saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch '2018.3' into optimize-firewalld-state

Browse source
This commit is contained in:
Neile Havens 2018-10-05 16:48:42 -05:00 committed by GitHub
commit 7cebab4a08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 395 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.ci/kitchen-ubuntu1604-py2
View file

@ -62,7 +62,7 @@ timeout(time: 6, unit: 'HOURS') {
} finally {
cleanWs notFailBuild: true
def currentResult = currentBuild.result ?: 'SUCCESS'
if ( currentResult == 'SUCCESS') {
if (currentResult == 'SUCCESS') {
githubNotify credentialsId: 'test-jenkins-credentials',
description: "The ${TEST_SUITE}-${TEST_PLATFORM} job has passed",
status: 'SUCCESS',

9
Gemfile
View file

@ -12,12 +12,15 @@ group :docker do
end
group :windows do
gem 'vagrant-wrapper'
gem 'kitchen-vagrant'
gem 'winrm', '~>2.0'
gem 'winrm-fs', '~>1.2.1'
gem 'winrm-fs', :git => 'https://github.com/dwoz/winrm-fs.git', :branch => 'chunked_downloads'
end
group :ec2 do
gem 'kitchen-ec2'
end
group :vagrant do
gem 'vagrant-wrapper'
gem 'kitchen-vagrant'
end

36
salt/modules/win_file.py
View file

@ -35,7 +35,7 @@ import fnmatch # do not remove, used in imported file.py functions
import mmap # do not remove, used in imported file.py functions
import glob # do not remove, used in imported file.py functions
# do not remove, used in imported file.py functions
import salt.ext.six as six # pylint: disable=import-error,no-name-in-module
from salt.ext import six
from salt.ext.six.moves.urllib.parse import urlparse as _urlparse # pylint: disable=import-error,no-name-in-module
import salt.utils.atomicfile # do not remove, used in imported file.py functions
from salt.exceptions import CommandExecutionError, SaltInvocationError
@ -1700,7 +1700,7 @@ def check_perms(path,
if isinstance(deny_perms[user]['perms'], six.string_types):
if not salt.utils.win_dacl.has_permission(
obj_name=path,
principal=user,
principal=user_name,
permission=deny_perms[user]['perms'],
access_mode='deny',
exact=False):
@ -1708,7 +1708,11 @@ def check_perms(path,
else:
for perm in deny_perms[user]['perms']:
if not salt.utils.win_dacl.has_permission(
path, user, perm, 'deny', exact=False):
obj_name=path,
principal=user_name,
permission=perm,
access_mode='deny',
exact=False):
if user not in changes:
changes[user] = {'perms': []}
changes[user]['perms'].append(deny_perms[user]['perms'])
@ -1775,7 +1779,7 @@ def check_perms(path,
try:
salt.utils.win_dacl.set_permissions(
obj_name=path,
principal=user,
principal=user_name,
permissions=perms,
access_mode='deny',
applies_to=applies_to)
@ -1819,7 +1823,7 @@ def check_perms(path,
if isinstance(grant_perms[user]['perms'], six.string_types):
if not salt.utils.win_dacl.has_permission(
obj_name=path,
principal=user,
principal=user_name,
permission=grant_perms[user]['perms'],
access_mode='grant'):
changes[user] = {'perms': grant_perms[user]['perms']}
@ -1827,7 +1831,7 @@ def check_perms(path,
for perm in grant_perms[user]['perms']:
if not salt.utils.win_dacl.has_permission(
obj_name=path,
principal=user,
principal=user_name,
permission=perm,
access_mode='grant',
exact=False):
@ -1894,7 +1898,7 @@ def check_perms(path,
try:
salt.utils.win_dacl.set_permissions(
obj_name=path,
principal=user,
principal=user_name,
permissions=perms,
access_mode='grant',
applies_to=applies_to)
@ -1925,10 +1929,14 @@ def check_perms(path,
# Check reset
# If reset=True, which users will be removed as a result
if reset:
# Reload perms so you can reset them
cur_perms = salt.utils.win_dacl.get_permissions(obj_name=path)
for user_name in cur_perms:
if user_name not in grant_perms:
if 'grant' in cur_perms[user_name] and not \
cur_perms[user_name]['grant']['inherited']:
if grant_perms is not None and \
user_name.lower() not in dict(
(k.lower(), v) for k, v in six.iteritems(grant_perms)):
if 'grant' in cur_perms[user_name] and \
not cur_perms[user_name]['grant']['inherited']:
if __opts__['test'] is True:
if 'remove_perms' not in ret['pchanges']:
ret['pchanges']['remove_perms'] = {}
@ -1943,9 +1951,11 @@ def check_perms(path,
ace_type='grant')
ret['changes']['remove_perms'].update(
{user_name: cur_perms[user_name]})
if user_name not in deny_perms:
if 'deny' in cur_perms[user_name] and not \
cur_perms[user_name]['deny']['inherited']:
if deny_perms is not None and \
user_name.lower() not in dict(
(k.lower(), v) for k, v in six.iteritems(deny_perms)):
if 'deny' in cur_perms[user_name] and \
not cur_perms[user_name]['deny']['inherited']:
if __opts__['test'] is True:
if 'remove_perms' not in ret['pchanges']:
ret['pchanges']['remove_perms'] = {}

