Merge 3006.x into 3007.x

2025-04-17 10:10:20 +00:00 · 2023-12-14 11:32:20 +00:00 · 2023-12-14 11:32:20 +00:00 · e3ba31dc7a
commit e3ba31dc7a
parent d7549bd155 8b3bdd4f0b
197 changed files with 10779 additions and 8881 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -139,6 +139,8 @@ jobs:
            arch: x86
          - platform: darwin
            arch: x86_64
          - platform: darwin
            arch: aarch64
    steps:
      - uses: actions/checkout@v4
--- a/.github/workflows/templates/release.yml.jinja
+++ b/.github/workflows/templates/release.yml.jinja
@ -173,6 +173,8 @@ permissions:
            arch: x86
          - platform: darwin
            arch: x86_64
          - platform: darwin
            arch: aarch64
    steps:
      - uses: actions/checkout@v4
--- a/.github/workflows/test-packages-action-macos.yml
+++ b/.github/workflows/test-packages-action-macos.yml
@ -122,7 +122,7 @@ jobs:
        uses: actions/download-artifact@v3
        with:
          name: salt-${{ inputs.salt-version }}-${{ inputs.arch }}-${{ inputs.pkg-type }}
-          path: pkg/artifacts/
+          path: artifacts/pkg/
      - name: Install System Dependencies
        run: |
@ -130,7 +130,7 @@ jobs:
      - name: List Packages
        run: |
-          tree pkg/artifacts
+          tree artifacts/pkg/
      - name: Download Onedir Tarball as an Artifact
        uses: actions/download-artifact@v3
@ -214,6 +214,7 @@ jobs:
          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
          path: |
            artifacts
            !artifacts/pkg/*
            !artifacts/salt/*
            !artifacts/salt-*.tar.*
--- a/.github/workflows/test-packages-action.yml
+++ b/.github/workflows/test-packages-action.yml
@ -133,7 +133,7 @@ jobs:
        uses: actions/download-artifact@v3
        with:
          name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-${{ inputs.arch }}-${{ inputs.pkg-type }}
-          path: pkg/artifacts/
+          path: artifacts/pkg/
      - name: Download Onedir Tarball as an Artifact
        uses: actions/download-artifact@v3
@ -150,7 +150,7 @@ jobs:
      - name: List Packages
        run: |
-          tree pkg/artifacts
+          tree artifacts/pkg/
      - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
        uses: actions/cache@v3.3.1
@ -230,6 +230,7 @@ jobs:
          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
          path: |
            artifacts
            !artifacts/pkg/*
            !artifacts/salt/*
            !artifacts/salt-*.tar.*
--- a/.gitignore
+++ b/.gitignore
@ -119,7 +119,6 @@ kitchen.local.yml
 .bundle/
 Gemfile.lock
 /artifacts/
 /pkg/artifacts/
 requirements/static/*/py*/*.log
 # Vim's default session file
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,83 @@ Versions are `MAJOR.PATCH`.
 # Changelog
 ## 3006.5 (2023-12-12)
 ### Removed
 - Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029)
 ### Fixed
 - Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098)
 - Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722)
 - Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802)
 - Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002)
 - Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230)
 - Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130)
 - Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts).
  * `tasks/docs.py` -> `tools/precommit/docs.py`
  * `tasks/docstrings.py` -> `tools/precommit/docstrings.py`
  * `tasks/loader.py` -> `tools/precommit/loader.py`
  * `tasks/filemap.py` -> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374)
 - Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
 - Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473)
 - Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword
  argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497)
 - Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572)
 - Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575)
 - Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588)
 - Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597)
 - Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888)
 - Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953)
 - Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027)
 - Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086)
 - Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093)
 - Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114)
 - speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152)
 - Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165)
 - Ensure __kwarg__ is preserved when checking for kwargs.  This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179)
 - Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210)
 - Install logrotate config as /etc/logrotate.d/salt-common for Debian packages
  Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231)
 - Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287)
 - Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288)
 - Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302)
 - Uprade relenv to 0.14.2
   - Update openssl to address CVE-2023-5363.
   - Fix bug in openssl setup when openssl binary can't be found.
   - Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316)
 - Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340)
 - Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358)
 - Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372)
 - Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400)
 - Fixes an issue setting user or machine policy on Windows when the Group Policy
  directory is missing [#65411](https://github.com/saltstack/salt/issues/65411)
 - Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450)
 - pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458)
 - Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464)
 - Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483)
 - Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501)
 - Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554)
 - Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581)
 - Fixed an issue where Salt Cloud would fail if it could not delete lingering
  PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584)
 ### Added
 - Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223)
 - Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455)
 ### Security
 - Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
 - Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643)
 ## 3006.4 (2023-10-16)
--- a/changelog/38098.fixed.md
+++ b/changelog/38098.fixed.md
@ -1 +0,0 @@
 Improved error message when state arguments are accidentally passed as a string
--- a/changelog/44722.fixed.md
+++ b/changelog/44722.fixed.md
@ -1 +0,0 @@
 Allow `pip.install` to create a log file that is passed in if the parent directory is writeable
--- a/changelog/59802.fixed.md
+++ b/changelog/59802.fixed.md
@ -1 +0,0 @@
 Fixed merging of complex pillar overrides with salt-ssh states
--- a/changelog/60002.fixed.md
+++ b/changelog/60002.fixed.md
@ -1 +0,0 @@
 Fixed gpg pillar rendering with salt-ssh
--- a/changelog/62230.fixed.md
+++ b/changelog/62230.fixed.md
@ -1 +0,0 @@
 Made salt-ssh states not re-render pillars unnecessarily
--- a/changelog/64130.fixed.md
+++ b/changelog/64130.fixed.md
@ -1 +0,0 @@
 Made Salt maintain options in Debian package repo definitions
--- a/changelog/64223.added.md
+++ b/changelog/64223.added.md
@ -1 +0,0 @@
 Added Salt support for Debian 12
--- a/changelog/64374.fixed.md
+++ b/changelog/64374.fixed.md
@ -1,6 +0,0 @@
 Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts).
 * `tasks/docs.py` -> `tools/precommit/docs.py`
 * `tasks/docstrings.py` -> `tools/precommit/docstrings.py`
 * `tasks/loader.py` -> `tools/precommit/loader.py`
 * `tasks/filemap.py` -> `tools/precommit/filemap.py`
--- a/changelog/64377.fixed.md
+++ b/changelog/64377.fixed.md
@ -1 +0,0 @@
 Fix salt user login shell path in Debian packages
--- a/changelog/64455.added.md
+++ b/changelog/64455.added.md
@ -1 +0,0 @@
 Added Salt support for Amazon Linux 2023
--- a/changelog/64473.fixed.md
+++ b/changelog/64473.fixed.md
@ -1 +0,0 @@
 Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data
--- a/changelog/64497.fixed.md
+++ b/changelog/64497.fixed.md
@ -1,2 +0,0 @@
 Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword
 argument was not being respected.
--- a/changelog/64572.fixed.md
+++ b/changelog/64572.fixed.md
@ -1 +0,0 @@
 Move salt.ufw to correct location /etc/ufw/applications.d/
--- a/changelog/64575.fixed.md
+++ b/changelog/64575.fixed.md
@ -1 +0,0 @@
 Fixed salt-ssh stacktrace when retcode is not an integer
--- a/changelog/64588.fixed.md
+++ b/changelog/64588.fixed.md
@ -1 +0,0 @@
 Fixed SSH shell seldomly fails to report any exit code
--- a/changelog/64597.fixed.md
+++ b/changelog/64597.fixed.md
@ -1 +0,0 @@
 Fixed some issues in x509_v2 execution module private key functions
--- a/changelog/64888.fixed.md
+++ b/changelog/64888.fixed.md
@ -1 +0,0 @@
 Fixed grp.getgrall() in utils/user.py causing performance issues
--- a/changelog/64953.fixed.md
+++ b/changelog/64953.fixed.md
@ -1 +0,0 @@
 Fix user.list_groups omits remote groups via sssd, etc.
--- a/changelog/65027.fixed.md
+++ b/changelog/65027.fixed.md
@ -1 +0,0 @@
 Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file
--- a/changelog/65029.removed.md
+++ b/changelog/65029.removed.md
@ -1 +0,0 @@
 Tech Debt - support for pysss removed due to functionality addition in Python 3.3
--- a/changelog/65086.fixed.md
+++ b/changelog/65086.fixed.md
@ -1 +0,0 @@
 Moved gitfs locks to salt working dir to avoid lock wipes
--- a/changelog/65093.fixed.md
+++ b/changelog/65093.fixed.md
@ -1 +0,0 @@
 Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI
--- a/changelog/65114.fixed.md
+++ b/changelog/65114.fixed.md
@ -1 +0,0 @@
 Fix nonce verification, request server replies do not stomp on eachother.
--- a/changelog/65152.fixed.md
+++ b/changelog/65152.fixed.md
@ -1 +0,0 @@
 speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup.
--- a/changelog/65165.fixed.md
+++ b/changelog/65165.fixed.md
@ -1 +0,0 @@
 Fix pkg.latest failing on windows for winrepo packages where the package is already up to date
--- a/changelog/65179.fixed.md
+++ b/changelog/65179.fixed.md
@ -1 +0,0 @@
 Ensure __kwarg__ is preserved when checking for kwargs.  This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id.
--- a/changelog/65193.fixed.md
+++ b/changelog/65193.fixed.md
@ -0,0 +1,2 @@
 Fix issue with openscap when the error was outside the expected scope. It now
 returns failed with the error code and the error
--- a/changelog/65210.fixed.md
+++ b/changelog/65210.fixed.md
@ -1 +0,0 @@
 Fixes traceback when state id is an int in a reactor SLS file.
--- a/changelog/65231.fixed.md
+++ b/changelog/65231.fixed.md
@ -1,2 +0,0 @@
 Install logrotate config as /etc/logrotate.d/salt-common for Debian packages
 Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists.
--- a/changelog/65268.security.md
+++ b/changelog/65268.security.md
@ -1 +0,0 @@
 Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9
--- a/changelog/65287.fixed.md
+++ b/changelog/65287.fixed.md
@ -1 +0,0 @@
 Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9
--- a/changelog/65288.fixed.md
+++ b/changelog/65288.fixed.md
@ -1 +0,0 @@
 Preserve ownership on log rotation
--- a/changelog/65302.fixed.md
+++ b/changelog/65302.fixed.md
@ -1 +0,0 @@
 Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments.
--- a/changelog/65316.fixed.md
+++ b/changelog/65316.fixed.md
@ -1,4 +0,0 @@
 Uprade relenv to 0.14.2
 - Update openssl to address CVE-2023-5363.
 - Fix bug in openssl setup when openssl binary can't be found.
 - Add M1 mac support.
--- a/changelog/65340.fixed.md
+++ b/changelog/65340.fixed.md
@ -1 +0,0 @@
 Fix regex for filespec adding/deleting fcontext policy in selinux
--- a/changelog/65358.fixed.md
+++ b/changelog/65358.fixed.md
@ -1 +0,0 @@
 Ensure CLI options take priority over Saltfile options
--- a/changelog/65372.fixed.md
+++ b/changelog/65372.fixed.md
@ -1 +0,0 @@
 Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)`
--- a/changelog/65400.fixed.md
+++ b/changelog/65400.fixed.md
@ -1 +0,0 @@
 Client only process events which tag conforms to an event return.
--- a/changelog/65411.fixed.md
+++ b/changelog/65411.fixed.md
@ -1,2 +0,0 @@
 Fixes an issue setting user or machine policy on Windows when the Group Policy
 directory is missing
--- a/changelog/65450.fixed.md
+++ b/changelog/65450.fixed.md
@ -1 +0,0 @@
 Fix regression in file module which was not re-using a file client.
--- a/changelog/65458.fixed.md
+++ b/changelog/65458.fixed.md
@ -1 +0,0 @@
 pip.installed state will now properly fail when a specified user does not exists
--- a/changelog/65464.fixed.md
+++ b/changelog/65464.fixed.md
@ -1 +0,0 @@
 Publish channel connect callback method properly closes it's request channel.
--- a/changelog/65483.fixed.md
+++ b/changelog/65483.fixed.md
@ -1 +0,0 @@
 Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed
--- a/changelog/65501.fixed.md
+++ b/changelog/65501.fixed.md
@ -1 +0,0 @@
 Fix file.comment ignore_missing not working with multiline char
--- a/changelog/65554.fixed.md
+++ b/changelog/65554.fixed.md
@ -1 +0,0 @@
 Warn when an un-closed transport client is being garbage collected.
--- a/changelog/65581.fixed.md
+++ b/changelog/65581.fixed.md
@ -1 +0,0 @@
 Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist.
--- a/changelog/65584.fixed.md
+++ b/changelog/65584.fixed.md
@ -1,2 +0,0 @@
 Fixed an issue where Salt Cloud would fail if it could not delete lingering
 PAexec binaries
--- a/changelog/65643.security.md
+++ b/changelog/65643.security.md
@ -1 +0,0 @@
 Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97
--- a/changelog/65670.fixed.md
+++ b/changelog/65670.fixed.md
@ -0,0 +1 @@
 Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when called via saltutil.cmd or in an orchestration
--- a/doc/man/salt-api.1
+++ b/doc/man/salt-api.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-API" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-API" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .sp
--- a/doc/man/salt-call.1
+++ b/doc/man/salt-call.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CALL" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-CALL" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .SH SYNOPSIS
--- a/doc/man/salt-cloud.1
+++ b/doc/man/salt-cloud.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CLOUD" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-CLOUD" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .sp
--- a/doc/man/salt-cp.1
+++ b/doc/man/salt-cp.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CP" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-CP" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .sp
--- a/doc/man/salt-key.1
+++ b/doc/man/salt-key.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-KEY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-KEY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .SH SYNOPSIS
--- a/doc/man/salt-master.1
+++ b/doc/man/salt-master.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MASTER" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-MASTER" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .sp
--- a/doc/man/salt-minion.1
+++ b/doc/man/salt-minion.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MINION" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-MINION" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .sp
--- a/doc/man/salt-proxy.1
+++ b/doc/man/salt-proxy.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-PROXY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-PROXY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .sp
--- a/doc/man/salt-run.1
+++ b/doc/man/salt-run.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-RUN" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-RUN" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .sp
--- a/doc/man/salt-ssh.1
+++ b/doc/man/salt-ssh.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SSH" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-SSH" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .SH SYNOPSIS
--- a/doc/man/salt-syndic.1
+++ b/doc/man/salt-syndic.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SYNDIC" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT-SYNDIC" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .sp
--- a/doc/man/salt.1
+++ b/doc/man/salt.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt \- salt
 .SH SYNOPSIS
--- a/doc/man/salt.7
+++ b/doc/man/salt.7
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "7" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SALT" "7" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 salt \- Salt Documentation
 .SH SALT PROJECT
@ -1404,6 +1404,9 @@ If someone isn\(aqt an expert in this area, what will they need to know?
 .sp
 This will also help you out, because when you go to create the PR it
 will automatically insert the body of your commit messages.
 .sp
 See the \fI\%changelog\fP
 docs for more information.
 .SS Pull request time!
