saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge 3006.x into master

Browse source
This commit is contained in:
Pedro Algarvio 2023-07-18 16:37:08 +01:00
commit df09fd980d
No known key found for this signature in database
GPG key ID: BB36BF6584A298FF
47 changed files with 247 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.github/workflows/ci.yml vendored
View file

@ -141,6 +141,11 @@ jobs:
run:
tools ci print-gh-event
- name: Set Cache Seed Output
id: set-cache-seed
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
@ -234,11 +239,6 @@ jobs:
name: testrun-changed-files.txt
path: testrun-changed-files.txt
- name: Set Cache Seed Output
id: set-cache-seed
run: |
echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT"
- name: Get Release Changelog Target
id: get-release-changelog-target
run: |

10
.github/workflows/nightly.yml vendored
View file

@ -187,6 +187,11 @@ jobs:
run:
tools ci print-gh-event
- name: Set Cache Seed Output
id: set-cache-seed
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
@ -280,11 +285,6 @@ jobs:
name: testrun-changed-files.txt
path: testrun-changed-files.txt
- name: Set Cache Seed Output
id: set-cache-seed
run: |
echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT"
- name: Get Release Changelog Target
id: get-release-changelog-target
run: |

10
.github/workflows/scheduled.yml vendored
View file

@ -177,6 +177,11 @@ jobs:
run:
tools ci print-gh-event
- name: Set Cache Seed Output
id: set-cache-seed
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
@ -270,11 +275,6 @@ jobs:
name: testrun-changed-files.txt
path: testrun-changed-files.txt
- name: Set Cache Seed Output
id: set-cache-seed
run: |
echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT"
- name: Get Release Changelog Target
id: get-release-changelog-target
run: |

10
.github/workflows/staging.yml vendored
View file

@ -167,6 +167,11 @@ jobs:
run:
tools ci print-gh-event
- name: Set Cache Seed Output
id: set-cache-seed
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
@ -266,11 +271,6 @@ jobs:
name: testrun-changed-files.txt
path: testrun-changed-files.txt
- name: Set Cache Seed Output
id: set-cache-seed
run: |
echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT"
- name: Get Release Changelog Target
id: get-release-changelog-target
run: |

10
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -186,6 +186,11 @@ jobs:
run:
tools ci print-gh-event
- name: Set Cache Seed Output
id: set-cache-seed
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
@ -291,11 +296,6 @@ jobs:
name: testrun-changed-files.txt
path: testrun-changed-files.txt
- name: Set Cache Seed Output
id: set-cache-seed
run: |
echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT"
- name: Get Release Changelog Target
id: get-release-changelog-target
run: |

1
changelog/64398.fixed.md Normal file
View file

@ -0,0 +1 @@
Allow for multiple user's keys presented when authenticating, for example: root, salt, etc.

1
changelog/64657.changed.md Normal file
View file

@ -0,0 +1 @@
Bump to `pyyaml==6.0.1` due to https://github.com/yaml/pyyaml/issues/601 and address lint issues

2
requirements/darwin.txt
View file

@ -6,7 +6,7 @@ apache-libcloud>=2.4.0
backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7'
cherrypy>=17.4.1
gitpython>=3.1.30
cryptography>=41.0.1
cryptography>=41.0.2
idna>=2.8
linode-python>=1.1.1
pyasn1>=0.4.8

7
requirements/static/ci/py3.10/cloud.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==2.1.1
# via
# -c requirements/static/ci/py3.10/linux.txt
# requests
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/py3.10/linux.txt
# pyspnego
@ -34,6 +34,8 @@ netaddr==0.8.0
# via
# -c requirements/static/ci/py3.10/linux.txt
# -r requirements/static/ci/cloud.in
ntlm-auth==1.5.0
# via requests-ntlm
profitbricks==4.1.3
# via -r requirements/static/ci/cloud.in
pycparser==2.21
@ -45,11 +47,10 @@ pypsexec==0.3.0
pyspnego==0.9.0
# via
# -r requirements/static/ci/cloud.in
# requests-ntlm
# smbprotocol
pywinrm==0.4.3
# via -r requirements/static/ci/cloud.in
requests-ntlm==1.2.0
requests-ntlm==1.1.0
# via pywinrm
requests==2.31.0
# via

2
requirements/static/ci/py3.10/darwin.txt
View file

@ -93,7 +93,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.10/darwin.txt
# -r requirements/crypto.txt

4
requirements/static/ci/py3.10/freebsd.txt
View file

@ -89,7 +89,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==40.0.2
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# -r requirements/crypto.txt
@ -100,7 +100,7 @@ cryptography==40.0.2
# vcert
distlib==0.3.6
# via virtualenv
distro==1.8.0
distro==1.5.0
# via
# -c requirements/static/ci/../pkg/py3.10/freebsd.txt
# -r requirements/base.txt

2
requirements/static/ci/py3.10/linux.txt
View file

@ -103,7 +103,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.10/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.10/windows.txt
View file

@ -87,7 +87,7 @@ contextvars==2.4
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.10/windows.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.11/cloud.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==2.1.1
# via
# -c requirements/static/ci/py3.11/linux.txt
# requests
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/py3.11/linux.txt
# pyspnego

2
requirements/static/ci/py3.11/darwin.txt
View file

@ -93,7 +93,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.11/darwin.txt
# -r requirements/crypto.txt

4
requirements/static/ci/py3.11/freebsd.txt
View file

@ -89,7 +89,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==40.0.2
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# -r requirements/crypto.txt
@ -100,7 +100,7 @@ cryptography==40.0.2
# vcert
distlib==0.3.6
# via virtualenv
distro==1.8.0
distro==1.5.0
# via
# -c requirements/static/ci/../pkg/py3.11/freebsd.txt
# -r requirements/base.txt

2
requirements/static/ci/py3.11/linux.txt
View file

@ -103,7 +103,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.11/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.11/windows.txt
View file

@ -87,7 +87,7 @@ contextvars==2.4
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.11/windows.txt
# -r requirements/crypto.txt

7
requirements/static/ci/py3.8/cloud.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==2.1.1
# via
# -c requirements/static/ci/py3.8/linux.txt
# requests
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/py3.8/linux.txt
# pyspnego
@ -34,6 +34,8 @@ netaddr==0.8.0
# via
# -c requirements/static/ci/py3.8/linux.txt
# -r requirements/static/ci/cloud.in
ntlm-auth==1.5.0
# via requests-ntlm
profitbricks==4.1.3
# via -r requirements/static/ci/cloud.in
pycparser==2.21
@ -45,11 +47,10 @@ pypsexec==0.3.0
pyspnego==0.9.0
# via
# -r requirements/static/ci/cloud.in
# requests-ntlm
# smbprotocol
pywinrm==0.4.3
# via -r requirements/static/ci/cloud.in
requests-ntlm==1.2.0
requests-ntlm==1.1.0
# via pywinrm
requests==2.31.0
# via

4
requirements/static/ci/py3.8/freebsd.txt
View file

@ -89,7 +89,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==40.0.2
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.8/freebsd.txt
# -r requirements/crypto.txt
@ -100,7 +100,7 @@ cryptography==40.0.2
# vcert
distlib==0.3.6
# via virtualenv
distro==1.8.0
distro==1.5.0
# via
# -c requirements/static/ci/../pkg/py3.8/freebsd.txt
# -r requirements/base.txt

2
requirements/static/ci/py3.8/linux.txt
View file

@ -103,7 +103,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.8/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.8/windows.txt
View file

@ -87,7 +87,7 @@ contextvars==2.4
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.8/windows.txt
# -r requirements/crypto.txt

7
requirements/static/ci/py3.9/cloud.txt
View file

@ -20,7 +20,7 @@ charset-normalizer==2.1.1
# via
# -c requirements/static/ci/py3.9/linux.txt
# requests
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/py3.9/linux.txt
# pyspnego
@ -34,6 +34,8 @@ netaddr==0.8.0
# via
# -c requirements/static/ci/py3.9/linux.txt
# -r requirements/static/ci/cloud.in
ntlm-auth==1.5.0
# via requests-ntlm
profitbricks==4.1.3
# via -r requirements/static/ci/cloud.in
pycparser==2.21
@ -45,11 +47,10 @@ pypsexec==0.3.0
pyspnego==0.9.0
# via
# -r requirements/static/ci/cloud.in
# requests-ntlm
# smbprotocol
pywinrm==0.4.3
# via -r requirements/static/ci/cloud.in
requests-ntlm==1.2.0
requests-ntlm==1.1.0
# via pywinrm
requests==2.31.0
# via

2
requirements/static/ci/py3.9/darwin.txt
View file

@ -93,7 +93,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.9/darwin.txt
# -r requirements/crypto.txt

4
requirements/static/ci/py3.9/freebsd.txt
View file

@ -89,7 +89,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==40.0.2
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# -r requirements/crypto.txt
@ -100,7 +100,7 @@ cryptography==40.0.2
# vcert
distlib==0.3.6
# via virtualenv
distro==1.8.0
distro==1.5.0
# via
# -c requirements/static/ci/../pkg/py3.9/freebsd.txt
# -r requirements/base.txt

2
requirements/static/ci/py3.9/linux.txt
View file

@ -103,7 +103,7 @@ contextvars==2.4
# -r requirements/base.txt
croniter==1.3.15 ; sys_platform != "win32"
# via -r requirements/static/ci/common.in
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.9/linux.txt
# -r requirements/crypto.txt

2
requirements/static/ci/py3.9/windows.txt
View file

@ -87,7 +87,7 @@ contextvars==2.4
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -c requirements/static/ci/../pkg/py3.9/windows.txt
# -r requirements/crypto.txt

2
requirements/static/pkg/linux.in
View file

@ -9,4 +9,4 @@ rpm-vercmp
setproctitle>=1.2.3
timelib>=0.2.5
importlib-metadata>=3.3.0
cryptography>=41.0.1
cryptography>=41.0.2

2
requirements/static/pkg/py3.10/darwin.txt
View file

@ -20,7 +20,7 @@ cherrypy==18.8.0
# via -r requirements/darwin.txt
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/darwin.txt

4
requirements/static/pkg/py3.10/freebsd.txt
View file

@ -18,11 +18,11 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/freebsd.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==40.0.2
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# pyopenssl
distro==1.8.0
distro==1.5.0
# via
# -r requirements/base.txt
# -r requirements/static/pkg/freebsd.in

2
requirements/static/pkg/py3.10/linux.txt
View file

@ -18,7 +18,7 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/linux.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/static/pkg/linux.in

2
requirements/static/pkg/py3.10/windows.txt
View file

@ -25,7 +25,7 @@ clr-loader==0.2.4
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/windows.txt

2
requirements/static/pkg/py3.11/darwin.txt
View file

@ -20,7 +20,7 @@ cherrypy==18.8.0
# via -r requirements/darwin.txt
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/darwin.txt

4
requirements/static/pkg/py3.11/freebsd.txt
View file

@ -18,11 +18,11 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/freebsd.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==40.0.2
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# pyopenssl
distro==1.8.0
distro==1.5.0
# via
# -r requirements/base.txt
# -r requirements/static/pkg/freebsd.in

2
requirements/static/pkg/py3.11/linux.txt
View file

@ -18,7 +18,7 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/linux.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/static/pkg/linux.in

2
requirements/static/pkg/py3.11/windows.txt
View file

@ -25,7 +25,7 @@ clr-loader==0.2.4
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/windows.txt

4
requirements/static/pkg/py3.8/freebsd.txt
View file

@ -18,11 +18,11 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/freebsd.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==40.0.2
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# pyopenssl
distro==1.8.0
distro==1.5.0
# via
# -r requirements/base.txt
# -r requirements/static/pkg/freebsd.in

2
requirements/static/pkg/py3.8/linux.txt
View file

@ -18,7 +18,7 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/linux.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/static/pkg/linux.in

2
requirements/static/pkg/py3.8/windows.txt
View file

@ -25,7 +25,7 @@ clr-loader==0.2.4
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/windows.txt

2
requirements/static/pkg/py3.9/darwin.txt
View file

@ -20,7 +20,7 @@ cherrypy==18.8.0
# via -r requirements/darwin.txt
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/darwin.txt

4
requirements/static/pkg/py3.9/freebsd.txt
View file

@ -18,11 +18,11 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/freebsd.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==40.0.2
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# pyopenssl
distro==1.8.0
distro==1.5.0
# via
# -r requirements/base.txt
# -r requirements/static/pkg/freebsd.in

2
requirements/static/pkg/py3.9/linux.txt
View file

@ -18,7 +18,7 @@ cherrypy==18.8.0
# via -r requirements/static/pkg/linux.in
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/static/pkg/linux.in

2
requirements/static/pkg/py3.9/windows.txt
View file

@ -25,7 +25,7 @@ clr-loader==0.2.4
# via pythonnet
contextvars==2.4
# via -r requirements/base.txt
cryptography==41.0.1
cryptography==41.0.2
# via
# -r requirements/crypto.txt
# -r requirements/windows.txt

2
requirements/windows.txt
View file

@ -11,7 +11,7 @@ certifi>=2022.12.07
cffi>=1.14.5
cherrypy>=18.6.1
gitpython>=3.1.30
cryptography>=41.0.1
cryptography>=41.0.2
lxml>=4.6.3
pyasn1>=0.4.8
pymssql>=2.2.1