18
salt/spm/__init__.py
View file

@ -95,6 +95,8 @@ class SPMClient(object):
self.files_prov = self.opts.get('spm_files_provider', 'local')
self._prep_pkgdb()
self._prep_pkgfiles()
self.db_conn = None
self.files_conn = None
self._init()
def _prep_pkgdb(self):
@ -104,8 +106,14 @@ class SPMClient(object):
self.pkgfiles = salt.loader.pkgfiles(self.opts)
def _init(self):
self.db_conn = self._pkgdb_fun('init')
self.files_conn = self._pkgfiles_fun('init')
if not self.db_conn:
self.db_conn = self._pkgdb_fun('init')
if not self.files_conn:
self.files_conn = self._pkgfiles_fun('init')
def _close(self):
if self.db_conn:
self.db_conn.close()
def run(self, args):
'''
@ -133,6 +141,8 @@ class SPMClient(object):
self._info(args)
elif command == 'list':
self._list(args)
elif command == 'close':
self._close()
else:
raise SPMInvocationError('Invalid command \'{0}\''.format(command))
except SPMException as exc:
@ -249,7 +259,7 @@ class SPMClient(object):
if pkg.endswith('.spm'):
if self._pkgfiles_fun('path_exists', pkg):
comps = pkg.split('-')
comps = '-'.join(comps[:-2]).split('/')
comps = os.path.split('-'.join(comps[:-2]))
pkg_name = comps[-1]
formula_tar = tarfile.open(pkg, 'r:bz2')
@ -265,6 +275,7 @@ class SPMClient(object):
to_install.extend(to_)
optional.extend(op_)
recommended.extend(re_)
formula_tar.close()
else:
raise SPMInvocationError('Package file {0} not found'.format(pkg))
else:
@ -901,6 +912,7 @@ class SPMClient(object):
formula_def = salt.utils.yaml.safe_load(formula_ref)
self.ui.status(self._get_info(formula_def))
formula_tar.close()
def _info(self, args):
'''

26
salt/spm/pkgdb/sqlite3.py
View file

@ -73,7 +73,9 @@ def info(package, conn=None):
'''
List info for a package
'''
close = False
if conn is None:
close = True
conn = init()
fields = (
@ -94,6 +96,8 @@ def info(package, conn=None):
(package, )
)
row = data.fetchone()
if close:
conn.close()
if not row:
return None
@ -107,7 +111,9 @@ def list_packages(conn=None):
'''
List files for an installed package
'''
close = False
if conn is None:
close = True
conn = init()
ret = []
@ -115,6 +121,8 @@ def list_packages(conn=None):
for pkg in data.fetchall():
ret.append(pkg)
if close:
conn.close()
return ret
@ -122,17 +130,23 @@ def list_files(package, conn=None):
'''
List files for an installed package
'''
close = False
if conn is None:
close = True
conn = init()
data = conn.execute('SELECT package FROM packages WHERE package=?', (package, ))
if not data.fetchone():
if close:
conn.close()
return None
ret = []
data = conn.execute('SELECT path, sum FROM files WHERE package=?', (package, ))
for file_ in data.fetchall():
ret.append(file_)
if close:
conn.close()
return ret
@ -141,7 +155,9 @@ def register_pkg(name, formula_def, conn=None):
'''
Register a package in the package database
'''
close = False
if conn is None:
close = True
conn = init()
conn.execute('INSERT INTO packages VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', (
@ -157,13 +173,17 @@ def register_pkg(name, formula_def, conn=None):
formula_def['summary'],
formula_def['description'],
))
if close:
conn.close()
def register_file(name, member, path, digest='', conn=None):
'''
Register a file in the package database
'''
close = False
if conn is None:
close = True
conn = init()
conn.execute('INSERT INTO files VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', (
@ -180,6 +200,8 @@ def register_file(name, member, path, digest='', conn=None):
member.gname,
member.mtime
))
if close:
conn.close()
def unregister_pkg(name, conn=None):
@ -196,10 +218,14 @@ def unregister_file(path, pkg=None, conn=None): # pylint: disable=W0612
'''
Unregister a file from the package database
'''
close = False
if conn is None:
close = True
conn = init()
conn.execute('DELETE FROM files WHERE path=?', (path, ))
if close:
conn.close()
def db_exists(db_):

8
salt/states/win_lgpo.py
View file

@ -289,10 +289,13 @@ def set_(name,
) == {}
if not policies_are_equal:
additional_policy_comments = []
if policy_data['policy_lookup'][policy_name]['rights_assignment'] and cumulative_rights_assignments:
for user in policy_data['requested_policy'][policy_name]:
if user not in current_policy[policy_data['output_section']][pol_id]:
changes = True
else:
additional_policy_comments.append('"{0}" is already granted the right'.format(user))
else:
changes = True
if changes:
@ -303,6 +306,11 @@ def set_(name,
requested_policy_json, current_policy_json
)
policy_changes.append(policy_name)
else:
if additional_policy_comments:
ret['comment'] = '"{0}" is already set ({1}).\n'.format(policy_name, ', '.join(additional_policy_comments))
else:
ret['comment'] = '"{0}" is already set.\n'.format(policy_name) + ret['comment']
else:
log.debug('%s current setting matches '
'the requested setting', policy_name)

74
salt/states/win_system.py
View file

@ -166,36 +166,46 @@ def hostname(name):
return ret
def join_domain(name, username=None, password=None, account_ou=None,
account_exists=False, restart=False):
def join_domain(name,
username=None,
password=None,
account_ou=None,
account_exists=False,
restart=False):
'''
Checks if a computer is joined to the Domain.
If the computer is not in the Domain, it will be joined.
Checks if a computer is joined to the Domain. If the computer is not in the
Domain, it will be joined.
name:
The name of the Domain.
Args:
username:
Username of an account which is authorized to join computers to the
specified domain. Need to be either fully qualified like user@domain.tld
or simply user.
name (str):
The name of the Domain.
password:
Password of the account to add the computer to the Domain.
username (str):
Username of an account which is authorized to join computers to the
specified domain. Need to be either fully qualified like
user@domain.tld or simply user.
account_ou:
The DN of the OU below which the account for this computer should be
created when joining the domain,
e.g. ou=computers,ou=departm_432,dc=my-company,dc=com.
password (str):
Password of the account to add the computer to the Domain.
account_exists:
Needs to be set to True to allow re-using an existing computer account.
account_ou (str):
The DN of the OU below which the account for this computer should be
created when joining the domain,
e.g. ou=computers,ou=departm_432,dc=my-company,dc=com.
restart:
Needs to be set to True to restart the computer after a successful join.
account_exists (bool):
Needs to be set to ``True`` to allow re-using an existing computer
account.
restart (bool):
Needs to be set to ``True`` to restart the computer after a
successful join.
Example:
.. code-block:: yaml
.. code-block::yaml
join_to_domain:
system.join_domain:
- name: mydomain.local.com
@ -209,9 +219,6 @@ def join_domain(name, username=None, password=None, account_ou=None,
'result': True,
'comment': 'Computer already added to \'{0}\''.format(name)}
# Set name to domain, needed for the add to domain module.
domain = name
current_domain_dic = __salt__['system.get_domain_workgroup']()
if 'Domain' in current_domain_dic:
current_domain = current_domain_dic['Domain']
@ -220,7 +227,7 @@ def join_domain(name, username=None, password=None, account_ou=None,
else:
current_domain = None
if domain == current_domain:
if name.lower() == current_domain.lower():
ret['comment'] = 'Computer already added to \'{0}\''.format(name)
return ret
@ -229,11 +236,20 @@ def join_domain(name, username=None, password=None, account_ou=None,
ret['comment'] = 'Computer will be added to \'{0}\''.format(name)
return ret
result = __salt__['system.join_domain'](domain, username, password,
account_ou, account_exists,
restart)
result = __salt__['system.join_domain'](domain=name,
username=username,
password=password,
account_ou=account_ou,
account_exists=account_exists,
restart=restart)
if result is not False:
ret['comment'] = 'Computer added to \'{0}\''.format(name)
if restart:
ret['comment'] += '\nSystem will restart'
else:
ret['comment'] += '\nSystem needs to be restarted'
ret['changes'] = {'old': current_domain,
'new': name}
else:
ret['comment'] = 'Computer failed to join \'{0}\''.format(name)
ret['result'] = False

