'Can't restrict API access by positional args via external_auth SaltStack
I'm trying to restrict the calling state.apply only for specific SLS files via the pam module.
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- 'path/to/sls'
When I call the API via CherryPy API I get 401.
curl http://sat_master/run -H 'content-type: application/json' \
-d [{"tgt":"target","arg":["path/to/sls"],"kwarg":{"pillar":{"foo1":"bar1","foo2":"bar2"}},"client":"local_async","fun":"state.apply","username":"myuser","password":"<passwrod>","eauth":"pam"}]
What I also tried:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
kwargs:
'.*' : '.*'
If I don't specify args it works:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- state.apply
How do correctly do it?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|