mirror of
https://github.com/valitydev/salt.git
synced 2024-11-08 09:23:56 +00:00
Fix auth_check to also work for compound commands
This commit is contained in:
parent
113bfaa7c3
commit
410a51742f
@ -251,35 +251,40 @@ class CkMinions(object):
|
||||
vals.append(False)
|
||||
return all(vals)
|
||||
|
||||
def auth_check(self, auth_list, fun, tgt, tgt_type='glob'):
|
||||
def auth_check(self, auth_list, funs, tgt, tgt_type='glob'):
|
||||
'''
|
||||
Returns a bool which defines if the requested function is authorized.
|
||||
Used to evaluate the standard structure under external master
|
||||
authentication interfaces, like eauth, peer, peer_run, etc.
|
||||
'''
|
||||
for ind in auth_list:
|
||||
if isinstance(ind, str):
|
||||
# Allowed for all minions
|
||||
if self.match_check(ind, fun):
|
||||
return True
|
||||
elif isinstance(ind, dict):
|
||||
if len(ind) != 1:
|
||||
# Invalid argument
|
||||
continue
|
||||
valid = ind.keys()[0]
|
||||
# Check if minions are allowed
|
||||
if self.validate_tgt(
|
||||
valid,
|
||||
tgt,
|
||||
tgt_type):
|
||||
# Minions are allowed, verify function in allowed list
|
||||
if isinstance(ind[valid], str):
|
||||
if self.match_check(ind[valid], fun):
|
||||
return True
|
||||
elif isinstance(ind[valid], list):
|
||||
for regex in ind[valid]:
|
||||
if self.match_check(regex, fun):
|
||||
# compound commands will come in a list so treat everything as a list
|
||||
if not isinstance(funs, list):
|
||||
funs = [funs]
|
||||
|
||||
for fun in funs:
|
||||
for ind in auth_list:
|
||||
if isinstance(ind, str):
|
||||
# Allowed for all minions
|
||||
if self.match_check(ind, fun):
|
||||
return True
|
||||
elif isinstance(ind, dict):
|
||||
if len(ind) != 1:
|
||||
# Invalid argument
|
||||
continue
|
||||
valid = ind.keys()[0]
|
||||
# Check if minions are allowed
|
||||
if self.validate_tgt(
|
||||
valid,
|
||||
tgt,
|
||||
tgt_type):
|
||||
# Minions are allowed, verify function in allowed list
|
||||
if isinstance(ind[valid], str):
|
||||
if self.match_check(ind[valid], fun):
|
||||
return True
|
||||
elif isinstance(ind[valid], list):
|
||||
for regex in ind[valid]:
|
||||
if self.match_check(regex, fun):
|
||||
return True
|
||||
return False
|
||||
|
||||
def wheel_check(self, auth_list, fun):
|
||||
|
Loading…
Reference in New Issue
Block a user