As per [their blog post of the 27th April](https://blog.readthedocs.com/securing-subdomains/) ‘Securing subdomains’:
> Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard.
Test Plan: Manually visited all the links I’ve modified.
* Automatically add --proxyid to salt-proxy arguments
* Add parameters to disable automatic adding of arguments and environment
settings: .run() now takes verbatim_args and verbatim_env
* salt-proxy uses salt-minion.pid file
* Simplify .shutdown()
+ pass timeout to .wait_for_daemon_pid()
+ attempt kill before checking timeout value
+ Testing for "no such pid" (case that process was already dead) was
previously incorrect, but was masked due to (what should have been) a
superfluous call to salt.utils.process.os_is_running()
* Add a ``testprogram.TestProgramCase()`` to simplify test classes
+ Has ``setUp()`` and ``tearDown()`` to create ephemeral test directory
(really should be moved to salttesting.TestCase)
+ Common ``assert_exit_status()`` for validating and reporting failures in
exit status.
* Add missing ``testprogram.TestDaemonSaltProxy`` class
* Remove specific setting of ``program`` parameter in initialization of
``TestDaemonSaltMinion`` since ``testprogram.TestSaltProgramMeta`` already
handles that unless a specific override is required.
* Automatically set ``user`` in config for master, minion and proxy test
classes if a specific user is not specified.
* Automatically set ``PYTHONPATH`` as ``sys.path`` unless it is specified.
* Add debug logging when a program is started
* Set a flag once a TestDaemon has been shutdown(); check flag in is_running()
* Add .config_path property
* salt.utils.process.clean_proc() only works with multiprocessing - replace it
* Automatically add --config-dir for TestSaltDaemon if it isn't already specified
This way, the the test logs will use the same temp dir as the rest of
the test suite. On MacOS, for example, `$TMPDIR` is set to a path that
is too long for unix sockets on the system, so the `SYS_TEMP_DIR` is set
to `/tmp` to override this.
Calling `zypper --gpg-auto-import-keys refresh` is required after
adding/modifying a repository because `--gpg-auto-import-keys` doesn't
do anything when called with `zypper ar` or `zypper mr`.
Without calling `zypper --gpg-auto-import-keys refresh` here, calling
`zypper ref` after adding/removing would still ask for
accepting/rejecting the gpg key.
* Remove completely pointless RabbitMQ unit test
Why would we even write tests to check to see if a mocked object
returns a string and then assert against that string?! This is absurd.
* Spurious print
* Fix master hanging after a request from minion with removed key. (#33333)
* ZMQ monitor for MWorker connections.
* Reauth minion if the key was removed on the master side.
* Allow concurrency mode in state runs if using sudo (#33325)
Closes#30130
* Disambiguate non-exact matches when checking if sysv service is enabled (#33324)
Fixes#33323
* remove redundant, incorrect sudo_runas config documentation (#33318)
* remove sudo_runas documentation
`sudo_runas` was renamed to `sudo_user` and the documentation was not
updated accordingly.
* conf/minion: update sudo_user description
The description from sudo_runas was better.
* import ps from psutil_compat in beacons (#33334)
* beacons.network_info: import gate psutil
* beacons.ps: import gate psutil
* Add docs for mine_functions config var (#33326)
* Add docs for mine_functions config var
* Note that mine_enabled essentially just doesn't add the mine
update function to the scheduler.
* Bp 28467 calm mine (#33327)
* make minion mine update behavior more configurable
* Add docs for mine_functions config var
* Remove config dup from mine config options
Refs #28467
* 2015.8 does not have _DFLT_MULTIPROCESSING_MODE
* This won't be in until 2015.8.10.
* Fix network.managed for windows (#33312)
* Fix some link errors in the test writing tutorial (#33347)
* Describes parameters in register_instances function (#33339)
* Fix UnboundLocalError in git.latest (#33340)
Resolves#32260.
* Expanded documentation for boto_elb state and module (#33341)
* Describes what happens when the CNAME parameter is given.
* Describes what the recognized attributes are for for ELBs.
* Properly detect newer Linux Mint distros (#33359)
* Properly detect newer Linux Mint distros
LMDE 2 and Linux Mint 17.3 changed the DISTRIB_ID in /etc/lsb-release to
``LinuxMint``, breaking OS detection for these distros.
