salt icon indicating copy to clipboard operation
salt copied to clipboard
verified publisher icon saltstack

Make pass renderer configurable & other fixes

Open dmach opened this issue 3 years ago • 6 comments

What does this PR do?

The pass renderer becomes configurable. Also several issues in the code have been fixed.

Previous Behavior

No changes to the existing behavior, new features must be explicitly enabled.

New Behavior

Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. Pass executable path from _get_path_exec() is used when calling the program. The $HOME env is no longer modified globally. Only trailing newlines are stripped from the fetched secret. Pass process arguments are handled in a secure way.

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

  • [X] Docs
  • [X] Changelog - https://docs.saltproject.io/en/master/topics/development/changelog.html
  • [X] Tests written/updated

Commits signed with GPG?

No

Please review Salt's Contributing Guide for best practices.

See GitHub's page on GPG signing for more information about signing commits with GPG.

dmach avatar May 30 '22 16:05 dmach

(BTW: the failing test does look related to the changes in this PR)

You mean this one? https://jenkins.saltproject.io/job/pr-macosx-catalina-x86_64-py3-pytest/job/PR-62120/6/ That failed in the tests.unit.utils.test_verify.TestVerify.test_max_open_files test - which is most likely unrelated.

dmach avatar Jul 25 '22 20:07 dmach

@dmach sorry I meant it does not look related :sweat_smile: . Thanks!

meaksh avatar Jul 26 '22 12:07 meaksh

@meaksh @krionbsd Is there something I can do to move this forward?

dmach avatar Aug 23 '22 07:08 dmach

@Ch3LL any chance to have a review of this one? Thanks in advance!

meaksh avatar Aug 23 '22 09:08 meaksh

lint and pre-commit are failing. Once you get that fixed up we can get this one merged in.

Ch3LL avatar Sep 07 '22 20:09 Ch3LL

lint and pre-commit are failing. Once you get that fixed up we can get this one merged in.

Fixed (I hope). Other 2 tests are failing now, but I don't think they're related.

dmach avatar Sep 08 '22 11:09 dmach

For some reason I cannot update the branch. Can you rebase and push? We shouldn't be seeing those test issues so lets re-base and start them again. thanks

Ch3LL avatar Sep 22 '22 15:09 Ch3LL

For some reason I cannot update the branch. Can you rebase and push? We shouldn't be seeing those test issues so lets re-base and start them again. thanks

Done via GitHub webui. I was also quite surprised seeing the test issues. Looks like a caching problem to me - jenkins did not know about the commit I just pushed.

dmach avatar Sep 22 '22 19:09 dmach

Congratulations on your first PR being merged! :tada:

welcome[bot] avatar Sep 27 '22 19:09 welcome[bot]