All notable changes to Salt will be documented in this file.
This changelog follows keepachangelog format, and is intended for human consumption.
This project versioning is similar to Semantic Versioning, and is documented in SEP 14.
Versions are MAJOR.PATCH
.
- Fixes salt-ssh authentication when using tty (#58922)
- CVE-2020-16804 - Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)
- CVE-2020-16804 - Prevent shell injections in netapi ssh client (cve-2020-16846)
- Fix CVE-2020-17490 Prevent creating world readable private keys with the tls execution module. (#58216)
- Change the
enable_fqdns_grains
setting to default toFalse
on Windows to address some issues with slowness. (#56296, #57529) - Handle the UCRT libraries the same way they are handled in the Python 3 installer (#57594)
- Changes the 'SSDs' grain name to 'ssds' as all grains needs to be resolved in lowered case. (#57612)
- Updated requirement to psutil 5.6.7 due to vulnerability in psutil 5.6.6. (#58018)
- Updated requirement to PyYAML 5.3.1 due to vulnerability in PyYAML 5.2.1. (#58019)
- When running scheduled jobs from a proxy minion with multiprocessing turned off (default) a recursive error occurs as __pub_fun_args is repeated over and over again in the kwargs element in the data dictionary. Now we make a copy of data['kwargs'] instead of using a reference. (#57941)
- The
x509.certificate_managed
state no longer triggers a change because of sorting issues if the certificate being evaluated was previously generated under Python 2. (#56556) - Added support to lo ip alias in network.managed state by checking if lo inet data from network.interfaces contains label with the name of managed interface. Return status True if match found. (#56901)
- Redact passwords in the return when setting credentials using
win_iis.container_setting
(#57285) - Fixes issue with cmd.powershell. Some powershell commands do not return
anything in stdout. This causes the JSON parser to fail because an empty string
is not valid JSON. This changes an empty string to
{}
which is valid JSON and will not cause the JSON loader to stacktrace. (#57493) - Improves performance. Profiling
test.ping
on Windows shows that 13 of 17 seconds are wasted when the esxi grain loads vsphere before noting that the OS is not a esxi host. (#57529) - Fixed permissions issue with certain pip/virtualenv states/modules when configured for non-root user. (#57550)
- Allow running nox sessions either using our
nox-py2 fork <https://github.com/s0undt3ch/nox/tree/hotfix/py2-release>
_ or upstreamnox <https://github.com/theacodes/nox>
_. (#57583) - Fixes issue with lgpo.get when there are unicode characters in the hostname (#57591)
- Fixes issue with virtual block devices, like loopbacks and LVMs, wrongly populating the "disks" or "ssds" grains. (#57612)
- Due to some optimization the
virtual
grain was never updated on illumos. Move the fallback in prtdiag output parsing outside the loop that now gets skipped due to the command exiting non-zero. (#57714) - Grains module delkey and delval methods now support the force option. This is needed for deleting grains with complex (nested) values. (#57718)
- Moving import salt.modules.vsphere into
__virtual__
so we have access to test proxytype in opts, previously this was causing a traceback when run on proxy minion as__opts__
does not exist outside of any functions. Introducing a new utils function, is_proxytype, to check that the device is a proxy minion and also that the proxy type matches. (#57743) - Fixed fail_with_changes in the test state to use the comment argument when passed. (#57766)
- Adds a fix so salt can run on the latest macOS version Big Sur. (#57787)
- Fixes UnpackValueError when using GPG cache by using atomic open. (#57798)
- The
gid_from_name
argument was removed from theuser.present
state in version 3001, with no deprecation path. It has been restored and put on a proper deprecation path. (#57843) - Fixes dictionary being changed during iteration. (#57845)
- Fixed bug with distro version breaking osrelease on Centos 7. (#57781)
- Fixed macOS build scripts. (#57973)
- Fixed Salt-API startup failure. (#57975)
- Added docs demonstrating how to apply an MSI patch with winrepo (#32780)
- Removed long-deprecated
repo
option from pip state. (#51060) - Removed noisy debug logging from config.get. (#54205)
- Removed needless dbus warnings from snapper module. (#56286)
- Removed obsolete MSI functionality from version tools. (#56352)
- Removed deprecated virt functionality. (#56514)
- Dropped requirement for enum34 dependency. (#57108)
- On macOS pkg.installed (using brew) no longer swaps
caskroom/cask/
forhomebrew/cask/
when using outdated package names. (#57361) - napalm_network.load_template module - removed deprecated arguments template_user, template_attrs, template_group, template_mode, and native NAPALM template support. Use Salt's rendering pipeline instead. (#57362)
- selinux.fcontext_add_or_delete_policy module removed - use selinux.fcontext_add_policy or selinux.fcontext_delete_pollicy instead. (#57363)
- Deprecated
refresh_db
removed from pkgrepo state. Userefresh
instead. (#57366) - Deprecated internal functions salt.utils.locales.sdecode and .sdecode_if_string removed. Use salt.utils.data.decode instead. (#57367)
- Removed deprecated misc. internal Salt functions. See saltstack#57368 for more info. (#57368)
file.rename
no longer returns False whenforce:False
. (#49843)- Brought localclient command line args functionality into line with regular
salt
calls. (#49886) - Updated requisites documentation. (#49962)
- Changed eauth "not enabled" log message level from debug to warning. (#50946)
- (#52546)
- Refactored x509.certificate_managed to be easier to use. (#52935)
- Don't log error when running "alternatives --display" on nonexistant target (#53911)
- Improved logging for user auth issues. (#53990)
- No longer emit extra logs when checking
alternatives.display
and.check_exists
. (#53991) - Use lazy loading to get SLS data from master - significantly improves
state.apply
times when using gitfs with many branches. (#54468) - Changed Salt icon for Windows. (#56194)
- Update
libnacl
to 1.7.1 (#56350) - Now require pycryptodomex for crypto on all platforms. (#56625)
- Updated to sphinx 3.0.1 when building docs. (#56671)
- Now
__salt__
is automatically refreshed when a package ispip
installed, allowing pip installing a dependency and using that dependency in the same state run. (#56867) - Use pygit2>=1.2.0 for Python>=3.8. (#56905)
- Now provides a more meaningful error for
win_groupadd
for unmapped accounts. (#56921) - Significantly improve call times by only checking one frame in
depends
. (#57062) - Salt scripts shebang now specifies
python3
. (#57083) - Upgraded dependency to use boto3>=1.13.5. (#57161)
- Changed to consistent file location handling across APIs for Juniper network devices. (#57399)
- Use Python's hashlib (sha256) instead of shelling out (SipHash24) to generate server_id. (#57415)
pkgrepo.managed
now checks for a changedkey_url
. (#4438)- Allow passing extra args to
file.rename
. (#29001) - Fixed issue with overeager recursion detection. (#37646)
- Correctly set DNS search domain in VMware virtual machine. (#37709)
- Fixed trim_output logic in archive.extracted state (#40491)
- Updated documentation on
service
state. (#40819) - Changed error message on
postgres_database.absent
to report correct error when database is in use. (#42833) - Fixed issue in
sysctl
when kernel parameters were adjusted via grub. (#45195) - Added termination protection option to salt-cloud ec2. (#45496)
- Refactored
debian_ip
module. (#46388) - Log error when reactor tasks go to a full queue instead of silently fail. (#46431)
- Fixed issue with failure on comments in MySQL files. (#47488)
- Properly handle multibyte characters that span blocks of data. (#48473)
- Fixed failure in
user.present
whengid_from_name
is True. Argument was removed and replaced by theusergroup
argument. (#48640) - Properly obtain hostname (#48906)
- Fixed
nilrt_ip
disabled function. (#48971) - Fixed static configuration in nilrt_ip module. (#48990)
- Added missing ARPCHECK option to rh7_eth template. (#49074)
- Fixed to use the correct LetsEncrypt path on FreeBSD. (#49129)
- Updated docs for netapi logs - log.access_file and log.error_file. (#49247)
- Retry proxmox queries instead of failing immediately. (#49485)
- Fixed AMD GPU vendor detection. (#49492)
- Fixed
aptpkg.normalize_name
to respect architecture. (#49637) - Add error message for proxmox failures. (#49562)
- Fixed nilrt_ip.enable/disable idempotency. (#49624)
- Fixed issue with file.line doing a partial comparison to determine replacement need, instead compare actual content of lines. (#49855)
- Return actual error message to user or hex code for
win_task.create_task_from_xml
. (#49981) - Use minion name as ssh_host for saltify cloud provider. (#50135)
- Fixed misconfiguration of syndic. (#50139)
- Re-added
onfail_all
, fixed onfail always triggering with other reqs, and onfail and onchanges not working when both present. (#50264) - Fixed broken scaleway cloud module. (#50334)
- Fixed issue not cleaning up schedule and beacons. (#50505)
- Fixed opkg install/remove to return potential changes, rather than always an empty dictionary. (#50516)
- Fixed
pycrypto.gen_hash
to use strongest availablealgorithm
by default. (#50544) - Fixed error leaving an empty first line on
.ini
file edits. (#50614) - Fixes error in tcp transport publish port default value. (#50646)
- Changed internal functionality for deprecated Python
inspect.formatargspec
. (#50911) - Allows clone_from setting in proxmox salt-cloud to be able to be an integer. (#51001)
- Stopped reading Windows registry value that might not be there. (#51095)
- Fixed complaint about unused variables. (#51196)
- salt-ssh no longer ignores pillar argument on
state.sls_id
. (#51353) - Stop treating MSI as a hard dependency. (#51470)
- Fixed error handling for route53 to ignore
SignatureDoesNotMatch
errors (which cannot be retried). (#51572) - Fixed
extract_hash
to use the correct value. (#51670) - Fixed hard failure if
chocolately.installed
is for a non-existent package. (#51700) fail_with
andsucceed_with
now correctly usecomment
argument. (#51821)- Updated
is_enabled
to allow optional arguments. (#51823) - Fixed issue producing an error trying to resolve the unresolvable Capability SIDs. (#51868)
- Additional fixes for using cron state with non-root Minion (#51872)
- Fixed proxy module for Windows by using
__utils__
instead of__salt__
for code that accesses the registry. (#52013) - Added support for parsing Gluster cli banner. (#52318)
- Fixed failure to require
target
argument in git states. (#52364) - Fixed issue failing hard on uninstalled win updates. (#52387)
- Fixed issue with
artifactory
not correctly evaluatinghas_classifier
first. (#52517) - Fixed compound matches with nodegroups. (#52678)
- Removed some noisy logging that have a tendency to fill up the logs on larger installations. (#52763)
- Use
__utils__
for all registry calls. (#52992) - Added syndic log rotation to RPM. (#53040)
- Use correct output in
zpool.present
whentest=true
. (#53145) - Fix s3fs cache byte/str mismatch (#53244)
- Fixed
win_system
module to skip unavailable system info. (#53287) - Ignore invalid product_name files. (#53326)
- Fixed error with
pkg.list_pkgs
to explicitly setutf-8
encoding when writing, to match when reading. (#53340) - Fixed issue with encoding/decoding on circular references, discovered with iptables when
state_aggregate
was enabled. (#53353) - No longer fail when
blkid -o export
does not provideTYPE
output. (#53447) - Fixed
guesseed
->guessed
typo inarchive
state. (#53480) - Fixed error with incorrect import statement masking real import error. (#53508)
- Added some error handling around missing results from external returners. (#53517)
- Changed to match repo paramter against repo name on
salt-run git_pillar.update
, so remote name can be used instead of full remote URL. (#56605) - Changed returner function error message to be useful/less misleading. (#53628)
- Fixed
utils.user
to use correctchugid
andumask
. (#53681) - Fixed SmartOS grains under Python 3. (#53740)
- Fixed error when trying to delete more than one key using
ini.options_absent
. (#53874) - Fixed error with cmd.run when run in a chroot environment. (#53992)
