valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
33,703 Commits 24 Branches 182 Tags 341 MiB
11e25ed9d1
Commit Graph

33703 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joseph Hall
d5bfe0a827 Merge pull request #13982 from s0undt3ch/hotfix/lint 
Lint Fixes
 2014-07-04 21:18:31 -06:00
Pedro Algarvio
ed7d14e237 White-space lint fix 2014-07-05 00:45:53 +01:00
Pedro Algarvio
bbca1ee7cd White-space lint fix 2014-07-05 00:44:41 +01:00
vs
8f93ee0872 Merge remote-tracking branch 'upstream/develop' into multiple_masters_with_signatures 2014-07-04 03:18:49 -07:00
vs
309123e037 reorder code to make it more readable and maintainable 2014-07-04 03:15:39 -07:00
vs
d32380ce20 explain to the user what might be the problem with the missing signature 2014-07-04 03:13:46 -07:00
vs
7d37d6f3cd remove debug print 2014-07-04 03:12:32 -07:00
Thomas S Hatch
70dc6991da Merge pull request #13978 from whiteinge/doc-disclosure-proceedure 
Document security disclosure proceedures
 2014-07-03 21:14:23 -06:00
Seth House
92ebf99a1f Added security disclosure proceedure page 
Closes #2315
 2014-07-03 20:32:52 -06:00
Seth House
ddc4353248 Added central links for the various mailing lists 2014-07-03 20:32:26 -06:00
Joseph Hall
585e95cd40 Merge pull request #13975 from csakoda/develop 
ec2.query: copying params dict so our headers don't leak between attempt...
 2014-07-03 18:44:18 -06:00
Pedro Algarvio
2bb62a1f18 Merge pull request #13977 from hulu/augeas-shadowing 
avoid shadowing in augeas state
 2014-07-04 01:42:14 +01:00
Chris Rebert
8f7e5ea546 augeas state: avoid shadowing change() function 
************* Module salt.states.augeas
salt/states/augeas.py:223: [W0621(redefined-outer-name), setvalue] Redefining name 'change' from outer scope (line 42)
 2014-07-03 17:38:10 -07:00
Chris Rebert
8982842694 augeas state: avoid shadowing built-in file type 
************* Module salt.states.augeas
salt/states/augeas.py:177: [W0622(redefined-builtin), change] Redefining built-in 'file'
 2014-07-03 17:37:33 -07:00
Chuck Sakoda
09851a5425 ec2.query: copying params dict so our headers don't leak between attempts 2014-07-03 17:13:08 -07:00
Pedro Algarvio
ae36d905c2 Merge pull request #13952 from s0undt3ch/hotfix/lint 
Lint Fixes
 2014-07-04 00:57:39 +01:00
Pedro Algarvio
1ffb0e8a51 White-space related fixes 2014-07-04 00:56:49 +01:00
Pedro Algarvio
4acda7ab14 Move imports 2014-07-04 00:56:48 +01:00
Seth House
9a9a97fca9 Merge pull request #13973 from jacksontj/develop 
Make netapi more of a process manager
 2014-07-03 16:44:15 -06:00
Mike Place
89bf75fe84 Merge pull request #13974 from rallytime/schedule_unit_tests 
Some unit tests for salt.utils.schedule
 2014-07-03 15:55:09 -06:00
rallytime
a7eadd74ff remove unnecessary comment 2014-07-03 15:49:59 -06:00
rallytime
656db75ac0 Started some schedule unit tests 2014-07-03 15:48:46 -06:00
Thomas Jackson
1eb9c0243b Pylint cleanup! 2014-07-03 13:43:10 -07:00
Thomas Jackson
754642a512 Make netapi more of a process manager 
This makes netapi watch for its children and if any die it will create new ones and log the event
 2014-07-03 13:21:20 -07:00
Volker Schwicking
8612c34341 if pubkey is the same and no signature in payload and signature checking is not enabled, we must also return the aes key 2014-07-03 21:23:12 +02:00
Volker Schwicking
bd35eb77b9 safer lookup of master_type 2014-07-03 21:17:45 +02:00
Colton Myers
f11c5267b4 Merge pull request #13970 from techhat/pickles 
File extension should be .p, not .pp
 2014-07-03 12:49:04 -06:00
vs
6dcad5f65c lint fix and improved log message when switching masters 2014-07-03 11:06:11 -07:00
vs
ef9c517e76 add better error message when auth failed 2014-07-03 10:44:57 -07:00
vs
54a1eba6c9 fix spacing, do not auth on failed verification 2014-07-03 10:44:48 -07:00
vs
cee3aa4bc5 check for pub_sig in payload if its the first master the minion connects to 2014-07-03 10:44:40 -07:00
vs
90eb25154b check for existence of verification pubkey before trying to validate the signature 2014-07-03 10:44:30 -07:00
vs
9c1a15c43b minor update in the comments 2014-07-03 10:44:21 -07:00
vs
11711afb03 both sides have to either sign (master) or verify (minion) 
it shall not be possible, to have the master sign its auth-replies without
having the minion verify the signature and vice versa.
 2014-07-03 10:44:07 -07:00
vs
e99c002fde verifying the signature does not mean its always a new key 2014-07-03 10:43:58 -07:00
vs
d9b934a5d3 add switch to always verify the masters pubkey 
for the paranoid among us, this makes it possible to always verify
the masters auth-replies, even if the public key has not changed
 2014-07-03 10:43:48 -07:00
vs
a82207b148 if not already present, auto-generate a signing key-pair or use pre-computed signature 
if signing the pubkey is enabled, the master will either generate a new signing key-pair
on the fly (if none is found) or use the pre-computed pubkey-signature. if the pre-computed
signature is enabled but not present, the master will complain and exit.
 2014-07-03 10:42:42 -07:00
vs
77853b64d5 switch between signing with own key-pair of usage of pre-computed signature only 
if signing the pubkey is enabled, the master will switch between signing the pubkey
on the fly or just adding the pre-computed pubkeys signature to the reply.
 2014-07-03 10:41:11 -07:00
vs
7b2754255b set sensible default values to ease configuration 
signing key-pair settings
master_sign_key_name - name of the signing key-pair, without suffix
master_sign_pubkey - enable/disable signing the public key

signing signature settings
master_pubkey_signature - the pre-computed signature of master.pub + <sign_key>.pem
master_use_pubkey_signature - enable/disable usage of the pre-computed signature

verify_master_pub_sig - enable pubkey signature checking on the minion
 2014-07-03 10:38:45 -07:00
vs
bf49622f4b correctly check for verify_master_pub_sign when no key accepted before 2014-07-03 10:38:34 -07:00
vs
df7b1b34f4 pylinting, better log messages, docstrings, no logic changes 2014-07-03 10:38:06 -07:00
vs
e6f8f02b14 remove unneeded re import 2014-07-03 10:34:13 -07:00
vs
7fb83386d3 fix event-cal to be correct dict 2014-07-03 10:34:01 -07:00
vs
a485b1934e track connected status and re-init subsystems on new master 
keep track of self.connected and re-init the zmq-context, poller and
socket, if connecting to a new master
 2014-07-03 10:33:52 -07:00
vs
e67c35fa04 make function more flexible and work with different master-ips and status 2014-07-03 10:33:42 -07:00
vs
1d91adb1bc cleanup old sreqs if the master changed 
Jumping back and forth between different masters will over time add more
and more sreqs to the sreq_cache. That might be ok in MultiMaster, with
signed master-pubkeys, we only want one single master sreq we re-use and
remove all the others.
 2014-07-03 10:33:33 -07:00
vs
66d1d0f770 verify master pubkey signature on first pubkey connection 
previously the minion would take any master pubkey for granted and
write it to minion_master.pub.
 2014-07-03 10:33:23 -07:00
vs
b3966cbe0c fix path to signing pubkey 2014-07-03 10:32:35 -07:00
vs
c4fca17e40 cleanup and add some more comments 2014-07-03 10:32:23 -07:00
vs
52cb280883 add verification of signed master pubkeys 
Adds the verification of the master pubkey by checking the pubkey
signature in payload['pub_sig'] with the signing keypairs pubkey.
 2014-07-03 10:32:11 -07:00