[BUG] windows, runas stops the ability to use success_retcodes

[whytewolf]

Description
useing runas with success_retcodes causes the effect that the retcode is ignored on the return so even if the proper retcode happens in your list the retcode is ignored.

Setup

test run:
  cmd.run:
    - name: cmd.exe /c exit 300
    - runas: TestAdmin
    - password: password
    - success_retcodes:
        - 2
        - 44
        - 300

Steps to Reproduce the behavior
use the state above on windows with a proper user of course.

with runas

[DEBUG   ] Rendered data from file: c:\salt\var\cache\salt\minion\files\base\test\test.sls:
test run:
  cmd.run:
    - name: cmd.exe /c exit 300
    - runas: TestAdmin
    - password: password
    - success_retcodes:
        - 2
        - 44
        - 300

[DEBUG   ] Results of YAML rendering:
OrderedDict([('test run', OrderedDict([('cmd.run', [OrderedDict([('name', 'cmd.exe /c exit 300')]), OrderedDict([('runas', 'TestAdmin')]), OrderedDict([('password', 'password')]), OrderedDict([('success_retcodes', [2, 44, 300])])])]))])
[PROFILE ] Time (in seconds) to render 'c:\salt\var\cache\salt\minion\files\base\test\test.sls' using 'yaml' renderer: 0.0
[DEBUG   ] LazyLoaded config.option
[DEBUG   ] LazyLoaded cmd.run
[INFO    ] Running state [cmd.exe /c exit 300] at time 14:39:11.267611
[INFO    ] Executing state cmd.run for [cmd.exe /c exit 300]
[TRACE   ] Slot processing list value: 2
[TRACE   ] Slot processing list value: 44
[TRACE   ] Slot processing list value: 300
[TRACE   ] Loaded cmdmod as virtual cmd
[DEBUG   ] LazyLoaded cmd.run_all
[INFO    ] Executing command 'cmd.exe' as user 'TestAdmin' in directory 'C:\Users\TestAdmin'
[DEBUG   ] Unable to OpenProcess pid=4 name=System
[DEBUG   ] Unable to OpenProcess pid=88 name=Secure System
[DEBUG   ] Unable to OpenProcess pid=156 name=Registry
[DEBUG   ] Unable to OpenProcess pid=564 name=smss.exe
[DEBUG   ] Unable to OpenProcess pid=636 name=wininit.exe
[DEBUG   ] OpenProcessToken failed pid=640 name=svchost.exe userNT AUTHORITY\SYSTEM
[DEBUG   ] Token for pid does not match user sid: S-1-5-18
[DEBUG   ] Unable to OpenProcess pid=864 name=csrss.exe
[DEBUG   ] Unable to OpenProcess pid=940 name=csrss.exe
[DEBUG   ] Unable to OpenProcess pid=944 name=services.exe
[ERROR   ] {'pid': 33384, 'retcode': 300, 'stdout': '', 'stderr': ''}
[INFO    ] Completed state [cmd.exe /c exit 300] at time 14:39:11.397991 (duration_in_ms=130.38)
[DEBUG   ] File c:\salt\var\cache\salt\minion\accumulator\1985024069128 does not exist, no need to cleanup
[TRACE   ] Loaded cmdmod as virtual cmd
[DEBUG   ] LazyLoaded cmd.run
[INFO    ] Executing command attrib in directory 'C:\Users\Thomas Phipps'
[DEBUG   ] output:
[DEBUG   ] LazyLoaded state.check_result
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp:https://10.40.2.3:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp:https://10.40.2.3:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp:https://10.40.2.3:4506
[DEBUG   ] Trying to connect to: tcp:https://10.40.2.3:4506
[TRACE   ] Inserted key into loop_instance_map id 1985027297224 for key ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp:https://10.40.2.3:4506', 'aes') and process 26036
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] LazyLoaded highstate.output
[DEBUG   ] LazyLoaded nested.output
[TRACE   ] data = {'local': {'cmd_|-test run_|-cmd.exe /c exit 300_|-run': {'name': 'cmd.exe /c exit 300', 'changes': {'pid': 33384, 'retcode': 300, 'stdout': '', 'stderr': ''}, 'result': False, 'comment': 'Command "cmd.exe /c exit 300" run', '__sls__': 'test.test', '__run_num__': 0, 'start_time': '14:39:11.267611', 'duration': '130.38 ms', '__id__': 'test run'}}}
local:
----------
          ID: test run
    Function: cmd.run
        Name: cmd.exe /c exit 300
      Result: False
     Comment: Command "cmd.exe /c exit 300" run
     Started: 14:39:11.267611
    Duration: 130.38 ms
     Changes:
              ----------
              pid:
                  33384
              retcode:
                  300
              stderr:
              stdout:

Summary for local
------------
Succeeded: 0 (changed=1)
Failed:    1
------------
Total states run:     1
Total run time: 130.380 ms
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] Closing AsyncZeroMQReqChannel instance

without runas

[DEBUG   ] Rendered data from file: c:\salt\var\cache\salt\minion\files\base\test\test.sls:
test run:
  cmd.run:
    - name: cmd.exe /c exit 300
    - success_retcodes:
        - 2
        - 44
        - 300

[DEBUG   ] Results of YAML rendering:
OrderedDict([('test run', OrderedDict([('cmd.run', [OrderedDict([('name', 'cmd.exe /c exit 300')]), OrderedDict([('success_retcodes', [2, 44, 300])])])]))])
[PROFILE ] Time (in seconds) to render 'c:\salt\var\cache\salt\minion\files\base\test\test.sls' using 'yaml' renderer: 0.0009751319885253906
[DEBUG   ] LazyLoaded config.option
[DEBUG   ] LazyLoaded cmd.run
[INFO    ] Running state [cmd.exe /c exit 300] at time 14:41:04.623932
[INFO    ] Executing state cmd.run for [cmd.exe /c exit 300]
[TRACE   ] Slot processing list value: 2
[TRACE   ] Slot processing list value: 44
[TRACE   ] Slot processing list value: 300
[TRACE   ] Loaded cmdmod as virtual cmd
[DEBUG   ] LazyLoaded cmd.run_all
[INFO    ] Executing command 'cmd.exe' in directory 'C:\Users\Thomas Phipps'
[INFO    ] {'pid': 34760, 'retcode': 0, 'stdout': '', 'stderr': ''}
[INFO    ] Completed state [cmd.exe /c exit 300] at time 14:41:04.653633 (duration_in_ms=29.701)
[DEBUG   ] File c:\salt\var\cache\salt\minion\accumulator\1420181605512 does not exist, no need to cleanup
[TRACE   ] Loaded cmdmod as virtual cmd
[DEBUG   ] LazyLoaded cmd.run
[INFO    ] Executing command attrib in directory 'C:\Users\Thomas Phipps'
[DEBUG   ] output:
[DEBUG   ] LazyLoaded state.check_result
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp:https://10.40.2.3:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp:https://10.40.2.3:4506')
[DEBUG   ] Connecting the Minion to the Master URI (for the return server): tcp:https://10.40.2.3:4506
[DEBUG   ] Trying to connect to: tcp:https://10.40.2.3:4506
[TRACE   ] Inserted key into loop_instance_map id 1420184576456 for key ('c:\\salt\\conf\\pki\\minion', 'Desktop', 'tcp:https://10.40.2.3:4506', 'aes') and process 11040
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] LazyLoaded highstate.output
[DEBUG   ] LazyLoaded nested.output
[TRACE   ] data = {'local': {'cmd_|-test run_|-cmd.exe /c exit 300_|-run': {'name': 'cmd.exe /c exit 300', 'changes': {'pid': 34760, 'retcode': 0, 'stdout': '', 'stderr': ''}, 'result': True, 'comment': 'Command "cmd.exe /c exit 300" run', '__sls__': 'test.test', '__run_num__': 0, 'start_time': '14:41:04.623932', 'duration': '29.701 ms', '__id__': 'test run'}}}
local:
----------
          ID: test run
    Function: cmd.run
        Name: cmd.exe /c exit 300
      Result: True
     Comment: Command "cmd.exe /c exit 300" run
     Started: 14:41:04.623932
    Duration: 29.701 ms
     Changes:
              ----------
              pid:
                  34760
              retcode:
                  0
              stderr:
              stdout:

Summary for local
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:  29.701 ms
[DEBUG   ] Closing AsyncZeroMQReqChannel instance
[DEBUG   ] Closing AsyncZeroMQReqChannel instance

Expected behavior
success_retcodes works with or without runas

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

PS C:\WINDOWS\system32> salt-call --versions
Salt Version:
          Salt: 3002.5

Dependency Versions:
          cffi: 1.12.2
      cherrypy: 17.4.1
      dateutil: 2.8.0
     docker-py: Not Installed
         gitdb: 2.0.5
     gitpython: Not Installed
        Jinja2: 2.10.1
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: 1.0.7
       msgpack: 1.0.0
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.19
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
        Python: 3.7.4 (tags/v3.7.4:e09359112e, Jul  8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)]
  python-gnupg: 0.4.4
        PyYAML: 5.3.1
         PyZMQ: 18.0.1
         smmap: 2.0.5
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.1

System Versions:
          dist:
        locale: cp1252
       machine: AMD64
       release: 10
        system: Windows
       version: 10 10.0.19041 SP0

and

Salt Version:
          Salt: 3003

Dependency Versions:
          cffi: 1.14.5
      cherrypy: 18.6.0
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: 4.0.5
     gitpython: Not Installed
        Jinja2: 2.10.1
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: 1.1.4
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.20
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
        Python: 3.7.4 (tags/v3.7.4:e09359112e, Jul  8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)]
  python-gnupg: 0.4.6
        PyYAML: 5.3.1
         PyZMQ: 18.0.1
         smmap: 3.0.4
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.1

System Versions:
          dist:
        locale: cp1252
       machine: AMD64
       release: 10
        system: Windows
       version: 10 10.0.19041 SP0

Additional context
Add any other context about the problem here.

[xeacott]

Able to reproduce this... will be looking into a fix.

[xeacott]

So have this dialed in, just not entirely sure on the fix yet. The issue is when cmd.run runs, apart from cmd.script we actually run the command and return immediately instead of going through the rest of the normal business when executing cmd.run.

salt/salt/modules/cmdmod.py

Line 427 in c4bd7f6

return win_runas(cmd, runas, password, cwd)

and the issue is honoring the success_retcodes doesn't happen until around

salt/salt/modules/cmdmod.py

Line 773 in c4bd7f6

if ret["retcode"] in success_retcodes: