-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] orchestration does not propagate user name #63148
Comments
Same with 3005.1 |
@amalaguti Looking, thanks for the info on 3005.1 also has the issue |
Alright. looking at it and it looks like the issue is that salt.runner is using saltutil.runner to run the runner stuff. and saltutil.runner is somehow stripping user. if i run saltutil.runner directly in salt-call or through salt the user also comes as UNKNOWN. but if i run through salt-run it keeps the user. Looking deeper to see if i can find how to get saltutil.runner to preserve the user. |
Still working on this. the problem runs much deeper than originally thought. user is getting striped in multiple places. by multiple different systems. |
Have a partial solution which has proved workable for some test cases but other test cases still elude us. A WIP PR will be pushed later tonight with the the saltutil.runner work to date |
Have a fix for salt.runner, writing test case to ensure the fix can be tested by CI/CD |
Have the test written for checking user is not UNKNOWN, but currently after review the fix for salt.runner is insufficient, since it reports the user as root (which is running the runner on the master) but the correct solution would be to report the user who instigated the runner being run, for example: 'amalaguti' rather than generic root. Further work to be done on the fix |
PR passing tests, and out for review |
Closed by #64030 |
Description
when a runner is invoked from an orchestration state it does not pass the "user", generating a "user": UNKNOWN.
Here you go a very simple example
Setup
Salt Open, but affecting SSE also due it shows jobs activity by UNKNOWN user, and given it's really hard to distinguish if a job was part of an orchestration it generates some concerns.
Steps to Reproduce the behavior
Run the orch example included here and watch the event bus.
Expected behavior
Pass the user from orchestration to invoked runners.
Screenshots
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: