pool/salt
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:257

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=132
This commit is contained in:
Jochen Breuer
2019-04-12 09:57:21 +00:00
committed by Git OBS Bridge
parent ff3dbe1ea9
commit fc16e6ca2c
72 changed files with 4400 additions and 9293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
x509-fixes-111.patch
View File

@@ -1,4 +1,4 @@
From 053d97afcc7486f7300e339bc56cb3c850cc523b Mon Sep 17 00:00:00 2001
From c5adc0c126e593d12c9b18bcf60f96336c75e4a8 Mon Sep 17 00:00:00 2001
From: Florian Bergmann <bergmannf@users.noreply.github.com>
Date: Fri, 14 Sep 2018 10:30:39 +0200
Subject: [PATCH] X509 fixes (#111)
@@ -33,17 +33,16 @@ PEP8: line too long
* Fix unit tests
---
salt/modules/publish.py | 8 +-
salt/modules/x509.py | 132 ++++++++++++--------------------
salt/states/x509.py | 22 ++++--
tests/unit/modules/test_x509.py | 9 ++-
4 files changed, 74 insertions(+), 97 deletions(-)
salt/modules/publish.py | 8 +--
salt/modules/x509.py | 132 ++++++++++++++++------------------------
salt/states/x509.py | 22 ++++---
3 files changed, 69 insertions(+), 93 deletions(-)
diff --git a/salt/modules/publish.py b/salt/modules/publish.py
index 2de99583f4..ac31b4b65f 100644
index 62e3e98f2f..fda848d1ec 100644
--- a/salt/modules/publish.py
+++ b/salt/modules/publish.py
@@ -83,10 +83,8 @@ def _publish(
@@ -82,10 +82,8 @@ def _publish(
in minion configuration but `via_master` was specified.')
else:
# Find the master in the list of master_uris generated by the minion base class
@@ -56,9 +55,9 @@ index 2de99583f4..ac31b4b65f 100644
if not matching_master_uris:
raise SaltInvocationError('Could not find match for {0} in \
@@ -176,6 +174,8 @@ def _publish(
else:
return ret
@@ -178,6 +176,8 @@ def _publish(
finally:
channel.close()
+ return {}
+
@@ -66,10 +65,10 @@ index 2de99583f4..ac31b4b65f 100644
def publish(tgt,
fun,
diff --git a/salt/modules/x509.py b/salt/modules/x509.py
index 9901bc5bd9..45afcccd99 100644
index 8689bfad35..4126f34960 100644
--- a/salt/modules/x509.py
+++ b/salt/modules/x509.py
@@ -36,14 +36,13 @@ from salt.state import STATE_INTERNAL_KEYWORDS as _STATE_INTERNAL_KEYWORDS
@@ -38,14 +38,13 @@ from salt.state import STATE_INTERNAL_KEYWORDS as _STATE_INTERNAL_KEYWORDS
# Import 3rd Party Libs
try:
import M2Crypto
@@ -87,7 +86,7 @@ index 9901bc5bd9..45afcccd99 100644
__virtualname__ = 'x509'
@@ -81,10 +80,7 @@ def __virtual__():
@@ -83,10 +82,7 @@ def __virtual__():
'''
only load this module if m2crypto is available
'''
@@ -99,7 +98,7 @@ index 9901bc5bd9..45afcccd99 100644
class _Ctx(ctypes.Structure):
@@ -127,10 +123,8 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
@@ -129,10 +125,8 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
doesn't support getting the publickeyidentifier from the issuer
to create the authoritykeyidentifier extension.
'''
@@ -112,7 +111,7 @@ index 9901bc5bd9..45afcccd99 100644
# ensure name and value are bytes
name = salt.utils.stringutils.to_str(name)
@@ -145,7 +139,7 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
@@ -147,7 +141,7 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
x509_ext_ptr = M2Crypto.m2.x509v3_ext_conf(None, ctx, name, value)
lhash = None
except AttributeError:
@@ -121,7 +120,7 @@ index 9901bc5bd9..45afcccd99 100644
ctx = M2Crypto.m2.x509v3_set_conf_lhash(
lhash) # pylint: disable=no-member
# ctx not zeroed
@@ -196,10 +190,8 @@ def _get_csr_extensions(csr):
@@ -198,10 +192,8 @@ def _get_csr_extensions(csr):
csrtempfile.flush()
csryaml = _parse_openssl_req(csrtempfile.name)
csrtempfile.close()
@@ -134,7 +133,7 @@ index 9901bc5bd9..45afcccd99 100644
if not csrexts:
return ret
@@ -294,7 +286,7 @@ def _get_signing_policy(name):
@@ -296,7 +288,7 @@ def _get_signing_policy(name):
signing_policy = policies.get(name)
if signing_policy:
return signing_policy
@@ -143,9 +142,9 @@ index 9901bc5bd9..45afcccd99 100644
def _pretty_hex(hex_str):
@@ -321,9 +313,11 @@ def _text_or_file(input_):
@@ -335,9 +327,11 @@ def _text_or_file(input_):
'''
if os.path.isfile(input_):
if _isfile(input_):
with salt.utils.files.fopen(input_) as fp_:
- return salt.utils.stringutils.to_str(fp_.read())
+ out = salt.utils.stringutils.to_str(fp_.read())
@@ -157,7 +156,7 @@ index 9901bc5bd9..45afcccd99 100644
def _parse_subject(subject):
@@ -341,7 +335,7 @@ def _parse_subject(subject):
@@ -355,7 +349,7 @@ def _parse_subject(subject):
ret[nid_name] = val
nids.append(nid_num)
except TypeError as err:
@@ -166,7 +165,7 @@ index 9901bc5bd9..45afcccd99 100644
return ret
@@ -520,8 +514,8 @@ def get_pem_entries(glob_path):
@@ -533,8 +527,8 @@ def get_pem_entries(glob_path):
if os.path.isfile(path):
try:
ret[path] = get_pem_entry(text=path)
@@ -177,7 +176,7 @@ index 9901bc5bd9..45afcccd99 100644
return ret
@@ -599,8 +593,8 @@ def read_certificates(glob_path):
@@ -612,8 +606,8 @@ def read_certificates(glob_path):
if os.path.isfile(path):
try:
ret[path] = read_certificate(certificate=path)
@@ -188,7 +187,7 @@ index 9901bc5bd9..45afcccd99 100644
return ret
@@ -629,12 +623,10 @@ def read_csr(csr):
@@ -642,12 +636,10 @@ def read_csr(csr):
# Get size returns in bytes. The world thinks of key sizes in bits.
'Subject': _parse_subject(csr.get_subject()),
'Subject Hash': _dec2hex(csr.get_subject().as_hash()),
@@ -203,7 +202,7 @@ index 9901bc5bd9..45afcccd99 100644
return ret
@@ -937,7 +929,7 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
@@ -943,7 +935,7 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
# pyOpenSSL Note due to current limitations in pyOpenSSL it is impossible
# to specify a digest For signing the CRL. This will hopefully be fixed
# soon: https://github.com/pyca/pyopenssl/pull/161
@@ -212,7 +211,7 @@ index 9901bc5bd9..45afcccd99 100644
raise salt.exceptions.SaltInvocationError(
'Could not load OpenSSL module, OpenSSL unavailable'
)
@@ -962,8 +954,7 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
@@ -969,8 +961,7 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
continue
if 'revocation_date' not in rev_item:
@@ -222,7 +221,7 @@ index 9901bc5bd9..45afcccd99 100644
rev_date = datetime.datetime.strptime(
rev_item['revocation_date'], '%Y-%m-%d %H:%M:%S')
@@ -1002,8 +993,9 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
@@ -1011,8 +1002,9 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
try:
crltext = crl.export(**export_kwargs)
except (TypeError, ValueError):
@@ -234,7 +233,7 @@ index 9901bc5bd9..45afcccd99 100644
export_kwargs.pop('digest', None)
crltext = crl.export(**export_kwargs)
@@ -1042,8 +1034,7 @@ def sign_remote_certificate(argdic, **kwargs):
@@ -1050,8 +1042,7 @@ def sign_remote_certificate(argdic, **kwargs):
if 'signing_policy' in argdic:
signing_policy = _get_signing_policy(argdic['signing_policy'])
if not signing_policy:
@@ -244,7 +243,7 @@ index 9901bc5bd9..45afcccd99 100644
if isinstance(signing_policy, list):
dict_ = {}
@@ -1080,6 +1071,7 @@ def get_signing_policy(signing_policy_name):
@@ -1091,6 +1082,7 @@ def get_signing_policy(signing_policy_name):
signing_policy = _get_signing_policy(signing_policy_name)
if not signing_policy:
return 'Signing policy {0} does not exist.'.format(signing_policy_name)
@@ -252,7 +251,7 @@ index 9901bc5bd9..45afcccd99 100644
if isinstance(signing_policy, list):
dict_ = {}
for item in signing_policy:
@@ -1092,10 +1084,9 @@ def get_signing_policy(signing_policy_name):
@@ -1103,10 +1095,9 @@ def get_signing_policy(signing_policy_name):
pass
try:
@@ -265,8 +264,8 @@ index 9901bc5bd9..45afcccd99 100644
return signing_policy
@@ -1346,8 +1337,7 @@ def create_certificate(
signing_private_key='/etc/pki/myca.key' csr='/etc/pki/myca.csr'}
@@ -1356,8 +1347,7 @@ def create_certificate(
salt '*' x509.create_certificate path=/etc/pki/myca.crt signing_private_key='/etc/pki/myca.key' csr='/etc/pki/myca.csr'}
'''
- if not path and not text and \
@@ -275,7 +274,7 @@ index 9901bc5bd9..45afcccd99 100644
raise salt.exceptions.SaltInvocationError(
'Either path or text must be specified.')
if path and text:
@@ -1376,8 +1366,7 @@ def create_certificate(
@@ -1386,8 +1376,7 @@ def create_certificate(
# Including listen_in and preqreuired because they are not included
# in STATE_INTERNAL_KEYWORDS
# for salt 2014.7.2
@@ -285,7 +284,7 @@ index 9901bc5bd9..45afcccd99 100644
kwargs.pop(ignore, None)
certs = __salt__['publish.publish'](
@@ -1484,8 +1473,7 @@ def create_certificate(
@@ -1500,8 +1489,7 @@ def create_certificate(
continue
# Use explicitly set values first, fall back to CSR values.
@@ -295,7 +294,7 @@ index 9901bc5bd9..45afcccd99 100644
critical = False
if extval.startswith('critical '):
@@ -1608,8 +1596,8 @@ def create_csr(path=None, text=False, **kwargs):
@@ -1623,8 +1611,8 @@ def create_csr(path=None, text=False, **kwargs):
if 'private_key' not in kwargs and 'public_key' in kwargs:
kwargs['private_key'] = kwargs['public_key']
@@ -306,7 +305,7 @@ index 9901bc5bd9..45afcccd99 100644
if 'private_key' not in kwargs:
raise salt.exceptions.SaltInvocationError('private_key is required')
@@ -1621,11 +1609,9 @@ def create_csr(path=None, text=False, **kwargs):
@@ -1636,11 +1624,9 @@ def create_csr(path=None, text=False, **kwargs):
kwargs['private_key_passphrase'] = None
if 'public_key_passphrase' not in kwargs:
kwargs['public_key_passphrase'] = None
@@ -320,7 +319,7 @@ index 9901bc5bd9..45afcccd99 100644
kwargs['public_key_passphrase'] = kwargs['private_key_passphrase']
csr.set_pubkey(get_public_key(kwargs['public_key'],
@@ -1669,18 +1655,10 @@ def create_csr(path=None, text=False, **kwargs):
@@ -1684,18 +1670,10 @@ def create_csr(path=None, text=False, **kwargs):
extstack.push(ext)
csr.add_extensions(extstack)
@@ -340,7 +339,7 @@ index 9901bc5bd9..45afcccd99 100644
def verify_private_key(private_key, public_key, passphrase=None):
@@ -1705,8 +1683,7 @@ def verify_private_key(private_key, public_key, passphrase=None):
@@ -1720,8 +1698,7 @@ def verify_private_key(private_key, public_key, passphrase=None):
salt '*' x509.verify_private_key private_key=/etc/pki/myca.key \\
public_key=/etc/pki/myca.crt
'''
@@ -350,7 +349,7 @@ index 9901bc5bd9..45afcccd99 100644
def verify_signature(certificate, signing_pub_key=None,
@@ -1760,9 +1737,8 @@ def verify_crl(crl, cert):
@@ -1775,9 +1752,8 @@ def verify_crl(crl, cert):
salt '*' x509.verify_crl crl=/etc/pki/myca.crl cert=/etc/pki/myca.crt
'''
if not salt.utils.path.which('openssl'):
@@ -362,7 +361,7 @@ index 9901bc5bd9..45afcccd99 100644
crltext = _text_or_file(crl)
crltext = get_pem_entry(crltext, pem_type='X509 CRL')
crltempfile = tempfile.NamedTemporaryFile()
@@ -1783,10 +1759,7 @@ def verify_crl(crl, cert):
@@ -1798,10 +1774,7 @@ def verify_crl(crl, cert):
crltempfile.close()
certtempfile.close()
@@ -374,7 +373,7 @@ index 9901bc5bd9..45afcccd99 100644
def expired(certificate):
@@ -1823,8 +1796,9 @@ def expired(certificate):
@@ -1838,8 +1811,9 @@ def expired(certificate):
ret['expired'] = True
else:
ret['expired'] = False
@@ -386,7 +385,7 @@ index 9901bc5bd9..45afcccd99 100644
return ret
@@ -1847,6 +1821,7 @@ def will_expire(certificate, days):
@@ -1862,6 +1836,7 @@ def will_expire(certificate, days):
salt '*' x509.will_expire "/etc/pki/mycert.crt" days=30
'''
@@ -394,7 +393,7 @@ index 9901bc5bd9..45afcccd99 100644
ret = {}
if os.path.isfile(certificate):
@@ -1856,18 +1831,13 @@ def will_expire(certificate, days):
@@ -1871,18 +1846,13 @@ def will_expire(certificate, days):
cert = _get_certificate_obj(certificate)
@@ -419,7 +418,7 @@ index 9901bc5bd9..45afcccd99 100644
return ret
diff --git a/salt/states/x509.py b/salt/states/x509.py
index 7bb941f393..3ba4f79c79 100644
index 209cbc6738..8c79c6d034 100644
--- a/salt/states/x509.py
+++ b/salt/states/x509.py
@@ -163,6 +163,7 @@ import copy
@@ -458,7 +457,7 @@ index 7bb941f393..3ba4f79c79 100644
overwrite:
Overwrite an existing private key if the provided passphrase cannot decrypt it.
@@ -453,8 +455,10 @@ def certificate_managed(name,
@@ -459,8 +461,10 @@ def certificate_managed(name,
private_key_args['name'], pem_type='RSA PRIVATE KEY')
else:
new_private_key = True
@@ -471,7 +470,7 @@ index 7bb941f393..3ba4f79c79 100644
kwargs['public_key'] = private_key
@@ -664,8 +668,10 @@ def crl_managed(name,
@@ -671,8 +675,10 @@ def crl_managed(name,
else:
current = '{0} does not exist.'.format(name)
@@ -484,35 +483,15 @@ index 7bb941f393..3ba4f79c79 100644
new = __salt__['x509.read_crl'](crl=new_crl)
new_comp = new.copy()
@@ -707,6 +713,6 @@ def pem_managed(name,
Any arguments supported by :state:`file.managed <salt.states.file.managed>` are supported.
@@ -714,6 +720,6 @@ def pem_managed(name,
Any arguments supported by :py:func:`file.managed <salt.states.file.managed>` are supported.
'''
file_args, kwargs = _get_file_args(name, **kwargs)
- file_args['contents'] = __salt__['x509.get_pem_entry'](text=text)
+ file_args['contents'] = salt.utils.stringutils.to_str(__salt__['x509.get_pem_entry'](text=text))
return __states__['file.managed'](**file_args)
diff --git a/tests/unit/modules/test_x509.py b/tests/unit/modules/test_x509.py
index c300a56d64..7e00c97140 100644
--- a/tests/unit/modules/test_x509.py
+++ b/tests/unit/modules/test_x509.py
@@ -67,10 +67,11 @@ class X509TestCase(TestCase, LoaderModuleMockMixin):
subj = FakeSubject()
x509._parse_subject(subj)
- x509.log.trace.assert_called_once()
- assert x509.log.trace.call_args[0][0] == "Missing attribute '%s'. Error: %s"
- assert x509.log.trace.call_args[0][1] == list(subj.nid.keys())[0]
- assert isinstance(x509.log.trace.call_args[0][2], TypeError)
+ x509.log.debug.assert_called_once()
+
+ assert x509.log.debug.call_args[0][0] == "Missing attribute '%s'. Error: %s"
+ assert x509.log.debug.call_args[0][1] == list(subj.nid.keys())[0]
+ assert isinstance(x509.log.debug.call_args[0][2], TypeError)
@skipIf(not HAS_M2CRYPTO, 'Skipping, M2Crypt is unavailble')
def test_get_pem_entry(self):
--
2.19.0
2.17.1