diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ac7808b3b90..4b6fbc953aa8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,31 @@ Versions are `MAJOR.PATCH`. # Changelog + +## 3006.4 (2023-10-16) + +### Security + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) +- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) + + +## 3005.4 (2023-10-16) + +### Security + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. (cve-2023-34049) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 (#65267) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f (#65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65383) + + ## Salt v3005.3 (2023-09-14) ### Fixed diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1 index 1b084240c54a..cfbe64d172ad 100644 --- a/doc/man/salt-api.1 +++ b/doc/man/salt-api.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-API" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-API" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-api \- salt-api Command .sp diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1 index 56c5c5c83191..2a964330511f 100644 --- a/doc/man/salt-call.1 +++ b/doc/man/salt-call.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CALL" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-CALL" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-call \- salt-call Documentation .SH SYNOPSIS diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1 index 757a3e1eb9d7..e3866a63e31e 100644 --- a/doc/man/salt-cloud.1 +++ b/doc/man/salt-cloud.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CLOUD" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-CLOUD" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-cloud \- Salt Cloud Command .sp diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1 index e3386d6d343e..0ad964aaf7b5 100644 --- a/doc/man/salt-cp.1 +++ b/doc/man/salt-cp.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CP" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-CP" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-cp \- salt-cp Documentation .sp diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1 index 7aca0353f865..913c2cf5b9ed 100644 --- a/doc/man/salt-key.1 +++ b/doc/man/salt-key.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-KEY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-KEY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-key \- salt-key Documentation .SH SYNOPSIS diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1 index 1762910298ed..b8bd9056ff33 100644 --- a/doc/man/salt-master.1 +++ b/doc/man/salt-master.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MASTER" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-MASTER" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-master \- salt-master Documentation .sp diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1 index 62aeafada86e..5fb106bf3f29 100644 --- a/doc/man/salt-minion.1 +++ b/doc/man/salt-minion.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MINION" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-MINION" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-minion \- salt-minion Documentation .sp diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1 index 1475d70de9e0..97fdfa6c6ae5 100644 --- a/doc/man/salt-proxy.1 +++ b/doc/man/salt-proxy.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-PROXY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-PROXY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-proxy \- salt-proxy Documentation .sp diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1 index 0efc3d39e35f..6954234ae0c0 100644 --- a/doc/man/salt-run.1 +++ b/doc/man/salt-run.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-RUN" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-RUN" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-run \- salt-run Documentation .sp diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1 index 743f004ec500..b085a6a6cde6 100644 --- a/doc/man/salt-ssh.1 +++ b/doc/man/salt-ssh.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SSH" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-SSH" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-ssh \- salt-ssh Documentation .SH SYNOPSIS diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1 index 3a71a02eee7f..5e26b223e349 100644 --- a/doc/man/salt-syndic.1 +++ b/doc/man/salt-syndic.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SYNDIC" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-SYNDIC" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-syndic \- salt-syndic Documentation .sp diff --git a/doc/man/salt.1 b/doc/man/salt.1 index 08cf0bc7b416..852508174cc9 100644 --- a/doc/man/salt.1 +++ b/doc/man/salt.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt \- salt .SH SYNOPSIS diff --git a/doc/man/salt.7 b/doc/man/salt.7 index 051ad6a0e759..37909803cad1 100644 --- a/doc/man/salt.7 +++ b/doc/man/salt.7 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "7" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT" "7" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt \- Salt Documentation .SH SALT PROJECT @@ -194128,7 +194128,7 @@ Passes through all the parameters described in the \fI\%utils.http.query function\fP: .INDENT 7.0 .TP -.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.3\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) +.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.4\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) Query a resource, and decode the return data .UNINDENT .INDENT 7.0 @@ -457626,7 +457626,7 @@ installed2 .UNINDENT .INDENT 0.0 .TP -.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) +.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) Install buildout in a specific directory .sp It is a thin wrapper to modules.buildout.buildout @@ -477556,6 +477556,25 @@ Addresses multiple CVEs in Python\(aqs dependencies: \fI\%https://docs.python.or .IP \(bu 2 Update to \fBgitpython>=3.1.32\fP due to \fI\%https://github.com/advisories/GHSA\-pr76\-5cm5\-w9cj\fP \fI\%#64988\fP .UNINDENT +(release\-3006.4)= +.SS Salt 3006.4 release notes +.SS Changelog +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Fix CVE\-2023\-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. +This only impacts salt\-ssh users using the pre\-flight option. \fI\%#cve\-2023\-34049\fP +.IP \(bu 2 +Update to \fBgitpython>=3.1.35\fP due to \fI\%https://github.com/advisories/GHSA\-wfm5\-v35h\-vwf4\fP and \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65163\fP +.IP \(bu 2 +Bump to \fBcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHSA\-v8gr\-m533\-ghj9\fP \fI\%#65268\fP +.IP \(bu 2 +Upgrade relenv to 0.13.12 to address CVE\-2023\-4807 \fI\%#65316\fP +.IP \(bu 2 +Bump to \fBurllib3==1.26.17\fP or \fBurllib3==2.0.6\fP due to \fI\%https://github.com/advisories/GHSA\-v845\-jxx5\-vc9f\fP \fI\%#65334\fP +.IP \(bu 2 +Bump to \fBgitpython==3.1.37\fP due to \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65383\fP +.UNINDENT .sp See \fI\%Install a release candidate\fP for more information about installing an RC when one is available. diff --git a/doc/man/spm.1 b/doc/man/spm.1 index 9353636a20b8..686ce512eeba 100644 --- a/doc/man/spm.1 +++ b/doc/man/spm.