From 1356628f35882c087fdadb6b486dec02b711e61c Mon Sep 17 00:00:00 2001
From: jeanluc <lkubb@protonmail.com>
Date: Thu, 16 Nov 2023 11:19:28 +0100
Subject: [PATCH] Freeze global trust dicts, disallow keyring tests on Win

The test sessions are just timing out on the first keyring test. This
might have to do with two separate GPG instances being requested
simultaneously, but I'm not able to debug this.
---
 salt/modules/gpg.py                         | 95 ++++++++++++---------
 salt/states/gpg.py                          | 19 +++--
 tests/pytests/functional/states/test_gpg.py | 10 ++-
 3 files changed, 73 insertions(+), 51 deletions(-)

diff --git a/salt/modules/gpg.py b/salt/modules/gpg.py
index e6e0af31d85..8981cd55e6c 100644
--- a/salt/modules/gpg.py
+++ b/salt/modules/gpg.py
@@ -21,6 +21,7 @@ import time
 
 import salt.utils.data
 import salt.utils.files
+import salt.utils.immutabletypes as immutabletypes
 import salt.utils.path
 import salt.utils.stringutils
 import salt.utils.versions
@@ -31,51 +32,61 @@ log = logging.getLogger(__name__)
 # Define the module's virtual name
 __virtualname__ = "gpg"
 
-LETTER_TRUST_DICT = {
-    "e": "Expired",
-    "q": "Unknown",
-    "n": "Not Trusted",
-    "f": "Fully Trusted",
-    "m": "Marginally Trusted",
-    "u": "Ultimately Trusted",
-    "r": "Revoked",
-    "-": "Unknown",
-}
+LETTER_TRUST_DICT = immutabletypes.freeze(
+    {
+        "e": "Expired",
+        "q": "Unknown",
+        "n": "Not Trusted",
+        "f": "Fully Trusted",
+        "m": "Marginally Trusted",
+        "u": "Ultimately Trusted",
+        "r": "Revoked",
+        "-": "Unknown",
+    }
+)
 
-NUM_TRUST_DICT = {
-    "expired": "1",
-    "unknown": "2",
-    "not_trusted": "3",
-    "marginally": "4",
-    "fully": "5",
-    "ultimately": "6",
-}
+NUM_TRUST_DICT = immutabletypes.freeze(
+    {
+        "expired": "1",
+        "unknown": "2",
+        "not_trusted": "3",
+        "marginally": "4",
+        "fully": "5",
+        "ultimately": "6",
+    }
+)
 
-INV_NUM_TRUST_DICT = {
-    "1": "Expired",
-    "2": "Unknown",
-    "3": "Not Trusted",
-    "4": "Marginally",
-    "5": "Fully Trusted",
-    "6": "Ultimately Trusted",
-}
+INV_NUM_TRUST_DICT = immutabletypes.freeze(
+    {
+        "1": "Expired",
+        "2": "Unknown",
+        "3": "Not Trusted",
+        "4": "Marginally",
+        "5": "Fully Trusted",
+        "6": "Ultimately Trusted",
+    }
+)
 
-VERIFY_TRUST_LEVELS = {
-    "0": "Undefined",
-    "1": "Never",
-    "2": "Marginal",
-    "3": "Fully",
-    "4": "Ultimate",
-}
+VERIFY_TRUST_LEVELS = immutabletypes.freeze(
+    {
+        "0": "Undefined",
+        "1": "Never",
+        "2": "Marginal",
+        "3": "Fully",
+        "4": "Ultimate",
+    }
+)
 
-TRUST_KEYS_TRUST_LEVELS = {
-    "expired": "TRUST_EXPIRED",
-    "unknown": "TRUST_UNDEFINED",
-    "never": "TRUST_NEVER",
-    "marginally": "TRUST_MARGINAL",
-    "fully": "TRUST_FULLY",
-    "ultimately": "TRUST_ULTIMATE",
-}
+TRUST_KEYS_TRUST_LEVELS = immutabletypes.freeze(
+    {
+        "expired": "TRUST_EXPIRED",
+        "unknown": "TRUST_UNDEFINED",
+        "never": "TRUST_NEVER",
+        "marginally": "TRUST_MARGINAL",
+        "fully": "TRUST_FULLY",
+        "ultimately": "TRUST_ULTIMATE",
+    }
+)
 
 _DEFAULT_KEY_SERVER = "keys.openpgp.org"
 
@@ -233,7 +244,7 @@ def _search_keys(text, keyserver, user=None, gnupghome=None):
 
 def search_keys(text, keyserver=None, user=None, gnupghome=None):
     """
-    Search keys on a keyserver
+    Search for keys on a keyserver
 
     text
         Text to search the keyserver for, e.g. email address, keyID or fingerprint.
diff --git a/salt/states/gpg.py b/salt/states/gpg.py
index 866cb60fc73..055c327a2d8 100644
--- a/salt/states/gpg.py
+++ b/salt/states/gpg.py
@@ -9,18 +9,21 @@ Manage GPG keychains
 import logging
 
 import salt.utils.dictupdate
+import salt.utils.immutabletypes as immutabletypes
 from salt.exceptions import SaltInvocationError
 
 log = logging.getLogger(__name__)
 
-TRUST_MAP = {
-    "expired": "Expired",
-    "unknown": "Unknown",
-    "not_trusted": "Not Trusted",
-    "marginally": "Marginally",
-    "fully": "Fully Trusted",
-    "ultimately": "Ultimately Trusted",
-}
+TRUST_MAP = immutabletypes.freeze(
+    {
+        "expired": "Expired",
+        "unknown": "Unknown",
+        "not_trusted": "Not Trusted",
+        "marginally": "Marginally",
+        "fully": "Fully Trusted",
+        "ultimately": "Ultimately Trusted",
+    }
+)
 
 
 def present(
diff --git a/tests/pytests/functional/states/test_gpg.py b/tests/pytests/functional/states/test_gpg.py
index f35243ffcb0..71efabd97af 100644
--- a/tests/pytests/functional/states/test_gpg.py
+++ b/tests/pytests/functional/states/test_gpg.py
@@ -9,7 +9,6 @@ gnupglib = pytest.importorskip("gnupg", reason="Needs python-gnupg library")
 
 pytestmark = [
     pytest.mark.skip_if_binaries_missing("gpg", reason="Needs gpg binary"),
-    pytest.mark.windows_whitelisted,
 ]
 
 
@@ -118,6 +117,7 @@ def keyring(gpghome, tmp_path, request):
     # cleanup is taken care of by gpghome and tmp_path
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_present_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)
@@ -131,6 +131,10 @@ def test_gpg_present_no_changes(gpghome, gpg, gnupg, key_a_fp):
 def test_gpg_present_keyring_no_changes(
     gpghome, gpg, gnupg, gnupg_keyring, keyring, key_a_fp
 ):
+    """
+    The keyring tests are not whitelisted on Windows since they are just
+    timing out, possibly because of the two separate GPG instances?
+    """
     assert not gnupg.list_keys(keys=key_a_fp)
     assert gnupg_keyring.list_keys(keys=key_a_fp)
     ret = gpg.present(
@@ -144,6 +148,7 @@ def test_gpg_present_keyring_no_changes(
     assert not ret.changes
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_present_trust_change(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)
@@ -181,6 +186,7 @@ def test_gpg_present_keyring_trust_change(
     assert key_info[0]["trust"] == "u"
 
 
+@pytest.mark.windows_whitelisted
 def test_gpg_absent_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert not gnupg.list_keys(keys=key_a_fp)
     ret = gpg.absent(key_a_fp[-16:], gnupghome=str(gpghome))
@@ -188,6 +194,7 @@ def test_gpg_absent_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert not ret.changes
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_absent(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)
@@ -226,6 +233,7 @@ def test_gpg_absent_from_keyring_delete_keyring(
     assert not Path(keyring).exists()
 
 
+@pytest.mark.windows_whitelisted
 @pytest.mark.usefixtures("_pubkeys_present")
 def test_gpg_absent_test_mode_no_changes(gpghome, gpg, gnupg, key_a_fp):
     assert gnupg.list_keys(keys=key_a_fp)