56
salt/auth/__init__.py
View file

@ -137,7 +137,7 @@ class LoadAuth:
mod = self.opts["eauth_acl_module"]
if not mod:
mod = load["eauth"]
fstr = "{}.acl".format(mod)
fstr = f"{mod}.acl"
if fstr not in self.auth:
return None
fcall = salt.utils.args.format_call(
@ -323,6 +323,7 @@ class LoadAuth:
failure.
"""
error_msg = 'Authentication failure of type "user" occurred.'
auth_key = load.pop("key", None)
if auth_key is None:
log.warning(error_msg)
@ -331,28 +332,35 @@ class LoadAuth:
if "user" in load:
auth_user = AuthUser(load["user"])
if auth_user.is_sudo():
# If someone sudos check to make sure there is no ACL's around their username
if auth_key != key[self.opts.get("user", "root")]:
log.warning(error_msg)
return False
return auth_user.sudo_name()
for check_key in key:
if auth_key == key[check_key]:
return auth_user.sudo_name()
return False
elif (
load["user"] == self.opts.get("user", "root") or load["user"] == "root"
):
if auth_key != key[self.opts.get("user", "root")]:
log.warning(
"Master runs as %r, but user in payload is %r",
self.opts.get("user", "root"),
load["user"],
)
log.warning(error_msg)
return False
for check_key in key:
dgm_user = self.opts.get("user", "root")
dgm_check_key = key[check_key]
if auth_key == key[check_key]:
return True
log.warning(
"Master runs as %r, but user in payload is %r",
self.opts.get("user", "root"),
load["user"],
)
log.warning(error_msg)
return False
elif auth_user.is_running_user():
if auth_key != key.get(load["user"]):
log.warning(error_msg)
return False
elif auth_key == key.get("root"):
pass
elif auth_key == key.get("salt"):
# there is nologin for salt
pass
else:
if load["user"] in key:
# User is authorised, check key and check perms
@ -364,9 +372,13 @@ class LoadAuth:
log.warning(error_msg)
return False
else:
if auth_key != key[salt.utils.user.get_user()]:
log.warning(error_msg)
return False
for check_key in key:
if auth_key == key[check_key]:
return True
log.warning(error_msg)
return False
return True
def get_auth_list(self, load, token=None):
@ -464,7 +476,7 @@ class LoadAuth:
msg = 'Authentication failure of type "user" occurred'
if not auth_ret: # auth_ret can be a boolean or the effective user id
if show_username:
msg = "{} for user {}.".format(msg, username)
msg = f"{msg} for user {username}."
ret["error"] = {"name": "UserAuthenticationError", "message": msg}
return ret
@ -525,7 +537,7 @@ class Resolver:
if not eauth:
print("External authentication system has not been specified")
return ret
fstr = "{}.auth".format(eauth)
fstr = f"{eauth}.auth"
if fstr not in self.auth:
print(
'The specified external authentication system "{}" is not available'.format(
@ -544,14 +556,14 @@ class Resolver:
if arg in self.opts:
ret[arg] = self.opts[arg]
elif arg.startswith("pass"):
ret[arg] = getpass.getpass("{}: ".format(arg))
ret[arg] = getpass.getpass(f"{arg}: ")
else:
ret[arg] = input("{}: ".format(arg))
ret[arg] = input(f"{arg}: ")
for kwarg, default in list(args["kwargs"].items()):
if kwarg in self.opts:
ret["kwarg"] = self.opts[kwarg]
else:
ret[kwarg] = input("{} [{}]: ".format(kwarg, default))
ret[kwarg] = input(f"{kwarg} [{default}]: ")
# Use current user if empty
if "username" in ret and not ret["username"]:

64
tests/pytests/unit/daemons/masterapi/test_local_funcs.py
View file

@ -11,11 +11,24 @@ pytestmark = [
@pytest.fixture
def local_funcs():
def check_keys():
return {
"test": "mGXdurU1c8lXt5cmpbGq4rWvrOvDXxkwI9gbkP5CBBjpyGWuB8vkgz9r+sjjG0wVDL9/uFuREtk=",
"root": "2t5HHv/ek2wIFh8tTX2c3hdt+6V+93xKlcXb7IlGLIszOeCVv2NuH38LyCw9UwQTfUFTeseXhSs=",
}
@pytest.fixture
def local_funcs(master_opts):
opts = salt.config.master_config(None)
return masterapi.LocalFuncs(opts, "test-key")
@pytest.fixture
def check_local_funcs(master_opts, check_keys):
return masterapi.LocalFuncs(master_opts, check_keys)
# runner tests
@ -510,3 +523,52 @@ def test_publish_user_authorization_error(local_funcs):
"salt.utils.minions.CkMinions.auth_check", MagicMock(return_value=False)
):
assert mock_ret == local_funcs.publish(load)
def test_dual_key_auth(check_local_funcs):
"""
Test for check for presented dual keys (salt, root) are authenticated
"""
load = {
"user": "test",
"fun": "test.arg",
"tgt": "test_minion",
"kwargs": {"user": "test"},
"arg": "foo",
"key": "mGXdurU1c8lXt5cmpbGq4rWvrOvDXxkwI9gbkP5CBBjpyGWuB8vkgz9r+sjjG0wVDL9/uFuREtk=",
}
with patch(
"salt.acl.PublisherACL.user_is_blacklisted", MagicMock(return_value=False)
), patch(
"salt.acl.PublisherACL.cmd_is_blacklisted", MagicMock(return_value=False)
), patch(
"salt.utils.master.get_values_of_matching_keys",
MagicMock(return_value=["test"]),
):
results = check_local_funcs.publish(load)
assert results == {"enc": "clear", "load": {"jid": None, "minions": []}}
def test_dual_key_auth_sudo(check_local_funcs):
"""
Test for check for presented dual keys (salt, root) are authenticated
with a sudo user
"""
load = {
"user": "sudo_test",
"fun": "test.arg",
"tgt": "test_minion",
"kwargs": {"user": "sudo_test"},
"arg": "foo",
"key": "mGXdurU1c8lXt5cmpbGq4rWvrOvDXxkwI9gbkP5CBBjpyGWuB8vkgz9r+sjjG0wVDL9/uFuREtk=",
}
with patch(
"salt.acl.PublisherACL.user_is_blacklisted", MagicMock(return_value=False)
), patch(
"salt.acl.PublisherACL.cmd_is_blacklisted", MagicMock(return_value=False)
), patch(
"salt.utils.master.get_values_of_matching_keys",
MagicMock(return_value=["test"]),
):
results = check_local_funcs.publish(load)
assert results == {"enc": "clear", "load": {"jid": None, "minions": []}}

69
tools/ci.py
View file

@ -8,6 +8,7 @@ import json
import logging
import os
import pathlib
import random
import sys
import time
from typing import TYPE_CHECKING, Any
@ -1012,3 +1013,71 @@ def get_testing_releases(
wfh.write(f"testing-releases={json.dumps(str_releases)}\n")
ctx.exit(0)
@ci.command(
name="define-cache-seed",
arguments={
"static_cache_seed": {
"help": "The static cache seed value",
},
"randomize": {
"help": "Randomize the cache seed value",
},
},
)
def define_cache_seed(ctx: Context, static_cache_seed: str, randomize: bool = False):
"""
Set `cache-seed` in GH Actions outputs.
"""
github_output = os.environ.get("GITHUB_OUTPUT")
if github_output is None:
ctx.warn("The 'GITHUB_OUTPUT' variable is not set.")
ctx.exit(1)
if TYPE_CHECKING:
assert github_output is not None
github_step_summary = os.environ.get("GITHUB_STEP_SUMMARY")
if github_step_summary is None:
ctx.warn("The 'GITHUB_STEP_SUMMARY' variable is not set.")
ctx.exit(1)
if TYPE_CHECKING:
assert github_step_summary is not None
labels: list[str] = []
gh_event_path = os.environ.get("GITHUB_EVENT_PATH") or None
if gh_event_path is not None:
try:
gh_event = json.loads(open(gh_event_path).read())
except Exception as exc:
ctx.error(
f"Could not load the GH Event payload from {gh_event_path!r}:\n", exc
)
ctx.exit(1)
labels.extend(
label[0] for label in _get_pr_test_labels_from_event_payload(gh_event)
)
if randomize is True:
cache_seed = f"SEED-{random.randint(100, 1000)}"
with open(github_step_summary, "a", encoding="utf-8") as wfh:
wfh.write(
f"The cache seed has been randomized to `{cache_seed}` because "
"`--randomize` was passed to `tools ci define-cache-seed`."
)
elif "test:random-cache-seed" in labels:
cache_seed = f"SEED-{random.randint(100, 1000)}"
with open(github_step_summary, "a", encoding="utf-8") as wfh:
wfh.write(
f"The cache seed has been randomized to `{cache_seed}` because "
"the label `test:random-cache-seed` was set."
)
else:
cache_seed = static_cache_seed
ctx.info("Writing 'cache-seed' to the github outputs file")
with open(github_output, "a", encoding="utf-8") as wfh:
wfh.write(f"cache-seed={cache_seed}\n")