saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-15 09:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #55830 from stratusjerry/TypoFix

Browse source 
Fix Typos
This commit is contained in:
Daniel Wozniak 2020-01-11 10:38:14 -07:00 committed by GitHub
commit b6374019b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/master
View file

@ -350,7 +350,7 @@
# the autosign_file and the auto_accept setting.
#autoreject_file: /etc/salt/autoreject.conf
# If the autosign_grains_dir is specified, incoming keys from minons with grain
# If the autosign_grains_dir is specified, incoming keys from minions with grain
# values matching those defined in files in this directory will be accepted
# automatically. This is insecure. Minions need to be configured to send the grains.
#autosign_grains_dir: /etc/salt/autosign_grains

2
conf/suse/master
View file

@ -302,7 +302,7 @@ syndic_user: salt
# the autosign_file and the auto_accept setting.
#autoreject_file: /etc/salt/autoreject.conf
# If the autosign_grains_dir is specified, incoming keys from minons with grain
# If the autosign_grains_dir is specified, incoming keys from minions with grain
# values matching those defined in files in this directory will be accepted
# automatically. This is insecure. Minions need to be configured to send the grains.
#autosign_grains_dir: /etc/salt/autosign_grains

46
salt/modules/x509.py
View file

@ -126,7 +126,7 @@ def _fix_ctx(m2_ctx, issuer=None):
def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
'''
Create new X509_Extension, This is required because M2Crypto
Create new X509_Extension, this is required because M2Crypto
doesn't support getting the publickeyidentifier from the issuer
to create the authoritykeyidentifier extension.
'''
@ -595,7 +595,7 @@ def read_certificate(certificate):
def read_certificates(glob_path):
'''
Returns a dict containing details of a all certificates matching a glob
Returns a dict containing details of all certificates matching a glob
glob_path:
A path to certificates to be read and returned.
@ -658,8 +658,8 @@ def read_crl(crl):
:depends: - OpenSSL command line tool
csl:
A path or PEM encoded string containing the CSL to read.
crl:
A path or PEM encoded string containing the CRL to read.
CLI Example:
@ -754,17 +754,17 @@ def write_pem(text, path, overwrite=True, pem_type=None):
PEM string input to be written out.
path:
Path of the file to write the pem out to.
Path of the file to write the PEM out to.
overwrite:
If True(default), write_pem will overwrite the entire pem file.
If ``True`` (default), write_pem will overwrite the entire PEM file.
Set False to preserve existing private keys and dh params that may
exist in the pem file.
exist in the PEM file.
pem_type:
The PEM type to be saved, for example ``CERTIFICATE`` or
``PUBLIC KEY``. Adding this will allow the function to take
input that may contain multiple pem types.
input that may contain multiple PEM types.
CLI Example:
@ -818,10 +818,10 @@ def create_private_key(path=None,
Length of the private key in bits. Default 2048
passphrase:
Passphrase for encryting the private key
Passphrase for encrypting the private key
cipher:
Cipher for encrypting the private key. Has no effect if passhprase is None.
Cipher for encrypting the private key. Has no effect if passphrase is None.
verbose:
Provide visual feedback on stdout. Default True
@ -878,7 +878,7 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
:depends: - PyOpenSSL Python module
path:
Path to write the crl to.
Path to write the CRL to.
text:
If ``True``, return the PEM text without writing to a file.
@ -886,14 +886,14 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
signing_private_key:
A path or string of the private key in PEM format that will be used
to sign this crl. This is required.
to sign the CRL. This is required.
signing_private_key_passphrase:
Passphrase to decrypt the private key.
signing_cert:
A certificate matching the private key that will be used to sign
this crl. This is required.
the CRL. This is required.
revoked:
A list of dicts containing all the certificates to revoke. Each dict
@ -1127,9 +1127,9 @@ def create_certificate(
Default ``False``.
overwrite:
If True(default), create_certificate will overwrite the entire pem
If ``True`` (default), create_certificate will overwrite the entire PEM
file. Set False to preserve existing private keys and dh params that
may exist in the pem file.
may exist in the PEM file.
kwargs:
Any of the properties below can be included as additional
@ -1139,7 +1139,7 @@ def create_certificate(
Request a remotely signed certificate from ca_server. For this to
work, a ``signing_policy`` must be specified, and that same policy
must be configured on the ca_server. See ``signing_policy`` for
details. Also the salt master must permit peers to call the
details. Also, the salt master must permit peers to call the
``sign_remote_certificate`` function.
Example:
@ -1200,7 +1200,7 @@ def create_certificate(
public_key:
The public key to be included in this certificate. This can be sourced
from a public key, certificate, csr or private key. If a private key
from a public key, certificate, CSR or private key. If a private key
is used, the matching public key from the private key will be
generated before any processing is done. This means you can request a
certificate from a remote CA using a private key file as your
@ -1264,7 +1264,7 @@ def create_certificate(
X509v3 Subject Alternative Name
crlDistributionPoints:
X509v3 CRL distribution points
X509v3 CRL Distribution Points
issuingDistributionPoint:
X509v3 Issuing Distribution Point
@ -1324,7 +1324,7 @@ def create_certificate(
signing_policy:
A signing policy that should be used to create this certificate.
Signing policies should be defined in the minion configuration, or in
a minion pillar. It should be a yaml formatted list of arguments
a minion pillar. It should be a YAML formatted list of arguments
which will override any arguments passed to this function. If the
``minions`` key is included in the signing policy, only minions
matching that pattern (see match.glob and match.compound) will be
@ -1385,11 +1385,11 @@ def create_certificate(
passphrase=kwargs['public_key_passphrase'])).replace('\n', '')
# Remove system entries in kwargs
# Including listen_in and preqreuired because they are not included
# Including listen_in and prerequired because they are not included
# in STATE_INTERNAL_KEYWORDS
# for salt 2014.7.2
for ignore in list(_STATE_INTERNAL_KEYWORDS) + \
['listen_in', 'preqrequired', '__prerequired__']:
['listen_in', 'prerequired', '__prerequired__']:
kwargs.pop(ignore, None)
# TODO: Make timeout configurable in Neon
certs = __salt__['publish.publish'](
@ -1712,7 +1712,7 @@ def verify_private_key(private_key, public_key, passphrase=None):
public_key:
The public key to verify, can be a string or path to a PEM formatted
certificate, csr, or another private key.
certificate, CSR, or another private key.
passphrase:
Passphrase to decrypt the private key.
@ -1739,7 +1739,7 @@ def verify_signature(certificate, signing_pub_key=None,
signing_pub_key:
The public key to verify, can be a string or path to a PEM formatted
certificate, csr, or private key.
certificate, CSR, or private key.
signing_pub_key_passphrase:
Passphrase to the signing_pub_key if it is an encrypted private key.

