saltstack · dwoz · May 22, 2024 · May 15, 2024 · May 15, 2024 · May 16, 2024
@@ -0,0 +1 @@
+Included Salt extensions in Salt-SSH thin archive
@@ -1667,13 +1667,56 @@ Pass a list of importable Python modules that are typically located in
 the `site-packages` Python directory so they will be also always included
 into the Salt Thin, once generated.
 
+.. conf_master:: min_extra_mods
+
 ``min_extra_mods``
 ------------------
 
 Default: None
 
 Identical as `thin_extra_mods`, only applied to the Salt Minimal.
 
+.. conf_master:: thin_exclude_saltexts
+
+``thin_exclude_saltexts``
+-------------------------
+
+Default: False
+
+By default, Salt-SSH autodiscovers Salt extensions in the current Python environment
+and adds them to the Salt Thin. This disables that behavior.
+
+.. note::
+
+    When the list of modules/extensions to include in the Salt Thin changes
+    for any reason (e.g. Saltext was added/removed, :conf_master:`thin_exclude_saltexts`,
+    :conf_master:`thin_saltext_allowlist` or :conf_master:`thin_saltext_blocklist`
+    was changed), you typically need to regenerate the Salt Thin by passing
+    ``--regen-thin`` to the next Salt-SSH invocation.
+
+.. conf_master:: thin_saltext_allowlist
+
+``thin_saltext_allowlist``
+--------------------------
+
+Default: None
+
+A list of Salt extension **distribution** names which are allowed to be
+included in the Salt Thin (when :conf_master:`thin_exclude_saltexts`
+is inactive) and they are discovered. Any extension not in this list
+will be excluded. If unset, all discovered extensions are added,
+unless present in :conf_master:`thin_saltext_blocklist`.
+
+.. conf_master:: thin_saltext_blocklist
+
+``thin_saltext_blocklist``
+--------------------------
+
+Default: None
+
+A list of Salt extension **distribution** names which should never be
+included in the Salt Thin (when :conf_master:`thin_exclude_saltexts`
+is inactive).
 
 .. _master-security-settings:
 

@@ -315,6 +315,9 @@ def __init__(self, opts):
             extra_mods=self.opts.get("thin_extra_mods"),
             overwrite=self.opts["regen_thin"],
             extended_cfg=self.opts.get("ssh_ext_alternatives"),
+            exclude_saltexts=self.opts.get("thin_exclude_saltexts", False),
+            saltext_allowlist=self.opts.get("thin_saltext_allowlist"),
+            saltext_blocklist=self.opts.get("thin_saltext_blocklist"),
         )
         self.mods = mod_data(self.fsclient)
 

@@ -907,6 +907,9 @@ def _gather_buffer_space():
         # Thin and minimal Salt extra modules
         "thin_extra_mods": str,
         "min_extra_mods": str,
+        "thin_exclude_saltexts": bool,
+        "thin_saltext_allowlist": (type(None), list),
+        "thin_saltext_blocklist": list,
         # Default returners minion should use. List or comma-delimited string
         "return": (str, list),
         # TLS/SSL connection options. This could be set to a dictionary containing arguments
@@ -1630,6 +1633,9 @@ def _gather_buffer_space():
         "memcache_debug": False,
         "thin_extra_mods": "",
         "min_extra_mods": "",
+        "thin_exclude_saltexts": False,
+        "thin_saltext_allowlist": None,
+        "thin_saltext_blocklist": [],
         "ssl": None,
         "extmod_whitelist": {},
         "extmod_blacklist": {},

@@ -196,6 +196,19 @@ def add(self, path):
             for chunk in iter(lambda: ifile.read(self.__buff), b""):
                 self.__digest.update(chunk)
 
+    def add_data(self, data):
+        """
+        Update digest with the file content directly.
+
+        :param data:
+        :return:
+        """
+        try:
+            data = data.encode("utf8")
+        except AttributeError:
+            pass
+        self.__digest.update(data)
+
     def digest(self):
         """
         Get digest.

@@ -3176,6 +3176,13 @@ def _mixin_setup(self):
                 "to be included into Thin Salt."
             ),
         )
+        self.add_option(
+            "--thin-exclude-saltexts",
+            default=False,
+            action="store_true",
+            dest="thin_exclude_saltexts",
+            help="Exclude Salt extension modules from generated Thin Salt.",
+        )
         self.add_option(
             "-v",
             "--verbose",
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Included Salt extensions in Salt-SSH thin archive