-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mine minion acl #54100
Closed
Closed
Mine minion acl #54100
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…s.mine) and replaced it by the _mine_get in salt.daemons.masterapi.
…alt.utils.mine. Added minion-side ACL.
…y request a mine function that they do not have access to.
…as well as the minion-side ACL.
Could use a release note entry about the data format update and new mine targeting functionality. |
@mchugh19 Since this is based on the develop branch...should I create a new |
Yep! I think that's correct. |
Using kwargs is misleading as only the keyword func_args would be extracted from kwargs. Updated function docstring.
…guments in *args.
Altered call_function to accept *args and **kwargs instead of just kwargs with a magic keyword that contained the args. Removed unused continue. Removed unused variables na_type, kw_type. Renamed variables for more readability.
…ests to use self.assert* instead of test.fail.
Closing this as #55760 adds the functionality to the master branch. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
It adds a new format for defining mine_functions that is equal to the format used for
module.run
.It adds deprecation warnings for the old style format until version
Aluminium
.It adds minion-side ACL when sending items to the mine, or updating the mine, which uses
allow_tgt
andallow_tgt_type
to determine the list of minions that is allowed to retrieve this function from the salt mine. Minions that do not have access get an empty result, just as if the requested function was not present.Also a slight refactor has been performed, cleaning up code in
salt.modules.mine
significantly.What issues does this PR fix or reference?
I have mentioned the minion-side ACL as a possible solution for #45882. Whether or not this will resolve that specific issue is up for debate though :)
#6437
Previous Behavior
All mine functions (and their data) are retrievable by all minions.
New Behavior
Mine functions (and their data) can be made available to targeted minions only.
Tests written?
Yes, plenty. There were none for the salt mine in
salt.modules.mine
to begin with.Commits signed with GPG?
Yes