Merge pull request saltstack#27 from mphillips81/v2018.3.3-ca

new feature: external_auth default config
sbrennan4 · Aug 26, 2019 · c8a54e9 · c8a54e9
2 parents 4c35e7f + 5f5188c
commit c8a54e9
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/salt/auth/__init__.py b/salt/auth/__init__.py
@@ -312,6 +312,11 @@ def authenticate_eauth(self, load):
             log.warning('Authentication failure of type "eauth" occurred.')
             return False
 
+        if load['eauth'] == 'default':
+            log.debug('default is not an eauth provider, it is a default template for providers')
+            log.warning('Authentication failure of type "eauth" occurred.')
+            return False
+
         # Perform the actual authentication. If we fail here, do not
         # continue.
         if not self.time_auth(load):
@@ -396,7 +401,15 @@ def get_auth_list(self, load, token=None):
         else:
             name = self.load_name(load)  # The username we are attempting to auth with
             groups = self.get_groups(load)  # The groups this user belongs to
+
+        default_config = self.opts['external_auth'].get('default', [])
         eauth_config = self.opts['external_auth'][eauth]
+
+        # if a default profile was specified, we must merge into each matcher
+        if default_config and eauth_config:
+            for matcher in eauth_config.keys():
+                eauth_config[matcher] = default_config + eauth_config[matcher]
+
         if not eauth_config:
             log.debug('eauth "%s" configuration is empty', eauth)