Merge branch 'master' into tidy-boto-secgroup-docs

2025-04-17 10:10:20 +00:00 · 2020-03-10 17:01:14 -07:00 · 2020-03-10 17:01:14 -07:00 · 616f11b33e
commit 616f11b33e
parent 412bb4d62d 7c4d879073
38 changed files with 1374 additions and 418 deletions
--- a/.ci/kitchen-windows2019-py3
+++ b/.ci/kitchen-windows2019-py3
@ -10,7 +10,7 @@ runTestSuite(
    nox_env_name: 'runtests-zeromq',
    nox_passthrough_opts: '--unit',
    python_version: 'py3',
-    testrun_timeout: 9,
+    testrun_timeout: 10,
    use_spot_instances: false)

 // vim: ft=groovy
--- a/.codecov.yml
+++ b/.codecov.yml
@ -5,8 +5,14 @@ codecov:

  branch: master

-  notify:
-    require_ci_to_pass: yes      # Less spammy. Only notify on passing builds.
+#  notify:
+#    require_ci_to_pass: yes      # Less spammy. Only notify on passing builds.
+#    after_n_builds: 46           # Only notify after N builds
+#                                 # This value is the output of:
+#                                 #    sh -c 'echo "$(ls .ci/ | grep kitchen | wc -l)"'
+
+# Disable Notifications
+  notify: off

 ignore:
  - ^*.py$                       # python files at the repo root, ie, setup.py
@ -66,14 +72,17 @@ flags:
    paths:
      - tests/

-comment:
-  layout: "reach, diff, flags, files"
+#comment:
+#  layout: "reach, diff, flags, files"
 #  after_n_builds: 46             # Only comment on PRs after N builds
 #                                 # This value is the output of:
 #                                 #    sh -c 'echo "$(ls .ci/ | grep kitchen | wc -l)"'
-
-  behavior: new                  # Comment posting behaviour
-                                 #   default: update, if exists. Otherwise post new.
-                                 #   once: update, if exists. Otherwise post new. Skip if deleted.
-                                 #   new: delete old and post new.
-                                 #   spammy: post new (do not delete old comments).
+#
+#  behavior: new                  # Comment posting behaviour
+#                                 #   default: update, if exists. Otherwise post new.
+#                                 #   once: update, if exists. Otherwise post new. Skip if deleted.
+#                                 #   new: delete old and post new.
+#                                 #   spammy: post new (do not delete old comments).
+#
+# Disable Comments
+comment: off
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,7 +6,19 @@ This changelog follows [keepachangelog](https://keepachangelog.com/en/1.0.0/) fo
 This project versioning is _similar_ to [Semantic Versioning](https://semver.org), and is documented in [SEP 14](https://github.com/saltstack/salt-enhancement-proposals/pull/20/files).
 Versions are `MAJOR.PATCH`.

-## Unreleased (Neon)
+### Unreleased (3000.1)
+
+### Removed
+
+### Deprecated
+
+### Changed
+
+### Fixed
+
+### Added
+
+## 3000 - Neon [2020-02-10]

 ### Removed

--- a/doc/topics/releases/3000.rst
+++ b/doc/topics/releases/3000.rst
@ -592,6 +592,19 @@ Enhancements to chroot
  :py:func:`highstate<salt.modules.chroot.highstate>` that allow executing
  states in sls files or running apply/highstate inside of a chroot.

+Minion-side ACL
+---------------
+
+Salt has had master-side ACL for the salt mine for some time, where the master
+configuration contained `mine_get` that specified which minions could request
+which functions. However, now you can specify which minions can access a function
+in the salt mine function definition itself (or when calling :py:func:`mine.send <salt.modules.mine.send>`).
+This targeting works the same as the generic minion targeting as specified
+:ref:`here <targeting>`. The parameters used are ``allow_tgt`` and ``allow_tgt_type``.
+See also :ref:`the documentation of the Salt Mine <mine_minion-side-acl>`. Please
+note that if you want to use this new feature both your minion and masters will need
+to be on atleast version 3000.
+
 Deprecations
 ============

--- a/doc/topics/releases/sodium.rst
+++ b/doc/topics/releases/sodium.rst
@ -16,14 +16,3 @@ also support the syntax used in :py:mod:`module.run <salt.states.module.run>`.
 The old syntax for the mine_function - as a dict, or as a list with dicts that
 contain more than exactly one key - is still supported but discouraged in favor
 of the more uniform syntax of module.run.
-
-Minion-side ACL
---------------
-
-Salt has had master-side ACL for the salt mine for some time, where the master
-configuration contained `mine_get` that specified which minions could request
-which functions. However, now you can specify which minions can access a function
-in the salt mine function definition itself (or when calling :py:func:`mine.send <salt.modules.mine.send>`).
-This targeting works the same as the generic minion targeting as specified
-:ref:`here <targeting>`. The parameters used are ``allow_tgt`` and ``allow_tgt_type``.
-See also :ref:`the documentation of the Salt Mine <mine_minion-side-acl>`.
--- a/pkg/windows/build_env_2.ps1
+++ b/pkg/windows/build_env_2.ps1
@ -221,31 +221,32 @@ If ($NoPipDependencies -eq $false) {
  Start_Process_and_test_exitcode "cmd" "/c $($ini['Settings']['Python2Dir'])\python.exe -m pip --disable-pip-version-check --no-cache-dir install -r $($script_path)\req.txt" "pip install"
 }

-
 #==============================================================================
 # Cleaning Up PyWin32
 #==============================================================================
-Write-Output " ----------------------------------------------------------------"
-Write-Output " - $script_name :: Cleaning Up PyWin32 . . ."
-Write-Output " ----------------------------------------------------------------"
+If ( Test-Path "$($ini['Settings']['SitePkgs2Dir'])\pywin32_system32" -PathType Container ) {
+    Write-Output " ----------------------------------------------------------------"
+    Write-Output " - $script_name :: Cleaning Up PyWin32 . . ."
+    Write-Output " ----------------------------------------------------------------"

-# Move DLL's to Python Root
-Write-Output " - $script_name :: Moving PyWin32 DLLs . . ."
-# The dlls have to be in Python directory and the site-packages\win32 directory
-Copy-Item "$($ini['Settings']['SitePkgs2Dir'])\pywin32_system32\*.dll" "$($ini['Settings']['Python2Dir'])" -Force
-Move-Item "$($ini['Settings']['SitePkgs2Dir'])\pywin32_system32\*.dll" "$($ini['Settings']['SitePkgs2Dir'])\win32" -Force
+    # Move DLL's to Python Root
+    Write-Output " - $script_name :: Moving PyWin32 DLLs . . ."
+    # The dlls have to be in Python directory and the site-packages\win32 directory
+    Copy-Item "$( $ini['Settings']['SitePkgs2Dir'] )\pywin32_system32\*.dll" "$( $ini['Settings']['Python2Dir'] )" -Force
+    Move-Item "$( $ini['Settings']['SitePkgs2Dir'] )\pywin32_system32\*.dll" "$( $ini['Settings']['SitePkgs2Dir'] )\win32" -Force

-# Create gen_py directory
-Write-Output " - $script_name :: Creating gen_py Directory . . ."
-New-Item -Path "$($ini['Settings']['SitePkgs2Dir'])\win32com\gen_py" -ItemType Directory -Force | Out-Null
+    # Create gen_py directory
+    Write-Output " - $script_name :: Creating gen_py Directory . . ."
+    New-Item -Path "$( $ini['Settings']['SitePkgs2Dir'] )\win32com\gen_py" -ItemType Directory -Force | Out-Null

-# Remove pywin32_system32 directory
-Write-Output " - $script_name :: Removing pywin32_system32 Directory . . ."
-Remove-Item "$($ini['Settings']['SitePkgs2Dir'])\pywin32_system32"
+    # Remove pywin32_system32 directory
+    Write-Output " - $script_name :: Removing pywin32_system32 Directory . . ."
+    Remove-Item "$( $ini['Settings']['SitePkgs2Dir'] )\pywin32_system32"

-# Remove PyWin32 PostInstall and testall Scripts
-Write-Output " - $script_name :: Removing PyWin32 scripts . . ."
-Remove-Item "$($ini['Settings']['Scripts2Dir'])\pywin32_*" -Force -Recurse
+    # Remove PyWin32 PostInstall and testall Scripts
+    Write-Output " - $script_name :: Removing PyWin32 scripts . . ."
+    Remove-Item "$( $ini['Settings']['Scripts2Dir'] )\pywin32_*" -Force -Recurse
+}

 #==============================================================================
 # Copy DLLs to Python Directory
--- a/pkg/windows/build_env_3.ps1
+++ b/pkg/windows/build_env_3.ps1
@ -223,37 +223,28 @@ If ($NoPipDependencies -eq $false) {
 #==============================================================================
 # Cleaning Up PyWin32
 #==============================================================================
-Write-Output " ----------------------------------------------------------------"
-Write-Output " - $script_name :: Cleaning Up PyWin32 . . ."
-Write-Output " ----------------------------------------------------------------"
+If (Test-Path "$($ini['Settings']['SitePkgs3Dir'])\pywin32_system32" -PathType Container ) {
+    Write-Output " ----------------------------------------------------------------"
+    Write-Output " - $script_name :: Cleaning Up PyWin32 . . ."
+    Write-Output " ----------------------------------------------------------------"

-# Move DLL's to Python Root
-# The dlls have to be in Python directory and the site-packages\win32 directory
-Write-Output " - $script_name :: Moving PyWin32 DLLs . . ."
-Copy-Item "$($ini['Settings']['SitePkgs3Dir'])\pywin32_system32\*.dll" "$($ini['Settings']['Python3Dir'])" -Force
-Move-Item "$($ini['Settings']['SitePkgs3Dir'])\pywin32_system32\*.dll" "$($ini['Settings']['SitePkgs3Dir'])\win32" -Force
+    # Move DLL's to Python Root
+    # The dlls have to be in Python directory and the site-packages\win32 directory
+    Write-Output " - $script_name :: Moving PyWin32 DLLs . . ."
+    Copy-Item "$( $ini['Settings']['SitePkgs3Dir'] )\pywin32_system32\*.dll" "$( $ini['Settings']['Python3Dir'] )" -Force
+    Move-Item "$( $ini['Settings']['SitePkgs3Dir'] )\pywin32_system32\*.dll" "$( $ini['Settings']['SitePkgs3Dir'] )\win32" -Force

-# Create gen_py directory
-Write-Output " - $script_name :: Creating gen_py Directory . . ."
-New-Item -Path "$($ini['Settings']['SitePkgs3Dir'])\win32com\gen_py" -ItemType Directory -Force | Out-Null
+    # Create gen_py directory
+    Write-Output " - $script_name :: Creating gen_py Directory . . ."
+    New-Item -Path "$( $ini['Settings']['SitePkgs3Dir'] )\win32com\gen_py" -ItemType Directory -Force | Out-Null

-# Remove pywin32_system32 directory
-Write-Output " - $script_name :: Removing pywin32_system32 Directory . . ."
-Remove-Item "$($ini['Settings']['SitePkgs3Dir'])\pywin32_system32"
+    # Remove pywin32_system32 directory
+    Write-Output " - $script_name :: Removing pywin32_system32 Directory . . ."
+    Remove-Item "$( $ini['Settings']['SitePkgs3Dir'] )\pywin32_system32"

-# Remove PyWin32 PostInstall and testall Scripts
-Write-Output " - $script_name :: Removing PyWin32 scripts . . ."
-Remove-Item "$($ini['Settings']['Scripts3Dir'])\pywin32_*" -Force -Recurse
-
-#==============================================================================
-# Fix PyCrypto
-#==============================================================================
-If ($NoPipDependencies -eq $false) {
-  Write-Output " ----------------------------------------------------------------"
-  Write-Output "   - $script_name :: Fixing PyCrypto . . ."
-  Write-Output " ----------------------------------------------------------------"
-  $nt_file = "$($ini['Settings']['Python3Dir'])\Lib\site-packages\Crypto\Random\OSRNG\nt.py"
-  (Get-Content $nt_file) | Foreach-Object {$_ -replace '^import winrandom$', 'from Crypto.Random.OSRNG import winrandom'} | Set-Content $nt_file
+    # Remove PyWin32 PostInstall and testall Scripts
+    Write-Output " - $script_name :: Removing PyWin32 scripts . . ."
+    Remove-Item "$( $ini['Settings']['Scripts3Dir'] )\pywin32_*" -Force -Recurse
 }

 #==============================================================================
--- a/pkg/windows/modules/start-process-and-test-exitcode.psm1
+++ b/pkg/windows/modules/start-process-and-test-exitcode.psm1
@ -15,7 +15,7 @@ Function Start_Process_and_test_exitcode {
    Begin { Write-Host "Executing Command: $fun $args" }

    Process {
-        $p = Start-Process "$fun" -ArgumentList "$args" -Wait -PassThru
+        $p = Start-Process "$fun" -ArgumentList "$args" -Wait -NoNewWindow -PassThru
        If ($p.ExitCode -ne 0) {
            Write-Error "$descr returned exitcode $p.ExitCode."
            exit $p.ExitCode
--- a/salt/init.py
+++ b/salt/init.py
@ -12,7 +12,7 @@ import importlib

 class TornadoImporter(object):

-    def find_module(self, module_name, package_path):
+    def find_module(self, module_name, package_path=None):
        if module_name.startswith('tornado'):
            return self
        return None
--- a/salt/daemons/masterapi.py
+++ b/salt/daemons/masterapi.py
@ -617,14 +617,17 @@ class RemoteFuncs(object):
                        if 'allow_tgt' in mine_entry:
                            # Only determine allowed targets if any have been specified.
                            # This prevents having to add a list of all minions as allowed targets.
+                            get_minion = checker.check_minions(
+                                         mine_entry['allow_tgt'],
+                                         mine_entry.get('allow_tgt_type', 'glob'))['minions']
+                            # the minion in allow_tgt does not exist
+                            if not get_minion:
+                                continue
                            salt.utils.dictupdate.set_dict_key_value(
                                minion_side_acl,
                                '{}:{}'.format(minion, function),
-                                checker.check_minions(
-                                    mine_entry['allow_tgt'],
-                                    mine_entry.get('allow_tgt_type', 'glob')
-                                )['minions']
-                            )
+                                get_minion
+                           )
                if salt.utils.mine.minion_side_acl_denied(minion_side_acl, minion, function, load['id']):
                    continue
                if _ret_dict:
--- a/salt/minion.py
+++ b/salt/minion.py
@ -27,6 +27,7 @@ from salt.ext import six
 from salt._compat import ipaddress
 from salt.utils.network import parse_host_port
 from salt.ext.six.moves import range
+from salt.template import SLS_ENCODING
 from salt.utils.zeromq import zmq, ZMQDefaultLoop, install_zmq, ZMQ_VERSION_INFO
 import salt.transport.client
 import salt.defaults.exitcodes
@ -865,11 +866,11 @@ class SMinion(MinionBase):
                penv = 'base'
            cache_top = {penv: {self.opts['id']: ['cache']}}
            with salt.utils.files.fopen(ptop, 'wb') as fp_:
-                salt.utils.yaml.safe_dump(cache_top, fp_)
+                salt.utils.yaml.safe_dump(cache_top, fp_, encoding=SLS_ENCODING)
                os.chmod(ptop, 0o600)
            cache_sls = os.path.join(pdir, 'cache.sls')
            with salt.utils.files.fopen(cache_sls, 'wb') as fp_:
-                salt.utils.yaml.safe_dump(self.opts['pillar'], fp_)
+                salt.utils.yaml.safe_dump(self.opts['pillar'], fp_, encoding=SLS_ENCODING)
                os.chmod(cache_sls, 0o600)


--- a/salt/modules/cmdmod.py
+++ b/salt/modules/cmdmod.py
@ -344,7 +344,7 @@ def _run(cmd,
        # The last item in the list [-1] is the current method.
        # The third item[2] in each tuple is the name of that method.
        if stack[-2][2] == 'script':
-            cmd = 'Powershell -NonInteractive -NoProfile -ExecutionPolicy Bypass -File ' + cmd
+            cmd = 'Powershell -NonInteractive -NoProfile -ExecutionPolicy Bypass {0}'.format(cmd.replace('"', '\\"'))
        elif encoded_cmd:
            cmd = 'Powershell -NonInteractive -EncodedCommand {0}'.format(cmd)
        else:
--- a/salt/modules/mine.py
+++ b/salt/modules/mine.py
@ -194,10 +194,13 @@ def update(clear=False, mine_functions=None):
            log.error('Function %s in mine.update failed to execute', function_name or function_alias)
            log.debug('Error: %s', trace)
            continue
-        mine_data[function_alias] = salt.utils.mine.wrap_acl_structure(
-            res,
-            **minion_acl
-        )
+        if minion_acl.get('allow_tgt'):
+            mine_data[function_alias] = salt.utils.mine.wrap_acl_structure(
+                res,
+                **minion_acl
+            )
+        else:
+            mine_data[function_alias] = res
    return _mine_store(mine_data, clear)


@ -213,9 +216,13 @@ def send(name, *args, **kwargs):
    :param str mine_function: The name of the execution_module.function to run
        and whose value will be stored in the salt mine. Defaults to ``name``.
    :param str allow_tgt: Targeting specification for ACL. Specifies which minions
-        are allowed to access this function.
+        are allowed to access this function. Please note both your master and
+        minion need to be on, at least, version 3000 for this to work properly.
+
    :param str allow_tgt_type: Type of the targeting specification. This value will
-        be ignored if ``allow_tgt`` is not specified.
+        be ignored if ``allow_tgt`` is not specified. Please note both your
+        master and minion need to be on, at least, version 3000 for this to work
+        properly.

    Remaining args and kwargs will be passed on to the function to run.

@ -252,11 +259,15 @@ def send(name, *args, **kwargs):
        log.error('Function %s in mine.send failed to execute', mine_function or name)
        log.debug('Error: %s', trace)
        return False
-    mine_data[name] = salt.utils.mine.wrap_acl_structure(
-        res,
-        allow_tgt=allow_tgt,
-        allow_tgt_type=allow_tgt_type
-    )
+
+    if allow_tgt:
+        mine_data[name] = salt.utils.mine.wrap_acl_structure(
+            res,
+            allow_tgt=allow_tgt,
+            allow_tgt_type=allow_tgt_type
+        )
+    else:
+        mine_data[name] = res
    return _mine_store(mine_data)


--- a/salt/modules/mysql.py
+++ b/salt/modules/mysql.py
@ -35,6 +35,8 @@ Module to provide MySQL compatibility to salt.

 # Import python libs
 from __future__ import absolute_import, print_function, unicode_literals
+import copy
+import hashlib
 import time
 import logging
 import re
@ -261,6 +263,12 @@ def __virtual__():
    return bool(MySQLdb), 'No python mysql client installed.' if MySQLdb is None else ''


+def __mysql_hash_password(password):
+    _password = hashlib.sha1(password.encode()).digest()
+    _password = '*{0}'.format(hashlib.sha1(_password).hexdigest().upper())
+    return _password
+
+
 def __check_table(name, table, **connection_args):
    dbc = _connect(**connection_args)
    if dbc is None:
@ -307,6 +315,9 @@ def __optimize_table(name, table, **connection_args):


 def __password_column(**connection_args):
+    if 'mysql.password_column'in __context__:
+        return __context__['mysql.password_column']
+
    dbc = _connect(**connection_args)
    if dbc is None:
        return 'Password'
@ -321,9 +332,34 @@ def __password_column(**connection_args):
    }
    _execute(cur, qry, args)
    if int(cur.rowcount) > 0:
-        return 'Password'
+        __context__['mysql.password_column'] = 'Password'
    else:
-        return 'authentication_string'
+        __context__['mysql.password_column'] = 'authentication_string'
+
+    return __context__['mysql.password_column']
+
+
+def __get_auth_plugin(user, host, **connection_args):
+    dbc = _connect(**connection_args)
+    if dbc is None:
+        return []
+    cur = dbc.cursor(MySQLdb.cursors.DictCursor)
+    try:
+        qry = 'SELECT plugin FROM mysql.user WHERE User=%(user)s and Host=%(host)s'
+        args = {'user': user, 'host': host}
+        _execute(cur, qry, args)
+    except MySQLdb.OperationalError as exc:
+        err = 'MySQL Error {0}: {1}'.format(*exc.args)
+        __context__['mysql.error'] = err
+        log.error(err)
+        return 'mysql_native_password'
+    results = cur.fetchall()
+    log.debug(results)
+
+    if results:
+        return results[0].get('plugin', 'mysql_native_password')
+    else:
+        return 'mysql_native_password'


 def _connect(**kwargs):
@ -385,6 +421,10 @@ def _connect(**kwargs):
    # Ensure MySQldb knows the format we use for queries with arguments
    MySQLdb.paramstyle = 'pyformat'

+    for key in copy.deepcopy(connargs):
+        if not connargs[key]:
+            del connargs[key]
+
    if connargs.get('passwd', True) is None:  # If present but set to None. (Extreme edge case.)
        log.warning('MySQL password of None found. Attempting passwordless login.')
        connargs.pop('passwd')
@ -855,6 +895,9 @@ def version(**connection_args):

        salt '*' mysql.version
    '''
+    if 'mysql.version' in __context__:
+        return __context__['mysql.version']
+
    dbc = _connect(**connection_args)
    if dbc is None:
        return ''
@ -869,7 +912,8 @@ def version(**connection_args):
        return ''

    try:
-        return salt.utils.data.decode(cur.fetchone()[0])
+        __context__['mysql.version'] = salt.utils.data.decode(cur.fetchone()[0])
+        return __context__['mysql.version']
    except IndexError:
        return ''

@ -1237,6 +1281,82 @@ def user_list(**connection_args):
    return results


+def _mysql_user_exists(user,
+                       host='localhost',
+                       password=None,
+                       password_hash=None,
+                       passwordless=False,
+                       unix_socket=False,
+                       password_column=None,
+                       auth_plugin='mysql_native_password',
+                       **connection_args):
+
+    server_version = salt.utils.data.decode(version(**connection_args))
+    compare_version = '8.0.11'
+    qry = ('SELECT User,Host FROM mysql.user WHERE User = %(user)s AND '
+           'Host = %(host)s')
+    args = {}
+    args['user'] = user
+    args['host'] = host
+
+    if salt.utils.data.is_true(passwordless):
+        if salt.utils.data.is_true(unix_socket):
+            qry += ' AND plugin=%(unix_socket)s'
+            args['unix_socket'] = 'auth_socket'
+        else:
+            qry += ' AND ' + password_column + ' = \'\''
+    elif password:
+        if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
+            if auth_plugin == 'mysql_native_password':
+                _password = __mysql_hash_password(six.text_type(password))
+                qry += ' AND ' + password_column + ' = %(password)s'
+                args['password'] = six.text_type(_password)
+            else:
+                err = 'Unable to verify password.'
+                log.error(err)
+                __context__['mysql.error'] = err
+        else:
+            qry += ' AND ' + password_column + ' = PASSWORD(%(password)s)'
+            args['password'] = six.text_type(password)
+    elif password_hash:
+        qry += ' AND ' + password_column + ' = %(password)s'
+        args['password'] = password_hash
+
+    return qry, args
+
+
+def _mariadb_user_exists(user,
+                         host='localhost',
+                         password=None,
+                         password_hash=None,
+                         passwordless=False,
+                         unix_socket=False,
+                         password_column=None,
+                         auth_plugin='mysql_native_password',
+                         **connection_args):
+
+    qry = ('SELECT User,Host FROM mysql.user WHERE User = %(user)s AND '
+           'Host = %(host)s')
+    args = {}
+    args['user'] = user
+    args['host'] = host
+
+    if salt.utils.data.is_true(passwordless):
+        if salt.utils.data.is_true(unix_socket):
+            qry += ' AND plugin=%(unix_socket)s'
+            args['unix_socket'] = 'unix_socket'
+        else:
+            qry += ' AND ' + password_column + ' = \'\''
+    elif password:
+        qry += ' AND ' + password_column + ' = PASSWORD(%(password)s)'
+        args['password'] = six.text_type(password)
+    elif password_hash:
+        qry += ' AND ' + password_column + ' = %(password)s'
+        args['password'] = password_hash
+
+    return qry, args
+
+
 def user_exists(user,
                host='localhost',
                password=None,
@ -1269,7 +1389,6 @@ def user_exists(user,
        err = 'MySQL Error: Unable to fetch current server version. Last error was: "{}"'.format(last_err)
        log.error(err)
        return False
-    compare_version = '10.2.0' if 'MariaDB' in server_version else '8.0.11'
    dbc = _connect(**connection_args)
    # Did we fail to connect with the user we are checking
    # Its password might have previously change with the same command/state
@ -1287,33 +1406,30 @@ def user_exists(user,
    if not password_column:
        password_column = __password_column(**connection_args)