- Fixed Zabbix configuration.import to use the correct values for the API version. (#54020)
- Fixed broken sdb.get_or_set_hash when using Hashicorp's Vault. (#54199)
- Fixed
mac_softwareupdate.list_available
for Catalina. (#54220) - Fixed bug blocking
user.present
createhome
on macOS. (#54288) - Fixed
postfix.show_queue
issue where queue_id, size, timestamp, sender, and recipient must exist before trying to append them. (#54298) - Fixed issue erroneously adding ssh_interface to DigitalOcean. (#54373)
- Fixed issue not using correct package keys from group info on group install on yum. (#54458)
- Fixed issue breaking state output on
test=true
with retry. (#54501) - Ignore absent filter.lfs in gitconfig. (#54817)
- Changed to use Salt's CaseInsensitiveDict, so it can be msgpack serialized. (#54899)
- Fixed trying to set too large a queue on AIX. (#54912)
- Fixed issue when Vultr API returns "not supported" as default password during VM setup. (#54933)
- Fixed issue with Jinja renderer ignoring argline. (#55124)
- Fixed osrelease grain for MS Hyper-V 2019 by providing a default year. (#55212)
- Fixed napalm support in bgp and net runners. (#55222)
- Fixed Indefinitely code in win_task. (#55273)
- Fixed
file.replace
idempotency. (#55297) - Fix incorrectly reported fileserver changes. (#55304)
- Fixed XML RPC-REPLy error in Junos by passing
huge_tree
. (#55318) - Fixed error trying to treat binary files as text when doing spm install under Python 3. (#55330)
- Correctly determine if Debian repo should be skipped. (#55402)
- Set a hard dependency on
distro
module, for Python 3.8. (#55410) - Fixed
config_data
parameter when compiling DSC viawin_dsc
module. (#55425) - Fixed Solaris virtual grain to return better info instead of always LDOM. (#55444)
- Documentation on syncing custom modules slightly inaccurate and missing info on sync to master (#55514)
- Fixed crashes in ansiblegate on Python 3 minions. (#55585)
- Fixed traceback on
http.query
when errors with the URL. (#55586) - Fixed failure to cache gpg data when
gpg_cache=True
. (#55772) - Added
__prerequired__
to the state runtime keywords filter, to prevent failures onfile.replace
. (#55775) - Fixed several Junos-related issues. (#55824)
- Fixed Vault KV version 2 support. (#55842)
- Removed remaning
pchanges
occurrences from state modules. (#55934) - Fixed issues in Slack webhook returner. (#55968)
- Fixed onlyif/unless requisites being ignored in some cases. (#55974)
- Fixed
skip_files_list_verify
whenkeep_source=False
inarchive.extracted
state. (#55975) - Fixed
seed.apply
not waiting for the disk to be free. (#56002) - Fixed issue that ignored
trim_output
argument intermittently. (#56041) - Fixed
shadow.set_password
failing to set password when user isn't in/etc/shadow
. (#56044) - Fixed failure in
user
state when moving the user's default group into thegroups
arg. (#56061) - Fixed issue incorrectly parsing YAML on command line. (#56067)
- Fixed Azure VM creation when using Python3. (#56091)
- Reverted
slspath
changes that broke a lot of states without proper deprecation. (#56119) - Lack of FQDN for host no longer blocks master startup. (#56179)
- Pillar data is correctly included from
init.sls
file. (#56186) - Fixed
check_password
for newer RabbitMQ versions. (#56193) - Fixed timeout parameter not being passed to cmd_subset and cmd_batch, and misnamed (sub -> subset) parameter. (#56203)
- Added support for virtualenv>=20.0.0
--version
strings. (#56205) - No longer ignore slots on states when
parallel: true
. (#56221) - Fix deprecation warnings for imports from collections. (#56225)
- Fixed Napalm beacons failing under Python 3. (#56243)
- Fixed failure in tomcat module. (#56269)
- Added salt-api log file to log rotation to prevent filling up the disk. (#56274)
- Fixed issue using undocumented abbreviation on zypper - now uses the full option. (#56278)
- Fixed issue parsing new
restorecon
output. (#56287) - Fixed failure for returner only working via cli and not LocalClient. (#56322)
- Fixed version issues with empty minor string. (#56358)
- Upgraded psutil dependency to 5.6.6 due to CVE-2019-18874. (#56363)
- Fixed vendored tornado to use
salt.ext.backports_abc
. (#56369) - Fixed x509 module incorrectly writing error messages as the cert. (#56372)
- Fixed error doing a
pip install salt
on Windows. (#56376) - Fixed AzureRM
create_object_model
util. (#56379) - Fixed issue
toxml
error invirt.cpu_baseline
. (#56383) - Fixed issue with exeption being raised on
virt._get_domain
when there's no VM. (#56392) - Fixed crash in
aptpkg
on long description strings. (#56396) - Fixed keyword mismatch with
cassandra_cql
andcassandra_cql_return
. (#56328) - Now uses the correct zero value for LockoutDuration in
win_lgpo
. (#56406) - Fixed issue reporting incorrect Salt version. (#56415)
- Corrected documentation for
docker_image.load
. (#56420) - Fixed
defaults.merge
documentation. (#56432) - Fixed error always reporting changes with custom index-url for pip. (#56433)
- Matching int keys within nested dictionaries now works. (#56444)
- Fixed failure to support annotated tags when using pygit2. (#56451)
- Better handle virt.pool_rebuild in virt.pool_running and virt.pool_defined states (#56454)
- Fixed gitpython Windows requirements. (#56455)
- Added
grains_cache_expiration
to minion conf documentation. (#56458) - Fixed incorrect handling of
renew=force
byacme.cert
function. (#56462) - Fixed issue with incorrect msgpack version string check. (#56463)
- Fixed infinite recursion in
pkg.group_info
. (#56476) - Fixed failure to sanitize grains for salt-ssh executions. (#56491)
- Relax version requirements for pdbedit, also handle Debian branding in the version string. (#56553)
- Fixed indentation error on
cmd.run
orchestration output. (#56554) - Fixed issue with getting incorrect SELinux context. (#56557)
- Fixed bug updating boot parameters with
virt
. (#56562) - Correctly handle
pymysql.err.InternalError
inmysql
module. (#56570) - Fixed
panos
commit example in docs. (#56581) - Fixed issue with
salt.utils.functools.call_functions
not checking for expected arguments. (#56584) - Fixed a broken statement when using arbitrary