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SPM" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SPM" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME spm \- Salt Package Manager Command .sp diff --git a/doc/topics/releases/3005.4.rst b/doc/topics/releases/3005.4.rst new file mode 100644 index 000000000000..18f904e74a26 --- /dev/null +++ b/doc/topics/releases/3005.4.rst @@ -0,0 +1,17 @@ +.. _release-3005-4: + +========================= +Salt 3005.4 Release Notes +========================= + +Version 3005.4 is a CVE security fix release for :ref:`3005 `. + + +Security +-------- + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. (cve-2023-34049) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 (#65267) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f (#65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65383) diff --git a/doc/topics/releases/3006.4.md b/doc/topics/releases/3006.4.md new file mode 100644 index 000000000000..83478f1cc994 --- /dev/null +++ b/doc/topics/releases/3006.4.md @@ -0,0 +1,29 @@ +(release-3006.4)= +# Salt 3006.4 release notes + + + + + + + +## Changelog + +### Security + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) +- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) diff --git a/doc/topics/releases/templates/3006.4.md.template b/doc/topics/releases/templates/3006.4.md.template new file mode 100644 index 000000000000..a11ede9bf4c8 --- /dev/null +++ b/doc/topics/releases/templates/3006.4.md.template @@ -0,0 +1,14 @@ +(release-3006.4)= +# Salt 3006.4 release notes{{ unreleased }} +{{ warning }} + + + + +## Changelog +{{ changelog }} diff --git a/pkg/debian/changelog b/pkg/debian/changelog index bd27fccf007a..e45d8665d162 100644 --- a/pkg/debian/changelog +++ b/pkg/debian/changelog @@ -1,3 +1,19 @@ +salt (3006.4) stable; urgency=medium + + + # Security + + * Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt*ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) + * Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) + * Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) + * Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) + * Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) + * Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) + + + -- Salt Project Packaging Mon, 16 Oct 2023 17:22:41 +0000 + salt (3006.3) stable; urgency=medium diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec index eaeae33320fa..6cc4e85c23c3 100644 --- a/pkg/rpm/salt.spec +++ b/pkg/rpm/salt.spec @@ -31,7 +31,7 @@ %define fish_dir %{_datadir}/fish/vendor_functions.d Name: salt -Version: 3006.3 +Version: 3006.4 Release: 0 Summary: A parallel remote execution system Group: System Environment/Daemons @@ -563,6 +563,19 @@ fi %changelog +* Mon Oct 16 2023 Salt Project Packaging - 3006.4 + +# Security + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) +- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) + + * Wed Sep 06 2023 Salt Project Packaging - 3006.3 # Removed diff --git a/requirements/darwin.txt b/requirements/darwin.txt index 59aa84bc06e4..fc689ebb13b8 100644 --- a/requirements/darwin.txt +++ b/requirements/darwin.txt @@ -5,7 +5,7 @@ apache-libcloud>=2.4.0 cherrypy>=17.4.1 cryptography>=41.0.3 -gitpython>=3.1.30 +gitpython>=3.1.37 idna>=2.8 linode-python>=1.1.1 pyasn1>=0.4.8 diff --git a/requirements/static/ci/common.in b/requirements/static/ci/common.in index 5763cac19de1..baaa7fc0da6d 100644 --- a/requirements/static/ci/common.in +++ b/requirements/static/ci/common.in @@ -15,7 +15,7 @@ clustershell croniter>=0.3.0,!=0.3.22"; sys_platform != 'win32' dnspython etcd3-py==0.1.6 -gitpython>=3.1.30 +gitpython>=3.1.37 jmespath jsonschema junos-eznc; sys_platform != 'win32' and python_version <= '3.10' diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 61690e249bbc..bff0998ec0d6 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -659,19 +659,19 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.10/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.10/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.10/linux.txt # kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt @@ -1207,7 +1207,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1230,7 +1229,7 @@ smbprotocol==1.10.1 # via # -r requirements/static/ci/cloud.in # pypsexec -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.10/linux.txt # gitdb @@ -1260,7 +1259,7 @@ tomli==2.0.1 # via # -c requirements/static/ci/py3.10/linux.txt # pytest -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.10/linux.txt # junos-eznc @@ -1269,7 +1268,7 @@ typing-extensions==4.2.0 # -c requirements/static/ci/py3.10/linux.txt # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 84c3084d76d0..ab71f7987bf5 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -437,20 +437,20 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.1.2 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # -r requirements/darwin.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/darwin.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # -r requirements/darwin.txt @@ -851,7 +851,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -866,7 +865,7 @@ six==1.16.0 # vcert # virtualenv # websocket-client -smmap==3.0.2 +smmap==4.0.0 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # gitdb @@ -886,13 +885,13 @@ toml==0.10.2 # via -r requirements/static/ci/common.in tomli==2.0.1 # via pytest -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.10/darwin.txt # botocore diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index f28d784c99d1..680af0d458a8 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -34,7 +34,7 @@ distro==1.5.0 # -r requirements/base.txt docutils==0.19 # via sphinx -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/py3.10/linux.txt # requests @@ -183,7 +183,7 @@ typing-extensions==4.2.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/py3.10/linux.txt # requests diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 0fceb5d4745b..ab3910913c49 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -435,15 +435,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.2.1.post1 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/freebsd.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.10/freebsd.txt # etcd3-py @@ -843,7 +843,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -860,7 +859,7 @@ six==1.16.0 # vcert # virtualenv # websocket-client -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -878,13 +877,13 @@ toml==0.10.2 # via -r requirements/static/ci/common.in tomli==2.0.1 # via pytest -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.10/freebsd.txt # botocore diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 52d4a4bebdac..a0eb57db6631 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -659,15 +659,15 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.10/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.10/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.10/linux.txt # kubernetes @@ -675,7 +675,7 @@ hglib==2.6.1 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt @@ -1080,7 +1080,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via # -c requirements/static/ci/py3.10/linux.txt @@ -1190,7 +1189,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1215,7 +1213,7 @@ slack-sdk==3.19.5 # via # -c requirements/static/ci/py3.10/linux.txt # slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.10/linux.txt # gitdb @@ -1246,7 +1244,7 @@ tornado==6.1 # via # -c requirements/static/ci/py3.10/linux.txt # python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.10/linux.txt # junos-eznc @@ -1254,11 +1252,11 @@ twilio==7.9.2 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/static/ci/linux.in -tzlocal==2.1 +tzlocal==3.0 # via # -c requirements/static/ci/py3.10/linux.txt # apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 64def55e0c7b..2a267e08d2f0 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -449,15 +449,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.1.2 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # etcd3-py @@ -803,7 +803,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via -r requirements/static/ci/common.in pyyaml==6.0.1 @@ -884,7 +883,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -905,7 +903,7 @@ slack-bolt==1.15.5 # via -r requirements/static/ci/linux.in slack-sdk==3.19.5 # via slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -925,7 +923,7 @@ tomli==2.0.1 # via pytest tornado==6.1 # via python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc twilio==7.9.2 # via -r requirements/static/ci/linux.in @@ -933,9 +931,9 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -tzlocal==2.1 +tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.10/linux.txt # botocore diff --git a/requirements/static/ci/py3.10/tools.txt b/requirements/static/ci/py3.10/tools.txt index 816a0301c4a1..3cd670b6dfe5 100644 --- a/requirements/static/ci/py3.10/tools.txt +++ b/requirements/static/ci/py3.10/tools.txt @@ -20,7 +20,7 @@ charset-normalizer==3.0.1 # via requests commonmark==0.9.1 # via rich -idna==3.4 +idna==3.2 # via requests jinja2==3.1.2 # via -r requirements/static/ci/tools.in @@ -52,7 +52,7 @@ six==1.16.0 # via python-dateutil typing-extensions==4.4.0 # via python-tools-scripts -urllib3==1.26.12 +urllib3==1.26.18 # via # botocore # requests diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 2fa1115bdbaf..aa68c6708563 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -125,14 +125,14 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # -r requirements/static/ci/common.in # -r requirements/windows.txt -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # etcd3-py @@ -418,7 +418,6 @@ six==1.15.0 # etcd3-py # genshi # geomet - # google-auth # jsonschema # kubernetes # python-dateutil @@ -450,7 +449,7 @@ typing-extensions==4.4.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.10/windows.txt # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.11/tools.txt b/requirements/static/ci/py3.11/tools.txt index 4e0c7ace511d..771b449b9523 100644 --- a/requirements/static/ci/py3.11/tools.txt +++ b/requirements/static/ci/py3.11/tools.txt @@ -20,7 +20,7 @@ charset-normalizer==3.0.1 # via requests commonmark==0.9.1 # via rich -idna==3.4 +idna==3.2 # via requests jinja2==3.1.2 # via -r requirements/static/ci/tools.in @@ -50,7 +50,7 @@ s3transfer==0.5.2 # via boto3 six==1.16.0 # via python-dateutil -urllib3==1.26.12 +urllib3==1.26.18 # via # botocore # requests diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 6f2799bc2463..482fe4a01796 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -678,19 +678,19 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.7/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.7/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.7/linux.txt # kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt @@ -1261,7 +1261,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1285,7 +1284,7 @@ smbprotocol==1.10.1 # via # -r requirements/static/ci/cloud.in # pypsexec -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.7/linux.txt # gitdb @@ -1325,7 +1324,7 @@ tomli==2.0.1 # via # -c requirements/static/ci/py3.7/linux.txt # pytest -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.7/linux.txt # junos-eznc @@ -1340,7 +1339,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index 8b4c690f5912..c7ff9451ad78 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -34,7 +34,7 @@ distro==1.5.0 # -r requirements/base.txt docutils==0.16 # via sphinx -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/py3.7/linux.txt # requests @@ -189,7 +189,7 @@ typing-extensions==3.10.0.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/py3.7/linux.txt # requests diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index ece9fe46717c..281969ebf98b 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -447,15 +447,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.2.1.post1 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/freebsd.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.7/freebsd.txt # etcd3-py @@ -887,7 +887,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -905,7 +904,7 @@ six==1.16.0 # vcert # virtualenv # websocket-client -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -930,7 +929,7 @@ toml==0.10.2 # via -r requirements/static/ci/common.in tomli==2.0.1 # via pytest -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc typing-extensions==3.10.0.0 # via @@ -942,7 +941,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.7/freebsd.txt # botocore diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index 4dddc1f9450a..2e9f5f55d0ba 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -519,6 +519,10 @@ backports.entry-points-selectable==1.1.0 # via # -c requirements/static/ci/py3.7/linux.txt # virtualenv +backports.zoneinfo==0.2.1 + # via + # -c requirements/static/ci/py3.7/linux.txt + # tzlocal bcrypt==3.1.6 # via # -c requirements/static/ci/py3.7/linux.txt @@ -678,15 +682,15 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.7/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.7/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.7/linux.txt # kubernetes @@ -694,7 +698,7 @@ hglib==2.6.1 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt @@ -1128,7 +1132,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via # -c requirements/static/ci/py3.7/linux.txt @@ -1242,7 +1245,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1268,7 +1270,7 @@ slack-sdk==3.19.5 # via # -c requirements/static/ci/py3.7/linux.txt # slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.7/linux.txt # gitdb @@ -1309,7 +1311,7 @@ tornado==6.1 # via # -c requirements/static/ci/py3.7/linux.txt # python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.7/linux.txt # junos-eznc @@ -1328,11 +1330,11 @@ typing-extensions==3.10.0.0 # gitpython # importlib-metadata # yarl -tzlocal==2.1 +tzlocal==3.0 # via # -c requirements/static/ci/py3.7/linux.txt # apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index cb9b1dd651b4..c66aae87b32c 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -342,6 +342,8 @@ azure==4.0.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in backports.entry-points-selectable==1.1.0 # via virtualenv +backports.zoneinfo==0.2.1 + # via tzlocal bcrypt==3.1.6 # via # -r requirements/static/ci/common.in @@ -461,15 +463,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.1.2 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # etcd3-py @@ -842,7 +844,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via -r requirements/static/ci/common.in pyyaml==6.0.1 @@ -928,7 +929,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -950,7 +950,7 @@ slack-bolt==1.15.5 # via -r requirements/static/ci/linux.in slack-sdk==3.19.5 # via slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -977,7 +977,7 @@ tomli==2.0.1 # via pytest tornado==6.1 # via python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc twilio==7.9.2 # via -r requirements/static/ci/linux.in @@ -991,9 +991,9 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -tzlocal==2.1 +tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.7/linux.txt # botocore diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index c1a761916ada..358a269c22d7 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -131,14 +131,14 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # -r requirements/static/ci/common.in # -r requirements/windows.txt -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # etcd3-py @@ -432,7 +432,6 @@ six==1.15.0 # etcd3-py # genshi # geomet - # google-auth # jsonschema # kubernetes # python-dateutil @@ -471,7 +470,7 @@ typing-extensions==4.4.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.7/windows.txt # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index fb1e07cb799c..f509db707253 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -674,19 +674,19 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.8/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.8/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.8/linux.txt # kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt @@ -1249,7 +1249,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1273,7 +1272,7 @@ smbprotocol==1.10.1 # via # -r requirements/static/ci/cloud.in # pypsexec -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.8/linux.txt # gitdb @@ -1313,7 +1312,7 @@ tomli==2.0.1 # via # -c requirements/static/ci/py3.8/linux.txt # pytest -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.8/linux.txt # junos-eznc @@ -1322,7 +1321,7 @@ typing-extensions==4.2.0 # -c requirements/static/ci/py3.8/linux.txt # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index 49e09b08f755..032c8433ce0c 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -34,7 +34,7 @@ distro==1.5.0 # -r requirements/base.txt docutils==0.16 # via sphinx -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/py3.8/linux.txt # requests @@ -183,7 +183,7 @@ typing-extensions==4.2.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/py3.8/linux.txt # requests diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 40b37ce200bb..ed7fe4bf658f 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -445,15 +445,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.2.1.post1 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/freebsd.