Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git module/state: Handle identity files more gracefully #30894

Merged
merged 6 commits into from Feb 4, 2016
Merged

git module/state: Handle identity files more gracefully #30894

merged 6 commits into from Feb 4, 2016

Conversation

terminalmage
Copy link
Contributor

This pull request does the following:

  1. The ssh wrapper used for git ssh authentication has been modified to specifically use the global ssh_config. This fixes an issue where a matching entry in the user's ~/.ssh/config containing an IdentityFile param will override the -i argument in the wrapper and prevent the desired identity file from being used.
  2. Using a passphrase-protected key when invoking Salt using salt instead of salt-call blocks waiting for user input. __opts__['__cli'] is now inspected to determine how Salt was invoked, and a new remote execution function ssh.key_is_encrypted has been added to check a private key to see if it is protected by a passphrase.
  3. Several calls to functions in the git execution module which use the identity param were missing try/except blocks to catch exceptions raised when git ssh authentication fails. These have now been added, and a couple DRY functions have been added for gracefully failing the state when specific actions that are attempted in more than one place within the git.latest state fail.

@terminalmage
Add salt.utils.files.process_read_exception()
1ae7c53 
This is a common function to raise exceptions encountered trying to read
from a file.
@terminalmage
Add salt.modules.ssh.key_is_encrypted()
f813cce
@terminalmage
Add global ssh_config path to git ssh wrapper
0b286f1 
This ensures that a matching entry in a local ssh_config (~/.ssh/config)
doesn't override the "-i" parameter.
@terminalmage
git: only use passphrase-protected key if invoked using salt-call
c961cf1
@terminalmage
salt.states.git.latest(): Prevent tracebacks when git ssh auth fails
8909d43 
This adds missing try/except blocks to ensure that a failed git ssh auth
doesn't cause a traceback.

It also adds information to the documentation for the "identity" param
which explains that passphraseless keys cannot be used unless Salt is
invoked using salt-call.
@terminalmage
Copy link
Contributor Author

Test failure is unrelated.

@terminalmage
Update versionadded/versionchanged
08741eb 
These changes did not make it in before v2015.8.6 was tagged.
@terminalmage terminalmage added this to the B 3 milestone Feb 4, 2016
@terminalmage terminalmage self-assigned this Feb 4, 2016
cachedout pushed a commit that referenced this pull request Feb 4, 2016
Merge pull request #30894 from terminalmage/issue30858
3d3321a 
git module/state: Handle identity files more gracefully
@cachedout cachedout merged commit 3d3321a into saltstack:2015.8 Feb 4, 2016
@terminalmage terminalmage mentioned this pull request Feb 5, 2016
Closed
@terminalmage terminalmage removed this from the B 3 milestone Feb 9, 2016
@terminalmage terminalmage deleted the issue30858 branch April 6, 2016 23:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Tests-Passed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@terminalmage @cachedout