Merge pull request #34858 from rallytime/merge-2016.3

[2016.3] Merge forward from 2015.8 to 2016.3
2025-04-17 10:10:20 +00:00 · 2016-07-21 15:01:16 -06:00 · 2016-07-21 15:01:16 -06:00 · aaede31f66
commit aaede31f66
parent b3d8143d36 9227c3dd26
7 changed files with 35 additions and 6 deletions
--- a/conf/master
+++ b/conf/master
@ -309,6 +309,11 @@
 # running any commands. It would also blacklist any use of the "cmd"
 # module. This is completely disabled by default.
 #
+#
+# Check the list of configured users in client ACL against users on the
+# system and throw errors if they do not exist.
+#client_acl_verify: True
+#
 #publisher_acl_blacklist:
 #  users:
 #    - root
--- a/doc/topics/troubleshooting/yaml_idiosyncrasies.rst
+++ b/doc/topics/troubleshooting/yaml_idiosyncrasies.rst
@ -113,6 +113,20 @@ Pillar data. Make sure that your Pillars which need to use the string versions
 of these values are enclosed in quotes.  Pillars will be parsed twice by salt,
 so you'll need to wrap your values in multiple quotes, for example '"false"'.

+The '%' Sign
+============
+
+The `%` symbol has a special meaning in YAML, it needs to be passed as a
+string literal:
+
+.. code-block:: yaml
+
+    cheese:
+      ssh_auth.present:
+        - user: tbortels
+        - source: salt://ssh_keys/chease.pub
+        - config: '%h/.ssh/authorized_keys'
+
 Integers are Parsed as Integers
 ===============================

--- a/salt/beacons/init.py
+++ b/salt/beacons/init.py
@ -23,6 +23,7 @@ class Beacon(object):
    '''
    def __init__(self, opts, functions):
        self.opts = opts
+        self.functions = functions
        self.beacons = salt.loader.beacons(opts, functions)
        self.interval_map = dict()

@ -182,7 +183,8 @@ class Beacon(object):
        '''
        # Fire the complete event back along with the list of beacons
        evt = salt.utils.event.get_event('minion', opts=self.opts)
-        evt.fire_event({'complete': True, 'beacons': self.opts['beacons']},
+        b_conf = self.functions['config.merge']('beacons')
+        evt.fire_event({'complete': True, 'beacons': b_conf},
                       tag='/salt/minion/minion_beacons_list_complete')

        return True
--- a/salt/client/ssh/wrapper/state.py
+++ b/salt/client/ssh/wrapper/state.py
@ -154,7 +154,9 @@ def low(data, **kwargs):
            __pillar__,
            __salt__,
            __context__['fileclient'])
-    err = st_.verify_data(data)
+    for chunk in chunks:
+        chunk['__id__'] = chunk['name'] if not chunk.get('__id__') else chunk['__id__']
+    err = st_.state.verify_data(data)
    if err:
        return err
    file_refs = salt.client.ssh.state.lowstate_file_refs(
@ -223,7 +225,7 @@ def high(data, **kwargs):
            __pillar__,
            __salt__,
            __context__['fileclient'])
-    chunks = st_.state.compile_high_data(high)
+    chunks = st_.state.compile_high_data(data)
    file_refs = salt.client.ssh.state.lowstate_file_refs(
            chunks,
            _merge_extra_filerefs(
--- a/salt/config/init.py
+++ b/salt/config/init.py
@ -596,6 +596,7 @@ VALID_OPTS = {
    'syndic_failover': str,
    'runner_dirs': list,
    'client_acl': dict,
+    'client_acl_verify': bool,
    'client_acl_blacklist': dict,
    'publisher_acl': dict,
    'publisher_acl_blacklist': dict,
@ -1181,6 +1182,7 @@ DEFAULT_MASTER_OPTS = {
    'runner_dirs': [],
    'outputter_dirs': [],
    'client_acl': {},
+    'client_acl_verify': True,
    'client_acl_blacklist': {},
    'publisher_acl': {},
    'publisher_acl_blacklist': {},
--- a/salt/daemons/masterapi.py
+++ b/salt/daemons/masterapi.py
@ -206,9 +206,11 @@ def access_keys(opts):
    if opts.get('user'):
        acl_users.add(opts['user'])
    acl_users.add(salt.utils.get_user())
-    if HAS_PWD:
+    if opts['client_acl_verify'] and HAS_PWD:
+        log.profile('Beginning pwd.getpwall() call in masterarpi acess_keys function')
        for user in pwd.getpwall():
            users.append(user.pw_name)
+        log.profile('End pwd.getpwall() call in masterarpi acess_keys function')
    for user in acl_users:
        log.info(
            'Preparing the {0} key for local communication'.format(
@ -216,10 +218,12 @@ def access_keys(opts):
            )
        )

-        if HAS_PWD:
+        if opts['client_acl_verify'] and HAS_PWD:
            if user not in users:
                try:
+                    log.profile('Beginning pwd.getpnam() call in masterarpi acess_keys function')
                    user = pwd.getpwnam(user).pw_name
+                    log.profile('Beginning pwd.getpwnam() call in masterarpi acess_keys function')
                except KeyError:
                    log.error('ACL user {0} is not available'.format(user))
                    continue
--- a/salt/states/ssh_auth.py
+++ b/salt/states/ssh_auth.py
@ -29,7 +29,7 @@ to use a YAML 'explicit key', as demonstrated in the second example below.
      ssh_auth.present:
        - user: root
        - source: salt://ssh_keys/thatch.id_rsa.pub
-        - config: %h/.ssh/authorized_keys
+        - config: '%h/.ssh/authorized_keys'

    sshkeys:
      ssh_auth.present: