Merge branch '2017.7' into 2017.7

2025-04-17 10:10:20 +00:00 · 2018-01-10 11:11:29 -07:00 · 2018-01-10 11:11:29 -07:00 · 3633ceeaa7
commit 3633ceeaa7
parent 29806e4496 541e59fa75
9 changed files with 92 additions and 24 deletions
--- a/doc/ref/configuration/master.rst
+++ b/doc/ref/configuration/master.rst
@ -956,6 +956,38 @@ The TCP port for ``mworkers`` to connect to on the master.

    tcp_master_workers: 4515

+.. conf_master:: auth_events
+
+``auth_events``
+--------------------
+
+.. versionadded:: 2017.7.3
+
+Default: ``True``
+
+Determines whether the master will fire authentication events.
+:ref:`Authentication events <event-master_auth>` are fired when
+a minion performs an authentication check with the master.
+
+.. code-block:: yaml
+
+    auth_events: True
+
+.. conf_master:: minion_data_cache_events
+
+``minion_data_cache_events``
+--------------------
+
+.. versionadded:: 2017.7.3
+
+Default: ``True``
+
+Determines whether the master will fire minion data cache events.  Minion data
+cache events are fired when a minion requests a minion data cache refresh.
+
+.. code-block:: yaml
+
+    minion_data_cache_events: True

 .. _salt-ssh-configuration:

--- a/doc/topics/event/master_events.rst
+++ b/doc/topics/event/master_events.rst
@ -7,6 +7,8 @@ Salt Master Events
 These events are fired on the Salt Master event bus. This list is **not**
 comprehensive.

+.. _event-master_auth:
+
 Authentication events
 =====================

--- a/salt/config/init.py
+++ b/salt/config/init.py
@ -1084,6 +1084,12 @@ VALID_OPTS = {

    # Scheduler should be a dictionary
    'schedule': dict,
+
+    # Whether to fire auth events
+    'auth_events': bool,
+
+    # Whether to fire Minion data cache refresh events
+    'minion_data_cache_events': bool,
 }

 # default configurations
@ -1650,6 +1656,8 @@ DEFAULT_MASTER_OPTS = {
    'require_minion_sign_messages': False,
    'drop_messages_signature_fail': False,
    'schedule': {},
+    'auth_events': True,
+    'minion_data_cache_events': True,
 }


--- a/salt/crypt.py
+++ b/salt/crypt.py
@ -551,8 +551,9 @@ class AsyncAuth(object):
            self._crypticle = Crypticle(self.opts, creds['aes'])
            self._authenticate_future.set_result(True)  # mark the sign-in as complete
            # Notify the bus about creds change
-            event = salt.utils.event.get_event(self.opts.get('__role'), opts=self.opts, listen=False)
-            event.fire_event({'key': key, 'creds': creds}, salt.utils.event.tagify(prefix='auth', suffix='creds'))
+            if self.opts.get('auth_events') is True:
+                event = salt.utils.event.get_event(self.opts.get('__role'), opts=self.opts, listen=False)
+                event.fire_event({'key': key, 'creds': creds}, salt.utils.event.tagify(prefix='auth', suffix='creds'))

    @tornado.gen.coroutine
    def sign_in(self, timeout=60, safe=True, tries=1, channel=None):
--- a/salt/daemons/masterapi.py
+++ b/salt/daemons/masterapi.py
@ -741,7 +741,8 @@ class RemoteFuncs(object):
            self.cache.store('minions/{0}'.format(load['id']),
                             'data',
                             {'grains': load['grains'], 'pillar': data})
-            self.event.fire_event('Minion data cache refresh', tagify(load['id'], 'refresh', 'minion'))
+            if self.opts.get('minion_data_cache_events') is True:
+                self.event.fire_event('Minion data cache refresh', tagify(load['id'], 'refresh', 'minion'))
        return data

    def _minion_event(self, load):
--- a/salt/master.py
+++ b/salt/master.py
@ -1355,7 +1355,8 @@ class AESFuncs(object):
                                       'data',
                                       {'grains': load['grains'],
                                        'pillar': data})
-            self.event.fire_event({'Minion data cache refresh': load['id']}, tagify(load['id'], 'refresh', 'minion'))
+            if self.opts.get('minion_data_cache_events') is True:
+                self.event.fire_event({'Minion data cache refresh': load['id']}, tagify(load['id'], 'refresh', 'minion'))
        return data

    def _minion_event(self, load):
--- a/salt/modules/debbuild.py
+++ b/salt/modules/debbuild.py
@ -359,7 +359,7 @@ def make_src_pkg(dest_dir, spec, sources, env=None, template=None, saltenv='base
    __salt__['cmd.run'](cmd, cwd=abspath_debname)
    cmd = 'rm -f {0}'.format(os.path.basename(spec_pathfile))
    __salt__['cmd.run'](cmd, cwd=abspath_debname)
-    cmd = 'debuild -S -uc -us'
+    cmd = 'debuild -S -uc -us -sa'
    __salt__['cmd.run'](cmd, cwd=abspath_debname, python_shell=True)

    cmd = 'rm -fR {0}'.format(abspath_debname)
--- a/salt/transport/mixins/auth.py
+++ b/salt/transport/mixins/auth.py
@ -201,7 +201,8 @@ class AESReqServerMixin(object):
                             'id': load['id'],
                             'pub': load['pub']}

-                    self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                    if self.opts.get('auth_events') is True:
+                        self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                    return {'enc': 'clear',
                            'load': {'ret': 'full'}}

@ -232,7 +233,8 @@ class AESReqServerMixin(object):
            eload = {'result': False,
                     'id': load['id'],
                     'pub': load['pub']}
-            self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+            if self.opts.get('auth_events') is True:
+                self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
            return {'enc': 'clear',
                    'load': {'ret': False}}

@ -252,7 +254,8 @@ class AESReqServerMixin(object):
                             'id': load['id'],
                             'act': 'denied',
                             'pub': load['pub']}
-                    self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                    if self.opts.get('auth_events') is True:
+                        self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                    return {'enc': 'clear',
                            'load': {'ret': False}}

@ -266,7 +269,8 @@ class AESReqServerMixin(object):
                eload = {'result': False,
                         'id': load['id'],
                         'pub': load['pub']}
-                self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                if self.opts.get('auth_events') is True:
+                    self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                return {'enc': 'clear',
                        'load': {'ret': False}}

@ -297,7 +301,8 @@ class AESReqServerMixin(object):
                         'act': key_act,
                         'id': load['id'],
                         'pub': load['pub']}
-                self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                if self.opts.get('auth_events') is True:
+                    self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                return ret

        elif os.path.isfile(pubfn_pend):
@ -318,7 +323,8 @@ class AESReqServerMixin(object):
                         'act': 'reject',
                         'id': load['id'],
                         'pub': load['pub']}
-                self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                if self.opts.get('auth_events') is True:
+                    self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                return ret

            elif not auto_sign:
@ -341,7 +347,8 @@ class AESReqServerMixin(object):
                                 'id': load['id'],
                                 'act': 'denied',
                                 'pub': load['pub']}
-                        self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                        if self.opts.get('auth_events') is True:
+                            self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                        return {'enc': 'clear',
                                'load': {'ret': False}}
                    else:
@ -354,7 +361,8 @@ class AESReqServerMixin(object):
                                 'act': 'pend',
                                 'id': load['id'],
                                 'pub': load['pub']}
-                        self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                        if self.opts.get('auth_events') is True:
+                            self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                        return {'enc': 'clear',
                                'load': {'ret': True}}
            else:
@ -376,7 +384,8 @@ class AESReqServerMixin(object):
                        eload = {'result': False,
                                 'id': load['id'],
                                 'pub': load['pub']}
-                        self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+                        if self.opts.get('auth_events') is True:
+                            self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
                        return {'enc': 'clear',
                                'load': {'ret': False}}
                    else:
@ -388,7 +397,8 @@ class AESReqServerMixin(object):
            eload = {'result': False,
                     'id': load['id'],
                     'pub': load['pub']}
-            self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+            if self.opts.get('auth_events') is True:
+                self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
            return {'enc': 'clear',
                    'load': {'ret': False}}

@ -478,5 +488,6 @@ class AESReqServerMixin(object):
                 'act': 'accept',
                 'id': load['id'],
                 'pub': load['pub']}
-        self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
+        if self.opts.get('auth_events') is True:
+            self.event.fire_event(eload, salt.utils.event.tagify(prefix='auth'))
        return ret
--- a/tests/integration/states/test_service.py
+++ b/tests/integration/states/test_service.py
@ -4,6 +4,7 @@ Tests for the service state
 '''
 # Import python libs
 from __future__ import absolute_import
+import re

 # Import Salt Testing libs
 from tests.support.case import ModuleCase
@ -25,11 +26,17 @@ class ServiceTest(ModuleCase, SaltReturnAssertsMixin):
        self.service_name = 'cron'
        cmd_name = 'crontab'
        os_family = self.run_function('grains.get', ['os_family'])
+        self.stopped = False
+        self.running = True
        if os_family == 'RedHat':
            self.service_name = 'crond'
        elif os_family == 'Arch':
            self.service_name = 'systemd-journald'
            cmd_name = 'systemctl'
+        elif os_family == 'MacOS':
+            self.service_name = 'org.ntp.ntpd'
+            self.stopped = ''
+            self.running = '[0-9]'

        if salt.utils.which(cmd_name) is None:
            self.skipTest('{0} is not installed'.format(cmd_name))
@ -40,8 +47,13 @@ class ServiceTest(ModuleCase, SaltReturnAssertsMixin):
        '''
        check_status = self.run_function('service.status',
                                         name=self.service_name)
-        if check_status is not exp_return:
-            self.fail('status of service is not returning correctly')
+
+        try:
+            if not re.match(exp_return, check_status):
+                self.fail('status of service is not returning correctly')
+        except TypeError:
+            if check_status is not exp_return:
+                self.fail('status of service is not returning correctly')

    def test_service_running(self):
        '''
@ -49,12 +61,12 @@ class ServiceTest(ModuleCase, SaltReturnAssertsMixin):
        '''
        stop_service = self.run_function('service.stop', self.service_name)
        self.assertTrue(stop_service)
-        self.check_service_status(False)
+        self.check_service_status(self.stopped)

        start_service = self.run_state('service.running',
                                       name=self.service_name)
        self.assertTrue(start_service)
-        self.check_service_status(True)
+        self.check_service_status(self.running)

    def test_service_dead(self):
        '''
@ -63,11 +75,11 @@ class ServiceTest(ModuleCase, SaltReturnAssertsMixin):
        start_service = self.run_state('service.running',
                                       name=self.service_name)
        self.assertSaltTrueReturn(start_service)
-        self.check_service_status(True)
+        self.check_service_status(self.running)

        ret = self.run_state('service.dead', name=self.service_name)
        self.assertSaltTrueReturn(ret)
-        self.check_service_status(False)
+        self.check_service_status(self.stopped)

    def test_service_dead_init_delay(self):
        '''
@ -76,9 +88,9 @@ class ServiceTest(ModuleCase, SaltReturnAssertsMixin):
        start_service = self.run_state('service.running',
                                       name=self.service_name)
        self.assertSaltTrueReturn(start_service)
-        self.check_service_status(True)
+        self.check_service_status(self.running)

        ret = self.run_state('service.dead', name=self.service_name,
                             init_delay=INIT_DELAY)
        self.assertSaltTrueReturn(ret)
-        self.check_service_status(False)
+        self.check_service_status(self.stopped)