Merge pull request #69496 from cdalvaro/feature/mac_brew_pkg_trust_taps

feat(macOS): add Homebrew trust/untrust support to mac_brew_pkg

Author: dwoz

changelog/69496.added.md

@@ -0,0 +1 @@
+Added ``pkg.trust``, ``pkg.untrust``, ``pkg.is_trusted``, and ``pkg.list_trusted`` to ``salt.modules.mac_brew_pkg`` to manage Homebrew's trust list for non-official taps, formulae, casks and external commands. Added ``pkg.trusted`` and ``pkg.untrusted`` state functions to ``salt.states.pkg`` to enforce trust state declaratively on macOS.

salt/modules/mac_brew_pkg.py

@@ -33,6 +33,8 @@
 # Define the module's virtual name
 __virtualname__ = "pkg"
 
+_TRUST_TYPES = ("tap", "formula", "cask", "command")
+
 
 def __virtual__():
     """
@@ -895,3 +897,156 @@ def unhold(name=None, pkgs=None, sources=None, **kwargs):  # pylint: disable=W06
 
 
 unpin = unhold
+
+
+def list_trusted(type=None):
+    """
+    List trusted taps, formulae, casks and commands.
+
+    .. versionadded:: 3008.2
+
+    type
+        Filter by type. Valid values: ``tap``, ``formula``, ``cask``, ``command``.
+        When ``None`` (default), returns a dict with all trusted items grouped by
+        type (keys: ``taps``, ``formulae``, ``casks``, ``commands``). When a type
+        is specified, returns a list of trusted items of that type.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' pkg.list_trusted
+        salt '*' pkg.list_trusted type=tap
+    """
+    if type is not None and type not in _TRUST_TYPES:
+        raise SaltInvocationError(
+            f"Invalid type '{type}'. Valid values: {', '.join(_TRUST_TYPES)}"
+        )
+
+    cmd = ["trust", "--json=v1"]
+    if type is not None:
+        cmd.append(f"--{type}")
+
+    result = _call_brew(*cmd)
+    try:
+        return salt.utils.json.loads(result["stdout"])
+    except ValueError as err:
+        msg = f'Unable to interpret output from "brew trust": {err}'
+        log.error(msg)
+        raise CommandExecutionError(msg)
+
+
+def trust(name, type=None):
+    """
+    Trust a tap, formula, cask or command so Homebrew may load it when
+    ``$HOMEBREW_REQUIRE_TAP_TRUST`` is set.
+
+    .. versionadded:: 3008.2
+
+    name
+        The name of the tap, formula, cask or command to trust. Can also be a
+        remote URL for taps.
+
+    type
+        The type of the item. Valid values: ``tap``, ``formula``, ``cask``,
+        ``command``. If not specified, Homebrew will auto-detect the type.
+
+    Returns ``True`` on success (including when the item was already trusted),
+    ``False`` on failure.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' pkg.trust cdalvaro/tap
+        salt '*' pkg.trust cdalvaro/tap type=tap
+        salt '*' pkg.trust cdalvaro/tap/salt type=formula
+    """
+    if type is not None and type not in _TRUST_TYPES:
+        raise SaltInvocationError(
+            f"Invalid type '{type}'. Valid values: {', '.join(_TRUST_TYPES)}"
+        )
+
+    cmd = ["trust"]
+    if type is not None:
+        cmd.append(f"--{type}")
+    cmd.append(name)
+
+    try:
+        _call_brew(*cmd)
+    except CommandExecutionError:
+        log.error('Failed to trust "%s"', name)
+        return False
+
+    return True
+
+
+def untrust(name, type=None):
+    """
+    Stop trusting a tap, formula, cask or command.
+
+    .. versionadded:: 3008.2
+
+    name
+        The name of the tap, formula, cask or command to untrust.
+
+    type
+        The type of the item. Valid values: ``tap``, ``formula``, ``cask``,
+        ``command``. If not specified, Homebrew will auto-detect the type.
+
+    Returns ``True`` on success (including when the item was not trusted),
+    ``False`` on failure.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' pkg.untrust cdalvaro/tap
+        salt '*' pkg.untrust cdalvaro/tap type=tap
+        salt '*' pkg.untrust cdalvaro/tap/salt type=formula
+    """
+    if type is not None and type not in _TRUST_TYPES:
+        raise SaltInvocationError(
+            f"Invalid type '{type}'. Valid values: {', '.join(_TRUST_TYPES)}"
+        )
+
+    cmd = ["untrust"]
+    if type is not None:
+        cmd.append(f"--{type}")
+    cmd.append(name)
+
+    try:
+        _call_brew(*cmd)
+    except CommandExecutionError:
+        log.error('Failed to untrust "%s"', name)
+        return False
+
+    return True
+
+
+def is_trusted(name, type=None):
+    """
+    Check whether a tap, formula, cask or command is trusted.
+
+    .. versionadded:: 3008.2
+
+    name
+        The name of the tap, formula, cask or command to check.
+
+    type
+        The type of the item. Valid values: ``tap``, ``formula``, ``cask``,
+        ``command``. If not specified, checks across all types.
+
+    Returns ``True`` if the item is trusted, ``False`` otherwise.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' pkg.is_trusted cdalvaro/tap
+        salt '*' pkg.is_trusted cdalvaro/tap type=tap
+    """
+    trusted = list_trusted(type=type)
+    if isinstance(trusted, list):
+        return name in trusted
+    return any(name in items for items in trusted.values())

salt/states/pkg.py

@@ -3936,6 +3936,120 @@ def held(name, version=None, pkgs=None, replace=False, **kwargs):
     return ret
 
 
+def trusted(name, **kwargs):
+    """
+    Ensure a package source or component is marked as trusted by the package
+    manager. Only available for package managers that implement a trust model
+    (e.g. Homebrew on macOS).
+
+    .. versionadded:: 3008.2
+
+    name
+        The identifier of the package source or component to trust. The exact
+        format depends on the package manager (e.g. a tap name, a formula, a
+        URL).
+
+    kwargs
+        Additional keyword arguments are passed through to the underlying
+        ``pkg.trust`` and ``pkg.is_trusted`` module functions, allowing
+        package-manager-specific options to be supplied. For example, on macOS
+        with Homebrew, ``type`` can be set to ``tap``, ``formula``, ``cask``
+        or ``command`` to disambiguate the target.
+
+    Examples:
+
+    .. code-block:: yaml
+
+        # Homebrew: trust a third-party tap
+        cdalvaro/tap:
+          pkg.trusted:
+            - type: tap
+
+        # Homebrew: trust a specific formula from a third-party tap
+        cdalvaro/tap/salt:
+          pkg.trusted:
+            - type: formula
+    """
+    ret = {"name": name, "changes": {}, "result": True, "comment": ""}
+
+    if "pkg.trust" not in __salt__:
+        ret["result"] = False
+        ret["comment"] = "`trust` is not available for this package manager."
+        return ret
+
+    if __salt__["pkg.is_trusted"](name, **kwargs):
+        ret["comment"] = f"{name} is already trusted."
+        return ret
+
+    if __opts__["test"]:
+        ret["result"] = None
+        ret["comment"] = f"{name} would be trusted."
+        return ret
+
+    if not __salt__["pkg.trust"](name, **kwargs):
+        ret["result"] = False
+        ret["comment"] = f"Failed to trust {name}."
+        return ret
+
+    ret["changes"] = {name: {"old": "untrusted", "new": "trusted"}}
+    ret["comment"] = f"{name} is now trusted."
+    return ret
+
+
+def untrusted(name, **kwargs):
+    """
+    Ensure a package source or component is not marked as trusted by the
+    package manager. Only available for package managers that implement a
+    trust model (e.g. Homebrew on macOS).
+
+    .. versionadded:: 3008.2
+
+    name
+        The identifier of the package source or component to untrust. The
+        exact format depends on the package manager.
+
+    kwargs
+        Additional keyword arguments are passed through to the underlying
+        ``pkg.untrust`` and ``pkg.is_trusted`` module functions, allowing
+        package-manager-specific options to be supplied. For example, on macOS
+        with Homebrew, ``type`` can be set to ``tap``, ``formula``, ``cask``
+        or ``command`` to disambiguate the target.
+
+    Example:
+
+    .. code-block:: yaml
+
+        # Homebrew: remove trust from a third-party tap
+        cdalvaro/tap:
+          pkg.untrusted:
+            - type: tap
+    """
+    ret = {"name": name, "changes": {}, "result": True, "comment": ""}
+
+    if "pkg.untrust" not in __salt__:
+        ret["result"] = False
+        ret["comment"] = "`untrust` is not available for this package manager."
+        return ret
+
+    if not __salt__["pkg.is_trusted"](name, **kwargs):
+        ret["comment"] = f"{name} is already not trusted."
+        return ret
+
+    if __opts__["test"]:
+        ret["result"] = None
+        ret["comment"] = f"{name} would be untrusted."
+        return ret
+
+    if not __salt__["pkg.untrust"](name, **kwargs):
+        ret["result"] = False
+        ret["comment"] = f"Failed to untrust {name}."
+        return ret
+
+    ret["changes"] = {name: {"old": "trusted", "new": "untrusted"}}
+    ret["comment"] = f"{name} is no longer trusted."
+    return ret
+
+
 def unheld(name, version=None, pkgs=None, all=False, **kwargs):
     """
     .. versionadded:: 3005