Merge pull request #14415 from SmithSamuelM/sam_2014.7

Added support for road estate role attribute in key identity

salt/daemons/salting.py

@@ -95,10 +95,10 @@ class SaltKeep(RoadKeep):
                         ('joined', remote.joined),
                         ('role', remote.role),
                     ])
-        if self.verifyRemoteData(data, remoteFields =self.RemoteDumpFields):
+        if self.verifyRemoteData(data, remoteFields=self.RemoteDumpFields):
             self.dumpRemoteData(data, remote.name)
 
-        self.saltRaetKey.status(remote.name,
+        self.saltRaetKey.status(remote.role,
                                 remote.uid,
                                 remote.pubber.keyhex,
                                 remote.verfer.keyhex)
@@ -112,7 +112,7 @@ class SaltKeep(RoadKeep):
         if not data:
             return None
 
-        mid = remote.name
+        mid = remote.role
         statae = raeting.ACCEPTANCES.keys()
         for status in statae:
             keydata = self.saltRaetKey.read_remote(mid, status)
@@ -132,16 +132,18 @@ class SaltKeep(RoadKeep):
         '''
         Load and Return the data from the all the remote estate files
         '''
-        data = super(SaltKeep, self).loadAllRemoteData()
+        keeps = super(SaltKeep, self).loadAllRemoteData()
 
         for status, mids in self.saltRaetKey.list_keys().items():
             for mid in mids:
                 keydata = self.saltRaetKey.read_remote(mid, status)
-                if keydata and data.get(mid):
-                    data[mid].update(acceptance=raeting.ACCEPTANCES[status],
+                if keydata:
+                    for name, data in keeps.items():
+                        if data['role'] == mid:
+                            keeps[name].update(acceptance=raeting.ACCEPTANCES[status],
                                          verhex=keydata['verify'],
                                          pubhex=keydata['pub'])
-        return data
+        return keeps
 
     def clearAllRemoteData(self):
         '''
@@ -150,15 +152,15 @@ class SaltKeep(RoadKeep):
         super(SaltKeep, self).clearAllRemoteData()
         self.saltRaetKey.delete_all()
 
-    def replaceRemote(self, remote, old):
+    def replaceRemoteRole(self, remote, old):
         '''
-        Replace the safe keep key file at old name given remote.name has changed
-        Assumes name uniqueness already taken care of
+        Replace the Salt RaetKey record at old role when remote.role has changed
         '''
-        new = remote.name
+        new = remote.role
         if new != old:
-            self.dumpRemote(remote) #will be pending by default unless autoaccept
+            #self.dumpRemote(remote)
             # manually fix up acceptance if not pending
+            # will be pending by default unless autoaccept
             if remote.acceptance == raeting.acceptances.accepted:
                 self.acceptRemote(remote)
             elif remote.acceptance == raeting.acceptances.rejected:
@@ -171,7 +173,7 @@ class SaltKeep(RoadKeep):
         Evaluate acceptance status of remote estate per its keys
         persist key data differentially based on status
         '''
-        status = raeting.ACCEPTANCES[self.saltRaetKey.status(remote.name,
+        status = raeting.ACCEPTANCES[self.saltRaetKey.status(remote.role,
                                                              remote.eid,
                                                              pubhex,
                                                              verhex)]
@@ -190,7 +192,7 @@ class SaltKeep(RoadKeep):
         Set acceptance status to rejected
         '''
         remote.acceptance = raeting.acceptances.rejected
-        mid = remote.name
+        mid = remote.role
         self.saltRaetKey.reject(match=mid, include_accepted=True)
 
     def pendRemote(self, remote):
@@ -204,7 +206,7 @@ class SaltKeep(RoadKeep):
         Set acceptance status to accepted
         '''
         remote.acceptance = raeting.acceptances.accepted
-        mid = remote.name
+        mid = remote.role
         self.saltRaetKey.accept(match=mid, include_rejected=True)
 
 def clearAllKeep(dirpath):

salt/key.py

@@ -11,6 +11,8 @@ import stat
 import shutil
 import fnmatch
 import hashlib
+import json
+import msgpack
 
 # Import salt libs
 import salt.crypt
@@ -827,9 +829,14 @@ class RaetKey(Key):
                 prefix, sep, name = root.partition('.')
                 if not name or prefix != 'estate':
                     continue
-                if name not in minions:
-                    path = os.path.join(road_cache, road)
-                    os.remove(path)
+                path = os.path.join(road_cache, road)
+                with salt.utils.fopen(path, 'rb') as fp_:
+                    if ext == '.json':
+                        data = json.load(fp_)
+                    elif ext == '.msgpack':
+                        data = msgpack.load(fp_)
+                    if data['role'] not in minions:
+                        os.remove(path)
 
     def gen_keys(self):
         '''
@@ -876,13 +883,7 @@ class RaetKey(Key):
                 'device_id': device_id,
                 'pub': pub,
                 'verify': verify}
-        if self.opts['open_mode']:
-            if os.path.isfile(acc_path):
-                # The minion id has been accepted, verify the key strings
-                with salt.utils.fopen(acc_path, 'rb') as fp_:
-                    keydata = self.serial.loads(fp_.read())
-                if keydata['pub'] == pub and keydata['verify'] == verify:
-                    return 'accepted'
+        if self.opts['open_mode']: # always accept and overwrite
             with salt.utils.fopen(acc_path, 'w+b') as fp_:
                 fp_.write(self.serial.dumps(keydata))
                 return 'accepted'