Merge pull request #34858 from rallytime/merge-2016.3

[2016.3] Merge forward from 2015.8 to 2016.3
saltstack · Jul 21, 2016 · aaede31 · aaede31
2 parents b3d8143 + 9227c3d
commit aaede31
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 6 deletions.
diff --git a/conf/master b/conf/master
@@ -309,6 +309,11 @@
 # running any commands. It would also blacklist any use of the "cmd"
 # module. This is completely disabled by default.
 #
+#
+# Check the list of configured users in client ACL against users on the
+# system and throw errors if they do not exist.
+#client_acl_verify: True
+#
 #publisher_acl_blacklist:
 #  users:
 #    - root

diff --git a/doc/topics/troubleshooting/yaml_idiosyncrasies.rst b/doc/topics/troubleshooting/yaml_idiosyncrasies.rst
@@ -113,6 +113,20 @@ Pillar data. Make sure that your Pillars which need to use the string versions
 of these values are enclosed in quotes.  Pillars will be parsed twice by salt,
 so you'll need to wrap your values in multiple quotes, for example '"false"'.
 
+The '%' Sign
+============
+
+The `%` symbol has a special meaning in YAML, it needs to be passed as a
+string literal:
+
+.. code-block:: yaml
+
+    cheese:
+      ssh_auth.present:
+        - user: tbortels
+        - source: salt://ssh_keys/chease.pub
+        - config: '%h/.ssh/authorized_keys'
+
 Integers are Parsed as Integers
 ===============================
 

diff --git a/salt/beacons/__init__.py b/salt/beacons/__init__.py
@@ -23,6 +23,7 @@ class Beacon(object):
     '''
     def __init__(self, opts, functions):
         self.opts = opts
+        self.functions = functions
         self.beacons = salt.loader.beacons(opts, functions)
         self.interval_map = dict()
 
@@ -182,7 +183,8 @@ def list_beacons(self):
         '''
         # Fire the complete event back along with the list of beacons
         evt = salt.utils.event.get_event('minion', opts=self.opts)
-        evt.fire_event({'complete': True, 'beacons': self.opts['beacons']},
+        b_conf = self.functions['config.merge']('beacons')
+        evt.fire_event({'complete': True, 'beacons': b_conf},
                        tag='/salt/minion/minion_beacons_list_complete')
 
         return True

diff --git a/salt/client/ssh/wrapper/state.py b/salt/client/ssh/wrapper/state.py
@@ -154,7 +154,9 @@ def low(data, **kwargs):
             __pillar__,
             __salt__,
             __context__['fileclient'])
-    err = st_.verify_data(data)
+    for chunk in chunks:
+        chunk['__id__'] = chunk['name'] if not chunk.get('__id__') else chunk['__id__']
+    err = st_.state.verify_data(data)
     if err:
         return err
     file_refs = salt.client.ssh.state.lowstate_file_refs(
@@ -223,7 +225,7 @@ def high(data, **kwargs):
             __pillar__,
             __salt__,
             __context__['fileclient'])
-    chunks = st_.state.compile_high_data(high)
+    chunks = st_.state.compile_high_data(data)
     file_refs = salt.client.ssh.state.lowstate_file_refs(
             chunks,
             _merge_extra_filerefs(

diff --git a/salt/config/__init__.py b/salt/config/__init__.py
@@ -596,6 +596,7 @@ def _gather_buffer_space():
     'syndic_failover': str,
     'runner_dirs': list,
     'client_acl': dict,
+    'client_acl_verify': bool,
     'client_acl_blacklist': dict,
     'publisher_acl': dict,
     'publisher_acl_blacklist': dict,
@@ -1181,6 +1182,7 @@ def _gather_buffer_space():
     'runner_dirs': [],
     'outputter_dirs': [],
     'client_acl': {},
+    'client_acl_verify': True,
     'client_acl_blacklist': {},
     'publisher_acl': {},
     'publisher_acl_blacklist': {},

diff --git a/salt/daemons/masterapi.py b/salt/daemons/masterapi.py
@@ -206,20 +206,24 @@ def access_keys(opts):
     if opts.get('user'):
         acl_users.add(opts['user'])
     acl_users.add(salt.utils.get_user())
-    if HAS_PWD:
+    if opts['client_acl_verify'] and HAS_PWD:
+        log.profile('Beginning pwd.getpwall() call in masterarpi acess_keys function')
         for user in pwd.getpwall():
             users.append(user.pw_name)
+        log.profile('End pwd.getpwall() call in masterarpi acess_keys function')
     for user in acl_users:
         log.info(
             'Preparing the {0} key for local communication'.format(
                 user
             )
         )
 
-        if HAS_PWD:
+        if opts['client_acl_verify'] and HAS_PWD:
             if user not in users:
                 try:
+                    log.profile('Beginning pwd.getpnam() call in masterarpi acess_keys function')
                     user = pwd.getpwnam(user).pw_name
+                    log.profile('Beginning pwd.getpwnam() call in masterarpi acess_keys function')
                 except KeyError:
                     log.error('ACL user {0} is not available'.format(user))
                     continue

diff --git a/salt/states/ssh_auth.py b/salt/states/ssh_auth.py
@@ -29,7 +29,7 @@
       ssh_auth.present:
         - user: root
         - source: salt://ssh_keys/thatch.id_rsa.pub
-        - config: %h/.ssh/authorized_keys
+        - config: '%h/.ssh/authorized_keys'
 
     sshkeys:
       ssh_auth.present: