjIWkLwSlpkDTl7ZzY2QSy7t+mq5d750fpIrtUCgYBWXZUbcpPL88WgDB7z/Bjg
dlvW6JqLSqMK4b8/cyp4AARbNp12LfQC55o5BIhm48y/M70tzRmfvIiKnEc/gwaE
NJx4mZrGFFURrR2i/Xx5mt/lbZbRsmN89JM+iKWjCpzJ8PgIi9Wh9DIbOZOUhKVB
9RJEAgo70LvCnPTdS0CaVwKBgDJW3BllAvw/rBFIH4OB/vGnF5gosmdqp3oGo1Ik
jipmPAx6895AH4tquIVYrUl9svHsezjhxvjnkGK5C115foEuWXw0u60uiTiy+6Pt
2IS0C93VNMulenpnUrppE7CN2iWFAiaura0CY9fE/lsVpYpucHAWgi32Kok+ZxGL
WEttAoGAN9Ehsz4LeQxEj3x8wVeEMHF6OsznpwYsI2oVh6VxpS4AjgKYqeLVcnNi
TlZFsuQcqgod8OgzA91tdB+Rp86NygmWD5WzeKXpCOg9uA+y/YL+0sgZZHsuvbK6
PllUgXdYxqClk/hdBFB7v9AQoaj7K9Ga22v32msftYDQRJ94xOI=
-----END RSA PRIVATE KEY-----
"""
PUB_KEY = """
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAsMPt+4kuIG6vKyw9r3
+OuZrVBee/2vDdVetW+Js5dTlgrJaghWWn3doGmKlEjqh7E4UTa+t2Jd6w8RSLny
HNJ/HpVhMG0M07MF6FMfILtDrrt8ZX7eDVt8sx5gCEpYI+XG8Y07Ga9i3Hiczt+f
u6HYwu96HggmG2pqkOrn3iGfqBvVYVFJzSZYe7e4c1PeEs0xYcrA4k+apyGsMtpe
f8vRUrNicRLc7dAcvfhtgt2DXEZ2d72t/CR4ygtUvPXzisaTPW0G7OWAheCloqvT
IIPQIjR8htFxGTz02STVXfnhnJ0Zk8KhqKF2v1SQvIYxsZU7jaDgl5i3zpeh58cY
OwIDAQAB
-----END PUBLIC KEY-----
"""
PRIV_KEY2 = """
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAp+8cTxguO6Vg+YO92VfHgNld3Zy8aM3JbZvpJcjTnis+YFJ7
Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvTsMBZWvmUoEVUj1Xg8XXQkBvb9Ozy
Gqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc2cKeCVvWFqDi0GRFGzyaXLaX3PPm
M7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbuT1OqDfufXWQl/82JXeiwU2cOpqWq
7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww3oJSwvMbAmgzvOhqqhlqv+K7u0u7
FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQbQIDAQABAoIBAADrqWDQnd5DVZEA
lR+WINiWuHJAy/KaIC7K4kAMBgbxrz2ZbiY9Ok/zBk5fcnxIZDVtXd1sZicmPlro
GuWodIxdPZAnWpZ3UtOXUayZK/vCP1YsH1agmEqXuKsCu6Fc+K8VzReOHxLUkmXn
FYM+tixGahXcjEOi/aNNTWitEB6OemRM1UeLJFzRcfyXiqzHpHCIZwBpTUAsmzcG
QiVDkMTKubwo/m+PVXburX2CGibUydctgbrYIc7EJvyx/cpRiPZXo1PhHQWdu4Y1
SOaC66WLsP/wqvtHo58JQ6EN/gjSsbAgGGVkZ1xMo66nR+pLpR27coS7o03xCks6
DY/0mukCgYEAuLIGgBnqoh7YsOBLd/Bc1UTfDMxJhNseo+hZemtkSXz2Jn51322F
Zw/FVN4ArXgluH+XsOhvG/MFFpojwZSrb0Qq5b1MRdo9qycq8lGqNtlN1WHqosDQ
zW29kpL0tlRrSDpww3wRESsN9rH5XIrJ1b3ZXuO7asR+KBVQMy/+NcUCgYEA6MSC
c+fywltKPgmPl5j0DPoDe5SXE/6JQy7w/vVGrGfWGf/zEJmhzS2R+CcfTTEqaT0T
Yw8+XbFgKAqsxwtE9MUXLTVLI3sSUyE4g7blCYscOqhZ8ItCUKDXWkSpt++rG0Um
1+cEJP/0oCazG6MWqvBC4NpQ1nzh46QpjWqMwokCgYAKDLXJ1p8rvx3vUeUJW6zR
dfPlEGCXuAyMwqHLxXgpf4EtSwhC5gSyPOtx2LqUtcrnpRmt6JfTH4ARYMW9TMef
QEhNQ+WYj213mKP/l235mg1gJPnNbUxvQR9lkFV8bk+AGJ32JRQQqRUTbU+yN2MQ
HEptnVqfTp3GtJIultfwOQKBgG+RyYmu8wBP650izg33BXu21raEeYne5oIqXN+I
R5DZ0JjzwtkBGroTDrVoYyuH1nFNEh7YLqeQHqvyufBKKYo9cid8NQDTu+vWr5UK
tGvHnwdKrJmM1oN5JOAiq0r7+QMAOWchVy449VNSWWV03aeftB685iR5BXkstbIQ
EVopAoGAfcGBTAhmceK/4Q83H/FXBWy0PAa1kZGg/q8+Z0KY76AqyxOVl0/CU/rB
3tO3sKhaMTHPME/MiQjQQGoaK1JgPY6JHYvly2KomrJ8QTugqNGyMzdVJkXAK2AM
GAwC8ivAkHf8CHrHa1W7l8t2IqBjW1aRt7mOW92nfG88Hck0Mbo=
-----END RSA PRIVATE KEY-----
"""
PUB_KEY2 = """
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+8cTxguO6Vg+YO92VfH
gNld3Zy8aM3JbZvpJcjTnis+YFJ7Zlkcc647yPRRwY9nYBNywahnt5kIeuT1rTvT
