fixes a bug which broke eauth with group permissions

Conflicts: salt/utils/minions.py
2024-11-09 01:36:48 +00:00 · 2015-01-31 20:14:46 +01:00 · 2015-01-31 20:14:46 +01:00 · 5e897d8442
commit 5e897d8442
parent 1a0f5e7fa7
2 changed files with 11 additions and 14 deletions
--- a/salt/master.py
+++ b/salt/master.py
@ -2159,7 +2159,7 @@ class ClearFuncs(object):
            if name in self.opts['external_auth'][extra['eauth']]:
                auth_list = self.opts['external_auth'][extra['eauth']][name]
            if group_auth_match:
-                auth_list.append(self.ckminions.gather_groups(self.opts['external_auth'][extra['eauth']], groups, auth_list))
+                auth_list = self.ckminions.fill_auth_list_from_groups(self.opts['external_auth'][extra['eauth']], groups, auth_list)

            good = self.ckminions.auth_check(
                auth_list,
--- a/salt/utils/minions.py
+++ b/salt/utils/minions.py
@ -630,23 +630,20 @@ class CkMinions(object):
            return False
        return False

-    def gather_groups(self, auth_provider, user_groups, auth_list):
+    def fill_auth_list_from_groups(self, auth_provider, user_groups, auth_list):
        '''
-        Returns the list of groups, if any, for a given authentication provider type
+        Returns the provided list auf permission matchers, plus any matchers
+        that are given to a group the user is in.

        Groups are defined as any dict in which a key has a trailing '%'
+        and the values are permission matchers.
        '''
-        group_perm_keys = filter(lambda(item): item.endswith('%'), auth_provider)
-        groups = {}
-        if group_perm_keys:
-            for group_perm in group_perm_keys:
-                for matcher in auth_provider[group_perm]:
-                    if group_perm[:-1] in user_groups:
-                        groups[group_perm] = matcher
-        else:
-            return None
-        for item in groups.itervalues():
-            auth_list.append(item)
+        group_names = [item for item in auth_provider if item.endswith('%')]
+        if group_names:
+            for group_name in group_names:
+                if group_name.rstrip("%") in user_groups:
+                    for matcher in auth_provider[group_name]:
+                        auth_list.append(matcher)
        return auth_list

    def wheel_check(self, auth_list, fun):