Comments (5)
The external_auth section in the master config works on regular expressions so unless you have allowed access to a module named grain
it will get stopped before attempting the execution. If you were to allow access to that (non-existent) module it will return '"grain.items" is not available.' as expected.
See ticket #59 which will make errors like this more obvious.
from salt-api.
Yep, thanks for the explanation.
It seems to me that the external_auth
should make the difference between an authorization failure and a non-existent module. Then Salt-API would send 403 instead of 401 in case the authorization fails and a 400 or something when the request is invalid.
from salt-api.
Anyhow (it might be as well the job of salt-api to check if a module exists before calling external_auth
), I cannot really understand why then host.list_hosts
another non-existent module return 200
from salt-api.
Forget about my last post. I had written host.*
as external_auth
;-)
I still believe it is rather confusing to return 403
when a non-existent module does not pass authorization.
from salt-api.
I hear you. The external_auth check happens on the master and the master doesn't know what modules are installed on each minion. We could make some educated guesses there, of course, possibly based on what modules are installed on the master or what the master knows from cached data from previous executions but they'd only be guesses. It is useful to think about though.
Ticket #59 should make this more obvious since you'll see the current user's permissions in the output from the 403 response (same as the output from the newly changed /login
URL).
Another possible take on making this more user-friendly could be saltstack/salt#4352 so that typos in the external_auth
config are caught early.
from salt-api.
Related Issues (20)
- question: fetch token from salt master in login function HOT 3
- How can i use like this command for the result save mysql?
- how to use salt restful api efficiently
- Did not find any netapi configurations HOT 2
- git.checkout error
- cherrypy._cperror.HTTPError: (401, 'Could not authenticate using provided credentials') HOT 8
- state.sls always run env=base HOT 2
- add linux user home directory can't change HOT 1
- how i get more about return message HOT 1
- Salt API connection failed Salt return HTTP code 503 HOT 4
- how can i use salt-api get the salt-mine??
- Salt-api on macOS high Sierra HOT 1
- salt-api + salt-ssh -r
- dockercompose module is missing docker-compose down command HOT 2
- Salt-Api + SSH + pillar
- Get status.procs the salt-api retrun 500
- salt-api return Failed to authenticate against remote windows host (smb).
- Environ.setenv return unicode
- error: [Errno 24] Too many open files HOT 1
- salt-api "Authentication module threw <nothing>" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from salt-api.