+    auth_plugin = __get_auth_plugin(user, host, **connection_args)
+
    cur = dbc.cursor()
-    qry = ('SELECT User,Host FROM mysql.user WHERE User = %(user)s AND '
-           'Host = %(host)s')
-    args = {}
-    args['user'] = user
-    args['host'] = host
+    if 'MariaDB' in server_version:
+        qry, args = _mariadb_user_exists(user,
+                                         host,
+                                         password,
+                                         password_hash,
+                                         passwordless,
+                                         unix_socket,
+                                         password_column=password_column,
+                                         auth_plugin=auth_plugin,
+                                         **connection_args)
+    else:
+        qry, args = _mysql_user_exists(user,
+                                       host,
+                                       password,
+                                       password_hash,
+                                       passwordless,
+                                       unix_socket,
+                                       password_column=password_column,
+                                       auth_plugin=auth_plugin,
+                                       **connection_args)

-    if salt.utils.data.is_true(passwordless):
-        if salt.utils.data.is_true(unix_socket):
-            qry += ' AND plugin=%(unix_socket)s'
-            args['unix_socket'] = 'unix_socket'
-        else:
-            qry += ' AND ' + password_column + ' = \'\''
-    elif password:
-        if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
-            run_verify = True
-        else:
-            _password = password
-            qry += ' AND ' + password_column + ' = PASSWORD(%(password)s)'
-            args['password'] = six.text_type(_password)
-    elif password_hash:
-        qry += ' AND ' + password_column + ' = %(password)s'
-        args['password'] = password_hash
-
-    if run_verify:
-        if not verify_login(user, password, **connection_args):
-            return False
    try:
        _execute(cur, qry, args)
    except MySQLdb.OperationalError as exc:
@ -1358,6 +1474,100 @@ def user_info(user, host='localhost', **connection_args):
    return result


+def _mysql_user_create(user,
+                       host='localhost',
+                       password=None,
+                       password_hash=None,
+                       allow_passwordless=False,
+                       unix_socket=False,
+                       password_column=None,
+                       auth_plugin='mysql_native_password',
+                       **connection_args):
+
+    server_version = salt.utils.data.decode(version(**connection_args))
+    compare_version = '8.0.11'
+
+    qry = 'CREATE USER %(user)s@%(host)s'
+    args = {}
+    args['user'] = user
+    args['host'] = host
+    if password is not None:
+        if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
+            args['auth_plugin'] = auth_plugin
+            qry += ' IDENTIFIED WITH %(auth_plugin)s BY %(password)s'
+        else:
+            qry += ' IDENTIFIED BY %(password)s'
+        args['password'] = six.text_type(password)
+    elif password_hash is not None:
+        if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
+            qry += ' IDENTIFIED BY %(password)s'
+        else:
+            qry += ' IDENTIFIED BY PASSWORD %(password)s'
+        args['password'] = password_hash
+    elif salt.utils.data.is_true(allow_passwordless):
+        if not plugin_status('auth_socket', **connection_args):
+            err = 'The auth_socket plugin is not enabled.'
+            log.error(err)
+            __context__['mysql.error'] = err
+            qry = False
+        else:
+            if salt.utils.data.is_true(unix_socket):
+                if host == 'localhost':
+                    qry += ' IDENTIFIED WITH auth_socket'
+                else:
+                    log.error(
+                        'Auth via unix_socket can be set only for host=localhost'
+                    )
+    else:
+        log.error('password or password_hash must be specified, unless '
+                  'allow_passwordless=True')
+        qry = False
+
+    return qry, args
+
+
+def _mariadb_user_create(user,
+                         host='localhost',
+                         password=None,
+                         password_hash=None,
+                         allow_passwordless=False,
+                         unix_socket=False,
+                         password_column=None,
+                         auth_plugin='mysql_native_password',
+                         **connection_args):
+
+    qry = 'CREATE USER %(user)s@%(host)s'
+    args = {}
+    args['user'] = user
+    args['host'] = host
+    if password is not None:
+        qry += ' IDENTIFIED BY %(password)s'
+        args['password'] = six.text_type(password)
+    elif password_hash is not None:
+        qry += ' IDENTIFIED BY PASSWORD %(password)s'
+        args['password'] = password_hash
+    elif salt.utils.data.is_true(allow_passwordless):
+        if not plugin_status('unix_socket', **connection_args):
+            err = 'The unix_socket plugin is not enabled.'
+            log.error(err)
+            __context__['mysql.error'] = err
+            qry = False
+        else:
+            if salt.utils.data.is_true(unix_socket):
+                if host == 'localhost':
+                    qry += ' IDENTIFIED VIA unix_socket'
+                else:
+                    log.error(
+                        'Auth via unix_socket can be set only for host=localhost'
+                    )
+    else:
+        log.error('password or password_hash must be specified, unless '
+                  'allow_passwordless=True')
+        qry = False
+
+    return qry, args
+
+
 def user_create(user,
                host='localhost',
                password=None,
@ -1365,6 +1575,7 @@ def user_create(user,
                allow_passwordless=False,
                unix_socket=False,
                password_column=None,
+                auth_plugin='mysql_native_password',
                **connection_args):
    '''
    Creates a MySQL user
@ -1396,6 +1607,12 @@ def user_create(user,
    unix_socket
        If ``True`` and allow_passwordless is ``True`` then will be used unix_socket auth plugin.

+    password_column
+        The password column to use in the user table.
+
+    auth_plugin
+        The authentication plugin to use, default is to use the mysql_native_password plugin.
+
    .. versionadded:: 0.16.2
        The ``allow_passwordless`` option was added.

@ -1413,7 +1630,7 @@ def user_create(user,
        err = 'MySQL Error: Unable to fetch current server version. Last error was: "{}"'.format(last_err)
        log.error(err)
        return False
-    compare_version = '10.2.0' if 'MariaDB' in server_version else '8.0.11'
+
    if user_exists(user, host, **connection_args):
        log.info('User \'%s\'@\'%s\' already exists', user, host)
        return False
@ -1426,34 +1643,29 @@ def user_create(user,
        password_column = __password_column(**connection_args)

    cur = dbc.cursor()
-    qry = 'CREATE USER %(user)s@%(host)s'
-    args = {}
-    args['user'] = user
-    args['host'] = host
-    if password is not None:
-        qry += ' IDENTIFIED BY %(password)s'
-        args['password'] = six.text_type(password)
-    elif password_hash is not None:
-        if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
-            if 'MariaDB' in server_version:
-                qry += ' IDENTIFIED BY PASSWORD %(password)s'
-            else:
-                qry += ' IDENTIFIED BY %(password)s'
-        else:
-            qry += ' IDENTIFIED BY PASSWORD %(password)s'
-        args['password'] = password_hash
-    elif salt.utils.data.is_true(allow_passwordless):
-        if salt.utils.data.is_true(unix_socket):
-            if host == 'localhost':
-                qry += ' IDENTIFIED VIA unix_socket'
-            else:
-                log.error(
-                    'Auth via unix_socket can be set only for host=localhost'
-                )
+    if 'MariaDB' in server_version:
+        qry, args = _mariadb_user_create(user,
+                                         host,
+                                         password,
+                                         password_hash,
+                                         allow_passwordless,
+                                         unix_socket,
+                                         password_column=password_column,
+                                         auth_plugin=auth_plugin,
+                                         **connection_args)
    else:
-        log.error('password or password_hash must be specified, unless '
-                  'allow_passwordless=True')
-        return False
+        qry, args = _mysql_user_create(user,
+                                       host,
+                                       password,
+                                       password_hash,
+                                       allow_passwordless,
+                                       unix_socket,
+                                       password_column=password_column,
+                                       auth_plugin=auth_plugin,
+                                       **connection_args)
+
+    if isinstance(qry, bool):
+        return qry

    try:
        _execute(cur, qry, args)
@ -1463,7 +1675,12 @@ def user_create(user,
        log.error(err)
        return False

-    if user_exists(user, host, password, password_hash, password_column=password_column, **connection_args):
+    if user_exists(user,
+                   host,
+                   password,
+                   password_hash,
+                   password_column=password_column,
+                   **connection_args):
        msg = 'User \'{0}\'@\'{1}\' has been created'.format(user, host)
        if not any((password, password_hash)):
            msg += ' with passwordless login'
@ -1474,6 +1691,121 @@ def user_create(user,
    return False


+def _mysql_user_chpass(user,
+                       host='localhost',
+                       password=None,
+                       password_hash=None,
+                       allow_passwordless=False,
+                       unix_socket=None,
+                       password_column=None,
+                       auth_plugin='mysql_native_password',
+                       **connection_args):
+    server_version = salt.utils.data.decode(version(**connection_args))
+    compare_version = '8.0.11'
+
+    args = {}
+
+    if password is not None:
+        if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
+            password_sql = '%(password)s'
+        else:
+            password_sql = 'PASSWORD(%(password)s)'
+        args['password'] = password
+    elif password_hash is not None:
+        password_sql = '%(password)s'
+        args['password'] = password_hash
+    elif not salt.utils.data.is_true(allow_passwordless):
+        log.error('password or password_hash must be specified, unless '
+                  'allow_passwordless=True')
+        return False
+    else:
+        password_sql = '\'\''
+
+    args['user'] = user
+    args['host'] = host
+
+    if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
+        qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;"
+    else:
+        qry = ('UPDATE mysql.user SET ' + password_column + '=' + password_sql +
+               ' WHERE User=%(user)s AND Host = %(host)s;')
+    if salt.utils.data.is_true(allow_passwordless) and \
+            salt.utils.data.is_true(unix_socket):
+        if host == 'localhost':
+            if not plugin_status('auth_socket', **connection_args):
+                err = 'The auth_socket plugin is not enabled.'
+                log.error(err)
+                __context__['mysql.error'] = err
+                qry = False
+            else:
+                args['unix_socket'] = 'auth_socket'
+                if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
+                    qry = "ALTER USER %(user)s@%(host)s IDENTIFIED WITH %(unix_socket)s AS %(user)s;"
+                else:
+                    qry = ('UPDATE mysql.user SET ' + password_column + '='
+                           + password_sql + ', plugin=%(unix_socket)s' +
+                           ' WHERE User=%(user)s AND Host = %(host)s;')
+        else:
+            log.error('Auth via unix_socket can be set only for host=localhost')
+
+    return qry, args
+
+
+def _mariadb_user_chpass(user,
+                         host='localhost',
+                         password=None,
+                         password_hash=None,
+                         allow_passwordless=False,
+                         unix_socket=None,
+                         password_column=None,
+                         auth_plugin='mysql_native_password',
+                         **connection_args):
+
+    server_version = salt.utils.data.decode(version(**connection_args))
+    compare_version = '10.4.0'
+
+    args = {}
+
+    if password is not None:
+        password_sql = 'PASSWORD(%(password)s)'
+        args['password'] = password
+    elif password_hash is not None:
+        password_sql = '%(password)s'
+        args['password'] = password_hash
+    elif not salt.utils.data.is_true(allow_passwordless):
+        log.error('password or password_hash must be specified, unless '
+                  'allow_passwordless=True')
+        return False
+    else:
+        password_sql = '\'\''
+
+    args['user'] = user
+    args['host'] = host
+
+    if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
+        qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;"
+    else:
+        qry = ('UPDATE mysql.user SET ' + password_column + '=' + password_sql +
+               ' WHERE User=%(user)s AND Host = %(host)s;')
+    if salt.utils.data.is_true(allow_passwordless) and \
+            salt.utils.data.is_true(unix_socket):
+        if host == 'localhost':
+            if not plugin_status('unix_socket', **connection_args):
+                err = 'The unix_socket plugin is not enabled.'
+                log.error(err)
+                __context__['mysql.error'] = err
+                qry = False
+            else:
+                args['unix_socket'] = 'unix_socket'
+                qry = ('UPDATE mysql.user SET ' + password_column + '='
+                       + password_sql + ', plugin=%(unix_socket)s' +
+                       ' WHERE User=%(user)s AND Host = %(host)s;')
+        else:
+            log.error('Auth via unix_socket can be set only for host=localhost')
+
+    return qry, args
+
+
 def user_chpass(user,
                host='localhost',
                password=None,
@ -1526,54 +1858,44 @@ def user_chpass(user,
        err = 'MySQL Error: Unable to fetch current server version. Last error was: "{}"'.format(last_err)
        log.error(err)
        return False
-    compare_version = '10.2.0' if 'MariaDB' in server_version else '8.0.11'
-    args = {}
-    if password is not None:
-        if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
-            password_sql = '%(password)s'
-        else:
-            password_sql = 'PASSWORD(%(password)s)'
-        args['password'] = password
-    elif password_hash is not None:
-        password_sql = '%(password)s'
-        args['password'] = password_hash
-    elif not salt.utils.data.is_true(allow_passwordless):
-        log.error('password or password_hash must be specified, unless '
-                  'allow_passwordless=True')
+
+    if not user_exists(user, host, **connection_args):
+        log.info('User \'%s\'@\'%s\' does not exists', user, host)
        return False
-    else:
-        password_sql = '\'\''

    dbc = _connect(**connection_args)
+
    if dbc is None:
        return False

    if not password_column:
        password_column = __password_column(**connection_args)

+    auth_plugin = __get_auth_plugin(user, host, **connection_args)
+
    cur = dbc.cursor()
-    args['user'] = user
-    args['host'] = host
-    if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
-        if 'MariaDB' in server_version and password_hash is not None:
-            qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY PASSWORD %(password)s;"
-        else:
-            qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;"
+
+    if 'MariaDB' in server_version:
+        qry, args = _mariadb_user_chpass(user,
+                                         host,
+                                         password,
+                                         password_hash,
+                                         allow_passwordless,
+                                         unix_socket,
+                                         password_column=password_column,
+                                         auth_plugin=auth_plugin,
+                                         **connection_args)
    else:
-        qry = ('UPDATE mysql.user SET ' + password_column + '=' + password_sql +
-               ' WHERE User=%(user)s AND Host = %(host)s;')
-    if salt.utils.data.is_true(allow_passwordless) and \
-            salt.utils.data.is_true(unix_socket):
-        if host == 'localhost':
-            args['unix_socket'] = 'auth_socket'
-            if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
-                qry = "ALTER USER %(user)s@%(host)s IDENTIFIED WITH %(unix_socket)s AS %(user)s;"
-            else:
-                qry = ('UPDATE mysql.user SET ' + password_column + '='
-                       + password_sql + ', plugin=%(unix_socket)s' +
-                       ' WHERE User=%(user)s AND Host = %(host)s;')
-        else:
-            log.error('Auth via unix_socket can be set only for host=localhost')
+        qry, args = _mysql_user_chpass(user,
+                                       host,
+                                       password,
+                                       password_hash,
+                                       allow_passwordless,
+                                       unix_socket,
+                                       password_column=password_column,
+                                       auth_plugin=auth_plugin,
+                                       **connection_args)
+
    try:
        result = _execute(cur, qry, args)
    except MySQLdb.OperationalError as exc:
@ -1582,8 +1904,17 @@ def user_chpass(user,
        log.error(err)
        return False

+    compare_version = '10.4.0' if 'MariaDB' in server_version else '8.0.11'
+    res = False
    if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
        _execute(cur, 'FLUSH PRIVILEGES;')
+        res = True
+    else:
+        if result:
+            _execute(cur, 'FLUSH PRIVILEGES;')
+            res = True
+
+    if res:
        log.info(
            'Password for user \'%s\'@\'%s\' has been %s',
                user, host,
@ -1591,21 +1922,12 @@ def user_chpass(user,
        )
        return True
    else:
-        if result:
-            _execute(cur, 'FLUSH PRIVILEGES;')
-            log.info(
-                'Password for user \'%s\'@\'%s\' has been %s',
-                    user, host,
-                    'changed' if any((password, password_hash)) else 'cleared'
-            )
-            return True
-
-    log.info(
-        'Password for user \'%s\'@\'%s\' was not %s',
-            user, host,
-            'changed' if any((password, password_hash)) else 'cleared'
-    )
-    return False
+        log.info(
+            'Password for user \'%s\'@\'%s\' was not %s',
+                user, host,
+                'changed' if any((password, password_hash)) else 'cleared'
+        )
+        return False


 def user_remove(user,
@ -1620,6 +1942,12 @@ def user_remove(user,

        salt '*' mysql.user_remove frank localhost
    '''
+    if not user_exists(user, host, **connection_args):
+        err = 'User \'%s\'@\'%s\' does not exists', user, host
+        __context__['mysql.error'] = err
+        log.info(err)
+        return False
+
    dbc = _connect(**connection_args)
    if dbc is None:
        return False
@ -2363,3 +2691,153 @@ def verify_login(user, password=None, **connection_args):
            del __context__['mysql.error']
        return False
    return True
+
+
+def plugins_list(**connection_args):
+    '''
+    Return a list of plugins and their status
+    from the ``SHOW PLUGINS`` query.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' mysql.plugins_list
+    '''
+    dbc = _connect(**connection_args)
+    if dbc is None:
+        return []
+    cur = dbc.cursor()
+    qry = 'SHOW PLUGINS'
+    try:
+        _execute(cur, qry)
+    except MySQLdb.OperationalError as exc:
+        err = 'MySQL Error {0}: {1}'.format(*exc.args)
+        __context__['mysql.error'] = err
+        log.error(err)
+        return []
+
+    ret = []
+    results = cur.fetchall()
+    for dbs in results:
+        ret.append({'name': dbs[0], 'status': dbs[1]})
+
+    log.debug(ret)
+    return ret
+
+
+def plugin_add(name, soname=None, **connection_args):
+    '''
+    Add a plugina.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' mysql.plugin_add auth_socket
+    '''
+    if not name:
+        log.error('Plugin name is required.')
+        return False
+
+    if plugin_status(name, **connection_args):
+        log.error('Plugin %s is already installed.', name)
+        return True
+
+    dbc = _connect(**connection_args)
+    if dbc is None:
+        return False
+    cur = dbc.cursor()
+    qry = 'INSTALL PLUGIN {0}'.format(name)
+
+    if soname:
+        qry += ' SONAME "{0}"'.format(soname)
+    else:
+        qry += ' SONAME "{0}.so"'.format(name)
+
+    try:
+        _execute(cur, qry)
+    except MySQLdb.OperationalError as exc:
+        err = 'MySQL Error {0}: {1}'.format(*exc.args)
+        __context__['mysql.error'] = err
+        log.error(err)
+        return False
+
+    return True
+
+
+def plugin_remove(name, **connection_args):
+    '''
+    Remove a plugin.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' mysql.plugin_remove auth_socket
+    '''
+    if not name:
+        log.error('Plugin name is required.')
+        return False
+
+    if not plugin_status(name, **connection_args):
+        log.error('Plugin %s is not installed.', name)
+        return True
+
+    dbc = _connect(**connection_args)
+    if dbc is None:
+        return False
+    cur = dbc.cursor()
+    qry = 'UNINSTALL PLUGIN {0}'.format(name)
+    args = {}
+    args['name'] = name
+
+    try:
+        _execute(cur, qry)
+    except MySQLdb.OperationalError as exc:
+        err = 'MySQL Error {0}: {1}'.format(*exc.args)
+        __context__['mysql.error'] = err
+        log.error(err)
+        return False
+
+    return True
+
+
+def plugin_status(name, **connection_args):
+    '''
+    Return the status of a plugin.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' mysql.plugin_status auth_socket
+    '''
+    if not name:
+        log.error('Plugin name is required.')
+        return False
+
+    dbc = _connect(**connection_args)
+    if dbc is None:
+        return ''
+    cur = dbc.cursor()
+    qry = 'SELECT PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = %(name)s'
+    args = {}
+    args['name'] = name
+
+    try:
+        _execute(cur, qry, args)
+    except MySQLdb.OperationalError as exc:
+        err = 'MySQL Error {0}: {1}'.format(*exc.args)
+        __context__['mysql.error'] = err
+        log.error(err)
+        return ''
+
+    try:
+        status = cur.fetchone()
+        if status is None:
+            return ''
+        else:
+            return status[0]
+    except IndexError:
+        return ''
--- a/salt/modules/pdbedit.py
+++ b/salt/modules/pdbedit.py
@ -11,6 +11,7 @@ Manage accounts in Samba's passdb using pdbedit
 from __future__ import absolute_import, print_function, unicode_literals

 # Import Python libs
+import re
 import logging
 import hashlib
 import binascii
@ -22,6 +23,7 @@ except ImportError:
 # Import Salt libs
 from salt.ext import six
 import salt.utils.path
+import salt.modules.cmdmod

 log = logging.getLogger(__name__)

@ -39,14 +41,21 @@ def __virtual__():
    '''
    Provides pdbedit if available
    '''
-    if salt.utils.path.which('pdbedit'):
-        return __virtualname__
-    return (
-        False,
-        '{0} module can only be loaded when pdbedit is available'.format(
-            __virtualname__
-        )
-    )
+    # NOTE: check for pdbedit command
+    if not salt.utils.path.which('pdbedit'):
+        return (False, 'pdbedit command is not available')
+
+    # NOTE: check version is >= 4.8.x
+    ver = salt.modules.cmdmod.run('pdbedit -V')
+    ver_regex = re.compile(r'^Version\s(\d+)\.(\d+)\.(\d+)$')
+    ver_match = ver_regex.match(ver)
+    if not ver_match:
+        return (False, 'pdbedit -V returned an unknown version format')
+
+    if not (int(ver_match.group(1)) >= 4 and int(ver_match.group(2)) >= 8):
+        return (False, 'pdbedit is to old, 4.8.0 or newer is required')
+
+    return __virtualname__


 def generate_nt_hash(password):
--- a/salt/returners/django_return.py
+++ b/salt/returners/django_return.py
@ -39,7 +39,7 @@ log = logging.getLogger(__name__)
 HAS_DJANGO = False

 try:
-    from django import dispatch
+    from django import dispatch  # pylint: disable=E0611
    HAS_DJANGO = True
 except ImportError:
    HAS_DJANGO = False
--- a/salt/runners/f5.py
+++ b/salt/runners/f5.py
@ -10,7 +10,7 @@ Runner to provide F5 Load Balancer functionality
    .. code-block:: yaml

        load_balancers:
-          bigip1.example.com
+          bigip1.example.com:
            username: admin
            password: secret
          bigip2.example.com:
--- a/salt/states/mysql_user.py
+++ b/salt/states/mysql_user.py
@ -73,6 +73,7 @@ def present(name,
            allow_passwordless=False,
            unix_socket=False,
            password_column=None,
+            auth_plugin='mysql_native_password',
            **connection_args):
    '''
    Ensure that the named user is present with the specified properties. A
@ -127,7 +128,11 @@ def present(name,
            ret['result'] = False
            return ret
        else:
-            if __salt__['mysql.user_exists'](name, host, passwordless=True, unix_socket=unix_socket, password_column=password_column,
+            if __salt__['mysql.user_exists'](name,
+                                             host,
+                                             passwordless=True,
+                                             unix_socket=unix_socket,
+                                             password_column=password_column,
                                             **connection_args):
                ret['comment'] += ' with passwordless login'
                return ret
@ -138,11 +143,19 @@ def present(name,
                    ret['result'] = False
                    return ret
    else:
-        if __salt__['mysql.user_exists'](name, host, password, password_hash, unix_socket=unix_socket, password_column=password_column,
+        if __salt__['mysql.user_exists'](name,
+                                         host,
+                                         password,
+                                         password_hash,
+                                         unix_socket=unix_socket,
+                                         password_column=password_column,
                                         **connection_args):
-            ret['comment'] += ' with the desired password'
-            if password_hash and not password:
-                ret['comment'] += ' hash'
+            if auth_plugin == 'mysql_native_password':
+                ret['comment'] += ' with the desired password'
+                if password_hash and not password:
+                    ret['comment'] += ' hash'
+            else:
+                ret['comment'] += '. Unable to verify password.'
            return ret
        else:
            err = _get_mysql_error()
@ -152,7 +165,10 @@ def present(name,
                return ret

    # check if user exists with a different password
-    if __salt__['mysql.user_exists'](name, host, unix_socket=unix_socket, **connection_args):
+    if __salt__['mysql.user_exists'](name,
+                                     host,
+                                     unix_socket=unix_socket,
+                                     **connection_args):

        # The user is present, change the password
        if __opts__['test']:
@ -168,9 +184,12 @@ def present(name,
                ret['comment'] += 'changed'
            return ret

-        if __salt__['mysql.user_chpass'](name, host,
-                                         password, password_hash,
-                                         allow_passwordless, unix_socket,
+        if __salt__['mysql.user_chpass'](name,
+                                         host,
+                                         password,
+                                         password_hash,
+                                         allow_passwordless,
+                                         unix_socket,
                                         **connection_args):
            ret['comment'] = \
                'Password for user {0}@{1} has been ' \
@ -209,9 +228,14 @@ def present(name,
                    ret['result'] = False
            return ret

-        if __salt__['mysql.user_create'](name, host,
-                                         password, password_hash,
-                                         allow_passwordless, unix_socket=unix_socket, password_column=password_column,
+        if __salt__['mysql.user_create'](name,
+                                         host,
+                                         password,
+                                         password_hash,
+                                         allow_passwordless,
+                                         unix_socket=unix_socket,
+                                         password_column=password_column,
+                                         auth_plugin=auth_plugin,
                                         **connection_args):
            ret['comment'] = \
                'The user {0}@{1} has been added'.format(name, host)
--- a/salt/states/smartos.py
+++ b/salt/states/smartos.py
@ -246,6 +246,11 @@ def _parse_vmconfig(config, instances):
                    ## some property are lowercase
                    if 'mac' in instance_config:
                        instance_config['mac'] = instance_config['mac'].lower()
+                    ## calculate mac from vrrp_vrid
+                    if 'vrrp_vrid' in instance_config:
+                        instance_config['mac'] = "00:00:5e:00:01:{0}".format(
+                            hex(int(instance_config['vrrp_vrid'])).split('x')[-1].zfill(2),
+                        )
                    vmconfig[prop].append(instance_config)
    else:
        log.error('smartos.vm_present::parse_vmconfig - failed to parse')
@ -768,7 +773,8 @@ def vm_present(name, vmconfig, config=None):
        'instance': {
            'nics': 'mac',
            'disks': 'path',
-            'filesystems': 'target'
+            'filesystems': 'target',
+            'pci_devices': 'path',
        },
        'create_only': [
            'filesystems'
--- a/salt/utils/schedule.py
+++ b/salt/utils/schedule.py
@ -1019,7 +1019,7 @@ class Schedule(object):

                if when < now - loop_interval and \
                        not data.get('_run', False) and \
-                        not data.get('run', False) and \
+                        not run and \
                        not data['_splay']:
                    data['_next_fire_time'] = None
                    data['_continue'] = True
--- a/salt/version.py
+++ b/salt/version.py
@ -319,50 +319,44 @@ class SaltStackVersion(object):
        # Higher than 0.17, lower than first date based
        return 0 < self.major < 2014

+    def min_info(self):
+        info = [self.major]
+        if self.new_version(self.major):
+            if self.minor:
+                info.append(self.minor)
+        else:
+            info.extend([self.minor,
+                        self.bugfix,
+                        self.mbugfix])
+        return info
+
    @property
    def info(self):
-        return (
-            self.major,
-            self.minor,
-            self.bugfix,
-            self.mbugfix
-        )
+        return tuple(self.min_info())

    @property
    def pre_info(self):
-        return (
-            self.major,
-            self.minor,
-            self.bugfix,
-            self.mbugfix,
-            self.pre_type,
-            self.pre_num
-        )
+        info = self.min_info()
+        info.extend([self.pre_type,
+                     self.pre_num])
+        return tuple(info)

    @property
    def noc_info(self):
-        return (
-            self.major,
-            self.minor,
-            self.bugfix,
-            self.mbugfix,
-            self.pre_type,
-            self.pre_num,
-            self.noc
-        )
+        info = self.min_info()
+        info.extend([self.pre_type,
+                     self.pre_num,
+                     self.noc])
+        return tuple(info)

    @property
    def full_info(self):
-        return (
-            self.major,
-            self.minor,
-            self.bugfix,
-            self.mbugfix,
-            self.pre_type,
-            self.pre_num,
-            self.noc,
-            self.sha
-        )
+        info = self.min_info()
+        info.extend([self.pre_type,
+                     self.pre_num,
+                     self.noc,
+                     self.sha])
+        return tuple(info)

    @property
    def string(self):
@ -402,6 +396,16 @@ class SaltStackVersion(object):
            version_string += ' ({0})'.format(self.RMATCH[(self.major, self.minor)])
        return version_string

+    @property
+    def pre_index(self):
+        if self.new_version(self.major):
+            pre_type = 2
+            if not isinstance(self.minor, int):
+                pre_type = 1
+        else:
+            pre_type = 4
+        return pre_type
+
    def __str__(self):
        return self.string

@ -418,23 +422,29 @@ class SaltStackVersion(object):
                    )
                )

+        pre_type = self.pre_index
+        other_pre_type = other.pre_index
        other_noc_info = list(other.noc_info)
        noc_info = list(self.noc_info)

        if self.new_version(self.major):
-            if isinstance(self.minor, int) and not isinstance(other.minor, int):
-                other_noc_info[1] = 0
+            if self.minor and not other.minor:
+                # We have minor information, the other side does not
+                if self.minor > 0:
+                    other_noc_info[1] = 0

-            if not isinstance(self.minor, int) and isinstance(other.minor, int):
-                noc_info[1] = 0
+            if not self.minor and other.minor:
+                # The other side has minor information, we don't
+                if other.minor > 0:
+                    noc_info[1] = 0

        if self.pre_type and not other.pre_type:
            # We have pre-release information, the other side doesn't
-            other_noc_info[4] = 'zzzzz'
+            other_noc_info[other_pre_type] = 'zzzzz'

        if not self.pre_type and other.pre_type:
-            # The other side has pre-release informatio, we don't
-            noc_info[4] = 'zzzzz'
+            # The other side has pre-release information, we don't
+            noc_info[pre_type] = 'zzzzz'

        return method(tuple(noc_info), tuple(other_noc_info))

--- a/setup.py
+++ b/setup.py
@ -700,8 +700,7 @@ class Install(install):
        install.finalize_options(self)

    def run(self):
-        from distutils.version import StrictVersion
-        if StrictVersion(setuptools.__version__) < StrictVersion('9.1'):
+        if LooseVersion(setuptools.__version__) < LooseVersion('9.1'):
            sys.stderr.write(
                '\n\nInstalling Salt requires setuptools >= 9.1\n'
                'Available setuptools version is {}\n\n'.format(setuptools.__version__)
--- a/tests/integration/files/conf/minion
+++ b/tests/integration/files/conf/minion
@ -95,6 +95,9 @@ config_test:

 mine_functions:
  test.ping: []
+  test.arg:
+    - isn't
+    - allow_tgt: 'sub_minion'

 # sdb env module
 osenv:
--- a/tests/integration/files/conf/sub_minion
+++ b/tests/integration/files/conf/sub_minion
@ -62,3 +62,8 @@ grains:
    keystone.password: demopass
    keystone.tenant: demo
    keystone.auth_url: http://127.0.0.1:5000/v3/
+
+mine_functions:
+  test.arg:
+    - isn't
+    - allow_tgt: 'sub_minion'
--- a/tests/integration/files/file/base/issue-56195/test.ps1
+++ b/tests/integration/files/file/base/issue-56195/test.ps1
@ -0,0 +1,7 @@
+[CmdLetBinding()]
+Param(
+  [SecureString] $SecureString
+)
+
+$Credential = New-Object System.Net.NetworkCredential("DummyId", $SecureString)
+$Credential.Password
--- a/tests/integration/minion/test_minion_cache.py
+++ b/tests/integration/minion/test_minion_cache.py
@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, unicode_literals
+
+import os
+
+import salt.loader
+import salt.minion
+import salt.utils.yaml
+from salt.utils.files import fopen
+from tests.support.case import ModuleCase
+from tests.support.helpers import with_tempdir
+from tests.support.mock import patch
+
+
+class BasePillarTest(ModuleCase):
+    @with_tempdir()
+    def test_minion_cache_should_cache_files(self, tempdir):
+        pillar = {"this": {"is": {"some": "pillar data"}}}
+        opts = {
+            "file_client": "remote",
+            "minion_pillar_cache": "true",
+            "master_type": "local",
+            "discovery": False,
+            "master": "local",
+            "__role": "",
+            "id": "test",
+            "saltenv": "base",
+            "pillar_cache": True,
+            "pillar_cache_backend": "disk",
+            "pillar_cache_ttl": 3600,
+            "cachedir": tempdir,
+            "state_top": "top.sls",
+            "pillar_roots": {"base": tempdir},
+            "extension_modules": tempdir,
+            "file_ignore_regex": [],
+            "file_ignore_glob": [],
+            "pillar": pillar,
+        }
+        with patch("salt.loader.grains", return_value={}), patch(
+            "salt.minion.SMinion.gen_modules"
+        ), patch("salt.minion.SMinion.eval_master"), patch(
+            "salt.minion.install_zmq"
+        ), patch(
+            "salt.minion.ZMQDefaultLoop.current"
+        ):
+            minion = salt.minion.SMinion(opts)
+            self.assertTrue("pillar" in os.listdir(tempdir))
+            pillar_cache = os.path.join(tempdir, "pillar")
+            self.assertTrue("top.sls" in os.listdir(pillar_cache))
+            self.assertTrue("cache.sls" in os.listdir(pillar_cache))
+            with fopen(os.path.join(pillar_cache, "cache.sls"), "rb") as f:
+                cached_data = salt.utils.yaml.safe_load(f)
+                assert cached_data == pillar
--- a/tests/integration/modules/test_cmdmod.py
+++ b/tests/integration/modules/test_cmdmod.py
@ -491,3 +491,14 @@ class CMDModuleTest(ModuleCase):
        out = self.run_function('cmd.run', ['set'], env={"abc": "123", "ABC": "456"}).splitlines()
        self.assertIn('abc=123', out)
        self.assertIn('ABC=456', out)
+
+    @skipIf(not salt.utils.platform.is_windows(), 'minion is not windows')
+    def test_windows_powershell_script_args(self):
+        '''
+        Ensure that powershell processes inline script in args
+        '''
+        val = 'i like cheese'
+        args = '-SecureString (ConvertTo-SecureString -String "{0}" -AsPlainText -Force) -ErrorAction Stop'.format(val)
+        script = 'salt://issue-56195/test.ps1'
+        ret = self.run_function('cmd.script', [script], args=args, shell='powershell')
+        self.assertEqual(ret['stdout'], val)
--- a/tests/integration/modules/test_mine.py
+++ b/tests/integration/modules/test_mine.py
@ -8,29 +8,29 @@ import time
 import pprint

 # Import Salt Testing libs
-from tests.support.case import ModuleCase
+from tests.support.case import ModuleCase, ShellCase
+from tests.support.runtests import RUNTIME_VARS
+
+# Import Salt libs
+import salt.utils.platform


-class MineTest(ModuleCase):
+class MineTest(ModuleCase, ShellCase):
    '''
    Test the mine system
    '''
    def setUp(self):
+        self.tgt = r'\*'
+        if salt.utils.platform.is_windows():
+            self.tgt = '*'
        self.wait_for_all_jobs()

    def test_get(self):
        '''
        test mine.get and mine.update
        '''
-        self.assertTrue(self.run_function('mine.update', minion_tgt='minion'))
-        # The sub_minion does not have mine_functions defined in its configuration
-        # In this case, mine.update returns None
-        self.assertIsNone(
-            self.run_function(
-                'mine.update',
-                minion_tgt='sub_minion'
-            )
-        )
+        assert self.run_function('mine.update', minion_tgt='minion')
+        assert self.run_function('mine.update', minion_tgt='sub_minion')
        # Since the minion has mine_functions defined in its configuration,
        # mine.update will return True
        self.assertTrue(
@ -40,6 +40,78 @@ class MineTest(ModuleCase):
            )
        )

+    def test_get_allow_tgt(self):
+        '''
+        test mine.get and mine.update using allow_tgt
+        '''
+        assert self.run_function('mine.update', minion_tgt='minion')
+        assert self.run_function('mine.update', minion_tgt='sub_minion')
+
+        # sub_minion should be able to view test.arg data
+        sub_min_ret = self.run_call('mine.get {0} test.arg'.format(self.tgt), config_dir=RUNTIME_VARS.TMP_SUB_MINION_CONF_DIR)
+        assert "            - isn't" in sub_min_ret
+
+        # minion should not be able to view test.arg data
+        min_ret = self.run_call('mine.get {0} test.arg'.format(self.tgt))
+        assert "            - isn't" not in min_ret
+
+    def test_send_allow_tgt(self):
+        '''
+        test mine.send with allow_tgt set
+        '''
+        mine_name = 'test_this'
+        for minion in ['sub_minion', 'minion']:
+            assert self.run_function('mine.send', [mine_name,
+                'mine_function=test.arg_clean', 'one'], allow_tgt='sub_minion',
+                minion_tgt=minion)
+        min_ret = self.run_call('mine.get {0} {1}'.format(self.tgt, mine_name))
+        sub_ret = self.run_call('mine.get {0} {1}'.format(self.tgt, mine_name),
+                config_dir=RUNTIME_VARS.TMP_SUB_MINION_CONF_DIR)
+
+        # ensure we did get the mine_name mine function for sub_minion
+        assert '            - one' in sub_ret
+        # ensure we did not get the mine_name mine function for minion
+        assert '            - one' not in min_ret
+
+    def test_send_allow_tgt_compound(self):
+        '''
+        test mine.send with allow_tgt set
+        and using compound targeting
+        '''
+        mine_name = 'test_this_comp'
+        for minion in ['sub_minion', 'minion']:
+            assert self.run_function('mine.send', [mine_name,
+                'mine_function=test.arg_clean', 'one'],
+                allow_tgt='L@minion,sub_minion',
+                allow_tgt_type='compound',
+                minion_tgt=minion)
+        min_ret = self.run_call('mine.get {0} {1}'.format(self.tgt, mine_name))
+        sub_ret = self.run_call('mine.get {0} {1}'.format(self.tgt, mine_name),
+                config_dir=RUNTIME_VARS.TMP_SUB_MINION_CONF_DIR)
+
+        # ensure we get the mine_name mine function for both minions
+        for ret in [min_ret, sub_ret]:
+            assert '            - one' in ret
+
+    def test_send_allow_tgt_doesnotexist(self):
+        '''
+        test mine.send with allow_tgt set when
+        the minion defined in allow_tgt does
+        not exist
+        '''
+        mine_name = 'mine_doesnotexist'
+        for minion in ['sub_minion', 'minion']:
+            assert self.run_function('mine.send', [mine_name,
+                'mine_function=test.arg_clean', 'one'], allow_tgt='doesnotexist',
+                minion_tgt=minion)
+        min_ret = self.run_call('mine.get {0} {1}'.format(self.tgt, mine_name))
+        sub_ret = self.run_call('mine.get {0} {1}'.format(self.tgt, mine_name),
+                config_dir=RUNTIME_VARS.TMP_SUB_MINION_CONF_DIR)
+
+        # ensure we did not get the mine_name mine function for both minions
+        for ret in [sub_ret, min_ret]:
+            assert '            - one' not in ret
+
    def test_send(self):
        '''
        test mine.send
--- a/tests/integration/scheduler/test_eval.py
+++ b/tests/integration/scheduler/test_eval.py
@ -9,7 +9,12 @@ import os
 import random
 import time

-import dateutil.parser as dateutil_parser
+try:
+    import dateutil.parser as dateutil_parser
+    HAS_DATEUTIL_PARSER = True
+except ImportError:
+    HAS_DATEUTIL_PARSER = False
+
 import datetime

 # Import Salt Testing libs
@ -43,6 +48,7 @@ DEFAULT_CONFIG['pki_dir'] = os.path.join(ROOT_DIR, 'pki')
 DEFAULT_CONFIG['cachedir'] = os.path.join(ROOT_DIR, 'cache')


+@skipIf(HAS_DATEUTIL_PARSER is False, 'The \'dateutil.parser\' library is not available')
 class SchedulerEvalTest(ModuleCase, SaltReturnAssertsMixin):
    '''
    Validate the pkg module
@ -920,6 +926,7 @@ class SchedulerEvalTest(ModuleCase, SaltReturnAssertsMixin):
        }
        run_time1 = dateutil_parser.parse('11/29/2017 4:00pm')
        run_time2 = run_time1 + datetime.timedelta(seconds=splay)
+        run_time3 = run_time2 + datetime.timedelta(seconds=1)

        # Add the job to the scheduler
        self.schedule.opts.update(job)
@ -940,6 +947,13 @@ class SchedulerEvalTest(ModuleCase, SaltReturnAssertsMixin):
            ret = self.schedule.job_status(job_name)
            self.assertEqual(ret['_last_run'], run_time2)

+            # Evaluate at expected runtime3, should not run
+            # _next_fire_time should be None
+            self.schedule.eval(now=run_time3)
+            ret = self.schedule.job_status(job_name)
+            self.assertEqual(ret['_last_run'], run_time2)
+            self.assertEqual(ret['_next_fire_time'], None)
+
    def test_eval_when_splay_in_past(self):
        '''
        verify that scheduled job runs
--- a/tests/support/case.py
+++ b/tests/support/case.py
@ -175,9 +175,12 @@ class ShellTestCase(TestCase, AdaptedConfigurationTestCaseMixin, ScriptPathMixin
        arg_str = '--config-dir {0} {1}'.format(self.config_dir, arg_str)
        return self.run_script('salt-cp', arg_str, with_retcode=with_retcode, catch_stderr=catch_stderr)

-    def run_call(self, arg_str, with_retcode=False, catch_stderr=False, local=False, timeout=15):
+    def run_call(self, arg_str, with_retcode=False, catch_stderr=False,
+            local=False, timeout=15, config_dir=None):
+        if not config_dir:
+            config_dir = self.config_dir
        arg_str = '{0} --config-dir {1} {2}'.format('--local' if local else '',
-                                                    self.config_dir, arg_str)
+                                                    config_dir, arg_str)

        return self.run_script('salt-call',
                               arg_str,
@ -582,12 +585,14 @@ class ShellCase(ShellTestCase, AdaptedConfigurationTestCaseMixin, ScriptPathMixi
                               timeout=timeout)

    def run_call(self, arg_str, with_retcode=False, catch_stderr=False,  # pylint: disable=W0221
-            local=False, timeout=RUN_TIMEOUT):
+            local=False, timeout=RUN_TIMEOUT, config_dir=None):
        '''
        Execute salt-call.
        '''
+        if not config_dir:
+            config_dir = self.config_dir
        arg_str = '{0} --config-dir {1} {2}'.format('--local' if local else '',
-                                                    self.config_dir, arg_str)
+                                                    config_dir, arg_str)
        ret = self.run_script('salt-call',
                              arg_str,
                              with_retcode=with_retcode,
@ -772,8 +777,6 @@ class ModuleCase(TestCase, SaltClientTestCaseMixin):
            'ssh.recv_known_host_entries',
            'time.sleep'
        )
-        if minion_tgt == 'sub_minion':
-            known_to_return_none += ('mine.update',)
        if 'f_arg' in kwargs:
            kwargs['arg'] = kwargs.pop('f_arg')
        if 'f_timeout' in kwargs:
--- a/tests/unit/grains/test_core.py
+++ b/tests/unit/grains/test_core.py
@ -1485,3 +1485,19 @@ class CoreGrainsTestCase(TestCase, LoaderModuleMockMixin):

        self.assertIn('osfullname', os_grains)
        self.assertEqual(os_grains.get('osfullname'), 'FreeBSD')
+
+    def test_saltversioninfo(self):
+        '''
+        test saltversioninfo core grain.
+        '''
+        ret = core.saltversioninfo()
+        info = ret['saltversioninfo']
+        assert isinstance(ret, dict)
+        assert isinstance(info, list)
+        try:
+            assert len(info) == 1
+        except AssertionError:
+            # We have a minor version we need to test
+            assert len(info) == 2
+        assert all([x is not None for x in info])
+        assert all([isinstance(x, int) for x in info])
--- a/tests/unit/modules/test_mine.py
+++ b/tests/unit/modules/test_mine.py
@ -43,6 +43,9 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
    Test cases for salt.modules.mine
    '''
    def setUp(self):
+        self.kernel_ret = 'Linux!'
+        self.foo_ret = 'baz'
+        self.ip_ret = '2001:db8::1:3'
        self.cache = FakeCache()

    def setup_loader_modules(self):
@ -94,15 +97,16 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        '''
        Tests sending an item to the mine in the minion's local cache,
        and then immediately fetching it again (since tests are executed unordered).
-        Also verify that the stored mine cache has the correct structure (with ACL).
+        Also verify that the stored mine cache does not use ACL data structure
+        without allow_tgt passed.
        '''
        with patch.dict(mine.__opts__, {
                    'file_client': 'local',
                    'id': 'webserver',
                }), \
                patch.dict(mine.__salt__, {
-                    'network.ip_addrs': MagicMock(return_value='2001:db8::1:3'),
-                    'foo.bar': MagicMock(return_value='baz'),
+                    'network.ip_addrs': MagicMock(return_value=self.ip_ret),
+                    'foo.bar': MagicMock(return_value=self.foo_ret),
                }):
            ret = mine.send('ip_addr', mine_function='network.ip_addrs')
            mine.send('foo.bar')
@ -110,14 +114,8 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        self.assertEqual(
            self.cache.fetch('minions/webserver', 'mine_cache'),
            {
-                'ip_addr': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:3',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
-                'foo.bar': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: 'baz',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
+                'ip_addr': self.ip_ret,
+                'foo.bar': self.foo_ret,
            }
        )
        with patch.dict(mine.__opts__, {
@ -128,9 +126,9 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
            ret_single_dict = mine.get('*', ['ip_addr'])
            ret_multi = mine.get('*', 'ip_addr,foo.bar')
            ret_multi2 = mine.get('*', ['ip_addr', 'foo.bar'])
-        self.assertEqual(ret_single, {'webserver': '2001:db8::1:3'})
-        self.assertEqual(ret_single_dict, {'ip_addr': {'webserver': '2001:db8::1:3'}})
-        self.assertEqual(ret_multi, {'ip_addr': {'webserver': '2001:db8::1:3'}, 'foo.bar': {'webserver': 'baz'}})
+        self.assertEqual(ret_single, {'webserver': self.ip_ret})
+        self.assertEqual(ret_single_dict, {'ip_addr': {'webserver': self.ip_ret}})
+        self.assertEqual(ret_multi, {'ip_addr': {'webserver': self.ip_ret}, 'foo.bar': {'webserver': self.foo_ret}})
        self.assertEqual(ret_multi, ret_multi2)

    def test_send_get_acl_local(self):
@ -138,15 +136,16 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        Tests sending an item to the mine in the minion's local cache,
        including ACL information (useless when only working locally, but hey),
        and then immediately fetching it again (since tests are executed unordered).
-        Also verify that the stored mine cache has the correct structure (with ACL).
+        Also verify that the stored mine cache has the correct structure (with ACL)
+        when using allow_tgt and no ACL without allow_tgt.
        '''
        with patch.dict(mine.__opts__, {
                    'file_client': 'local',
                    'id': 'webserver',
                }), \
                patch.dict(mine.__salt__, {
-                    'network.ip_addrs': MagicMock(return_value='2001:db8::1:3'),
-                    'foo.bar': MagicMock(return_value='baz'),
+                    'network.ip_addrs': MagicMock(return_value=self.ip_ret),
+                    'foo.bar': MagicMock(return_value=self.foo_ret),
                }):
            ret = mine.send('ip_addr', mine_function='network.ip_addrs', allow_tgt='web*', allow_tgt_type='glob')
            mine.send('foo.bar')
@ -155,15 +154,12 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
            self.cache.fetch('minions/webserver', 'mine_cache'),
            {
                'ip_addr': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:3',
+                    salt.utils.mine.MINE_ITEM_ACL_DATA: self.ip_ret,
                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
                    'allow_tgt': 'web*',
                    'allow_tgt_type': 'glob',
                },
-                'foo.bar': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: 'baz',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
+                'foo.bar': self.foo_ret,
            }
        )
        with patch.dict(mine.__opts__, {
@ -171,7 +167,7 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
                    'id': 'webserver',
                }):
            ret_single = mine.get('*', 'ip_addr')
-        self.assertEqual(ret_single, {'webserver': '2001:db8::1:3'})
+        self.assertEqual(ret_single, {'webserver': self.ip_ret})

