Merge pull request #20398 from basepi/merge-forward-2015.2

Merge forward from 2014.7 to 2015.2
2024-11-09 01:36:48 +00:00 · 2015-02-05 14:02:30 -07:00 · 2015-02-05 14:02:30 -07:00 · ed640db3e5
commit ed640db3e5
parent 7943a60954 f3111503da
3 changed files with 13 additions and 16 deletions
--- a/salt/loader.py
+++ b/salt/loader.py
@ -128,6 +128,8 @@ def minion_mods(opts, context=None, whitelist=None, include_errors=False, initia
        import salt.loader

        __opts__ = salt.config.minion_config('/etc/salt/minion')
+        __grains__ = salt.loader.grains(__opts__)
+        __opts__['grains'] = __grains__
        __salt__ = salt.loader.minion_mods(__opts__)
        __salt__['test.ping']()
    '''
--- a/salt/master.py
+++ b/salt/master.py
@ -2229,7 +2229,7 @@ class ClearFuncs(object):
            if name in self.opts['external_auth'][extra['eauth']]:
                auth_list = self.opts['external_auth'][extra['eauth']][name]
            if group_auth_match:
-                auth_list.append(self.ckminions.gather_groups(self.opts['external_auth'][extra['eauth']], groups, auth_list))
+                auth_list = self.ckminions.fill_auth_list_from_groups(self.opts['external_auth'][extra['eauth']], groups, auth_list)

            good = self.ckminions.auth_check(
                auth_list,
--- a/salt/utils/minions.py
+++ b/salt/utils/minions.py
@ -655,23 +655,18 @@ class CkMinions(object):
            return False
        return False

-    def gather_groups(self, auth_provider, user_groups, auth_list):
+    def fill_auth_list_from_groups(self, auth_provider, user_groups, auth_list):
        '''
-        Returns the list of groups, if any, for a given authentication provider type
-
-        Groups are defined as any dict in which a key has a trailing '%'
+        Returns a list of authorisation matchers that a user is eligible for.
+        This list is a combination of the provided personal matchers plus the
+        matchers of any group the user is in.
        '''
-        group_perm_keys = [item for item in auth_provider if item.endswith('%')]
-        groups = {}
-        if group_perm_keys:
-            for group_perm in group_perm_keys:
-                for matcher in auth_provider[group_perm]:
-                    if group_perm[:-1] in user_groups:
-                        groups[group_perm] = matcher
-        else:
-            return None
-        for item in groups.values():
-            auth_list.append(item)
+        group_names = [item for item in auth_provider if item.endswith('%')]
+        if group_names:
+            for group_name in group_names:
+                if group_name.rstrip("%") in user_groups:
+                    for matcher in auth_provider[group_name]:
+                        auth_list.append(matcher)
        return auth_list

    def wheel_check(self, auth_list, fun):