fix: revert to using is mapping in Jinja2

* CVE-2021-25283 enables Jinja2 safe mode, which breaks use of `'dict' in x.__class__.__name__` workaround * Workaround no longer needed as CentOS 6 is EOL
saltstack-formulas · Mar 2, 2021 · a89fb3f · a89fb3f
1 parent 6dbba14
commit a89fb3f
Show file tree

Hide file tree

Showing 52 changed files with 349 additions and 12 deletions.
diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf
@@ -1202,8 +1202,7 @@ ext_pillar:
   {%- for key in pillar -%}
     {%- if pillar[key] is string %}
   - {{ key }}: {{ pillar[key] }}
-    {#- Workaround for missing `is mapping` on CentOS 6, see #193: #}
-    {%- elif pillar[key] is iterable and 'dict' not in pillar[key].__class__.__name__ %}
+    {%- elif pillar[key] is iterable and pillar[key] is not mapping %}
   - {{ key }}:
       {%- for parameter in pillar[key] %}
         {%- if parameter is iterable and parameter is not string %}
@@ -1219,8 +1218,7 @@ ext_pillar:
     - {{ parameter }}
         {%- endif %}
       {%- endfor -%}
-    {#- Workaround for missing `is mapping` on CentOS 6, see #193: #}
-    {%- elif 'dict' in pillar[key].__class__.__name__ and pillar[key] is not string %}
+    {%- elif pillar[key] is mapping and pillar[key] is not string %}
   - {{ key }}: 
       {%- for parameter in pillar[key] %}
       {{ parameter }}: {{pillar[key][parameter]}}

diff --git a/salt/files/master.d/lxc_profiles.conf b/salt/files/master.d/lxc_profiles.conf
@@ -12,8 +12,7 @@ lxc.container_profile:
 {%- for prof in cfg_prof %}
   {{ prof }}:
 {%- for conf in cfg_prof[prof] %}
-{#- Workaround for missing `is mapping` on CentOS 6, see #193 #}
-{%-   if 'dict' in cfg_prof[prof][conf].__class__.__name__ %}
+{%-   if cfg_prof[prof][conf] is mapping %}
     {{ conf }}:
 {%-      for opt in cfg_prof[prof][conf] %}
       {{ opt }}: {{ cfg_prof[prof][conf][opt] }}
@@ -30,8 +29,7 @@ lxc.network_profile:
 {%- for prof in cfg_net %}
   {{ prof }}:
 {%- for conf in cfg_net[prof] -%}
-{#- Workaround for missing `is mapping` on CentOS 6, see #193 #}
-{%-  if 'dict' in cfg_net[prof][conf].__class__.__name__ %}
+{%-   if cfg_prof[prof][conf] is mapping %}
     {{ conf }}:
 {%-      for opt in cfg_net[prof][conf] %}
       {{ opt }}: {{ cfg_net[prof][conf][opt] }}

diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf
@@ -838,8 +838,7 @@ ext_pillar:
   {%- for key in pillar -%}
     {%- if pillar[key] is string %}
   - {{ key }}: {{ pillar[key] }}
-    {#- Workaround for missing `is mapping` on CentOS 6, see #193: #}
-    {%- elif pillar[key] is iterable and 'dict' not in pillar[key].__class__.__name__ %}
+    {%- elif pillar[key] is iterable and pillar[key] is not mapping %}
   - {{ key }}:
       {%- for parameter in pillar[key] %}
         {%- if parameter is iterable and parameter is not string %}
@@ -855,8 +854,7 @@ ext_pillar:
     - {{ parameter }}
         {%- endif %}
       {%- endfor -%}
-    {#- Workaround for missing `is mapping` on CentOS 6, see #193: #}
-    {%- elif 'dict' in pillar[key].__class__.__name__ and pillar[key] is not string %}
+    {%- elif pillar[key] is mapping and pillar[key] is not string %}
   - {{ key }}:
       {%- for parameter in pillar[key] %}
       {{ parameter }}: {{pillar[key][parameter]}}