This commit fixes that by adding an entry to the OS_NAME_MAP in the core
grains.
* Remove LinuxMint os_family from aptpkg.py
It is no longer necessary as the distro is now detected properly, which
will lead to an os_family of Debian.
* Update job_cache and keep_jobs docs to be more specific to their behavior (#33328)
* Update job_cache and keep_jobs docs to be more specific to their behavior
Also fixed a bug discovered when investigating job_cache/keep_jobs functionality
where the jid directory and files were removed by the cache cleaner, but not the
original jid clash detection directory created in /var/cache/salt/master/jobs/.
Fixes#29286
* Add testcase for the changes in the local_cache.clean_old_jobs func
* Mark tests as destructive
* Put destructive test decorator in correct location
* Remove mentions of windows not supporting pkgs param (#33361)
Fixes#33313
* Updates docs version to 2015.8.9
Adds note regarding the os grain on Mint Linux
Adds an FAQ regarding grains that change due to upstream changes
* revved 2015.8 branch to .9 in version selector
* Add initscripts, SystemD service units and environment files for Debian (#32857)
* Add note to docs about api settings for Hipchat API v2 (#33365)
Fixes#27779
* Add win_pkg to list of modules that support "version" in pkg.installed (#33362)
Fixes#32913
* Add note about name parameter in git_pillar docs (#33369)
Fixes#27737
* Better YAML syntax error handling (#33375)
Closes#26574
* Improve doc clarity for disable_modules documentation (#33379)
* Improve doc clarity for disable_modules documentation
* Additional clarification on blacklisted name
* maintain the fallabck because I am totally sick of this crap
* blast, put the try/except int he right place
* restore whitespace
* Fix traceback in logging for config validation (#33386)
* 2015.8.10 release notes
* Sync pillarstack to latest upstream version (#33391)
* Don't lay down all available opts (#33385)
* Don't lay down all available opts
* We need at least one opt in there
* Condense defaults
* Put the default hash type back
* Catch exception raised from invalid verify_options
This fails the state gracefully in these cases.
Refs: 6b97161293 (r63577507)
* Raise an exception when package verification fails
* Catch failed package verification commands
Also, since pkg.verify is run separately on each targeted package, don't
add errors for each failure, just add one error to what we report.
* Update rpm test_verify test to reflect change from cmd.run to cmd.run_all
* Update job_cache and keep_jobs docs to be more specific to their behavior
Also fixed a bug discovered when investigating job_cache/keep_jobs functionality
where the jid directory and files were removed by the cache cleaner, but not the
original jid clash detection directory created in /var/cache/salt/master/jobs/.
Fixes#29286
* Add testcase for the changes in the local_cache.clean_old_jobs func
* Mark tests as destructive
* Put destructive test decorator in correct location
* Added support for the agentv2
* Updated os field to match the SD API requirement
* filename is an absolute path on official installations
* Install script URL uses a redirect now, so we should instruct curl to follow them
* Added a missing import
* Updated the settings for the v2 agent
* Fixed pep8 issues
* select v2 agent for the test
* Fix context clash.
boto_vpc uses both boto and boto3. Both utils for those use the same name for their connection context. If you used states that required both boto and boto3, the get_conn would return the object.
* Add a unit test to the boto context conflict problem
* Fix pylint errors and ensure new test to runs correctly
Merges #32985
* Fix typo
* better support for named images, locations, sizes
* better support for named images, locations, sizes
* Tests for Vultr driver
* Add sleep so test instance will be old enough to delete as part of the test
* Lint.
* modules.postgres: fix handling of empty string in db_create
The code responsible for collecting the parameters used in the CREATE
DATABASE query works unexpectedly in case for values which are evaluated
to False as bool, but are not None.
This caused queries with missing rvalues like this one (lc_collate=""):
2016-05-13 16:04:05,243 [salt.loaded.int.module.cmdmod][ERROR ][2990]
stderr: ERROR: syntax error at or near "OWNER"
LINE 1: ..._production" WITH ENCODING = 'utf8' LC_COLLATE = OWNER =
"g...