kwargs
in mine.value. (#56593) - Fixed support for booting VMs with UEFI on virt. (#56613)
- Updated old redirects and http->https fixes in docs. (#56655)
- Renamed
salt/utils/docker/
tosalt/utils/dockermod/
to avoid clashes with thedocker
package from pypi. (#56669) - Changed behavior to implicitly ignore package epochs and just use the latest one. (#56681)
- Avoid throwing exception for missing security group in boto under test mode. (#56695)
- Fix some function prompts in myssql module. (#56719)
- Add appropriate comment for
svn export
state. (#56757) - Updated default master config file and updated the docs (#56053)
- Workaround upstream bug in jinja2 indent filter. (#56833)
- Fixed issue when raid.destroy is called but zero-superblock is not executed (#56838)
- Allow correct failure information to show up when calling
win_interfaces
(#56844) - Add a note about service.running (#56846)
- Updated Windows installer scripts to use Python 3.7.4. (#56873)
- Nullsoft Salt Install now uninstalls MSI installed salt. (#56883)
- Fallback to ASCII sorting when pillar keys are integers. (#56909)
- Fixed
hwaddr
andmacaddr
not being added to RedHat network config, even if they were provided. (#56910) - Fixed literal comparisons. (#56931)
- Fixed
win_system
rawunicodeescape
errors. (#56940) - Fixed
ps.top
failures with newerpsutil
library. (#56942) - Provides better stacktrace in
win_pkg
return. (#56955) - Fixed
reg.present
to respect(Default)
REG_SZ value of an empty string. (#56959) - OpenStack driver can now attach to multiple networks, also now respects provided
conn
. (#56960) - Fixed literal comparsion in
user
state. (#56972) - Additional fixes for using cron state with non-root Minion (#56973)
- Added ARPCHECK to the template for RHEL8 networking. (#57047)
- Fixed
aptpkg
to useforce-confnew
on it's own, andforce-confold
withforce-confdef
. (#57051) - Fixed acme.certs state to return /etc/letsencrypt/live subdirectories (#57056)
- Fixed error with
fileserver.update
failing withgitfs
backend wasgit
, andfileserver.clear_file_list_cache
not clearing gitfs cache when the backend was notgit
. (#57063) - Fixed LazyLoader crashing when using ssh client via salt-api. (#57119)
- Publisher ACL doc fixes (#48915)
- Fixed
acl.present
to properly detect changes for default ACLs and recursive folders. (#57147) - Fixed Minion/Minon typo in docs. (#57181)
- Fix UnicodeDecodeError when apply file.managed with binary contents in test mode. (#57184)
- Ensure errors are returned for missing pillars. (#57208)
- Fix
ps.top
failures on macOS when iterating over zombie processes. (#57216) - Add vcredist_2013 (specifically msvcr120.dll) for OpenSSL/M2Crypto support on Windows. Fixes x509 module support. (#57266)
- Fix systemd invocation on latest Linux Arch version. (#57299)
- Updated rpm_lowpkg.version_cmp log messages and unit tests (#57347)
- Added rotation for proxy logs. (#57353)
- Fixed
win_system.join_domain
failures. (#57360) - Fixed
template_vars
functionality on Junos. (#57388) - Filter out aliases/duplicates from zypperpkg for <=SLE12SP4. (#57392)
- Added support for list in
include_pat/exclude_pat
infile.recurse
. (#2747) - Added
validate
to tls module. (#7424) - Pillar relative includes. (#8875)
- Added silent recurse option to
file.directory
state. (#44553) - Added bhvye support to virt. (#47619)
- Added
kernelparams
grain for Linux. (#48501) - Added
systempath
PATH grain. (#49049) - Added appoptics returner. (#49066)
- Added ability to use the minion's region if specified. (#49097)
- Added reactor tuning documentation. (#49214)
- Added support for ipaddr/ipv6ipaddrs, loopback devices, dns_nameservers/dns_serach lists or strings, and multiple addresses per interface. (#49355)
- Added slsutil.banner for creating managed by salt message in files, and
slsutil.boolstr
for converting Pillar bool values to appropriate string representation. (#49396) - Added
normalize_name
topkgin
module. (#49469) - Added ability to use regex pattern with
ps.pgrep
. (#49565) - Added
merge
option tomatch.filter_by
. (#49845) - Added ability to disable requisites during state runs. (#49955)
- Add a reactor "leader", especially useful for multimaster hot-hot environments. (#50053)
- Added
method_call
Jinja filter to help reduce boilerplate. (#50152) - Added ability for async pillar refresh. (#50168)
- Added
shutdown_host
to vmware cloud. (#50177) - Added
drbd.status
module. (#50410) - Added
file.keyvalue
state. (#50627) - Added JID lookup message in case minion times out. (#50704)
- Niceness control options added to the master config, for POSIX platforms. (#50905)
- Added
serial_type
to virt module. (#50930) - Added RPC process documentation. (#50954)
- Added advanced initdb option support to
postgres_cluster.present
. (#50998) - Added support for GCE accellerators in Salt Cloud. (#51033)
- Added
broadcast
address tonetwork.convert_cidr
return. (#51521) - Added options for gitfs and git_pillar fallback branch. (#51971)
- Add
fat
as a validfs_type
forparted
module. (#52016) - Added support for comments in the host state/module. (#52185)
- Added offline bootstrap for Chocolatey. (#52233)
- Added support for listing all active running jobs on the master. (#52241)
- Added ability to get expected cache location. (#52305)
- Added ability to pass a timeout value to beacons. (#52314)
- Added support for
btrfs property
command. (#52699) - Added ability to get minion's network information. (#53100)
- Added support for
not_before
andnot_after
for x509 certificates. (#53148) - Added support for extra modules that will be loaded before checking the rest of the path. (#53167)
- Added initial execution module to kubeadm. (#53345)
- Added firstboot function to
systemd_service
. (#53381) - Added ability to pass arbitrary kwargs to zypper pkg. (#53693)
- Added options for multi-use tokens for vault. (#54094)
- Added devinfo module to get hardware information. (#54267)
- Adds versionlock plugin detection for yum/dnf. (#54798)
- Improved nxos support. (#54931)
- Added root and no_recommends parameters for Zypper and RPM. (#54954)
- Added
token
parameter inblkid
. (#54964) - Added
cron.get_entry
. (#54985) - Added support for newer monit versions. (#55140)
- Added btrfs and xfs as valid fstypes for parted and mkfs. (#55209)
- Added functionality for
cmd.run_all
to accept a list when using powershell. (#55213) - Added Azure Blob Storage as an optional external pillar. (#55493)
- Added ability to turn off FQDNs grains with
enable_fqdns_grains: False
. (#55581) - Added
virt.*defined
states. (#55814) - Add towncrier tool to the Salt project to help manage CHANGELOG.md file. (#55836)
- Added Pull Request requirements to documentation (#55862)
- Add selinux support to file.managed (#40703)
- Added hold and unhold support for
mac_brew_pkg
. (#55978) - States/modules added for managing Helm. (#56081)
- Added parallel run support for saltcheck. (#56097)
- Added multiple asserts against module output for saltcheck. (#56101)
- Added
state.test
as an alias forstate.apply ... test=True
. (#56298) - Added default argumetn to
vault.read_secret
andvault.list_secrets
. (#56311) - Added
fromrepo
topkg.upgrade
forpkgng
. (#56368) - Added IP filtering by network. (#56394)
- Added more information for
__virtual__
failures. (#56395) - Added logout functionality to docker. (#56439)
- Added ability to fetch master public key from minion. (#56449)
- Added
pending_reboot
grain for Windows systems. (#56489) - Added support for forcing refresh in zypper. (#56519)
- Added
refresh_pillar
arg tograins.setval
. (#56573) - Added new roster option
ssh_pre_flight
. (#56488) - Added ability to minions to read pillar files from local filesystem, and get commands from remote master. (#56611)
- Added support for rendering toml states. (#56615)
- Added
set_path
option for salt-ssh shim. (#56627) - Added
win_wua.installed
to check a list of updates that apply to the current Windows build. (#56640) - Added ability to compare package versions in Jinja templates. (#56678)
- Add
auto_detect
feature forssh_ext_alternatives
. (#56894) - Add ability to display sys.doc style outputs but without actually loading the module. (#56902)
- Added plist serializer. (#56954)
- Added support for onedir/pop-build Salt in the
pip
module. (#56988) - Add support for disks volumes in virt.running state (#57005)
- Add virt.all_capabilities helper function (#57009)
- supervisord.status_bool method (#57049)
- Added support for msgpack versions>=1.0 (#57122)
- Added Python 2 deprecation FAQ (#57273)
- Added support for # of hashing rounds when using pycrypto. (#57355)
fetchonly
parameter added forpkg.upgrade
when usingpkgng
(FreeBSD). (#57371)- Added
efi
parameter to virt module, souefi
firmware can be auto selected. (#57397) - #56637 - Add
win_wua.installed
to thewin_wua
execution module
- Fixes salt-ssh authentication when using tty (#58922)
- Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)
- Prevent shell injections in netapi ssh client (cve-2020-16846)
- Prevent creating world readable private keys with the tls execution module. (cve-2020-17490)
- #57100 - Address Issues in CVE Release
- #56237 - Fix alphabetical ordering and remove duplicates across all documentation indexes - @myii
- #56325 - Fix hyperlinks to
salt.serializers
and other documentation issues - @myii
- #56627 - Add new salt-ssh set_path option
- #51379 - Backport 51379 : Adds .set_domain_workgroup to win_system
- #56730 - Backport #52992
- #56987 - CVE fix
- #56082 - Fix saltversioninfo grain for new version
- #56143 - Use encoding when caching pillar data
- #56172 - Only change mine data if using new allow_tgt feature
- #56094 - Fix type error in TornadoImporter
- #56174 - MySQL module fixes
- #56149 - Fix to scheduler for use of when and splay
- #56197 - Allows use of inline powershell for cmd.script args
- #55894 - pdbedit module should check for version 4.8.x or newer
- #55906 - smartos.vm_present could not handle nics with vrrp_vrid property
- #56218 - Changed StrictVersion checking of setuptools to LooseVersion
- #56099 - Fix Windows and macOS requirements handling in setup.py
- #56068 - Update the bootstrap script to latest version, v2020.02.24
- #56185 - Fix regression in service states with reload argument
- #56341 - Revert "Don't remove one directory level from slspath"
- #56290 - Ensures popping lgpo.secedit_data does not throw KeyError
- #56339 - Fix win_dns_client when used with scheduler
- #56215 - Fix for unless requisite when pip is not installed
- #56060 - Fix regex string for Del and DelVals
- #56337 - Handle Adapter Type 53 and Undefined Types
- #56160 - Fix issue with existing reg_dword entries
- #56358 - Fix version instantiation when minor is an empty string
- #56272 - Properly resolve the policy name
- #56310 - Only process ADMX files when loading policies
- #56327 - keep cache_copied_files variable a list
- #56360 - dont require virtualenv.virtualenv_version call, removed in 20.0.10
- #56378 - Include _version.py if building wheel
- #56376 - Fix win deps
- #56418 - Ensure version.py included before we install
- #56435 - Update mac build scripts
- #54474 via #54475 -
virt.pool_delete
fast parameter removed. - @cbosdo - #54943 - Removed RAET transport method per the deprecation schedule - @s0undt3ch
- #54983 - Removed Hipchat module, due to Hipchat discontinuation - @mchugh19
- #55197 - Removed Google+ link since Google+ is gone - @sramkrishna
- #55539 - Removed salt.auth.Authorize class and the
any_auth
method - #55552 - Removed the config options
hgfs_env_whitelist
,hgfs_env_blacklist
,svnfs_env_whitelist
, andsvnfs_env_whitelist
in favor ofhgfs_saltenv_whitelist
,hgfs_saltenv_blacklist
,svnfs_saltenv_whitelist
,svnfs_saltenv_blacklist
. - #55569 - Removed nova cloud driver in favor of the openstack driver.
- #55573 - Removed
quiet
kwarg in cmd.run state module. Please setoutput_loglevel
toquiet
instead. - #55609 - Removed smartos grains
hypervisor_uuid
anddatacenter
in favor ofmdata:sdc:server_uuid
andmdata:sdc:datacenter_name
. - #55641 - Removed
enviroment
kwarg from heat state and execution module. Please use correct spellingenvironment
. - #55680 - Removed deprecated args from several
dockermod
functions - @Ch3LL - #55682 - Removed
get_known_host
andrecv_known_host
functions from ssh module. - #55722 - Removed all functions in salt/utils/init.py.
- #55725 - Removed
gitfs_env_whitelist
andgitfs_env_blacklist
in favor ofgitfs_saltenv_whitelist
andgitfs_saltenv_blacklist
.
- #55592 - Add deprecation warning for
glance
state and execution module - @Ch3LL - #55612 - Bump keystone deprecation to Sodium - @Ch3LL
- #55614 - Deprecate jinja filters for Neon - @Ch3LL
- #55664 - Bump deprecation warning to Aluminium for neutron module - @Ch3LL
- #55679 - Deprecate
boto_vpc.describe_route_table
in Magnesium - @Ch3LL - #55726 - Deprecate
override_name
in Sodium - @Ch3LL
- SEP 1, SEP 14 - Adopted keepachangelog format.
- SEP 14 - Changed to numeric versions.
- #49078 via #54572 - Use
ip link set iface up/down
instead ofifup/ifdown
- @dmurphy18 - #50023 via #54620 - Change to reduce
roster_matcher
internal complexity - @kojiromike - #50579 via #55389 - Update kafka returner to use confluent kafka - @justindesilets
- #52749 - Padding change in versions report output - @dwoz
- #54013 - Set
session_id
cookie in therest_tornado
backend. - #55002 - Changed
mdadm_raid
metadata to text to allow float pillar data - @aplanas - #55354 - Changed naive usage to use wrapped msgpack - @Akm0d
- #55423 - Changed default configs to be immutable - @s0undt3ch
- #55464 - Changed to name subprocesses - @s0undt3ch
- #55500 - Start Linting Under Py3 - @s0undt3ch
- #55643 - Remove deprecation for
refresh_db
in aptpkg - @Ch3LL - #55660 - Use wrapped json module for ThreadsafeProxy - @Akm0d
- #55683 - Changed
prune_services
in the firewall state module to be False by default. And updateforce_masquerade
to be False by default in the firewall execution module. - #55739 - Microoptimized the command to set FreeBSD's virtual grain - @asomers
- #6922 via #51343 - Fixed errors when producing network errors - @waynew
- #13971 via #53462 - Support all valid protos for remote sources - []
- #37646 - Fixed recursion error during msgpack serialization - @waynew
- #39875 via #52710 and #54665 - Fixed complex grain comparison - @mickenordin
- #41818 via #51988 and #54664 - Fixed
file.comment
andfile.uncomment
for when the pattern existed in both forms - @mbunkus - #49222 via #49223 and #54668 - Fixed salt-key
token_file
creation when using external auth - @msciciel - #49256 via #55060 - Fixed proxmox failure to apply settings - @BrianSidebotham
- #49490 via #55404 - Fixed misleading cmdmod error message - @rares-pop and @joechainz
- #49748 via #49843 and #54546 - Fixed
file.rename
to be successful when target exists and force not set - @MTecknology - #49903 via #54625 - Fixed inconsistencies with
consul_pillar
configuration parsing - @FraaJad - #49977 via #55050 - [#4997]Fix novaclient api - @slivik
- #50041 via #54566 - Actually use
extra_install_flags
inwin_pkg
module - @cmcmarrow - #50374 via #54616 - Fixed
local_cache
returner to report proper path in error message - @isbm - #50523 via #54605 - Fixed OS arch fallback when no
rpm
is installed - @isbm - #50757 via #54638 - Fixed restartcheck bytestring bug - @10ne1
- #50938 via #54642 - Fixed performance issue with undefined opkg functions - @andzn
- #50970 via #54631 - Fix
win_path
index checks to allow for 0 - @jalandis - #51038 via #55706 - Fixed zabbix module failure on boolean return - @thechile
- #51537 via #51538 and #54650 - Fixed directory vs. file issue in
salt.utils.etcd_util
- @arizvisa - #51711 via #51718 - Fix Cheetah template renderer - @arizvisa
- #51785 via #54645 - Fixed POSIX vs. Windows inconsistencies in
salt.utils.path.which
- @arizvisa - #51795 via #51801 - Fix netbox execution module cannot be loaded - @misch42
- #51811 via #51813 and #54647 - Fixed
npm
version check on Windows - @arizvisa - #51915 via #54685 - Changed nulls to empty strings to prevent Zabbix API errors - @timdufrane
- #51929 via #54611 - Fixed lvm to not show errors when pv, lv, or vg is not expected - @aplanas
- #51954 via #54603 - Ignore misleading errors during
linuxlvm.pvcreate
and.pvremove
- @aplanas - #52230 via #52352 and #54640 - Fixed salt failing on missing
_syspaths
variables - @alan-cugler - #52265 via #54569 - Stop the Windows installer from hanging - @twangboy
- #52431 via #52574 and #54687 - Fix inconsistent
virt.get_xml
usage - @zer0def - #52538 via #52747 and #54678 - Fix issue on Python3 when reading csv pillar with binary format - @que5o
- #52589 via #54536 - Ignore retcode when checking filesystem type - @terminalmage
- #52786 via #54588 - Fixed setting homedrive, profile, logonscript, and description for
user.present
under Windows- @twangboy - #52788 via #51706 - Ignore
HOST_NOT_FOUND
andNO_DATA
when resolving FQDN - @aplanas - #53017 via #54196 - Fixed virt state on stopped VMs, virt.running's use of virt.vm_state, virt.pool_running, and virt.network_define - @cbosdo
- #53401 via #54166 - Fixed Docker image grains and pillar - @waynew
- #53600 via #54480 - Allow Windows minion to manage a binary file from
ext_pillar
- @xeacott - #53935 - Poweroff when shutting down FreeBSD, NetBSD, and OpenBSD - @morganwillcock
- #54072 - Check for Windows registry key before trying to list it - @twangboy
- #54177 - Fixed
file.managed
bug withcontents_newline
flag - @xeacott - #54197 -
virt.network_define
can now create NAT networks - @cbosdo - #54216 - Fixed Homebrew cask namespace support - @cdalvaro
- #54335 - Fixed
virt.full_info
output - @cbosdo - #54402 via #54900 - Fix gitfs to use bytes when using gitpython with python3.x - @vin01
- #54411 - Correctly handle
wusa
3010 return code - @tlemarchand - #54653 via #55403 - Fixed issue with
publish.publish
trim mods after comma split - @bmiguel-teixeira and @saltybaker - #54769 - Fixed
cmd.run
to call bash only when necessary on macOS - @cdalvaro - #54896 - Fix multiple LGPO issues - @twangboy
- #55003 - Fix
collections
ABC warning - @aplanas - #55005 - Fixed
mount.remount
when fstype was unset - @aplanas - #55006 - Fixed args/kwargs bug in loop state - @aplanas
- #55052 - Fixed fileclient for ftp connections - @garethgreenaway
- #55065 - Fixed multiprocessing process after fork and finalize regression - @s0undt3ch
- #55083 - Fixed iLo module to use proper tempfile settings - @garethgreenaway
- #55137 - Fixed
smartos_imgadm
to correctly handle orphan images - @sjorge - #55149 via #55497 - Removed incorrect pass of opts to
compound_match.match
- @Akm0d - #55165 - Fixed
virt.volume_infos
to handle volumes missing since last refresh - @cbosdo - #55190 - Fixed missing lazyloader functionality - @max-arnold and @mattp-
- #55191 - Fixed missing
list_downloaded
for apt module - @brejoc - #55196 - Fixed
schedule.modify
to use function from current job - @garethgreenaway - #55207 - Fixed complex CORS option on CherryPy - @niflostancu
- #55216 - Fixed failure to check for jid before returning data - @brejoc
- #55258 - Fixed aptpkg.info to return only installed packages - @mateiw
- #55271 - Fixed Py3 compatability issue in upstart - @s0undt3ch
- #55336 - Fixed grains to allow
__utils__
in grains modules - @max-arnold - #55351 - Fixed
virt.get_hypervisor()
- @cbosdo - #55374 - Fixed issue with
zfs.filesystem_present
under Python3 - @silenius - #55434 - Stopped removing a directory level from slspath in templates - @terminalmage
- #55441 - Fixed bug in logging - @s0undt3ch
- #55452 - Fixed missing service.reload alias in
gentoo_service
module - @vulnbe - #55472 - Fixed several Py2/Py3 Unicode issues - @s0undt3ch
- #55501 - Fixed slowdown by using ss filter to match TCP connections on Linux - @cifvts
- #55510 - Corrected
num_cpus
andcpu_model
grains for IBM/S390 - @FerrySchuller - #55532 - Fixed missing beacons timeout error handling - @s0undt3ch
- #55534 - Stopped
_virtual
from hard coding the 'virtual' key. - @cmcmarrow - #55540 - Fixed race condition in service.running on systemd - @terminalmage
- #55557 - Changed to use UTC times for jids - @dwoz
- #55578 - Fixed
postgres.datadir_init
to usechecksums
arg - @meaksh - #55580 - Fixed inconsistency with
pkg.list_pkgs
when usingattr
on RHEL systems - @meaksh - #55582 - Do not report patches as installed when not all the related pkgs are installed (yumpkg) - @meaksh
- #55583 - Fixed
utils.network
issue with IPv6 that could cause a crash - @meaksh - #55584 - Stopped breaking multiline repo files in
yumpkg
- @meaksh - #55589 - Acme state fixes - @github-abcde
- #55607 - Fixed failure to fire events to all syndics from MoM when using tcp transport - @lukasraska
- #55616 - Fixed jboss
run_operation
anddatasource_exists
- @cmcmarrow - #55624 - Fixed issue with matchers, fallback to
ext_pillar
if there is no pillar in opts - @vquiering - #55635 - Fixed issue with minion signing during/after job execution - @lukasraska
- #55651 - Fixed
ldap.managed
errors - @sathieu - #55655 - Fixed using password hashes with MariaDB - @pprkut
- #55672 - Fixed issue with busy guestfs mount folders - @cbosdo
- #55694 - Fixed S3 pillar pagination - @garethgreenaway
- #55705 - Fixed zypper upgrade fromrepo - @pkwestm
- #55730 - Restored original minion configured
publish_port
behavior - @mattp- and @Ch3LL - #55780 - Fallback to disabled
LG_INCLUDE_INDIRECT
when DC is unavailable - @lukasraska - #55795 - Fixed issue with whitespace in ADML data - @twangboy
- #55796 - Fixed cached
osrelease_info
grain type - @srg91 - #55817 - Bring #51372 to Master Branch - @twangboy
- #55823 - Fix issue with overly long names in the LGPO module - @twangboy
- #55843 - Fixed
file.mkdir
to respecttest=True
- @mchugh19 - #55845 - Fixed logging to return multiprocessing queue if it's already set - @s0undt3ch
- #16674 via #50083 and #54632 - Added
migrate
support for Django module - @jrbeilke - #39475 - Added
hardlink
forfile
state and module - @arizvisa - #48792 via #49399 and #54879 - Add IIS webconfiguration - @tlemarchand
- #49212 via #49378 - Added
minion_id_remove_domain
- @markuskramerIgitt - #49250 via #54657 - Add capability
jboss7
to keep unchanged deployments - @garethgreenaway - #49481 via #54532 - Added
grains_blacklist
to block specific grains - @rongzeng54 - #50005 via #54651 - Added ability to create events based on an arbitrary script's output - @austinpapp
- #50306 via #54542 - Added
noaction
flag for opkg execution module - @rares-pop - #50706 via #54604 - Added
token
todisk.blkid
to allow extended search - @aplanas - #50953 via #54548 - Add
nvme_nqn
grain - @sdodsley - #51047 via #55253 - Added new execution module for troubleshooting Jinja map files- @terminalmage and @max-arnold
- #51074 via #54613 - Added
fat
parameter to disk module to allow specifying FAT sizes - @aplanas - #51385 via #54656 - Added support for directories and checking for free space in the
disk
state - @maxim-sermin - #51758 via #55400 - Added cwd grain - @theskabeater and @dwoz
- #52293 via #55723 - Added saltenv support in slsutil.renderer - @afischer-opentext-com
- #52458 via #54623 - Added
camel_to_snake_case
andsnake_to_camel_case
to stringutils - @github-abcde - #52715 via #54577 - Added webhook support to Slack state - @garethgreenaway