22
salt/states/x509.py
View file

@ -6,7 +6,7 @@ Manage X509 Certificates
:depends: M2Crypto
This module can enable managing a complete PKI infrastructure including creating private keys, CA's,
This module can enable managing a complete PKI infrastructure including creating private keys, CAs,
certificates and CRLs. It includes the ability to generate a private key on a server, and have the
corresponding public key sent to a remote CA to create a CA signed certificate. This can be done in
a secure manner, where private keys are always generated locally and never moved across the network.
@ -94,7 +94,7 @@ the mine where it can be easily retrieved by other minions.
The signing policy defines properties that override any property requested or included in a CRL. It also
can define a restricted list of minons which are allowed to remotely invoke this signing policy.
can define a restricted list of minions which are allowed to remotely invoke this signing policy.
/srv/salt/signing_policies.conf
@ -117,7 +117,7 @@ can define a restricted list of minons which are allowed to remotely invoke this
This state will instruct all minions to trust certificates signed by our new CA.
Using jinja to strip newlines from the text avoids dealing with newlines in the rendered yaml,
Using Jinja to strip newlines from the text avoids dealing with newlines in the rendered YAML,
and the :mod:`sign_remote_certificate <salt.states.x509.sign_remote_certificate>` state will
handle properly formatting the text before writing the output.
@ -266,8 +266,8 @@ def private_key_managed(name,
Cipher for encrypting the private key.
new:
Always create a new key. Defaults to False.
Combining new with :mod:`prereq <salt.states.requsities.preqreq>`, or when used as part of a `managed_private_key` can allow key rotation whenever a new certificiate is generated.
Always create a new key. Defaults to ``False``.
Combining new with :mod:`prereq <salt.states.requsities.preqreq>`, or when used as part of a `managed_private_key` can allow key rotation whenever a new certificate is generated.
overwrite:
Overwrite an existing private key if the provided passphrase cannot decrypt it.
@ -283,7 +283,7 @@ def private_key_managed(name,
Example:
The jinja templating in this example ensures a private key is generated if the file doesn't exist
The JINJA templating in this example ensures a private key is generated if the file doesn't exist
and that a new private key is generated whenever the certificate that uses it is to be renewed.
.. code-block:: jinja
@ -382,7 +382,7 @@ def certificate_managed(name,
Manages the private key corresponding to the certificate. All of the
arguments supported by :py:func:`x509.private_key_managed
<salt.states.x509.private_key_managed>` are supported. If `name` is not
speicified or is the same as the name of the certificate, the private
specified or is the same as the name of the certificate, the private
key and certificate will be written together in the same file.
append_certs:
@ -595,14 +595,14 @@ def crl_managed(name,
Path to the certificate
signing_private_key
The private key that will be used to sign this crl. This is
The private key that will be used to sign the CRL. This is
usually your CA's private key.
signing_private_key_passphrase
Passphrase to decrypt the private key.
signing_cert
The certificate of the authority that will be used to sign this crl.
The certificate of the authority that will be used to sign the CRL.
This is usually your CA's certificate.
revoked
@ -618,8 +618,8 @@ def crl_managed(name,
of pyOpenSSL less than 0.14.
days_remaining : 30
The crl should be automatically recreated if there are less than
``days_remaining`` days until the crl expires. Set to 0 to disable
The CRL should be automatically recreated if there are less than
``days_remaining`` days until the CRL expires. Set to 0 to disable
automatic renewal.
include_expired : False