From 2870af2ba36cfc2cf8cd334ffa12559003c86760 Mon Sep 17 00:00:00 2001 From: Jacob Hammons Date: Thu, 15 Oct 2015 15:05:35 -0600 Subject: [PATCH] added link to grains security FAQ to targeting and pillar topics. --- doc/faq.rst | 2 +- doc/topics/pillar/index.rst | 4 ++++ doc/topics/targeting/grains.rst | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/faq.rst b/doc/faq.rst index 7ac7dcd073..ccae0f2672 100644 --- a/doc/faq.rst +++ b/doc/faq.rst @@ -295,7 +295,7 @@ https://github.com/saltstack-formulas/salt-formula .. _faq-grain-security: Is Targeting using Grain Data Secure? -===================================== +------------------------------------- Because grains can be set by users that have access to the minion configuration files on the local system, grains are considered less secure than other diff --git a/doc/topics/pillar/index.rst b/doc/topics/pillar/index.rst index ef03c83ad3..153766fd12 100644 --- a/doc/topics/pillar/index.rst +++ b/doc/topics/pillar/index.rst @@ -85,6 +85,10 @@ by their ``os`` grain: company: Foo Industries +.. important:: + See :ref:`Is Targeting using Grain Data Secure? ` for + important security information. + The above pillar sets two key/value pairs. If a minion is running RedHat, then the ``apache`` key is set to ``httpd`` and the ``git`` key is set to the value of ``git``. If the minion is running Debian, those values are changed to diff --git a/doc/topics/targeting/grains.rst b/doc/topics/targeting/grains.rst index 16ae596b21..3a6f4ffeec 100644 --- a/doc/topics/targeting/grains.rst +++ b/doc/topics/targeting/grains.rst @@ -22,6 +22,10 @@ to a custom grain, grain data is refreshed. Grains resolve to lowercase letters. For example, ``FOO``, and ``foo`` target the same grain. +.. important:: + See :ref:`Is Targeting using Grain Data Secure? ` for + important security information. + Match all CentOS minions: .. code-block:: bash