 .sp
 Once you\(aqve done all your dev work and tested locally, you should check
@ -7880,6 +7883,13 @@ log_level: warning
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes:
 #. profile
 #. debug
 #. trace
 #. garbage
 #. all
 .SS \fBlog_level_logfile\fP
 .sp
 Default: \fBwarning\fP
@ -7897,6 +7907,13 @@ log_level_logfile: warning
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes:
 #. profile
 #. debug
 #. trace
 #. garbage
 #. all
 .SS \fBlog_datefmt\fP
 .sp
 Default: \fB%H:%M:%S\fP
@ -12644,6 +12661,13 @@ log_level: warning
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes:
 #. profile
 #. debug
 #. trace
 #. garbage
 #. all
 .SS \fBlog_level_logfile\fP
 .sp
 Default: \fBwarning\fP
@ -12661,6 +12685,13 @@ log_level_logfile: warning
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes:
 #. profile
 #. debug
 #. trace
 #. garbage
 #. all
 .SS \fBlog_datefmt\fP
 .sp
 Default: \fB%H:%M:%S\fP
@ -15144,7 +15175,7 @@ For reference, see:
 # One of \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, info\(aq, \(aqwarning\(aq, \(aqerror\(aq, \(aqcritical\(aq.
 #
 # The following log levels are considered INSECURE and may log sensitive data:
-# [\(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq]
+# [\(aqprofile\(aq, \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqall\(aq]
 #
 #log_level: warning
@ -16125,7 +16156,7 @@ For reference, see:
 # One of \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqinfo\(aq, \(aqwarning\(aq, \(aqerror\(aq, \(aqcritical\(aq.
 #
 # The following log levels are considered INSECURE and may log sensitive data:
-# [\(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq]
+# [\(aqprofile\(aq, \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqall\(aq]
 #
 # Default: \(aqwarning\(aq
 #log_level: warning
@ -16836,7 +16867,7 @@ For reference, see:
 # One of \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqinfo\(aq, \(aqwarning\(aq, \(aqerror\(aq, \(aqcritical\(aq.
 #
 # The following log levels are considered INSECURE and may log sensitive data:
-# [\(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq]
+# [\(aqprofile\(aq, \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqall\(aq]
 #
 # Default: \(aqwarning\(aq
 #log_level: warning
@ -19003,6 +19034,13 @@ Everything
 T}
 _
 .TE
 .sp
 Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes:
 #. profile
 #. debug
 #. trace
 #. garbage
 #. all
 .SS Available Configuration Settings
 .SS \fBlog_file\fP
 .sp
@ -23710,7 +23748,7 @@ most secure setup, only connect syndics directly to master of masters.
 .INDENT 0.0
 .TP
 .B email
-\fI\%saltproject-security.pdl@broadcom.com\fP
+\fI\%saltproject\-security.pdl@broadcom.com\fP
 .TP
 .B gpg key ID
 4EA0793D
@ -23831,7 +23869,7 @@ fwPKmQ2cKnCBs5ASj1DkgUcz2c8DTUPVqg==
 .UNINDENT
 .UNINDENT
 .sp
-The SaltStack Security Team is available at \fI\%saltproject-security.pdl@broadcom.com\fP for
+The SaltStack Security Team is available at \fI\%saltproject\-security.pdl@broadcom.com\fP for
 security\-related bug reports or questions.
 .sp
 We request the disclosure of any security\-related bugs or issues be reported
@ -23845,7 +23883,7 @@ seriously. Our disclosure policy is intended to resolve security issues as
 quickly and safely as is possible.
 .INDENT 0.0
 .IP 1. 3
-A security report sent to \fI\%saltproject-security.pdl@broadcom.com\fP is assigned to a team
+A security report sent to \fI\%saltproject\-security.pdl@broadcom.com\fP is assigned to a team
 member. This person is the primary contact for questions and will
 coordinate the fix, release, and announcement.
 .IP 2. 3
@ -57834,7 +57872,7 @@ jim_nologin:
 .UNINDENT
 .UNINDENT
-.SS Creates
+.SS creates
 .sp
 New in version 3001.
@ -85544,6 +85582,243 @@ tools pkg build windows \-\-salt\-version <salt\-version> \-\-arch <arch>
 .sp
 The python library is available in the install directory of the onedir package. For example
 on linux the default location would be \fB/opt/saltstack/salt/bin/python3\fP\&.
 .SS Testing the packages
 .sp
 If you want to test your built packages, or any other collection of salt packages post 3006.0, follow \fI\%this guide\fP
 .SS Testing packages
 .SS The package test suite
 .sp
 The salt repo provides a test suite for testing basic functionality of our
 packages at \fB<repo\-root>/pkg/tests/\fP\&. You can run the install, upgrade, and
 downgrade tests. These tests run automatically on most PRs that are submitted
 against Salt.
 .sp
 \fBWARNING:\fP
 .INDENT 0.0
 .INDENT 3.5
 These tests make destructive changes to your system because they install the
 built packages onto the system. They may also install older versions in the
 case of upgrades or downgrades. To prevent destructive changes, run the
 tests in an isolated system, preferably a virtual machine.
 .UNINDENT
 .UNINDENT
 .SS Setup
 .sp
 In order to run the package tests, the \fI\%relenv\fP onedir and
 built packages need to be placed in the correct locations.
 .INDENT 0.0
 .IP \(bu 2
 Place all salt packages for the applicable testing version in
 \fB<repo\-root>/pkg/artifacts/\fP\&.
 .IP \(bu 2
 The onedir must be located under \fB<repo\-root>/artifacts/\fP\&.
 .IP \(bu 2
 Additionally, to ensure complete parity with Salt\(aqs CI/CD suite, place the
 \fBnox\fP virtual environment in \fB<repo\-root>/.nox/test\-pkgs\-onedir\fP\&.
 .UNINDENT
 .sp
 The following are a few ways this can be accomplished easily.
 .sp
 You can ensure parity by installing the package test suite through a few
 possible methods:
 .INDENT 0.0
 .IP \(bu 2
 Using \fBtools\fP
 .IP \(bu 2
 Downloading individually
 .UNINDENT
 .SS Using \fBtools\fP
 .sp
 Salt has preliminary support for setting up the package test suite in the
 \fBtools\fP command suite that is located under \fB<repo\-root>/tools/testsuite/\fP\&.
 This method requires the Github CLI tool \fBgh\fP (\fI\%https://cli.github.com/\fP) to be properly configured for
 interaction with the salt repo.
 .INDENT 0.0
 .IP 1. 3
 Install the dependencies using this command:
 .INDENT 3.0
 .INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
 pip install \-r requirements/static/ci/py{python_version}/tools.txt
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .IP 2. 3
 Download and extract the artifacts with this \fBtools\fP command:
 .INDENT 3.0
 .INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
 tools ts setup \-\-platform {linux|darwin|windows} \-\-slug
 <operating\-system\-slug> \-\-pr <pr\-number> \-\-pkg
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 The most common use case is to test the packages built on a CI/CD run for a
 given PR. To see the possible options for each argument, and other ways to
 utilize this command, use the following:
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
 tools ts setup \-h
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .sp
 \fBWARNING:\fP
 .INDENT 0.0
 .INDENT 3.5
 You can only download artifacts from finished workflow runs. This is something
 imposed by the GitHub API.
 To download artifacts from a running workflow run, you either have to wait for
 the finish or cancel it.
 .UNINDENT
 .UNINDENT
 .SS Downloading individually
 .sp
 If the \fBtools ts setup\fP command doesn\(aqt work, you can download, unzip, and
 place the artifacts in the correct locations manually. Typically, you want to
 test packages built on a CI/CD run for a given PR. This guide explains how to
 set up for running the package tests using those artifacts. An analogous process
 can be performed for artifacts from nightly builds.
 .INDENT 0.0
 .IP 1. 3
 Find and download the artifacts:
 .INDENT 3.0
 .INDENT 3.5
 Under the summary page for the most recent actions run for that PR, there is
 a list of available artifacts from that run that can be downloaded. Download
 the package artifacts by finding
 \fBsalt\-<major>.<minor>+<number>.<sha>\-<arch>\-<pkg\-type>\fP\&.  For example, the
 amd64 deb packages might look like:
 \fBsalt\-3006.2+123.01234567890\-x86_64\-deb\fP\&.
 .sp
 The onedir artifact will look like
 \fBsalt\-<major>.<minor>+<number>.<sha>\-onedir\-<platform>\-<arch>.tar.xz\fP\&. For
 instance, the macos x86_64 onedir may have the name
 \fBsalt\-3006.2+123.01234567890\-onedir\-darwin\-x86_64.tar.xz\fP\&.
 .sp
 \fBNOTE:\fP
 .INDENT 0.0
 .INDENT 3.5
 Windows onedir artifacts have \fB\&.zip\fP extensions instead of \fBtar.xz\fP
 .UNINDENT
 .UNINDENT
 .sp
 While it is optional, it is recommended to download the \fBnox\fP session
 artifact as well.  This will have the form of
 \fBnox\-<os\-name>\-test\-pkgs\-onedir\-<arch>\fP\&. The amd64 Ubuntu 20.04 nox
 artifact may look like \fBnox\-ubuntu\-20.04\-test\-pkgs\-onedir\-x86_64\fP\&.
 .UNINDENT
 .UNINDENT
 .IP 2. 3
 Place the artifacts in the correct location:
 .INDENT 3.0
 .INDENT 3.5
 Unzip the packages and place them in \fB<repo\-root>/pkg/artifacts/\fP\&.
 .sp
 You must unzip and untar the onedir packages and place them in
 \fB<repo\-root>/artifacts/\fP\&. Windows onedir requires an additional unzip
 action. If you set it up correctly, the \fB<repo\-root>/artifacts/salt\fP
 directory then contains the uncompressed onedir files.
 .sp
 Additionally, decompress the \fBnox\fP artifact and place it under
 \fB<repo\-root>/.nox/\fP\&.
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .SS Running the tests
 .sp
 You can run the test suite run if all the artifacts are in the correct location.
 .sp
 \fBNOTE:\fP
 .INDENT 0.0
 .INDENT 3.5
 You need root access to run the test artifacts. Run all nox commands at the
 root of the salt repo and as the root user.
 .UNINDENT
 .UNINDENT
 .INDENT 0.0
 .IP 1. 3
 Install \fBnox\fP:
 .INDENT 3.0
 .INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
 pip install nox
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .IP 2. 3
 Run the install tests:
 .INDENT 3.0
 .INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
 nox \-e test\-pkgs\-onedir \-\- install
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .IP 3. 3
 Run the upgrade or downgrade tests:
 .INDENT 3.0
 .INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
 nox \-e test\-pkgs\-onedir \-\- upgrade \-\-prev\-version <previous\-version>
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 You can run the downgrade tests in the same way, replacing \fBupgrade\fP with
 \fBdowngrade\fP\&.
 .sp
 \fBNOTE:\fP
 .INDENT 0.0
 .INDENT 3.5
 If you are testing upgrades or downgrades and classic packages are
 available for your system, replace \fBupgrade\fP or
 \fBdowngrade\fP with \fBupgrade\-classic\fP or \fBdowngrade\-classic\fP
 respectively to test against those versions.
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .UNINDENT
 .SH COMMAND LINE REFERENCE
 .SS salt\-api
 .SS \fBsalt\-api\fP
@ -88275,19 +88550,6 @@ The Python interface to PAM does not support authenticating as \fBroot\fP\&.
 \fBNOTE:\fP
 .INDENT 0.0
 .INDENT 3.5
 Using PAM groups with SSSD groups on python2.
 .sp
 To use sssd with the PAM eauth module and groups the \fIpysss\fP module is
 needed.  On RedHat/CentOS this is \fIpython\-sss\fP\&.
 .sp
 This should not be needed with python >= 3.3, because the \fIos\fP modules has the
 \fIgetgrouplist\fP function.
 .UNINDENT
 .UNINDENT
 .sp
 \fBNOTE:\fP
 .INDENT 0.0
 .INDENT 3.5
 This module executes itself in a subprocess in order to user the system python
 and pam libraries. We do this to avoid openssl version conflicts when
 running under a salt onedir build.
@ -194128,7 +194390,7 @@ Passes through all the parameters described in the
 \fI\%utils.http.query function\fP:
 .INDENT 7.0
 .TP
-.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.4\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
+.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.5\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
 Query a resource, and decode the return data
 .UNINDENT
 .INDENT 7.0
@ -261773,7 +262035,9 @@ Accepts either :all: to disable all binary packages, :none: to empty the set,
 or one or more package names with commas between them
 .TP
 .B log
-Log file where a complete (maximum verbosity) record will be kept
+Log file where a complete (maximum verbosity) record will be kept.
 If this file doesn\(aqt exist and the parent directory is writeable,
 it will be created.
 .TP
 .B proxy
 Specify a proxy in the form \fBuser:passwd@proxy.server:port\fP\&. Note
@ -320458,7 +320722,7 @@ CLI Example:
 .sp
 .nf
 .ft C
-salt \(aq*\(aq file.chpgrp c:\etemp\etest.txt administrators
+salt \(aq*\(aq file.chgrp c:\etemp\etest.txt administrators
 .ft P
 .fi
 .UNINDENT
@ -337948,8 +338212,8 @@ When encoding a certificate as \fBpkcs12\fP, a name for the certificate can be i
 Instead of returning the certificate, write it to this file path.
 .TP
 .B overwrite
-If \fBpath\fP is specified and the file exists, do not overwrite it.
+If \fBpath\fP is specified and the file exists, overwrite it.
-Defaults to false.
+Defaults to true.
 .TP
 .B raw
 Return the encoded raw bytes instead of a string. Defaults to false.
@ -338406,7 +338670,7 @@ Available: \fBrsa\fP, \fBec\fP, \fBed25519\fP, \fBed448\fP\&. Defaults to \fBrsa
 .B keysize
 For \fBrsa\fP, specifies the bitlength of the private key (2048, 3072, 4096).
 For \fBec\fP, specifies the NIST curve to use (256, 384, 521).
-Irrelevant for Edwards\-curve schemes (\fIed25519\(ga\fP, \fBed448\fP).
+Irrelevant for Edwards\-curve schemes (\fBed25519\fP, \fBed448\fP).
 Defaults to 2048 for RSA and 256 for EC.
 .TP
 .B passphrase
@ -338559,7 +338823,7 @@ Return the encoded raw bytes instead of a string. Defaults to false.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.modules.x509_v2.encode_private_key(private_key, encoding=\(aqpem\(aq, passphrase=None, pkcs12_encryption_compat=False, raw=False)
+.B salt.modules.x509_v2.encode_private_key(private_key, encoding=\(aqpem\(aq, passphrase=None, private_key_passphrase=None, pkcs12_encryption_compat=False, raw=False)
 Create an encoded representation of a private key.
 .sp
 CLI Example:
@ -338575,7 +338839,7 @@ salt \(aq*\(aq x509.encode_private_key /etc/pki/my.key der
 .UNINDENT
 .INDENT 7.0
 .TP
-.B csr
+.B private_key
 The private key to encode.
 .TP
 .B encoding
@ -338583,6 +338847,24 @@ Specify the encoding of the resulting private key. It can be returned
 as a \fBpem\fP string, base64\-encoded \fBder\fP and base64\-encoded \fBpkcs12\fP\&.
 Defaults to \fBpem\fP\&.
 .TP
 .B passphrase
 If this is specified, the private key will be encrypted using this
 passphrase. The encryption algorithm cannot be selected, it will be
 determined automatically as the best available one.
 .TP
 .B private_key_passphrase
 New in version 3006.2.
 .sp
 If the current \fBprivate_key\fP is encrypted, the passphrase to
 decrypt it.
 .TP
 .B pkcs12_encryption_compat
 Some operating systems are incompatible with the encryption defaults
 for PKCS12 used since OpenSSL v3. This switch triggers a fallback to
 \fBPBESv1SHA1And3KeyTripleDESCBC\fP\&.
 Please consider the \fI\%notes on PKCS12 encryption\fP\&.
 .TP
 .B raw
 Return the encoded raw bytes instead of a string. Defaults to false.
 .UNINDENT
@ -354046,7 +354328,7 @@ curl \-sSi localhost:8000/minions \e
 POST /minions HTTP/1.1
 Host: localhost:8000
 Accept: application/x\-yaml
-Content\-Type: application/json
+Content\-Type: application/x\-www\-form\-urlencoded
 tgt=*&fun=status.diskusage
 .ft P
@ -406792,6 +407074,9 @@ specified either using \fBrepo:tag\fP notation, or just the repo name (in
 which case a tag of \fBlatest\fP is assumed).
 .INDENT 7.0
 .TP
 .B name
 The name of the docker image.
 .TP
 .B images
 Run this state on more than one image at a time. The following two
 examples accomplish the same thing:
@ -406831,7 +407116,6 @@ all the deletions in a single run, rather than executing the state
 separately on each image (as it would in the first example).
 .TP
 .B force
 False
 Salt will fail to remove any images currently in use by a container.
 Set this option to true to remove the image even if it is already
 present.
@ -406908,6 +407192,9 @@ myuser/myimage:
 .UNINDENT
 .INDENT 7.0
 .TP
 .B name
 The name of the docker image.
 .TP
 .B tag
 Tag name for the image. Required when using \fBbuild\fP, \fBload\fP, or
 \fBsls\fP to create the image, but optional if pulling from a repository.
@ -406967,10 +407254,13 @@ Changed in version 2018.3.0: The \fBtag\fP must be manually specified using the
 .TP
 .B force
 False
 Set this parameter to \fBTrue\fP to force Salt to pull/build/load the
 image even if it is already present.
 .TP
 .B insecure_registry
 If \fBTrue\fP, the Docker client will permit the use of insecure
 (non\-HTTPS) registries.
 .TP
 .B client_timeout
 Timeout in seconds for the Docker client. This is not a timeout for
 the state, but for receiving a response from the API.
@ -407049,6 +407339,10 @@ Values passed this way will override Pillar values set via
 .sp
 New in version 2018.3.0.
 .TP
 .B kwargs
 Additional keyword arguments to pass to
 \fI\%docker.build\fP
 .UNINDENT
 .UNINDENT
 .SS salt.states.docker_network
@ -455896,7 +456190,7 @@ Create CA private key:
    \- keysize: 4096
    \- backup: true
    \- require:
-      \- file: /etc/pki
+      \- file: /etc/pki/issued_certs
 Create self\-signed CA certificate:
  x509.certificate_managed:
@ -456375,7 +456669,7 @@ Available: \fBrsa\fP, \fBec\fP, \fBed25519\fP, \fBed448\fP\&. Defaults to \fBrsa
 .B keysize
 For \fBrsa\fP, specifies the bitlength of the private key (2048, 3072, 4096).
 For \fBec\fP, specifies the NIST curve to use (256, 384, 521).
-Irrelevant for Edwards\-curve schemes (\fIed25519\(ga\fP, \fBed448\fP).
+Irrelevant for Edwards\-curve schemes (\fBed25519\fP, \fBed448\fP).
 Defaults to 2048 for RSA and 256 for EC.
 .TP
 .B passphrase
@ -457626,7 +457920,7 @@ installed2
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
+.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
 Install buildout in a specific directory
 .sp
 It is a thin wrapper to modules.buildout.buildout
@ -461812,7 +462106,7 @@ to execute those modules instead.
 Each module type has a corresponding loader function.
 .INDENT 0.0
 .TP
-.B salt.loader.minion_mods(opts, context=None, utils=None, whitelist=None, initial_load=False, loaded_base_name=None, notify=False, static_modules=None, proxy=None)
+.B salt.loader.minion_mods(opts, context=None, utils=None, whitelist=None, initial_load=False, loaded_base_name=None, notify=False, static_modules=None, proxy=None, file_client=None)
 Load execution modules
 .sp
 Returns a dictionary of execution modules appropriate for the current
@ -461905,7 +462199,7 @@ testmod[\(aqtest.ping\(aq]()
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.loader.states(opts, functions, utils, serializers, whitelist=None, proxy=None, context=None, loaded_base_name=None)
+.B salt.loader.states(opts, functions, utils, serializers, whitelist=None, proxy=None, context=None, loaded_base_name=None, file_client=None)
 Returns the state modules
 .INDENT 7.0
 .TP
@ -467324,6 +467618,9 @@ If someone isn\(aqt an expert in this area, what will they need to know?
 .sp
 This will also help you out, because when you go to create the PR it
 will automatically insert the body of your commit messages.
 .sp
 See the \fI\%changelog\fP
 docs for more information.
 .SS Pull request time!
 .sp
 Once you\(aqve done all your dev work and tested locally, you should check
@ -469623,13 +469920,9 @@ The following dunder dictionaries are always defined, but may be empty
 .UNINDENT
 .SS __opts__
 .sp
-\&..versionchanged:: 3006.0
+Changed in version 3006.0: The \fB__opts__\fP dictionary can now be accessed via
 .INDENT 0.0
 .INDENT 3.5
 The \fB__opts__\fP dictionary can now be accessed via
 \fBcontext\(ga\fP\&.
-.UNINDENT
+
 .UNINDENT
 .sp
 Defined in: All modules
 .sp
@ -469723,13 +470016,6 @@ When running an execution module \fB__context__\fP persists across all module
 executions until the modules are refreshed; such as when
 \fI\%saltutil.sync_all\fP or
 \fI\%state.apply\fP are executed.
 .sp
 A great place to see how to use \fB__context__\fP is in the cp.py module in
 salt/modules/cp.py. The fileclient authenticates with the master when it is
 instantiated and then is used to copy files to the minion. Rather than create a
 new fileclient for each file that is to be copied down, one instance of the
 fileclient is instantiated in the \fB__context__\fP dictionary and is reused for
 each file. Here is an example from salt/modules/cp.py:
 .INDENT 0.0
 .INDENT 3.5
 .sp
@ -469784,6 +470070,14 @@ Defined in: State
 .SS __sdb__
 .sp
 Defined in: SDB
 .SS __file_client__
 .sp
 Changed in version 3006.5.
 .sp
 The \fB__file_client__\fP dunder was added to states and execution modules. This
 enables the use of a file client without haveing to instantiate one in
 the module.
 .SS Configuration Options
 .sp
 A number of configuration options can affect the load process. This is a quick
@ -477575,6 +477869,137 @@ Bump to \fBurllib3==1.26.17\fP or \fBurllib3==2.0.6\fP due to \fI\%https://githu
 .IP \(bu 2
 Bump to \fBgitpython==3.1.37\fP due to \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65383\fP
 .UNINDENT
 (release\-3006.5)=
 .SS Salt 3006.5 release notes
 .SS Changelog
 .SS Removed
 .INDENT 0.0
 .IP \(bu 2
 Tech Debt \- support for pysss removed due to functionality addition in Python 3.3 \fI\%#65029\fP
 .UNINDENT
 .SS Fixed
 .INDENT 0.0
 .IP \(bu 2
 Improved error message when state arguments are accidentally passed as a string \fI\%#38098\fP
 .IP \(bu 2
 Allow \fBpip.install\fP to create a log file that is passed in if the parent directory is writeable \fI\%#44722\fP
 .IP \(bu 2
 Fixed merging of complex pillar overrides with salt\-ssh states \fI\%#59802\fP
 .IP \(bu 2
 Fixed gpg pillar rendering with salt\-ssh \fI\%#60002\fP
 .IP \(bu 2
 Made salt\-ssh states not re\-render pillars unnecessarily \fI\%#62230\fP
 .IP \(bu 2
 Made Salt maintain options in Debian package repo definitions \fI\%#64130\fP
 .IP \(bu 2
 Migrated all \fI\%invoke\fP tasks to \fI\%python\-tools\-scripts\fP\&.
 .INDENT 2.0
 .IP \(bu 2
 \fBtasks/docs.py\fP \-> \fBtools/precommit/docs.py\fP
 .IP \(bu 2
 \fBtasks/docstrings.py\fP \-> \fBtools/precommit/docstrings.py\fP
 .IP \(bu 2
 \fBtasks/loader.py\fP \-> \fBtools/precommit/loader.py\fP
 .IP \(bu 2
 \fBtasks/filemap.py\fP \-> \fBtools/precommit/filemap.py\fP \fI\%#64374\fP
 .UNINDENT
 .IP \(bu 2
 Fix salt user login shell path in Debian packages \fI\%#64377\fP
 .IP \(bu 2
 Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data \fI\%#64473\fP
 .IP \(bu 2
 Fixed an issue in the \fBfile.directory\fP state where the \fBchildren_only\fP keyword
 argument was not being respected. \fI\%#64497\fP
 .IP \(bu 2
 Move salt.ufw to correct location /etc/ufw/applications.d/ \fI\%#64572\fP
 .IP \(bu 2
 Fixed salt\-ssh stacktrace when retcode is not an integer \fI\%#64575\fP
 .IP \(bu 2
 Fixed SSH shell seldomly fails to report any exit code \fI\%#64588\fP
 .IP \(bu 2
 Fixed some issues in x509_v2 execution module private key functions \fI\%#64597\fP
 .IP \(bu 2
 Fixed grp.getgrall() in utils/user.py causing performance issues \fI\%#64888\fP
 .IP \(bu 2
 Fix user.list_groups omits remote groups via sssd, etc. \fI\%#64953\fP
 .IP \(bu 2
 Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file \fI\%#65027\fP
 .IP \(bu 2
 Moved gitfs locks to salt working dir to avoid lock wipes \fI\%#65086\fP
 .IP \(bu 2
 Only attempt to create a keys directory when \fB\-\-gen\-keys\fP is passed to the \fBsalt\-key\fP CLI \fI\%#65093\fP
 .IP \(bu 2
 Fix nonce verification, request server replies do not stomp on eachother. \fI\%#65114\fP
 .IP \(bu 2
 speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. \fI\%#65152\fP
 .IP \(bu 2
 Fix pkg.latest failing on windows for winrepo packages where the package is already up to date \fI\%#65165\fP
 .IP \(bu 2
 Ensure \fBkwarg\fP is preserved when checking for kwargs.  This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. \fI\%#65179\fP
 .IP \(bu 2
 Fixes traceback when state id is an int in a reactor SLS file. \fI\%#65210\fP
 .IP \(bu 2
 Install logrotate config as /etc/logrotate.d/salt\-common for Debian packages
 Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. \fI\%#65231\fP
 .IP \(bu 2
 Use \fBsha256\fP as the default \fBhash_type\fP\&. It has been the default since Salt v2016.9 \fI\%#65287\fP
 .IP \(bu 2
 Preserve ownership on log rotation \fI\%#65288\fP
 .IP \(bu 2
 Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. \fI\%#65302\fP
 .IP \(bu 2
 Uprade relenv to 0.14.2
 .INDENT 2.0
 .IP \(bu 2
 Update openssl to address CVE\-2023\-5363.
 .IP \(bu 2
 Fix bug in openssl setup when openssl binary can\(aqt be found.
 .IP \(bu 2
 Add M1 mac support. \fI\%#65316\fP
 .UNINDENT
 .IP \(bu 2
 Fix regex for filespec adding/deleting fcontext policy in selinux \fI\%#65340\fP
 .IP \(bu 2
 Ensure CLI options take priority over Saltfile options \fI\%#65358\fP
 .IP \(bu 2
 Test mode for state function \fBsaltmod.wheel\fP no longer set\(aqs \fBresult\fP to \fB(None,)\fP \fI\%#65372\fP
 .IP \(bu 2
 Client only process events which tag conforms to an event return. \fI\%#65400\fP
 .IP \(bu 2
 Fixes an issue setting user or machine policy on Windows when the Group Policy
 directory is missing \fI\%#65411\fP
 .IP \(bu 2
 Fix regression in file module which was not re\-using a file client. \fI\%#65450\fP
 .IP \(bu 2
 pip.installed state will now properly fail when a specified user does not exists \fI\%#65458\fP
 .IP \(bu 2
 Publish channel connect callback method properly closes it\(aqs request channel. \fI\%#65464\fP
 .IP \(bu 2
 Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed \fI\%#65483\fP
 .IP \(bu 2
 Fix file.comment ignore_missing not working with multiline char \fI\%#65501\fP
 .IP \(bu 2
 Warn when an un\-closed transport client is being garbage collected. \fI\%#65554\fP
 .IP \(bu 2
 Only generate the HMAC\(aqs for \fBlibssl.so.1.1\fP and \fBlibcrypto.so.1.1\fP if those files exist. \fI\%#65581\fP
 .IP \(bu 2
 Fixed an issue where Salt Cloud would fail if it could not delete lingering
 PAexec binaries \fI\%#65584\fP
 .UNINDENT
 .SS Added
 .INDENT 0.0
 .IP \(bu 2
 Added Salt support for Debian 12 \fI\%#64223\fP
 .IP \(bu 2
 Added Salt support for Amazon Linux 2023 \fI\%#64455\fP
 .UNINDENT
 .SS Security
 .INDENT 0.0
 .IP \(bu 2
 Bump to \fBcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHSA\-v8gr\-m533\-ghj9\fP \fI\%#65268\fP
 .IP \(bu 2
 Bump to \fBcryptography==41.0.7\fP due to \fI\%https://github.com/advisories/GHSA\-jfhm\-5ghh\-2f97\fP \fI\%#65643\fP
 .UNINDENT
 .sp
 See \fI\%Install a release candidate\fP
 for more information about installing an RC when one is available.
@ -478536,6 +478961,34 @@ Bump to \fIcertifi==2023.07.22\fP due to \fI\%https://github.com/advisories/GHSA
 .sp
 Python 3.5 cannot get the updated requirements since certifi no longer supports this python version (#64720)
 .UNINDENT
 .SS Salt 3005.3 Release Notes
 .sp
 Version 3005.3 is a Bug fix release for \fI\%3005\fP\&.
 .SS Changed
 .INDENT 0.0
 .IP \(bu 2
 Fix __env__ and improve cache cleaning see more info at pull #65017. (#65002)
 .UNINDENT
 .SS Security
 .INDENT 0.0
 .IP \(bu 2
 Update to \fIgitpython>=3.1.35\fP due to \fI\%https://github.com/advisories/GHSA\-wfm5\-v35h\-vwf4\fP and \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP (#65167)
 .UNINDENT
 .SS Salt 3005.4 Release Notes
 .sp
 Version 3005.4 is a CVE security fix release for \fI\%3005\fP\&.
 .SS Security
 .INDENT 0.0
 .IP \(bu 2
 Fix CVE\-2023\-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
 This only impacts salt\-ssh users using the pre\-flight option. (cve\-2023\-34049)
 .IP \(bu 2
 Bump to \fIcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHSA\-v8gr\-m533\-ghj9\fP (#65267)
 .IP \(bu 2
 Bump to \fIurllib3==1.26.17\fP or \fIurllib3==2.0.6\fP due to \fI\%https://github.com/advisories/GHSA\-v845\-jxx5\-vc9f\fP (#65334)
 .IP \(bu 2
 Bump to \fIgitpython==3.1.37\fP due to \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP (#65383)
 .UNINDENT
 .SS Salt 3004 Release Notes \- Codename Silicon
 .SS New Features
 .SS Transactional System Support (MicroOS)
--- a/doc/man/spm.1
+++ b/doc/man/spm.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SPM" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
+.TH "SPM" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .sp
--- a/doc/topics/packaging/testing.rst
+++ b/doc/topics/packaging/testing.rst
@ -27,7 +27,7 @@ In order to run the package tests, the `relenv
 built packages need to be placed in the correct locations.