sMBZWvmUoEVUj1Xg8XXQkBvb9OzyGqy/G/p8KDDpzMP/U+XCnUeHiXTZrgnqgBIc
2cKeCVvWFqDi0GRFGzyaXLaX3PPmM7DJ0MIPL1qgmcDq6+7Ze0gJ9SrDYFAeLmbu
T1OqDfufXWQl/82JXeiwU2cOpqWq7n5fvPOWim7l1tzQ+dSiMRRm0xa6uNexCJww
3oJSwvMbAmgzvOhqqhlqv+K7u0u7FrFFojESsL36Gq4GBrISnvu2tk7u4GGNTYYQ
bQIDAQAB
-----END PUBLIC KEY-----
"""
PRIVKEY_DATA = (
"-----BEGIN RSA PRIVATE KEY-----\n"
"MIIEpAIBAAKCAQEA75GR6ZTv5JOv90Vq8tKhKC7YQnhDIo2hM0HVziTEk5R4UQBW\n"
"a0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD4ZMsYqLzqjWMekLC8bjhxc+EuPo9\n"
"Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R4hOcMMZNZdi0xLtFoTfwU61UPfFX\n"
"14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttLP3sMXJvc3EvM0JiDVj4l1TWFUHHz\n"
"eFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k6ai4tVzwkTmV5PsriP1ju88Lo3MB\n"
"4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWHAQIDAQABAoIBAGOzBzBYZUWRGOgl\n"
"IY8QjTT12dY/ymC05GM6gMobjxuD7FZ5d32HDLu/QrknfS3kKlFPUQGDAbQhbbb0\n"
"zw6VL5NO9mfOPO2W/3FaG1sRgBQcerWonoSSSn8OJwVBHMFLG3a+U1Zh1UvPoiPK\n"
"S734swIM+zFpNYivGPvOm/muF/waFf8tF/47t1cwt/JGXYQnkG/P7z0vp47Irpsb\n"
"Yjw7vPe4BnbY6SppSxscW3KoV7GtJLFKIxAXbxsuJMF/rYe3O3w2VKJ1Sug1VDJl\n"
"/GytwAkSUer84WwP2b07Wn4c5pCnmLslMgXCLkENgi1NnJMhYVOnckxGDZk54hqP\n"
"9RbLnkkCgYEA/yKuWEvgdzYRYkqpzB0l9ka7Y00CV4Dha9Of6GjQi9i4VCJ/UFVr\n"
"UlhTo5y0ZzpcDAPcoZf5CFZsD90a/BpQ3YTtdln2MMCL/Kr3QFmetkmDrt+3wYnX\n"
"sKESfsa2nZdOATRpl1antpwyD4RzsAeOPwBiACj4fkq5iZJBSI0bxrMCgYEA8GFi\n"
"qAjgKh81/Uai6KWTOW2kX02LEMVRrnZLQ9VPPLGid4KZDDk1/dEfxjjkcyOxX1Ux\n"
"Klu4W8ZEdZyzPcJrfk7PdopfGOfrhWzkREK9C40H7ou/1jUecq/STPfSOmxh3Y+D\n"
"ifMNO6z4sQAHx8VaHaxVsJ7SGR/spr0pkZL+NXsCgYEA84rIgBKWB1W+TGRXJzdf\n"
"yHIGaCjXpm2pQMN3LmP3RrcuZWm0vBt94dHcrR5l+u/zc6iwEDTAjJvqdU4rdyEr\n"
"tfkwr7v6TNlQB3WvpWanIPyVzfVSNFX/ZWSsAgZvxYjr9ixw6vzWBXOeOb/Gqu7b\n"
"cvpLkjmJ0wxDhbXtyXKhZA8CgYBZyvcQb+hUs732M4mtQBSD0kohc5TsGdlOQ1AQ\n"
"McFcmbpnzDghkclyW8jzwdLMk9uxEeDAwuxWE/UEvhlSi6qdzxC+Zifp5NBc0fVe\n"
"7lMx2mfJGxj5CnSqQLVdHQHB4zSXkAGB6XHbBd0MOUeuvzDPfs2voVQ4IG3FR0oc\n"
"3/znuwKBgQChZGH3McQcxmLA28aUwOVbWssfXKdDCsiJO+PEXXlL0maO3SbnFn+Q\n"
"Tyf8oHI5cdP7AbwDSx9bUfRPjg9dKKmATBFr2bn216pjGxK0OjYOCntFTVr0psRB\n"
"CrKg52Qrq71/2l4V2NLQZU40Dr1bN9V+Ftd9L0pvpCAEAWpIbLXGDw==\n"
"-----END RSA PRIVATE KEY-----"
)
PUBKEY_DATA = (
"-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75GR6ZTv5JOv90Vq8tKh\n"
"KC7YQnhDIo2hM0HVziTEk5R4UQBWa0CKytFMbTONY2msEDwX9iA0x7F5Lgj0X8eD\n"
"4ZMsYqLzqjWMekLC8bjhxc+EuPo9Dygu3mJ2VgRC7XhlFpmdo5NN8J2E7B/CNB3R\n"
"4hOcMMZNZdi0xLtFoTfwU61UPfFX14mV2laqLbvDEfQLJhUTDeFFV8EN5Z4H1ttL\n"
"P3sMXJvc3EvM0JiDVj4l1TWFUHHzeFgCA1Im0lv8i7PFrgW7nyMfK9uDSsUmIp7k\n"
"6ai4tVzwkTmV5PsriP1ju88Lo3MB4/sUmDv/JmlZ9YyzTO3Po8Uz3Aeq9HJWyBWH\n"
"AQIDAQAB\n"
"-----END PUBLIC KEY-----"
)
MSG = b"It's me, Mario"
SIG = (
b"\x07\xf3\xb1\xe7\xdb\x06\xf4_\xe2\xdc\xcb!F\xfb\xbex{W\x1d\xe4E"
b"\xd3\r\xc5\x90\xca(\x05\x1d\x99\x8b\x1aug\x9f\x95>\x94\x7f\xe3+"
b"\x12\xfa\x9c\xd4\xb8\x02]\x0e\xa5\xa3LL\xc3\xa2\x8f+\x83Z\x1b\x17"
b'\xbfT\xd3\xc7\xfd\x0b\xf4\xd7J\xfe^\x86q"I\xa3x\xbc\xd3$\xe9M<\xe1'
