Description of Issue
We have Oauth for SSO in front of SaltGUI, we are able to auth on SaltGUI but nothing can load due to 401 error.
In the salt master logs we can see this error :
Authentication failure of type "token" occurred.
In the salt-api logs we have this :
[ERROR ] [31/Aug/2023:20:17:36]
Traceback (most recent call last):
File "cherrypy/_cpwsgi.py", line 236, in __init__
self.run()
File "cherrypy/_cpwsgi.py", line 335, in run
request.run(meth, path, qs, rproto, headers, rfile)
File "cherrypy/_cprequest.py", line 604, in run
self.respond(pi)
File "cherrypy/_cprequest.py", line 638, in respond
self._do_respond(path_info)
File "cherrypy/_cprequest.py", line 677, in _do_respond
self.hooks.run('on_start_resource')
File "cherrypy/_cprequest.py", line 95, in run
self.run_hooks(iter(sorted(self[point])))
File "cherrypy/_cprequest.py", line 117, in run_hooks
hook()
File "cherrypy/_cprequest.py", line 65, in __call__
return self.callback(**self.kwargs)
File "salt/netapi/rest_cherrypy/app.py", line 672, in html_override_tool
raise cherrypy.InternalRedirect(apiopts.get("app_path", "/app"))
cherrypy._cperror.InternalRedirect: ('/app', '')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "cherrypy/_cptree.py", line 160, in release_serving
req.close()
File "cherrypy/_cprequest.py", line 521, in close
self.hooks.run('on_end_request')
File "cherrypy/_cprequest.py", line 95, in run
self.run_hooks(iter(sorted(self[point])))
File "cherrypy/_cprequest.py", line 117, in run_hooks
hook()
File "cherrypy/_cprequest.py", line 65, in __call__
return self.callback(**self.kwargs)
File "cherrypy/lib/cpstats.py", line 368, in record_stop
getattr(resp, 'output_status', resp.status).decode()
AttributeError: 'NoneType' object has no attribute 'decode'
Setup
Salt is running as user salt in several containers (salt-master/salt-api/salt-minion).
Salt master auth config :
external_auth:
pam:
salt:
- '@wheel'
- '@runner'
- '@jobs'
- .*
rest:
"^url": http://salt-api-oauth2.salt.svc.cluster.local:8080/_callback
"*":
- state.*
- grains.*
- system.reboot
- test.ping
- saltutil.refresh_grains
- '@runner'
- '@wheel'
- '@jobs'
rest_cherrypy:
port: 8000
collect_stats: True
stats_disable_auth: True
disable_ssl: True
#ssl_crt: /etc/pki/tls/certs/localhost.crt
#ssl_key: /etc/pki/tls/certs/localhost.key
app: /srv/saltgui/index.html
static: /srv/saltgui/static
static_path: /static
netapi_enable_clients: #### if trying with version 3006
- local
- local_async
- local_batch
- local_subset
- runner
- runner_async
- ssh
- wheel
- wheel_async
Steps to Reproduce Issue
Refresh SaltGUI webpage on any tab (minions/jobs/...)
Versions Report
We also tried with Salt 3006.1 & 3006.2 (with netapi_enable_clients options)
Salt Master
Salt Version:
Salt: 3005.2
Dependency Versions:
cffi: 1.14.6
cherrypy: unknown
dateutil: 2.8.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.0
libgit2: 1.6.4
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.2
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.9.8
pygit2: 1.12.2
Python: 3.9.17 (main, Aug 4 2023, 19:58:37)
python-gnupg: 2.3.1
PyYAML: 6.0.1
PyZMQ: 23.2.0
smmap: Not Installed
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: ubuntu 22.04 jammy
locale: ascii
machine: x86_64
release: 5.10.162+
system: Linux
version: Ubuntu 22.04 jammy
Salt-api :
Salt Version:
Salt: 3005.2
Dependency Versions:
cffi: 1.14.6
cherrypy: unknown
dateutil: 2.8.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.0
libgit2: 1.6.4
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.2
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.9.8
pygit2: 1.12.2
Python: 3.9.17 (main, Aug 4 2023, 19:58:37)
python-gnupg: 2.3.1
PyYAML: 6.0.1
PyZMQ: 23.2.0
smmap: Not Installed
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: ubuntu 22.04 jammy
locale: ascii
machine: x86_64
release: 5.10.162+
system: Linux
version: Ubuntu 22.04 jammy
Thanks
Description of Issue
We have Oauth for SSO in front of SaltGUI, we are able to auth on SaltGUI but nothing can load due to 401 error.
In the salt master logs we can see this error :
Authentication failure of type "token" occurred.In the salt-api logs we have this :
Setup
Salt is running as user salt in several containers (salt-master/salt-api/salt-minion).
Salt master auth config :
Steps to Reproduce Issue
Refresh SaltGUI webpage on any tab (minions/jobs/...)
Versions Report
We also tried with Salt 3006.1 & 3006.2 (with netapi_enable_clients options)
Salt Master
Salt-api :
Thanks