add support for no_proxy for apt pkg and generic http util

conf/minion

@@ -20,6 +20,7 @@
 #proxy_port:
 #proxy_username:
 #proxy_password:
+#no_proxy: []
 
 # If multiple masters are specified in the 'master' setting, the default behavior
 # is to always try to connect to them in the order they are listed. If random_master is

doc/man/salt.7

@@ -12729,6 +12729,21 @@ syndic_finger: \(aqab:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:50:10\(aq
 .fi
 .UNINDENT
 .UNINDENT
+.SS \fBno_proxy\fP
+.sp
+Default: \fB\(aq\(aq\fP
+.sp
+List of hostnames to bypass proxy.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+no_proxy: [ '127.0.0.1', 'foo.tld' ]
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
 .SS \fBproxy_host\fP
 .sp
 Default: \fB\(aq\(aq\fP

doc/ref/configuration/minion.rst

@@ -1403,6 +1403,21 @@ The password used for HTTP proxy access.
 
     proxy_password: obolus
 
+.. conf_minion:: no_proxy
+``no_proxy``
+------------
+.. versionadded:: 2018.3.0
+
+Default: ``[]``
+
+List of hosts to bypass proxy
+
+.. note::
+    This key does nothing unless proxy_host etc is configured, it does not support any kind of wildcards.
+
+.. code-block:: yaml
+    no_proxy: [ '127.0.0.1', 'foo.tld' ]
+
 .. conf_minion:: docker.compare_container_networks
 
 ``docker.compare_container_networks``

doc/topics/tutorials/http.rst

@@ -252,7 +252,7 @@ Proxy
 
 If the ``tornado`` backend is used (``tornado`` is the default), proxy
 information configured in ``proxy_host``, ``proxy_port``, ``proxy_username``,
-and ``proxy_password`` from the ``__opts__`` dictionary will be used.  Normally
+``proxy_password`` and ``no_proxy`` from the ``__opts__`` dictionary will be used.  Normally
 these are set in the minion configuration file.
 
 .. code-block:: yaml
@@ -261,6 +261,7 @@ these are set in the minion configuration file.
     proxy_port: 31337
     proxy_username: charon
     proxy_password: obolus
+    no_proxy: ['127.0.0.1', 'localhost']
 
 .. code-block:: python
 

salt/config/__init__.py

@@ -1091,6 +1091,8 @@ VALID_OPTS = {
     'proxy_username': six.string_types,
     'proxy_password': six.string_types,
     'proxy_port': int,
+    # Exclude list of hostnames from proxy
+    'no_proxy': list,
 
     # Minion de-dup jid cache max size
     'minion_jid_queue_hwm': int,

salt/modules/aptpkg.py

@@ -2236,6 +2236,7 @@ def mod_repo(repo, saltenv='base', **kwargs):
         )
 
     full_comp_list = set(repo_comps)
+    no_proxy = __salt__['config.option']('no_proxy')
 
     if 'keyid' in kwargs:
         keyid = kwargs.pop('keyid', None)
@@ -2255,7 +2256,7 @@ def mod_repo(repo, saltenv='base', **kwargs):
             if keyserver:
                 if not imported:
                     http_proxy_url = _get_http_proxy_url()
-                    if http_proxy_url:
+                    if http_proxy_url and keyserver not in no_proxy:
                         cmd = ['apt-key', 'adv', '--keyserver-options', 'http-proxy={0}'.format(http_proxy_url),
                                '--keyserver', keyserver, '--logger-fd', '1', '--recv-keys', key]
                     else:

salt/utils/http.py

@@ -17,6 +17,7 @@ import io
 import zlib
 import gzip
 import re
+from urlparse import urlparse
 
 import ssl
 try:
@@ -500,6 +501,13 @@ def query(url,
         proxy_port = opts.get('proxy_port', None)
         proxy_username = opts.get('proxy_username', None)
         proxy_password = opts.get('proxy_password', None)
+        no_proxy = opts.get('proxy_host', [])
+
+        # Since tornado doesnt support no_proxy, we'll always hand it empty proxies or valid ones
+        # except we remove the valid ones if a url has a no_proxy hostname in it
+        if urlparse(url_full).hostname in no_proxy:
+          proxy_host = None
+          proxy_port = None
 
         # We want to use curl_http if we have a proxy defined
         if proxy_host and proxy_port: