Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't attempt to verify token if it wasn't sent to master. #31653

Merged
merged 1 commit into from Mar 3, 2016
Merged

Don't attempt to verify token if it wasn't sent to master. #31653

merged 1 commit into from Mar 3, 2016

Conversation

DmitryKuzmenko
Copy link
Contributor

What does this PR do?

Make minion to remember have it sent token to the master in auth request and don't attempt to verify the token if not.

What issues does this PR fix or reference?

Fixes #29753

Previous Behavior

In multimaster setup when a new minion have no master pubkey it sends the async auth request to each master withouth minion token. So each master answers without the token.
When minion handles the answers it verifies the minion token if master pubkey file exists. After the first answer minion writes master pubkey into the file and decides the answer have to contain the token when handles other answers.

New Behavior

For each master auth reply minion checks did it send the token to master and doesn't verify it if not.

Tests written?

  • Yes
  • No

Don't attempt to verify token if it wasn't sent to master.
2557707 
In multimaster setup new minion having no master pubkey sends initial
auth requests to each master without token but it tries to verify the
token in the received payload for each master excluding the first.
This happens because minion makes this decision depending on the master
pubkey file existense.
@DmitryKuzmenko DmitryKuzmenko mentioned this pull request Mar 3, 2016
Closed
@thatch45
Copy link
Member

thatch45 commented Mar 3, 2016

@DmitryKuzmenko @cachedout This looks good to me, it should only be invoked in the right cases.

cachedout pushed a commit that referenced this pull request Mar 3, 2016
Merge pull request #31653 from DSRCompany/issues/29753_multimaster_au…
2ed7286 
…th_fail

Don't attempt to verify token if it wasn't sent to master.
@cachedout cachedout merged commit 2ed7286 into saltstack:2015.8 Mar 3, 2016
@DmitryKuzmenko DmitryKuzmenko deleted the issues/29753_multimaster_auth_fail branch August 15, 2016 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@DmitryKuzmenko @thatch45 @cachedout