MCPcopy
hub / github.com/saltstack/salt / _auth

Method _auth

salt/master.py:3154–3187  ·  view source on GitHub ↗

Authenticate the client. Wraps :meth:`_auth_impl` to record one ``salt.auth.attempts`` increment per call, labelling the result from the wrapped return value.

(self, load, sign_messages=False, version=0)

Source from the content-addressed store, hash-verified

3152 return {"enc": "clear", "load": {"ret": "bad sig algo"}}
3153
3154 def _auth(self, load, sign_messages=False, version=0):
3155 """
3156 Authenticate the client. Wraps :meth:`_auth_impl` to record one
3157 ``salt.auth.attempts`` increment per call, labelling the result
3158 from the wrapped return value.
3159 """
3160 result = "error"
3161 try:
3162 ret = self._auth_impl(load, sign_messages=sign_messages, version=version)
3163 # ``ret`` may be ``{"enc": "clear", "load": {"ret": ...}}`` or a
3164 # ``_clear_signed``-wrapped variant of the same shape. Salt
3165 # encodes outcomes in the inner ``ret`` value: True / a dict =
3166 # success, False = key rejected, "full" = max_minions hit,
3167 # "denied" / "rejected" = explicit reject.
3168 try:
3169 inner = ret.get("load", {}) if isinstance(ret, dict) else {}
3170 if isinstance(inner, dict):
3171 r = inner.get("ret")
3172 if r is True or isinstance(r, dict):
3173 result = "success"
3174 elif r == "full":
3175 result = "max_minions"
3176 elif r in (False, "denied", "rejected"):
3177 result = "rejected"
3178 elif isinstance(r, str):
3179 result = r
3180 except Exception: # pylint: disable=broad-except
3181 pass
3182 return ret
3183 finally:
3184 salt.utils.metrics.counter(
3185 "salt.auth.attempts",
3186 description="Minion authentication attempts.",
3187 ).add(1, attributes={"result": result})
3188
3189 def _auth_impl(self, load, sign_messages=False, version=0):
3190 """

Calls 3

_auth_implMethod · 0.95
getMethod · 0.45
addMethod · 0.45