Please note that proper escaping or a different approach would be needed
here.
* modules.postgres: handle trivial sqli in db_create
* modules.postgres: fix OrderedDict usage
* modules.postgres: quote TABLESPACE too in db_create
* gentoo service enhancements
* fixing command examples
making sure enabled handles multiple runlevel
* unused import removed
* replacing collection.OrderedDict with salt.utils.odict.OrderedDict
* set replaced with list
* Check rendered YAML for invalid keys
PyYAML will for some reason allow improper YAML, specifically double
curly-braces like ``{{ }}``, to be formed into an unhashable dict (that
is, one with a dict as a key). This commit will change the YAML renderer
such that the rendered data is recursively checked for keys that are
dicts, and raises an SaltRenderError if such a key is encountered.
Resolves#33073.
* Fix smtp returner test
This test was using jinja placeholders but was not passing the template
through the jinja renderer. This commit adds the use of the jinja
renderer to this test to fix the failure caused by the addition of
verification of the loaded YAML inthe previous commit.
* Fix file.managed for Windows (#33181)
* Revert back to import string_types
For some reason, there is a problem with the following
code when run from the file.py module:
```
from salt.ext import six
comment = 'This is a string'
isinstance(comment, six.string_types)
```
When run from within the python shell it works fine.
* Add six import
* Fix some lint
* Use correct six import
* Changed it back to explicit import
* Additional comments specific to 2015.5
* Fix file.managed for real
* Move comment to clarify purpose
* update 2015.5.11 release notes (#33197)
* Add pip installed and removed test (#33178)
* Resolve issue with pkg module on Mint Linux (#33205)
Closes#32198
* Add run_on_start docs to schedule.rst (#32958)
Fixes#22580
* Backport #33021 manually to 2015.5 (#33044)
* Saltfile with pillar tests (#33045)
* add file.managed with pillar data tests
* do not require git for other tests
* Fix minor document error of test.assertion (#33067)
* test pillar.items output (#33060)
* File and User test fixes for 2015.5 on Fedora23 (#33055)
* Fix file_test.test_symlink on 2015.5
* Fix failing user present test
* add test for installing package while using salt-call --local (#33025)
* add test for installing package while using salt-call --local
* fix pylint
* ssh docs: install py-2.6 for RHEL 5
* Bugfix: Restore boolean values from the repo configuration
* Add test data for repos
* Add repo config test
* Bugfix (follow-up): setting priority requires non-positive integer
* modules.npm: do not log npm --version at info level (#33084)
* salt-cloud: fix ipv6-only virtual machines (#32865)
* salt-cloud: fix ipv6-only virtual machines
* fix hostname for rsync fallback in scp_file function
* use 4 spaces instead of 2
* remove global variable, use direct socket call instead
* Use saltstack repo in buildpackage.py on CentOS 5 (#33080)
* Lower display of msgpack failure msg to debug (#33078)
Closes#33074
* cloud.query needs to define mapper.opts (#33098)
* clarify docs that map is designed to be run once. is not stateful (#33102)
* Moved _finger_fail method to parent class.
Method _finger_fail method from SAuth to AsyncAuth class to make method available
in both class and fix an issue where _finger_Fail is called inside AsyncAuth.
* Fix 33058 (#33099)
* Fix servermanager module
- Added check for 2008 version of windows
- Added Import-Module ServerManager to _pshell_json.
Apparently this needs to run each time we issue a
servermanager command.
* Fix list_available
* salt.utils.gitfs: fix formatting for warning messages (#33064)
* salt.utils.gitfs: fix formatting for warning messages
When git_pillar support was added to salt.utils.gitfs, the
recommendation globals had string formatting placeholders added to them,
but the locations where these values are referenced do not call
``.format()`` to properly replace them. This commit fixes that
oversight.
* Remove more gitfs and master-specific wording from log messages
* Add a check that the cmdline of the found proc matches (#33129)
* Doc mock decorators (#33132)
* Add mock function for mocking decorators
* Mock the stdlib user module because importing it will open the repl
* Fix broken parsing of usermgmt.conf on OpenBSD (#33135)
When creating a new user, if a group of the same name already exists,
the usermgmt.conf file is consulted to determine the primary group.
It's in these cases that the parsing bug is triggered.
This code change addresses several of the existing issues:
- The previous split statement explicitly specified a single space.
Since a config line may have any number of spaces and/or tabs
surrounding the entries, the resulting array's elements may be
incorrect.
- According to the man pages for usermgmt.conf, the "group" config
entry accpets a single parameter -- so we shouldn't iterate.
- The "val[1]" was returning the 2nd letter of each word and not the
second word on the config line as intended.
* Move salt-ssh thin dir location to /var/tmp (#33130)
* Move salt-ssh thin dir location to /var/tmp
Closes#32771
* Remove performance penelty language
* If cache_jobs: True is set, populate the local job cache when running salt-call (#33100)
* If cache_jobs: True is set, populate the local job cache
Fixes#32834
Allows a masterless minion to query the job cache.
* Refactor cache_jobs functionality to be DRY
* Skipping salt-call --local test
* Back-port #31769 to 2015.8 (#33139)
* Handle empty acl_name in linux_acl state
Calls to setfacl interpret an empty group or user name to mean to be the
owner of the file they're operating on. For example, for a directory
owned by group 'admin', the ACL 'default:group::rwx' is equivalent to
'default:group:admin:rwx'.
The output of the getfacl execution module returns ACLs in the format of
'group:admin:rwx' instead of 'group::rwx'. This commit changes the
acl.present state to look for the owner of the file if the acl_name
paremeter is empty.
* Fix acl.present/acl.absent changing default ACLs
The behaviour of the acl.present and acl.absent is to check the data
structure returned by getfacl contains a key by the name of acl_type.
However, this data structure does not contain any default ACLs if none
exist, so this check will fail. We omit the check if a default ACL was
passed into the state functions.
Unfortunately, the call to modfacl may fail if the user passes in an
acl_type such as 'default:random'. In this case the state will appear to
succeed, but do nothing.
This fixes the state module to allow setting default ACLs on files which
have none.
* Fix regression in 2016.3 HEAD when version is specified (#33146)
Resolves#33013.
* Hash fileclients by opts (#33142)
* Hash fileclients by opts
There was an issue whereby the cache of the fileclient was being overwritten
by dueling minion instances in multimaster mode. This protects them by hashing
by the id of opts.
Closes#25040
* Silly typo!
* Remove tests which do not test any actual functionality or are too tightly coupled to the implementation
* Strip ldap fqdn (#33127)
* Add option to strip off domain names on computer names that come from LDAP/AD
* Add strip_domains option for ldap.
* Add documentation for auth.ldap.minion_stripdomains.
* [2015.5] Update to latest bootstrap script v2016.05.10 (#33155)
* [2015.8] Update to latest bootstrap script v2016.05.10 (#33156)
* [2016.3] Update to latest bootstrap script v2016.05.10 (#33157)
* add 2015.5.11 release notes (#33160)
* add 2015.8.9 release notes (#33161)
* Pip fix (#33180)
* fix pip!!
* make it work with old pip as well
* Added resiliency
* Don't need to check, just get the right name
* [2015.5] Update to latest bootstrap script v2016.05.11 (#33185)
* Hash fileclients by opts
There was an issue whereby the cache of the fileclient was being overwritten
by dueling minion instances in multimaster mode. This protects them by hashing
by the id of opts.
Closes#25040
* Silly typo!
* Remove tests which do not test any actual functionality or are too tightly coupled to the implementation
* * Improve init script: specifically manage salt configurations rather than arbitrary salt processes
Unfortunately SysV init scripts tend to rummage through PIDs filtering for
appropriate processes to manage. Unfortunately the filters are usually weak
and don't account for similar processes run by other users, PIDs of dead
processes being re-used for completely different executables, etc.. These
weaknesses can result in killing unrelated processes with potentially serious
results.
These improvements to the SysV init script is a complete rewrite with the
following improvements:
* Specifically manage individual salt configurations rather than looking for
salt minion-like processes.
* Obtain salt minion information from the salt configuration - use the
information to manage the specifically configured process.
* Drop all of the platform-specific helper functions that allow the
previously-mentioned weaknesses.
+ Unfortunately this means that the output information may not match the
specific platform (this could easily be corrected).
* Now can manage multiple salt processes started by different users
+ Unfortunately starts/stops/restarts as a group and is unable to manage
them both as a group or as individual processes (this could easily be
corrected)
The new initscript also allows various control variables to be overridden by
environment variables or through settings put in ``/etc/sysconf/salt`` or
``/etc/default/salt``.
:SALTMINION_DEBUG: Dump each line expansion before execution, output system
information on failure. Default: unset
:SALTMINION_BINDIR: Location of ``salt-minion``, ``salt-call`` and other
executables. Default: ``/usr/bin``
:SALTMINION_SYSCONFDIR: The parent directory for the ``salt`` configuration
directory and the ``sysconfig`` or ``default``
directory.
* Add lines that went missing in the rebase+squash
* Disallow negative value for fib number
Fibonacci number is supposed to be nonnegative. Add this new feature to
disallow negative value to be passed in for fib number.
* Minimize code duplication
* Use /etc/adjtime for Gentoo
* Add integration test for timezone module
* Rewrite service.get_all
* Add service.info
* Add try/except for service not found
* Simplify raise error
* Add lookup dicts for service.info
* Fix lookup dictionaries
* Add Description to service.info
* Add additional status details
* Add service.modify function
* Fix _get_service_handles function
* Fix modify function, transition others
* Modified enable, disable, enabled, and disabled
* Fix service.disable
* Add documentation
* Find mismatched case service names
* Fix some lint
* Fix unit tests
* Fix lint in win_service_test
* Skip tests that will fail when WINAPI not available
In the case where a user does not have the LANG env set,
Python can't figure out how to encode Unicode during a popen call.
I could not find any combination of tricks, including setting the encoding
or the locale or the environment variable itself in the call to popen that
would mitigate this issue. This may well be a bug in the Python stdlib itself.
* Add run_on_start docs to schedule.rst (#32958)
Fixes#22580
* Backport #33021 manually to 2015.5 (#33044)
* Saltfile with pillar tests (#33045)
* add file.managed with pillar data tests
* do not require git for other tests
* Whitespace...
* modules.mac_assistive int tests: wrap args in list
* modules.mac_assistive.install: match schema on El Capitan
* modules.mac_assistive: remove redundant LooseVersion
* modules.mac_assistive unit tests: mock __grains__
* Added servicenow execution module
* Fixed up the linting
* Fix docstrings
* Setup basic unit test runner
* Setup basic loader mock and wrapper for declaring dependent packages
* Updated unit test runner and setup my first test example
* Update the servicenow module after a bad merge commit
* Code comments for the base unit test runners
* Fix linting issues
* remove empty line endings
* modules.virtualenv_mod: use correct pip bootstrap url
* modules.pip: raise error on mirrors arg
* states.pip: run mirrors test on < 7.0.0
* update pip integration test states to not use mirrors
* modules.pip: run mirrors tests on pip < 7.0.0
* reg.py
* Start at PY3 support, however not tested against PY3
* Change to Unicode including from __future__ import unicode_literals
* If PY2 converts all parameter input unicode to local encoding i.e. Unicode to String
* If PY3 stays as Unicode as PY3 uses Windows Wide Char
* Supports non-asiic characters i.e. > 126
* All output is Unicode, before most of it was Unicode output
* Added a safty check to recursive delete to try and prevent a mistake like removing all of SOFTWARE
* Fixed all the pylint errors
* add _ prefix to internal functions
* Provided unit test see reg_win_test.py
reg_win_test.py
* All tests currently make real changes to the registry
* All changes are performed under SOFTWARE\SaltStackTest under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER
* Their is still room for more tests to be developed
* Test target the new Unicode features of reg.py e.g. Copyright, Tradmark and Register characters
* General the values set in the registy contain date/time and then checked that they are the current date/time to make sure they are not left over from old tests
* Update test unit to only run the tests on windows.
Removed some code which was commented out which is not required
* chmod 644 tests/unit/modules/reg_win_test.py
* Evaluate %h and %u before deciding if the ssh config path is absolute
Since %h is the user's home directory, it's not very useful unless it
appears at the beginning of the path. However, putting it at the
beginning of the path does not have the expected effect: %h/.ssh
will become /home/someuser/home/someuser/.ssh, since "%h/.ssh" is
identified by Python as a non-absolute path, causing the user's
home directory to be tacked on the front.
* Improved ssh_auth path expansion test
* auth.pam int test: use unhashed pw for MacOS
* shell tests: strip whitespace from shell return
Similar to 2f1c0cf.
* modules.mac_user.delete: update example for int test
integration.shell.call.CallTest.test_user_delete_kw_output expects this
exact string to be in the doc for user.delete:
```
salt '*' user.delete name remove=True force=True
```
* json encode arguments passed to an execution module function call
this fixes problems where you could pass a string to a module function,
which thanks to the yaml decoder which is used when parsing command line
arguments could change its type entirely. for example:
__salt__['test.echo')('{foo: bar}')
the test.echo function just returns the argument it's given. however,
because it's being called through a salt-call process like this:
salt-call --local test.echo {foo: bar}
salt thinks it's yaml and therefore yaml decodes it. the return value
from the test.echo call above is therefore a dict, not a string.
* Prevent crash if pygit2 package is requesting re-compilation of the e… (#32652)
* Prevent crash if pygit2 package is requesting re-compilation of the entire library on production systems (no *devel packages)
* Fix PEP8: move imports to the top of the file
* Move logger up
* Add log error message in case if exception is not an ImportError
* align OS grains from older SLES with current one (#32649)
* Fixing critical bug to remove only the specified Host instead of the entire Host cluster (#32640)
* yumpkg: Ignore epoch in version comparison for explict versions without an epoch (#32563)
* yumpkg: Ignore epoch in version comparison for explict versions without an epoch
Also properly handle comparisions for packages with multiple versions.
Resolves#32229
* Don't attempt downgrade for kernel and its subpackages
Multiple versions are supported since their paths do not conflict.
* Lower log level for pillar cache (#32655)
This shouldn't show up on salt-call runs
* Don't access deprecated Exception.message attribute. (#32556)
* Don't access deprecated Exception.message attribute.
To avoid a deprecation warning message in logs.
There is a new function salt.exceptions.get_error_message(e) instead.
* Fixed module docs test.
* Fix for issue 32523 (#32672)
* Fix routes for redhat < 6
* Handle a couple of arguments better (Azure) (#32683)
* backporting a fix from develop where the use of splay would result in seconds=0 in the schedule.list when there was no seconds specified in the origina schedule
* Handle when beacon not configured and we try to enable/disable them (#32692)
* Handle the situation when the beacon is not configured and we try to disable it
* a couple more missing returns in the enable & disable
* Check dependencies type before appling str operations (#32693)
* Update external auth documentation to list supported matcher. (#32733)
Thanks to #31598, all matchers are supported for eauth configuration.
But we still have no way to use compound matchers in eauth configuration.
Update the documentation to explicitly express this limitation.
* modules.win_dacl: consistent case of dacl constants (#32720)
* Document pillar cache options (#32643)
* Add note about Pillar data cache requirement for Pillar targeting method
* Add `saltutil.refresh_pillar` function to the scheduled Minion jobs
* Minor fixes in docs
* Add note about relations between `pillar_cache` option and Pillar Targeting
to Master config comments with small reformatting
* Document Pillar Cache Options for Salt Master
* Document Minions Targeting with Mine
* Remove `saltutil.refresh_pillar` scheduled persistent job
* Properly handle minion failback failure. (#32749)
* Properly handle minion failback failure.
Initiate minion restart if all masters down on __master_disconnect like
minion does on the initial master connect on start.
* Fixed unit test
* Improve documentation on pygit2 versions (#32779)
This adds an explanation of the python-cffi dep added in pygit2 0.21.0,
and recommends 0.20.3 for LTS distros. It also links to the salt-pack
issue which tracks the progress of adding pygit2 to our Debian and
Ubuntu repositories.
* Pylint fix
Aadded --dry-run option which is also used for test mode
taking adventage of this option in rsync.
Update state documentation to follow Salt standards
Finally synchronized was not working, See #32478. Changes cmd.run to cmd.run_all make this works.
Tests updated
