[master] Allow all primitive grain types for autosign_grains

changelog/61416.fixed.md

@@ -0,0 +1 @@
+Allow all primitive grain types for autosign_grains

changelog/63708.fixed.md

@@ -0,0 +1 @@
+Allow all primitive grain types for autosign_grains

salt/daemons/masterapi.py

@@ -88,7 +88,7 @@ def clean_fsbackend(opts):
     # Clear remote fileserver backend caches so they get recreated
     for backend in ("git", "hg", "svn"):
         if backend in opts["fileserver_backend"]:
-            env_cache = os.path.join(opts["cachedir"], "{}fs".format(backend), "envs.p")
+            env_cache = os.path.join(opts["cachedir"], f"{backend}fs", "envs.p")
             if os.path.isfile(env_cache):
                 log.debug("Clearing %sfs env cache", backend)
                 try:
@@ -99,7 +99,7 @@ def clean_fsbackend(opts):
                     )
 
             file_lists_dir = os.path.join(
-                opts["cachedir"], "file_lists", "{}fs".format(backend)
+                opts["cachedir"], "file_lists", f"{backend}fs"
             )
             try:
                 file_lists_caches = os.listdir(file_lists_dir)
@@ -177,7 +177,7 @@ def mk_key(opts, user):
             opts["cachedir"], ".{}_key".format(user.replace("\\", "_"))
         )
     else:
-        keyfile = os.path.join(opts["cachedir"], ".{}_key".format(user))
+        keyfile = os.path.join(opts["cachedir"], f".{user}_key")
 
     if os.path.exists(keyfile):
         log.debug("Removing stale keyfile: %s", keyfile)
@@ -220,7 +220,7 @@ def access_keys(opts):
     for user in acl_users:
         log.info("Preparing the %s key for local communication", user)
 
-        keyfile = os.path.join(opts["cachedir"], ".{}_key".format(user))
+        keyfile = os.path.join(opts["cachedir"], f".{user}_key")
         if os.path.exists(keyfile):
             with salt.utils.files.fopen(keyfile, "r") as fp:
                 key = salt.utils.stringutils.to_unicode(fp.read())
@@ -380,7 +380,7 @@ def check_autosign_grains(self, autosign_grains):
                             line = salt.utils.stringutils.to_unicode(line).strip()
                             if line.startswith("#"):
                                 continue
-                            if autosign_grains[grain] == line:
+                            if str(autosign_grains[grain]) == line:
                                 return True
         return False
 
@@ -603,7 +603,7 @@ def _mine_get(self, load, skip_verify=False):
         minions = _res["minions"]
         minion_side_acl = {}  # Cache minion-side ACL
         for minion in minions:
-            mine_data = self.cache.fetch("minions/{}".format(minion), "mine")
+            mine_data = self.cache.fetch(f"minions/{minion}", "mine")
             if not isinstance(mine_data, dict):
                 continue
             for function in functions_allowed:
@@ -630,7 +630,7 @@ def _mine_get(self, load, skip_verify=False):
                                 continue
                             salt.utils.dictupdate.set_dict_key_value(
                                 minion_side_acl,
-                                "{}:{}".format(minion, function),
+                                f"{minion}:{function}",
                                 get_minion,
                             )
                 if salt.utils.mine.minion_side_acl_denied(
@@ -1190,7 +1190,7 @@ def wheel(self, load):
         fun = load.pop("fun")
         tag = salt.utils.event.tagify(jid, prefix="wheel")
         data = {
-            "fun": "wheel.{}".format(fun),
+            "fun": f"wheel.{fun}",
             "jid": jid,
             "tag": tag,
             "user": username,
@@ -1274,7 +1274,7 @@ def publish(self, load):
         # Setup authorization list variable and error information
         auth_list = auth_check.get("auth_list", [])
         error = auth_check.get("error")
-        err_msg = 'Authentication failure of type "{}" occurred.'.format(auth_type)
+        err_msg = f'Authentication failure of type "{auth_type}" occurred.'
 
         if error:
             # Authentication error occurred: do not continue.

tests/pytests/unit/daemons/masterapi/test_auto_key.py

@@ -17,11 +17,11 @@ def gen_permissions(owner="", group="", others=""):
     """
     ret = 0
     for c in owner:
-        ret |= getattr(stat, "S_I{}USR".format(c.upper()), 0)
+        ret |= getattr(stat, f"S_I{c.upper()}USR", 0)
     for c in group:
-        ret |= getattr(stat, "S_I{}GRP".format(c.upper()), 0)
+        ret |= getattr(stat, f"S_I{c.upper()}GRP", 0)
     for c in others:
-        ret |= getattr(stat, "S_I{}OTH".format(c.upper()), 0)
+        ret |= getattr(stat, f"S_I{c.upper()}OTH", 0)
     return ret
 
 
@@ -256,16 +256,17 @@ def test_func(mock_walk, mock_open, mock_permissions):
     _test_check_autosign_grains(test_func, auto_key, autosign_grains_dir=None)
 
 
-def test_check_autosign_grains_accept(auto_key):
+@pytest.mark.parametrize("grain_value", ["test_value", 123, True])
+def test_check_autosign_grains_accept(grain_value, auto_key):
     """
     Asserts that autosigning from grains passes when a matching grain value is in an
     autosign_grain file.
     """
 
     def test_func(*args):
-        assert auto_key.check_autosign_grains({"test_grain": "test_value"}) is True
+        assert auto_key.check_autosign_grains({"test_grain": grain_value}) is True
 
-    file_content = "#test_ignore\ntest_value"
+    file_content = f"#test_ignore\n{grain_value}"
     _test_check_autosign_grains(test_func, auto_key, file_content=file_content)