Mine minion acl master #55760
Mine minion acl master #55760
Conversation
…s.mine) and replaced it by the _mine_get in salt.daemons.masterapi.
…alt.utils.mine. Added minion-side ACL.
…y request a mine function that they do not have access to.
…as well as the minion-side ACL.
Using kwargs is misleading as only the keyword func_args would be extracted from kwargs. Updated function docstring.
…guments in *args.
Altered call_function to accept *args and **kwargs instead of just kwargs with a magic keyword that contained the args. Removed unused continue. Removed unused variables na_type, kw_type. Renamed variables for more readability.
…ests to use self.assert* instead of test.fail.
ghost
requested a review
from 
salt/utils/mine.py
Outdated
| function_kwargs = {} | ||
| minion_acl = {} | ||
| if isinstance(function_definition, dict): | ||
| salt.utils.versions.warn_until( |
There was a problem hiding this comment.
Salt has taken a strict approach when changes might eventually break people's states, which was the case with the new module.run syntax and also this case.
It's ok to support both old and new syntax.
It's not ok to deprecate the old syntax.
Please remove any deprecation information about the old syntax, it won't be dropped, and update(if needed) the code to support both syntaxes.
There was a problem hiding this comment.
Removed deprecation warnings in 4f4c562
doc/topics/mine/index.rst
Outdated
| .. versionchanged:: Sodium | ||
|
|
||
| The format to define mine_functions has been changed to allow the same format | ||
| as used for module.run. The old format (above) will still be supported until |
There was a problem hiding this comment.
The old format will still be supported. Please remove the until.... bit.
There was a problem hiding this comment.
Updated in bfee1c8
| Syntax update | ||
| ------------- | ||
|
|
||
| The syntax for defining salt functions in config or pillar files has changed to |
There was a problem hiding this comment.
Updated in bfee1c8
to indicate the current formats for describing mine_functions will still be supported
|
@github-abcde Can you take a look at the merge conflicts please? |
|
Ok, looks like I forgot to add a few pylint-disable statements. Will do that tomorrow :) |
as these calls are not expected to raise any exceptions anyway. Also rewrite some assert statements to use self.assertEqual, more in line with the testsuite.
|
@dwoz and @github-abcde looks like the versionadded and release notes reference sodium, but it looks like this is in Neon. Should that be updated? |
|
Turns out this was a breaking change, as the arg See the examples here, that use |
Master port of #54100
What does this PR do?
It adds a new format for defining mine_functions that is equal to the format used for
module.run.It adds deprecation warnings for the old style format until version
Aluminium.It adds minion-side ACL when sending items to the mine, or updating the mine, which uses
allow_tgtandallow_tgt_typeto determine the list of minions that is allowed to retrieve this function from the salt mine. Minions that do not have access get an empty result, just as if the requested function was not present.Also a slight refactor has been performed, cleaning up code in
salt.modules.minesignificantly.What issues does this PR fix or reference?
I have mentioned the minion-side ACL as a possible solution for #45882. Whether or not this will resolve that specific issue is up for debate though :)
#6437
Previous Behavior
All mine functions (and their data) are retrievable by all minions.
New Behavior
Mine functions (and their data) can be made available to targeted minions only.
Tests written?
Yes, plenty. There were none for the salt mine in
salt.modules.mineto begin with.Commits signed with GPG?
Yes