add pillar_safe_render_error config

allow a salt admin to config if the detailed render error of pillars can be passed to the minion.
2025-04-17 10:10:20 +00:00 · 2015-03-03 20:53:36 -05:00 · 2015-03-03 20:53:36 -05:00 · ad869c74b1
commit ad869c74b1
parent 17a76a8e86
4 changed files with 34 additions and 2 deletions
--- a/conf/master
+++ b/conf/master
@ -526,6 +526,12 @@
 # master config file that can then be used on minions.
 #pillar_opts: False

+# The pillar_safe_render_error option prevents the master from passing piller 
+# render errors to the minion. This is set on by default because the error could
+# contain templating data which would give that minion information it shouldn't
+# have, like a password! When set true the error message will only show:
+#   Rendering SLS 'my.sls' failed. Please see master log for details.
+#pillar_safe_render_error: True

 #####          Syndic settings       #####
 ##########################################
--- a/doc/topics/pillar/index.rst
+++ b/doc/topics/pillar/index.rst
@ -374,4 +374,25 @@ to ``False``:

 .. code-block:: yaml

-    pillar_opts: False
+    pillar_opts: False
+
+
+Master Provided Pillar Error
+============================
+
+By default if there is an error rendering a pillar, the detailed error is
+hidden and replaced with:
+
+.. code-block:: bash
+
+    Rendering SLS 'my.sls' failed. Please see master log for details.
+
+The error is protected because it's possible to contain templating data
+which would give that minion information it shouldn't know, like a password!
+
+To have the master provide the detailed error that could potentially carry
+protected data set ``pillar_safe_render_error`` to ``False``:
+
+.. code-block:: yaml
+
+    pillar_safe_render_error: True
--- a/salt/config.py
+++ b/salt/config.py
@ -190,6 +190,7 @@ VALID_OPTS = {
    'ext_pillar': list,
    'pillar_version': int,
    'pillar_opts': bool,
+    'pillar_safe_render_error': bool,
    'pillar_source_merging_strategy': str,
    'ping_on_rotate': bool,
    'peer': dict,
@ -493,6 +494,7 @@ DEFAULT_MASTER_OPTS = {
    'ext_pillar': [],
    'pillar_version': 2,
    'pillar_opts': False,
+    'pillar_safe_render_error': True,
    'pillar_source_merging_strategy': 'smart',
    'ping_on_rotate': False,
    'peer': {},
--- a/salt/pillar/init.py
+++ b/salt/pillar/init.py
@ -387,7 +387,10 @@ class Pillar(object):
                sls, exc
            )
            log.critical(msg)
-            errors.append('Rendering SLS \'{0}\' failed. Please see master log for details.'.format(sls))
+            if self.opts.get('pillar_safe_render_error', True):
+                errors.append('Rendering SLS \'{0}\' failed. Please see master log for details.'.format(sls))
+            else:
+                errors.append(msg)
        mods.add(sls)
        nstate = None
        if state: