Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[master] Use token's eauth key if load omits it. #66662

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[master] Use token's eauth key if load omits it. #66662

wants to merge 1 commit into from

Conversation

RyanFrantz
Copy link

What does this PR do?

  • For token-based authentication, where administrators would also like to write a custom eauth ACL module, this update allows __get_acl to check for such a module, either via the eauth_acl_module configuration value or fallback to the eauth module's acl function, if defined.

What issues does this PR fix or reference?

N/A

Previous Behavior

If load["eauth"] is not defined, __get_acl() immediately returns None.

New Behavior

In get_auth_list(), if the "eauth" key is not present in the load dictionary, but is present in the token dictionary, the token's "eauth" value is added to the load dictionary. When __get_acl() is called from within get_auth_list(), the former can attempt to perform an ACL lookup via the eauth_acl_module configuration option or fall back to the eauth module's acl() function, if defined.

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

Commits signed with GPG?

No

Please review Salt's Contributing Guide for best practices, including the
PR Guidelines.

See GitHub's page on GPG signing for more information about signing commits with GPG.

Use token's eauth key if load omits it.
714aca2 
- `get_auth_list` uses the load to perform ACL lookup but if no `eauth`
  key is present, `__get_acl` immediately returns.
- For token-based authentication, where administrators would also like
  to write a custom eauth ACL module, this update allows `__get_acl` to
  check for such a module, either via the `eauth_acl_module`
  configuration value or fallback to the `eauth` module's `acl`
  function, if defined.
@RyanFrantz RyanFrantz requested a review from a team as a code owner June 24, 2024 17:12
@RyanFrantz RyanFrantz requested a review from dwoz June 24, 2024 17:12
@welcome Welcome
Copy link

welcome bot commented Jun 24, 2024

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@salt-project-bot-prod-environment salt-project-bot-prod-environment bot changed the title Use token's eauth key if load omits it. [master] Use token's eauth key if load omits it. Jun 24, 2024
Akm0d
Akm0d requested changes Jul 1, 2024
View reviewed changes
Copy link
Contributor

@Akm0d Akm0d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Akm0d Akm0d Akm0d requested changes

@dwoz dwoz Awaiting requested review from dwoz dwoz is a code owner automatically assigned from saltstack/team-core

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@RyanFrantz @Akm0d