Merge branch '3007.x' of github.com:saltstack/salt into hotfix/merge-forward-into-3007.x

2025-04-17 02:00:20 +00:00 · 2024-03-06 12:37:56 +00:00 · 2024-03-06 12:37:56 +00:00 · 54f4150727
commit 54f4150727
parent b7630f3b08 d286feabff
3 changed files with 16 additions and 4 deletions
--- a/salt/channel/server.py
+++ b/salt/channel/server.py
@ -56,6 +56,16 @@ class ReqServerChannel:
        transport = salt.transport.request_server(opts, **kwargs)
        return cls(opts, transport)

+    @classmethod
+    def compare_keys(cls, key1, key2):
+        """
+        Normalize and compare two keys
+
+        Returns:
+            bool: ``True`` if the keys match, otherwise ``False``
+        """
+        return salt.crypt.clean_key(key1) == salt.crypt.clean_key(key2)
+
    def __init__(self, opts, transport):
        self.opts = opts
        self.transport = transport
@ -381,7 +391,7 @@ class ReqServerChannel:
        elif os.path.isfile(pubfn):
            # The key has been accepted, check it
            with salt.utils.files.fopen(pubfn, "r") as pubfn_handle:
-                if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]:
+                if not self.compare_keys(pubfn_handle.read(), load["pub"]):
                    log.error(
                        "Authentication attempt from %s failed, the public "
                        "keys did not match. This may be an attempt to compromise "
@ -490,7 +500,7 @@ class ReqServerChannel:
                # case. Otherwise log the fact that the minion is still
                # pending.
                with salt.utils.files.fopen(pubfn_pend, "r") as pubfn_handle:
-                    if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]:
+                    if not self.compare_keys(pubfn_handle.read(), load["pub"]):
                        log.error(
                            "Authentication attempt from %s failed, the public "
                            "key in pending did not match. This may be an "
@ -546,7 +556,7 @@ class ReqServerChannel:
                # so, pass on doing anything here, and let it get automatically
                # accepted below.
                with salt.utils.files.fopen(pubfn_pend, "r") as pubfn_handle:
-                    if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]:
+                    if not self.compare_keys(pubfn_handle.read(), load["pub"]):
                        log.error(
                            "Authentication attempt from %s failed, the public "
                            "keys in pending did not match. This may be an "
--- a/tests/pytests/functional/modules/state/requisites/test_unless.py
+++ b/tests/pytests/functional/modules/state/requisites/test_unless.py
@ -6,6 +6,7 @@ pytestmark = [
 ]


+@pytest.mark.timeout(120)
 def test_unless_req(state):
    ret = state.single(fun="test.succeed_with_changes", name="unless test", unless=[{}])
    assert ret.result is True
@ -35,6 +36,7 @@ def test_unless_req(state):
    assert ret.comment == "Success!"


+@pytest.mark.timeout(120)
 def test_unless_req_retcode(state):
    ret = state.single(
        fun="test.succeed_with_changes",
--- a/tests/pytests/integration/modules/grains/test_append.py
+++ b/tests/pytests/integration/modules/grains/test_append.py
@ -106,7 +106,7 @@ def test_grains_append_val_is_list(salt_call_cli, append_grain):
    assert ret.data == {append_grain.key: [append_grain.value, second_grain]}


-@pytest.mark.timeout_unless_on_windows(240)
+@pytest.mark.timeout_unless_on_windows(300)
 def test_grains_remove_add(
    salt_call_cli, append_grain, wait_for_pillar_refresh_complete
 ):