osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:308

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=156
2019-11-28 15:41:55 +00:00
parent deb04ab4ba
commit 51d9b78cf8
105 changed files with 876 additions and 1743 deletions
--- a/x509-fixes-111.patch
+++ b/x509-fixes-111.patch
@@ -1,4 +1,4 @@
-From c5adc0c126e593d12c9b18bcf60f96336c75e4a8 Mon Sep 17 00:00:00 2001
+From 5e2b8d7ad2c98b0ab95e96a7f2df40715af11f3d Mon Sep 17 00:00:00 2001
 From: Florian Bergmann <bergmannf@users.noreply.github.com>
 Date: Fri, 14 Sep 2018 10:30:39 +0200
 Subject: [PATCH] X509 fixes (#111)
@@ -34,8 +34,8 @@ PEP8: line too long
 * Fix unit tests
 ---
 salt/modules/publish.py |   8 +--
- salt/modules/x509.py    | 132 ++++++++++++++++------------------------
- salt/states/x509.py     |  22 ++++---
+ salt/modules/x509.py    | 132 +++++++++++++++++++-----------------------------
+ salt/states/x509.py     |  22 +++++---
 3 files changed, 69 insertions(+), 93 deletions(-)

 diff --git a/salt/modules/publish.py b/salt/modules/publish.py
@@ -65,10 +65,10 @@ index 62e3e98f2f..fda848d1ec 100644
 def publish(tgt,
             fun,
 diff --git a/salt/modules/x509.py b/salt/modules/x509.py
-index 8689bfad35..4126f34960 100644
+index 92e39a6b88..52c8024b2f 100644
 --- a/salt/modules/x509.py
 +++ b/salt/modules/x509.py
-@@ -38,14 +38,13 @@ from salt.state import STATE_INTERNAL_KEYWORDS as _STATE_INTERNAL_KEYWORDS
+@@ -39,14 +39,13 @@ from salt.state import STATE_INTERNAL_KEYWORDS as _STATE_INTERNAL_KEYWORDS
 # Import 3rd Party Libs
 try:
     import M2Crypto
@@ -86,7 +86,7 @@ index 8689bfad35..4126f34960 100644
 
 __virtualname__ = 'x509'
 
-@@ -83,10 +82,7 @@ def __virtual__():
+@@ -84,10 +83,7 @@ def __virtual__():
     '''
     only load this module if m2crypto is available
     '''
@@ -98,7 +98,7 @@ index 8689bfad35..4126f34960 100644
 
 
 class _Ctx(ctypes.Structure):
-@@ -129,10 +125,8 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
+@@ -130,10 +126,8 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
     doesn't support getting the publickeyidentifier from the issuer
     to create the authoritykeyidentifier extension.
     '''
@@ -111,7 +111,7 @@ index 8689bfad35..4126f34960 100644
 
     # ensure name and value are bytes
     name = salt.utils.stringutils.to_str(name)
-@@ -147,7 +141,7 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
+@@ -148,7 +142,7 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
         x509_ext_ptr = M2Crypto.m2.x509v3_ext_conf(None, ctx, name, value)
         lhash = None
     except AttributeError:
@@ -120,7 +120,7 @@ index 8689bfad35..4126f34960 100644
         ctx = M2Crypto.m2.x509v3_set_conf_lhash(
             lhash)          # pylint: disable=no-member
         # ctx not zeroed
-@@ -198,10 +192,8 @@ def _get_csr_extensions(csr):
+@@ -199,10 +193,8 @@ def _get_csr_extensions(csr):
     csrtempfile.flush()
     csryaml = _parse_openssl_req(csrtempfile.name)
     csrtempfile.close()
@@ -133,7 +133,7 @@ index 8689bfad35..4126f34960 100644
 
         if not csrexts:
             return ret
-@@ -296,7 +288,7 @@ def _get_signing_policy(name):
+@@ -297,7 +289,7 @@ def _get_signing_policy(name):
         signing_policy = policies.get(name)
         if signing_policy:
             return signing_policy
@@ -142,7 +142,7 @@ index 8689bfad35..4126f34960 100644
 
 
 def _pretty_hex(hex_str):
-@@ -335,9 +327,11 @@ def _text_or_file(input_):
+@@ -336,9 +328,11 @@ def _text_or_file(input_):
     '''
     if _isfile(input_):
         with salt.utils.files.fopen(input_) as fp_:
@@ -156,7 +156,7 @@ index 8689bfad35..4126f34960 100644
 
 
 def _parse_subject(subject):
-@@ -355,7 +349,7 @@ def _parse_subject(subject):
+@@ -356,7 +350,7 @@ def _parse_subject(subject):
                 ret[nid_name] = val
                 nids.append(nid_num)
         except TypeError as err:
@@ -202,7 +202,7 @@ index 8689bfad35..4126f34960 100644
     return ret
 
 
-@@ -943,7 +935,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
+@@ -944,7 +936,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
     # pyOpenSSL Note due to current limitations in pyOpenSSL it is impossible
     # to specify a digest For signing the CRL. This will hopefully be fixed
     # soon: https://github.com/pyca/pyopenssl/pull/161
@@ -211,7 +211,7 @@ index 8689bfad35..4126f34960 100644
         raise salt.exceptions.SaltInvocationError(
             'Could not load OpenSSL module, OpenSSL unavailable'
         )
-@@ -969,8 +961,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
+@@ -970,8 +962,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
                 continue
 
         if 'revocation_date' not in rev_item:
@@ -221,7 +221,7 @@ index 8689bfad35..4126f34960 100644
 
         rev_date = datetime.datetime.strptime(
             rev_item['revocation_date'], '%Y-%m-%d %H:%M:%S')
-@@ -1011,8 +1002,9 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
+@@ -1013,8 +1004,9 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
     try:
         crltext = crl.export(**export_kwargs)
     except (TypeError, ValueError):
@@ -233,7 +233,7 @@ index 8689bfad35..4126f34960 100644
         export_kwargs.pop('digest', None)
         crltext = crl.export(**export_kwargs)
 
-@@ -1050,8 +1042,7 @@ def sign_remote_certificate(argdic, **kwargs):
+@@ -1052,8 +1044,7 @@ def sign_remote_certificate(argdic, **kwargs):
     if 'signing_policy' in argdic:
         signing_policy = _get_signing_policy(argdic['signing_policy'])
         if not signing_policy:
@@ -243,7 +243,7 @@ index 8689bfad35..4126f34960 100644
 
         if isinstance(signing_policy, list):
             dict_ = {}
-@@ -1091,6 +1082,7 @@ def get_signing_policy(signing_policy_name):
+@@ -1093,6 +1084,7 @@ def get_signing_policy(signing_policy_name):
     signing_policy = _get_signing_policy(signing_policy_name)
     if not signing_policy:
         return 'Signing policy {0} does not exist.'.format(signing_policy_name)
@@ -251,7 +251,7 @@ index 8689bfad35..4126f34960 100644
     if isinstance(signing_policy, list):
         dict_ = {}
         for item in signing_policy:
-@@ -1103,10 +1095,9 @@ def get_signing_policy(signing_policy_name):
+@@ -1105,10 +1097,9 @@ def get_signing_policy(signing_policy_name):
         pass
 
     try:
@@ -264,7 +264,7 @@ index 8689bfad35..4126f34960 100644
 
     return signing_policy
 
-@@ -1356,8 +1347,7 @@ def create_certificate(
+@@ -1358,8 +1349,7 @@ def create_certificate(
         salt '*' x509.create_certificate path=/etc/pki/myca.crt signing_private_key='/etc/pki/myca.key' csr='/etc/pki/myca.csr'}
     '''
 
@@ -274,7 +274,7 @@ index 8689bfad35..4126f34960 100644
         raise salt.exceptions.SaltInvocationError(
             'Either path or text must be specified.')
     if path and text:
-@@ -1386,8 +1376,7 @@ def create_certificate(
+@@ -1388,8 +1378,7 @@ def create_certificate(
         # Including listen_in and preqreuired because they are not included
         # in STATE_INTERNAL_KEYWORDS
         # for salt 2014.7.2
@@ -282,9 +282,9 @@ index 8689bfad35..4126f34960 100644
 -                ['listen_in', 'preqrequired', '__prerequired__']:
 +        for ignore in list(_STATE_INTERNAL_KEYWORDS) + ['listen_in', 'preqrequired', '__prerequired__']:
             kwargs.pop(ignore, None)
- 
+         # TODO: Make timeout configurable in Neon
         certs = __salt__['publish.publish'](
-@@ -1500,8 +1489,7 @@ def create_certificate(
+@@ -1504,8 +1493,7 @@ def create_certificate(
             continue
 
         # Use explicitly set values first, fall back to CSR values.
@@ -294,7 +294,7 @@ index 8689bfad35..4126f34960 100644
 
         critical = False
         if extval.startswith('critical '):
-@@ -1623,8 +1611,8 @@ def create_csr(path=None, text=False, **kwargs):
+@@ -1627,8 +1615,8 @@ def create_csr(path=None, text=False, **kwargs):
 
     if 'private_key' not in kwargs and 'public_key' in kwargs:
         kwargs['private_key'] = kwargs['public_key']
@@ -305,7 +305,7 @@ index 8689bfad35..4126f34960 100644
 
     if 'private_key' not in kwargs:
         raise salt.exceptions.SaltInvocationError('private_key is required')
-@@ -1636,11 +1624,9 @@ def create_csr(path=None, text=False, **kwargs):
+@@ -1640,11 +1628,9 @@ def create_csr(path=None, text=False, **kwargs):
         kwargs['private_key_passphrase'] = None
     if 'public_key_passphrase' not in kwargs:
         kwargs['public_key_passphrase'] = None
@@ -319,7 +319,7 @@ index 8689bfad35..4126f34960 100644
         kwargs['public_key_passphrase'] = kwargs['private_key_passphrase']
 
     csr.set_pubkey(get_public_key(kwargs['public_key'],
-@@ -1684,18 +1670,10 @@ def create_csr(path=None, text=False, **kwargs):
+@@ -1688,18 +1674,10 @@ def create_csr(path=None, text=False, **kwargs):
         extstack.push(ext)
 
     csr.add_extensions(extstack)
@@ -339,7 +339,7 @@ index 8689bfad35..4126f34960 100644
 
 
 def verify_private_key(private_key, public_key, passphrase=None):
-@@ -1720,8 +1698,7 @@ def verify_private_key(private_key, public_key, passphrase=None):
+@@ -1724,8 +1702,7 @@ def verify_private_key(private_key, public_key, passphrase=None):
         salt '*' x509.verify_private_key private_key=/etc/pki/myca.key \\
                 public_key=/etc/pki/myca.crt
     '''
@@ -349,7 +349,7 @@ index 8689bfad35..4126f34960 100644
 
 
 def verify_signature(certificate, signing_pub_key=None,
-@@ -1775,9 +1752,8 @@ def verify_crl(crl, cert):
+@@ -1779,9 +1756,8 @@ def verify_crl(crl, cert):
         salt '*' x509.verify_crl crl=/etc/pki/myca.crl cert=/etc/pki/myca.crt
     '''
     if not salt.utils.path.which('openssl'):
@@ -361,7 +361,7 @@ index 8689bfad35..4126f34960 100644
     crltext = _text_or_file(crl)
     crltext = get_pem_entry(crltext, pem_type='X509 CRL')
     crltempfile = tempfile.NamedTemporaryFile()
-@@ -1798,10 +1774,7 @@ def verify_crl(crl, cert):
+@@ -1802,10 +1778,7 @@ def verify_crl(crl, cert):
     crltempfile.close()
     certtempfile.close()
 
@@ -373,7 +373,7 @@ index 8689bfad35..4126f34960 100644
 
 
 def expired(certificate):
-@@ -1838,8 +1811,9 @@ def expired(certificate):
+@@ -1842,8 +1815,9 @@ def expired(certificate):
                 ret['expired'] = True
             else:
                 ret['expired'] = False
@@ -385,7 +385,7 @@ index 8689bfad35..4126f34960 100644
 
     return ret
 
-@@ -1862,6 +1836,7 @@ def will_expire(certificate, days):
+@@ -1866,6 +1840,7 @@ def will_expire(certificate, days):
 
         salt '*' x509.will_expire "/etc/pki/mycert.crt" days=30
     '''
@@ -393,7 +393,7 @@ index 8689bfad35..4126f34960 100644
     ret = {}
 
     if os.path.isfile(certificate):
-@@ -1871,18 +1846,13 @@ def will_expire(certificate, days):
+@@ -1875,18 +1850,13 @@ def will_expire(certificate, days):
 
             cert = _get_certificate_obj(certificate)
 
@@ -418,7 +418,7 @@ index 8689bfad35..4126f34960 100644
 
     return ret
 diff --git a/salt/states/x509.py b/salt/states/x509.py
-index 209cbc6738..8c79c6d034 100644
+index d44f85db17..c83d0d6047 100644
 --- a/salt/states/x509.py
 +++ b/salt/states/x509.py
@@ -163,6 +163,7 @@ import copy
@@ -492,6 +492,6 @@ index 209cbc6738..8c79c6d034 100644
 
     return __states__['file.managed'](**file_args)
 -- 
-2.17.1
+2.16.4