b"\x07\xad\xf2_\x9f\xfa\xf7g(~\xd8\xf5\xe7\xda-\xa3Ko\xfc.\x99\xcf"
b"\x9b\xb9\xc1U\x97\x82'\xcb\xc6\x08\xaa\xa0\xe4\xd0\xc1+\xfc\x86"
b'\r\xe4y\xb1#\xd3\x1dS\x96D28\xc4\xd5\r\xd4\x98\x1a44"\xd7\xc2\xb4'
b"]\xa7\x0f\xa7Db\x85G\x8c\xd6\x94!\x8af1O\xf6g\xd7\x03\xfd\xb3\xbc"
b"\xce\x9f\xe7\x015\xb8\x1d]AHK\xa0\x14m\xda=O\xa7\xde\xf2\xff\x9b"
b"\x8e\x83\xc8j\x11\x1a\x98\x85\xde\xc5\x91\x07\x84!\x12^4\xcb\xa8"
b"\x98\x8a\x8a&#\xb9(#?\x80\x15\x9eW\xb5\x12\xd1\x95S\xf2<G\xeb\xf1"
b"\x14H\xb2\xc4>\xc3A\xed\x86x~\xcfU\xd5Q\xfe~\x10\xd2\x9b"
)
TEST_KEY = (
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtFhsvfbFDFaUgulSEX\n"
"Gl12XriL1DT78Ef2/u8HHaSMmPie37BLWas/zaHwI6066bIyYQJ/nUCahTaoHM7L\n"
"GlWc0wOU6zyfpihCRQHil05Y6F+olFBoZuYbFPvtp7/hJx/D7I/0n2o/c7M5i3Y2\n"
"3sBxAYNooIQHXHUmPQW6C9iu95ylZDW8JQzYy/EI4vCC8yQMdTK8jK1FQV0Sbwny\n"
"qcMxSyAWDoFbnhh2P2TnO8HOWuUOaXR8ZHOJzVcDl+a6ew+medW090x3K5O1f80D\n"
"+WjgnG6b2HG7VQpOCfM2GALD/FrxicPilvZ38X1aLhJuwjmVE4LAAv8DVNJXohaO\n"
"WQIDAQAB\n"
"-----END RSA PUBLIC KEY-----\n"
)
SIGNATURE = (
b"w\xac\xfe18o\xeb\xfb\x14+\x9e\xd1\xb7\x7fe}\xec\xd6\xe1P\x9e\xab"
b"\xb5\x07\xe0\xc1\xfd\xda#\x04Z\x8d\x7f\x0b\x1f}:~\xb2s\x860u\x02N"
b'\xd4q"\xb7\x86*\x8f\x1f\xd0\x9d\x11\x92\xc5~\xa68\xac>\x12H\xc2%y,'
b"\xe6\xceU\x1e\xa3?\x0c,\xf0u\xbb\xd0[g_\xdd\x8b\xb0\x95:Y\x18\xa5*"
b"\x99\xfd\xf3K\x92\x92 ({\xd1\xff\xd9F\xc8\xd6K\x86e\xf9\xa8\xad\xb0z"
b"\xe3\x9dD\xf5k\x8b_<\xe7\xe7\xec\xf3\"'\xd5\xd2M\xb4\xce\x1a\xe3$"
b"\x9c\x81\xad\xf9\x11\xf6\xf5>)\xc7\xdd\x03&\xf7\x86@ks\xa6\x05\xc2"
b"\xd0\xbd\x1a7\xfc\xde\xe6\xb0\xad!\x12#\xc86Y\xea\xc5\xe3\xe2\xb3"
b"\xc9\xaf\xfa\x0c\xf2?\xbf\x93w\x18\x9e\x0b\xa2a\x10:M\x05\x89\xe2W.Q"
b"\xe8;yGT\xb1\xf2\xc6A\xd2\xc4\xbeN\xb3\xcfS\xaf\x03f\xe2\xb4)\xe7\xf6"
b'\xdbs\xd0Z}8\xa4\xd2\x1fW*\xe6\x1c"\x8b\xd0\x18w\xb9\x7f\x9e\x96\xa3'
b"\xd9v\xf7\x833\x8e\x01"
)
def test_get_rsa_pub_key_bad_key(tmp_path):
"""
get_rsa_pub_key raises InvalidKeyError when encoutering a bad key
"""
key_path = str(tmp_path / "key")
with salt.utils.files.fopen(key_path, "w") as fp:
fp.write("")
with pytest.raises(salt.crypt.InvalidKeyError):
salt.crypt.get_rsa_pub_key(key_path)
def test_cryptical_dumps_no_nonce():
master_crypt = salt.crypt.Crypticle({}, salt.crypt.Crypticle.generate_key_string())
data = {"foo": "bar"}
ret = master_crypt.dumps(data)
# Validate message structure
assert isinstance(ret, bytes)
une = master_crypt.decrypt(ret)
une.startswith(master_crypt.PICKLE_PAD)
assert salt.payload.loads(une[len(master_crypt.PICKLE_PAD) :]) == data
# Validate load back to orig data
assert master_crypt.loads(ret) == data
def test_cryptical_dumps_valid_nonce():
nonce = uuid.uuid4().hex
master_crypt = salt.crypt.Crypticle({}, salt.crypt.Crypticle.generate_key_string())
data = {"foo": "bar"}
ret = master_crypt.dumps(data, nonce=nonce)
assert isinstance(ret, bytes)
une = master_crypt.decrypt(ret)
une.startswith(master_crypt.PICKLE_PAD)
nonce_and_data = une[len(master_crypt.PICKLE_PAD) :]
assert nonce_and_data.startswith(nonce.encode())
assert salt.payload.loads(nonce_and_data[len(nonce) :]) == data
assert master_crypt.loads(ret, nonce=nonce) == data
def test_cryptical_dumps_invalid_nonce():
nonce = uuid.uuid4().hex
master_crypt = salt.crypt.Crypticle({}, salt.crypt.Crypticle.generate_key_string())
data = {"foo": "bar"}
ret = master_crypt.dumps(data, nonce=nonce)
assert isinstance(ret, bytes)
with pytest.raises(salt.crypt.SaltClientError, match="Nonce verification error"):
assert master_crypt.loads(ret, nonce="abcde")
def test_verify_signature(tmp_path):
tmp_path.joinpath("foo.pem").write_text(PRIV_KEY.strip())
tmp_path.joinpath("foo.pub").write_text(PUB_KEY.strip())
tmp_path.joinpath("bar.pem").write_text(PRIV_KEY2.strip())
tmp_path.joinpath("bar.pub").write_text(PUB_KEY2.strip())
msg = b"foo bar"
sig = salt.crypt.sign_message(str(tmp_path.joinpath("foo.pem")), msg)
assert salt.crypt.verify_signature(str(tmp_path.joinpath("foo.pub")), msg, sig)
def test_verify_signature_bad_sig(tmp_path):
tmp_path.joinpath("foo.pem").write_text(PRIV_KEY.strip())
tmp_path.joinpath("foo.pub").write_text(PUB_KEY.strip())
tmp_path.joinpath("bar.pem").write_text(PRIV_KEY2.strip())
tmp_path.joinpath("bar.pub").write_text(PUB_KEY2.strip())
msg = b"foo bar"
sig = salt.crypt.sign_message(str(tmp_path.joinpath("foo.pem")), msg)
assert not salt.crypt.verify_signature(str(tmp_path.joinpath("bar.pub")), msg, sig)
def test_read_or_generate_key_string(tmp_path):
keyfile = tmp_path / ".aes"
assert not keyfile.exists()
first_key = salt.crypt.Crypticle.read_key(keyfile)
assert first_key is None
assert not keyfile.exists()
salt.crypt.Crypticle.write_key(keyfile)
second_key = salt.crypt.Crypticle.read_key(keyfile)
assert second_key is not None
def test_dropfile_contents(tmp_path, master_opts):
salt.crypt.dropfile(str(tmp_path), master_opts["user"], master_id=master_opts["id"])
with salt.utils.files.fopen(str(tmp_path / ".dfn"), "r") as fp:
assert master_opts["id"] == fp.read()
def test_master_keys_without_cluster_id(tmp_path, master_opts):
master_opts["pki_dir"] = str(tmp_path)
assert master_opts["cluster_id"] is None
assert master_opts["cluster_pki_dir"] is None
mkeys = salt.crypt.MasterKeys(master_opts)
expected_master_pub = str(tmp_path / "master.pub")
expected_master_rsa = str(tmp_path / "master.pem")
assert expected_master_pub == mkeys.master_pub_path
assert expected_master_rsa == mkeys.master_rsa_path
assert mkeys.cluster_pub_path is None
assert mkeys.cluster_rsa_path is None
assert mkeys.pub_path == expected_master_pub
assert mkeys.rsa_path == expected_master_rsa
assert mkeys.key == mkeys.master_key
def test_master_keys_with_cluster_id(tmp_path, master_opts):
master_pki_path = tmp_path / "master_pki"
cluster_pki_path = tmp_path / "cluster_pki"
# The paths need to exist
master_pki_path.mkdir()
cluster_pki_path.mkdir()
(cluster_pki_path / "peers").mkdir()
master_opts["pki_dir"] = str(master_pki_path)
master_opts["cluster_id"] = "cluster1"
master_opts["cluster_pki_dir"] = str(cluster_pki_path)
mkeys = salt.crypt.MasterKeys(master_opts)
