无法通过 external_auth SaltStack 限制 API 位置参数的访问
Can't restrict API access by positional args via external_auth SaltStack
我试图通过 pam 模块限制对特定 SLS 文件的调用 state.apply
。
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- 'path/to/sls'
当我通过 CherryPy API 调用 API 时,我得到 401。
curl http://sat_master/run -H 'content-type: application/json' \
-d [{"tgt":"target","arg":["path/to/sls"],"kwarg":{"pillar":{"foo1":"bar1","foo2":"bar2"}},"client":"local_async","fun":"state.apply","username":"myuser","password":"<passwrod>","eauth":"pam"}]
我也试过:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
kwargs:
'.*' : '.*'
如果我不指定 args
它会起作用:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- state.apply
如何正确操作?
args
字段应该是函数对象的字段。 IE。 :
错误:
'*':
- state.apply:
args:
- 'path/to/sls'
相当于JSON
{
"*": [
{
"state.apply": null,
"args": [
"path/to/sls"
]
}
]
}
对:
'*':
- state.apply:
args:
- 'path/to/sls'
相当于JSON
{
"*": [
{
"state.apply": {
"args": [
"path/to/sls"
]
}
}
]
}
我试图通过 pam 模块限制对特定 SLS 文件的调用 state.apply
。
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- 'path/to/sls'
当我通过 CherryPy API 调用 API 时,我得到 401。
curl http://sat_master/run -H 'content-type: application/json' \
-d [{"tgt":"target","arg":["path/to/sls"],"kwarg":{"pillar":{"foo1":"bar1","foo2":"bar2"}},"client":"local_async","fun":"state.apply","username":"myuser","password":"<passwrod>","eauth":"pam"}]
我也试过:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
kwargs:
'.*' : '.*'
如果我不指定 args
它会起作用:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- state.apply
如何正确操作?
args
字段应该是函数对象的字段。 IE。 :
错误:
'*':
- state.apply:
args:
- 'path/to/sls'
相当于JSON
{
"*": [
{
"state.apply": null,
"args": [
"path/to/sls"
]
}
]
}
对:
'*':
- state.apply:
args:
- 'path/to/sls'
相当于JSON
{
"*": [
{
"state.apply": {
"args": [
"path/to/sls"
]
}
}
]
}