 * Place all salt packages for the applicable testing version in
-  ``<repo-root>/pkg/artifacts/``.
+  ``<repo-root>/artifacts/pkg/``.
 * The onedir must be located under ``<repo-root>/artifacts/``.
 * Additionally, to ensure complete parity with Salt's CI/CD suite, place the
  ``nox`` virtual environment in ``<repo-root>/.nox/test-pkgs-onedir``.
@ -109,7 +109,7 @@ can be performed for artifacts from nightly builds.
 #. Place the artifacts in the correct location:
-    Unzip the packages and place them in ``<repo-root>/pkg/artifacts/``.
+    Unzip the packages and place them in ``<repo-root>/artifacts/pkg/``.
    You must unzip and untar the onedir packages and place them in
    ``<repo-root>/artifacts/``. Windows onedir requires an additional unzip
--- a/doc/topics/releases/3006.5.md
+++ b/doc/topics/releases/3006.5.md
@ -0,0 +1,93 @@
 (release-3006.5)=
 # Salt 3006.5 release notes
 <!---
 Do not edit this file. This is auto generated.
 Edit the templates in doc/topics/releases/templates/
 for a given release.
 -->
 <!--
 Add release specific details below
 -->
 <!--
 Do not edit the changelog below.
 This is auto generated.
 -->
 ## Changelog
 ### Removed
 - Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029)
 ### Fixed
 - Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098)
 - Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722)
 - Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802)
 - Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002)
 - Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230)
 - Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130)
 - Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts).
  * `tasks/docs.py` -> `tools/precommit/docs.py`
  * `tasks/docstrings.py` -> `tools/precommit/docstrings.py`
  * `tasks/loader.py` -> `tools/precommit/loader.py`
  * `tasks/filemap.py` -> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374)
 - Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
 - Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473)
 - Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword
  argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497)
 - Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572)
 - Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575)
 - Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588)
 - Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597)
 - Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888)
 - Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953)
 - Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027)
 - Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086)
 - Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093)
 - Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114)
 - speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152)
 - Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165)
 - Ensure __kwarg__ is preserved when checking for kwargs.  This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179)
 - Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210)
 - Install logrotate config as /etc/logrotate.d/salt-common for Debian packages
  Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231)
 - Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287)
 - Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288)
 - Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302)
 - Uprade relenv to 0.14.2
   - Update openssl to address CVE-2023-5363.
   - Fix bug in openssl setup when openssl binary can't be found.
   - Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316)
 - Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340)
 - Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358)
 - Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372)
 - Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400)
 - Fixes an issue setting user or machine policy on Windows when the Group Policy
  directory is missing [#65411](https://github.com/saltstack/salt/issues/65411)
 - Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450)
 - pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458)
 - Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464)
 - Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483)
 - Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501)
 - Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554)
 - Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581)
 - Fixed an issue where Salt Cloud would fail if it could not delete lingering
  PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584)
 ### Added
 - Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223)
 - Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455)
 ### Security
 - Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
 - Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643)
--- a/doc/topics/releases/templates/3006.5.md.template
+++ b/doc/topics/releases/templates/3006.5.md.template
@ -0,0 +1,14 @@
 (release-3006.5)=
 # Salt 3006.5 release notes{{ unreleased }}
 {{ warning }}
 <!--
 Add release specific details below
 -->
 <!--
 Do not edit the changelog below.
 This is auto generated.
 -->
 ## Changelog
 {{ changelog }}
--- a/noxfile.py
+++ b/noxfile.py
@ -461,7 +461,7 @@ def _report_coverage(
        xml_coverage_file = COVERAGE_OUTPUT_DIR.relative_to(REPO_ROOT) / "salt.xml"
        html_coverage_dir = COVERAGE_OUTPUT_DIR.relative_to(REPO_ROOT) / "html" / "salt"
        cmd_args = [
-            "--omit=tests/*,pkg/tests/*",
+            "--omit=tests/*,tests/pytests/pkg/*",
            "--include=salt/*",
        ]
@ -473,7 +473,7 @@ def _report_coverage(
        )
        cmd_args = [
            "--omit=salt/*",
-            "--include=tests/*,pkg/tests/*",
+            "--include=tests/*,tests/pytests/pkg/*",
        ]
    else:
        json_coverage_file = (
@ -482,7 +482,7 @@ def _report_coverage(
        xml_coverage_file = COVERAGE_OUTPUT_DIR.relative_to(REPO_ROOT) / "coverage.xml"
        html_coverage_dir = COVERAGE_OUTPUT_DIR.relative_to(REPO_ROOT) / "html" / "full"
        cmd_args = [
-            "--include=salt/*,tests/*,pkg/tests/*",
+            "--include=salt/*,tests/*,tests/pytests/pkg/*",
        ]
    if cli_report:
@ -1063,6 +1063,9 @@ def _ci_test(session, transport, onedir=False):
    if onedir:
        env["ONEDIR_TESTRUN"] = "1"
    chunks = {
        "pkg": [
            "tests/pytests/pkg",
        ],
        "unit": [
            "tests/unit",
            "tests/pytests/unit",
@ -1070,7 +1073,9 @@ def _ci_test(session, transport, onedir=False):
        "functional": [
            "tests/pytests/functional",
        ],
-        "scenarios": ["tests/pytests/scenarios"],
+        "scenarios": [
            "tests/pytests/scenarios",
        ],
    }
    test_group_number = os.environ.get("TEST_GROUP") or "1"
@ -1857,31 +1862,41 @@ def ci_test_onedir_pkgs(session):
            )
        )
    common_pytest_args = [
        "--color=yes",
        "--sys-stats",
        "--run-destructive",
        f"--output-columns={os.environ.get('OUTPUT_COLUMNS') or 120}",
        "--pkg-system-service",
    ]
    chunks = {
-        "install": ["pkg/tests/"],
+        "install": [
            "tests/pytests/pkg/",
        ],
        "upgrade": [
            "--upgrade",
            "--no-uninstall",
-            "pkg/tests/upgrade/",
+            "tests/pytests/pkg/upgrade/",
        ],
        "upgrade-classic": [
            "--upgrade",
            "--no-uninstall",
-            "pkg/tests/upgrade/",
+            "tests/pytests/pkg/upgrade/",
        ],
        "downgrade": [
            "--downgrade",
            "--no-uninstall",
-            "pkg/tests/downgrade/",
+            "tests/pytests/pkg/downgrade/",
        ],
        "downgrade-classic": [
            "--downgrade",
            "--no-uninstall",
-            "pkg/tests/downgrade/",
+            "tests/pytests/pkg/downgrade/",
        ],
        "download-pkgs": [
            "--download-pkgs",
-            "pkg/tests/download/",
+            "tests/pytests/pkg/download/",
        ],
    }
@ -1909,10 +1924,9 @@ def ci_test_onedir_pkgs(session):
        cmd_args.append("--classic")
    pytest_args = (
-        cmd_args[:]
+        common_pytest_args[:]
        + cmd_args[:]
        + [
            "-c",
            str(REPO_ROOT / "pkg-tests-pytest.ini"),
            f"--junitxml=artifacts/xml-unittests-output/test-results-{chunk}.xml",
            f"--log-file=artifacts/logs/runtests-{chunk}.log",
        ]
@ -1921,6 +1935,9 @@ def ci_test_onedir_pkgs(session):
    try:
        _pytest(session, coverage=False, cmd_args=pytest_args, env=env)
    except CommandFailed:
        if os.environ.get("RERUN_FAILURES", "0") == "0":
            # Don't rerun on failures
            return
        # Don't print the system information, not the test selection on reruns
        global PRINT_TEST_SELECTION
@ -1929,10 +1946,9 @@ def ci_test_onedir_pkgs(session):
        PRINT_SYSTEM_INFO = False
        pytest_args = (
-            cmd_args[:]
+            common_pytest_args[:]
            + cmd_args[:]
            + [
                "-c",
                str(REPO_ROOT / "pkg-tests-pytest.ini"),
                f"--junitxml=artifacts/xml-unittests-output/test-results-{chunk}-rerun.xml",
                f"--log-file=artifacts/logs/runtests-{chunk}-rerun.log",
                "--lf",
@ -1950,10 +1966,9 @@ def ci_test_onedir_pkgs(session):
    if chunk not in ("install", "download-pkgs"):
        cmd_args = chunks["install"]
        pytest_args = (
-            cmd_args[:]
+            common_pytest_args[:]
            + cmd_args[:]
            + [
                "-c",
                str(REPO_ROOT / "pkg-tests-pytest.ini"),
                "--no-install",
                f"--junitxml=artifacts/xml-unittests-output/test-results-install.xml",
                f"--log-file=artifacts/logs/runtests-install.log",
@ -1969,10 +1984,9 @@ def ci_test_onedir_pkgs(session):
        except CommandFailed:
            cmd_args = chunks["install"]
            pytest_args = (
-                cmd_args[:]
+                common_pytest_args[:]
                + cmd_args[:]
                + [
                    "-c",
                    str(REPO_ROOT / "pkg-tests-pytest.ini"),
                    "--no-install",
                    f"--junitxml=artifacts/xml-unittests-output/test-results-install-rerun.xml",
                    f"--log-file=artifacts/logs/runtests-install-rerun.log",
--- a/pkg-tests-pytest.ini
+++ b/pkg-tests-pytest.ini
@ -1,10 +0,0 @@
 [pytest]
 log_date_format=%H:%M:%S
 log_cli_format=%(asctime)s,%(msecs)03.0f [%(name)-5s:%(lineno)-4d][%(levelname)-8s][%(processName)s(%(process)s)] %(message)s
 log_file_format=%(asctime)s,%(msecs)03d [%(name)-17s:%(lineno)-4d][%(levelname)-8s][%(processName)s(%(process)d)] %(message)s
 norecursedirs=templates tests/
 testpaths=pkg/tests
 python_files=test_*.py
 python_classes=Test*
 python_functions = test_*
 junit_family=xunit2
--- a/pkg/debian/changelog
+++ b/pkg/debian/changelog
@ -1,3 +1,80 @@
 salt (3006.5) stable; urgency=medium
  # Removed
  * Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029)
  # Fixed
  * Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098)
  * Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722)
  * Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802)
  * Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002)
  * Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230)
  * Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130)
  * Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts).
    * `tasks/docs.py` *> `tools/precommit/docs.py`
    * `tasks/docstrings.py` *> `tools/precommit/docstrings.py`
    * `tasks/loader.py` *> `tools/precommit/loader.py`
    * `tasks/filemap.py` *> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374)
  * Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
  * Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473)
  * Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword
    argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497)
  * Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572)
  * Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575)
  * Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588)
  * Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597)
  * Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888)
  * Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953)
  * Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027)
  * Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086)
  * Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093)
  * Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114)
  * speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152)
  * Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165)
  * Ensure __kwarg__ is preserved when checking for kwargs.  This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179)
  * Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210)
  * Install logrotate config as /etc/logrotate.d/salt-common for Debian packages
    Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231)
  * Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287)
  * Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288)
  * Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302)
  * Uprade relenv to 0.14.2
     * Update openssl to address CVE-2023-5363.
     * Fix bug in openssl setup when openssl binary can't be found.
     * Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316)
  * Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340)
  * Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358)
  * Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372)
  * Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400)
  * Fixes an issue setting user or machine policy on Windows when the Group Policy
    directory is missing [#65411](https://github.com/saltstack/salt/issues/65411)
  * Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450)
  * pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458)
  * Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464)
  * Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483)
  * Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501)
  * Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554)
  * Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581)
  * Fixed an issue where Salt Cloud would fail if it could not delete lingering
    PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584)
  # Added
  * Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223)
  * Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455)
  # Security
  * Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
  * Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643)
 -- Salt Project Packaging <saltproject-packaging@vmware.com>  Tue, 12 Dec 2023 17:52:33 +0000
 salt (3006.4) stable; urgency=medium
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@ -31,7 +31,7 @@
 %define fish_dir %{_datadir}/fish/vendor_functions.d
 Name:    salt
-Version: 3006.4
+Version: 3006.5
 Release: 0
 Summary: A parallel remote execution system
 Group:   System Environment/Daemons
@ -583,6 +583,80 @@ fi
 %changelog
 * Tue Dec 12 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.5
 # Removed
 - Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029)
 # Fixed
 - Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098)
 - Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722)
 - Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802)
 - Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002)
 - Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230)
 - Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130)
 - Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts).
  * `tasks/docs.py` -> `tools/precommit/docs.py`
  * `tasks/docstrings.py` -> `tools/precommit/docstrings.py`
  * `tasks/loader.py` -> `tools/precommit/loader.py`
  * `tasks/filemap.py` -> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374)
 - Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
 - Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473)
 - Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword
  argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497)
 - Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572)
 - Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575)
 - Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588)
 - Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597)
 - Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888)
 - Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953)
 - Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027)
 - Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086)
 - Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093)
 - Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114)
 - speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152)
 - Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165)
 - Ensure __kwarg__ is preserved when checking for kwargs.  This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179)
 - Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210)
 - Install logrotate config as /etc/logrotate.d/salt-common for Debian packages
  Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231)
 - Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287)
 - Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288)
 - Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302)
 - Uprade relenv to 0.14.2
   - Update openssl to address CVE-2023-5363.
   - Fix bug in openssl setup when openssl binary can't be found.
   - Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316)
 - Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340)
 - Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358)
 - Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372)
 - Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400)
 - Fixes an issue setting user or machine policy on Windows when the Group Policy
  directory is missing [#65411](https://github.com/saltstack/salt/issues/65411)
 - Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450)
 - pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458)
 - Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464)
 - Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483)
 - Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501)
 - Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554)
 - Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581)
 - Fixed an issue where Salt Cloud would fail if it could not delete lingering
  PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584)
 # Added
 - Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223)
 - Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455)
 # Security
 - Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
 - Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643)
 * Mon Oct 16 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.4
 # Security
--- a/pkg/tests/files/check_imports.sls
+++ b/pkg/tests/files/check_imports.sls
@ -1,53 +0,0 @@
 #!py
 import importlib
 def run():
    config = {}
    for test_import in [
        'templates', 'platform', 'cli', 'executors', 'config', 'wheel', 'netapi',
        'cache', 'proxy', 'transport', 'metaproxy', 'modules', 'tokens', 'matchers',
        'acl', 'auth', 'log', 'engines', 'client', 'returners', 'runners', 'tops',
        'output', 'daemons', 'thorium', 'renderers', 'states', 'cloud', 'roster',
        'beacons', 'pillar', 'spm', 'utils', 'sdb', 'fileserver', 'defaults',
        'ext', 'queues', 'grains', 'serializers'
    ]:
        try:
            import_name = "salt.{}".format(test_import)
            importlib.import_module(import_name)
            config['test_imports_succeeded'] = {
                'test.succeed_without_changes': [
                    {
                        'name': import_name
                    },
                ],
            }
        except ModuleNotFoundError as err:
            config['test_imports_failed'] = {
                'test.fail_without_changes': [
                    {
                        'name': import_name,
                        'comment': "The imports test failed. The error was: {}".format(err)
                    },
                ],
            }
    for stdlib_import in ["telnetlib"]:
        try:
            importlib.import_module(stdlib_import)
            config['stdlib_imports_succeeded'] = {
                'test.succeed_without_changes': [
                    {
                        'name': stdlib_import
                    },
                ],
            }
        except ModuleNotFoundError as err:
            config['stdlib_imports_failed'] = {
                'test.fail_without_changes': [
                    {
                        'name': stdlib_import,
                        'comment': "The stdlib imports test failed. The error was: {}".format(err)
                    },
                ],
            }
    return config
--- a/pkg/tests/files/check_python.py
+++ b/pkg/tests/files/check_python.py
@ -1,13 +0,0 @@
 import sys
 import salt.utils.data
 user_arg = sys.argv
 if user_arg[1] == "raise":
    raise Exception("test")
 if salt.utils.data.is_true(user_arg[1]):
    sys.exit(0)
 else:
    sys.exit(1)
--- a/pkg/tests/integration/test_check_imports.py
+++ b/pkg/tests/integration/test_check_imports.py
@ -1,22 +0,0 @@
 import logging
 import pytest
 from saltfactories.utils.functional import MultiStateResult
 pytestmark = [
    pytest.mark.skip_on_windows,
 ]
 log = logging.getLogger(__name__)
 def test_check_imports(salt_cli, salt_minion):
    """
    Test imports
    """
    ret = salt_cli.run("state.sls", "check_imports", minion_tgt=salt_minion.id)
    assert ret.returncode == 0
    assert ret.data
    result = MultiStateResult(raw=ret.data)
    for state_ret in result:
        assert state_ret.result is True
--- a/pkg/tests/integration/test_python.py
+++ b/pkg/tests/integration/test_python.py
@ -1,37 +0,0 @@
 import subprocess
 import pytest
 from tests.support.helpers import TESTS_DIR
@pytest.fixture
 def python_script_bin(install_salt):
    # Tiamat builds run scripts via `salt python`
    if not install_salt.relenv and not install_salt.classic:
        return install_salt.binary_paths["python"][:1] + ["python"]
    return install_salt.binary_paths["python"]
@pytest.mark.parametrize("exp_ret,user_arg", [(1, "false"), (0, "true")])
 def test_python_script(install_salt, exp_ret, user_arg, python_script_bin):
    ret = install_salt.proc.run(
        *(python_script_bin + [str(TESTS_DIR / "files" / "check_python.py"), user_arg]),
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
        check=False,
        universal_newlines=True,
    )
    assert ret.returncode == exp_ret, ret.stderr
 def test_python_script_exception(install_salt, python_script_bin):
    ret = install_salt.proc.run(
        *(python_script_bin + [str(TESTS_DIR / "files" / "check_python.py"), "raise"]),
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
        check=False,
        universal_newlines=True,
    )
    assert "Exception: test" in ret.stderr
--- a/pkg/tests/integration/test_salt_pillar.py
+++ b/pkg/tests/integration/test_salt_pillar.py
@ -1,13 +0,0 @@
 import pytest
 pytestmark = [
    pytest.mark.skip_on_windows,
 ]
 def test_salt_pillar(salt_cli, salt_minion):
    """
    Test pillar.items
    """
    ret = salt_cli.run("pillar.items", minion_tgt=salt_minion.id)
    assert "info" in ret.data
--- a/pkg/tests/integration/test_salt_state_file.py
+++ b/pkg/tests/integration/test_salt_state_file.py
@ -1,24 +0,0 @@
 import sys
 import pytest
 pytestmark = [
    pytest.mark.skip_on_windows,
 ]
 def test_salt_state_file(salt_cli, salt_minion):
    """
    Test state file
    """
    if sys.platform.startswith("win"):
        ret = salt_cli.run("state.apply", "win_states", minion_tgt=salt_minion.id)
    else:
        ret = salt_cli.run("state.apply", "states", minion_tgt=salt_minion.id)
    assert ret.data, ret
    if ret.stdout and "Minion did not return" in ret.stdout:
        pytest.skip("Skipping test, state took too long to apply")
    sls_ret = ret.data[next(iter(ret.data))]
    assert "changes" in sls_ret
    assert "name" in sls_ret
--- a/pkg/tests/support/coverage/sitecustomize.py
+++ b/pkg/tests/support/coverage/sitecustomize.py
@ -1,11 +0,0 @@
 """
 Python will always try to import sitecustomize.
 We use that fact to try and support code coverage for sub-processes
 """
 try:
    import coverage
    coverage.process_startup()
 except ImportError:
    pass
--- a/pkg/tests/support/paths.py
+++ b/pkg/tests/support/paths.py
@ -1,102 +0,0 @@
 """
    :codeauthor: Pedro Algarvio (pedro@algarvio.me)
    :copyright: Copyright 2017 by the SaltStack Team, see AUTHORS for more details.
    :license: Apache 2.0, see LICENSE for more details.
    tests.support.paths
    ~~~~~~~~~~~~~~~~~~~
    Tests related paths
 """
 import logging
 import os
 import re
 import sys
 import tempfile
 log = logging.getLogger(__name__)
 SALT_CODE_DIR = os.path.join(
    os.path.dirname(
        os.path.dirname(
            os.path.dirname(
                os.path.dirname(os.path.normpath(os.path.abspath(__file__)))
            )
        )
    ),
    "salt",
 )
 TESTS_DIR = os.path.join(os.path.dirname(SALT_CODE_DIR), "tests")
 if TESTS_DIR.startswith("//"):
    # Have we been given an initial double forward slash? Ditch it!
    TESTS_DIR = TESTS_DIR[1:]
 if sys.platform.startswith("win"):
    TESTS_DIR = os.path.normcase(TESTS_DIR)
 CODE_DIR = os.path.dirname(TESTS_DIR)
 if sys.platform.startswith("win"):
    CODE_DIR = CODE_DIR.replace("\\", "\\\\")
 UNIT_TEST_DIR = os.path.join(TESTS_DIR, "unit")
 INTEGRATION_TEST_DIR = os.path.join(TESTS_DIR, "integration")
 # Let's inject CODE_DIR so salt is importable if not there already
 if TESTS_DIR in sys.path:
    sys.path.remove(TESTS_DIR)
 if CODE_DIR in sys.path and sys.path[0] != CODE_DIR:
    sys.path.remove(CODE_DIR)
 if CODE_DIR not in sys.path:
    sys.path.insert(0, CODE_DIR)
 if TESTS_DIR not in sys.path:
    sys.path.insert(1, TESTS_DIR)
 SYS_TMP_DIR = os.path.abspath(
    os.path.realpath(
        # Avoid ${TMPDIR} and gettempdir() on MacOS as they yield a base path too long
        # for unix sockets: ``error: AF_UNIX path too long``
        # Gentoo Portage prefers ebuild tests are rooted in ${TMPDIR}
        os.environ.get("TMPDIR", tempfile.gettempdir())
        if not sys.platform.startswith("darwin")
        else "/tmp"
    )
 )
 TMP = os.path.join(SYS_TMP_DIR, "salt-tests-tmpdir")
 TMP_ROOT_DIR = os.path.join(TMP, "rootdir")
 FILES = os.path.join(INTEGRATION_TEST_DIR, "files")
 BASE_FILES = os.path.join(INTEGRATION_TEST_DIR, "files", "file", "base")
 PROD_FILES = os.path.join(INTEGRATION_TEST_DIR, "files", "file", "prod")
 PYEXEC = "python{}.{}".format(*sys.version_info)
 MOCKBIN = os.path.join(INTEGRATION_TEST_DIR, "mockbin")
 SCRIPT_DIR = os.path.join(CODE_DIR, "scripts")
 TMP_STATE_TREE = os.path.join(SYS_TMP_DIR, "salt-temp-state-tree")
 TMP_PILLAR_TREE = os.path.join(SYS_TMP_DIR, "salt-temp-pillar-tree")
 TMP_PRODENV_STATE_TREE = os.path.join(SYS_TMP_DIR, "salt-temp-prodenv-state-tree")
 TMP_PRODENV_PILLAR_TREE = os.path.join(SYS_TMP_DIR, "salt-temp-prodenv-pillar-tree")
 TMP_CONF_DIR = TMP_MINION_CONF_DIR = os.path.join(TMP, "config")
 TMP_SUB_MINION_CONF_DIR = os.path.join(TMP_CONF_DIR, "sub-minion")
 TMP_SYNDIC_MINION_CONF_DIR = os.path.join(TMP_CONF_DIR, "syndic-minion")
 TMP_SYNDIC_MASTER_CONF_DIR = os.path.join(TMP_CONF_DIR, "syndic-master")
 TMP_SSH_CONF_DIR = TMP_MINION_CONF_DIR
 CONF_DIR = os.path.join(INTEGRATION_TEST_DIR, "files", "conf")
 PILLAR_DIR = os.path.join(FILES, "pillar")
 TMP_SCRIPT_DIR = os.path.join(TMP, "scripts")
 ENGINES_DIR = os.path.join(FILES, "engines")
 LOG_HANDLERS_DIR = os.path.join(FILES, "log_handlers")
 def list_test_mods():
    """
    A generator which returns all of the test files
    """
    test_re = re.compile(r"^test_.+\.py$")
    for dirname in (UNIT_TEST_DIR, INTEGRATION_TEST_DIR):
        test_type = os.path.basename(dirname)
        for root, _, files in os.walk(dirname):
            parent_mod = root[len(dirname) :].lstrip(os.sep).replace(os.sep, ".")
            for filename in files:
                if test_re.match(filename):
                    mod_name = test_type
                    if parent_mod:
                        mod_name += "." + parent_mod
                    mod_name += "." + filename[:-3]
                    yield mod_name
--- a/pkg/tests/support/runtests.py
+++ b/pkg/tests/support/runtests.py
@ -1,209 +0,0 @@
 """
    :codeauthor: Pedro Algarvio (pedro@algarvio.me)
    .. _runtime_vars:
    Runtime Variables
    -----------------
    :command:`salt-runtests` provides a variable, :py:attr:`RUNTIME_VARS` which has some common paths defined at
    startup:
    .. autoattribute:: tests.support.runtests.RUNTIME_VARS
        :annotation:
        :TMP: Tests suite temporary directory
        :TMP_CONF_DIR: Configuration directory from where the daemons that :command:`salt-runtests` starts get their
                       configuration files.
        :TMP_CONF_MASTER_INCLUDES: Salt Master configuration files includes directory. See
                                   :salt_conf_master:`default_include`.
        :TMP_CONF_MINION_INCLUDES: Salt Minion configuration files includes directory. Seei
                                   :salt_conf_minion:`include`.
        :TMP_CONF_CLOUD_INCLUDES: Salt cloud configuration files includes directory. The same as the salt master and
                                  minion includes configuration, though under a different directory name.
        :TMP_CONF_CLOUD_PROFILE_INCLUDES: Salt cloud profiles configuration files includes directory. Same as above.
        :TMP_CONF_CLOUD_PROVIDER_INCLUDES: Salt cloud providers configuration files includes directory. Same as above.
        :TMP_SCRIPT_DIR: Temporary scripts directory from where the Salt CLI tools will be called when running tests.
        :TMP_SALT_INTEGRATION_FILES: Temporary directory from where Salt's test suite integration files are copied to.
        :TMP_BASEENV_STATE_TREE: Salt master's **base** environment state tree directory
        :TMP_PRODENV_STATE_TREE: Salt master's **production** environment state tree directory
        :TMP_BASEENV_PILLAR_TREE: Salt master's **base** environment pillar tree directory
        :TMP_PRODENV_PILLAR_TREE: Salt master's **production** environment pillar tree directory
    Use it on your test case in case of need. As simple as:
    .. code-block:: python
        import os
        from tests.support.runtests import RUNTIME_VARS
        # Path to the testing minion configuration file
        minion_config_path = os.path.join(RUNTIME_VARS.TMP_CONF_DIR, 'minion')
    .. _`pytest`: http://pytest.org
    """
 import logging
 import os
 import shutil
 import salt.utils.path
 import salt.utils.platform
 import tests.support.paths as paths
 try:
    import pwd
 except ImportError:
    import salt.utils.win_functions
 log = logging.getLogger(__name__)
 def this_user():
    """
    Get the user associated with the current process.
    """
    if salt.utils.platform.is_windows():
        return salt.utils.win_functions.get_current_user(with_domain=False)
    return pwd.getpwuid(os.getuid())[0]
 class RootsDict(dict):
    def merge(self, data):
        for key, values in data.items():
            if key not in self:
                self[key] = values
                continue
            for value in values:
                if value not in self[key]:
                    self[key].append(value)
        return self
    def to_dict(self):
        return dict(self)
 def recursive_copytree(source, destination, overwrite=False):
    for root, dirs, files in os.walk(source):
        for item in dirs:
            src_path = os.path.join(root, item)
            dst_path = os.path.join(
                destination, src_path.replace(source, "").lstrip(os.sep)
            )
            if not os.path.exists(dst_path):
                log.debug("Creating directory: %s", dst_path)
                os.makedirs(dst_path)
        for item in files:
            src_path = os.path.join(root, item)
            dst_path = os.path.join(
                destination, src_path.replace(source, "").lstrip(os.sep)
            )
            if os.path.exists(dst_path) and not overwrite:
                if os.stat(src_path).st_mtime > os.stat(dst_path).st_mtime:
                    log.debug("Copying %s to %s", src_path, dst_path)
                    shutil.copy2(src_path, dst_path)
            else:
                if not os.path.isdir(os.path.dirname(dst_path)):
                    log.debug("Creating directory: %s", os.path.dirname(dst_path))
                    os.makedirs(os.path.dirname(dst_path))
                log.debug("Copying %s to %s", src_path, dst_path)
                shutil.copy2(src_path, dst_path)
 class RuntimeVars:
    __self_attributes__ = ("_vars", "_locked", "lock")
    def __init__(self, **kwargs):
        self._vars = kwargs
        self._locked = False
    def lock(self):
        # Late import
        from salt.utils.immutabletypes import freeze
        frozen_vars = freeze(self._vars.copy())
        self._vars = frozen_vars
        self._locked = True
    def __iter__(self):
        yield from self._vars.items()
    def __getattribute__(self, name):
        if name in object.__getattribute__(self, "_vars"):
            return object.__getattribute__(self, "_vars")[name]
        return object.__getattribute__(self, name)
    def __setattr__(self, name, value):
        if getattr(self, "_locked", False) is True:
            raise RuntimeError(
                "After {} is locked, no additional data can be added to it".format(
                    self.__class__.__name__
                )
            )
        if name in object.__getattribute__(self, "__self_attributes__"):
            object.__setattr__(self, name, value)
            return
        self._vars[name] = value
 # <---- Helper Methods -----------------------------------------------------------------------------------------------
 # ----- Global Variables -------------------------------------------------------------------------------------------->
 XML_OUTPUT_DIR = os.environ.get(
    "SALT_XML_TEST_REPORTS_DIR", os.path.join(paths.TMP, "xml-test-reports")
 )
 # <---- Global Variables ---------------------------------------------------------------------------------------------
 # ----- Tests Runtime Variables ------------------------------------------------------------------------------------->
 RUNTIME_VARS = RuntimeVars(
    TMP=paths.TMP,
    SYS_TMP_DIR=paths.SYS_TMP_DIR,
    FILES=paths.FILES,
    CONF_DIR=paths.CONF_DIR,
    PILLAR_DIR=paths.PILLAR_DIR,
    ENGINES_DIR=paths.ENGINES_DIR,
    LOG_HANDLERS_DIR=paths.LOG_HANDLERS_DIR,
    TMP_ROOT_DIR=paths.TMP_ROOT_DIR,
    TMP_CONF_DIR=paths.TMP_CONF_DIR,
    TMP_MINION_CONF_DIR=paths.TMP_MINION_CONF_DIR,
    TMP_CONF_MASTER_INCLUDES=os.path.join(paths.TMP_CONF_DIR, "master.d"),
    TMP_CONF_MINION_INCLUDES=os.path.join(paths.TMP_CONF_DIR, "minion.d"),
    TMP_CONF_PROXY_INCLUDES=os.path.join(paths.TMP_CONF_DIR, "proxy.d"),
    TMP_CONF_CLOUD_INCLUDES=os.path.join(paths.TMP_CONF_DIR, "cloud.conf.d"),
    TMP_CONF_CLOUD_PROFILE_INCLUDES=os.path.join(
        paths.TMP_CONF_DIR, "cloud.profiles.d"
    ),
    TMP_CONF_CLOUD_PROVIDER_INCLUDES=os.path.join(
        paths.TMP_CONF_DIR, "cloud.providers.d"
    ),
    TMP_SUB_MINION_CONF_DIR=paths.TMP_SUB_MINION_CONF_DIR,
    TMP_SYNDIC_MASTER_CONF_DIR=paths.TMP_SYNDIC_MASTER_CONF_DIR,
    TMP_SYNDIC_MINION_CONF_DIR=paths.TMP_SYNDIC_MINION_CONF_DIR,
    TMP_SSH_CONF_DIR=paths.TMP_SSH_CONF_DIR,
    TMP_SCRIPT_DIR=paths.TMP_SCRIPT_DIR,
    TMP_STATE_TREE=paths.TMP_STATE_TREE,
    TMP_BASEENV_STATE_TREE=paths.TMP_STATE_TREE,
    TMP_PILLAR_TREE=paths.TMP_PILLAR_TREE,
    TMP_BASEENV_PILLAR_TREE=paths.TMP_PILLAR_TREE,
    TMP_PRODENV_STATE_TREE=paths.TMP_PRODENV_STATE_TREE,
    TMP_PRODENV_PILLAR_TREE=paths.TMP_PRODENV_PILLAR_TREE,
    SHELL_TRUE_PATH=salt.utils.path.which("true")
    if not salt.utils.platform.is_windows()
    else "cmd /c exit 0 > nul",
    SHELL_FALSE_PATH=salt.utils.path.which("false")
    if not salt.utils.platform.is_windows()
    else "cmd /c exit 1 > nul",
    RUNNING_TESTS_USER=this_user(),
    RUNTIME_CONFIGS={},
    CODE_DIR=paths.CODE_DIR,
    SALT_CODE_DIR=paths.SALT_CODE_DIR,
    BASE_FILES=paths.BASE_FILES,
    PROD_FILES=paths.PROD_FILES,
    TESTS_DIR=paths.TESTS_DIR,
 )
 # <---- Tests Runtime Variables --------------------------------------------------------------------------------------
--- a/pkg/tests/support/sminion.py
+++ b/pkg/tests/support/sminion.py
@ -1,256 +0,0 @@
 """
 tests.support.sminion
 ~~~~~~~~~~~~~~~~~~~~~
 SMinion's support functions
 """
 import fnmatch
 import hashlib
 import logging
 import os
 import shutil
 import sys
 import salt.minion
 import salt.utils.path
 import salt.utils.stringutils
 from tests.support.runtests import RUNTIME_VARS
 log = logging.getLogger(__name__)
 DEFAULT_SMINION_ID = "pytest-internal-sminion"
 def build_minion_opts(
    minion_id=None,
    root_dir=None,
    initial_conf_file=None,
    minion_opts_overrides=None,
    skip_cached_opts=False,
    cache_opts=True,
    minion_role=None,
 ):
    if minion_id is None:
        minion_id = DEFAULT_SMINION_ID
    if skip_cached_opts is False:
        try:
            opts_cache = build_minion_opts.__cached_opts__
        except AttributeError:
            opts_cache = build_minion_opts.__cached_opts__ = {}
        cached_opts = opts_cache.get(minion_id)
        if cached_opts:
            return cached_opts
    log.info("Generating testing minion %r configuration...", minion_id)
    if root_dir is None:
        hashed_minion_id = hashlib.sha1()
        hashed_minion_id.update(salt.utils.stringutils.to_bytes(minion_id))
        root_dir = os.path.join(
            RUNTIME_VARS.TMP_ROOT_DIR, hashed_minion_id.hexdigest()[:6]
        )
    if initial_conf_file is not None:
        minion_opts = salt.config._read_conf_file(
            initial_conf_file
        )  # pylint: disable=protected-access
    else:
        minion_opts = {}
    conf_dir = os.path.join(root_dir, "conf")
    conf_file = os.path.join(conf_dir, "minion")
    minion_opts["id"] = minion_id
    minion_opts["conf_file"] = conf_file
    minion_opts["root_dir"] = root_dir
    minion_opts["cachedir"] = "cache"
    minion_opts["user"] = RUNTIME_VARS.RUNNING_TESTS_USER
    minion_opts["pki_dir"] = "pki"
    minion_opts["hosts.file"] = os.path.join(RUNTIME_VARS.TMP_ROOT_DIR, "hosts")
    minion_opts["aliases.file"] = os.path.join(RUNTIME_VARS.TMP_ROOT_DIR, "aliases")
    minion_opts["file_client"] = "local"
    minion_opts["server_id_use_crc"] = "adler32"
    minion_opts["pillar_roots"] = {"base": [RUNTIME_VARS.TMP_PILLAR_TREE]}
    minion_opts["file_roots"] = {
        "base": [
            # Let's support runtime created files that can be used like:
            #   salt://my-temp-file.txt
            RUNTIME_VARS.TMP_STATE_TREE
        ],
        # Alternate root to test __env__ choices
        "prod": [
            os.path.join(RUNTIME_VARS.FILES, "file", "prod"),
            RUNTIME_VARS.TMP_PRODENV_STATE_TREE,
        ],
    }
    if initial_conf_file and initial_conf_file.startswith(RUNTIME_VARS.FILES):
        # We assume we were passed a minion configuration file defined fo testing and, as such
        # we define the file and pillar roots to include the testing states/pillar trees
        minion_opts["pillar_roots"]["base"].append(
            os.path.join(RUNTIME_VARS.FILES, "pillar", "base"),
        )
        minion_opts["file_roots"]["base"].append(
            os.path.join(RUNTIME_VARS.FILES, "file", "base"),
        )
        minion_opts["file_roots"]["prod"].append(
            os.path.join(RUNTIME_VARS.FILES, "file", "prod"),
        )
    # We need to copy the extension modules into the new master root_dir or
    # it will be prefixed by it
    extension_modules_path = os.path.join(root_dir, "extension_modules")
    if not os.path.exists(extension_modules_path):
        shutil.copytree(
            os.path.join(RUNTIME_VARS.FILES, "extension_modules"),
            extension_modules_path,
        )
    minion_opts["extension_modules"] = extension_modules_path
    # Custom grains
    if "grains" not in minion_opts:
        minion_opts["grains"] = {}
    if minion_role is not None:
        minion_opts["grains"]["role"] = minion_role
    # Under windows we can't seem to properly create a virtualenv off of another
    # virtualenv, we can on linux but we will still point to the virtualenv binary
    # outside the virtualenv running the test suite, if that's the case.
    try:
        real_prefix = sys.real_prefix
        # The above attribute exists, this is a virtualenv
        if salt.utils.platform.is_windows():
            virtualenv_binary = os.path.join(real_prefix, "Scripts", "virtualenv.exe")
        else:
            # We need to remove the virtualenv from PATH or we'll get the virtualenv binary
            # from within the virtualenv, we don't want that
            path = os.environ.get("PATH")
            if path is not None:
                path_items = path.split(os.pathsep)
                for item in path_items[:]:
                    if item.startswith(sys.base_prefix):
                        path_items.remove(item)
                os.environ["PATH"] = os.pathsep.join(path_items)
            virtualenv_binary = salt.utils.path.which("virtualenv")
            if path is not None:
                # Restore previous environ PATH
                os.environ["PATH"] = path
            if not virtualenv_binary.startswith(real_prefix):
                virtualenv_binary = None
        if virtualenv_binary and not os.path.exists(virtualenv_binary):
            # It doesn't exist?!
            virtualenv_binary = None
    except AttributeError:
        # We're not running inside a virtualenv
        virtualenv_binary = None
    if virtualenv_binary:
        minion_opts["venv_bin"] = virtualenv_binary
    # Override minion_opts with minion_opts_overrides
    if minion_opts_overrides:
        minion_opts.update(minion_opts_overrides)
    if not os.path.exists(conf_dir):
        os.makedirs(conf_dir)
    with salt.utils.files.fopen(conf_file, "w") as fp_:
        salt.utils.yaml.safe_dump(minion_opts, fp_, default_flow_style=False)
    log.info("Generating testing minion %r configuration completed.", minion_id)
    minion_opts = salt.config.minion_config(
        conf_file, minion_id=minion_id, cache_minion_id=True
    )
    salt.utils.verify.verify_env(
        [
            os.path.join(minion_opts["pki_dir"], "accepted"),
            os.path.join(minion_opts["pki_dir"], "rejected"),
            os.path.join(minion_opts["pki_dir"], "pending"),
            os.path.dirname(minion_opts["log_file"]),
            minion_opts["extension_modules"],
            minion_opts["cachedir"],
            minion_opts["sock_dir"],
            RUNTIME_VARS.TMP_STATE_TREE,
            RUNTIME_VARS.TMP_PILLAR_TREE,
            RUNTIME_VARS.TMP_PRODENV_STATE_TREE,
            RUNTIME_VARS.TMP,
        ],
        RUNTIME_VARS.RUNNING_TESTS_USER,
        root_dir=root_dir,
    )
    if cache_opts:
        try:
            opts_cache = build_minion_opts.__cached_opts__
        except AttributeError:
            opts_cache = build_minion_opts.__cached_opts__ = {}
        opts_cache[minion_id] = minion_opts
    return minion_opts
 def create_sminion(
    minion_id=None,
    root_dir=None,
    initial_conf_file=None,
    sminion_cls=salt.minion.SMinion,
    minion_opts_overrides=None,
    skip_cached_minion=False,
    cache_sminion=True,
 ):
    if minion_id is None:
        minion_id = DEFAULT_SMINION_ID
    if skip_cached_minion is False:
        try:
            minions_cache = create_sminion.__cached_minions__
        except AttributeError:
            create_sminion.__cached_minions__ = {}
        cached_minion = create_sminion.__cached_minions__.get(minion_id)
        if cached_minion:
            return cached_minion
    minion_opts = build_minion_opts(
        minion_id=minion_id,
        root_dir=root_dir,
        initial_conf_file=initial_conf_file,
        minion_opts_overrides=minion_opts_overrides,
        skip_cached_opts=skip_cached_minion,
        cache_opts=cache_sminion,
    )
    log.info("Instantiating a testing %s(%s)", sminion_cls.__name__, minion_id)
    sminion = sminion_cls(minion_opts)
    if cache_sminion:
        try:
            minions_cache = create_sminion.__cached_minions__
        except AttributeError:
            minions_cache = create_sminion.__cached_minions__ = {}
        minions_cache[minion_id] = sminion
    return sminion
 def check_required_sminion_attributes(sminion_attr, required_items):
    """
    :param sminion_attr: The name of the sminion attribute to check, such as 'functions' or 'states'
    :param required_items: The items that must be part of the designated sminion attribute for the decorated test
    :return The packages that are not available
    """
    required_salt_items = set(required_items)
    sminion = create_sminion(minion_id=DEFAULT_SMINION_ID)
    available_items = list(getattr(sminion, sminion_attr))
    not_available_items = set()
    name = "__not_available_{items}s__".format(items=sminion_attr)
    if not hasattr(sminion, name):
        setattr(sminion, name, set())
    cached_not_available_items = getattr(sminion, name)
    for not_available_item in cached_not_available_items:
        if not_available_item in required_salt_items:
            not_available_items.add(not_available_item)
            required_salt_items.remove(not_available_item)
    for required_item_name in required_salt_items:
        search_name = required_item_name
        if "." not in search_name:
            search_name += ".*"
        if not fnmatch.filter(available_items, search_name):
            not_available_items.add(required_item_name)
            cached_not_available_items.add(required_item_name)
    return not_available_items
--- a/pkg/tests/upgrade/init.py
+++ b/pkg/tests/upgrade/init.py
--- a/requirements/static/ci/py3.10/tools.txt
+++ b/requirements/static/ci/py3.10/tools.txt
@ -50,7 +50,7 @@ s3transfer==0.6.1
    # via boto3
 six==1.16.0
    # via python-dateutil
-typing-extensions==4.8.0
+typing-extensions==4.2.0
    # via python-tools-scripts
 urllib3==1.26.18
    # via
--- a/requirements/static/ci/py3.9/tools.txt
+++ b/requirements/static/ci/py3.9/tools.txt
@ -50,7 +50,7 @@ s3transfer==0.6.1
    # via boto3
 six==1.16.0
    # via python-dateutil
-typing-extensions==4.8.0
+typing-extensions==4.2.0
    # via python-tools-scripts
 urllib3==1.26.18
    # via
--- a/salt/client/ssh/client.py
+++ b/salt/client/ssh/client.py
@ -39,6 +39,10 @@ class SSHClient:
        # Salt API should never offer a custom roster!
        self.opts["__disable_custom_roster"] = disable_custom_roster
        # Pillar compilation and nested SSH calls require the correct config_dir
        # in __opts__, otherwise we will use the SSH minion's one later.
        if "config_dir" not in self.opts:
            self.opts["config_dir"] = os.path.dirname(c_path)
    def sanitize_kwargs(self, kwargs):
        roster_vals = [
--- a/salt/grains/core.py
+++ b/salt/grains/core.py
@ -478,7 +478,7 @@ def _bsd_cpudata(osdata):
    return grains
-def _sunos_cpudata():
+def _sunos_cpudata():  # pragma: no cover
    """
    Return the CPU information for Solaris-like systems
    """
@ -510,7 +510,7 @@ def _sunos_cpudata():
    return grains
-def _aix_cpudata():
+def _aix_cpudata():  # pragma: no cover
    """
    Return CPU information for AIX systems
    """
@ -613,7 +613,7 @@ def _bsd_memdata(osdata):
    return grains
-def _sunos_memdata():
+def _sunos_memdata():  # pragma: no cover
    """
    Return the memory information for SunOS-like systems
    """
@ -637,7 +637,7 @@ def _sunos_memdata():
    return grains
-def _aix_memdata():
+def _aix_memdata():  # pragma: no cover
    """
    Return the memory information for AIX systems
    """
@ -691,16 +691,16 @@ def _memdata(osdata):
        grains.update(_bsd_memdata(osdata))
    elif osdata["kernel"] == "Darwin":
        grains.update(_osx_memdata())
-    elif osdata["kernel"] == "SunOS":
+    elif osdata["kernel"] == "SunOS":  # pragma: no cover
-        grains.update(_sunos_memdata())
+        grains.update(_sunos_memdata())  # pragma: no cover
-    elif osdata["kernel"] == "AIX":
+    elif osdata["kernel"] == "AIX":  # pragma: no cover
-        grains.update(_aix_memdata())
+        grains.update(_aix_memdata())  # pragma: no cover
    elif osdata["kernel"] == "Windows" and HAS_WMI:
        grains.update(_windows_memdata())
    return grains
-def _aix_get_machine_id():
+def _aix_get_machine_id():  # pragma: no cover
    """
    Parse the output of lsattr -El sys0 for os_uuid
    """
@ -2473,7 +2473,7 @@ def _smartos_os_data():
    return grains
-def _sunos_release():
+def _sunos_release():  # pragma: no cover
    grains = {}
    with salt.utils.files.fopen("/etc/release", "r") as fp_:
        rel_data = fp_.read()
--- a/salt/modules/mac_keychain.py
+++ b/salt/modules/mac_keychain.py
@ -122,14 +122,14 @@ def list_certs(keychain="/Library/Keychains/System.keychain"):
        salt '*' keychain.list_certs
    """
    cmd = (
-        'security find-certificate -a {} | grep -o "alis".*\\" | '
+        'security find-certificate -a {} | grep -o "alis.*" | '
        "grep -o '\\\"[-A-Za-z0-9.:() ]*\\\"'".format(shlex.quote(keychain))
    )
    out = __salt__["cmd.run"](cmd, python_shell=True)
    return out.replace('"', "").split("\n")
-def get_friendly_name(cert, password):
+def get_friendly_name(cert, password, legacy=False):
    """
    Get the friendly name of the given certificate
@ -143,15 +143,26 @@ def get_friendly_name(cert, password):
        Note: The password given here will show up as plaintext in the returned job
        info.
    legacy
        Assume legacy format for certificate.
    CLI Example:
    .. code-block:: bash
        salt '*' keychain.get_friendly_name /tmp/test.p12 test123
        salt '*' keychain.get_friendly_name /tmp/test.p12 test123 legacy=True
    """
    openssl_cmd = "openssl pkcs12"
    if legacy:
        openssl_cmd = f"{openssl_cmd} -legacy"
    cmd = (
-        "openssl pkcs12 -in {} -passin pass:{} -info -nodes -nokeys 2> /dev/null | "
+        "{} -in {} -passin pass:{} -info -nodes -nokeys 2> /dev/null | "
-        "grep friendlyName:".format(shlex.quote(cert), shlex.quote(password))
+        "grep friendlyName:".format(
            openssl_cmd, shlex.quote(cert), shlex.quote(password)
        )
    )
    out = __salt__["cmd.run"](cmd, python_shell=True)
    return out.replace("friendlyName: ", "").strip()
--- a/salt/modules/mac_power.py
+++ b/salt/modules/mac_power.py
@ -68,7 +68,7 @@ def _validate_sleep(minutes):
            )
            raise SaltInvocationError(msg)
    else:
-        msg = "Unknown Variable Type Passed for Minutes.\nPassed: {}".format(minutes)
+        msg = f"Unknown Variable Type Passed for Minutes.\nPassed: {minutes}"
        raise SaltInvocationError(msg)
@ -115,7 +115,7 @@ def set_sleep(minutes):
        salt '*' power.set_sleep never
    """
    value = _validate_sleep(minutes)
-    cmd = "systemsetup -setsleep {}".format(value)
+    cmd = f"systemsetup -setsleep {value}"
    salt.utils.mac_utils.execute_return_success(cmd)
    state = []
@ -165,7 +165,7 @@ def set_computer_sleep(minutes):
        salt '*' power.set_computer_sleep off
    """
    value = _validate_sleep(minutes)
-    cmd = "systemsetup -setcomputersleep {}".format(value)
+    cmd = f"systemsetup -setcomputersleep {value}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(
@ -210,7 +210,7 @@ def set_display_sleep(minutes):
        salt '*' power.set_display_sleep off
    """
    value = _validate_sleep(minutes)
-    cmd = "systemsetup -setdisplaysleep {}".format(value)
+    cmd = f"systemsetup -setdisplaysleep {value}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(
@ -255,7 +255,7 @@ def set_harddisk_sleep(minutes):
        salt '*' power.set_harddisk_sleep off
    """
    value = _validate_sleep(minutes)
-    cmd = "systemsetup -setharddisksleep {}".format(value)
+    cmd = f"systemsetup -setharddisksleep {value}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(
@ -303,12 +303,13 @@ def set_wake_on_modem(enabled):
        salt '*' power.set_wake_on_modem True
    """
    state = salt.utils.mac_utils.validate_enabled(enabled)
-    cmd = "systemsetup -setwakeonmodem {}".format(state)
+    cmd = f"systemsetup -setwakeonmodem {state}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(
        state,
        get_wake_on_modem,
        True,
    )
@ -353,12 +354,13 @@ def set_wake_on_network(enabled):
        salt '*' power.set_wake_on_network True
    """
    state = salt.utils.mac_utils.validate_enabled(enabled)
-    cmd = "systemsetup -setwakeonnetworkaccess {}".format(state)
+    cmd = f"systemsetup -setwakeonnetworkaccess {state}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(
        state,
        get_wake_on_network,
        True,
    )
@ -403,12 +405,13 @@ def set_restart_power_failure(enabled):
        salt '*' power.set_restart_power_failure True
    """
    state = salt.utils.mac_utils.validate_enabled(enabled)
-    cmd = "systemsetup -setrestartpowerfailure {}".format(state)
+    cmd = f"systemsetup -setrestartpowerfailure {state}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(
        state,
        get_restart_power_failure,
        True,
    )
@ -453,7 +456,7 @@ def set_restart_freeze(enabled):
        salt '*' power.set_restart_freeze True
    """
    state = salt.utils.mac_utils.validate_enabled(enabled)
-    cmd = "systemsetup -setrestartfreeze {}".format(state)
+    cmd = f"systemsetup -setrestartfreeze {state}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(state, get_restart_freeze, True)
@ -502,10 +505,11 @@ def set_sleep_on_power_button(enabled):
        salt '*' power.set_sleep_on_power_button True
    """
    state = salt.utils.mac_utils.validate_enabled(enabled)
-    cmd = "systemsetup -setallowpowerbuttontosleepcomputer {}".format(state)
+    cmd = f"systemsetup -setallowpowerbuttontosleepcomputer {state}"
    salt.utils.mac_utils.execute_return_success(cmd)
    return salt.utils.mac_utils.confirm_updated(
        state,
        get_sleep_on_power_button,
        True,
    )
--- a/salt/modules/openscap.py
+++ b/salt/modules/openscap.py
@ -3,26 +3,15 @@ Module for OpenSCAP Management
 """
-
+import argparse
 import os.path
 import shlex
 import shutil
 import subprocess
 import tempfile
 from subprocess import PIPE, Popen
 import salt.utils.versions
 ArgumentParser = object
 try:
    import argparse  # pylint: disable=minimum-python-version
    ArgumentParser = argparse.ArgumentParser
    HAS_ARGPARSE = True
 except ImportError:  # python 2.6
    HAS_ARGPARSE = False
 _XCCDF_MAP = {
    "eval": {
        "parser_arguments": [(("--profile",), {"required": True})],
@ -35,11 +24,7 @@ _XCCDF_MAP = {
 }
-def __virtual__():
+class _ArgumentParser(argparse.ArgumentParser):
    return HAS_ARGPARSE, "argparse module is required."
 class _ArgumentParser(ArgumentParser):
    def __init__(self, action=None, *args, **kwargs):
        super().__init__(*args, prog="oscap", **kwargs)
        self.add_argument("action", choices=["eval"])
@ -47,7 +32,7 @@ class _ArgumentParser(ArgumentParser):
        for params, kwparams in _XCCDF_MAP["eval"]["parser_arguments"]:
            self.add_argument(*params, **kwparams)
-    def error(self, message, *args, **kwargs):
+    def error(self, message, *args, **kwargs):  # pylint: disable=arguments-differ
        raise Exception(message)
@ -168,7 +153,9 @@ def xccdf_eval(
    if success:
        tempdir = tempfile.mkdtemp()
-        proc = Popen(cmd_opts, stdout=PIPE, stderr=PIPE, cwd=tempdir)
+        proc = subprocess.Popen(
            cmd_opts, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=tempdir
        )
        (stdoutdata, error) = proc.communicate()
        success = _OSCAP_EXIT_CODES_MAP.get(proc.returncode, False)
        if proc.returncode < 0:
@ -225,12 +212,18 @@ def xccdf(params):
    if success:
        cmd = _XCCDF_MAP[action]["cmd_pattern"].format(args.profile, policy)
        tempdir = tempfile.mkdtemp()
-        proc = Popen(shlex.split(cmd), stdout=PIPE, stderr=PIPE, cwd=tempdir)
+        proc = subprocess.Popen(
            shlex.split(cmd),
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            cwd=tempdir,
        )
        (stdoutdata, error) = proc.communicate()
        success = _OSCAP_EXIT_CODES_MAP.get(proc.returncode, False)
        if proc.returncode < 0:
            error += f"\nKilled by signal {proc.returncode}\n".encode("ascii")
        returncode = proc.returncode
        success = _OSCAP_EXIT_CODES_MAP.get(returncode, False)
        if success:
            if not __salt__["cp.push_dir"](tempdir):
                success = False
--- a/salt/modules/ps.py
+++ b/salt/modules/ps.py
@ -648,34 +648,8 @@ def get_users():
        salt '*' ps.get_users
    """
-    try:
+    recs = psutil.users()
-        recs = psutil.users()
+    return [dict(x._asdict()) for x in recs]
        return [dict(x._asdict()) for x in recs]
    except AttributeError:
        # get_users is only present in psutil > v0.5.0
        # try utmp
        try:
            import utmp  # pylint: disable=import-error
            result = []
            while True:
                rec = utmp.utmpaccess.getutent()
                if rec is None:
                    return result
                elif rec[0] == 7:
                    started = rec[8]
                    if isinstance(started, tuple):
                        started = started[0]
                    result.append(
                        {
                            "name": rec[4],
                            "terminal": rec[2],
                            "started": started,
                            "host": rec[5],
                        }
                    )
        except ImportError:
            return False
 def lsof(name):
--- a/tests/integration/modules/test_mac_assistive.py
+++ b/tests/integration/modules/test_mac_assistive.py
@ -1,89 +0,0 @@
 """
    :codeauthor: Nicole Thomas <nicole@saltstack.com>
 """
 import pytest
 from tests.support.case import ModuleCase
 OSA_SCRIPT = "/usr/bin/osascript"
@pytest.mark.destructive_test
@pytest.mark.skip_if_not_root
@pytest.mark.skip_initial_gh_actions_failure
@pytest.mark.skip_unless_on_darwin
 class MacAssistiveTest(ModuleCase):
    """
    Integration tests for the mac_assistive module.
    """
    def setUp(self):
        """
        Sets up test requirements
        """
        # Let's install a bundle to use in tests
        self.run_function("assistive.install", [OSA_SCRIPT, True])
    def tearDown(self):
        """
        Clean up after tests
        """
        # Delete any bundles that were installed
        osa_script = self.run_function("assistive.installed", [OSA_SCRIPT])
        if osa_script:
            self.run_function("assistive.remove", [OSA_SCRIPT])
        smile_bundle = "com.smileonmymac.textexpander"
        smile_bundle_present = self.run_function("assistive.installed", [smile_bundle])
        if smile_bundle_present:
            self.run_function("assistive.remove", [smile_bundle])
    @pytest.mark.slow_test
    def test_install_and_remove(self):
        """
        Tests installing and removing a bundled ID or command to use assistive access.
        """
        new_bundle = "com.smileonmymac.textexpander"
        self.assertTrue(self.run_function("assistive.install", [new_bundle]))
        self.assertTrue(self.run_function("assistive.remove", [new_bundle]))
    @pytest.mark.slow_test
    def test_installed(self):
        """
        Tests the True and False return of assistive.installed.
        """
        # OSA script should have been installed in setUp function
        self.assertTrue(self.run_function("assistive.installed", [OSA_SCRIPT]))
        # Clean up install
        self.run_function("assistive.remove", [OSA_SCRIPT])
        # Installed should now return False
        self.assertFalse(self.run_function("assistive.installed", [OSA_SCRIPT]))
    @pytest.mark.slow_test
    def test_enable(self):
        """
        Tests setting the enabled status of a bundled ID or command.
        """
        # OSA script should have been installed and enabled in setUp function
        # Now let's disable it, which should return True.
        self.assertTrue(self.run_function("assistive.enable", [OSA_SCRIPT, False]))
        # Double check the script was disabled, as intended.
        self.assertFalse(self.run_function("assistive.enabled", [OSA_SCRIPT]))
        # Now re-enable
        self.assertTrue(self.run_function("assistive.enable", [OSA_SCRIPT]))
        # Double check the script was enabled, as intended.
        self.assertTrue(self.run_function("assistive.enabled", [OSA_SCRIPT]))
    @pytest.mark.slow_test
    def test_enabled(self):
        """
        Tests if a bundled ID or command is listed in assistive access returns True.
        """
        # OSA script should have been installed in setUp function, which sets
        # enabled to True by default.
        self.assertTrue(self.run_function("assistive.enabled", [OSA_SCRIPT]))
        # Disable OSA Script
        self.run_function("assistive.enable", [OSA_SCRIPT, False])
        # Assert against new disabled status
        self.assertFalse(self.run_function("assistive.enabled", [OSA_SCRIPT]))
--- a/tests/integration/modules/test_mac_brew_pkg.py
+++ b/tests/integration/modules/test_mac_brew_pkg.py
@ -1,188 +0,0 @@
 """
    :codeauthor: Nicole Thomas <nicole@saltstack.com>
 """
 import pytest
 from salt.exceptions import CommandExecutionError
 from tests.support.case import ModuleCase
 # Brew doesn't support local package installation - So, let's
 # Grab some small packages available online for brew
 ADD_PKG = "algol68g"
 DEL_PKG = "acme"
@pytest.mark.skip_if_not_root
@pytest.mark.destructive_test
@pytest.mark.skip_if_binaries_missing("brew")
@pytest.mark.skip_unless_on_darwin
 class BrewModuleTest(ModuleCase):
    """
    Integration tests for the brew module
    """
    @pytest.mark.slow_test
    def test_brew_install(self):
        """
        Tests the installation of packages
        """
        try:
            self.run_function("pkg.install", [ADD_PKG])
            pkg_list = self.run_function("pkg.list_pkgs")
            try:
                self.assertIn(ADD_PKG, pkg_list)
            except AssertionError:
                self.run_function("pkg.remove", [ADD_PKG])
                raise
        except CommandExecutionError:
            self.run_function("pkg.remove", [ADD_PKG])
            raise
    @pytest.mark.slow_test
    def test_remove(self):
        """
        Tests the removal of packages
        """
        try:
            # Install a package to delete - If unsuccessful, skip the test
            self.run_function("pkg.install", [DEL_PKG])
            pkg_list = self.run_function("pkg.list_pkgs")
            if DEL_PKG not in pkg_list:
                self.run_function("pkg.install", [DEL_PKG])
                self.skipTest("Failed to install a package to delete")
            # Now remove the installed package
            self.run_function("pkg.remove", [DEL_PKG])
            del_list = self.run_function("pkg.list_pkgs")
            self.assertNotIn(DEL_PKG, del_list)
        except CommandExecutionError:
            self.run_function("pkg.remove", [DEL_PKG])
            raise
    @pytest.mark.slow_test
    def test_version(self):
        """
        Test pkg.version for mac. Installs a package and then checks we can get
        a version for the installed package.
        """
        try:
            self.run_function("pkg.install", [ADD_PKG])
            pkg_list = self.run_function("pkg.list_pkgs")
            version = self.run_function("pkg.version", [ADD_PKG])
            try:
                self.assertTrue(
                    version,
                    msg="version: {} is empty, or other issue is present".format(
                        version
                    ),
                )
                self.assertIn(
                    ADD_PKG,
                    pkg_list,
                    msg="package: {} is not in the list of installed packages: {}".format(
                        ADD_PKG, pkg_list
                    ),
                )
                # make sure the version is accurate and is listed in the pkg_list
                self.assertIn(
                    version,
                    str(pkg_list[ADD_PKG]),
                    msg="The {} version: {} is not listed in the pkg_list: {}".format(
                        ADD_PKG, version, pkg_list[ADD_PKG]
                    ),
                )
            except AssertionError:
                self.run_function("pkg.remove", [ADD_PKG])
                raise
        except CommandExecutionError:
            self.run_function("pkg.remove", [ADD_PKG])
            raise
    @pytest.mark.slow_test
    def test_latest_version(self):
        """
        Test pkg.latest_version:
          - get the latest version available
          - install the package
          - get the latest version available
          - check that the latest version is empty after installing it
        """
        try:
            self.run_function("pkg.remove", [ADD_PKG])
            uninstalled_latest = self.run_function("pkg.latest_version", [ADD_PKG])
            self.run_function("pkg.install", [ADD_PKG])
            installed_latest = self.run_function("pkg.latest_version", [ADD_PKG])
            version = self.run_function("pkg.version", [ADD_PKG])
            try:
                self.assertTrue(isinstance(uninstalled_latest, str))
                self.assertEqual(installed_latest, version)
            except AssertionError:
                self.run_function("pkg.remove", [ADD_PKG])
                raise
        except CommandExecutionError:
            self.run_function("pkg.remove", [ADD_PKG])
            raise
    @pytest.mark.slow_test
    def test_refresh_db(self):
        """
        Integration test to ensure pkg.refresh_db works with brew
        """
        refresh_brew = self.run_function("pkg.refresh_db")
        self.assertTrue(refresh_brew)
    @pytest.mark.slow_test
    def test_list_upgrades(self):
        """
        Test pkg.list_upgrades: data is in the form {'name1': 'version1',
        'name2': 'version2', ... }
        """
        try:
            upgrades = self.run_function("pkg.list_upgrades")
            try:
                self.assertTrue(isinstance(upgrades, dict))
                if upgrades:
                    for name in upgrades:
                        self.assertTrue(isinstance(name, str))
                        self.assertTrue(isinstance(upgrades[name], str))
            except AssertionError:
                self.run_function("pkg.remove", [ADD_PKG])
                raise
        except CommandExecutionError:
            self.run_function("pkg.remove", [ADD_PKG])
            raise
    @pytest.mark.slow_test
    def test_info_installed(self):
        """
        Test pkg.info_installed: info returned has certain fields used by
        mac_brew.latest_version
        """
        try:
            self.run_function("pkg.install", [ADD_PKG])
            info = self.run_function("pkg.info_installed", [ADD_PKG])
            try:
                self.assertTrue(ADD_PKG in info)
                self.assertTrue("versions" in info[ADD_PKG])
                self.assertTrue("revision" in info[ADD_PKG])
                self.assertTrue("stable" in info[ADD_PKG]["versions"])
            except AssertionError:
                self.run_function("pkg.remove", [ADD_PKG])
                raise
        except CommandExecutionError:
            self.run_function("pkg.remove", [ADD_PKG])
            raise
    def tearDown(self):
        """
        Clean up after tests
        """
        pkg_list = self.run_function("pkg.list_pkgs")
        # Remove any installed packages
        if ADD_PKG in pkg_list:
            self.run_function("pkg.remove", [ADD_PKG])
        if DEL_PKG in pkg_list:
            self.run_function("pkg.remove", [DEL_PKG])
--- a/tests/integration/modules/test_mac_desktop.py
+++ b/tests/integration/modules/test_mac_desktop.py
@ -1,58 +0,0 @@
 """
 Integration tests for the mac_desktop execution module.
 """
 import pytest
 from tests.support.case import ModuleCase
@pytest.mark.destructive_test
@pytest.mark.skip_if_not_root
@pytest.mark.skip_unless_on_darwin
 class MacDesktopTestCase(ModuleCase):
    """
    Integration tests for the mac_desktop module.
    """
    def test_get_output_volume(self):
        """
        Tests the return of get_output_volume.
        """
        ret = self.run_function("desktop.get_output_volume")
        self.assertIsNotNone(ret)
    @pytest.mark.slow_test
    def test_set_output_volume(self):
        """
        Tests the return of set_output_volume.
        """
        current_vol = self.run_function("desktop.get_output_volume")
        to_set = 10
        if current_vol == str(to_set):
            to_set += 2
        new_vol = self.run_function("desktop.set_output_volume", [str(to_set)])
        check_vol = self.run_function("desktop.get_output_volume")
        self.assertEqual(new_vol, check_vol)
        # Set volume back to what it was before
        self.run_function("desktop.set_output_volume", [current_vol])
    def test_screensaver(self):
        """
        Tests the return of the screensaver function.
        """
        self.assertTrue(self.run_function("desktop.screensaver"))
    def test_lock(self):
        """
        Tests the return of the lock function.
        """
        self.assertTrue(self.run_function("desktop.lock"))
    @pytest.mark.slow_test
    def test_say(self):
        """
        Tests the return of the say function.
        """
        self.assertTrue(self.run_function("desktop.say", ["hello", "world"]))
--- a/tests/integration/modules/test_mac_group.py
+++ b/tests/integration/modules/test_mac_group.py
@ -1,177 +0,0 @@
 """
    :codeauthor: Nicole Thomas <nicole@saltstack.com>
 """
 import pytest
 from saltfactories.utils import random_string
 from salt.exceptions import CommandExecutionError
 from tests.support.case import ModuleCase
 # Create group name strings for tests
 ADD_GROUP = random_string("RS-", lowercase=False)
 DEL_GROUP = random_string("RS-", lowercase=False)
 CHANGE_GROUP = random_string("RS-", lowercase=False)
 ADD_USER = random_string("RS-", lowercase=False)
 REP_USER_GROUP = random_string("RS-", lowercase=False)
@pytest.mark.skip_if_not_root
@pytest.mark.destructive_test
@pytest.mark.skip_unless_on_darwin
 class MacGroupModuleTest(ModuleCase):
    """
    Integration tests for the mac_group module
    """
    def setUp(self):
        """
        Sets up test requirements
        """
        os_grain = self.run_function("grains.item", ["kernel"])
        if os_grain["kernel"] not in "Darwin":
            self.skipTest("Test not applicable to '{kernel}' kernel".format(**os_grain))
    @pytest.mark.slow_test
    def test_mac_group_add(self):
        """
        Tests the add group function
        """
        try:
            self.run_function("group.add", [ADD_GROUP, 3456])
            group_info = self.run_function("group.info", [ADD_GROUP])
            self.assertEqual(group_info["name"], ADD_GROUP)
        except CommandExecutionError:
            self.run_function("group.delete", [ADD_GROUP])
            raise
    @pytest.mark.slow_test
    def test_mac_group_delete(self):
        """
        Tests the delete group function
        """
        # Create a group to delete - If unsuccessful, skip the test
        if self.run_function("group.add", [DEL_GROUP, 4567]) is not True:
            self.run_function("group.delete", [DEL_GROUP])
            self.skipTest("Failed to create a group to delete")
        # Now try to delete the added group
        ret = self.run_function("group.delete", [DEL_GROUP])
        self.assertTrue(ret)
    @pytest.mark.slow_test
    def test_mac_group_chgid(self):
        """
        Tests changing the group id
        """
        # Create a group to delete - If unsuccessful, skip the test
        if self.run_function("group.add", [CHANGE_GROUP, 5678]) is not True:
            self.run_function("group.delete", [CHANGE_GROUP])
            self.skipTest("Failed to create a group to manipulate")
        try:
            self.run_function("group.chgid", [CHANGE_GROUP, 6789])
            group_info = self.run_function("group.info", [CHANGE_GROUP])
            self.assertEqual(group_info["gid"], 6789)
        except AssertionError:
            self.run_function("group.delete", [CHANGE_GROUP])
            raise
    @pytest.mark.slow_test
    def test_mac_adduser(self):
        """
        Tests adding user to the group
        """
        # Create a group to use for test - If unsuccessful, skip the test
        if self.run_function("group.add", [ADD_GROUP, 5678]) is not True:
            self.run_function("group.delete", [ADD_GROUP])
            self.skipTest("Failed to create a group to manipulate")
        try:
            self.run_function("group.adduser", [ADD_GROUP, ADD_USER])
            group_info = self.run_function("group.info", [ADD_GROUP])
            self.assertEqual(ADD_USER, "".join(group_info["members"]))
        except AssertionError:
            self.run_function("group.delete", [ADD_GROUP])
            raise
    @pytest.mark.slow_test
    def test_mac_deluser(self):
        """
        Test deleting user from a group
        """
        # Create a group to use for test - If unsuccessful, skip the test
        if (
            self.run_function("group.add", [ADD_GROUP, 5678])
            and self.run_function("group.adduser", [ADD_GROUP, ADD_USER]) is not True
        ):
            self.run_function("group.delete", [ADD_GROUP])
            self.skipTest("Failed to create a group to manipulate")
        delusr = self.run_function("group.deluser", [ADD_GROUP, ADD_USER])
        self.assertTrue(delusr)
        group_info = self.run_function("group.info", [ADD_GROUP])
        self.assertNotIn(ADD_USER, "".join(group_info["members"]))
    @pytest.mark.slow_test
    def test_mac_members(self):
        """
        Test replacing members of a group
        """
        if (
            self.run_function("group.add", [ADD_GROUP, 5678])
            and self.run_function("group.adduser", [ADD_GROUP, ADD_USER]) is not True
        ):
            self.run_function("group.delete", [ADD_GROUP])
            self.skipTest(
                "Failed to create the {} group or add user {} to group "
                "to manipulate".format(ADD_GROUP, ADD_USER)
            )
        rep_group_mem = self.run_function("group.members", [ADD_GROUP, REP_USER_GROUP])
        self.assertTrue(rep_group_mem)
        # ensure new user is added to group and previous user is removed
        group_info = self.run_function("group.info", [ADD_GROUP])
        self.assertIn(REP_USER_GROUP, str(group_info["members"]))
        self.assertNotIn(ADD_USER, str(group_info["members"]))
    @pytest.mark.slow_test
    def test_mac_getent(self):
        """
        Test returning info on all groups
        """
        if (
            self.run_function("group.add", [ADD_GROUP, 5678])
            and self.run_function("group.adduser", [ADD_GROUP, ADD_USER]) is not True
        ):
            self.run_function("group.delete", [ADD_GROUP])
            self.skipTest(
                "Failed to create the {} group or add user {} to group "
                "to manipulate".format(ADD_GROUP, ADD_USER)
            )
        getinfo = self.run_function("group.getent")
        self.assertTrue(getinfo)
        self.assertIn(ADD_GROUP, str(getinfo))
        self.assertIn(ADD_USER, str(getinfo))
    def tearDown(self):
        """
        Clean up after tests
        """
        # Delete ADD_GROUP
        add_info = self.run_function("group.info", [ADD_GROUP])
        if add_info:
            self.run_function("group.delete", [ADD_GROUP])
        # Delete DEL_GROUP if something failed
        del_info = self.run_function("group.info", [DEL_GROUP])
        if del_info:
            self.run_function("group.delete", [DEL_GROUP])
        # Delete CHANGE_GROUP
        change_info = self.run_function("group.info", [CHANGE_GROUP])
        if change_info:
            self.run_function("group.delete", [CHANGE_GROUP])
--- a/tests/integration/modules/test_mac_keychain.py
+++ b/tests/integration/modules/test_mac_keychain.py
@ -1,106 +0,0 @@
 """
 Validate the mac-keychain module
 """
 import os
 import pytest
 from salt.exceptions import CommandExecutionError
 from tests.support.case import ModuleCase
 from tests.support.runtests import RUNTIME_VARS
@pytest.mark.destructive_test
@pytest.mark.skip_if_not_root
@pytest.mark.skip_unless_on_darwin
 class MacKeychainModuleTest(ModuleCase):
    """
    Integration tests for the mac_keychain module
    """
    @classmethod
    def setUpClass(cls):
        cls.cert = os.path.join(
            RUNTIME_VARS.FILES, "file", "base", "certs", "salttest.p12"
        )
        cls.cert_alias = "Salt Test"
        cls.passwd = "salttest"
    def tearDown(self):
        """
        Clean up after tests
        """
        # Remove the salttest cert, if left over.
        certs_list = self.run_function("keychain.list_certs")
        if self.cert_alias in certs_list:
            self.run_function("keychain.uninstall", [self.cert_alias])
    @pytest.mark.slow_test
    def test_mac_keychain_install(self):
        """
        Tests that attempts to install a certificate
        """
        install_cert = self.run_function("keychain.install", [self.cert, self.passwd])
        self.assertTrue(install_cert)
        # check to ensure the cert was installed
        certs_list = self.run_function("keychain.list_certs")
        self.assertIn(self.cert_alias, certs_list)
    @pytest.mark.slow_test
    def test_mac_keychain_uninstall(self):
        """
        Tests that attempts to uninstall a certificate
        """
        self.run_function("keychain.install", [self.cert, self.passwd])
        certs_list = self.run_function("keychain.list_certs")
        if self.cert_alias not in certs_list:
            self.run_function("keychain.uninstall", [self.cert_alias])
            self.skipTest("Failed to install keychain")
        # uninstall cert
        self.run_function("keychain.uninstall", [self.cert_alias])
        certs_list = self.run_function("keychain.list_certs")
        # check to ensure the cert was uninstalled
        try:
            self.assertNotIn(self.cert_alias, str(certs_list))
        except CommandExecutionError:
            self.run_function("keychain.uninstall", [self.cert_alias])
    @pytest.mark.slow_test
    def test_mac_keychain_get_friendly_name(self):
        """
        Test that attempts to get friendly name of a cert
        """
        self.run_function("keychain.install", [self.cert, self.passwd])
        certs_list = self.run_function("keychain.list_certs")
        if self.cert_alias not in certs_list:
            self.run_function("keychain.uninstall", [self.cert_alias])
            self.skipTest("Failed to install keychain")
        get_name = self.run_function(
            "keychain.get_friendly_name", [self.cert, self.passwd]
        )
        self.assertEqual(get_name, self.cert_alias)
    @pytest.mark.slow_test
    def test_mac_keychain_get_default_keychain(self):
        """
        Test that attempts to get the default keychain
        """
        salt_get_keychain = self.run_function("keychain.get_default_keychain")
        sys_get_keychain = self.run_function(
            "cmd.run", ["security default-keychain -d user"]
        )
        self.assertEqual(salt_get_keychain, sys_get_keychain)
    def test_mac_keychain_list_certs(self):
        """
        Test that attempts to list certs
        """
        cert_default = "com.apple.systemdefault"
        certs = self.run_function("keychain.list_certs")
        self.assertIn(cert_default, certs)
--- a/Show more
+++ b/Show more
		`@ -1 +0,0 @@`
			`Improved error message when state arguments are accidentally passed as a string`
		`@ -1 +0,0 @@`
			Allow `pip.install` to create a log file that is passed in if the parent directory is writeable
		`@ -1 +0,0 @@`
			`Fixed merging of complex pillar overrides with salt-ssh states`
		`@ -1 +0,0 @@`
			`Made salt-ssh states not re-render pillars unnecessarily`
		`@ -1 +0,0 @@`
			`Made Salt maintain options in Debian package repo definitions`
		`@ -1 +0,0 @@`
			`Fix salt user login shell path in Debian packages`
		`@ -1 +0,0 @@`
			`Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data`
		`@ -1,2 +0,0 @@`
			Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword
			`argument was not being respected.`
		`@ -1 +0,0 @@`
			`Move salt.ufw to correct location /etc/ufw/applications.d/`
		`@ -1 +0,0 @@`
			`Fixed salt-ssh stacktrace when retcode is not an integer`