Merge remote-tracking branch 'upstream/develop' into develop

* upstream/develop: add new saltconf ads Fix grains.core pylint error Adding Unit Tests and Fixing debian_eth.jinja Adding accept_ra 2 option to modules.debian_ip fix names to various package modules so links work adds webconfig tests Commit to fix lint problems to allow successful pr-lint build auth: use log formatting for message Refactorized mongodb_user.present to avoid showing successful changes when no changes has been made to user. Now shows changes when roles has been changed for user so its easier to see if roles going to changed in test mode. Changed tests to adapt to new behaviour. Changed returned result when using test=true for mongodb_user.present to avoid false positives. Fixed whitespaces at mongodb_user.present test saltstack#53963 Added new test for mongodb_user.present that verifies the proper functioning when aplying state for an existing user Fixes bug in MongoDb User State causing changes to be applied in case of an existing user even in test mode. auth: log details in case of user auth issue Fix typo in vault docs
gitebra · Aug 30, 2019 · 6349dc5 · 6349dc5
2 parents 0e54ff6 + 37ceccb
commit 6349dc5
Show file tree

Hide file tree

Showing 13 changed files with 239 additions and 15 deletions.
diff --git a/doc/_themes/saltstack2/layout.html b/doc/_themes/saltstack2/layout.html
@@ -269,7 +269,7 @@
                                  <!--
                                  <a href="https://saltstack.com/saltstack-enterprise/" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/enterprise_ad.jpg', 1) }}"/></a>
                                  -->
-                                 <a href="http://saltconf.com/saltconf18-speakers/" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/DOCBANNER.png', 1) }}"/></a>
+                                 <a href="http://saltconf.com/register/" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/DOCBANNER.png', 1) }}"/></a>
                             </div>
                             {% endif %}
                         </div>

diff --git a/doc/_themes/saltstack2/static/images/DOCBANNER.png b/doc/_themes/saltstack2/static/images/DOCBANNER.png
diff --git a/doc/man/salt.7 b/doc/man/salt.7
@@ -275988,7 +275988,7 @@ new
 all
 .TP
 .B note
-If you see the following error, you\(aqll need to upgrade \fBrequests\fP to atleast 2.4.2
+If you see the following error, you\(aqll need to upgrade \fBrequests\fP to at least 2.4.2
 .UNINDENT
 .INDENT 0.0
 .INDENT 3.5

diff --git a/doc/ref/modules/all/salt.modules.pkg.rst b/doc/ref/modules/all/salt.modules.pkg.rst
@@ -15,26 +15,26 @@ Execution Module                       Used for
 :py:mod:`~salt.modules.aixpkg`         AIX OS using ``installp`` and ``rpm``
 :py:mod:`~salt.modules.aptpkg`         Debian/Ubuntu-based distros which use
                                        ``apt-get(8)`` for package management
-:py:mod:`~salt.modules.brew`           Mac OS software management using
+:py:mod:`~salt.modules.mac_brew_pkg`   Mac OS software management using
                                        `Homebrew`_
-:py:mod:`~salt.modules.ebuild`         Gentoo-based systems (utilizes the
+:py:mod:`~salt.modules.ebuildpkg`      Gentoo-based systems (utilizes the
                                        ``portage`` python module as well as
                                        ``emerge(1)``)
 :py:mod:`~salt.modules.freebsdpkg`     FreeBSD-based OSes using ``pkg_add(1)``
 :py:mod:`~salt.modules.openbsdpkg`     OpenBSD-based OSes using ``pkg_add(1)``
-:py:mod:`~salt.modules.pacman`         Arch Linux-based distros using
+:py:mod:`~salt.modules.pacmanpkg`      Arch Linux-based distros using
                                        ``pacman(8)``
 :py:mod:`~salt.modules.pkgin`          NetBSD-based OSes using ``pkgin(1)``
 :py:mod:`~salt.modules.pkgng`          FreeBSD-based OSes using ``pkg(8)``
 :py:mod:`~salt.modules.pkgutil`        Solaris-based OSes using `OpenCSW`_'s
                                        ``pkgutil(1)``
 :py:mod:`~salt.modules.solarispkg`     Solaris-based OSes using ``pkgadd(1M)``
-:py:mod:`~salt.modules.solarisips`     Solaris-based OSes using IPS ``pkg(1)``
+:py:mod:`~salt.modules.solarisipspkg`  Solaris-based OSes using IPS ``pkg(1)``
 :py:mod:`~salt.modules.win_pkg`        Salt's :ref:`Windows Package Manager
                                        <windows-package-manager>`
 :py:mod:`~salt.modules.yumpkg`         RedHat-based distros and derivatives
                                        using ``yum(8)`` or ``dnf(8)``
-:py:mod:`~salt.modules.zypper`         SUSE-based distros using ``zypper(8)``
+:py:mod:`~salt.modules.zypperpkg`      SUSE-based distros using ``zypper(8)``
 ====================================== ========================================
 
 .. _Homebrew: http://brew.sh/

diff --git a/salt/auth/__init__.py b/salt/auth/__init__.py
@@ -330,6 +330,7 @@ def authenticate_key(self, load, key):
                 return auth_user.sudo_name()
             elif load['user'] == self.opts.get('user', 'root') or load['user'] == 'root':
                 if auth_key != key[self.opts.get('user', 'root')]:
+                    log.warning('Master runs as %r, but user in payload is %r', self.opts.get('user', 'root'), load['user'])
                     log.warning(error_msg)
                     return False
             elif auth_user.is_running_user():

diff --git a/salt/grains/core.py b/salt/grains/core.py
@@ -43,6 +43,7 @@
 
 # linux_distribution deprecated in py3.7
 try:
+    #pylint: disable=W1505
     from platform import linux_distribution as _deprecated_linux_distribution
 
     def linux_distribution(**kwargs):

diff --git a/salt/modules/debian_ip.py b/salt/modules/debian_ip.py
@@ -475,7 +475,7 @@ def __space_delimited_list(value):
     'dhcp':  __within([0, 1], dtype=int),
     # inet6 static & manual & dhcp
     'media': __anything,
-    'accept_ra':  __within([0, 1], dtype=int),
+    'accept_ra':  __within([0, 1, 2], dtype=int),
     'autoconf':  __within([0, 1], dtype=int),
     'preferred-lifetime':  __int,
     'dad-attempts': __int,  # 0 to disable

diff --git a/salt/modules/vault.py b/salt/modules/vault.py
@@ -7,7 +7,7 @@
 :platform:      all
 
 
-:note: If you see the following error, you'll need to upgrade ``requests`` to atleast 2.4.2
+:note: If you see the following error, you'll need to upgrade ``requests`` to at least 2.4.2
 
 .. code-block:: text
 

diff --git a/salt/states/mongodb_user.py b/salt/states/mongodb_user.py
@@ -118,8 +118,12 @@ def present(name,
             # fill changes if the roles and current roles differ
             if not set(current_roles) == set(roles):
                 ret['changes'].update({name: {'database': database, 'roles': {'old': current_roles, 'new': roles}}})
+                ret['comment'] = 'User {0} is already present, but has new roles'.format(name)
+                ret['result'] = None
 
-            __salt__['mongodb.user_create'](name, passwd, user, password, host, port, database=database, authdb=authdb, roles=roles)
+            if not __opts__['test']:
+                __salt__['mongodb.user_create'](name, passwd, user, password, host, port, database=database, authdb=authdb, roles=roles)
+                ret['result'] = True
         return ret
 
     # if the check does not return a boolean, return an error

diff --git a/salt/templates/debian_ip/debian_eth.jinja b/salt/templates/debian_ip/debian_eth.jinja
@@ -8,6 +8,7 @@
   'pre_down_cmds': 'pre-down',
   'post_down_cmds': 'post-down',
   'master': 'bond-master',
+  'accept_ra': 'accept_ra',
   } -%}
 {% set concat_opts = ['dns_nameservers'] -%}
 {% set valid_opts = [
@@ -16,14 +17,14 @@
   'vendor', 'client', 'bootfile', 'server', 'mode', 'endpoint', 'dstaddr', 'local', 'ttl', 'mtu',
   'provider', 'unit', 'options', 'master', 'dns_nameservers', 'wireless_mode', 'wpa_ap_scan',
   'wpa_conf', 'wpa_driver', 'wpa_group', 'wpa_key_mgmt', 'wpa_pairwise', 'wpa_proto', 'wpa_psk',
-  'wpa_roam', 'wpa_ssid',
+  'wpa_roam', 'wpa_ssid', 'accept_ra'
   ] -%}
 {% if data.enabled %}auto {{ name }}
 {% endif %}{% if data.hotplug %}allow-hotplug {{ name }}
 {% endif %}{% for inet in ['inet', 'inet6'] -%}
 {% if data.data[inet] and data.data[inet].addrfam == inet %}{% set interface = data.data[inet] -%}
 {% if interface.proto and interface.addrfam %}iface {{name}} {{interface.addrfam}} {{interface.proto}}
-{% for opt in valid_opts %}{% set debopt = optmap.get(opt, opt).replace('_', '-') -%}
+{% for opt in valid_opts %}{% set debopt = optmap.get(opt, opt.replace('_', '-')) -%}
 {% set val = interface.get(opt, False) %}{% if val -%}
 {% if opt in concat_opts and val is iterable %}    {{ debopt }} {{ val|join(' ') }}
 {% elif val is string or val is number       %}    {{ debopt }} {{ val }}

diff --git a/tests/unit/modules/test_debian_ip.py b/tests/unit/modules/test_debian_ip.py
@@ -784,6 +784,37 @@
                 '    address 2001:db8:dead:c0::3/64\n',
                 '    gateway 2001:db8:dead:c0::1\n',
                 '\n']},
+
+        # IPv6-only; static with autoconf and accept_ra forced
+        {'iface_name': 'eth20', 'iface_type': 'eth', 'enabled': True,
+            'build_interface': {
+                'ipv6proto': 'static',
+                'ipv6ipaddr': '2001:db8:dead:beef::3/64',
+                'ipv6gateway': '2001:db8:dead:beef::1',
+                'enable_ipv6': True,
+                'autoconf': 1,
+                'accept_ra': 2,
+                'noifupdown': True,
+                },
+            'get_interface': odict([('eth20', odict([('enabled', True), ('data', odict([
+                ('inet6', odict([
+                    ('addrfam', 'inet6'),
+                    ('proto', 'static'),
+                    ('filename', None),
+                    ('autoconf', 1),
+                    ('address', '2001:db8:dead:beef::3/64'),
+                    ('gateway', '2001:db8:dead:beef::1'),
+                    ('accept_ra', 2),
+                    ])),
+                ]))]))]),
+            'return': [
+                'auto eth20\n',
+                'iface eth20 inet6 static\n',
+                '    autoconf 1\n',
+                '    address 2001:db8:dead:beef::3/64\n',
+                '    gateway 2001:db8:dead:beef::1\n',
+                '    accept_ra 2\n',
+                '\n']},
         ]
 
 

diff --git a/tests/unit/modules/test_win_iis.py b/tests/unit/modules/test_win_iis.py
@@ -19,6 +19,7 @@
 from tests.support.unit import TestCase, skipIf
 from tests.support.mock import (
     MagicMock,
+    call,
     patch,
     NO_MOCK,
     NO_MOCK_REASON,
@@ -402,3 +403,132 @@ def test_set_container_setting(self):
                 patch('salt.modules.win_iis.get_container_setting',
                        MagicMock(return_value={'managedPipelineMode': 'Integrated'})):
             self.assertTrue(win_iis.set_container_setting(**kwargs))
+
+    def test_get_webconfiguration_settings_no_settings(self):
+        self.assertEqual(win_iis.get_webconfiguration_settings('salt', {}, ''), {})
+
+    def test_get_webconfiguration_settings_pass(self):
+        settings = [{'name': 'enabled',
+                     'filter': 'system.webServer/security/authentication/anonymousAuthentication'}]
+
+        ps_cmd_validate = ['Get-WebConfigurationProperty',
+                           '-PSPath',
+                           "'salt'",
+                           '-Filter',
+                           "'system.webServer/security/authentication/anonymousAuthentication'",
+                           '-Name',
+                           "'enabled'",
+                           '-Location',
+                           "''",
+                           '-ErrorAction',
+                           'Stop',
+                           '|',
+                           'Out-Null;']
+
+        ps_cmd = ['$Settings = New-Object System.Collections.ArrayList;',
+                  "$Property = Get-WebConfigurationProperty -PSPath 'salt'",
+                  "-Name 'enabled' -Filter 'system.webServer/security/authentication/anonymousAuthentication' -Location '' -ErrorAction Stop;",
+                  'if (([String]::IsNullOrEmpty($Property) -eq $False) -and',
+                  "($Property.GetType()).Name -eq 'ConfigurationAttribute') {",
+                  '$Property = $Property | Select-Object',
+                  '-ExpandProperty Value };',
+                  "$Settings.add(@{filter='system.webServer/security/authentication/anonymousAuthentication';name='enabled';location='';value=[String] $Property})| Out-Null;",
+                  '$Property = $Null;',
+                  '$Settings']
+
+        func_ret = {'name': 'enabled', 'value': True}
+        with patch.object(win_iis, '_srvmgr', return_value={'retcode': 0, 'stdout': 'json data'}) as _srvmgr:
+            with patch.object(win_iis.salt.utils.json, 'loads', return_value=func_ret) as loads:
+                ret = win_iis.get_webconfiguration_settings('salt', settings)
+
+                self.assertEqual(_srvmgr.call_count, 2)
+                self.assertEqual(_srvmgr.mock_calls[0], call(cmd=ps_cmd_validate, return_json=True))
+                self.assertEqual(_srvmgr.mock_calls[1], call(cmd=ps_cmd, return_json=True))
+
+                loads.assert_called_once_with('json data', strict=False)
+                self.assertEqual(func_ret, ret)
+
+    def test_set_webconfiguration_settings_no_settings(self):
+        self.assertEqual(win_iis.set_webconfiguration_settings('salt', {}, ''), False)
+
+    def test_set_webconfiguration_settings_pass(self):
+        settings = [{'name': 'enabled',
+                     'filter': 'system.webServer/security/authentication/anonymousAuthentication',
+                     'value': False}]
+
+        current_settings = [{'name': 'enabled',
+                             'filter': 'system.webServer/security/authentication/anonymousAuthentication',
+                             'value': True}]
+
+        new_settings = [{'name': 'enabled',
+                         'filter': 'system.webServer/security/authentication/anonymousAuthentication',
+                         'value': False}]
+
+        ps_cmd = ['Set-WebConfigurationProperty',
+                  '-PSPath',
+                  "'salt'",
+                  '-Filter',
+                  "'system.webServer/security/authentication/anonymousAuthentication'",
+                  '-Name',
+                  "'enabled'",
+                  '-Location',
+                  "''",
+                  '-Value',
+                  "'False';"]
+
+        with patch.object(win_iis, 'get_webconfiguration_settings', side_effect=[current_settings, new_settings]) as get_webconfiguration_settings:
+            with patch.object(win_iis, '_srvmgr', return_value={'retcode': 0}) as _srvmgr:
+                ret = win_iis.set_webconfiguration_settings('salt', settings, '')
+
+                self.assertEqual(get_webconfiguration_settings.call_count, 2)
+                self.assertEqual(get_webconfiguration_settings.mock_calls[0], call(name='salt',
+                                                                                   settings=settings,
+                                                                                   location=''))
+                self.assertEqual(get_webconfiguration_settings.mock_calls[1], call(name='salt',
+                                                                                   settings=settings,
+                                                                                   location=''))
+
+                _srvmgr.assert_called_once_with(ps_cmd)
+
+                self.assertTrue(ret)
+
+    def test_set_webconfiguration_settings_fail(self):
+        settings = [{'name': 'enabled',
+                     'filter': 'system.webServer/security/authentication/anonymousAuthentication',
+                     'value': False}]
+
+        current_settings = [{'name': 'enabled',
+                             'filter': 'system.webServer/security/authentication/anonymousAuthentication',
+                             'value': True}]
+
+        new_settings = [{'name': 'enabled',
+                         'filter': 'system.webServer/security/authentication/anonymousAuthentication',
+                         'value': True}]
+
+        ps_cmd = ['Set-WebConfigurationProperty',
+                  '-PSPath',
+                  "'salt'",
+                  '-Filter',
+                  "'system.webServer/security/authentication/anonymousAuthentication'",
+                  '-Name',
+                  "'enabled'",
+                  '-Location',
+                  "''",
+                  '-Value',
+                  "'False';"]
+
+        with patch.object(win_iis, 'get_webconfiguration_settings', side_effect=[current_settings, new_settings]) as get_webconfiguration_settings:
+            with patch.object(win_iis, '_srvmgr', return_value={'retcode': 0}) as _srvmgr:
+                ret = win_iis.set_webconfiguration_settings('salt', settings, '')
+
+                self.assertEqual(get_webconfiguration_settings.call_count, 2)
+                self.assertEqual(get_webconfiguration_settings.mock_calls[0], call(name='salt',
+                                                                                   settings=settings,
+                                                                                   location=''))
+                self.assertEqual(get_webconfiguration_settings.mock_calls[1], call(name='salt',
+                                                                                   settings=settings,
+                                                                                   location=''))
+
+                _srvmgr.assert_called_once_with(ps_cmd)
+
+                self.assertFalse(ret)
diff --git a/tests/unit/states/test_mongodb_user.py b/tests/unit/states/test_mongodb_user.py
@@ -26,11 +26,11 @@ class MongodbUserTestCase(TestCase, LoaderModuleMockMixin):
     def setup_loader_modules(self):
         return {mongodb_user: {'__opts__': {'test': True}}}
 
-    # 'present' function tests: 1
+    # 'present' function tests: 2
 
-    def test_present(self):
+    def test_present_new_user(self):
         '''
-        Test to ensure that the user is present with the specified properties.
+        Test to ensure that the user is present with the specified properties for a new account.
         '''
         name = 'myapp'
         passwd = 'password-of-myapp'
@@ -68,6 +68,62 @@ def test_present(self):
                             'changes': {name: 'Present'}})
                 self.assertDictEqual(mongodb_user.present(name, passwd), ret)
 
+    def test_present_existing_user(self):
+        '''
+        Test to ensure that the user is present with the specified properties for an existing account.
+        '''
+        name = 'myapp'
+        passwd = 'password-of-myapp'
+        db = 'myapp-database'
+        current_role_string = 'current-mongodb-role'
+        current_role = [current_role_string]
+        new_role = ['new-mongodb-role']
+
+        ret = {'name': name,
+               'result': False,
+               'comment': '',
+               'changes': {}}
+
+        comt = ('Port ({}) is not an integer.')
+        ret.update({'comment': comt})
+        self.assertDictEqual(mongodb_user.present(name, passwd, port={}), ret)
+
+        mock_t = MagicMock(return_value=True)
+        mock = MagicMock(return_value=[{'user': name, 'roles': [{'db': db, 'role': current_role_string}]}])
+        with patch.dict(mongodb_user.__salt__,
+                        {
+                         'mongodb.user_create': mock_t,
+                         'mongodb.user_find': mock
+                        }):
+            comt = ('User {0} is already present'
+                ).format(name)
+            ret.update({'comment': comt, 'result': True})
+            self.assertDictEqual(mongodb_user.present(name, passwd, database=db, roles=current_role), ret)
+
+            with patch.dict(mongodb_user.__opts__, {'test': True}):
+                comt = ('User {0} is already present'
+                        .format(name))
+                ret.update({'comment': comt, 'result': True})
+                self.assertDictEqual(mongodb_user.present(name, passwd, database=db, roles=current_role), ret)
+
+            with patch.dict(mongodb_user.__opts__, {'test': False}):
+                comt = ('User {0} is already present'.format(name))
+                ret.update({'comment': comt, 'result': True})
+                self.assertDictEqual(mongodb_user.present(name, passwd, database=db, roles=current_role), ret)
+
+            with patch.dict(mongodb_user.__opts__, {'test': True}):
+                comt = ('User {0} is already present, but has new roles'
+                        .format(name))
+                ret.update({'comment': comt, 'result': None,
+                            'changes': {name: {'database': db, 'roles': {'old': current_role, 'new': new_role}}}})
+                self.assertDictEqual(mongodb_user.present(name, passwd, database=db, roles=new_role), ret)
+
+            with patch.dict(mongodb_user.__opts__, {'test': False}):
+                comt = ('User {0} is already present, but has new roles'.format(name))
+                ret.update({'comment': comt, 'result': True,
+                            'changes': {name: {'database': db, 'roles': {'old': current_role, 'new': new_role}}}})
+                self.assertDictEqual(mongodb_user.present(name, passwd, database=db, roles=new_role), ret)
+
     # 'absent' function tests: 1
 
     def test_absent(self):