This sorting was done mainly for the benefit of the test suite, but
Python 3 will raise an error when you try to sort a mixture of int and
tuple types, so sorting breaks down when there are UDP ports.
Instead, this just leaves them as an unsorted list when passed to the
API, and the test suite does the sorting before the assertEqual.
The logic which ensures that we expose ports which are being bound,
even when not explicitly configured, was done incorrectly. UDP ports
were being passed to the API as '1234/udp' instead of (1234, 'udp').
This results in the port not being exposed properly.
The logic has been corrected. Additionally both the "ports" input
translation function, as well as the post-processing code (where the
port numbers configured in port_bindings were being added) both
contained code to "fix" any ports which were configured using
'portnum/tcp', as these must be passed to the API simply as integers. To
reduce code duplication, this normalization is now only performed at the
very end of the post-processing function, after ports have been
translated, and any missing ports from the port_bindings have been
added.
The unit test for the port_bindings input translation code, which was
written based upon the same incorrect reading of the API docs that
resulted in the incorrect behavior, have been updated to confirm the
(now) correct behavior. The unit test for the ports input translation
code has been updated to reflect the new normalization behavior.
Finally, an integration test has been added to ensure that we properly
expose UDP ports which are added as part of the post-processing
function.
This reverts commit 20bf4eed1d.
This change breaks publisher_acls.
1) The key_dir's permissions are controlled by `permissive_pki_access` which is
not required by publisher_acls. By default, it is also changed back to 700
each time that the salt-master restarts, so it will have to be chmodded each
time.
2) The default directory for these keys is changed, which will break a lot of
users publisher_acls setups on an upgrade to Oxygen, and require them to go
back in to chmod new directories.
I was going through and switching out the key dir to default back to
/var/cache/salt/master, and allow it to be changed, and also be able to specify
that it is a sensitive dir, but once I ran across the `permissive_pki_access`
stuff, I thought it was better to just revert this change and try again against
Fluorine, since we do not have a lot of tests in this area around publisher_acl.