expected_master_pub = str(master_pki_path / "master.pub")
expected_master_rsa = str(master_pki_path / "master.pem")
expected_cluster_pub = str(cluster_pki_path / "cluster.pub")
expected_cluster_rsa = str(cluster_pki_path / "cluster.pem")
assert expected_master_pub == mkeys.master_pub_path
assert expected_master_rsa == mkeys.master_rsa_path
assert expected_cluster_pub == mkeys.cluster_pub_path
assert expected_cluster_rsa == mkeys.cluster_rsa_path
assert mkeys.pub_path == expected_cluster_pub
assert mkeys.rsa_path == expected_cluster_rsa
assert mkeys.key == mkeys.cluster_key
@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available")
@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed")
def test_pycrypto_gen_keys():
open_priv_wb = MockCall(f"/keydir{os.sep}keyname.pem", "wb+")
open_pub_wb = MockCall(f"/keydir{os.sep}keyname.pub", "wb+")
with patch.multiple(
os,
umask=MagicMock(),
chmod=MagicMock(),
access=MagicMock(return_value=True),
):
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"os.path.isfile", return_value=True
):
result = salt.crypt.gen_keys("/keydir", "keyname", 2048)
assert result == f"/keydir{os.sep}keyname.pem", result
assert open_priv_wb not in m_open.calls
assert open_pub_wb not in m_open.calls
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"os.path.isfile", return_value=False
):
salt.crypt.gen_keys("/keydir", "keyname", 2048)
assert open_priv_wb in m_open.calls
assert open_pub_wb in m_open.calls
@patch("os.umask", MagicMock())
@patch("os.chmod", MagicMock())
@patch("os.chown", MagicMock(), create=True)
@patch("os.access", MagicMock(return_value=True))
@pytest.mark.slow_test
@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available")
@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed")
def test_pycrypto_gen_keys_with_passphrase():
key_path = os.path.join(os.sep, "keydir")
open_priv_wb = MockCall(os.path.join(key_path, "keyname.pem"), "wb+")
open_pub_wb = MockCall(os.path.join(key_path, "keyname.pub"), "wb+")
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"os.path.isfile", return_value=True
):
assert salt.crypt.gen_keys(
key_path, "keyname", 2048, passphrase="password"
) == os.path.join(key_path, "keyname.pem")
result = salt.crypt.gen_keys(key_path, "keyname", 2048, passphrase="password")
assert result == os.path.join(key_path, "keyname.pem"), result
assert open_priv_wb not in m_open.calls
assert open_pub_wb not in m_open.calls
with patch("salt.utils.files.fopen", mock_open()) as m_open, patch(
"os.path.isfile", return_value=False
):
salt.crypt.gen_keys(key_path, "keyname", 2048)
assert open_priv_wb in m_open.calls
assert open_pub_wb in m_open.calls
@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available")
@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed")
def test_pycrypto_sign_message():
key = RSA.importKey(PRIVKEY_DATA)
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message("/keydir/keyname.pem", MSG)
@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available")
@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed")
def test_pycrypto_sign_message_with_passphrase():
key = RSA.importKey(PRIVKEY_DATA)
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message(
"/keydir/keyname.pem", MSG, passphrase="password"
)
@pytest.mark.skipif(not HAS_PYCRYPTO_RSA, reason="pycrypto >= 2.6 is not available")
@pytest.mark.skipif(HAS_M2, reason="m2crypto is used by salt.crypt if installed")
def test_pycrypto_verify_signature():
with patch("salt.utils.files.fopen", mock_open(read_data=PUBKEY_DATA)):
assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG)
@patch("os.umask", MagicMock())
@patch("os.chmod", MagicMock())
@patch("os.access", MagicMock(return_value=True))
@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available")
@pytest.mark.slow_test
def test_m2_gen_keys():
with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem:
with patch("M2Crypto.RSA.RSA.save_pub_key", MagicMock()) as save_pub:
with patch("os.path.isfile", return_value=True):
assert (
salt.crypt.gen_keys("/keydir", "keyname", 2048)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_not_called()
save_pub.assert_not_called()
with patch("os.path.isfile", return_value=False):
assert (
salt.crypt.gen_keys("/keydir", "keyname", 2048)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_called_once_with(
f"/keydir{os.sep}keyname.pem", cipher=None
)
save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub")
@patch("os.umask", MagicMock())
@patch("os.chmod", MagicMock())
@patch("os.chown", MagicMock())
@patch("os.access", MagicMock(return_value=True))
@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available")
@pytest.mark.slow_test
def test_gen_keys_with_passphrase():
with patch("M2Crypto.RSA.RSA.save_pem", MagicMock()) as save_pem:
with patch("M2Crypto.RSA.RSA.save_pub_key", MagicMock()) as save_pub:
with patch("os.path.isfile", return_value=True):
assert (
salt.crypt.gen_keys(
"/keydir", "keyname", 2048, passphrase="password"
)
== f"/keydir{os.sep}keyname.pem"
)
save_pem.assert_not_called()
save_pub.assert_not_called()
with patch("os.path.isfile", return_value=False):
assert (
salt.crypt.gen_keys(
"/keydir", "keyname", 2048, passphrase="password"
)
== f"/keydir{os.sep}keyname.pem"
)
callback = save_pem.call_args[1]["callback"]
save_pem.assert_called_once_with(
f"/keydir{os.sep}keyname.pem",
cipher="des_ede3_cbc",
callback=callback,
)
assert callback(None) == b"password"
save_pub.assert_called_once_with(f"/keydir{os.sep}keyname.pub")
@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available")
def test_m2_sign_message_with_passphrase():
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
assert SIG == salt.crypt.sign_message(
"/keydir/keyname.pem", MSG, passphrase="password"
)
@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available")
def test_m2_verify_signature():
with patch(
"salt.utils.files.fopen",
mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)),
):
assert salt.crypt.verify_signature("/keydir/keyname.pub", MSG, SIG)
@pytest.mark.skipif(not HAS_M2, reason="m2crypto is not available")
def test_m2_encrypt_decrypt_bin():
priv_key = M2Crypto.RSA.load_key_string(
salt.utils.stringutils.to_bytes(PRIVKEY_DATA)
)
pub_key = M2Crypto.RSA.load_pub_key_bio(
M2Crypto.BIO.MemoryBuffer(salt.utils.stringutils.to_bytes(PUBKEY_DATA))
)
encrypted = salt.crypt.private_encrypt(priv_key, b"salt")
decrypted = salt.crypt.public_decrypt(pub_key, encrypted)
assert b"salt" == decrypted
@pytest.fixture
def key_to_test(tmp_path):
key_path = tmp_path / "cryptodom-3.4.6.pub"
with salt.utils.files.fopen(key_path, "wb") as fd:
fd.write(TEST_KEY.encode())
return key_path
@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed")
def test_m2_bad_key(key_to_test):
"""
Load public key with an invalid header using m2crypto and validate it
"""
key = salt.crypt.get_rsa_pub_key(key_to_test)
assert key.check_key() == 1
@pytest.mark.skipif(HAS_M2, reason="Skip when m2crypto is installed")
def test_pycrypto_bad_key(key_to_test):
"""
Load public key with an invalid header and validate it without m2crypto
"""
key = salt.crypt.get_rsa_pub_key(key_to_test)
assert key.can_encrypt()
@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed")
def test_m2crypto_verify_bytes_47124():
message = salt.utils.stringutils.to_unicode("meh")
with patch(
"salt.utils.files.fopen",
mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)),
):
salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE)
@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed")
def test_m2crypto_verify_unicode_47124():
message = salt.utils.stringutils.to_bytes("meh")
with patch(
"salt.utils.files.fopen",
mock_open(read_data=salt.utils.stringutils.to_bytes(PUBKEY_DATA)),
):
salt.crypt.verify_signature("/keydir/keyname.pub", message, SIGNATURE)
@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed")
def test_m2crypto_sign_bytes_47124():
message = salt.utils.stringutils.to_unicode("meh")
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
signature = salt.crypt.sign_message(
"/keydir/keyname.pem", message, passphrase="password"
)
assert SIGNATURE == signature
@pytest.mark.skipif(not HAS_M2, reason="Skip when m2crypto is not installed")
def test_m2crypto_sign_unicode_47124():
message = salt.utils.stringutils.to_bytes("meh")
key = M2Crypto.RSA.load_key_string(salt.utils.stringutils.to_bytes(PRIVKEY_DATA))
with patch("salt.crypt.get_rsa_key", return_value=key):
signature = salt.crypt.sign_message(
"/keydir/keyname.pem", message, passphrase="password"
)
assert SIGNATURE == signature
def test_pwdata_decrypt():
key_string = dedent(
"""-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzhBRyyHa7b63RLE71uKMKgrpulcAJjaIaN68ltXcCvy4w9pi
Kj+4I3Qp6RvUaHOEmymqyjOMjQc6iwpe0scCFqh3nUk5YYaLZ3WAW0htQVlnesgB
ZiBg9PBeTQY/LzqtudL6RCng/AX+fbnCsddlIysRxnUoNVMvz0gAmCY2mnTDjcTt
pyxuk2T0AHSHNCKCalm75L1bWDFF+UzFemf536tBfBUGRWR6jWTij85vvCntxHS/
HdknaTJ50E7XGVzwBJpCyV4Y2VXuW/3KrCNTqXw+jTmEw0vlcshfDg/vb3IxsUSK
5KuHalKq/nUIc+F4QCJOl+A10goGdIfYC1/67QIDAQABAoIBAAOP+qoFWtCTZH22
hq9PWVb8u0+yY1lFxhPyDdaZueUiu1r/coUCdv996Z+TEJgBr0AzdzVpsLtbbaKr
ujnwoNOdc/vvISPTfKN8P4zUcrcXgZd4z7VhR+vUH/0652q8m/ZDdHorMy2IOP8Z
cAk9DQ2PmA4TRm+tkX0G5KO8vWLsK921aRMWdsKJyQ0lYxl7M8JWupFsCJFr/U+8
dAVtwnUiS7RnhBABZ1cfNTHYhXVAh4d+a9y/gZ00a66OGqPxiXfhjjDUZ6fGvWKN
FlhKWEg6YqIx/H4aNXkLI5Rzzhdx/c2ukNm7+X2veRcAW7bcTwk8wxJxciEP5pBi
1el9VE0CgYEA/lbzdE2M4yRBvTfYYC6BqZcn+BqtrAUc2h3fEy+p7lwlet0af1id
gWpYpOJyLc0AUfR616/m2y3PwEH/nMKDSTuU7o/qKNtlHW0nQcnhDCjTUydS3+J/
JM3dhfgVqi03rjqNcgHA2eOEwcu/OBZtiaC0wqKbuRZRtfGffyoO3ssCgYEAz2iw
wqu/NkA+MdQIxz/a3Is7gGwoFu6h7O+XU2uN8Y2++jSBw9AzzWj31YCvyjuJPAE+
gxHm6yOnNoLVn423NtibHejhabzHNIK6UImH99bSTKabsxfF2BX6v982BimU1jwc
bYykzws37oN/poPb5FTpEiAUrsd2bAMn/1S43icCgYEAulHkY0z0aumCpyUkA8HO
BvjOtPiGRcAxFLBRXPLL3+vtIQachLHcIJRRf+jLkDXfiCo7W4pm6iWzTbqLkMEG
AD3/qowPFAM1Hct6uL01efzmYsIp+g0o60NMhvnolRQu+Bm4yM30AyqjdHzYBjSX
5fyuru8EeSCal1j8aOHcpuUCgYEAhGhDH6Pg59NPYSQJjpm3MMA59hwV473n5Yh2
xKyO6zwgRT6r8MPDrkhqnwQONT6Yt5PbwnT1Q/t4zhXsJnWkFwFk1U1MSeJYEa+7
HZsPECs2CfT6xPRSO0ac00y+AmUdPT8WruDwfbSdukh8f2MCR9vlBsswKPvxH7dM
G3aMplUCgYEAmMFgB/6Ox4OsQPPC6g4G+Ezytkc4iVkMEcjiVWzEsYATITjq3weO
/XDGBYJoBhYwWPi9oBufFc/2pNtWy1FKKXPuVyXQATdA0mfEPbtsHjMFQNZbeKnm
0na/SysSDCK3P+9ijlbjqLjMmPEmhJxGWTJ7khnTTkfre7/w9ZxJxi8=
-----END RSA PRIVATE KEY-----"""
)
pwdata = (
b"V\x80+b\xca\x06M\xb6\x12\xc6\xe8\xf2\xb5\xbb\xd8m\xc0\x97\x9a\xeb\xb9q\x19\xc3"
b'\xcdi\xb84\x90\xaf\x12kT\xe2@u\xd6\xe8T\x89\xa3\xc7\xb2Y\xd1N\x00\xa9\xc0"\xbe'
b"\xed\xb1\xc3\xb7^\xbf\xbd\x8b\x13\xd3/L\x1b\xa1`\xe2\xea\x03\x98\x82\xf3uS&|"
b'\xe5\xd8J\xce\xfc\x97\x8d\x0b\x949\xc0\xbd^\xef\xc6\xfd\xce\xbb\x1e\xd0"(m\xe1'
b"\x95\xfb\xc8/\x07\x93\xb8\xda\x8f\x99\xfe\xdc\xd5\xcb\xdb\xb2\xf11M\xdbD\xcf"
b"\x95\x13p\r\xa4\x1c{\xd5\xdb\xc7\xe5\xaf\x95F\x97\xa9\x00p~\xb5\xec\xa4.\xd0"
b"\xa4\xb4\xf4f\xcds,Y/\xa1:WF\xb8\xc7\x07\xaa\x0b<'~\x1b$D9\xd4\x8d\xf0x\xc5"
b"\xee\xa8:\xe6\x00\x10\xc5i\x11\xc7]C8\x05l\x8b\x9b\xc3\x83e\xf7y\xadi:0\xb4R"
b"\x1a(\x04&yL8\x19s\n\x11\x81\xfd?\xfb2\x80Ll\xa1\xdc\xc9\xb6P\xca\x8d'\x11\xc1"
b"\x07\xa5\xa1\x058\xc7\xce\xbeb\x92\xbf\x0bL\xec\xdf\xc3M\x83\xfb$\xec\xd5\xf9"
)
assert "1234", salt.crypt.pwdata_decrypt(key_string, pwdata)

22
tests/pytests/unit/utils/test_aws.py
View file

@ -4,16 +4,36 @@
Test the salt aws functions
"""
import io
import os
import time
from datetime import datetime, timedelta
import pytest
import requests
import salt.utils.aws as aws
from tests.support.helpers import patched_environ
from tests.support.mock import MagicMock, patch
pytestmark = [
# Skip testing on windows since it does not support signals
# which is what the timeout marker is using.
pytest.mark.skip_on_windows,
pytest.mark.timeout(60, method="signal"),
]
@pytest.fixture(autouse=True)
def _cleanup():
# Make sure this cache is clear before each test
aws.__AssumeCache__.clear()
# Remove any AWS_ prefixed environment variables
with patched_environ(
__cleanup__=[k for k in os.environ if k.startswith("AWS_")],
):
yield
def test_get_metadata_imdsv1():
response = requests.Response()