mirror of
https://github.com/valitydev/salt.git
synced 2024-11-07 17:09:03 +00:00
dadf4b851c
Move minion event signing to a saner place. Enable dropping messages when signature does not verify or when minion is not adding the signature to its payloads.
27 lines
1.3 KiB
ReStructuredText
27 lines
1.3 KiB
ReStructuredText
===========================
|
|
Salt 2016.3.7 Release Notes
|
|
===========================
|
|
|
|
Version 2016.3.7 is a bugfix release for :ref:`2016.3.0 <release-2016-3-0>`.
|
|
|
|
New master configuration option `allow_minion_key_revoke`, defaults to True. This option
|
|
controls whether a minion can request that the master revoke its key. When True, a minion
|
|
can request a key revocation and the master will comply. If it is False, the key will not
|
|
be revoked by the msater.
|
|
|
|
New master configuration option `require_minion_sign_messages`
|
|
This requires that minions cryptographically sign the messages they
|
|
publish to the master. If minions are not signing, then log this information
|
|
at loglevel 'INFO' and drop the message without acting on it.
|
|
|
|
New master configuration option `drop_messages_signature_fail`
|
|
Drop messages from minions when their signatures do not validate.
|
|
Note that when this option is False but `require_minion_sign_messages` is True
|
|
minions MUST sign their messages but the validity of their signatures
|
|
is ignored.
|
|
|
|
New minion configuration option `minion_sign_messages`
|
|
Causes the minion to cryptographically sign the payload of messages it places
|
|
on the event bus for the master. The payloads are signed with the minion's
|
|
private key so the master can verify the signature with its public key.
|