both examples looks correct.
This causes an authorization failure because Salt's eauth system performs
pattern-matching against the function you are requesting to run and that
check does not match any of the eauth patterns in your config. I think this
error message can be improved although I'm not sure exactly where or how.
I've filled this issue below to collect ideas:
https://github.com/saltstack/salt/issues/21969
On Tuesday, March 17, 2015 at 9:36:12 PM UTC-4, Hober Smith wrote:
hi, when trying this with token authentication the same problem occurs.
you can see that the user authentication is successful when logging in and
that the user has permissions set correctly for the wheel group:
[root@XXX ~]# curl -sSk https://localhost:8888/login -H 'Accept:
application/x-yaml' -d username=XXX -d password=XXX -d eauth=pam
return:
- eauth: pam
expire: 1426685169.392385
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1426641969.392382
token: 742dc72e45cbb0f9e59d37b206b9ab33c5b94721
user: XXX
[root@XXX ~]#
yet when i try to list the keys i get an authentication unauthorized/no
permissions error:
[root@XXX ~]# curl -sSk https://localhost:8888 -H 'Accept:
application/x-yaml' -H 'X-Auth-Token:
742dc72e45cbb0f9e59d37b206b9ab33c5b94721' -d fun=wheel.key.list_all -d
client=wheel
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8"></meta>
<title>401 Unauthorized</title>
<style type="text/css">
#powered_by {
margin-top: 20px;
border-top: 2px solid black;
font-style: italic;
}
#traceback {
color: red;
}
</style>
</head>
<body>
<h2>401 Unauthorized</h2>
<p>No permission -- see authorization schemes</p>
<pre id="traceback">Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line
656, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line
188, in __call__
self.body = self.oldhandler(*args, **kwargs)
File
"/usr/lib/python2.7/site-packages/salt/netapi/rest_cherrypy/app.py", line
390, in hypermedia_handler
raise cherrypy.HTTPError(401)
HTTPError: (401, None)
</pre>
<div id="powered_by">
<span>Powered by <a href="http://www.cherrypy.org">CherryPy
3.2.2</a></span>
</div>
</body>
</html>
does anybody have any suggestions? after spending a whole day on this and
trying everything i can think of besides looking here and at the
documentation there is no clear reason as to why this is occuring. if i
have something set incorrectly in the key request then i should get a
different type of error besides the authorization errorr. i'm currently
using salt salt-2014.7.2-1 on centos 7. any kind of help will be
appreciated. thanks.
--hi, when trying this with token authentication the same problem occurs.
you can see that the user authentication is successful when logging in and
that the user has permissions set correctly for the wheel group:
[root@XXX ~]# curl -sSk https://localhost:8888/login -H 'Accept:
application/x-yaml' -d username=XXX -d password=XXX -d eauth=pam
return:
- eauth: pam
expire: 1426685169.392385
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1426641969.392382
token: 742dc72e45cbb0f9e59d37b206b9ab33c5b94721
user: XXX
[root@XXX ~]#
yet when i try to list the keys i get an authentication unauthorized/no
permissions error:
[root@XXX ~]# curl -sSk https://localhost:8888 -H 'Accept:
application/x-yaml' -H 'X-Auth-Token:
742dc72e45cbb0f9e59d37b206b9ab33c5b94721' -d fun=wheel.key.list_all -d
client=wheel
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8"></meta>
<title>401 Unauthorized</title>
<style type="text/css">
#powered_by {
margin-top: 20px;
border-top: 2px solid black;
font-style: italic;
}
#traceback {
color: red;
}
</style>
</head>
<body>
<h2>401 Unauthorized</h2>
<p>No permission -- see authorization schemes</p>
<pre id="traceback">Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line
656, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line
188, in __call__
self.body = self.oldhandler(*args, **kwargs)
File
"/usr/lib/python2.7/site-packages/salt/netapi/rest_cherrypy/app.py", line
390, in hypermedia_handler
raise cherrypy.HTTPError(401)
HTTPError: (401, None)
</pre>
<div id="powered_by">
<span>Powered by <a href="http://www.cherrypy.org">CherryPy
3.2.2</a></span>
</div>
</body>
</html>
does anybody have any suggestions? after spending a whole day on this and
trying everything i can think of besides looking here and at the
documentation there is no clear reason as to why this is occuring. if i
have something set incorrectly in the key request then i should get a
different type of error besides the authorization errorr. i'm currently
using salt salt-2014.7.2-1 on centos 7. any kind of help will be
appreciated. thanks.
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
