Merge pull request #35546 from whiteinge/salt-api-eauth-fail-gracefully

Salt api eauth fail gracefully
2025-04-17 10:10:20 +00:00 · 2016-08-18 16:21:55 +09:00 · 2016-08-18 16:21:55 +09:00 · 70fa2d0901
commit 70fa2d0901
parent 61fec6caa9 eb3574adae
1 changed files with 5 additions and 6 deletions
--- a/salt/netapi/rest_cherrypy/app.py
+++ b/salt/netapi/rest_cherrypy/app.py
@ -1514,7 +1514,7 @@ class Login(LowDataAdapter):
            perms = eauth.get(token['name'], [])
            perms.extend(eauth.get('*', []))

-            if 'groups' in token and token['groups'] is not False:
+            if 'groups' in token and token['groups']:
                user_groups = set(token['groups'])
                eauth_groups = set([i.rstrip('%') for i in eauth.keys() if i.endswith('%')])

@ -1522,13 +1522,12 @@ class Login(LowDataAdapter):
                    perms.extend(eauth['{0}%'.format(group)])

            if not perms:
-                raise ValueError("Eauth permission list not found.")
-        except (AttributeError, IndexError, KeyError, ValueError):
+                logger.debug("Eauth permission list not found.")
+        except Exception:
            logger.debug("Configuration for external_auth malformed for "
                "eauth '{0}', and user '{1}'."
                .format(token.get('eauth'), token.get('name')), exc_info=True)
-            raise cherrypy.HTTPError(500,
-                'Configuration for external_auth could not be read.')
+            perms = None

        return {'return': [{
            'token': cherrypy.session.id,
@ -1536,7 +1535,7 @@ class Login(LowDataAdapter):
            'start': token['start'],
            'user': token['name'],
            'eauth': token['eauth'],
-            'perms': perms,
+            'perms': perms or {},
        }]}