Authenticate the client. Wraps :meth:`_auth_impl` to record one ``salt.auth.attempts`` increment per call, labelling the result from the wrapped return value.
(self, load, sign_messages=False, version=0)
| 3152 | return {"enc": "clear", "load": {"ret": "bad sig algo"}} |
| 3153 | |
| 3154 | def _auth(self, load, sign_messages=False, version=0): |
| 3155 | """ |
| 3156 | Authenticate the client. Wraps :meth:`_auth_impl` to record one |
| 3157 | ``salt.auth.attempts`` increment per call, labelling the result |
| 3158 | from the wrapped return value. |
| 3159 | """ |
| 3160 | result = "error" |
| 3161 | try: |
| 3162 | ret = self._auth_impl(load, sign_messages=sign_messages, version=version) |
| 3163 | # ``ret`` may be ``{"enc": "clear", "load": {"ret": ...}}`` or a |
| 3164 | # ``_clear_signed``-wrapped variant of the same shape. Salt |
| 3165 | # encodes outcomes in the inner ``ret`` value: True / a dict = |
| 3166 | # success, False = key rejected, "full" = max_minions hit, |
| 3167 | # "denied" / "rejected" = explicit reject. |
| 3168 | try: |
| 3169 | inner = ret.get("load", {}) if isinstance(ret, dict) else {} |
| 3170 | if isinstance(inner, dict): |
| 3171 | r = inner.get("ret") |
| 3172 | if r is True or isinstance(r, dict): |
| 3173 | result = "success" |
| 3174 | elif r == "full": |
| 3175 | result = "max_minions" |
| 3176 | elif r in (False, "denied", "rejected"): |
| 3177 | result = "rejected" |
| 3178 | elif isinstance(r, str): |
| 3179 | result = r |
| 3180 | except Exception: # pylint: disable=broad-except |
| 3181 | pass |
| 3182 | return ret |
| 3183 | finally: |
| 3184 | salt.utils.metrics.counter( |
| 3185 | "salt.auth.attempts", |
| 3186 | description="Minion authentication attempts.", |
| 3187 | ).add(1, attributes={"result": result}) |
| 3188 | |
| 3189 | def _auth_impl(self, load, sign_messages=False, version=0): |
| 3190 | """ |