saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 01:30:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
119692 commits 34 branches 292 tags 802 MiB
Commit graph

70 commits

Author SHA1 Message Date
Salt Project Packaging
b40833ed15
Release v3006.9 2024-07-29 07:51:58 +00:00
Salt Project Packaging
c5392cdbdb
Release v3006.8 2024-04-29 03:29:26 +00:00
Salt Project Packaging
ce9d09bc9c
Release v3006.7 2024-02-20 22:04:07 +00:00
Salt Project Packaging
b1fa82b9a8
Release v3006.6 2024-01-26 12:06:14 +00:00
Salt Project Packaging
0472fd381e
Release v3006.5 2023-12-12 18:03:35 +00:00
Salt Project Packaging
e37fbda4de Release v3006.4 2023-10-16 17:32:52 +00:00
Salt Project Packaging
8505972418
Release v3006.3 2023-09-06 17:02:29 +00:00
Salt Project Packaging
8f750fa7ae Release v3006.2 2023-08-09 12:08:57 +00:00
Salt Project Packaging
4e8b77df67
Release v3006.1 2023-05-05 17:53:34 +00:00
Salt Project Packaging
86bb64dde2
Release v3006.0 2023-04-18 21:05:02 +00:00
MKLeb
5c7c1396f2 Revert "Release v3006.0" 
This reverts commit e5209410c3.
 2023-04-18 13:43:28 -07:00
Salt Project Packaging
e5209410c3
Release v3006.0 2023-04-18 16:28:01 +00:00
Salt Project Packaging
b767ce0c8e
Release v3006.0rc3 2023-03-29 19:41:22 +00:00
Salt Project Packaging
0fd0f6b6b5
Release v3006.0rc2 2023-03-19 12:44:19 +00:00
Salt Project Packaging
8323b7ca6c
Release v3006.0rc1 2023-03-01 22:56:10 +00:00
Megan Wilhite
6226b9cb58 Update version in man pages to 3005.1 2022-09-26 14:16:22 -06:00
garethgreenaway
f321452879 Add changelog and docs for 3005.1 release 2022-09-26 14:16:22 -06:00
Ch3LL
7259f8b237 Add changelog and docs for 3005 release 2022-06-30 13:24:11 -06:00
Daniel Wozniak
d9343cca65
Merge forward 3004.2 (#62200) 
* Check only ssh-rsa encyption for set_known_host

* Windows test fix

* Fix pre-commit

* add CentOS Stream to _OS_FAMILY_MAP, fix #59161

* added changelog and test

* fix syntax

* Use centosstream 8 for testing

* Use ? for matching spaces

Technically this isn't *quite* right as 'CentOSyStream' would also
match, but it's pretty reasonable:

- OS grains shouldn't ever be that kind of close
- This test is only swapping out spaces, and only for the os grain. That
  would mean there would have to be two OSes with grains that only
  differ by one having a space where another one has any other
  character.
- This test really isn't even about matching grains, we're just using
  compound matching and that's a reasonable one to use.

* Add centos stream when detecting package manager name

* Fix pre-commit

* Remove tests for fedora 32/33 EOL

* Remove tests for fedora 32/33 EOL

* Remove tests for fedora 33 EOL

* Use centosstream 8 for testing

* Use ? for matching spaces

Technically this isn't *quite* right as 'CentOSyStream' would also
match, but it's pretty reasonable:

- OS grains shouldn't ever be that kind of close
- This test is only swapping out spaces, and only for the os grain. That
  would mean there would have to be two OSes with grains that only
  differ by one having a space where another one has any other
  character.
- This test really isn't even about matching grains, we're just using
  compound matching and that's a reasonable one to use.

* 3002.9: Fix pre-commit

* 3003.5 Fix pre-commit

* [3002.9] Replace use of 'sl' with 'paper' for Arch tests, due to 'sl' having key issues

* Remove mojave testing

* Remove mojave and high sierra testing

* Remove mojave testing

* [3002.9] Fix cloud vultr size issue

* Update package name to aspnetcore-runtime-6.0 for redhat 8 pkg tests

* Update package name to aspnetcore-runtime-6.0 for redhat 8 pkg tests

* change amazon linux AMI

* Migrate `unit.modules.test_gpg` to PyTest

* Don't leave any `gpg-agent`'s running behind

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Start a background process to generate entropy.

Some tests have failed because of not enough entropy which then makes
the test timeout.

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* A different approach at generating entropy

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Turn entropy generation into a helper

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* change amazon linux AMI

* change amazon linux AMI

* [3004.2] Fix cloud vultr size issue

* Fix cloud requirements

* Skip pam tests on windows

* Update ami to try to get the tests running

* Update amis to try to get the tests running

* Fixing test_publish_to_pubserv_ipc_tcp, moving the call to socket.socket into the while loop.

* Add static requirements for 3.8 and 3.9 on Windows

* Fix requirements

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* The whole CI process is already slower than GH Actions, no caches.

* Pre-commit must not run with ``PIP_EXTRA_INDEX_URL`` set.

* Lint fixes

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Compile cloud requirements

* Run add requirements files for 3.8 and 3.9

* Fix docs and cloud requirements

* [3003.5] Fix cloud vultr size issue

* Windows test fix

* Skip test if docker not running

* [3003.5] Fix pre-commit

* Update Markup and contextfunction imports for jinja versions >=3.1.

* update bootstrap to 2022.03.15

* update bootstrap to 2022.03.15

* skipping tests/pytests/integration/modules/test_virt.py on 3002.x and 3003.x branches.

* Windows test fix

* Skip PAM tests on Windows

Windows has no ctypes with the PAM bits, so we should go ahead and skip
on Windows.

* Skip PAM auth tests on Windows

Windows lacks the correct bits, so...

* Fix pre-commit

* Skipping tests since they're also skipped on the master branch

Fixes #403

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Skip test that only runs because the patch binary is now available.

The feature though, was only added in 3004.

Fixes #404

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Skip test which is only supposed to run in Linux

Fixes https://github.com/saltstack/salt-priv/issues/405

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* GPG tests do not work on windows yet

* Fix tests

* Fix pre-commit

* skip tests.integration.modules.test_mac_brew_pkg.BrewModuleTest.test_list_upgrades and tests.integration.modules.test_state.StateModuleTest.test_get_file_from_env_in_top_match on Mac OS.

* skip tests.integration.modules.test_mac_brew_pkg.BrewModuleTest.test_list_upgrades and tests.integration.modules.test_state.StateModuleTest.test_get_file_from_env_in_top_match on Mac OS.

* Removing skip, moving it to different PR.

* Skipping tests on 3002.9.

* test fix

* Do not run patch tests on 3003.5. Feature not added till 3004

* skipping tests/pytests/integration/modules/test_virt.py on 3002.x and 3003.x branches.

* Fix pre-commit

* [3004.2] Update freebsd ami

* Bump the git version for freebsd CI tests

* removing versions that are no longer available from the tests.pytests.scenarios.compat.test_with_versions tests.

* Skip tests on windows when NOT using static requirements

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* removing versions that are no longer available from the tests.pytests.scenarios.compat.test_with_versions tests.

* test_issue_36469_tcp causes a fatal python error when run on Mac OS, so skipping.

* Fix tests

* Fix pre-commit

* Do not run patch tests on 3003.5. Feature not added till 3004

* Skip archive tar tests on windows

* [3002.9] Skip archive tar tests on windows

* GPG tests do not work on windows yet

* Skip test which is only supposed to run in Linux

Fixes https://github.com/saltstack/salt-priv/issues/405

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Skip test that only runs because the patch binary is now available.

The feature though, was only added in 3004.

Fixes #404

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Skipping tests since they're also skipped on the master branch

Fixes #403

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Fix pre-commit

* Fix pre-commit

* Fix pre-commit

* Fix pre-commit

* retry sdb.get if it returns None

None is an entirely valid return - see EtcdClient.get in
salt/utils/etcd_util.py

* drop py2/six

* fix etcd sdb.set as well

* Fix etdcd-sdb test failure

If docker container is up and running, but etcd isn't responding yet
it's possible that we get some failing tests. This should wait a
reasonable amount of time for things to come up. Or just skip the test.

* Fix etdcd-sdb test failure

If docker container is up and running, but etcd isn't responding yet
it's possible that we get some failing tests. This should wait a
reasonable amount of time for things to come up. Or just skip the test.

* Skip the tests from unit/transport/test_zero.py that are hanging on Mac.

* skip tests in tests/pytests/unit/states/test_archive.py for 3002.9

* 3002.9 Skipping  CA permissions tests on Windows, similar to 3003.5 and 3004.2

* change skipif to skip

* Rollback Windows AMIs to use Python 3.7

* Rollback AMI's to Python 3.7... fix tests

* Fix failing test_archive tests

* Build using pyenv

* Add symlinks to openssl and rpath

* Add shasum for zeromq 4.3.4

* Fix docs on scripts

* Build zeromq earlier, fix symlinks

* Bring 61446 to 3004.1 branch

* Add changelog and tests

* Fix schedule test flakiness

* Retry with new port if in use

* fixing failing tests, ensuring that the correct path is used.

* fixing failing tests, ensuring that the correct path is used.

* fixing failing tests, ensuring that the correct path is used.

* Re-enable tiamat-pip on windows

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

* Bump duration time for windwos for test_retry_option_success

* Skip test cauing hangs

* go go pylint disable

* more pre-commit

* oh lint

* so many weird hook failures

* Add unit tests for PAM auth CVE

We could add functional tests if it's important enough, but this is the
narrowest place to test.

* Fix PAM auth CVE

Credit to @ysf

Previously we weren't checking the result of PAM_ACCT_MGMT.

* pylint disable

* rewrite hook changes

* Skip PAM auth tests on Windows

Since Windows ends out lacking the correct bits, no need to run tests
there.

* pre-commit fixes

* docs 3004.2 release

* Fix bug in tcp transport

* Fix the test_zeromq_filtering test

* skip test_npm_install_url_referenced_package on centos 7 and 8.

* Swapping CentOS Linux-8 for CentOS Stream-8

* Update build scripts to use pyenv

* Fix tests on MacOS

* Fix bug in tcp transport

* Fix test failures

* Update release notes and man pages for 3003.5

* Add 3002.9 changelog, release notes, man pages

* Update doc/topics/releases/3002.9.rst

Co-authored-by: Megan Wilhite <mwilhite@vmware.com>

* Fix requirements

* Fix imports

* Test fixup

* Fix merge warts

* fix merge wart in changelog

* Fix merge warts in tests

Co-authored-by: krionbsd <krion@FreeBSD.org>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Alexander Kriventsov <akriventsov@nic.ru>
Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
Co-authored-by: Wayne Werner <wwerner@vmware.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: David Murphy < dmurphy@saltstack.com>
Co-authored-by: Twangboy <leesh@vmware.com>
Co-authored-by: MKLeb <calebb@vmware.com>
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Pedro Algarvio <palgarvio@vmware.com>
Co-authored-by: Thomas Phipps <tphipps@vmware.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: Alyssa Rock <alyssa.rock@gmail.com>
Co-authored-by: Alyssa Rock <43180546+barbaricyawps@users.noreply.github.com>
 2022-06-29 10:10:06 -06:00
Daniel Wozniak
422302312a
Merge forward from 3004.1 (#61888) 
* Redirect imports of ``salt.ext.six`` to ``six``

Fixes #60966

* Latest changelog update for 3004

* Handle signals and properly exit, instead of raising exceptions.

This was introduced in 26fcda5074

Fixes #60391
Fixes #60963

* Add test for #61003

* Fix #61003

Restored the previously shifted check for version_to_remove in
old[target]. This had been extracted along with the correctly extracted
double pkg_params[target] lookup, but that lost the `target in old`
guard.

Putting the check back here prevents KeyError when looking for a
non-existent target in `old`.

* Handle various architecture formats in aptpkg module

* Write file even if does not exist

* only run test on debian based platforms

* remove extra space for arch

* convert pathlib to string for pkgrepo test

* Use temporary files first then copy to sources files

* fixes saltstack/salt#59182 fix handling of duplicate keys in rest_cherrypy data

* added changelog

* remove log messages to prevent leaks of sensitive info

* Reverting changes in PR #60150. Updating installed and removed functions to return changes when test=True.

* Adding changelog.

* Add a test and fix for extra-filerefs

* Do not break master_tops for minion with version lower to 3003

* Add changelog file

* Add extra comment to clarify discussion

* Update changelog file

* Add deprecated changelog

* Assert that the command didn't finish

Refs https://github.com/saltstack/salt/pull/60972

* Always restore signals, even when exceptions occur

* Reset signal handlers before starting the process

* Make sure that the `ProcessManager` doesn't always ignore signals

* Provide valid default value for bootstrap_delay

* Update changelog for 3004

* Update changelog and release notes for 3004

* Add PR 61020 to changelog

* Change MD5 to SHA256 fingerprint for new github.com fingerprint

* Check only ssh-rsa encyption for set_known_host

* Use main branch for kitchen-docker project

* Add tests for validate_tgt

This function evolved over the years, but never had any tests. We're
adding tests now to cover the various cases:

- there are no valid minions (currently fails, should return False)
- there are target minions that aren't in valid minions (correctly
  fails)
- target minions are a subset of valid minions (i.e. all of the target
  minions are found in the valid minions -- there are no extras)
  (correctly passes)

* Refactor

minions should be a subset of v_minions - the extra code was just
getting in the way. Also, this function evolved over time but the
docstring never kept up. Updated the docstring to more accurately
describe the function's behavior.

* Fix #60413

When using a syndic and user auth, it was possible for v_minions and
minions to be two empty sets, which returned True. This allowed the user
to still publish the function. The Syndic would get the published event
and apply it, even though it should have been rejected.

However, if there are no valid minions, then it doesn't matter what the
targets are -- there are not valid targets, so there's no reason to do
any further checks.

* Rename changelog to security

* add cve# to changelog

* Sign pillar data

* Add regression tests for CVE-2022-22934

* Add changelog for cve-2022-22934

* Provide users with a nice warning when something goes wrong

* Rename changelog file

* Fix wart in tests

* Return bool when using m2crypo

* Limit the amount of empty space while searching ifconfig output

* Update changelog/cve-2020-22937.security

Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>

* Prevent auth replays and sign replies

* Add tests for cve-2022-22935

* Add changelog for cve-2020-22935

* Fix typo

* Prevent replays of file server requests

* Add regresion tests for fileserver nonce

* Add changelog for cve-2022-22936

* Job replay mitigation

* Fix merge warts

* more test fixes

* Fix auth tests on windows

* Remove unwanted requirements change

* Clean up cruft

* update docs for 3004.1 release

* Fix warts in new minion auth

* Test fix

* Update release notes

* Remove cve from non cve worty issue

* Add serial to payload in publisher process

* Fix channel tests

Fix broken channel tests by populating an AES key and serial.

* Windows test fix

* windows tests plz work

Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
Co-authored-by: Wayne Werner <wwerner@vmware.com>
Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
Co-authored-by: nicholasmhughes <nicholasmhughes@gmail.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alyssa Rock <arock@saltstack.com>
Co-authored-by: krionbsd <krion@FreeBSD.org>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: MKLeb <calebb@vmware.com>
 2022-04-18 04:14:51 -07:00
ScriptAutomate
6e65170db5 3004 documentation; release docs, man pages 2021-09-27 12:46:43 -04:00
Megan Wilhite
fb10707877
Merge 3003.3 into master (#60924) 
* Merge 3002.6 bugfix changes (#59822)

* Pass `CI_RUN` as an environment variable to the test run.

This allows us to know if we're running the test suite under a CI
environment or not and adapt/adjust if needed

* Migrate `unit.setup` to PyTest

* Backport ae36b15 just for test_install.py

* Only skip tests on CI runs

* Always store git sha in _version.py during installation

* Fix PEP440 compliance.

The wheel metadata version 1.2 states that the package version MUST be
PEP440 compliant.

This means that instead of `3002.2-511-g033c53eccb`, the salt version
string should look like `3002.2+511.g033c53eccb`, a post release of
`3002.2` ahead by 511 commits with the git sha `033c53eccb`

* Fix and migrate `tests/unit/test_version.py` to PyTest

* Skip test if `easy_install` is not available

* We also need to be PEP440 compliant when there's no git history

* Allow extra_filerefs as sanitized kwargs for SSH client

* Fix regression on cmd.run when passing tuples as cmd

Co-authored-by: Alexander Graul <agraul@suse.com>

* Add unit tests to ensure cmd.run accepts tuples

* Add unit test to check for extra_filerefs on SSH opts

* Add changelog file

* Fix comment for test case

* Fix unit test to avoid failing on Windows

* Skip failing test on windows

* Fix test to work on Windows

* Add all ssh kwargs to sanitize_kwargs method

* Run pre-commit

* Fix pylint

* Fix cmdmod loglevel and module_names tests

* Fix pre-commit

* Skip ssh tests if binary does not exist

* Use setup_loader for cmdmod test

* Prevent argument injection in restartcheck

* Add changelog for restartcheck fix

* docs_3002.6

* Add back tests removed in merge

Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Bryce Larson <brycel@vmware.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alexander Graul <agraul@suse.com>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>

* Remove glance state module in favor of glance_image

* update wording in changelog

* bump deprecation warning to Silicon.

* Updating warnutil version to Phosphorous.

* Update salt/modules/keystone.py

Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>

* Check $HOMEBREW_PREFIX when linking against libcrypto

When loading `libcrypto`, Salt checks for a Homebrew installation of `openssl`
at Homebrew's default prefix of `/usr/local`. However, on Apple Silicon Macs,
Homebrew's default installation prefix is `/opt/homebrew`. On all platforms,
the prefix is configurable.  If Salt doesn't find one of those `libcrypto`s,
it will fall back on the un-versioned `/usr/lib/libcrypto.dylib`, which will
cause the following crash:

    Application Specific Information:
    /usr/lib/libcrypto.dylib
    abort() called
    Invalid dylib load. Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI.

This commit checks $HOMEBREW_PREFIX instead of hard-coding `/usr/local`.

* Add test case

* Add changelog for 59808

* Add changelog entry

* Make _find_libcrypto fail on Big Sur if it can't find a library

Right now, if `_find_libcrypto` can't find any externally-managed versions of
libcrypto, it will fall back on the pre-Catalina un-versioned system libcrypto.
This does not exist on Big Sur and it would be better to raise an exception
here rather than crashing later when trying to open it.

* Update _find_libcrypto tests

This commit simplifies the unit tests for _find_libcrypto by mocking out the
host's filesystem and testing the common libcrypto installations (brew, ports,
etc.) on Big Sur. It simplifies the tests for falling back on system versions
of libcrypto on previous versions of macOS.

* Fix description of test_find_libcrypto_with_system_before_catalina

* Patch sys.platform for test_rsax931 tests

* modules/match: add missing "minion_id" in Pillar example

The documented Pillar example for `match.filter_by` lacks the `minion_id` parameter. Without it, the assignment won't work as expected.
- fix documentation
- add tests:
  - to prove the misbehavior of the documented example
  - to prove the proper behaviour when supplying `minion_id`
  - to ensure some misbehaviour observed with compound matchers doesn't occur

* Fix for issue #59773

- When instantiating the loader grab values of grains and pillars if
  they are NamedLoaderContext instances.
- The loader uses a copy of opts.
- Impliment deepcopy on NamedLoaderContext instances.

* Add changelog for #59773

* _get_initial_pillar function returns pillar

* Fix linter issues

* Clean up test

* Bump deprecation release for neutron

* Uncomment Sulfur release name

* Removing the _ext_nodes deprecation warning and alias.

* Adding changelog.

* Renaming changelog file.

* Update 59804.removed

* Initial pass at fips_mode config option

* Fix pre-commit

* Fix tests and add changelog

* update docs 3003

* update docs 3003 - newline

* Fix warts in changelog

* update releasenotes 3003

* add ubuntu-2004-amd64 m2crypto pycryptodome and tcp tests

* add distro_arch

* changing the cloud platforms file missed in 1a9b7be0e2

* Update __utils__ calls to import utils in azure

* Add changelog for 59744

* Fix azure unit tests and move to pytest

* Use contextvars from site-packages for thin

If a contextvars package exists one of the site-packages locations use
it for the generated thin tarball. This overrides python's builtin
contextvars and allows salt-ssh to work with python <=3.6 even when the
master's python is >3.6 (Fixes #59942)

* Add regression test for #59942

* Add changelog for #59942

* Update filemap to include test_py_versions

* Fix broken thin tests

* Always install the `contextvars` backport, even on Py3.7+

Without this change, salt-ssh cannot target systems with Python <= 3.6

* Use salt-factories to handle the container. Don't override default roster

* Fix thin tests on windows

* No need to use warn log level here

* Fix getsitepackages for old virtualenv versions

* Add explicit pyobjc reqs

* Add back the passthrough stuff

* Remove a line so pre-commit will run

* Bugfix release docs

* Bugfix release docs

* Removing pip-compile log files

* Bump requirements to address a few security issues

* Address traceback on macOS

```
Traceback (most recent call last):
  File "setup.py", line 1448, in <module>
    setup(distclass=SaltDistribution)
  File "/Users/jenkins/setup-tests/.venv/lib/python3.7/site-packages/setuptools/__init__.py", line 153, in setup
    return distutils.core.setup(**attrs)
  File "/opt/salt/lib/python3.7/distutils/core.py", line 108, in setup
    _setup_distribution = dist = klass(attrs)
  File "setup.py", line 1068, in __init__
    self.update_metadata()
  File "setup.py", line 1074, in update_metadata
    attrvalue = getattr(self, attrname, None)
  File "setup.py", line 1182, in _property_install_requires
    install_requires += _parse_requirements_file(reqfile)
  File "setup.py", line 270, in _parse_requirements_file
    platform.python_version(), _parse_op(op), _parse_ver(ver)
  File "setup.py", line 247, in _check_ver
    return getattr(operator, "__{}__".format(op))(pyver, wanted)
  File "/opt/salt/lib/python3.7/distutils/version.py", line 46, in __eq__
    c = self._cmp(other)
  File "/opt/salt/lib/python3.7/distutils/version.py", line 337, in _cmp
    if self.version < other.version:
TypeError: '<' not supported between instances of 'str' and 'int'
```

* Replace `saltstack.com` with `saltproject.io` on URLs being tested

* Add back support to load old entrypoints by iterating instead of type checking

Fixes #59961

* Fix issue #59975

* Fix pillar serialization for jinja #60083

* Fix test

* Add changelog for #60083

* Update changelog and release for 3003.1

* Remove the changelog source refs

* Add connect to IPCMessageSubscriber's async_methods

Fixes #60049 by making sure an IPCMessageSubscriber that is wrapped by
SyncWrapper has a connect method that runs the coroutine rather than
returns a fugure.

* Add changelog for #60049

* Update 60049.fixed

* Fix coroutine spelling error

Co-authored-by: Wayne Werner <waynejwerner@gmail.com>

* IPC on windows cannot use socket paths

Fixes #60298

* Update Jinja2 and lxml due to security related bugfix releases

Jinja2
------

CVE-2020-28493
moderate severity
Vulnerable versions: < 2.11.3
Patched version: 2.11.3

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9.-]+.[a-zA-Z0-9.-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

lxml
----

CVE-2021-28957
moderate severity
Vulnerable versions: < 4.6.3
Patched version: 4.6.3

An XSS vulnerability was discovered in the python lxml clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.

* fix github actions jobs on branch until bullseye comes out

* Upgrade to `six==1.16.0` to avoid problems on CI runs

```
13:59:02  nox > Session invoke-pre-commit was successful.
13:59:02  nox > Running session invoke-pre-commit
13:59:02  nox > pip install --progress-bar=off -r requirements/static/ci/py3.7/invoke.txt
13:59:02  Collecting blessings==1.7
13:59:02    Using cached blessings-1.7-py3-none-any.whl (18 kB)
13:59:02  Collecting invoke==1.4.1
13:59:02    Using cached invoke-1.4.1-py3-none-any.whl (210 kB)
13:59:02  Collecting pyyaml==5.3.1
13:59:02    Using cached PyYAML-5.3.1.tar.gz (269 kB)
13:59:02  Collecting six==1.15.0
13:59:02    Using cached six-1.15.0-py2.py3-none-any.whl (10 kB)
13:59:02  Building wheels for collected packages: pyyaml
13:59:02    Building wheel for pyyaml (setup.py) ... - \ | / - \ | done
13:59:02    Created wheel for pyyaml: filename=PyYAML-5.3.1-cp37-cp37m-linux_x86_64.whl size=546391 sha256=e42e1d66cc32087f4d33ceb81268c86b59f1a97029b19459f91b8d6ad1430167
13:59:02    Stored in directory: /var/jenkins/.cache/pip/wheels/5e/03/1e/e1e954795d6f35dfc7b637fe2277bff021303bd9570ecea653
13:59:02  Successfully built pyyaml
13:59:02  Installing collected packages: six, pyyaml, invoke, blessings
13:59:02    Attempting uninstall: six
13:59:02      Found existing installation: six 1.16.0
13:59:02      Uninstalling six-1.16.0:
13:59:02  ERROR: Could not install packages due to an OSError: [Errno 2] No such file or directory: '/var/jenkins/.cache/pre-commit/repomw8oee1s/py_env-python3/lib/python3.7/site-packages/__pycache__/six.cpython-37.pyc'
13:59:02
13:59:02  nox > Command pip install --progress-bar=off -r requirements/static/ci/py3.7/invoke.txt failed with exit code 1
13:59:02  nox > Session invoke-pre-commit failed.
```

* add changelog for https://github.com/saltstack/salt/issues/59982

* Regression test for #56273

* Fix race condition in batch. #56273

* Add changelog for #56273

* Update salt/client/__init__.py

Co-authored-by: Pedro Algarvio <pedro@algarvio.me>

* Update doc for salt/client

* Update changelog/56273.fixed

Thoreau said, "Simplify, Simplify"

* Update docs

* Update docs

* Update CHANGELOG.md

* Update 3003.1.rst

* Ignore configuration for 'enable_fqdns_grains' for AIX, Solaris and Juniper

* Added changelog

* Let Mac OS Mojave run for 8 hours to avoid timeout

* Remove FreeBSD-12.2

* Use Popen for VT

* Still allow shell True

* Drop shlex split

* Add crypto re-init

* Fix pre-commit

* Do not call close in isalive

* Skip tests not valid on windows

* Cleanup things that are not really needed

* We do not support irix

* Fix pre-commit

* Remove commented out lines

* Add changelog for #60504

* Fix pre-commit issues

* pyupgrade does not remove six imports

* Fix OSErrors in some test cases

* Remove un-needed args processing

* Make state_running test more reliable

* Removing tmpfs from Fedora 33.

* Address leaks in fileserver caused by git backends

At this time we do not have the ability to fix the upstream memory leaks
in the gitfs backend providers. Work around their limitations by
periodically restarting the file server update proccess. This will at
least partially address #50313

* Remove un-used import

* Fix warts caused by black version

* Add changelog

* We don't need two changelogs

* Also pin the ``pip`` upgrade to be ``<21.2``

* Update the external ipaddress to the latest 3.9.5 version which has some security fixes.  Updating the compat.p to use the vendored version if the python version is below 3.9.5 and only run the test_ipaddress.py tests if below 3.9.5.

* Adding changelog

* Requested changes.

* Add shh_timeout to ssh_kwargs

* move to with blocks

* one with block

* reight crypto

* add back test file

* add changelog

* change log file number

* add m2crypt support

* only check m2crpto

* Delete 60571.fixed

* add back log

* add newline

* add newline for log file

* Work around https://github.com/pypa/pip/pull/9450

See https://github.com/pypa/pip/issues/10212

* Drop six and Py2

* [3003.2] Add server alive (#60573)

* add server alive

* rename log

* change default alive time

* add requested changes

* format string

* reformat string again

* run pre

* customize

* space

* remove EOF dead space

* fix pre-commit

* run pre

Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>

* Changelog for 3003.2

* Man pages update for 3003.2

* Allow CVE entries in `changelog/`

* Add security type for towncrier changelog

* Add security type for changelog entries pre-commit check

* Pin to ``pip>=20.2.4,<21.2``

Refs https://github.com/pypa/pip/pull/9450

* Drop six and Py2

* Fix bug introduced in https://github.com/saltstack/salt/pull/59648

Fixes #60046

* Add changelog

* Fix doc builds

* fix release notes about dropping ubuntu 16.04

* update file client

* add changelog file

* update changelog

* Check permissions of minion config directory

* Fix some wording in the messagebox and in comments

* Add changelog

* Fix extension for changelog

* Add missing commas. It also worked, but now is better

* docs_3003.3

* fixing version numbers in man pages.

* removing newlines.

* removing newlines.

* Fixing release notes.

* Fix changelog file for 3003.2 release

* Fix test_state test using loader.context

* Re-add test_context test

* Allow Local System account, add timestamp

* swaping the git-source for vsphere-automation-sdk-python

* Remove destroy, handled in context manager

Co-authored-by: Daniel Wozniak <dwozniak@saltstack.com>
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Bryce Larson <brycel@vmware.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alexander Graul <agraul@suse.com>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: Gareth J. Greenaway <gareth@wiked.org>
Co-authored-by: Hoa-Long Tam <hoalong@apple.com>
Co-authored-by: krionbsd <krion@freebsd.org>
Co-authored-by: Elias Probst <e.probst@ssc-services.de>
Co-authored-by: Daniel A. Wozniak <dwozniak@vmware.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: twangboy <slee@saltstack.com>
Co-authored-by: twangboy <leesh@vmware.com>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
Co-authored-by: Wayne Werner <waynejwerner@gmail.com>
Co-authored-by: David Murphy < dmurphy@saltstack.com>
Co-authored-by: Joe Eacott <jeacott@vmware.com>
Co-authored-by: cmcmarrow <charles.mcmarrow.4@gmail.com>
Co-authored-by: Twangboy <shane.d.lee@gmail.com>
 2021-09-22 17:42:38 -07:00
Megan Wilhite
66cf74140b
Merge Freeze into Master (#60074) 
* Merge 3002.6 bugfix changes (#59822)

* Pass `CI_RUN` as an environment variable to the test run.

This allows us to know if we're running the test suite under a CI
environment or not and adapt/adjust if needed

* Migrate `unit.setup` to PyTest

* Backport ae36b15 just for test_install.py

* Only skip tests on CI runs

* Always store git sha in _version.py during installation

* Fix PEP440 compliance.

The wheel metadata version 1.2 states that the package version MUST be
PEP440 compliant.

This means that instead of `3002.2-511-g033c53eccb`, the salt version
string should look like `3002.2+511.g033c53eccb`, a post release of
`3002.2` ahead by 511 commits with the git sha `033c53eccb`

* Fix and migrate `tests/unit/test_version.py` to PyTest

* Skip test if `easy_install` is not available

* We also need to be PEP440 compliant when there's no git history

* Allow extra_filerefs as sanitized kwargs for SSH client

* Fix regression on cmd.run when passing tuples as cmd

Co-authored-by: Alexander Graul <agraul@suse.com>

* Add unit tests to ensure cmd.run accepts tuples

* Add unit test to check for extra_filerefs on SSH opts

* Add changelog file

* Fix comment for test case

* Fix unit test to avoid failing on Windows

* Skip failing test on windows

* Fix test to work on Windows

* Add all ssh kwargs to sanitize_kwargs method

* Run pre-commit

* Fix pylint

* Fix cmdmod loglevel and module_names tests

* Fix pre-commit

* Skip ssh tests if binary does not exist

* Use setup_loader for cmdmod test

* Prevent argument injection in restartcheck

* Add changelog for restartcheck fix

* docs_3002.6

* Add back tests removed in merge

Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Bryce Larson <brycel@vmware.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alexander Graul <agraul@suse.com>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>

* Remove glance state module in favor of glance_image

* update wording in changelog

* bump deprecation warning to Silicon.

* Updating warnutil version to Phosphorous.

* Update salt/modules/keystone.py

Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>

* Check $HOMEBREW_PREFIX when linking against libcrypto

When loading `libcrypto`, Salt checks for a Homebrew installation of `openssl`
at Homebrew's default prefix of `/usr/local`. However, on Apple Silicon Macs,
Homebrew's default installation prefix is `/opt/homebrew`. On all platforms,
the prefix is configurable.  If Salt doesn't find one of those `libcrypto`s,
it will fall back on the un-versioned `/usr/lib/libcrypto.dylib`, which will
cause the following crash:

    Application Specific Information:
    /usr/lib/libcrypto.dylib
    abort() called
    Invalid dylib load. Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI.

This commit checks $HOMEBREW_PREFIX instead of hard-coding `/usr/local`.

* Add test case

* Add changelog for 59808

* Add changelog entry

* Make _find_libcrypto fail on Big Sur if it can't find a library

Right now, if `_find_libcrypto` can't find any externally-managed versions of
libcrypto, it will fall back on the pre-Catalina un-versioned system libcrypto.
This does not exist on Big Sur and it would be better to raise an exception
here rather than crashing later when trying to open it.

* Update _find_libcrypto tests

This commit simplifies the unit tests for _find_libcrypto by mocking out the
host's filesystem and testing the common libcrypto installations (brew, ports,
etc.) on Big Sur. It simplifies the tests for falling back on system versions
of libcrypto on previous versions of macOS.

* Fix description of test_find_libcrypto_with_system_before_catalina

* Patch sys.platform for test_rsax931 tests

* modules/match: add missing "minion_id" in Pillar example

The documented Pillar example for `match.filter_by` lacks the `minion_id` parameter. Without it, the assignment won't work as expected.
- fix documentation
- add tests:
  - to prove the misbehavior of the documented example
  - to prove the proper behaviour when supplying `minion_id`
  - to ensure some misbehaviour observed with compound matchers doesn't occur

* Fix for issue #59773

- When instantiating the loader grab values of grains and pillars if
  they are NamedLoaderContext instances.
- The loader uses a copy of opts.
- Impliment deepcopy on NamedLoaderContext instances.

* Add changelog for #59773

* _get_initial_pillar function returns pillar

* Fix linter issues

* Clean up test

* Bump deprecation release for neutron

* Uncomment Sulfur release name

* Removing the _ext_nodes deprecation warning and alias.

* Adding changelog.

* Renaming changelog file.

* Update 59804.removed

* Initial pass at fips_mode config option

* Fix pre-commit

* Fix tests and add changelog

* update docs 3003

* update docs 3003 - newline

* Fix warts in changelog

* update releasenotes 3003

* add ubuntu-2004-amd64 m2crypto pycryptodome and tcp tests

* add distro_arch

* changing the cloud platforms file missed in 1a9b7be0e2

* Update __utils__ calls to import utils in azure

* Add changelog for 59744

* Fix azure unit tests and move to pytest

* Use contextvars from site-packages for thin

If a contextvars package exists one of the site-packages locations use
it for the generated thin tarball. This overrides python's builtin
contextvars and allows salt-ssh to work with python <=3.6 even when the
master's python is >3.6 (Fixes #59942)

* Add regression test for #59942

* Add changelog for #59942

* Update filemap to include test_py_versions

* Fix broken thin tests

* Always install the `contextvars` backport, even on Py3.7+

Without this change, salt-ssh cannot target systems with Python <= 3.6

* Use salt-factories to handle the container. Don't override default roster

* Fix thin tests on windows

* No need to use warn log level here

* Fix getsitepackages for old virtualenv versions

* Add explicit pyobjc reqs

* Add back the passthrough stuff

* Remove a line so pre-commit will run

* Bugfix release docs

* Bugfix release docs

* Removing pip-compile log files

* Fix failing test tests.unit.grains.test_core.CoreGrainsTestCase.test_xen_virtual

* Fix pre-commit for docs.txt reqs

Co-authored-by: Daniel Wozniak <dwozniak@saltstack.com>
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: Bryce Larson <brycel@vmware.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alexander Graul <agraul@suse.com>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: Gareth J. Greenaway <gareth@wiked.org>
Co-authored-by: Hoa-Long Tam <hoalong@apple.com>
Co-authored-by: krionbsd <krion@freebsd.org>
Co-authored-by: Elias Probst <e.probst@ssc-services.de>
Co-authored-by: Daniel A. Wozniak <dwozniak@vmware.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: twangboy <slee@saltstack.com>
Co-authored-by: twangboy <leesh@vmware.com>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
 2021-04-27 11:47:47 -04:00
Frode Gundersen
7932c7c7d4 Update man pages 3003 2021-02-24 11:30:39 -05:00
Frode Gundersen
8df03c17e1 Update docs for 3002.2 release 2020-11-14 09:54:21 -07:00
Daniel Wozniak
023528b3b1
3002.1 (#58871) 
* Fix CVE-2020-16846

Stop calling Popen with shell=True to prevent shell injection attacks on
the netapi salt-ssh client.

