Merge pull request #27234 from basepi/merge-forward-2015.8

[2015.8] Merge forward from 2015.5 to 2015.8
This commit is contained in:
Justin Findlay 2015-09-18 14:41:38 -06:00
commit f8e71f6d7d
5 changed files with 110 additions and 11 deletions

View File

@ -0,0 +1,8 @@
===========================
Salt 2015.5.6 Release Notes
===========================
Version 2015.5.6 is a bugfix release for :doc:`2015.5.0
</topics/releases/2015.5.0>`.
Changes:

View File

@ -870,7 +870,8 @@ def set_known_host(user=None,
port=None,
enc=None,
hash_hostname=True,
config=None):
config=None,
hash_known_hosts=True):
'''
Download SSH public key from remote host "hostname", optionally validate
its fingerprint against "fingerprint" variable and save the record in the
@ -878,6 +879,44 @@ def set_known_host(user=None,
If such a record does already exists in there, do nothing.
user
The user who owns the ssh authorized keys file to modify
hostname
The name of the remote host (e.g. "github.com")
fingerprint
The fingerprint of the key which must be presented in the known_hosts
file (optional if key specified)
key
The public key which must be presented in the known_hosts file
(optional if fingerprint specified)
port
optional parameter, denoting the port of the remote host, which will be
used in case, if the public key will be requested from it. By default
the port 22 is used.
enc
Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
or ssh-dss
hash_hostname : True
Hash all hostnames and addresses in the known hosts file.
.. deprecated:: Carbon
Please use hash_known_hosts instead.
config
The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/known_hosts". If no user is specified,
defaults to "/etc/ssh/ssh_known_hosts". If present, must be an
absolute path when a user is not specified.
hash_known_hosts : True
Hash all hostnames and addresses in the known hosts file.
CLI Example:
@ -894,6 +933,14 @@ def set_known_host(user=None,
'error': 'argument port can not be used in '
'conjunction with argument hash_hostname'}
if not hash_hostname:
salt.utils.warn_until(
'Carbon',
'The hash_hostname parameter is misleading as ssh-keygen can only '
'hash the whole known hosts file, not entries for individual'
'hosts. Please use hash_known_hosts=False instead.')
hash_known_hosts = hash_hostname
update_required = False
check_required = False
stored_host = get_known_host(user, hostname, config, port)
@ -967,7 +1014,7 @@ def set_known_host(user=None,
os.chown(ssh_dir, uinfo['uid'], uinfo['gid'])
os.chmod(ssh_dir, 0o700)
if key:
if key and hash_known_hosts:
cmd_result = __salt__['ssh.hash_known_hosts'](user=user, config=full)
# write line to known_hosts file
@ -1070,6 +1117,13 @@ def hash_known_hosts(user=None, config=None):
.. versionadded:: 2014.7.0
user
hash known hosts of this user
config
path to known hosts file: can be absolute or relative to user's home
directory
CLI Example:
.. code-block:: bash
@ -1080,7 +1134,7 @@ def hash_known_hosts(user=None, config=None):
full = _get_known_hosts_file(config=config, user=user)
if isinstance(full, dict):
return full
return full # full contains error information
if not os.path.isfile(full):
return {'status': 'error',

View File

@ -23,6 +23,9 @@ from __future__ import absolute_import
# Import python libs
import os
# Import salt libs
import salt.utils
def present(
name,
@ -32,7 +35,8 @@ def present(
port=None,
enc=None,
config=None,
hash_hostname=True):
hash_hostname=True,
hash_known_hosts=True):
'''
Verifies that the specified host is known by the specified user
@ -70,7 +74,14 @@ def present(
absolute path when a user is not specified.
hash_hostname : True
Hash all hostnames and addresses in the output.
Hash all hostnames and addresses in the known hosts file.
.. deprecated:: Carbon
Please use hash_known_hosts instead.
hash_known_hosts : True
Hash all hostnames and addresses in the known hosts file.
'''
ret = {'name': name,
'changes': {},
@ -87,6 +98,14 @@ def present(
ret['result'] = False
return dict(ret, comment=comment)
if not hash_hostname:
salt.utils.warn_until(
'Carbon',
'The hash_hostname parameter is misleading as ssh-keygen can only '
'hash the whole known hosts file, not entries for individual'
'hosts. Please use hash_known_hosts=False instead.')
hash_known_hosts = hash_hostname
if __opts__['test']:
if key and fingerprint:
comment = 'Specify either "key" or "fingerprint", not both.'
@ -121,7 +140,7 @@ def present(
port=port,
enc=enc,
config=config,
hash_hostname=hash_hostname)
hash_known_hosts=hash_known_hosts)
if result['status'] == 'exists':
return dict(ret,
comment='{0} already exists in {1}'.format(name, config))

View File

@ -8,6 +8,12 @@ Provide test case states that enable easy testing of things to do with
.. code-block:: yaml
always-passes-with-any-kwarg:
test.nop:
- name: foo
- something: else
- foo: bar
always-passes:
test.succeed_without_changes:
- name: foo
@ -49,6 +55,17 @@ from salt.exceptions import SaltInvocationError
log = logging.getLogger(__name__)
def nop(name, **kwargs):
'''
A no-op state that does nothing. Useful in conjunction with the `use`
requisite, or in templates which could otherwise be empty due to jinja
rendering
.. versionadded:: 2015.5.6
'''
return succeed_without_changes(name)
def succeed_without_changes(name):
'''
Returns successful.
@ -64,9 +81,6 @@ def succeed_without_changes(name):
'result': True,
'comment': 'Success!'
}
if __opts__['test']:
ret['result'] = True
ret['comment'] = 'If we weren\'t testing, this would be a success!'
return ret

View File

@ -313,7 +313,7 @@ def query(url,
urllib_request.HTTPCookieProcessor(sess_cookies)
]
if url.startswith('https') or port == 443:
if url.startswith('https'):
hostname = request.get_host()
handlers[0] = urllib_request.HTTPSHandler(1)
if not HAS_MATCHHOSTNAME:
@ -323,8 +323,12 @@ def query(url,
log.warn(('SSL certificate verification has been explicitly '
'disabled. THIS CONNECTION MAY NOT BE SECURE!'))
else:
if ':' in hostname:
hostname, port = hostname.split(':')
else:
port = 443
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((hostname, 443))
sock.connect((hostname, int(port)))
sockwrap = ssl.wrap_socket(
sock,
ca_certs=ca_bundle,