Add more verbose debug messages for auth subsystem

2025-04-17 10:10:20 +00:00 · 2018-04-01 23:25:29 +03:00 · 2018-04-01 23:25:29 +03:00 · b84c4321c4
commit b84c4321c4
parent 60c9490bdc
2 changed files with 8 additions and 1 deletions
--- a/salt/auth/init.py
+++ b/salt/auth/init.py
@ -283,7 +283,7 @@ class LoadAuth(object):
            return False

        if load['eauth'] not in self.opts['external_auth']:
-            # The eauth system is not enabled, fail
+            log.debug('The eauth system "%s" is not enabled', load['eauth'])
            log.warning('Authentication failure of type "eauth" occurred.')
            return False

@ -361,6 +361,7 @@ class LoadAuth(object):
        eauth = token['eauth'] if token else load['eauth']
        if eauth not in self.opts['external_auth']:
            # No matching module is allowed in config
+            log.debug('The eauth system "%s" is not enabled', eauth)
            log.warning('Authorization failure occurred.')
            return None

@ -371,6 +372,9 @@ class LoadAuth(object):
            name = self.load_name(load)  # The username we are attempting to auth with
            groups = self.get_groups(load)  # The groups this user belongs to
        eauth_config = self.opts['external_auth'][eauth]
+        if not eauth_config:
+            log.debug('eauth "%s" configuration is empty', eauth)
+
        if not groups:
            groups = []

@ -690,6 +694,7 @@ class Resolver(object):
        if fstr not in self.auth:
            print(('The specified external authentication system "{0}" is '
                   'not available').format(eauth))
+            print("Available eauth types: {0}".format(", ".join(self.auth.file_mapping.keys())))
            return ret

        args = salt.utils.args.arg_lookup(self.auth[fstr])
--- a/salt/master.py
+++ b/salt/master.py
@ -2046,6 +2046,8 @@ class ClearFuncs(object):

            if not authorized:
                # Authorization error occurred. Do not continue.
+                if auth_type == 'eauth' and not auth_list and 'username' in extra and 'eauth' in extra:
+                    log.debug('Auth configuration for eauth "%s" and user "%s" is empty', extra['eauth'], extra['username'])
                log.warning(err_msg)
                return {'error': {'name': 'AuthorizationError',
                                  'message': 'Authorization error occurred.'}}