From 75d49c0cea50557151864175647867f09012566b Mon Sep 17 00:00:00 2001
From: "Gareth J. Greenaway" <gareth@wiked.org>
Date: Wed, 18 Sep 2019 16:29:54 -0700
Subject: [PATCH] Porting PR #49481 to 2019.2.1

---
 doc/ref/configuration/minion.rst | 24 ++++++++++++++++++++++++
 salt/config/__init__.py          |  4 ++++
 salt/loader.py                   | 18 ++++++++++++++++++
 tests/unit/test_loader.py        | 25 +++++++++++++++++++++++++
 4 files changed, 71 insertions(+)

diff --git a/doc/ref/configuration/minion.rst b/doc/ref/configuration/minion.rst
index 30343ebd8eca..c300ba388968 100644
--- a/doc/ref/configuration/minion.rst
+++ b/doc/ref/configuration/minion.rst
@@ -769,6 +769,30 @@ Statically assigns grains to the minion.
       cabinet: 13
       cab_u: 14-15
 
+.. conf_minion:: grains_blacklist
+
+``grains_blacklist``
+--------------------
+
+Default: ``[]``
+
+Each grains key will be compared against each of the expressions in this list.
+Any keys which match will be filtered from the grains. Exact matches, glob
+matches, and regular expressions are supported.
+
+.. note::
+    Some states and execution modules depend on grains. Filtering may cause
+    them to be unavailable or run unreliably.
+
+.. versionadded:: Neon
+
+.. code-block:: yaml
+
+    grains_blacklist:
+      - cpu_flags
+      - zmq*
+      - ipv[46]
+
 .. conf_minion:: grains_cache
 
 ``grains_cache``
diff --git a/salt/config/__init__.py b/salt/config/__init__.py
index b3dfc8e43d4a..4207c9687df4 100644
--- a/salt/config/__init__.py
+++ b/salt/config/__init__.py
@@ -925,6 +925,9 @@ def _gather_buffer_space():
     # Set a hard limit for the amount of memory modules can consume on a minion.
     'modules_max_memory': int,
 
+    # Blacklist specific core grains to be filtered
+    'grains_blacklist': list,
+
     # The number of minutes between the minion refreshing its cache of grains
     'grains_refresh_every': int,
 
@@ -1248,6 +1251,7 @@ def _gather_buffer_space():
     'cachedir': os.path.join(salt.syspaths.CACHE_DIR, 'minion'),
     'append_minionid_config_dirs': [],
     'cache_jobs': False,
+    'grains_blacklist': [],
     'grains_cache': False,
     'grains_cache_expiration': 300,
     'grains_deep_merge': False,
diff --git a/salt/loader.py b/salt/loader.py
index 0cff0c72bbbd..14d6555c82a3 100644
--- a/salt/loader.py
+++ b/salt/loader.py
@@ -34,6 +34,7 @@
 import salt.utils.odict
 import salt.utils.platform
 import salt.utils.versions
+import salt.utils.stringutils
 from salt.exceptions import LoaderError
 from salt.template import check_render_pipe_str
 from salt.utils.decorators import Depends
@@ -773,6 +774,7 @@ def grains(opts, force_refresh=False, proxy=None):
         opts['grains'] = {}
 
     grains_data = {}
+    blist = opts.get('grains_blacklist', [])
     funcs = grain_funcs(opts, proxy=proxy)
     if force_refresh:  # if we refresh, lets reload grain modules
         funcs.clear()
@@ -784,6 +786,14 @@ def grains(opts, force_refresh=False, proxy=None):
         ret = funcs[key]()
         if not isinstance(ret, dict):
             continue
+        if blist:
+            for key in list(ret):
+                for block in blist:
+                    if salt.utils.stringutils.expr_match(key, block):
+                        del ret[key]
+                        log.trace('Filtering %s grain', key)
+            if not ret:
+                continue
         if grains_deep_merge:
             salt.utils.dictupdate.update(grains_data, ret)
         else:
@@ -819,6 +829,14 @@ def grains(opts, force_refresh=False, proxy=None):
             continue
         if not isinstance(ret, dict):
             continue
+        if blist:
+            for key in list(ret):
+                for block in blist:
+                    if salt.utils.stringutils.expr_match(key, block):
+                        del ret[key]
+                        log.trace('Filtering %s grain', key)
+            if not ret:
+                continue
         if grains_deep_merge:
             salt.utils.dictupdate.update(grains_data, ret)
         else:
diff --git a/tests/unit/test_loader.py b/tests/unit/test_loader.py
index dd0ce8e2e2f7..28545b5de3dc 100644
--- a/tests/unit/test_loader.py
+++ b/tests/unit/test_loader.py
@@ -283,6 +283,31 @@ def test_whitelist(self):
         self.assertNotIn('grains.get', self.loader)
 
 
+class LazyLoaderGrainsBlacklistTest(TestCase):
+    '''
+    Test the loader of grains with a blacklist
+    '''
+    def setUp(self):
+        self.opts = salt.config.minion_config(None)
+
+    def tearDown(self):
+        del self.opts
+
+    def test_whitelist(self):
+        opts = copy.deepcopy(self.opts)
+        opts['grains_blacklist'] = [
+            'master',
+            'os*',
+            'ipv[46]'
+        ]
+
+        grains = salt.loader.grains(opts)
+        self.assertNotIn('master', grains)
+        self.assertNotIn('os', set([g[:2] for g in list(grains)]))
+        self.assertNotIn('ipv4', grains)
+        self.assertNotIn('ipv6', grains)
+
+
 class LazyLoaderSingleItem(TestCase):
     '''
     Test loading a single item via the _load() function