Merge pull request #36277 from terminalmage/gitfs-check-key-path

salt.utils.gitfs: Check for existence of ssh keys
2025-04-17 10:10:20 +00:00 · 2016-09-14 14:22:37 +09:00 · 2016-09-14 14:22:37 +09:00 · abb6aacb4b
commit abb6aacb4b
parent ed2d2bd331 4fee18c820
2 changed files with 36 additions and 12 deletions
--- a/salt/master.py
+++ b/salt/master.py
@ -426,13 +426,17 @@ class Master(SMaster):
            and not isinstance(x['git'], six.string_types)
        ]
        if non_legacy_git_pillars:
-            new_opts = copy.deepcopy(self.opts)
-            new_opts['ext_pillar'] = non_legacy_git_pillars
            try:
-                # Init any values needed by the git ext pillar
-                salt.utils.gitfs.GitPillar(new_opts)
-            except FileserverConfigError as exc:
-                critical_errors.append(exc.strerror)
+                new_opts = copy.deepcopy(self.opts)
+                from salt.pillar.git_pillar \
+                    import PER_REMOTE_OVERRIDES as overrides
+                for repo in non_legacy_git_pillars:
+                    new_opts['ext_pillar'] = [repo]
+                    try:
+                        git_pillar = salt.utils.gitfs.GitPillar(new_opts)
+                        git_pillar.init_remotes(repo['git'], overrides)
+                    except FileserverConfigError as exc:
+                        critical_errors.append(exc.strerror)
            finally:
                del new_opts

--- a/salt/utils/gitfs.py
+++ b/salt/utils/gitfs.py
@ -1471,12 +1471,23 @@ class Pygit2(GitProvider):
            Helper function to log errors about missing auth parameters
            '''
            log.critical(
-                'Incomplete authentication information for {0} remote '
-                '\'{1}\'. Missing parameters: {2}'.format(
-                    self.role,
-                    self.id,
-                    ', '.join(missing)
-                )
+                'Incomplete authentication information for %s remote '
+                '\'%s\'. Missing parameters: %s',
+                self.role, self.id, ', '.join(missing)
+            )
+            failhard(self.role)
+
+        def _key_does_not_exist(key_type, path):
+            '''
+            Helper function to log errors about missing key file
+            '''
+            log.critical(
+                'SSH %s (%s) for %s remote \'%s\' could not be found, path '
+                'may be incorrect. Note that it may be necessary to clear '
+                'git_pillar locks to proceed once this is resolved and the '
+                'master has been started back up. A warning will be logged '
+                'if this is the case, with instructions.',
+                key_type, path, self.role, self.id
            )
            failhard(self.role)

@ -1507,6 +1518,15 @@ class Pygit2(GitProvider):
            if all(bool(getattr(self, x, None)) for x in required_params):
                keypair_params = [getattr(self, x, None) for x in
                                  ('user', 'pubkey', 'privkey', 'passphrase')]
+                # Check pubkey and privkey to make sure file exists
+                for idx, key_type in ((1, 'pubkey'), (2, 'privkey')):
+                    key_path = keypair_params[idx]
+                    if key_path is not None:
+                        try:
+                            if not os.path.isfile(key_path):
+                                _key_does_not_exist(key_type, key_path)
+                        except TypeError:
+                            _key_does_not_exist(key_type, key_path)
                self.credentials = pygit2.Keypair(*keypair_params)
                return True
            else: