Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix compound matching in eauth #50876

Merged
merged 1 commit into from Dec 20, 2018

Conversation

Projects
None yet
3 participants
@terminalmage
Copy link
Contributor

commented Dec 14, 2018

The auth validation functions were using flawed logic to validate the expressions configured for a given eauth plugin. To "expand" the expression, it would use salt.utils.minions.parse_target() to analyze the expression. However, this function was intended to be used on individual words in a compound expression, not on a compound expression as a whole. This means that any multi-word compound expression would fail to validate. By assuming that the euth expression is compound and using check_minions() to get the list of minions that match the expression, we ensure that it is properly validated.

Fixes #50153.

CC: @thatch45

Fix compound matching in eauth
The auth validation functions were using flawed logic to validate the
expressions configured for a given eauth plugin. To "expand" the
expression, it would use `salt.utils.minions.parse_target()` to analyze
the expression. However, this function was intended to be used on
individual words in a compound expression, not on a compound expression
as a whole. This means that any multi-word compound expression would
fail to validate. By assuming that the euth expression is compound and
using `check_minions()` to get the list of minions that match the
expression, we ensure that it is properly validated.

@terminalmage terminalmage requested a review from saltstack/team-core as a code owner Dec 14, 2018

@terminalmage terminalmage requested a review from thatch45 Dec 14, 2018

@thatch45 thatch45 merged commit 747dd69 into saltstack:2017.7 Dec 20, 2018

9 of 10 checks passed

jenkins/pr/py2-windows-2016 The py2-windows-2016 job has failed
Details
WIP Ready for review
Details
continuous-integration/jenkins/pr-merge This commit looks good
Details
jenkins/pr/docs The docs job has passed
Details
jenkins/pr/lint Python lint test has passed
Details
jenkins/pr/py2-centos-7 The py2-centos-7 job has passed
Details
jenkins/pr/py2-ubuntu-1604 The py2-ubuntu-1604 job has passed
Details
jenkins/pr/py3-centos-7 The py3-centos-7 job has passed
Details
jenkins/pr/py3-ubuntu-1604 The py3-ubuntu-1604 job has passed
Details
jenkins/pr/py3-windows-2016 The py3-windows-2016 job has passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.