-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow removing keys based on source file. #152
Conversation
@aboe76 Do we need to keep compatibility with pre-2015.8.0? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @polymeter ! Thanks for your PR! We'll just need to make sure this change won't break existing setups.
@@ -12,7 +12,7 @@ | |||
{%- else %} | |||
- user: {{ identifier }} | |||
{%- endif %} | |||
{%- if 'present' in key and key['present'] and 'source' in key %} | |||
{%- if 'source' in key %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @polymeter ! Thanks for your PR!
I fear this change would break existing setups. Would you please alter your PR in a way that present
if false overrides the presence of source
?
Please also update pillar.example
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey,
wouldn't that overriding essentially make us go back to the previous behaviour? Using a combination of present=False
with a given source
is my very goal here.
If we need to support 2015.5 and earlier, okay - I just had not expected that, given its lifetime. However, I think we'll need to directly query the salt version and differentiate between the two cases then. Would that be okay with you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@polymeter my idea was to go with (your) new behavior, if present
is absent, but stick to the old behaviour if present: False
.
This way we don't need to care about versions, and don't break existing setups.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking about something like this:
{%- if 'source' in key and not (present in key and key['present'] == False) %}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, I don't mean to stretch this discussion unneccessarily, but I'd find that behaviour very counter-intuitive, thus requiring explicit documentation. We'd have a tristate-like option looking like a bool, and source
-users could not simply switch present
from True
to False
without breaking it.
So, I'd still vote for checking the salt version number, but I will leave the final decision to you and update the PR accordingly.
The page https://s.saltstack.com/product-support-lifecycle/ lists only 2019.2 and 2018.3 as still supported, but I'm not sure if this is for commercial product or affects open source version too. |
Hey @daks |
@alxwr In the various conversations that have come up about this, it's generally agreed that the very oldest versions we need to support can be judged by the "Extended life support ends" date on https://s.saltstack.com/product-support-lifecycle/. In that case, As for the implementation itself, I'll defer that back to your expert opinions! |
@alxwr Got more information from upstream: they only actively support 3 releases. So we only have to concern ourselves with back to |
@myii @polymeter Thanks for your valuable input and sorry for the long pause! :-) Nevertheless it's a minor change and every admin is called to maintain her own clone of the formula repo anyway. @polymeter I'll merge the PR as it is, because |
This change allows keys to be not only added, but also removed by providing a
source
file. This is supported byssh_auth.absent
since salt 2015.8.0. Hope I have not overlooked anything.