Merge remote-tracking branch 'upstream/2015.5' into merge-forward-2015.8

Conflicts: salt/utils/http.py
saltstack · Sep 18, 2015 · be2b0fc · be2b0fc
2 parents 253ac5e + 579f375
commit be2b0fc
Show file tree

Hide file tree

Showing 5 changed files with 110 additions and 11 deletions.
diff --git a/doc/topics/releases/2015.5.6.rst b/doc/topics/releases/2015.5.6.rst
@@ -0,0 +1,8 @@
+===========================
+Salt 2015.5.6 Release Notes
+===========================
+
+Version 2015.5.6 is a bugfix release for :doc:`2015.5.0
+</topics/releases/2015.5.0>`.
+
+Changes:
diff --git a/salt/modules/ssh.py b/salt/modules/ssh.py
@@ -870,14 +870,53 @@ def set_known_host(user=None,
                    port=None,
                    enc=None,
                    hash_hostname=True,
-                   config=None):
+                   config=None,
+                   hash_known_hosts=True):
     '''
     Download SSH public key from remote host "hostname", optionally validate
     its fingerprint against "fingerprint" variable and save the record in the
     known_hosts file.
 
     If such a record does already exists in there, do nothing.
 
+    user
+        The user who owns the ssh authorized keys file to modify
+
+    hostname
+        The name of the remote host (e.g. "github.com")
+
+    fingerprint
+        The fingerprint of the key which must be presented in the known_hosts
+        file (optional if key specified)
+
+    key
+        The public key which must be presented in the known_hosts file
+        (optional if fingerprint specified)
+
+    port
+        optional parameter, denoting the port of the remote host, which will be
+        used in case, if the public key will be requested from it. By default
+        the port 22 is used.
+
+    enc
+        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
+        or ssh-dss
+
+    hash_hostname : True
+        Hash all hostnames and addresses in the known hosts file.
+
+        .. deprecated:: Carbon
+
+            Please use hash_known_hosts instead.
+
+    config
+        The location of the authorized keys file relative to the user's home
+        directory, defaults to ".ssh/known_hosts". If no user is specified,
+        defaults to "/etc/ssh/ssh_known_hosts". If present, must be an
+        absolute path when a user is not specified.
+
+    hash_known_hosts : True
+        Hash all hostnames and addresses in the known hosts file.
 
     CLI Example:
 
@@ -894,6 +933,14 @@ def set_known_host(user=None,
                 'error': 'argument port can not be used in '
                 'conjunction with argument hash_hostname'}
 
+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
     update_required = False
     check_required = False
     stored_host = get_known_host(user, hostname, config, port)
@@ -967,7 +1014,7 @@ def set_known_host(user=None,
             os.chown(ssh_dir, uinfo['uid'], uinfo['gid'])
             os.chmod(ssh_dir, 0o700)
 
-    if key:
+    if key and hash_known_hosts:
         cmd_result = __salt__['ssh.hash_known_hosts'](user=user, config=full)
 
     # write line to known_hosts file
@@ -1070,6 +1117,13 @@ def hash_known_hosts(user=None, config=None):
 
     .. versionadded:: 2014.7.0
 
+    user
+        hash known hosts of this user
+
+    config
+        path to known hosts file: can be absolute or relative to user's home
+        directory
+
     CLI Example:
 
     .. code-block:: bash
@@ -1080,7 +1134,7 @@ def hash_known_hosts(user=None, config=None):
     full = _get_known_hosts_file(config=config, user=user)
 
     if isinstance(full, dict):
-        return full
+        return full  # full contains error information
 
     if not os.path.isfile(full):
         return {'status': 'error',

diff --git a/salt/states/ssh_known_hosts.py b/salt/states/ssh_known_hosts.py
@@ -23,6 +23,9 @@
 # Import python libs
 import os
 
+# Import salt libs
+import salt.utils
+
 
 def present(
         name,
@@ -32,7 +35,8 @@ def present(
         port=None,
         enc=None,
         config=None,
-        hash_hostname=True):
+        hash_hostname=True,
+        hash_known_hosts=True):
     '''
     Verifies that the specified host is known by the specified user
 
@@ -70,7 +74,14 @@ def present(
         absolute path when a user is not specified.
 
     hash_hostname : True
-        Hash all hostnames and addresses in the output.
+        Hash all hostnames and addresses in the known hosts file.
+
+        .. deprecated:: Carbon
+
+            Please use hash_known_hosts instead.
+
+    hash_known_hosts : True
+        Hash all hostnames and addresses in the known hosts file.
     '''
     ret = {'name': name,
            'changes': {},
@@ -87,6 +98,14 @@ def present(
         ret['result'] = False
         return dict(ret, comment=comment)
 
+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
     if __opts__['test']:
         if key and fingerprint:
             comment = 'Specify either "key" or "fingerprint", not both.'
@@ -121,7 +140,7 @@ def present(
                 port=port,
                 enc=enc,
                 config=config,
-                hash_hostname=hash_hostname)
+                hash_known_hosts=hash_known_hosts)
     if result['status'] == 'exists':
         return dict(ret,
                     comment='{0} already exists in {1}'.format(name, config))

diff --git a/salt/states/test.py b/salt/states/test.py
@@ -8,6 +8,12 @@
 
 .. code-block:: yaml
 
+    always-passes-with-any-kwarg:
+      test.nop:
+        - name: foo
+        - something: else
+        - foo: bar
+
     always-passes:
       test.succeed_without_changes:
         - name: foo
@@ -49,6 +55,17 @@
 log = logging.getLogger(__name__)
 
 
+def nop(name, **kwargs):
+    '''
+    A no-op state that does nothing. Useful in conjunction with the `use`
+    requisite, or in templates which could otherwise be empty due to jinja
+    rendering
+
+    .. versionadded:: 2015.5.6
+    '''
+    return succeed_without_changes(name)
+
+
 def succeed_without_changes(name):
     '''
     Returns successful.
@@ -64,9 +81,6 @@ def succeed_without_changes(name):
         'result': True,
         'comment': 'Success!'
     }
-    if __opts__['test']:
-        ret['result'] = True
-        ret['comment'] = 'If we weren\'t testing, this would be a success!'
     return ret
 
 

diff --git a/salt/utils/http.py b/salt/utils/http.py
@@ -313,7 +313,7 @@ def query(url,
             urllib_request.HTTPCookieProcessor(sess_cookies)
         ]
 
-        if url.startswith('https') or port == 443:
+        if url.startswith('https'):
             hostname = request.get_host()
             handlers[0] = urllib_request.HTTPSHandler(1)
             if not HAS_MATCHHOSTNAME:
@@ -323,8 +323,12 @@ def query(url,
                 log.warn(('SSL certificate verification has been explicitly '
                          'disabled. THIS CONNECTION MAY NOT BE SECURE!'))
             else:
+                if ':' in hostname:
+                    hostname, port = hostname.split(':')
+                else:
+                    port = 443
                 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                sock.connect((hostname, 443))
+                sock.connect((hostname, int(port)))
                 sockwrap = ssl.wrap_socket(
                     sock,
                     ca_certs=ca_bundle,