Merge pull request #27234 from basepi/merge-forward-2015.8

[2015.8] Merge forward from 2015.5 to 2015.8
2024-11-07 17:09:03 +00:00 · 2015-09-18 14:41:38 -06:00 · 2015-09-18 14:41:38 -06:00 · f8e71f6d7d
commit f8e71f6d7d
parent 2d6c75cbd7 be2b0fc497
5 changed files with 110 additions and 11 deletions
--- a/doc/topics/releases/2015.5.6.rst
+++ b/doc/topics/releases/2015.5.6.rst
@ -0,0 +1,8 @@
+===========================
+Salt 2015.5.6 Release Notes
+===========================
+
+Version 2015.5.6 is a bugfix release for :doc:`2015.5.0
+</topics/releases/2015.5.0>`.
+
+Changes:
--- a/salt/modules/ssh.py
+++ b/salt/modules/ssh.py
@ -870,7 +870,8 @@ def set_known_host(user=None,
                   port=None,
                   enc=None,
                   hash_hostname=True,
-                   config=None):
+                   config=None,
+                   hash_known_hosts=True):
    '''
    Download SSH public key from remote host "hostname", optionally validate
    its fingerprint against "fingerprint" variable and save the record in the
@ -878,6 +879,44 @@ def set_known_host(user=None,

    If such a record does already exists in there, do nothing.

+    user
+        The user who owns the ssh authorized keys file to modify
+
+    hostname
+        The name of the remote host (e.g. "github.com")
+
+    fingerprint
+        The fingerprint of the key which must be presented in the known_hosts
+        file (optional if key specified)
+
+    key
+        The public key which must be presented in the known_hosts file
+        (optional if fingerprint specified)
+
+    port
+        optional parameter, denoting the port of the remote host, which will be
+        used in case, if the public key will be requested from it. By default
+        the port 22 is used.
+
+    enc
+        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
+        or ssh-dss
+
+    hash_hostname : True
+        Hash all hostnames and addresses in the known hosts file.
+
+        .. deprecated:: Carbon
+
+            Please use hash_known_hosts instead.
+
+    config
+        The location of the authorized keys file relative to the user's home
+        directory, defaults to ".ssh/known_hosts". If no user is specified,
+        defaults to "/etc/ssh/ssh_known_hosts". If present, must be an
+        absolute path when a user is not specified.
+
+    hash_known_hosts : True
+        Hash all hostnames and addresses in the known hosts file.

    CLI Example:

@ -894,6 +933,14 @@ def set_known_host(user=None,
                'error': 'argument port can not be used in '
                'conjunction with argument hash_hostname'}

+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
    update_required = False
    check_required = False
    stored_host = get_known_host(user, hostname, config, port)
@ -967,7 +1014,7 @@ def set_known_host(user=None,
            os.chown(ssh_dir, uinfo['uid'], uinfo['gid'])
            os.chmod(ssh_dir, 0o700)

-    if key:
+    if key and hash_known_hosts:
        cmd_result = __salt__['ssh.hash_known_hosts'](user=user, config=full)

    # write line to known_hosts file
@ -1070,6 +1117,13 @@ def hash_known_hosts(user=None, config=None):

    .. versionadded:: 2014.7.0

+    user
+        hash known hosts of this user
+
+    config
+        path to known hosts file: can be absolute or relative to user's home
+        directory
+
    CLI Example:

    .. code-block:: bash
@ -1080,7 +1134,7 @@ def hash_known_hosts(user=None, config=None):
    full = _get_known_hosts_file(config=config, user=user)

    if isinstance(full, dict):
-        return full
+        return full  # full contains error information

    if not os.path.isfile(full):
        return {'status': 'error',
--- a/salt/states/ssh_known_hosts.py
+++ b/salt/states/ssh_known_hosts.py
@ -23,6 +23,9 @@ from __future__ import absolute_import
 # Import python libs
 import os

+# Import salt libs
+import salt.utils
+

 def present(
        name,
@ -32,7 +35,8 @@ def present(
        port=None,
        enc=None,
        config=None,
-        hash_hostname=True):
+        hash_hostname=True,
+        hash_known_hosts=True):
    '''
    Verifies that the specified host is known by the specified user

@ -70,7 +74,14 @@ def present(
        absolute path when a user is not specified.

    hash_hostname : True
-        Hash all hostnames and addresses in the output.
+        Hash all hostnames and addresses in the known hosts file.
+
+        .. deprecated:: Carbon
+
+            Please use hash_known_hosts instead.
+
+    hash_known_hosts : True
+        Hash all hostnames and addresses in the known hosts file.
    '''
    ret = {'name': name,
           'changes': {},
@ -87,6 +98,14 @@ def present(
        ret['result'] = False
        return dict(ret, comment=comment)

+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
    if __opts__['test']:
        if key and fingerprint:
            comment = 'Specify either "key" or "fingerprint", not both.'
@ -121,7 +140,7 @@ def present(
                port=port,
                enc=enc,
                config=config,
-                hash_hostname=hash_hostname)
+                hash_known_hosts=hash_known_hosts)
    if result['status'] == 'exists':
        return dict(ret,
                    comment='{0} already exists in {1}'.format(name, config))
--- a/salt/states/test.py
+++ b/salt/states/test.py
@ -8,6 +8,12 @@ Provide test case states that enable easy testing of things to do with

 .. code-block:: yaml

+    always-passes-with-any-kwarg:
+      test.nop:
+        - name: foo
+        - something: else
+        - foo: bar
+
    always-passes:
      test.succeed_without_changes:
        - name: foo
@ -49,6 +55,17 @@ from salt.exceptions import SaltInvocationError
 log = logging.getLogger(__name__)


+def nop(name, **kwargs):
+    '''
+    A no-op state that does nothing. Useful in conjunction with the `use`
+    requisite, or in templates which could otherwise be empty due to jinja
+    rendering
+
+    .. versionadded:: 2015.5.6
+    '''
+    return succeed_without_changes(name)
+
+
 def succeed_without_changes(name):
    '''
    Returns successful.
@ -64,9 +81,6 @@ def succeed_without_changes(name):
        'result': True,
        'comment': 'Success!'
    }
-    if __opts__['test']:
-        ret['result'] = True
-        ret['comment'] = 'If we weren\'t testing, this would be a success!'
    return ret


--- a/salt/utils/http.py
+++ b/salt/utils/http.py
@ -313,7 +313,7 @@ def query(url,
            urllib_request.HTTPCookieProcessor(sess_cookies)
        ]

-        if url.startswith('https') or port == 443:
+        if url.startswith('https'):
            hostname = request.get_host()
            handlers[0] = urllib_request.HTTPSHandler(1)
            if not HAS_MATCHHOSTNAME:
@ -323,8 +323,12 @@ def query(url,
                log.warn(('SSL certificate verification has been explicitly '
                         'disabled. THIS CONNECTION MAY NOT BE SECURE!'))
            else:
+                if ':' in hostname:
+                    hostname, port = hostname.split(':')
+                else:
+                    port = 443
                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                sock.connect((hostname, 443))
+                sock.connect((hostname, int(port)))
                sockwrap = ssl.wrap_socket(
                    sock,
                    ca_certs=ca_bundle,