From 908234d9abe4bf2964ea365a4283f6d19c654097 Mon Sep 17 00:00:00 2001
From: "C. R. Oldham" <cro@ncbt.org>
Date: Thu, 1 Sep 2016 09:40:36 -0600
Subject: [PATCH] Document module whitelisting.  Remove FIXME comments for
 disable_modules and disable_returners as they are definitely implemented.
 (#35717)

---
 conf/minion                      | 19 ++++++++++++++++---
 doc/ref/configuration/minion.rst | 24 ++++++++++++++++++++++++
 salt/config/__init__.py          |  4 ++--
 3 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/conf/minion b/conf/minion
index 94edfd5e92c..301e5276d27 100644
--- a/conf/minion
+++ b/conf/minion
@@ -403,10 +403,23 @@
 #####   Minion module management     #####
 ##########################################
 # Disable specific modules. This allows the admin to limit the level of
-# access the master has to the minion.
-#disable_modules: [cmdmod,test]
+# access the master has to the minion.  The default here is the empty list,
+# below is an example of how this needs to be formatted in the config file
+#disable_modules:
+#  - cmdmod
+#  - test
 #disable_returners: []
-#
+
+# This is the reverse of disable_modules.  The default, like disable_modules, is the empty list,
+# but if this option is set to *anything* then *only* those modules will load.
+# Note that this is a very large hammer and it can be quite difficult to keep the minion working
+# the way you think it should since Salt uses many modules internally itself.  At a bare minimum
+# you need the following enabled or else the minion won't start.
+whitelist_modules:
+#  - cmdmod
+#  - test
+#  - config
+
 # Modules can be loaded from arbitrary paths. This enables the easy deployment
 # of third party modules. Modules for returners and minions can be loaded.
 # Specify a list of extra directories to search for minion modules and
diff --git a/doc/ref/configuration/minion.rst b/doc/ref/configuration/minion.rst
index 82b03071982..8ecbce950c1 100644
--- a/doc/ref/configuration/minion.rst
+++ b/doc/ref/configuration/minion.rst
@@ -998,6 +998,30 @@ If certain returners should be disabled, this is the place
     disable_returners:
       - mongo_return
 
+
+.. conf_minion:: enable_whitelist_modules
+
+``whitelist_modules``
+----------------------------
+
+Default: ``[]`` (Module whitelisting is disabled.  Adding anything to the config option
+will cause only the listed modules to be enabled.  Modules not in the list will
+not be loaded.)
+
+This option is the reverse of disable_modules.
+
+Note that this is a very large hammer and it can be quite difficult to keep the minion working
+the way you think it should since Salt uses many modules internally itself.  At a bare minimum
+you need the following enabled or else the minion won't start.
+
+.. code-block:: yaml
+
+    whitelist_modules:
+      - cmdmod
+      - test
+      - config
+
+
 .. conf_minion:: module_dirs
 
 ``module_dirs``
diff --git a/salt/config/__init__.py b/salt/config/__init__.py
index 9803ab28187..9c0fd34c116 100644
--- a/salt/config/__init__.py
+++ b/salt/config/__init__.py
@@ -255,10 +255,10 @@ VALID_OPTS = {
     # The type of hashing algorithm to use when doing file comparisons
     'hash_type': str,
 
-    # FIXME Does not appear to be implemented
+    # Refuse to load these modules
     'disable_modules': list,
 
-    # FIXME Does not appear to be implemented
+    # Refuse to load these returners
     'disable_returners': list,
 
     # Tell the loader to only load modules in this list