-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[master] Add autosign_grains to auth events with action 'pend' #65426
base: master
Are you sure you want to change the base?
[master] Add autosign_grains to auth events with action 'pend' #65426
Conversation
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
What is the timeline for reviewing this PR? Please let me know if there is anything I can do to help or if there is anything missing that I should fix. |
@felippeb: bump! :) |
Programmatic control of what gets autoaccepted is nice!
|
Thanks for commenting my PR, @max-arnold :)
Thanks, I'll remove it.
I'll update the version.
That would make it more flexible and useable for even more use cases, so I think it's a great idea. I originally didn't want to do it like that, since I didn't want to add options for every auth event (auth_events_pend_autosign_grains, auth_events_accept_autosign_grains, and so on). I didn't think of using a list, which looks really elegant! I'll change the code to work for every auth event.
I'll take a look at fixing the documentation, as well :) Thanks again for your time! |
Thanks, @twangboy! Do you want the changes in this PR or should I create a new branch, open a new PR and close this one? My experience is that different project teams have different preferences regarding this :) |
Just make the changes in this branch. You'll need to pull since I rebased this PR. |
ecd9e0c
to
39328e6
Compare
Sorry for the delay, I had some other projects I needed to finish first. I have now rebased with master, and I'm working on implementing the changes you wanted. |
39328e6
to
5e2aa78
Compare
Changes:
Thanks for the help so far! Have a nice weekend! |
Adding autosign_grains for an action is enabled by adding the action to the 'auth_events_autosign_grains' (list) option on the master, which is empty by default. As an example, we could add the following to add autosign_grains to all auth events with action 'pend' (approval pending): auth_events_autosign_grains: ["pend"]
5e2aa78
to
2c6fa20
Compare
Bumped the version added to 3008, and fixed a typo I made in the documentation :) |
Any chance of getting a new review? 😄 |
@twangboy: I hit the wrong button, sorry! |
Any chance of getting this merged soon? 😊 |
@twangboy: bump! :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind looking at the conflict?
@thus if you have time to fix that would be great! |
What does this PR do?
It adds the "autosign_grains" that the minion sends during auth to the auth event that the master sends. This enables us to create a runner to do more cool autosign stuff (more than just shared secrets, which is already supported by autosign_grains).
To enable it, the option
auth_events_pend_autosign_grains
is added. By default it is false. When enabled, it only passes on the "autosign_grains" when the action is pending. This means that it not added any more when a key is accepted, rejected or denied.Example auth event (with autosign grains):
As far as I can see, people has wanted something similar in the past: #37712, #43394, #56189 (all closed issues)
In addition to this, I also fixed so all auth events have the "act" field set (#56200) and moved variables that was only used when auth events were enabled.
What issues does this PR fix or reference?
Fixes: #56200
(not the main goal of the PR, but I had to touch that part of the code anyway)
New Behavior
Add "autosign_grains" to auth events when "act" is "pend".
Merge requirements satisfied?
[NOTICE] Bug fixes or features added to Salt require tests.
Commits signed with GPG?
No
Please review Salt's Contributing Guide for best practices.
See GitHub's page on GPG signing for more information about signing commits with GPG.