[BUG] state.highstate test=True saltenv=None against a Salt GitFS server causes modules from random branches to be fetched rather than from the configured saltenv

(With latest Salt 3001)

I encountered a curious situation with Salt. The setup:

• Salt master with GitFS and hundreds of branches.
• Salt API receiving requests.
• API client requesting state.highstate test=True from Salt minions.
• Clients all configured with topfile merge strategy same and with saltenv = base.

I was encountering the weirdest thing. Every time the API client hit the endpoint, test-mode highstate started, modules were synced by the minions (this by itself is weird, but that’s another matter), and after that, all the minions had the wrong modules. It took a saltutil.sync_all to correct that bad situation.

It was only when we discovered that our API client was sending the kwarg saltenv: null as part of the kwarg dictionary, that we connected the dots. Whenever the API client sends the request for test highstate with that specific kwarg, the saltenv: null parameter is relayed as-is by the Salt master bus to the minions, which in turn causes the minions to hit every single branch known to the GitFS-enabled master, fetching modules from the wrong branch, rather than from the configured base branch.

This is weird. The code for state.highstate clearly states:

    if "saltenv" in kwargs:
        opts["saltenv"] = kwargs["saltenv"]

So in this case the saltenv key/value in the opts dictionary gets set to None. This should be expanded to be a check for if "saltenv" in kwargs and kwargs["saltenv"]. Anywhere saltenv and pillarenv are accepted, that is the check that should be done.

I get the feeling that invalid values should not cause malfunctions of this sort.