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.8/freebsd.txt # etcd3-py @@ -877,7 +877,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -895,7 +894,7 @@ six==1.16.0 # vcert # virtualenv # websocket-client -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -920,13 +919,13 @@ toml==0.10.2 # via -r requirements/static/ci/common.in tomli==2.0.1 # via pytest -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.8/freebsd.txt # botocore diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 2142dc4e13fc..3ff68e1d3a66 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -515,6 +515,10 @@ backports.entry-points-selectable==1.1.0 # via # -c requirements/static/ci/py3.8/linux.txt # virtualenv +backports.zoneinfo==0.2.1 + # via + # -c requirements/static/ci/py3.8/linux.txt + # tzlocal bcrypt==3.1.6 # via # -c requirements/static/ci/py3.8/linux.txt @@ -674,15 +678,15 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.8/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.8/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.8/linux.txt # kubernetes @@ -690,7 +694,7 @@ hglib==2.6.1 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt @@ -1118,7 +1122,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via # -c requirements/static/ci/py3.8/linux.txt @@ -1232,7 +1235,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1258,7 +1260,7 @@ slack-sdk==3.19.5 # via # -c requirements/static/ci/py3.8/linux.txt # slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.8/linux.txt # gitdb @@ -1299,7 +1301,7 @@ tornado==6.1 # via # -c requirements/static/ci/py3.8/linux.txt # python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.8/linux.txt # junos-eznc @@ -1307,11 +1309,11 @@ twilio==7.9.2 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/static/ci/linux.in -tzlocal==2.1 +tzlocal==3.0 # via # -c requirements/static/ci/py3.8/linux.txt # apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index b5f42c250085..5269b54d76fa 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -340,6 +340,8 @@ azure==4.0.0 ; sys_platform != "win32" # via -r requirements/static/ci/common.in backports.entry-points-selectable==1.1.0 # via virtualenv +backports.zoneinfo==0.2.1 + # via tzlocal bcrypt==3.1.6 # via # -r requirements/static/ci/common.in @@ -459,15 +461,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.1.2 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # etcd3-py @@ -832,7 +834,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via -r requirements/static/ci/common.in pyyaml==6.0.1 @@ -918,7 +919,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -940,7 +940,7 @@ slack-bolt==1.15.5 # via -r requirements/static/ci/linux.in slack-sdk==3.19.5 # via slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -967,7 +967,7 @@ tomli==2.0.1 # via pytest tornado==6.1 # via python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc twilio==7.9.2 # via -r requirements/static/ci/linux.in @@ -975,9 +975,9 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -tzlocal==2.1 +tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.8/linux.txt # botocore diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 95fcf8c05705..12557cc1db22 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -127,14 +127,14 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # -r requirements/static/ci/common.in # -r requirements/windows.txt -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # etcd3-py @@ -420,7 +420,6 @@ six==1.15.0 # etcd3-py # genshi # geomet - # google-auth # jsonschema # kubernetes # python-dateutil @@ -453,7 +452,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.8/windows.txt # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 2a60c038d87c..27ff498e6971 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -674,19 +674,19 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.9/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.9/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.9/linux.txt # kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt @@ -1251,7 +1251,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1275,7 +1274,7 @@ smbprotocol==1.10.1 # via # -r requirements/static/ci/cloud.in # pypsexec -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.9/linux.txt # gitdb @@ -1315,7 +1314,7 @@ tomli==2.0.1 # via # -c requirements/static/ci/py3.9/linux.txt # pytest -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.9/linux.txt # junos-eznc @@ -1324,7 +1323,7 @@ typing-extensions==4.2.0 # -c requirements/static/ci/py3.9/linux.txt # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 3983eec0a46f..4d427fc1921c 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -447,20 +447,20 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.1.2 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # -r requirements/darwin.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/darwin.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # -r requirements/darwin.txt @@ -887,7 +887,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -903,7 +902,7 @@ six==1.16.0 # vcert # virtualenv # websocket-client -smmap==3.0.2 +smmap==4.0.0 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # gitdb @@ -930,13 +929,13 @@ toml==0.10.2 # via -r requirements/static/ci/common.in tomli==2.0.1 # via pytest -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.9/darwin.txt # botocore diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index c503a9d3ba0e..f15f41588a9b 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -34,7 +34,7 @@ distro==1.5.0 # -r requirements/base.txt docutils==0.19 # via sphinx -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/py3.9/linux.txt # requests @@ -187,7 +187,7 @@ typing-extensions==4.2.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/py3.9/linux.txt # requests diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index a503e7130a90..1986be0a083d 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -445,15 +445,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.2.1.post1 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/freebsd.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.9/freebsd.txt # etcd3-py @@ -879,7 +879,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -897,7 +896,7 @@ six==1.16.0 # vcert # virtualenv # websocket-client -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -922,13 +921,13 @@ toml==0.10.2 # via -r requirements/static/ci/common.in tomli==2.0.1 # via pytest -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.9/freebsd.txt # botocore diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 13db8d9d2f5e..8f065ba5811a 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -678,15 +678,15 @@ geomet==0.1.2 # via # -c requirements/static/ci/py3.9/linux.txt # cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via # -c requirements/static/ci/py3.9/linux.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via # -c requirements/static/ci/py3.9/linux.txt # kubernetes @@ -694,7 +694,7 @@ hglib==2.6.1 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt @@ -1124,7 +1124,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via # -c requirements/static/ci/py3.9/linux.txt @@ -1238,7 +1237,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -1264,7 +1262,7 @@ slack-sdk==3.19.5 # via # -c requirements/static/ci/py3.9/linux.txt # slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via # -c requirements/static/ci/py3.9/linux.txt # gitdb @@ -1305,7 +1303,7 @@ tornado==6.1 # via # -c requirements/static/ci/py3.9/linux.txt # python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via # -c requirements/static/ci/py3.9/linux.txt # junos-eznc @@ -1313,11 +1311,11 @@ twilio==7.9.2 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/static/ci/linux.in -tzlocal==2.1 +tzlocal==3.0 # via # -c requirements/static/ci/py3.9/linux.txt # apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 9add0ba702a4..0c5f49494bf3 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -461,15 +461,15 @@ genshi==0.7.5 # via -r requirements/static/ci/common.in geomet==0.1.2 # via cassandra-driver -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes hglib==2.6.1 # via -r requirements/static/ci/linux.in -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # etcd3-py @@ -836,7 +836,6 @@ pytz==2022.1 # python-telegram-bot # tempora # twilio - # tzlocal pyvmomi==6.7.1.2018.12 # via -r requirements/static/ci/common.in pyyaml==6.0.1 @@ -922,7 +921,6 @@ six==1.16.0 # etcd3-py # genshi # geomet - # google-auth # isodate # jsonschema # junos-eznc @@ -944,7 +942,7 @@ slack-bolt==1.15.5 # via -r requirements/static/ci/linux.in slack-sdk==3.19.5 # via slack-bolt -smmap==3.0.4 +smmap==4.0.0 # via gitdb sqlparse==0.4.4 # via -r requirements/static/ci/common.in @@ -971,7 +969,7 @@ tomli==2.0.1 # via pytest tornado==6.1 # via python-telegram-bot -transitions==0.8.1 +transitions==0.8.9 # via junos-eznc twilio==7.9.2 # via -r requirements/static/ci/linux.in @@ -979,9 +977,9 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -tzlocal==2.1 +tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.9/linux.txt # botocore diff --git a/requirements/static/ci/py3.9/tools.txt b/requirements/static/ci/py3.9/tools.txt index 29aa4edc2d92..a5ae88526d4b 100644 --- a/requirements/static/ci/py3.9/tools.txt +++ b/requirements/static/ci/py3.9/tools.txt @@ -20,7 +20,7 @@ charset-normalizer==3.0.1 # via requests commonmark==0.9.1 # via rich -idna==3.4 +idna==3.2 # via requests jinja2==3.1.2 # via -r requirements/static/ci/tools.in @@ -52,7 +52,7 @@ six==1.16.0 # via python-dateutil typing-extensions==4.4.0 # via python-tools-scripts -urllib3==1.26.12 +urllib3==1.26.18 # via # botocore # requests diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 5dcd12b602e9..fbac0ca855dd 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -127,14 +127,14 @@ gitdb==4.0.7 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # -r requirements/static/ci/common.in # -r requirements/windows.txt -google-auth==1.6.3 +google-auth==2.1.0 # via kubernetes -idna==2.8 +idna==3.2 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # etcd3-py @@ -421,7 +421,6 @@ six==1.15.0 # etcd3-py # genshi # geomet - # google-auth # jsonschema # kubernetes # python-dateutil @@ -454,7 +453,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.18 # via # -c requirements/static/ci/../pkg/py3.9/windows.txt # -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 3076cbdbfcce..9f68500b9018 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -24,11 +24,11 @@ cryptography==41.0.4 # pyopenssl distro==1.5.0 # via -r requirements/base.txt -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/darwin.txt -idna==2.8 +idna==3.2 # via # -r requirements/darwin.txt # requests @@ -104,13 +104,13 @@ six==1.16.0 # via # cheroot # python-dateutil -smmap==3.0.2 +smmap==4.0.0 # via gitdb tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/darwin.txt -urllib3==1.26.6 +urllib3==1.26.18 # via requests vultr==1.0.1 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index cbed6472f2be..a3b3a62cf306 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -24,7 +24,7 @@ distro==1.5.0 # via # -r requirements/base.txt # -r requirements/static/pkg/freebsd.in -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index aee7931820c9..fcad8dbda0a4 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -22,7 +22,7 @@ cryptography==41.0.4 # pyopenssl distro==1.5.0 # via -r requirements/base.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 02f7797641ae..0c57a88ea459 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -31,9 +31,9 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -124,7 +124,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==1.26.18 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index ee0cc09f834f..780e05526b65 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -24,7 +24,7 @@ distro==1.5.0 # via # -r requirements/base.txt # -r requirements/static/pkg/freebsd.in -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -96,7 +96,7 @@ timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in typing-extensions==3.10.0.0 # via importlib-metadata -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index d7bd46db4986..deb6e37e7ba2 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -22,7 +22,7 @@ cryptography==41.0.4 # pyopenssl distro==1.5.0 # via -r requirements/base.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -96,7 +96,7 @@ timelib==0.2.5 # via -r requirements/static/pkg/linux.in typing-extensions==3.10.0.0 # via importlib-metadata -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index eb90d0282bb3..bfb20ab5057e 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -31,9 +31,9 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -129,7 +129,7 @@ typing-extensions==4.4.0 # via # gitpython # importlib-metadata -urllib3==1.26.6 +urllib3==1.26.18 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index 0c72f6cc4e60..de0dbc5395d7 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -24,7 +24,7 @@ distro==1.5.0 # via # -r requirements/base.txt # -r requirements/static/pkg/freebsd.in -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -94,7 +94,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index 0b2e23b62480..6ed8e793e411 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -22,7 +22,7 @@ cryptography==41.0.4 # pyopenssl distro==1.5.0 # via -r requirements/base.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -94,7 +94,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 94da1a862b59..e99f512e2a0e 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -31,9 +31,9 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -125,7 +125,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==1.26.18 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index e19bf45f403d..8a0b222f9e9a 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -24,11 +24,11 @@ cryptography==41.0.4 # pyopenssl distro==1.5.0 # via -r requirements/base.txt -gitdb==4.0.5 +gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/darwin.txt -idna==2.8 +idna==3.2 # via # -r requirements/darwin.txt # requests @@ -104,13 +104,13 @@ six==1.16.0 # via # cheroot # python-dateutil -smmap==3.0.2 +smmap==4.0.0 # via gitdb tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/darwin.txt -urllib3==1.26.6 +urllib3==1.26.18 # via requests vultr==1.0.1 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 18ed71ef45c3..3b5b6e8b6501 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -24,7 +24,7 @@ distro==1.5.0 # via # -r requirements/base.txt # -r requirements/static/pkg/freebsd.in -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index 300f1c8d9fe3..3045504167d1 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -22,7 +22,7 @@ cryptography==41.0.4 # pyopenssl distro==1.5.0 # via -r requirements/base.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==1.26.18 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index a389c7471d80..16bf92e295c0 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -31,9 +31,9 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt -idna==2.8 +idna==3.2 # via requests immutables==0.15 # via contextvars @@ -125,7 +125,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==1.26.18 # via # -r requirements/windows.txt # requests diff --git a/requirements/windows.txt b/requirements/windows.txt index 7911eef67327..19ae0c889df6 100644 --- a/requirements/windows.txt +++ b/requirements/windows.txt @@ -10,7 +10,7 @@ certifi>=2022.12.07 cffi>=1.14.5 cherrypy>=18.6.1 cryptography>=41.0.3 -gitpython>=3.1.30 +gitpython>=3.1.37 ioloop>=0.1a0 lxml>=4.6.3 pyasn1>=0.4.8 diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index 0d9ac9509b64..067d4575f9bd 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -11,9 +11,11 @@ import logging import multiprocessing import os +import pathlib import queue import re import shlex +import shutil import subprocess import sys import tarfile @@ -467,7 +469,14 @@ def key_deploy(self, host, ret): if target.get("passwd", False) or self.opts["ssh_passwd"]: self._key_deploy_run(host, target, False) return ret - if ret[host].get("stderr", "").count("Permission denied"): + stderr = ret[host].get("stderr", "") + # -failed to upload file- is detecting scp errors + # Errors to ignore when Permission denied is in the stderr. For example + # scp can get a permission denied on the target host, but they where + # able to accurate authenticate against the box + ignore_err = ["failed to upload file"] + check_err = [x for x in ignore_err if stderr.count(x)] + if "Permission denied" in stderr and not check_err: target = self.targets[host] # permission denied, attempt to auto deploy ssh key print( @@ -1007,11 +1016,30 @@ def run_ssh_pre_flight(self): """ Run our pre_flight script before running any ssh commands """ - script = os.path.join(tempfile.gettempdir(), self.ssh_pre_file) - - self.shell.send(self.ssh_pre_flight, script) - - return self.execute_script(script, script_args=self.ssh_pre_flight_args) + with tempfile.NamedTemporaryFile() as temp: + # ensure we use copyfile to not copy the file attributes + # we want to ensure we use the perms set by the secure + # NamedTemporaryFile + try: + shutil.copyfile(self.ssh_pre_flight, temp.name) + except OSError as err: + return ( + "", + "Could not copy pre flight script to temporary path", + 1, + ) + target_script = f".{pathlib.Path(temp.name).name}" + log.trace("Copying the pre flight script to target") + stdout, stderr, retcode = self.shell.send(temp.name, target_script) + if retcode != 0: + # We could not copy the script to the target + log.error("Could not copy the pre flight script to target") + return stdout, stderr, retcode + + log.trace("Executing the pre flight script on target") + return self.execute_script( + target_script, script_args=self.ssh_pre_flight_args + ) def check_thin_dir(self): """ @@ -1388,18 +1416,20 @@ def shim_cmd(self, cmd_str, extension="py"): return self.shell.exec_cmd(cmd_str) # Write the shim to a temporary file in the default temp directory - with tempfile.NamedTemporaryFile( - mode="w+b", prefix="shim_", delete=False - ) as shim_tmp_file: + with tempfile.NamedTemporaryFile(mode="w+b", delete=False) as shim_tmp_file: shim_tmp_file.write(salt.utils.stringutils.to_bytes(cmd_str)) # Copy shim to target system, under $HOME/. - target_shim_file = ".{}.{}".format( - binascii.hexlify(os.urandom(6)).decode("ascii"), extension - ) + target_shim_file = f".{pathlib.Path(shim_tmp_file.name).name}" + if self.winrm: target_shim_file = saltwinshell.get_target_shim_file(self, target_shim_file) - self.shell.send(shim_tmp_file.name, target_shim_file, makedirs=True) + stdout, stderr, retcode = self.shell.send( + shim_tmp_file.name, target_shim_file, makedirs=True + ) + if retcode != 0: + log.error("Could not copy the shim script to target") + return stdout, stderr, retcode # Remove our shim file try: diff --git a/tests/integration/ssh/test_pre_flight.py b/tests/integration/ssh/test_pre_flight.py deleted file mode 100644 index 1598b3d51b5d..000000000000 --- a/tests/integration/ssh/test_pre_flight.py +++ /dev/null @@ -1,132 +0,0 @@ -""" -Test for ssh_pre_flight roster option -""" - -import os - -import pytest - -import salt.utils.files -from tests.support.case import SSHCase -from tests.support.runtests import RUNTIME_VARS - - -class SSHPreFlightTest(SSHCase): - """ - Test ssh_pre_flight roster option - """ - - def setUp(self): - super().setUp() - self.roster = os.path.join(RUNTIME_VARS.TMP, "pre_flight_roster") - self.data = { - "ssh_pre_flight": os.path.join(RUNTIME_VARS.TMP, "ssh_pre_flight.sh") - } - self.test_script = os.path.join( - RUNTIME_VARS.TMP, "test-pre-flight-script-worked.txt" - ) - - def _create_roster(self, pre_flight_script_args=None): - data = dict(self.data) - if pre_flight_script_args: - data["ssh_pre_flight_args"] = pre_flight_script_args - - self.custom_roster(self.roster, data) - - with salt.utils.files.fopen(data["ssh_pre_flight"], "w") as fp_: - fp_.write("touch {}".format(self.test_script)) - - @pytest.mark.slow_test - def test_ssh_pre_flight(self): - """ - test ssh when ssh_pre_flight is set - ensure the script runs successfully - """ - self._create_roster() - assert self.run_function("test.ping", roster_file=self.roster) - - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight(self): - """ - test ssh when --pre-flight is passed to salt-ssh - to ensure the script runs successfully - """ - self._create_roster() - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_args(self): - """ - test ssh when --pre-flight is passed to salt-ssh - to ensure the script runs successfully passing some args - """ - self._create_roster(pre_flight_script_args="foobar test") - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_args_prevent_injection(self): - """ - test ssh when --pre-flight is passed to salt-ssh - and evil arguments are used in order to produce shell injection - """ - injected_file = os.path.join(RUNTIME_VARS.TMP, "injection") - self._create_roster( - pre_flight_script_args="foobar; echo injected > {}".format(injected_file) - ) - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - assert not os.path.isfile(injected_file) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - - assert not os.path.isfile( - injected_file - ), "File injection suceeded. This shouldn't happend" - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_failure(self): - """ - test ssh_pre_flight when there is a failure - in the script. - """ - self._create_roster() - with salt.utils.files.fopen(self.data["ssh_pre_flight"], "w") as fp_: - fp_.write("exit 2") - - ret = self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert ret["retcode"] == 2 - - def tearDown(self): - """ - make sure to clean up any old ssh directories - """ - files = [ - self.roster, - self.data["ssh_pre_flight"], - self.test_script, - os.path.join(RUNTIME_VARS.TMP, "injection"), - ] - for fp_ in files: - if os.path.exists(fp_): - os.remove(fp_) diff --git a/tests/pytests/integration/ssh/test_pre_flight.py b/tests/pytests/integration/ssh/test_pre_flight.py new file mode 100644 index 000000000000..09c65d294309 --- /dev/null +++ b/tests/pytests/integration/ssh/test_pre_flight.py @@ -0,0 +1,315 @@ +""" +Test for ssh_pre_flight roster option +""" + +try: + import grp + import pwd +except ImportError: + # windows stacktraces on import of these modules + pass +import os +import pathlib +import shutil +import subprocess + +import pytest +import yaml +from saltfactories.utils import random_string + +import salt.utils.files + +pytestmark = pytest.mark.skip_on_windows(reason="Salt-ssh not available on Windows") + + +def _custom_roster(roster_file, roster_data): + with salt.utils.files.fopen(roster_file, "r") as fp: + data = salt.utils.yaml.safe_load(fp) + for key, item in roster_data.items(): + data["localhost"][key] = item + with salt.utils.files.fopen(roster_file, "w") as fp: + yaml.safe_dump(data, fp) + + +@pytest.fixture +def _create_roster(salt_ssh_roster_file, tmp_path): + ret = {} + ret["roster"] = salt_ssh_roster_file + ret["data"] = {"ssh_pre_flight": str(tmp_path / "ssh_pre_flight.sh")} + ret["test_script"] = str(tmp_path / "test-pre-flight-script-worked.txt") + ret["thin_dir"] = tmp_path / "thin_dir" + + with salt.utils.files.fopen(salt_ssh_roster_file, "r") as fp: + data = salt.utils.yaml.safe_load(fp) + pre_flight_script = ret["data"]["ssh_pre_flight"] + data["localhost"]["ssh_pre_flight"] = pre_flight_script + data["localhost"]["thin_dir"] = str(ret["thin_dir"]) + with salt.utils.files.fopen(salt_ssh_roster_file, "w") as fp: + yaml.safe_dump(data, fp) + + with salt.utils.files.fopen(pre_flight_script, "w") as fp: + fp.write("touch {}".format(ret["test_script"])) + + yield ret + if ret["thin_dir"].exists(): + shutil.rmtree(ret["thin_dir"]) + + +@pytest.mark.slow_test +def test_ssh_pre_flight(salt_ssh_cli, caplog, _create_roster): + """ + test ssh when ssh_pre_flight is set + ensure the script runs successfully + """ + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + + assert pathlib.Path(_create_roster["test_script"]).exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight(salt_ssh_cli, _create_roster): + """ + test ssh when --pre-flight is passed to salt-ssh + to ensure the script runs successfully + """ + # make sure we previously ran a command so the thin dir exists + ret = salt_ssh_cli.run("test.ping") + assert pathlib.Path(_create_roster["test_script"]).exists() + + # Now remeove the script to ensure pre_flight doesn't run + # without --pre-flight + pathlib.Path(_create_roster["test_script"]).unlink() + + assert salt_ssh_cli.run("test.ping").returncode == 0 + assert not pathlib.Path(_create_roster["test_script"]).exists() + + # Now ensure + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + assert pathlib.Path(_create_roster["test_script"]).exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_args(salt_ssh_cli, _create_roster): + """ + test ssh when --pre-flight is passed to salt-ssh + to ensure the script runs successfully passing some args + """ + _custom_roster(salt_ssh_cli.roster_file, {"ssh_pre_flight_args": "foobar test"}) + # Create pre_flight script that accepts args + test_script = _create_roster["test_script"] + test_script_1 = pathlib.Path(test_script + "-foobar") + test_script_2 = pathlib.Path(test_script + "-test") + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp: + fp.write( + f""" + touch {str(test_script)}-$1 + touch {str(test_script)}-$2 + """ + ) + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + pathlib.Path(test_script_1).unlink() + pathlib.Path(test_script_2).unlink() + + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert not test_script_1.exists() + assert not test_script_2.exists() + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_args_prevent_injection( + salt_ssh_cli, _create_roster, tmp_path +): + """ + test ssh when --pre-flight is passed to salt-ssh + and evil arguments are used in order to produce shell injection + """ + injected_file = tmp_path / "injection" + _custom_roster( + salt_ssh_cli.roster_file, + {"ssh_pre_flight_args": f"foobar; echo injected > {str(injected_file)}"}, + ) + # Create pre_flight script that accepts args + test_script = _create_roster["test_script"] + test_script_1 = pathlib.Path(test_script + "-echo") + test_script_2 = pathlib.Path(test_script + "-foobar;") + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp: + fp.write( + f""" + touch {str(test_script)}-$1 + touch {str(test_script)}-$2 + """ + ) + + # make sure we previously ran a command so the thin dir exists + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + test_script_1.unlink() + test_script_2.unlink() + assert not injected_file.is_file() + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + + assert test_script_1.exists() + assert test_script_2.exists() + assert not pathlib.Path( + injected_file + ).is_file(), "File injection suceeded. This shouldn't happend" + + +@pytest.mark.flaky(max_runs=4) +@pytest.mark.slow_test +def test_ssh_run_pre_flight_failure(salt_ssh_cli, _create_roster): + """ + test ssh_pre_flight when there is a failure + in the script. + """ + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp_: + fp_.write("exit 2") + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.data["retcode"] == 2 + + +@pytest.fixture +def account(): + username = random_string("test-account-", uppercase=False) + with pytest.helpers.create_account(username=username) as account: + yield account + + +@pytest.mark.slow_test +def test_ssh_pre_flight_script(salt_ssh_cli, caplog, _create_roster, tmp_path, account): + """ + Test to ensure user cannot create and run a script + with the expected pre_flight script path on target. + """ + try: + script = pathlib.Path.home() / "hacked" + tmp_preflight = pathlib.Path("/tmp", "ssh_pre_flight.sh") + tmp_preflight.write_text(f"touch {script}") + os.chown(tmp_preflight, account.info.uid, account.info.gid) + ret = salt_ssh_cli.run("test.ping") + assert not script.is_file() + assert ret.returncode == 0 + assert ret.stdout == '{\n"localhost": true\n}\n' + finally: + for _file in [script, tmp_preflight]: + if _file.is_file(): + _file.unlink() + + +def demote(user_uid, user_gid): + def result(): + # os.setgid does not remove group membership, so we remove them here so they are REALLY non-root + os.setgroups([]) + os.setgid(user_gid) + os.setuid(user_uid) + + return result + + +@pytest.mark.slow_test +def test_ssh_pre_flight_perms(salt_ssh_cli, caplog, _create_roster, account): + """ + Test to ensure standard user cannot run pre flight script + on target when user sets wrong permissions (777) on + ssh_pre_flight script. + """ + try: + script = pathlib.Path("/tmp", "itworked") + preflight = pathlib.Path("/ssh_pre_flight.sh") + preflight.write_text(f"touch {str(script)}") + tmp_preflight = pathlib.Path("/tmp", preflight.name) + + _custom_roster(salt_ssh_cli.roster_file, {"ssh_pre_flight": str(preflight)}) + preflight.chmod(0o0777) + run_script = pathlib.Path("/run_script") + run_script.write_text( + f""" + x=1 + while [ $x -le 200000 ]; do + SCRIPT=`bash {str(tmp_preflight)} 2> /dev/null; echo $?` + if [ ${{SCRIPT}} == 0 ]; then + break + fi + x=$(( $x + 1 )) + done + """ + ) + run_script.chmod(0o0777) + # pylint: disable=W1509 + ret = subprocess.Popen( + ["sh", f"{run_script}"], + preexec_fn=demote(account.info.uid, account.info.gid), + stdout=None, + stderr=None, + stdin=None, + universal_newlines=True, + ) + # pylint: enable=W1509 + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + + # Lets make sure a different user other than root + # Didn't run the script + assert os.stat(script).st_uid != account.info.uid + assert script.is_file() + finally: + for _file in [script, preflight, tmp_preflight, run_script]: + if _file.is_file(): + _file.unlink() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_target_file_perms(salt_ssh_cli, _create_roster, tmp_path): + """ + test ssh_pre_flight to ensure the target pre flight script + has the correct perms + """ + perms_file = tmp_path / "perms" + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp_: + fp_.write( + f""" + SCRIPT_NAME=$0 + stat -L -c "%a %G %U" $SCRIPT_NAME > {perms_file} + """ + ) + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + with salt.utils.files.fopen(perms_file) as fp: + data = fp.read() + assert data.split()[0] == "600" + uid = os.getuid() + gid = os.getgid() + assert data.split()[1] == grp.getgrgid(gid).gr_name + assert data.split()[2] == pwd.getpwuid(uid).pw_name diff --git a/tests/pytests/unit/client/ssh/test_single.py b/tests/pytests/unit/client/ssh/test_single.py index f97519d5cc22..c88a1c2127f3 100644 --- a/tests/pytests/unit/client/ssh/test_single.py +++ b/tests/pytests/unit/client/ssh/test_single.py @@ -1,6 +1,5 @@ -import os +import logging import re -import tempfile from textwrap import dedent import pytest @@ -16,6 +15,8 @@ from salt.client import ssh from tests.support.mock import MagicMock, call, patch +log = logging.getLogger(__name__) + @pytest.fixture def opts(tmp_path): @@ -59,7 +60,7 @@ def test_single_opts(opts, target): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) assert single.shell._ssh_opts() == "" @@ -87,7 +88,7 @@ def test_run_with_pre_flight(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "", 0) @@ -122,7 +123,7 @@ def test_run_with_pre_flight_with_args(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "foobar", 0) @@ -156,7 +157,7 @@ def test_run_with_pre_flight_stderr(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("", "Error running script", 1) @@ -190,7 +191,7 @@ def test_run_with_pre_flight_script_doesnot_exist(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "", 0) @@ -224,7 +225,7 @@ def test_run_with_pre_flight_thin_dir_exists(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("", "", 0) @@ -242,6 +243,39 @@ def test_run_with_pre_flight_thin_dir_exists(opts, target, tmp_path): assert ret == cmd_ret +def test_run_ssh_pre_flight(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight function + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("Success", "", 0) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch( + "salt.client.ssh.shell.Shell.exec_cmd", return_value=("", "", 1) + ) + patch_os = patch("os.path.exists", side_effect=[True]) + + with patch_os, patch_flight, patch_cmd, patch_exec_cmd: + ret = single.run() + mock_cmd.assert_called() + mock_flight.assert_called() + assert ret == cmd_ret + + def test_execute_script(opts, target, tmp_path): """ test Single.execute_script() @@ -255,7 +289,7 @@ def test_execute_script(opts, target, tmp_path): thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, winrm=False, - **target + **target, ) exp_ret = ("Success", "", 0) @@ -273,7 +307,7 @@ def test_execute_script(opts, target, tmp_path): ] == mock_cmd.call_args_list -def test_shim_cmd(opts, target): +def test_shim_cmd(opts, target, tmp_path): """ test Single.shim_cmd() """ @@ -287,7 +321,7 @@ def test_shim_cmd(opts, target): mine=False, winrm=False, tty=True, - **target + **target, ) exp_ret = ("Success", "", 0) @@ -295,21 +329,24 @@ def test_shim_cmd(opts, target): patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=("", "", 0)) patch_rand = patch("os.urandom", return_value=b"5\xd9l\xca\xc2\xff") + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file - with patch_cmd, patch_rand, patch_send: + with patch_cmd, patch_tmp, patch_send: ret = single.shim_cmd(cmd_str="echo test") assert ret == exp_ret assert [ - call("/bin/sh '.35d96ccac2ff.py'"), - call("rm '.35d96ccac2ff.py'"), + call(f"/bin/sh '.{tmp_file.name}'"), + call(f"rm '.{tmp_file.name}'"), ] == mock_cmd.call_args_list -def test_run_ssh_pre_flight(opts, target, tmp_path): +def test_shim_cmd_copy_fails(opts, target, caplog): """ - test Single.run_ssh_pre_flight + test Single.shim_cmd() when copying the file fails """ - target["ssh_pre_flight"] = str(tmp_path / "script.sh") single = ssh.Single( opts, opts["argv"], @@ -320,24 +357,202 @@ def test_run_ssh_pre_flight(opts, target, tmp_path): mine=False, winrm=False, tty=True, - **target + **target, ) - exp_ret = ("Success", "", 0) - mock_cmd = MagicMock(return_value=exp_ret) + ret_cmd = ("Success", "", 0) + mock_cmd = MagicMock(return_value=ret_cmd) patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) - patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=exp_ret) - exp_tmp = os.path.join( - tempfile.gettempdir(), os.path.basename(target["ssh_pre_flight"]) + ret_send = ("", "General error in file copy", 1) + patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=ret_send) + patch_rand = patch("os.urandom", return_value=b"5\xd9l\xca\xc2\xff") + + with patch_cmd, patch_rand, patch_send: + ret = single.shim_cmd(cmd_str="echo test") + assert ret == ret_send + assert "Could not copy the shim script to target" in caplog.text + mock_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_no_connect(opts, target, tmp_path, caplog): + """ + test Single.run_ssh_pre_flight when you + cannot connect to the target + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, ) + mock_exec_cmd = MagicMock(return_value=("", "", 1)) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + "ssh: connect to host 192.168.1.186 port 22: No route to host\nscp: Connection closed\n", + 255, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with caplog.at_level(logging.TRACE): + with patch_send, patch_exec_cmd, patch_tmp: + ret = single.run_ssh_pre_flight() + assert "Copying the pre flight script" in caplog.text + assert "Could not copy the pre flight script to target" in caplog.text + assert ret == ret_send + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_permission_denied(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight when you + cannot copy script to the target due to + a permission denied error + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + mock_exec_cmd = MagicMock(return_value=("", "", 1)) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + 'scp: dest open "/tmp/preflight.sh": Permission denied\nscp: failed to upload file /etc/salt/preflight.sh to /tmp/preflight.sh\n', + 255, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) - with patch_cmd, patch_send: + with patch_send, patch_exec_cmd, patch_tmp: ret = single.run_ssh_pre_flight() - assert ret == exp_ret - assert [ - call("/bin/sh '{}'".format(exp_tmp)), - call("rm '{}'".format(exp_tmp)), - ] == mock_cmd.call_args_list + assert ret == ret_send + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_connect(opts, target, tmp_path, caplog): + """ + test Single.run_ssh_pre_flight when you + can connect to the target + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + ret_exec_cmd = ("", "", 1) + mock_exec_cmd = MagicMock(return_value=ret_exec_cmd) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + "\rroot@192.168.1.187's password: \n\rpreflight.sh 0% 0 0.0KB/s --:-- ETA\rpreflight.sh 100% 20 2.7KB/s 00:00 \n", + 0, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with caplog.at_level(logging.TRACE): + with patch_send, patch_exec_cmd, patch_tmp: + ret = single.run_ssh_pre_flight() + + assert "Executing the pre flight script on target" in caplog.text + assert ret == ret_exec_cmd + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_called() + + +def test_run_ssh_pre_flight_shutil_fails(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight when cannot + copyfile with shutil + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + ret_exec_cmd = ("", "", 1) + mock_exec_cmd = MagicMock(return_value=ret_exec_cmd) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + send_mock = MagicMock() + mock_shutil = MagicMock(side_effect=IOError("Permission Denied")) + patch_shutil = patch("shutil.copyfile", mock_shutil) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with patch_send, patch_exec_cmd, patch_tmp, patch_shutil: + ret = single.run_ssh_pre_flight() + + assert ret == ( + "", + "Could not copy pre flight script to temporary path", + 1, + ) + mock_exec_cmd.assert_not_called() + send_mock.assert_not_called() @pytest.mark.skip_on_windows(reason="SSH_PY_SHIM not set on windows") @@ -355,7 +570,7 @@ def test_cmd_run_set_path(opts, target): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) ret = single._cmd_str() @@ -376,7 +591,7 @@ def test_cmd_run_not_set_path(opts, target): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) ret = single._cmd_str() @@ -395,7 +610,7 @@ def test_cmd_block_python_version_error(opts, target): thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, winrm=False, - **target + **target, ) mock_shim = MagicMock( return_value=(("", "ERROR: Unable to locate appropriate python command\n", 10)) @@ -434,7 +649,9 @@ def test_run_with_pre_flight_args(opts, target, test_opts, tmp_path): and script successfully runs """ opts["ssh_run_pre_flight"] = True - target["ssh_pre_flight"] = str(tmp_path / "script.sh") + pre_flight_script = tmp_path / "script.sh" + pre_flight_script.write_text("") + target["ssh_pre_flight"] = str(pre_flight_script) if test_opts[0] is not None: target["ssh_pre_flight_args"] = test_opts[0] @@ -448,7 +665,7 @@ def test_run_with_pre_flight_args(opts, target, test_opts, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "", 0) @@ -456,14 +673,15 @@ def test_run_with_pre_flight_args(opts, target, test_opts, tmp_path): mock_exec_cmd = MagicMock(return_value=("", "", 0)) patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) - patch_shell_send = patch("salt.client.ssh.shell.Shell.send", return_value=None) + patch_shell_send = patch( + "salt.client.ssh.shell.Shell.send", return_value=("", "", 0) + ) patch_os = patch("os.path.exists", side_effect=[True]) with patch_os, patch_cmd, patch_exec_cmd, patch_shell_send: - ret = single.run() - assert mock_exec_cmd.mock_calls[0].args[ - 0 - ] == "/bin/sh '/tmp/script.sh'{}".format(expected_args) + single.run() + script_args = mock_exec_cmd.mock_calls[0].args[0] + assert re.search(r"\/bin\/sh '.[a-z0-9]+", script_args) @pytest.mark.slow_test diff --git a/tests/pytests/unit/client/ssh/test_ssh.py b/tests/pytests/unit/client/ssh/test_ssh.py index 2be96ab195e7..329448919285 100644 --- a/tests/pytests/unit/client/ssh/test_ssh.py +++ b/tests/pytests/unit/client/ssh/test_ssh.py @@ -339,3 +339,113 @@ def test_extra_filerefs(tmp_path, opts): with patch("salt.roster.get_roster_file", MagicMock(return_value=roster)): ssh_obj = client._prep_ssh(**ssh_opts) assert ssh_obj.opts.get("extra_filerefs", None) == "salt://foobar" + + +def test_key_deploy_permission_denied_scp(tmp_path, opts): + """ + test "key_deploy" function when + permission denied authentication error + when attempting to use scp to copy file + to target + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + ssh_ret = { + host: { + "stdout": "\rroot@192.168.1.187's password: \n\rroot@192.168.1.187's password: \n\rroot@192.168.1.187's password: \n", + "stderr": "Permission denied, please try again.\nPermission denied, please try again.\nroot@192.168.1.187: Permission denied (publickey,gssapi-keyex,gssapi-with-micimport pudb; pu.dbassword).\nscp: Connection closed\n", + "retcode": 255, + } + } + key_run_ret = { + "localhost": { + "jid": "20230922155652279959", + "return": "test", + "retcode": 0, + "id": "test", + "fun": "cmd.run", + "fun_args": ["echo test"], + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + patch_input = patch("builtins.input", side_effect=["y"]) + patch_getpass = patch("getpass.getpass", return_value=["password"]) + mock_key_run = MagicMock(return_value=key_run_ret) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + with patch_input, patch_getpass, patch_key_run: + ret = client.key_deploy(host, ssh_ret) + assert mock_key_run.call_args_list[0][0] == ( + host, + {"passwd": [passwd], "host": host, "user": usr}, + True, + ) + assert ret == key_run_ret + assert mock_key_run.call_count == 1 + + +def test_key_deploy_permission_denied_file_scp(tmp_path, opts): + """ + test "key_deploy" function when permission denied + due to not having access to copy the file to the target + We do not want to deploy the key, because this is not + an authentication to the target error. + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + mock_key_run = MagicMock(return_value=False) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + + ssh_ret = { + "localhost": { + "stdout": "", + "stderr": 'scp: dest open "/tmp/preflight.sh": Permission denied\nscp: failed to upload file /etc/salt/preflight.sh to /tmp/preflight.sh\n', + "retcode": 1, + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + ret = client.key_deploy(host, ssh_ret) + assert ret == ssh_ret + assert mock_key_run.call_count == 0 + + +def test_key_deploy_no_permission_denied(tmp_path, opts): + """ + test "key_deploy" function when no permission denied + is returned + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + mock_key_run = MagicMock(return_value=False) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + ssh_ret = { + "localhost": { + "jid": "20230922161937998385", + "return": "test", + "retcode": 0, + "id": "test", + "fun": "cmd.run", + "fun_args": ["echo test"], + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + ret = client.key_deploy(host, ssh_ret) + assert ret == ssh_ret + assert mock_key_run.call_count == 0