diff --git a/test/integration/v3000-py2/files/_mapdata/ubuntu-16.yaml b/test/integration/v3000-py2/files/_mapdata/ubuntu-16.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/apt/ubuntu/16.04/amd64/3000/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py2/files/_mapdata/ubuntu-18.yaml b/test/integration/v3000-py2/files/_mapdata/ubuntu-18.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/apt/ubuntu/18.04/amd64/3000/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/amazonlinux-2.yaml b/test/integration/v3000-py3/files/_mapdata/amazonlinux-2.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/amazon/2/$basearch/3000/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/centos-7.yaml b/test/integration/v3000-py3/files/_mapdata/centos-7.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3000/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/centos-8.yaml b/test/integration/v3000-py3/files/_mapdata/centos-8.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3000/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/debian-10.yaml b/test/integration/v3000-py3/files/_mapdata/debian-10.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/py3/debian/10/amd64/3000/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/debian-9.yaml b/test/integration/v3000-py3/files/_mapdata/debian-9.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/py3/debian/9/amd64/3000/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/gentoo-2-sysd.yaml b/test/integration/v3000-py3/files/_mapdata/gentoo-2-sysd.yaml
@@ -43,6 +43,13 @@ values:
         version: 0.23.0
     install_packages: true
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/gentoo-2-sysv.yaml b/test/integration/v3000-py3/files/_mapdata/gentoo-2-sysv.yaml
@@ -43,6 +43,13 @@ values:
         version: 0.23.0
     install_packages: true
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/opensuse-15.yaml b/test/integration/v3000-py3/files/_mapdata/opensuse-15.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://download.opensuse.org/repositories/systemsmanagement:/saltstack/openSUSE_Leap_15.2/repodata/repomd.xml.key
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/oraclelinux-7.yaml b/test/integration/v3000-py3/files/_mapdata/oraclelinux-7.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3000/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/oraclelinux-8.yaml b/test/integration/v3000-py3/files/_mapdata/oraclelinux-8.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3000/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/ubuntu-16.yaml b/test/integration/v3000-py3/files/_mapdata/ubuntu-16.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/py3/ubuntu/16.04/amd64/3000/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/ubuntu-18.yaml b/test/integration/v3000-py3/files/_mapdata/ubuntu-18.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/py3/ubuntu/18.04/amd64/3000/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3000-py3/files/_mapdata/windows-2019-server.yaml b/test/integration/v3000-py3/files/_mapdata/windows-2019-server.yaml
@@ -43,6 +43,13 @@ values:
         version: 0.23.0
     install_packages: true
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - "/srv/salt"

diff --git a/test/integration/v3000-py3/files/_mapdata/windows-8.yaml b/test/integration/v3000-py3/files/_mapdata/windows-8.yaml
@@ -43,6 +43,13 @@ values:
         version: 0.23.0
     install_packages: true
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - "/srv/salt"

diff --git a/test/integration/v3001-py3/files/_mapdata/amazonlinux-2.yaml b/test/integration/v3001-py3/files/_mapdata/amazonlinux-2.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/amazon/2/$basearch/3001/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3001-py3/files/_mapdata/centos-7.yaml b/test/integration/v3001-py3/files/_mapdata/centos-7.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3001/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3001-py3/files/_mapdata/centos-8.yaml b/test/integration/v3001-py3/files/_mapdata/centos-8.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3001/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3001-py3/files/_mapdata/debian-10.yaml b/test/integration/v3001-py3/files/_mapdata/debian-10.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/py3/debian/10/amd64/3001/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3001-py3/files/_mapdata/debian-9.yaml b/test/integration/v3001-py3/files/_mapdata/debian-9.yaml
@@ -45,6 +45,13 @@ values:
     key_url: https://repo.saltstack.com/py3/debian/9/amd64/3001/SALTSTACK-GPG-KEY.pub
     libgit2: libgit2-22
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3001-py3/files/_mapdata/fedora-32.yaml b/test/integration/v3001-py3/files/_mapdata/fedora-32.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3001/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3001-py3/files/_mapdata/fedora-33.yaml b/test/integration/v3001-py3/files/_mapdata/fedora-33.yaml
@@ -44,6 +44,13 @@ values:
     install_packages: true
     key_url: https://repo.saltstack.com/py3/redhat/$releasever/$basearch/3001/SALTSTACK-GPG-KEY.pub
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt

diff --git a/test/integration/v3001-py3/files/_mapdata/gentoo-2-sysd.yaml b/test/integration/v3001-py3/files/_mapdata/gentoo-2-sysd.yaml
@@ -43,6 +43,13 @@ values:
         version: 0.23.0
     install_packages: true
     master:
+      ext_pillar:
+      - cmd_yaml: cat /etc/salt/yaml
+      - stack:
+          - /path/to/stack1.cfg
+          - /path/to/stack2.cfg
+      - reclass:
+          inventory_base_uri: /etc/reclass
       file_roots:
         base:
         - /srv/salt