saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Try to improve wording

Browse source
This commit is contained in:
jeanluc 2023-11-16 03:54:27 +01:00 committed by Daniel Wozniak
parent c8c0633488
commit 10c2b7c0e0
3 changed files with 106 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
salt/modules/file.py
View file

@ -812,10 +812,10 @@ def get_source_sum(
.. versionadded:: 3002
source_hash_sig
When ``source_hash`` is a file, ensure a valid GPG signature exists on
the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a file URI
retrievable by :py:func:`cp.cache_file <salt.modules.cp.cache_file>`
When ``source`` is a remote file source and ``source_hash`` is a file,
ensure a valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a
file URI retrievable by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. versionadded:: 3007.0
@ -4766,11 +4766,12 @@ def get_managed(
.. versionadded:: 3005
source_hash_sig
When ``source_hash`` is a file and ``skip_verify`` is not true and ``use_etag``
is not true, ensure a valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a file URI
retrievable by ``cp.cache_file`` for a detached one. The cached file
will be deleted if the signature verification fails.
When ``source`` is a remote file source, ``source_hash`` is a file,
``skip_verify`` is not true and ``use_etag`` is not true, ensure a
valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a
file URI retrievable by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. versionadded:: 3007.0
@ -6258,24 +6259,39 @@ def manage_file(
signature
Ensure a valid GPG signature exists on the selected ``source`` file.
Set this to true for inline signatures, or to a file URI retrievable by
``cp.cache_file`` for a detached one. The cached file will be deleted
if the signature verification fails.
Set this to true for inline signatures, or to a file URI retrievable
by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. note::
This signature will be enforced regardless of source type and will be
required on the final output, therefore this does not lend itself well
when templates are rendered.
A signature is only enforced directly after caching the file,
before it is moved to its final destination. Existing target files
(with the correct checksum) will neither be checked nor deleted.
It will be enforced regardless of source type and will be
required on the final output, therefore this does not lend itself
well when templates are rendered.
The file will not be modified, meaning inline signatures are not
removed.
.. versionadded:: 3007.0
source_hash_sig
When ``source_hash`` is a file and ``skip_verify`` is not true and ``use_etag``
is not true, ensure a valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a file URI
retrievable by ``cp.cache_file`` for a detached one. The cached file
will be deleted if the signature verification fails.
When ``source`` is a remote file source, ``source_hash`` is a file,
``skip_verify`` is not true and ``use_etag`` is not true, ensure a
valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a
file URI retrievable by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. note::
A signature on the ``source_hash`` file is enforced regardless of
changes since its contents are used to check if an existing file
is in the correct state - but only for remote sources!
As for ``signature``, existing target files will not be modified,
only the cached source_hash and source_hash_sig files will be removed.
.. versionadded:: 3007.0

35
salt/states/archive.py
View file

@ -725,32 +725,49 @@ def extracted(
signature
Ensure a valid GPG signature exists on the selected ``source`` file.
This needs to be a file URI retrievable by ``cp.cache_file`` which
This needs to be a file URI retrievable by
`:py:func:`cp.cache_file <salt.modules.cp.cache_file>` which
identifies a detached signature.
This signature will be enforced regardless of source type.
.. note::
A signature is only enforced directly after caching the file,
before it is extracted to its final destination. Existing files
at the target will never be modified.
It will be enforced regardless of source type.
.. versionadded:: 3007.0
source_hash_sig
When ``source_hash`` is a file and ``skip_verify`` is not true and ``use_etag``
is not true, ensure a valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a file URI
retrievable by ``cp.cache_file`` for a detached one. The cached file
will be deleted if the signature verification fails.
When ``source`` is a remote file source, ``source_hash`` is a file,
``skip_verify`` is not true and ``use_etag`` is not true, ensure a
valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a
file URI retrievable by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. note::
A signature on the ``source_hash`` file is enforced regardless of
changes since its contents are used to check if an existing file
is in the correct state - but only for remote sources!
As for ``signature``, existing target files will not be modified,
only the cached source_hash and source_hash_sig files will be removed.
.. versionadded:: 3007.0
signed_by_any
When verifying signatures either on the managed file or its source hash file,
require at least one valid signature from one of a list of key fingerprints.
This is passed to ``gpg.verify``.
This is passed to :py:func:`gpg.verify <salt.modules.gpg.verify>`.
.. versionadded:: 3007.0
signed_by_all
When verifying signatures either on the managed file or its source hash file,
require a valid signature from each of the key fingerprints in this list.
This is passed to ``gpg.verify``.
This is passed to :py:func:`gpg.verify <salt.modules.gpg.verify>`.
.. versionadded:: 3007.0

67
salt/states/file.py
View file

@ -2920,39 +2920,53 @@ def managed(
signature
Ensure a valid GPG signature exists on the selected ``source`` file.
Set this to true for inline signatures, or to a file URI retrievable by
``cp.cache_file`` for a detached one.
Set this to true for inline signatures, or to a file URI retrievable
by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. note::
This signature will be enforced regardless of source type and will be
required on the final output, therefore this does not lend itself well
when templates are rendered.
A signature is only enforced directly after caching the file,
before it is moved to its final destination. Existing target files
(with the correct checksum) will neither be checked nor deleted.
It will be enforced regardless of source type and will be
required on the final output, therefore this does not lend itself
well when templates are rendered.
The file will not be modified, meaning inline signatures are not
removed.
.. versionadded:: 3007.0
source_hash_sig
When ``source_hash`` is a file and ``skip_verify`` is not true and ``use_etag``
is not true, ensure a valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a file URI
retrievable by ``cp.cache_file`` for a detached one. The cached file
will be deleted if the signature verification fails.
When ``source`` is a remote file source, ``source_hash`` is a file,
``skip_verify`` is not true and ``use_etag`` is not true, ensure a
valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a
file URI retrievable by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. note::
A signature on the ``source_hash`` file is enforced regardless of
changes since its contents are used to check if an existing file
is in the correct state - but only for remote sources!
As for ``signature``, existing target files will not be modified,
only the cached source_hash and source_hash_sig files will be removed.
.. versionadded:: 3007.0
signed_by_any
When verifying signatures either on the managed file or its source hash file,
require at least one valid signature from one of a list of key fingerprints.
This is passed to ``gpg.verify``.
This is passed to :py:func:`gpg.verify <salt.modules.gpg.verify>`.
.. versionadded:: 3007.0
signed_by_all
When verifying signatures either on the managed file or its source hash file,
require a valid signature from each of the key fingerprints in this list.
This is passed to ``gpg.verify``.
This is passed to :py:func:`gpg.verify <salt.modules.gpg.verify>`.
.. versionadded:: 3007.0
@ -9085,25 +9099,32 @@ def cached(
.. versionadded:: 3005
source_hash_sig
When ``source_hash`` is a file and ``skip_verify`` is not true and ``use_etag``
is not true, ensure a valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a file URI
retrievable by ``cp.cache_file`` for a detached one. The cached file
will be deleted if the signature verification fails.
When ``name`` is a remote file source, ``source_hash`` is a file,
``skip_verify`` is not true and ``use_etag`` is not true, ensure a
valid GPG signature exists on the source hash file.
Set this to ``true`` for an inline (clearsigned) signature, or to a
file URI retrievable by `:py:func:`cp.cache_file <salt.modules.cp.cache_file>`
for a detached one.
.. note::
A signature on the ``source_hash`` file is enforced regardless of
changes since its contents are used to check if an existing file
is in the correct state - but only for remote sources!
.. versionadded:: 3007.0
signed_by_any
When verifying signatures either on the managed file or its source hash file,
require at least one valid signature from one of a list of key fingerprints.
This is passed to ``gpg.verify``.
When verifying ``source_hash_sig``, require at least one valid signature
from one of a list of key fingerprints. This is passed to
:py:func:`gpg.verify <salt.modules.gpg.verify>`.
.. versionadded:: 3007.0
signed_by_all
When verifying signatures either on the managed file or its source hash file,
require a valid signature from each of the key fingerprints in this list.
This is passed to ``gpg.verify``.
When verifying ``source_hash_sig``, require a valid signature from each
of the key fingerprints in this list. This is passed to
:py:func:`gpg.verify <salt.modules.gpg.verify>`.
.. versionadded:: 3007.0