Fix loop over cache in auth checking!

2025-04-17 10:10:20 +00:00 · 2016-06-10 16:25:04 -06:00 · 2016-06-10 16:25:04 -06:00 · 5f696082e3
commit 5f696082e3
parent 180c312715
1 changed files with 7 additions and 4 deletions
--- a/salt/utils/minions.py
+++ b/salt/utils/minions.py
@ -654,13 +654,14 @@ class CkMinions(object):

        return set(self.check_minions(v_expr, v_matcher))

-    def validate_tgt(self, valid, expr, expr_form):
+    def validate_tgt(self, valid, expr, expr_form, minions=None):
        '''
        Return a Bool. This function returns if the expression sent in is
        within the scope of the valid expression
        '''
        v_minions = self._expand_matching(valid)
-        minions = set(self.check_minions(expr, expr_form))
+        if minions is None:
+            minions = set(self.check_minions(expr, expr_form))
        d_bool = not bool(minions.difference(v_minions))
        if len(v_minions) == len(minions) and d_bool:
            return True
@ -818,7 +819,8 @@ class CkMinions(object):
                   tgt,
                   tgt_type='glob',
                   groups=None,
-                   publish_validate=False):
+                   publish_validate=False,
+                   minions=None):
        '''
        Returns a bool which defines if the requested function is authorized.
        Used to evaluate the standard structure under external master
@ -860,7 +862,8 @@ class CkMinions(object):
                        if self.validate_tgt(
                            valid,
                            tgt,
-                            tgt_type):
+                            tgt_type,
+                            minions=minions):
                            # Minions are allowed, verify function in allowed list
                            if isinstance(ind[valid], six.string_types):
                                if self.match_check(ind[valid], fun):