6
salt/utils/win_functions.py
View file

@ -123,6 +123,12 @@ def get_current_user(with_domain=True):
'''
Gets the user executing the process
Args:
with_domain (bool):
``True`` will prepend the user name with the machine name or domain
separated by a backslash
Returns:
str: The user name
'''

1
tests/support/case.py
View file

@ -766,6 +766,7 @@ class SPMCase(TestCase, AdaptedConfigurationTestCaseMixin):
def run_spm(self, cmd, config, arg=None):
client = self._spm_client(config)
spm_cmd = client.run([cmd, arg])
client._close()
return self.ui._status

258
tests/unit/modules/test_win_file.py
View file

@ -5,19 +5,24 @@
# Import Python Libs
from __future__ import absolute_import, unicode_literals, print_function
import os
import tempfile
# Import Salt Testing Libs
from tests.support.mixins import LoaderModuleMockMixin
from tests.support.unit import TestCase, skipIf
from tests.support.mock import (
patch,
NO_MOCK,
NO_MOCK_REASON
)
from tests.support.helpers import destructiveTest
# Import Salt Libs
import salt.modules.win_file as win_file
from salt.exceptions import CommandExecutionError
import salt.utils.platform
import salt.utils.win_functions
import salt.utils.win_dacl
@skipIf(NO_MOCK, NO_MOCK_REASON)
@ -49,3 +54,256 @@ class WinFileTestCase(TestCase):
with patch('os.path.exists', return_value=False):
self.assertRaises(
CommandExecutionError, win_file.check_perms, self.FAKE_PATH)
@destructiveTest
@skipIf(NO_MOCK, NO_MOCK_REASON)
@skipIf(not salt.utils.platform.is_windows(), 'Requires Pywin32 libraries')
class WinFileCheckPermsTestCase(TestCase, LoaderModuleMockMixin):
'''
Test cases for the check_perms function in salt.modules.win_file
'''
temp_file = ''
current_user = ''
def setup_loader_modules(self):
self.current_user = salt.utils.win_functions.get_current_user(False)
return {
win_file: {
'__opts__': {
'test': False}}}
def setUp(self):
self.temp_file = tempfile.NamedTemporaryFile(delete=False)
self.temp_file.close()
salt.utils.win_dacl.set_owner(obj_name=self.temp_file.name,
principal=self.current_user)
salt.utils.win_dacl.set_inheritance(obj_name=self.temp_file.name,
enabled=True)
self.assertEqual(
salt.utils.win_dacl.get_owner(obj_name=self.temp_file.name),
self.current_user)
def tearDown(self):
os.remove(self.temp_file.name)
def test_check_perms_set_owner_test_true(self):
'''
Test setting the owner of a file with test=True
'''
with patch.dict(win_file.__opts__, {'test': True}):
expected = {'comment': '',
'changes': {},
'pchanges': {'owner': 'Administrators'},
'name': self.temp_file.name,
'result': None}
ret = win_file.check_perms(path=self.temp_file.name,
owner='Administrators',
inheritance=None)
self.assertDictEqual(expected, ret)
def test_check_perms_set_owner(self):
'''
Test setting the owner of a file
'''
expected = {'comment': '',
'pchanges': {},
'changes': {'owner': 'Administrators'},
'name': self.temp_file.name,
'result': True}
ret = win_file.check_perms(path=self.temp_file.name,
owner='Administrators',
inheritance=None)
self.assertDictEqual(expected, ret)
def test_check_perms_deny_test_true(self):
'''
Test setting deny perms on a file with test=True
'''
with patch.dict(win_file.__opts__, {'test': True}):
expected = {'comment': '',
'pchanges': {
'deny_perms': {
'Users': {'perms': 'read_execute'}}},
'changes': {'deny_perms': {}},
'name': self.temp_file.name,
'result': None}
ret = win_file.check_perms(
path=self.temp_file.name,
deny_perms={
'Users': {
'perms': 'read_execute'}},
inheritance=None)
self.assertDictEqual(expected, ret)
def test_check_perms_deny(self):
'''
Test setting deny perms on a file
'''
expected = {'comment': '',
'pchanges': {'deny_perms': {}},
'changes': {
'deny_perms': {
'Users': {'perms': 'read_execute'}}},
'name': self.temp_file.name,
'result': True}
ret = win_file.check_perms(path=self.temp_file.name,
deny_perms={
'Users': {
'perms': 'read_execute'}},
inheritance=None)
self.assertDictEqual(expected, ret)
def test_check_perms_grant_test_true(self):
'''
Test setting grant perms on a file with test=True
'''
with patch.dict(win_file.__opts__, {'test': True}):
expected = {'comment': '',
'pchanges': {
'grant_perms': {
'Users': {'perms': 'read_execute'}}},
'changes': {'grant_perms': {}},
'name': self.temp_file.name,
'result': None}
ret = win_file.check_perms(
path=self.temp_file.name,
grant_perms={
'Users': {
'perms': 'read_execute'}},
inheritance=None)
self.assertDictEqual(expected, ret)
def test_check_perms_grant(self):
'''
Test setting grant perms on a file
'''
expected = {'comment': '',
'pchanges': {'grant_perms': {}},
'changes': {
'grant_perms': {
'Users': {'perms': 'read_execute'}}},
'name': self.temp_file.name,
'result': True}
ret = win_file.check_perms(path=self.temp_file.name,
grant_perms={
'Users': {
'perms': 'read_execute'}},
inheritance=None)
self.assertDictEqual(expected, ret)
def test_check_perms_inheritance_false_test_true(self):
'''
Test setting inheritance to False with test=True
'''
with patch.dict(win_file.__opts__, {'test': True}):
expected = {'comment': '',
'pchanges': {'inheritance': False},
'changes': {},
'name': self.temp_file.name,
'result': None}
ret = win_file.check_perms(path=self.temp_file.name,
inheritance=False)
self.assertDictEqual(expected, ret)
def test_check_perms_inheritance_false(self):
'''
Test setting inheritance to False
'''
expected = {'comment': '',
'pchanges': {},
'changes': {'inheritance': False},
'name': self.temp_file.name,
'result': True}
ret = win_file.check_perms(path=self.temp_file.name,
inheritance=False)
self.assertDictEqual(expected, ret)
def test_check_perms_inheritance_true(self):
'''
Test setting inheritance to true when it's already true (default)
'''
expected = {'comment': '',
'pchanges': {},
'changes': {},
'name': self.temp_file.name,
'result': True}
ret = win_file.check_perms(path=self.temp_file.name,
inheritance=True)
self.assertDictEqual(expected, ret)
def test_check_perms_reset_test_true(self):
'''
Test resetting perms with test=True. This shows minimal changes
'''
# Turn off inheritance
salt.utils.win_dacl.set_inheritance(obj_name=self.temp_file.name,
enabled=False,
clear=True)
# Set some permissions
salt.utils.win_dacl.set_permissions(obj_name=self.temp_file.name,
principal='Administrator',
permissions='full_control')
with patch.dict(win_file.__opts__, {'test': True}):
expected = {
'comment': '',
'pchanges': {
'remove_perms': {
'Administrator': {
'grant': {
'applies to': 'Not Inherited (file)',
'permissions': ['Full control'],
'inherited': False}}},
'grant_perms': {
'Administrators': {'perms': 'full_control'},
'Users': {'perms': 'read_execute'}}},
'changes': {'grant_perms': {}},
'name': self.temp_file.name,
'result': None}
ret = win_file.check_perms(path=self.temp_file.name,
grant_perms={
'Users': {
'perms': 'read_execute'},
'Administrators': {
'perms': 'full_control'}},
inheritance=False,
reset=True)
self.assertDictEqual(expected, ret)
def test_check_perms_reset(self):
'''
Test resetting perms on a File
'''
# Turn off inheritance
salt.utils.win_dacl.set_inheritance(obj_name=self.temp_file.name,
enabled=False,
clear=True)
# Set some permissions
salt.utils.win_dacl.set_permissions(obj_name=self.temp_file.name,
principal='Administrator',
permissions='full_control')
expected = {
'comment': '',
'pchanges': {'grant_perms': {}},
'changes': {
'remove_perms': {
'Administrator': {
'grant': {
'applies to': 'Not Inherited (file)',
'permissions': ['Full control'],
'inherited': False}}},
'grant_perms': {
'Administrators': {'perms': 'full_control'},
'Users': {'perms': 'read_execute'}}},
'name': self.temp_file.name,
'result': True}
ret = win_file.check_perms(path=self.temp_file.name,
grant_perms={
'Users': {
'perms': 'read_execute'},
'Administrators': {
'perms': 'full_control'}},
inheritance=False,
reset=True)
self.assertDictEqual(expected, ret)

6
tests/whitelist.txt
View file

@ -77,6 +77,12 @@ integration.shell.test_arguments
integration.shell.test_auth
integration.shell.test_call
integration.shell.test_cloud
integration.spm.test_build
integration.spm.test_files
integration.spm.test_info
integration.spm.test_install
integration.spm.test_remove
integration.spm.test_repo
integration.states.test_host
integration.states.test_pip_state
integration.states.test_pkg