* Add tests to verify strict permissions on private keys

* Set mode of key files to 0600 instead of leaving them world readable

* Apply pre-commit fixes

* Open files with proper permissions

* Add cve id to changelog

* Security docs updates with newer resource links

* Changelog/Releasenotes update 3001.2

* Add man_pages 3001.2

* cve-2020-17490 consistancy hotfix

* Tests and fix for CVE-2020-25592

* Update man pages 3001.3

* Clear up requirements for salt-api+ssh

* Add ssh_options to roster docs

* Update changelog / releasenotes 3001.3

* Do not overwrite master keys

salt-api should not overwrite the master's keys when it starts up. Give
salt-api it's own cache directory and set of keys.

* Update for 3002.1 Release

* Update releasenotes

* Fix typos and pre-commit

* Fix spelling issue

* Fix pre-commit

* Update 2019.2.6.rst

Fix doc

Co-authored-by: Jasper Lievisse Adriaanse <j@jasper.la>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
Co-authored-by: Frode Gundersen <fgundersen@saltstack.com>
Co-authored-by: Ken Crowell <kcrowell@saltstack.com>
Co-authored-by: Sage the Rage <36676171+sagetherage@users.noreply.github.com>
 2020-11-12 10:48:38 -07:00
Frode Gundersen
beed28a590 Update man-pages to 3002 2020-10-08 07:27:30 -07:00
Frode Gundersen
71cdfb0f06 Update man pages for 3001.1 2020-07-14 09:43:09 -07:00
Frode Gundersen
70d62eabfd Update man_pages to 3001 2020-05-21 20:58:02 -07:00
Frode Gundersen
5ab6ff8f48 Merge changes from 2019.2.5 and 3000.3 2020-05-14 17:34:51 -07:00
Frode Gundersen
34548fad36 Update man pages 3000.2 2020-04-29 15:00:46 -07:00
Frode Gundersen
6d7c1b6482
Update man pages to 3000.1 2020-03-10 17:25:39 +00:00
Frode Gundersen
c839d821fa
Update man pages 3000 2020-01-15 22:27:28 +00:00
Daniel Wozniak
fbac4aa1dc
Merge branch 'master' into 2019.2.1-merge-master 2019-10-07 16:18:32 -07:00
Richard Simko
a5fef26906
Corrected grammar in cloud docs 2019-10-07 11:10:25 +02:00
Frode
92bc4b235f
Update man pages for 2019.2.2 2019-10-02 18:08:12 +00:00
Frode
6f7c4eefbe
Update man_pages for 2019.2.1 2019-09-05 19:45:24 +00:00
Ch3LL
3a85c5b33f
Update man pages for 2019.2.0 2019-01-08 14:35:36 -05:00
Ch3LL
a418ef87b1
Update man pages for 2018.3.3 2018-09-21 16:18:36 -04:00
rallytime
3e6445a9d6
Merge branch '2017.7' into '2018.3' 
Conflicts:
  - doc/man/salt-api.1
  - doc/man/salt-call.1
  - doc/man/salt-cloud.1
  - doc/man/salt-cp.1
  - doc/man/salt-key.1
  - doc/man/salt-master.1
  - doc/man/salt-minion.1
  - doc/man/salt-proxy.1
  - doc/man/salt-run.1
  - doc/man/salt-ssh.1
  - doc/man/salt-syndic.1
  - doc/man/salt-unity.1
  - doc/man/salt.1
  - doc/man/salt.7
  - doc/man/spm.1
  - salt/beacons/log.py
  - salt/client/ssh/__init__.py
  - salt/modules/cmdmod.py
  - salt/utils/win_functions.py
  - tests/integration/modules/test_cmdmod.py
  - tests/integration/netapi/rest_tornado/test_app.py
  - tests/integration/runners/test_state.py
 2018-08-08 13:31:57 -04:00
rallytime
64fe3be41a
Update man pages for 2017.7.8 release 2018-08-07 09:35:01 -04:00
rallytime
8893bf0d4c Update man pages for 2017.7.7 2018-06-14 17:43:13 +00:00
rallytime
8c340134f5 Update man pages for 2018.3.2 2018-06-14 17:26:13 +00:00
rallytime
ade5e9f664 [2018.3.1] Update man pages 2018-05-09 18:17:22 +00:00
rallytime
48ecb78dec [2017.7.6] Update man pages 2018-05-07 20:31:38 +00:00
rallytime
782a5584f5
Update man pages for 2017.7.5 2018-03-13 12:47:40 -04:00
rallytime
a731047e59
Add man pages for oxygen release 2018-02-23 12:15:13 -05:00
rallytime
d31b41adeb
Update man pages for 2017.7.3 release 2018-01-24 13:46:43 -05:00
Nicole Thomas
5328bc8d99 Update man pages for 2016.11 (#37354) 2016-10-31 13:09:01 -06:00
Nicole Thomas
47290d88a2 Update man pages for the 2016.3 branch (#37259) 2016-10-26 13:32:38 -06:00