* Check only ssh-rsa encyption for set_known_host
* Windows test fix
* Fix pre-commit
* add CentOS Stream to _OS_FAMILY_MAP, fix#59161
* added changelog and test
* fix syntax
* Use centosstream 8 for testing
* Use ? for matching spaces
Technically this isn't *quite* right as 'CentOSyStream' would also
match, but it's pretty reasonable:
- OS grains shouldn't ever be that kind of close
- This test is only swapping out spaces, and only for the os grain. That
would mean there would have to be two OSes with grains that only
differ by one having a space where another one has any other
character.
- This test really isn't even about matching grains, we're just using
compound matching and that's a reasonable one to use.
* Add centos stream when detecting package manager name
* Fix pre-commit
* Remove tests for fedora 32/33 EOL
* Remove tests for fedora 32/33 EOL
* Remove tests for fedora 33 EOL
* Use centosstream 8 for testing
* Use ? for matching spaces
Technically this isn't *quite* right as 'CentOSyStream' would also
match, but it's pretty reasonable:
- OS grains shouldn't ever be that kind of close
- This test is only swapping out spaces, and only for the os grain. That
would mean there would have to be two OSes with grains that only
differ by one having a space where another one has any other
character.
- This test really isn't even about matching grains, we're just using
compound matching and that's a reasonable one to use.
* 3002.9: Fix pre-commit
* 3003.5 Fix pre-commit
* [3002.9] Replace use of 'sl' with 'paper' for Arch tests, due to 'sl' having key issues
* Remove mojave testing
* Remove mojave and high sierra testing
* Remove mojave testing
* [3002.9] Fix cloud vultr size issue
* Update package name to aspnetcore-runtime-6.0 for redhat 8 pkg tests
* Update package name to aspnetcore-runtime-6.0 for redhat 8 pkg tests
* change amazon linux AMI
* Migrate `unit.modules.test_gpg` to PyTest
* Don't leave any `gpg-agent`'s running behind
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Start a background process to generate entropy.
Some tests have failed because of not enough entropy which then makes
the test timeout.
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* A different approach at generating entropy
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Turn entropy generation into a helper
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* change amazon linux AMI
* change amazon linux AMI
* [3004.2] Fix cloud vultr size issue
* Fix cloud requirements
* Skip pam tests on windows
* Update ami to try to get the tests running
* Update amis to try to get the tests running
* Fixing test_publish_to_pubserv_ipc_tcp, moving the call to socket.socket into the while loop.
* Add static requirements for 3.8 and 3.9 on Windows
* Fix requirements
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* The whole CI process is already slower than GH Actions, no caches.
* Pre-commit must not run with ``PIP_EXTRA_INDEX_URL`` set.
* Lint fixes
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Compile cloud requirements
* Run add requirements files for 3.8 and 3.9
* Fix docs and cloud requirements
* [3003.5] Fix cloud vultr size issue
* Windows test fix
* Skip test if docker not running
* [3003.5] Fix pre-commit
* Update Markup and contextfunction imports for jinja versions >=3.1.
* update bootstrap to 2022.03.15
* update bootstrap to 2022.03.15
* skipping tests/pytests/integration/modules/test_virt.py on 3002.x and 3003.x branches.
* Windows test fix
* Skip PAM tests on Windows
Windows has no ctypes with the PAM bits, so we should go ahead and skip
on Windows.
* Skip PAM auth tests on Windows
Windows lacks the correct bits, so...
* Fix pre-commit
* Skipping tests since they're also skipped on the master branch
Fixes#403
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Skip test that only runs because the patch binary is now available.
The feature though, was only added in 3004.
Fixes#404
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Skip test which is only supposed to run in Linux
Fixes https://github.com/saltstack/salt-priv/issues/405
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* GPG tests do not work on windows yet
* Fix tests
* Fix pre-commit
* skip tests.integration.modules.test_mac_brew_pkg.BrewModuleTest.test_list_upgrades and tests.integration.modules.test_state.StateModuleTest.test_get_file_from_env_in_top_match on Mac OS.
* skip tests.integration.modules.test_mac_brew_pkg.BrewModuleTest.test_list_upgrades and tests.integration.modules.test_state.StateModuleTest.test_get_file_from_env_in_top_match on Mac OS.
* Removing skip, moving it to different PR.
* Skipping tests on 3002.9.
* test fix
* Do not run patch tests on 3003.5. Feature not added till 3004
* skipping tests/pytests/integration/modules/test_virt.py on 3002.x and 3003.x branches.
* Fix pre-commit
* [3004.2] Update freebsd ami
* Bump the git version for freebsd CI tests
* removing versions that are no longer available from the tests.pytests.scenarios.compat.test_with_versions tests.
* Skip tests on windows when NOT using static requirements
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* removing versions that are no longer available from the tests.pytests.scenarios.compat.test_with_versions tests.
* test_issue_36469_tcp causes a fatal python error when run on Mac OS, so skipping.
* Fix tests
* Fix pre-commit
* Do not run patch tests on 3003.5. Feature not added till 3004
* Skip archive tar tests on windows
* [3002.9] Skip archive tar tests on windows
* GPG tests do not work on windows yet
* Skip test which is only supposed to run in Linux
Fixes https://github.com/saltstack/salt-priv/issues/405
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Skip test that only runs because the patch binary is now available.
The feature though, was only added in 3004.
Fixes#404
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Skipping tests since they're also skipped on the master branch
Fixes#403
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Fix pre-commit
* Fix pre-commit
* Fix pre-commit
* Fix pre-commit
* retry sdb.get if it returns None
None is an entirely valid return - see EtcdClient.get in
salt/utils/etcd_util.py
* drop py2/six
* fix etcd sdb.set as well
* Fix etdcd-sdb test failure
If docker container is up and running, but etcd isn't responding yet
it's possible that we get some failing tests. This should wait a
reasonable amount of time for things to come up. Or just skip the test.
* Fix etdcd-sdb test failure
If docker container is up and running, but etcd isn't responding yet
it's possible that we get some failing tests. This should wait a
reasonable amount of time for things to come up. Or just skip the test.
* Skip the tests from unit/transport/test_zero.py that are hanging on Mac.
* skip tests in tests/pytests/unit/states/test_archive.py for 3002.9
* 3002.9 Skipping CA permissions tests on Windows, similar to 3003.5 and 3004.2
* change skipif to skip
* Rollback Windows AMIs to use Python 3.7
* Rollback AMI's to Python 3.7... fix tests
* Fix failing test_archive tests
* Build using pyenv
* Add symlinks to openssl and rpath
* Add shasum for zeromq 4.3.4
* Fix docs on scripts
* Build zeromq earlier, fix symlinks
* Bring 61446 to 3004.1 branch
* Add changelog and tests
* Fix schedule test flakiness
* Retry with new port if in use
* fixing failing tests, ensuring that the correct path is used.
* fixing failing tests, ensuring that the correct path is used.
* fixing failing tests, ensuring that the correct path is used.
* Re-enable tiamat-pip on windows
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
* Bump duration time for windwos for test_retry_option_success
* Skip test cauing hangs
* go go pylint disable
* more pre-commit
* oh lint
* so many weird hook failures
* Add unit tests for PAM auth CVE
We could add functional tests if it's important enough, but this is the
narrowest place to test.
* Fix PAM auth CVE
Credit to @ysf
Previously we weren't checking the result of PAM_ACCT_MGMT.
* pylint disable
* rewrite hook changes
* Skip PAM auth tests on Windows
Since Windows ends out lacking the correct bits, no need to run tests
there.
* pre-commit fixes
* docs 3004.2 release
* Fix bug in tcp transport
* Fix the test_zeromq_filtering test
* skip test_npm_install_url_referenced_package on centos 7 and 8.
* Swapping CentOS Linux-8 for CentOS Stream-8
* Update build scripts to use pyenv
* Fix tests on MacOS
* Fix bug in tcp transport
* Fix test failures
* Update release notes and man pages for 3003.5
* Add 3002.9 changelog, release notes, man pages
* Update doc/topics/releases/3002.9.rst
Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
* Fix requirements
* Fix imports
* Test fixup
* Fix merge warts
* fix merge wart in changelog
* Fix merge warts in tests
Co-authored-by: krionbsd <krion@FreeBSD.org>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Alexander Kriventsov <akriventsov@nic.ru>
Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
Co-authored-by: Wayne Werner <wwerner@vmware.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: David Murphy < dmurphy@saltstack.com>
Co-authored-by: Twangboy <leesh@vmware.com>
Co-authored-by: MKLeb <calebb@vmware.com>
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Pedro Algarvio <palgarvio@vmware.com>
Co-authored-by: Thomas Phipps <tphipps@vmware.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: Alyssa Rock <alyssa.rock@gmail.com>
Co-authored-by: Alyssa Rock <43180546+barbaricyawps@users.noreply.github.com>
* Redirect imports of ``salt.ext.six`` to ``six``
Fixes#60966
* Latest changelog update for 3004
* Handle signals and properly exit, instead of raising exceptions.
This was introduced in 26fcda5074Fixes#60391Fixes#60963
* Add test for #61003
* Fix#61003
Restored the previously shifted check for version_to_remove in
old[target]. This had been extracted along with the correctly extracted
double pkg_params[target] lookup, but that lost the `target in old`
guard.
Putting the check back here prevents KeyError when looking for a
non-existent target in `old`.
* Handle various architecture formats in aptpkg module
* Write file even if does not exist
* only run test on debian based platforms
* remove extra space for arch
* convert pathlib to string for pkgrepo test
* Use temporary files first then copy to sources files
* fixessaltstack/salt#59182 fix handling of duplicate keys in rest_cherrypy data
* added changelog
* remove log messages to prevent leaks of sensitive info
* Reverting changes in PR #60150. Updating installed and removed functions to return changes when test=True.
* Adding changelog.
* Add a test and fix for extra-filerefs
* Do not break master_tops for minion with version lower to 3003
* Add changelog file
* Add extra comment to clarify discussion
* Update changelog file
* Add deprecated changelog
* Assert that the command didn't finish
Refs https://github.com/saltstack/salt/pull/60972
* Always restore signals, even when exceptions occur
* Reset signal handlers before starting the process
* Make sure that the `ProcessManager` doesn't always ignore signals
* Provide valid default value for bootstrap_delay
* Update changelog for 3004
* Update changelog and release notes for 3004
* Add PR 61020 to changelog
* Change MD5 to SHA256 fingerprint for new github.com fingerprint
* Check only ssh-rsa encyption for set_known_host
* Use main branch for kitchen-docker project
* Add tests for validate_tgt
This function evolved over the years, but never had any tests. We're
adding tests now to cover the various cases:
- there are no valid minions (currently fails, should return False)
- there are target minions that aren't in valid minions (correctly
fails)
- target minions are a subset of valid minions (i.e. all of the target
minions are found in the valid minions -- there are no extras)
(correctly passes)
* Refactor
minions should be a subset of v_minions - the extra code was just
getting in the way. Also, this function evolved over time but the
docstring never kept up. Updated the docstring to more accurately
describe the function's behavior.
* Fix#60413
When using a syndic and user auth, it was possible for v_minions and
minions to be two empty sets, which returned True. This allowed the user
to still publish the function. The Syndic would get the published event
and apply it, even though it should have been rejected.
However, if there are no valid minions, then it doesn't matter what the
targets are -- there are not valid targets, so there's no reason to do
any further checks.
* Rename changelog to security
* add cve# to changelog
* Sign pillar data
* Add regression tests for CVE-2022-22934
* Add changelog for cve-2022-22934
* Provide users with a nice warning when something goes wrong
* Rename changelog file
* Fix wart in tests
* Return bool when using m2crypo
* Limit the amount of empty space while searching ifconfig output
* Update changelog/cve-2020-22937.security
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
* Prevent auth replays and sign replies
* Add tests for cve-2022-22935
* Add changelog for cve-2020-22935
* Fix typo
* Prevent replays of file server requests
* Add regresion tests for fileserver nonce
* Add changelog for cve-2022-22936
* Job replay mitigation
* Fix merge warts
* more test fixes
* Fix auth tests on windows
* Remove unwanted requirements change
* Clean up cruft
* update docs for 3004.1 release
* Fix warts in new minion auth
* Test fix
* Update release notes
* Remove cve from non cve worty issue
* Add serial to payload in publisher process
* Fix channel tests
Fix broken channel tests by populating an AES key and serial.
* Windows test fix
* windows tests plz work
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
Co-authored-by: Wayne Werner <wwerner@vmware.com>
Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
Co-authored-by: nicholasmhughes <nicholasmhughes@gmail.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alyssa Rock <arock@saltstack.com>
Co-authored-by: krionbsd <krion@FreeBSD.org>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: MKLeb <calebb@vmware.com>
