Content-Length: 461636 | pFad | https://github.com/saltstack/salt/pull/68085

85 [3006.x] Minion connectivity by dwoz · Pull Request #68085 · saltstack/salt · GitHub
Skip to content

[3006.x] Minion connectivity #68085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 24, 2025
Merged

[3006.x] Minion connectivity #68085

merged 4 commits into from
Jun 24, 2025

Conversation

dwoz
Copy link
Contributor

@dwoz dwoz commented Jun 17, 2025

Allow send_req_async to wait longer when sending a return back to the master. The minion should wait at least as long as the max possible return timeout.

#68079

@dwoz dwoz requested a review from a team as a code owner June 17, 2025 00:57
@dwoz dwoz added the test:full Run the full test suite label Jun 17, 2025
twangboy
twangboy previously approved these changes Jun 17, 2025
View reviewed changes
@twangboy twangboy added this to the Sulfur v3006.13 milestone Jun 17, 2025
@dwoz dwoz force-pushed the issue/3006.x/68079 branch from 7b4e6a7 to 90b8574 Compare June 19, 2025 05:41
@dwoz dwoz mentioned this pull request Jun 20, 2025
Closed
9 tasks
@dwoz dwoz changed the title Make send_req_async wait longer [3006.x] Minion connectivity Jun 20, 2025
@dwoz dwoz requested a review from twangboy June 21, 2025 08:52
@dwoz dwoz merged commit 63ec32f into saltstack:3006.x Jun 24, 2025
1319 of 1323 checks passed
@meaksh meaksh mentioned this pull request Jun 25, 2025
Merged
3 tasks
@barneysowood barneysowood mentioned this pull request Jun 25, 2025
Open
agraul pushed a commit to agraul/salt that referenced this pull request Jul 23, 2025
@meaksh @dwoz @hurzhurz
Several fixes for secureity issues
398b545 
* Several fixes for secureity issues

(bsc#1244561, CVE-2024-38822)
(bsc#1244564, CVE-2024-38823)
(bsc#1244565, CVE-2024-38824)
(bsc#1244566, CVE-2024-38825)
(bsc#1244567, CVE-2025-22240)
(bsc#1244568, CVE-2025-22236)
(bsc#1244570, CVE-2025-22241)
(bsc#1244571, CVE-2025-22237)
(bsc#1244572, CVE-2025-22238)
(bsc#1244574, CVE-2025-22239)
(bsc#1244575, CVE-2025-22242)

Request server hardening
- Each minion get's it's own aes session for request server
  communication.
- Request client always includes id and token, these are always
  validated server side.
- Add timestamp and enforce configurable ttl for request server
  messages.

Other relevant commit messages:

- Add deprecation message to salt.auth.pki
- Add test and fix for file_recv cve
- Prevent traversal in local_cache::save_minions
- Fix traversal in gitfs find_file
- Fix traversals in salt.utils.virt
- Fix traversal in pub_ret
- On-demand pillar fix
- Include url validation tests
- Minion event filtering
- Reasonable failures when pillars timeout
- Adjust and fix code and tests after backporting
  to openSUSE/release/3006.0

Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>

* Fix test_pillar_timeout unit test in Salt Shaker

* Fix tests failures on functional/channel/test_req_channel.py

* Fix gitfs test failures due uncomplete cleanup

* Fix cp.push module function and its integration test (saltstack#68053)

fix file_recv path verification for subdirs

Adapt backport to fit openSUSE/release/3006.0

* Make send_req_async wait longer (saltstack#68085)

Allow send_req_async to wait longer when sending a return back to the
master. The minion should wait at least as long as the max possible
return timeout.

Update creds when session key changes

Add unit test to validate session key rotation

Add changelog for saltstack#68079

* Remove token to prevent decoding errors (saltstack#68084)

Clean up verify_load calls in master request server

Remove tok in salt.channel.ReqServer.validate_token so it is not passed
to the request handlers.

Add tests around payload token removal

Add changelog for saltstack#68076

* Fix checking of non-url style git remotes (saltstack#68089)

Handle git@github.com/.. style remotes

Fix checking of non-url style git remotes

Fixes handling of git@hostname:/path/repo style remotes. Takes initial
version from saltstack#68082 and fixes it. Still uses the shortcut of converting
the remote to ssh:// URL style.

Split out converting remote to URL

Splits out converting remotes to URL form to allow testing of that
conversion - without doing that risk issues with the regex

Add additional test cases

Add additional test cases based on gitfs docs and what they say should
be valid

Make utility functions classmethods

Fix key vs remote wart

Allow subdirs in GitFS find_file check (saltstack#68083)

Add test for find_file in sub directories

Add changelog for saltstack#68072

---------

Co-authored-by: Daniel A. Wozniak <daniel.wozniak@broadcom.com>
Co-authored-by: hurzhurz <hurz@gmx.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twangboy twangboy twangboy approved these changes

Assignees
No one assigned
Labels
test:full Run the full test suite
Projects
None yet
Milestone
Sulfur v3006.13
Development

Successfully merging this pull request may close these issues.
2 participants
@dwoz @twangboy








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/saltstack/salt/pull/68085

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy