-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicit and document ACL rules format #21303
Comments
@Lothiraldan, thanks for the report. |
According to #31598, external auth support for all target types has been added. |
Lines 637 to 655 in 0a9e062
Lines 48 to 62 in 0a9e062
I propose to make a PR which says explicitly that all matcher except compound are supported in eauth configuration. |
@Lothiraldan, should we close this in favor of #32737? |
@jfindlay Yes I forget but since I've create a PR for documentation and an issue for discussing the non-support of compound matcher, we can now close the issue. |
ACL rules format are not documented, by digging into the code, we saw that rules are either "glob" rule or compound rule but with only one matcher.
Here (https://github.com/saltstack/salt/blob/develop/salt/utils/minions.py#L550-L551) the matcher os forced to to "glob" if the rule doesn't start with ".@".
For compound rules (https://github.com/saltstack/salt/blob/develop/salt/utils/minions.py#L545-L548), parsing is quite rudimentary and so will fail with compound matcher with more than one matcher.
For exemple with this rule
'S@10.0.2.0/24 or web*'
, the parsedv_expr
will be'10.0.2.0/24 or web*'
and so will be invalid.What format do we want to support in ACL rules ?
The text was updated successfully, but these errors were encountered: