Freeze global trust dicts, disallow keyring tests on Win

The test sessions are just timing out on the first keyring test. This
might have to do with two separate GPG instances being requested
simultaneously, but I'm not able to debug this.

salt/modules/gpg.py

@@ -21,6 +21,7 @@ import time
 
 import salt.utils.data
 import salt.utils.files
+import salt.utils.immutabletypes as immutabletypes
 import salt.utils.path
 import salt.utils.stringutils
 import salt.utils.versions
@@ -31,51 +32,61 @@ log = logging.getLogger(__name__)
 # Define the module's virtual name
 __virtualname__ = "gpg"
 
-LETTER_TRUST_DICT = {
-    "e": "Expired",
-    "q": "Unknown",
-    "n": "Not Trusted",
-    "f": "Fully Trusted",
-    "m": "Marginally Trusted",
-    "u": "Ultimately Trusted",
-    "r": "Revoked",
-    "-": "Unknown",
-}
+LETTER_TRUST_DICT = immutabletypes.freeze(
+    {
+        "e": "Expired",
+        "q": "Unknown",
+        "n": "Not Trusted",
+        "f": "Fully Trusted",
+        "m": "Marginally Trusted",
+        "u": "Ultimately Trusted",
+        "r": "Revoked",
+        "-": "Unknown",
+    }
+)
 
-NUM_TRUST_DICT = {
-    "expired": "1",
-    "unknown": "2",
-    "not_trusted": "3",
-    "marginally": "4",
-    "fully": "5",
-    "ultimately": "6",
-}
+NUM_TRUST_DICT = immutabletypes.freeze(
+    {
+        "expired": "1",
+        "unknown": "2",
+        "not_trusted": "3",
+        "marginally": "4",
+        "fully": "5",
+        "ultimately": "6",
+    }
+)
 
-INV_NUM_TRUST_DICT = {
-    "1": "Expired",
-    "2": "Unknown",
-    "3": "Not Trusted",
-    "4": "Marginally",
-    "5": "Fully Trusted",
-    "6": "Ultimately Trusted",
-}
+INV_NUM_TRUST_DICT = immutabletypes.freeze(
+    {
+        "1": "Expired",
+        "2": "Unknown",
+        "3": "Not Trusted",
+        "4": "Marginally",
+        "5": "Fully Trusted",
+        "6": "Ultimately Trusted",
+    }
+)
 
-VERIFY_TRUST_LEVELS = {
-    "0": "Undefined",
-    "1": "Never",
-    "2": "Marginal",
-    "3": "Fully",
-    "4": "Ultimate",
-}
+VERIFY_TRUST_LEVELS = immutabletypes.freeze(
+    {
+        "0": "Undefined",
+        "1": "Never",
+        "2": "Marginal",
+        "3": "Fully",
+        "4": "Ultimate",
+    }
+)
 
-TRUST_KEYS_TRUST_LEVELS = {
-    "expired": "TRUST_EXPIRED",
-    "unknown": "TRUST_UNDEFINED",
-    "never": "TRUST_NEVER",
-    "marginally": "TRUST_MARGINAL",
-    "fully": "TRUST_FULLY",
-    "ultimately": "TRUST_ULTIMATE",
-}
+TRUST_KEYS_TRUST_LEVELS = immutabletypes.freeze(
+    {
+        "expired": "TRUST_EXPIRED",
+        "unknown": "TRUST_UNDEFINED",
+        "never": "TRUST_NEVER",
+        "marginally": "TRUST_MARGINAL",
+        "fully": "TRUST_FULLY",
+        "ultimately": "TRUST_ULTIMATE",
+    }
+)
 
 _DEFAULT_KEY_SERVER = "keys.openpgp.org"
 
@@ -233,7 +244,7 @@ def _search_keys(text, keyserver, user=None, gnupghome=None):
 
 def search_keys(text, keyserver=None, user=None, gnupghome=None):
     """
-    Search keys on a keyserver
+    Search for keys on a keyserver
 
     text
         Text to search the keyserver for, e.g. email address, keyID or fingerprint.

salt/states/gpg.py

@@ -9,18 +9,21 @@ Manage GPG keychains
 import logging
 
 import salt.utils.dictupdate
+import salt.utils.immutabletypes as immutabletypes
 from salt.exceptions import SaltInvocationError
 
 log = logging.getLogger(__name__)
 
-TRUST_MAP = {
-    "expired": "Expired",
-    "unknown": "Unknown",
-    "not_trusted": "Not Trusted",
-    "marginally": "Marginally",
-    "fully": "Fully Trusted",
-    "ultimately": "Ultimately Trusted",
-}
+TRUST_MAP = immutabletypes.freeze(
+    {
+        "expired": "Expired",
+        "unknown": "Unknown",
+        "not_trusted": "Not Trusted",
+        "marginally": "Marginally",
+        "fully": "Fully Trusted",
+        "ultimately": "Ultimately Trusted",
+    }
+)
 
 
 def present(

tests/pytests/functional/states/test_gpg.py

@@ -9,7 +9,6 @@ gnupglib = pytest.importorskip("gnupg", reason="Needs python-gnupg library")
 
 pytestmark = [
     pytest.mark.skip_if_binaries_missing("gpg", reason="Needs gpg binary"),
-    pytest.mark.windows_whitelisted,
 ]
 
 
@@ -118,6 +117,7 @@ def keyring(gpghome, tmp_path, request):
     # cleanup is taken care of by gpghome and tmp_path
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_present_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)
@@ -131,6 +131,10 @@ def test_gpg_present_no_changes(gpghome, gpg, gnupg, key_a_fp):
 def test_gpg_present_keyring_no_changes(
     gpghome, gpg, gnupg, gnupg_keyring, keyring, key_a_fp
 ):
+    """
+    The keyring tests are not whitelisted on Windows since they are just
+    timing out, possibly because of the two separate GPG instances?
+    """
     assert not gnupg.list_keys(keys=key_a_fp)
     assert gnupg_keyring.list_keys(keys=key_a_fp)
     ret = gpg.present(
@@ -144,6 +148,7 @@ def test_gpg_present_keyring_no_changes(
     assert not ret.changes
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_present_trust_change(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)
@@ -181,6 +186,7 @@ def test_gpg_present_keyring_trust_change(
     assert key_info[0]["trust"] == "u"
 
 
+@pytest.mark.windows_whitelisted
 def test_gpg_absent_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert not gnupg.list_keys(keys=key_a_fp)
     ret = gpg.absent(key_a_fp[-16:], gnupghome=str(gpghome))
@@ -188,6 +194,7 @@ def test_gpg_absent_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert not ret.changes
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_absent(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)
@@ -226,6 +233,7 @@ def test_gpg_absent_from_keyring_delete_keyring(
     assert not Path(keyring).exists()
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_absent_test_mode_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)