- #52764 via #54058 - Added vSphere tagging ability - @xeacott
- #53307 - Added slot parsing inside nested state data structures - @max-arnold
- #53621 - Added support for
git_pillar_update_interval
- @sathieu - #53736 - Added index get_settings, put_settings methods for Elasticsearch module. - @Oloremo
- #53738 - Added
request_interval
feature tohttp.wait_for_successful_query
module - @Oloremo - #53959 - Added additional optional
warnings
totest
module - @max-arnold - #54505 - Added cluster get_settings, put_settings and flush_synced methods for Elasticsearch module. - @Oloremo
- #54518 via #54526 - Add salt-cloud support for Tencent Cloud - @likexian
- #54902 - Added
cert_info
beacon to get cert information from local files - @nicholasmhughes - #54903 - Added multipart/form-data file posting to
http.query
util - @nicholasmhughes - #54948 - Added ability to pass grains on minion startup event - @admd
- #54955 - Added root parameter to useradd, shadow and groupadd - @aplanas
- #54956 - Added root parameter for wait and run states - @aplanas
- #54958 - Added optional root parameter for systemd - @aplanas
- #54959 - Added new chroot module - @aplanas
- #54960 - Added new freezer module - @aplanas
- #54961 - Added all subvolume commands to btrfs - @aplanas
- #54965 - Added fstab present/absent to mount state - @aplanas
- #54977 - Added xml state & module - @mchugh19
- #54981 - Added
ssh_auth.manage
to both add and remove ssh keys - @mchugh19 - #54982 - Added new AWS SSM module - @mchugh19
- #54984 - Added saltutil states to match saltutil modules - @mchugh19 and @max-arnold
- #54991 - Added keystore state and modules for Java keystore files - @mchugh19
- #54992 - Added ability to use salt modules in onlyif and unless - @mchugh19 and @gtmanfred
- #54993 - Added support for parsing slot results - @mchugh19
- #54996 - Added
binds
parameter forrun_chroot
- @aplanas - #55001 - Added ability to ignore errors on
mdadm_raid.examine
- @aplanas - #55047 - Added ability to deprecate by date - @s0undt3ch
- #55145 and #50150 - Added status code lists and status regex for
http.query
state - @Ajnbro and @mchugh19 - #55150 - Added 'ppc64le' as a valid RPM package architecture - @meaksh
- #55195 - Added
salt_version
module - @rallytime and @max-arnold - #55200 - Added
virt.pool_deleted
state - @cbosdo - #55202 - Added test ability and pool editing to
virt.pool_running
- @cbosdo - #55203 - Adds enabled kwarg to
aptpkg
module - @brejoc - #55245 - Adding kernel boot parameters to libvirt xml - @ldeweysuse
- #55256 - Added status to dpkg.info response - @mateiw
- #55342 - Added Slack webhook returner - @cdalvaro
- #55345 - Add chroot apply_, sls, and highstate for state execution - @aplanas
- #55346 - Added
virt.pool_capabilities
module - @cbosdo - #55418 - Added clean_parent argument for the archive state. - @Oloremo
- #55420 - Added performance tracing/logging to gitfs file_list cache rebuild - @duckfez
- #55424 - Added Azure DNS modules and states - @nicholasmhughes
- #55432 - Add null to YAML dumper for threadsafe loader - @Akm0d
- #55443 - Added a skip_files_list_verify argument to archive.extracted state. - @Oloremo
- #55448 - Adds
downloadonly/download_only
alias for aptpkg module - @brejoc - #55480 - Add lint pre-commit hooks - @s0undt3ch
- #55492 - Allow arbitrary arguments to be passed through the pip module - @Akm0d
- #55506 - Added
hashutil.hmac_compute
- @Ajnbro - #55515 - Added
disk_set
anddisk_toggle
to parted module - @aplanas - #55516 - Added
not_change
to several functions in the mount module,set_fstab
& others - @aplanas - #55565 - Added ability to pass the context dictionary to Sminion and Runner - @s0undt3ch
- #55590 - Added
version
to depends decorator - @github-abcde - #55593 - Added a support for a global proxy to pip module. - @Oloremo
- #55613 - Added saltcheck updates for Neon - @mchugh19
- #55636 - Added DSON outputter - @terminalmage
- #55637 - Added wildcard matches and grains matching to
config.option
- @terminalmage - #55639 - Added
loop.until_no_eval
- @github-abcde - #55666 - Added the
internal
flag to openvswitch - @Akm0d - #55711 - Added
fluentd
engine - @mchugh19 - #55733 - Added
salt.utils.data.filter_falsey
- @github-abcde - #55749 - Added port of
json_query
Jinja filter from Ansible - @max-arnold - #55751 - Added the osfullname grain on FreeBSD - @asomers
- #55759 - Added
salt.utils.data.recursive_diff
- @github-abcde - #55760 - Add minion-side access control - @github-abcde
- #55762 - Added
virt.(pool|network)_get_xml
functions - @cbosdo - #55767 - Added ability to manipulate RabbitMQ upstream definitions - @github-abcde
- #55768 - Added
boto3_elasticsearch
module and state - @github-abcde - #55844 - Allow multiple running instances of Salt engine - @garethgreenaway
- #54521 -
failhard
during orchestration now fails as expected - @mattp- / @Oloremo - #54741 -
schedule.run_job
without time element now works as expected - @garethgreenaway - #54755 - Pip state ensures pip was imported before trying to remove - @dwoz
- #54760 - Fix
salt-cloud -Q
for OpenStack driver - @vdloo / @Akm0d - #54762 - IPv6 addresses with brackets no longer break master/minion communication - @dhiltonp
- #54765 - Masterless jinja imports - @dwoz
- #54776 -
ping_interval
in minion config no longer prevents startup - @dwoz - #54820 -
scheduler.present
no longer always reports changes when scheduler is disabled - @garethgreenaway - #54941 - Pillar data is no longer refreshed on every call - @dwoz