Merge pull request #63851 from whytewolf/salt-api_errors_master

porting #63836 to master
2025-04-17 10:10:20 +00:00 · 2023-03-10 08:36:03 -08:00 · 2023-03-10 08:36:03 -08:00 · 365aa667e8
commit 365aa667e8
parent ec8ab6d688 a34899f885
6 changed files with 38 additions and 6 deletions
--- a/changelog/63835.fixed.md
+++ b/changelog/63835.fixed.md
@ -0,0 +1 @@
+fix cherrypy 400 error output to be less generic.
--- a/salt/netapi/rest_cherrypy/app.py
+++ b/salt/netapi/rest_cherrypy/app.py
@ -863,10 +863,10 @@ def hypermedia_handler(*args, **kwargs):
        salt.exceptions.AuthorizationError,
        salt.exceptions.EauthAuthenticationError,
        salt.exceptions.TokenAuthenticationError,
-    ):
-        raise cherrypy.HTTPError(401)
-    except salt.exceptions.SaltInvocationError:
-        raise cherrypy.HTTPError(400)
+    ) as e:
+        raise cherrypy.HTTPError(401, e.message)
+    except salt.exceptions.SaltInvocationError as e:
+        raise cherrypy.HTTPError(400, e.message)
    except (
        salt.exceptions.SaltDaemonNotRunning,
        salt.exceptions.SaltReqTimeoutError,
--- a/tests/pytests/integration/netapi/rest_cherrypy/conftest.py
+++ b/tests/pytests/integration/netapi/rest_cherrypy/conftest.py
@ -8,9 +8,13 @@ cherrypy = pytest.importorskip("cherrypy")


@pytest.fixture
-def client_config(client_config, netapi_port):
+def client_config(client_config, netapi_port, request):
    client_config["rest_cherrypy"] = {"port": netapi_port, "debug": True}
-    client_config["netapi_enable_clients"] = ["local", "runner"]
+    marker = request.node.get_closest_marker("netapi_client_data")
+    if marker is None:
+        client_config["netapi_enable_clients"] = []
+    else:
+        client_config["netapi_enable_clients"] = marker.args[0]
    return client_config


--- a/tests/pytests/integration/netapi/rest_cherrypy/test_arg_kwarg.py
+++ b/tests/pytests/integration/netapi/rest_cherrypy/test_arg_kwarg.py
@ -6,6 +6,7 @@ import salt.utils.json


@pytest.mark.slow_test
+@pytest.mark.netapi_client_data(["local", "runner"])
 async def test_accepts_arg_kwarg_keys(
    http_client, auth_creds, content_type_map, subtests
 ):
--- a/tests/pytests/integration/netapi/rest_cherrypy/test_jobs.py
+++ b/tests/pytests/integration/netapi/rest_cherrypy/test_jobs.py
@ -4,6 +4,7 @@ import salt.utils.json


@pytest.mark.slow_test
+@pytest.mark.netapi_client_data(["local", "runner"])
 async def test_all_jobs(http_client, auth_creds, content_type_map):
    """
    test query to /jobs returns job data
--- a/tests/pytests/integration/netapi/rest_cherrypy/test_run.py
+++ b/tests/pytests/integration/netapi/rest_cherrypy/test_run.py
@ -5,6 +5,7 @@ import pytest
 from salt.ext.tornado.httpclient import HTTPError


+@pytest.mark.netapi_client_data(["local"])
 async def test_run_good_login(http_client, auth_creds):
    """
    Test the run URL with good auth credentials
@ -16,6 +17,24 @@ async def test_run_good_login(http_client, auth_creds):
    assert response.code == 200


+async def test_run_netapi_client_not_set(http_client, auth_creds):
+    """
+    Test the run URL with good auth credentials
+    """
+    low = {"client": "local", "tgt": "*", "fun": "test.ping", **auth_creds}
+    body = urllib.parse.urlencode(low)
+
+    response = await http_client.fetch(
+        "/run", method="POST", body=body, raise_error=False
+    )
+    assert response.code == 400
+    assert (
+        "Client disabled: 'local'. Add to 'netapi_enable_clients' master config option to enable"
+        in response.body
+    )
+
+
+@pytest.mark.netapi_client_data(["local"])
 async def test_run_bad_login(http_client):
    """
    Test the run URL with bad auth credentials
@ -36,6 +55,7 @@ async def test_run_bad_login(http_client):
    assert exc.value.code == 401


+@pytest.mark.netapi_client_data(["local"])
 async def test_run_empty_token(http_client):
    """
    Test the run URL with empty token
@ -51,6 +71,7 @@ async def test_run_empty_token(http_client):
    assert exc.value.code == 401


+@pytest.mark.netapi_client_data(["local"])
 async def test_run_empty_token_upercase(http_client):
    """
    Test the run URL with empty token with upercase characters
@ -66,6 +87,7 @@ async def test_run_empty_token_upercase(http_client):
    assert exc.value.code == 401


+@pytest.mark.netapi_client_data(["local"])
 async def test_run_wrong_token(http_client):
    """
    Test the run URL with incorrect token
@ -81,6 +103,7 @@ async def test_run_wrong_token(http_client):
    assert exc.value.code == 401


+@pytest.mark.netapi_client_data(["local"])
 async def test_run_pathname_token(http_client):
    """
    Test the run URL with path that exists in token
@ -101,6 +124,7 @@ async def test_run_pathname_token(http_client):
    assert exc.value.code == 401


+@pytest.mark.netapi_client_data(["local"])
 async def test_run_pathname_not_exists_token(http_client):
    """
    Test the run URL with path that does not exist in token
@ -122,6 +146,7 @@ async def test_run_pathname_not_exists_token(http_client):


@pytest.mark.slow_test
+@pytest.mark.netapi_client_data(["local"])
 async def test_run_extra_parameters(http_client, auth_creds):
    """
    Test the run URL with good auth credentials
				`@ -0,0 +1 @@`
				`fix cherrypy 400 error output to be less generic.`