valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #8966 from Jorge-Rodriguez/develop

Browse Source 
Added ssl verify flag to the gitfs backend.
This commit is contained in:
Thomas S Hatch 2013-12-03 10:00:51 -08:00
commit 2b9048a8c6
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
conf/master
View File

@ -356,6 +356,13 @@
# - git://github.com/saltstack/salt-states.git # - git://github.com/saltstack/salt-states.git
# - file:///var/git/saltmaster # - file:///var/git/saltmaster
# #
# The gitfs_ssl_verify option specifies whether to ignore ssl certificate
# errors when contacting the gitfs backend. You might want to set this to
# false if you're using a git backend that uses a self-signed certificate but
# keep in mind that setting this flag to anything other than the default of True
# is a security concern, you may want to try using the ssh transport.
#gitfs_ssl_verify: True
#
# The repos will be searched in order to find the file requested by a client # The repos will be searched in order to find the file requested by a client
# and the first repo to have the file will return it. # and the first repo to have the file will return it.
# When using the git backend branches and tags are translated into salt # When using the git backend branches and tags are translated into salt
@ -389,7 +396,7 @@
# errors when contacting the pillar gitfs backend. You might want to set this to # errors when contacting the pillar gitfs backend. You might want to set this to
# false if you're using a git backend that uses a self-signed certificate but # false if you're using a git backend that uses a self-signed certificate but
# keep in mind that setting this flag to anything other than the default of True # keep in mind that setting this flag to anything other than the default of True
# is a security concern. # is a security concern, you may want to try using the ssh transport.
#pillar_gitfs_ssl_verify: True #pillar_gitfs_ssl_verify: True
# The pillar_opts option adds the master configuration file data to a dict in # The pillar_opts option adds the master configuration file data to a dict in

5
salt/fileserver/gitfs.py
View File

@ -131,6 +131,11 @@ def init():
if not repo.remotes: if not repo.remotes:
try: try:
repo.create_remote('origin', opt) repo.create_remote('origin', opt)
# ignore git ssl verification if requested
if __opts__.get('gitfs_ssl_verify', True):
repo.git.config('http.sslVerify', 'true')
else:
repo.git.config('http.sslVerify', 'false')
except Exception: except Exception:
# This exception occurs when two processes are trying to write # This exception occurs when two processes are trying to write
# to the git config at once, go ahead and pass over it since # to the git config at once, go ahead and pass over it since

16
salt/pillar/git_pillar.py
View File

@ -115,15 +115,17 @@ def init(branch, repo_location):
if not repo.remotes: if not repo.remotes:
try: try:
repo.create_remote('origin', repo_location) repo.create_remote('origin', repo_location)
# ignore git ssl verification if requested
if __opts__.get('pillar_gitfs_ssl_verify', True):
repo.git.config('http.sslVerify', 'true')
else:
repo.git.config('http.sslVerify', 'false')
except Exception: except Exception:
# This exception occurs when two processes are trying to write
# to the git config at once, go ahead and pass over it since
# this is the only write
# This should place a lock down
pass pass
# ignore git ssl verification if requested
if __opts__.get('pillar_gitfs_ssl_verify', True):
repo.git.config('http.sslVerify', 'true')
else:
repo.git.config('http.sslVerify', 'false')
repo.git.fetch() repo.git.fetch()
return repo return repo