    def test_send_master(self):
        '''
@ -180,7 +176,7 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        '''
        with patch.object(mine, '_mine_send', MagicMock(side_effect=lambda x, y: x)),\
                patch.dict(mine.__salt__, {
-                    'foo.bar': MagicMock(return_value='baz'),
+                    'foo.bar': MagicMock(return_value=self.foo_ret),
                }), \
                patch.dict(mine.__opts__, {
                    'file_client': 'remote',
@ -192,12 +188,7 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
            {
                'id': 'foo',
                'cmd': '_mine',
-                'data': {
-                    'foo.bar': {
-                        salt.utils.mine.MINE_ITEM_ACL_DATA: 'baz',
-                        salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                    },
-                },
+                'data': {'foo.bar': self.foo_ret},
                'clear': False,
            }
        )
@ -209,7 +200,7 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        '''
        with patch.object(mine, '_mine_send', MagicMock(side_effect=lambda x, y: x)),\
                patch.dict(mine.__salt__, {
-                    'foo.bar': MagicMock(return_value='baz'),
+                    'foo.bar': MagicMock(return_value=self.foo_ret),
                }), \
                patch.dict(mine.__opts__, {
                    'file_client': 'remote',
@ -223,7 +214,7 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
                'cmd': '_mine',
                'data': {
                    'foo.bar': {
-                        salt.utils.mine.MINE_ITEM_ACL_DATA: 'baz',
+                        salt.utils.mine.MINE_ITEM_ACL_DATA: self.foo_ret,
                        salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
                        'allow_tgt': 'roles:web',
                        'allow_tgt_type': 'grains',
@ -239,7 +230,7 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        '''
        mock_load = {
            'tgt_type': 'qux',
-            'tgt': 'baz',
+            'tgt': self.foo_ret,
            'cmd': '_mine_get',
            'fun': 'foo.bar',
            'id': 'foo'
@ -292,9 +283,9 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
                }), \
                patch.dict(mine.__salt__, {
                    'config.merge': MagicMock(return_value=config_mine_functions),
-                    'grains.get': lambda x: 'Linux!',
-                    'network.ip_addrs': MagicMock(return_value='2001:db8::1:3'),
-                    'foo.bar': MagicMock(return_value='baz'),
+                    'grains.get': lambda x: self.kernel_ret,
+                    'network.ip_addrs': MagicMock(return_value=self.ip_ret),
+                    'foo.bar': MagicMock(return_value=self.foo_ret),
                }):
            ret = mine.update()
        self.assertEqual(ret, 'FakeCache:StoreSuccess!')
@ -302,22 +293,16 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        self.assertEqual(
            self.cache.fetch('minions/webserver', 'mine_cache'),
            {
-                'ip_addr': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:3',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
-                'network.ip_addrs': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:3',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
+                'ip_addr': self.ip_ret,
+                'network.ip_addrs': self.ip_ret,
                'foo.bar': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: 'baz',
+                    salt.utils.mine.MINE_ITEM_ACL_DATA: self.foo_ret,
                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
                    'allow_tgt': 'G@roles:webserver',
                    'allow_tgt_type': 'compound',
                },
                'kernel': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: 'Linux!',
+                    salt.utils.mine.MINE_ITEM_ACL_DATA: self.kernel_ret,
                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
                    'allow_tgt': 'web*',
                },
@ -343,8 +328,8 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
                patch.dict(mine.__salt__, {
                    'config.merge': MagicMock(return_value={}),
                    'grains.get': lambda x: 'Linux!!',
-                    'network.ip_addrs': MagicMock(return_value='2001:db8::1:4'),
-                    'foo.bar': MagicMock(return_value='baz'),
+                    'network.ip_addrs': MagicMock(return_value=self.ip_ret),
+                    'foo.bar': MagicMock(return_value=self.foo_ret),
                }):
            ret = mine.update(mine_functions=manual_mine_functions)
        self.assertEqual(ret, 'FakeCache:StoreSuccess!')
@ -352,16 +337,10 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
        self.assertEqual(
            self.cache.fetch('minions/webserver', 'mine_cache'),
            {
-                'ip_addr': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:4',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
-                'network.ip_addrs': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:4',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
+                'ip_addr': self.ip_ret,
+                'network.ip_addrs': self.ip_ret,
                'foo.bar': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: 'baz',
+                    salt.utils.mine.MINE_ITEM_ACL_DATA: self.foo_ret,
                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
                    'allow_tgt': 'G@roles:webserver',
                    'allow_tgt_type': 'compound',
@ -388,22 +367,10 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
            'id': 'webserver',
            'cmd': '_mine',
            'data': {
-                'ip_addr': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:3',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
-                'network.ip_addrs': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: '2001:db8::1:3',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
-                'foo.bar': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: 'baz',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
-                'kernel': {
-                    salt.utils.mine.MINE_ITEM_ACL_DATA: 'Linux!',
-                    salt.utils.mine.MINE_ITEM_ACL_ID: salt.utils.mine.MINE_ITEM_ACL_VERSION,
-                },
+                'ip_addr': self.ip_ret,
+                'network.ip_addrs': self.ip_ret,
+                'foo.bar': self.foo_ret,
+                'kernel': self.kernel_ret,
            },
            'clear': False,
        }
@ -415,9 +382,9 @@ class MineTestCase(TestCase, LoaderModuleMockMixin):
                }), \
                patch.dict(mine.__salt__, {
                    'config.merge': MagicMock(return_value=config_mine_functions),
-                    'grains.get': lambda x: 'Linux!',
-                    'network.ip_addrs': MagicMock(return_value='2001:db8::1:3'),
-                    'foo.bar': MagicMock(return_value='baz'),
+                    'grains.get': lambda x: self.kernel_ret,
+                    'network.ip_addrs': MagicMock(return_value=self.ip_ret),
+                    'foo.bar': MagicMock(return_value=self.foo_ret),
                }):
            # Verify the correct load
            self.assertEqual(
--- a/tests/unit/modules/test_mysql.py
+++ b/tests/unit/modules/test_mysql.py
@ -127,23 +127,28 @@ class MySQLTestCase(TestCase, LoaderModuleMockMixin):
            )

        with patch.object(mysql, 'version', return_value='8.0.11'):
-            self._test_call(mysql.user_exists,
-                            {'sql': ('SELECT User,Host FROM mysql.user WHERE '
-                                     'User = %(user)s AND Host = %(host)s'),
-                             'sql_args': {'host': '%',
-                                          'user': 'mytestuser'
-                                         }
-                            },
-                            user='mytestuser',
-                            host='%',
-                            password='BLUECOW'
-            )
+            with patch.object(mysql, '__get_auth_plugin', MagicMock(return_value='mysql_native_password')):
+                self._test_call(mysql.user_exists,
+                                {'sql': ('SELECT User,Host FROM mysql.user WHERE '
+                                         'User = %(user)s AND Host = %(host)s AND '
+                                         'Password = %(password)s'),
+                                 'sql_args': {'host': '%',
+                                              'password': '*1A01CF8FBE6425398935FB90359AD8B817399102',
+                                              'user': 'mytestuser'
+                                             }
+                                },
+                                user='mytestuser',
+                                host='%',
+                                password='BLUECOW'
+                )

        with patch.object(mysql, 'version', return_value='10.2.21-MariaDB'):
            self._test_call(mysql.user_exists,
                            {'sql': ('SELECT User,Host FROM mysql.user WHERE '
-                                     'User = %(user)s AND Host = %(host)s'),
+                                     'User = %(user)s AND Host = %(host)s AND '
+                                     'Password = PASSWORD(%(password)s)'),
                             'sql_args': {'host': 'localhost',
+                                          'password': 'BLUECOW',
                                          'user': 'mytestuser'
                                         }
                            },
@ -175,16 +180,59 @@ class MySQLTestCase(TestCase, LoaderModuleMockMixin):
        '''
        Test the creation of a MySQL user in mysql exec module
        '''
-        self._test_call(mysql.user_create,
-                        {'sql': 'CREATE USER %(user)s@%(host)s IDENTIFIED BY %(password)s',
-                         'sql_args': {'password': 'BLUECOW',
-                                      'user': 'testuser',
-                                      'host': 'localhost',
-                                     }
-                        },
-                        'testuser',
-                        password='BLUECOW'
-        )
+        with patch.object(mysql, 'version', return_value='8.0.10'):
+            with patch.object(mysql, '__get_auth_plugin', MagicMock(return_value='mysql_native_password')):
+                self._test_call(mysql.user_create,
+                                {'sql': 'CREATE USER %(user)s@%(host)s IDENTIFIED BY %(password)s',
+                                 'sql_args': {'password': 'BLUECOW',
+                                              'user': 'testuser',
+                                              'host': 'localhost',
+                                             }
+                                },
+                                'testuser',
+                                password='BLUECOW'
+                )
+
+        with patch.object(mysql, 'version', return_value='8.0.11'):
+            with patch.object(mysql, '__get_auth_plugin', MagicMock(return_value='mysql_native_password')):
+                self._test_call(mysql.user_create,
+                                {'sql': 'CREATE USER %(user)s@%(host)s IDENTIFIED WITH %(auth_plugin)s BY %(password)s',
+                                 'sql_args': {'password': 'BLUECOW',
+                                              'auth_plugin': 'mysql_native_password',
+                                              'user': 'testuser',
+                                              'host': 'localhost',
+                                             }
+                                },
+                                'testuser',
+                                password='BLUECOW'
+                )
+
+        # Test creating a user with passwordless=True and unix_socket=True
+        with patch.object(mysql, 'version', return_value='8.0.10'):
+            with patch.object(mysql, 'plugin_status', MagicMock(return_value='ACTIVE')):
+                self._test_call(mysql.user_create,
+                                {'sql': 'CREATE USER %(user)s@%(host)s IDENTIFIED WITH auth_socket',
+                                 'sql_args': {'user': 'testuser',
+                                              'host': 'localhost',
+                                             }
+                                },
+                                'testuser',
+                                allow_passwordless=True,
+                                unix_socket=True,
+                )
+
+        with patch.object(mysql, 'version', return_value='10.2.21-MariaDB'):
+            with patch.object(mysql, 'plugin_status', MagicMock(return_value='ACTIVE')):
+                self._test_call(mysql.user_create,
+                                {'sql': 'CREATE USER %(user)s@%(host)s IDENTIFIED VIA unix_socket',
+                                 'sql_args': {'user': 'testuser',
+                                              'host': 'localhost',
+                                             }
+                                },
+                                'testuser',
+                                allow_passwordless=True,
+                                unix_socket=True,
+                )

    def test_user_chpass(self):
        '''
@ -193,49 +241,52 @@ class MySQLTestCase(TestCase, LoaderModuleMockMixin):
        connect_mock = MagicMock()
        with patch.object(mysql, '_connect', connect_mock):
            with patch.object(mysql, 'version', return_value='8.0.10'):
-                with patch.dict(mysql.__salt__, {'config.option': MagicMock()}):
-                    mysql.user_chpass('testuser', password='BLUECOW')
-                    calls = (
-                        call().cursor().execute(
-                            'UPDATE mysql.user SET Password=PASSWORD(%(password)s) WHERE User=%(user)s AND Host = %(host)s;',
-                            {'password': 'BLUECOW',
-                             'user': 'testuser',
-                             'host': 'localhost',
-                            }
-                        ),
-                        call().cursor().execute('FLUSH PRIVILEGES;'),
-                    )
-                    connect_mock.assert_has_calls(calls, any_order=True)
+                with patch.object(mysql, 'user_exists', MagicMock(return_value=True)):
+                    with patch.dict(mysql.__salt__, {'config.option': MagicMock()}):
+                        mysql.user_chpass('testuser', password='BLUECOW')
+                        calls = (
+                            call().cursor().execute(
+                                'UPDATE mysql.user SET Password=PASSWORD(%(password)s) WHERE User=%(user)s AND Host = %(host)s;',
+                                {'password': 'BLUECOW',
+                                 'user': 'testuser',
+                                 'host': 'localhost',
+                                }
+                            ),
+                            call().cursor().execute('FLUSH PRIVILEGES;'),
+                        )
+                        connect_mock.assert_has_calls(calls, any_order=True)

        connect_mock = MagicMock()
        with patch.object(mysql, '_connect', connect_mock):
            with patch.object(mysql, 'version', return_value='8.0.11'):
-                with patch.dict(mysql.__salt__, {'config.option': MagicMock()}):
-                    mysql.user_chpass('testuser', password='BLUECOW')
-                    calls = (
-                        call().cursor().execute(
-                            "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;",
-                            {'password': 'BLUECOW',
-                             'user': 'testuser',
-                             'host': 'localhost',
-                            }
-                        ),
-                        call().cursor().execute('FLUSH PRIVILEGES;'),
-                    )
-                    connect_mock.assert_has_calls(calls, any_order=True)
+                with patch.object(mysql, 'user_exists', MagicMock(return_value=True)):
+                    with patch.dict(mysql.__salt__, {'config.option': MagicMock()}):
+                        mysql.user_chpass('testuser', password='BLUECOW')
+                        calls = (
+                            call().cursor().execute(
+                                "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;",
+                                {'password': 'BLUECOW',
+                                 'user': 'testuser',
+                                 'host': 'localhost',
+                                }
+                            ),
+                            call().cursor().execute('FLUSH PRIVILEGES;'),
+                        )
+                        connect_mock.assert_has_calls(calls, any_order=True)

    def test_user_remove(self):
        '''
        Test the removal of a MySQL user in mysql exec module
        '''
-        self._test_call(mysql.user_remove,
-                        {'sql': 'DROP USER %(user)s@%(host)s',
-                         'sql_args': {'user': 'testuser',
-                                      'host': 'localhost',
-                                     }
-                        },
-                        'testuser'
-        )
+        with patch.object(mysql, 'user_exists', MagicMock(return_value=True)):
+            self._test_call(mysql.user_remove,
+                            {'sql': 'DROP USER %(user)s@%(host)s',
+                             'sql_args': {'user': 'testuser',
+                                          'host': 'localhost',
+                                         }
+                            },
+                            'testuser'
+            )

    def test_db_check(self):
        '''
@ -458,6 +509,36 @@ class MySQLTestCase(TestCase, LoaderModuleMockMixin):
            expected = 'MySQL Error 9999: Something Went Wrong'
            self.assertEqual(mysql.__context__['mysql.error'], expected)

+    def test_plugin_add(self):
+        '''
+        Test the adding/installing a MySQL / MariaDB plugin
+        '''
+        with patch.object(mysql, 'plugin_status', MagicMock(return_value='')):
+            self._test_call(mysql.plugin_add,
+                            'INSTALL PLUGIN auth_socket SONAME "auth_socket.so"',
+                            'auth_socket',
+            )
+
+    def test_plugin_remove(self):
+        '''
+        Test the removing/uninstalling a MySQL / MariaDB plugin
+        '''
+        with patch.object(mysql, 'plugin_status', MagicMock(return_value='ACTIVE')):
+            self._test_call(mysql.plugin_remove,
+                            'UNINSTALL PLUGIN auth_socket',
+                            'auth_socket',
+            )
+
+    def test_plugin_status(self):
+        '''
+        Test checking the status of a MySQL / MariaDB plugin
+        '''
+        self._test_call(mysql.plugin_status,
+                        {'sql': 'SELECT PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = %(name)s',
+                         'sql_args': {'name': 'auth_socket'}
+                        },
+                        'auth_socket')
+
    def _test_call(self, function, expected_sql, *args, **kwargs):
        connect_mock = MagicMock()
        with patch.object(mysql, '_connect', connect_mock):
--- a/tests/unit/modules/test_pdbedit.py
+++ b/tests/unit/modules/test_pdbedit.py
@ -9,6 +9,10 @@ import salt.modules.pdbedit as pdbedit
 # Import Salt Testing Libs
 from tests.support.mixins import LoaderModuleMockMixin
 from tests.support.unit import TestCase
+from tests.support.mock import (
+    MagicMock,
+    patch,
+)


 class PdbeditTestCase(TestCase, LoaderModuleMockMixin):
@ -19,6 +23,44 @@ class PdbeditTestCase(TestCase, LoaderModuleMockMixin):
    def setup_loader_modules(self):
        return {pdbedit: {}}

+    def test_version(self):
+        '''
+        Test salt.modules.__virtual__'s handling of pdbedit versions
+        '''
+        mock_bad_ver = MagicMock(return_value='Ver 1.1a')
+        mock_old_ver = MagicMock(return_value='Version 1.0.0')
+        mock_exa_ver = MagicMock(return_value='Version 4.8.0')
+        mock_new_ver = MagicMock(return_value='Version 4.9.2')
+
+        # NOTE: no pdbedit installed
+        with patch('salt.utils.path.which', MagicMock(return_value=None)):
+            ret = pdbedit.__virtual__()
+            self.assertEqual(ret, (False, 'pdbedit command is not available'))
+
+        # NOTE: pdbedit is not returning a valid version
+        with patch('salt.utils.path.which', MagicMock(return_value='/opt/local/bin/pdbedit')), \
+            patch('salt.modules.cmdmod.run', mock_bad_ver):
+            ret = pdbedit.__virtual__()
+            self.assertEqual(ret, (False, 'pdbedit -V returned an unknown version format'))
+
+        # NOTE: pdbedit is too old
+        with patch('salt.utils.path.which', MagicMock(return_value='/opt/local/bin/pdbedit')), \
+            patch('salt.modules.cmdmod.run', mock_old_ver):
+            ret = pdbedit.__virtual__()
+            self.assertEqual(ret, (False, 'pdbedit is to old, 4.8.0 or newer is required'))
+
+        # NOTE: pdbedit is exactly 4.8.0
+        with patch('salt.utils.path.which', MagicMock(return_value='/opt/local/bin/pdbedit')), \
+            patch('salt.modules.cmdmod.run', mock_exa_ver):
+            ret = pdbedit.__virtual__()
+            self.assertEqual(ret, 'pdbedit')
+
+        # NOTE: pdbedit is newer than 4.8.0
+        with patch('salt.utils.path.which', MagicMock(return_value='/opt/local/bin/pdbedit')), \
+            patch('salt.modules.cmdmod.run', mock_new_ver):
+            ret = pdbedit.__virtual__()
+            self.assertEqual(ret, 'pdbedit')
+
    def test_generate_nt_hash(self):
        '''
        Test salt.modules.pdbedit.generate_nt_hash
--- a/tests/unit/states/test_smartos.py
+++ b/tests/unit/states/test_smartos.py
@ -5,6 +5,7 @@ from __future__ import absolute_import, print_function, unicode_literals

 # Import Salt Libs
 import salt.states.smartos as smartos
+from salt.utils.odict import OrderedDict

 # Import Salt Testing Libs
 from tests.support.mixins import LoaderModuleMockMixin
@ -34,3 +35,46 @@ class SmartOsTestCase(TestCase, LoaderModuleMockMixin):
                ret = smartos.config_present(name=name, value=value)
        assert not ret['result']
        assert ret['comment'] == 'Could not add property {0} with value "{1}" to config'.format(name, value)
+
+    def test_parse_vmconfig_vrrp(self):
+        '''
+        Test _parse_vmconfig's vrid -> mac convertor
+
+        SmartOS will always use a mac based on the vrrp_vrid,
+        so we will replace the provided mac with the one based
+        on this value.
+
+        Doing so ensures that 'old' nics are removed and 'new'
+        nics get added as these actions are keyed on the mac
+        property.
+        '''
+        # NOTE: vmconfig is not a full vmadm payload,
+        #       this is not an issue given we are only testing
+        #       the vrrp_vrid to mac conversions
+        ret = smartos._parse_vmconfig(
+            OrderedDict([
+                ('nics', OrderedDict([
+                    ('00:00:5e:00:01:01', OrderedDict([
+                        ('vrrp_vrid', 1),
+                        ('vrrp_primary_ip', '12.34.5.6'),
+                    ])),
+                    ('00:00:5e:00:01:24', OrderedDict([
+                        ('vrrp_vrid', 240),
+                        ('vrrp_primary_ip', '12.34.5.6'),
+                    ])),
+                    ('00:22:06:00:00:01', OrderedDict([
+                        ('ips', ['12.34.5.6/24']),
+                    ]))
+                ]))
+            ]),
+            {'nics': 'mac'},
+        )
+
+        # NOTE: nics.0 is a vrrp nic with correct mac (check mac == vrid based -> unchanged)
+        assert ret['nics'][0]['mac'] == '00:00:5e:00:01:01'
+
+        # NOTE: nics.1 is a vrrp nic with incorrect mac (check mac == vrid based -> changed)
+        assert ret['nics'][1]['mac'] == '00:00:5e:00:01:f0'
+
+        # NOTE: nics.2 was not a vrrp nic (check mac was not changed)
+        assert ret['nics'][2]['mac'] == '00:22:06:00:00:01'
--- a/tests/unit/test_ext.py
+++ b/tests/unit/test_ext.py
@ -14,6 +14,7 @@ from tests.support.runtests import RUNTIME_VARS
 import tests.support.helpers

 # Import Salt libs
+import salt
 import salt.ext.six
 import salt.modules.cmdmod
 import salt.utils.platform
@ -95,3 +96,10 @@ class VendorTornadoTest(TestCase):
            log.error("Test found bad line: %s", line)
            valid_lines.append(line)
        assert valid_lines == [], len(valid_lines)
+
+    def test_regression_56063(self):
+        importer = salt.TornadoImporter()
+        try:
+            importer.find_module('tornado')
+        except TypeError:
+            assert False, 'TornadoImporter raised type error when one argument passed'
--- a/tests/unit/test_module_names.py
+++ b/tests/unit/test_module_names.py
@ -134,8 +134,9 @@ class BadTestModuleNamesTestCase(TestCase):
            'integration.logging.handlers.test_logstash_mod',
            'integration.master.test_event_return',
            'integration.minion.test_blackout',
-            'integration.minion.test_pillar',
            'integration.minion.test_executor',
+            'integration.minion.test_minion_cache',
+            'integration.minion.test_pillar',
            'integration.minion.test_timeout',
            'integration.modules.test_decorators',
            'integration.modules.test_pkg',
--- a/tests/unit/test_version.py
+++ b/tests/unit/test_version.py
@ -37,8 +37,11 @@ class VersionTestCase(TestCase):
            ('v2014.1.4.1', (2014, 1, 4, 1, '', 0, 0, None), None),
            ('v2014.1.4.1rc3-n/a-abcdefff', (2014, 1, 4, 1, 'rc', 3, -1, 'abcdefff'), None),
            ('v3.4.1.1', (3, 4, 1, 1, '', 0, 0, None), None),
-            ('v3000', (3000, None, None, 0, '', 0, 0, None), '3000'),
-            ('v3000rc1', (3000, None, None, 0, 'rc', 1, 0, None), '3000rc1'),
+            ('v3000', (3000, '', 0, 0, None), '3000'),
+            ('v3000.0', (3000, '', 0, 0, None), '3000'),
+            ('v4518.1', (4518, 1, '', 0, 0, None), '4518.1'),
+            ('v3000rc1', (3000, 'rc', 1, 0, None), '3000rc1'),
+            ('v3000rc1-n/a-abcdefff', (3000, 'rc', 1, -1, 'abcdefff'), None),

        )

@ -76,6 +79,9 @@ class VersionTestCase(TestCase):
            # version scheme in the future
            # but still adding test for it
            ('v3000', 'v3000.0rc1'),
+            ('v3000.1rc1', 'v3000.0rc1'),
+            ('v3000', 'v2019.2.1rc1'),
+            ('v3001rc1', 'v2019.2.1rc1'),
        )
        for higher_version, lower_version in examples:
            self.assertTrue(SaltStackVersion.parse(higher_version) > lower_version)
@ -154,6 +160,45 @@ class VersionTestCase(TestCase):
        assert ver.bugfix == 0
        assert ver.string == '{0}.{1}.0'.format(maj_ver, min_ver)

+    def test_noc_info(self):
+        '''
+        Test noc_info property method
+        '''
+        expect = (
+            ('v2014.1.4.1rc3-n/a-abcdefff', (2014, 1, 4, 1, 'rc', 3, -1)),
+            ('v3.4.1.1', (3, 4, 1, 1, '', 0, 0)),
+            ('v3000', (3000, '', 0, 0)),
+            ('v3000.0', (3000, '', 0, 0)),
+            ('v4518.1', (4518, 1, '', 0, 0)),
+            ('v3000rc1', (3000, 'rc', 1, 0)),
+            ('v3000rc1-n/a-abcdefff', (3000, 'rc', 1, -1)),
+        )
+
+        for vstr, noc_info in expect:
+            saltstack_version = SaltStackVersion.parse(vstr)
+            assert saltstack_version.noc_info, noc_info
+            assert len(saltstack_version.noc_info) == len(noc_info)
+
+    def test_full_info(self):
+        '''
+        Test full_Info property method
+        '''
+        expect = (
+            ('v2014.1.4.1rc3-n/a-abcdefff', (2014, 1, 4, 1, 'rc', 3, -1, 'abcdefff')),
+            ('v3.4.1.1', (3, 4, 1, 1, '', 0, 0, None)),
+            ('v3000', (3000, '', 0, 0, None)),
+            ('v3000.0', (3000, '', 0, 0, None)),
+            ('v4518.1', (4518, 1, '', 0, 0, None)),
+            ('v3000rc1', (3000, 'rc', 1, 0, None)),
+            ('v3000rc1-n/a-abcdefff', (3000, 'rc', 1, -1, 'abcdefff')),
+
+        )
+
+        for vstr, full_info in expect:
+            saltstack_version = SaltStackVersion.parse(vstr)
+            assert saltstack_version.full_info, full_info
+            assert len(saltstack_version.full_info) == len(full_info)
+
    def test_discover_version(self):
        '''
        Test call to __discover_version
@ -180,3 +225,31 @@ class VersionTestCase(TestCase):
                with proc_mock, patch_os:
                    ret = getattr(salt.version, '__discover_version')(salt_ver)
                assert ret == exp
+
+    def test_info_new_version(self):
+        '''
+        test info property method with new versioning scheme
+        '''
+        vers = ((3000, None, None),
+                (3000, 1, None),
+                (3001, 0, None))
+        for maj_ver, min_ver, bug_fix in vers:
+            ver = SaltStackVersion(major=maj_ver, minor=min_ver, bugfix=bug_fix)
+            if min_ver:
+                assert ver.info == (maj_ver, min_ver)
+            else:
+                assert ver.info == (maj_ver,)
+
+    def test_info_old_version(self):
+        '''
+        test info property method with old versioning scheme
+        '''
+        vers = ((2019, 2, 1),
+                (2018, 3, 0),
+                (2017, 7, None))
+        for maj_ver, min_ver, bug_fix in vers:
+            ver = SaltStackVersion(major=maj_ver, minor=min_ver, bugfix=bug_fix)
+            if bug_fix is None:
+                assert ver.info == (maj_ver, min_ver, 0, 0)
+            else:
+                assert ver.info == (maj_ver, min_ver, bug_fix, 0)