valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 17:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #34847 from cachedout/pwall

Browse Source 
Add an option to skip the verification of client_acl users
This commit is contained in:
Thomas S Hatch 2016-07-21 11:55:55 -06:00 committed by GitHub
commit 5d91139bc9
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
conf/master
View File

@ -301,6 +301,11 @@ CLI option, only sets this to a single file for all salt commands.
# running any commands. It would also blacklist any use of the "cmd" # running any commands. It would also blacklist any use of the "cmd"
# module. This is completely disabled by default. # module. This is completely disabled by default.
# #
#
# Check the list of configured users in client ACL against users on the
# system and throw errors if they do not exist.
#client_acl_verify: True
#
#client_acl_blacklist: #client_acl_blacklist:
# users: # users:
# - root # - root

2
salt/config.py
View File

@ -542,6 +542,7 @@ VALID_OPTS = {
'syndic_master': (string_types, list), 'syndic_master': (string_types, list),
'runner_dirs': list, 'runner_dirs': list,
'client_acl': dict, 'client_acl': dict,
'client_acl_verify': bool,
'client_acl_blacklist': dict, 'client_acl_blacklist': dict,
'sudo_acl': bool, 'sudo_acl': bool,
'external_auth': dict, 'external_auth': dict,
@ -1095,6 +1096,7 @@ DEFAULT_MASTER_OPTS = {
'runner_dirs': [], 'runner_dirs': [],
'outputter_dirs': [], 'outputter_dirs': [],
'client_acl': {}, 'client_acl': {},
'client_acl_verify': True,
'client_acl_blacklist': {}, 'client_acl_blacklist': {},
'sudo_acl': False, 'sudo_acl': False,
'external_auth': {}, 'external_auth': {},

8
salt/daemons/masterapi.py
View File

@ -198,9 +198,11 @@ def access_keys(opts):
if opts.get('user'): if opts.get('user'):
acl_users.add(opts['user']) acl_users.add(opts['user'])
acl_users.add(salt.utils.get_user()) acl_users.add(salt.utils.get_user())
if HAS_PWD: if opts['client_acl_verify'] and HAS_PWD:
log.profile('Beginning pwd.getpwall() call in masterarpi acess_keys function')
for user in pwd.getpwall(): for user in pwd.getpwall():
users.append(user.pw_name) users.append(user.pw_name)
log.profile('End pwd.getpwall() call in masterarpi acess_keys function')
for user in acl_users: for user in acl_users:
log.info( log.info(
'Preparing the {0} key for local communication'.format( 'Preparing the {0} key for local communication'.format(
@ -208,10 +210,12 @@ def access_keys(opts):
) )
) )
if HAS_PWD: if opts['client_acl_verify'] and HAS_PWD:
if user not in users: if user not in users:
try: try:
log.profile('Beginning pwd.getpnam() call in masterarpi acess_keys function')
user = pwd.getpwnam(user).pw_name user = pwd.getpwnam(user).pw_name
log.profile('Beginning pwd.getpwnam() call in masterarpi acess_keys function')
except KeyError: except KeyError:
log.error('ACL user {0} is not available'.format(user)) log.error('ACL user {0} is not available'.format(user))
continue continue