Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External Authentication REST module threw can only concatenate list (not "dict") to list #65408

Open
duhow opened this issue Oct 16, 2023 · 6 comments · Fixed by latenighttales/alcali#511
Open

External Authentication REST module threw can only concatenate list (not "dict") to list #65408

duhow opened this issue Oct 16, 2023 · 6 comments · Fixed by latenighttales/alcali#511
Labels
Bug broken, incorrect, or confusing behavior Downstream-Bug info-needed waiting for more info needs-triage Salt-API

Comments

@duhow
Copy link

duhow commented Oct 16, 2023
edited
Loading

Using https://github.com/latenighttales/alcali/releases/tag/v3003.1.0

Attempting to do external_auth via rest, I get the following error:

2023-10-16 15:23:13,083 [salt.auth :149 ][DEBUG ][187] Authentication module threw can only concatenate list (not "dict") to list

salt/salt/auth/rest.py

Line 101 in 8505972

merged_acl = salt_eauth_acl + eauth_rest_acl

Detailed logs:

==> /var/log/salt/api <==
2023-10-16 15:23:13,019 [salt.loaded.int.netapi.rest_cherrypy.app:750 ][INFO    ][46] [api_acl] Authentication not checked for user alcali from IP 10.224.0.4
2023-10-16 15:23:13,211 [salt.channel.client:359 ][DEBUG   ][46] Closing AsyncReqChannel instance
2023-10-16 15:23:13,211 [salt.loaded.int.netapi.rest_cherrypy.app:1916][DEBUG   ][46] Eauth permission list not found.
2023-10-16 15:23:13,212 [cherrypy.access.140465201672880:283 ][INFO    ][46] 10.224.0.4 - - [16/Oct/2023:15:23:13] "POST /login HTTP/1.1" 200 173 "" "Python-urllib/3.7"
2023-10-16 15:23:13,221 [salt.channel.client:359 ][DEBUG   ][46] Closing AsyncReqChannel instance
2023-10-16 15:23:13,222 [cherrypy.access.140465201672880:283 ][INFO    ][46] 10.224.0.4 - - [16/Oct/2023:15:23:13] "GET /events HTTP/1.1" 200 - "" "python-requests/2.24.0"
2023-10-16 15:23:13,222 [salt.utils.event :315 ][DEBUG   ][46] MasterEvent PUB socket URI: /var/run/salt/master/master_event_pub.ipc
2023-10-16 15:23:13,222 [salt.utils.event :316 ][DEBUG   ][46] MasterEvent PULL socket URI: /var/run/salt/master/master_event_pull.ipc
2023-10-16 15:23:13,226 [salt.channel.client:359 ][DEBUG   ][46] Closing AsyncReqChannel instance

==> /var/log/salt/master <==
2023-10-16 15:23:13,021 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'rest' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,021 [salt.utils.lazy  :99  ][DEBUG   ][187] LazyLoaded rest.auth
2023-10-16 15:23:13,022 [salt.config      :2139][DEBUG   ][187] Missing configuration file: /etc/salt/minion
2023-10-16 15:23:13,022 [salt.config      :3627][DEBUG   ][187] Guessing ID. The id can be explicitly set in /etc/salt/minion
2023-10-16 15:23:13,025 [salt.config      :3653][DEBUG   ][187] Found minion id from generate_minion_id(): salt-master-0.salt-master.security.svc.cluster.local
2023-10-16 15:23:13,026 [salt.utils.http  :264 ][DEBUG   ][187] Requesting URL http://salt-alcali:8080/api/token/verify/ using POST method
2023-10-16 15:23:13,026 [salt.utils.http  :265 ][DEBUG   ][187] Using backend: tornado
2023-10-16 15:23:13,069 [salt.utils.http  :684 ][DEBUG   ][187] Response Status Code: 200
2023-10-16 15:23:13,069 [salt.loaded.int.auth.rest:62  ][DEBUG   ][187] eauth REST call returned 200: {'body': '{"alcali":null}', 'status': 200, 'dict': {'alcali': None}}
2023-10-16 15:23:13,069 [salt.loaded.int.auth.rest:83  ][DEBUG   ][187] eauth REST call Ok: {'alcali': None}
2023-10-16 15:23:13,070 [salt.loaded.int.auth.rest:92  ][DEBUG   ][187] acl from salt for user alcali: ['.*', '@runner', '@wheel', '@jobs']
2023-10-16 15:23:13,070 [salt.config      :2139][DEBUG   ][187] Missing configuration file: /etc/salt/minion
2023-10-16 15:23:13,071 [salt.config      :3627][DEBUG   ][187] Guessing ID. The id can be explicitly set in /etc/salt/minion
2023-10-16 15:23:13,074 [salt.config      :3653][DEBUG   ][187] Found minion id from generate_minion_id(): salt-master-0.salt-master.security.svc.cluster.local
2023-10-16 15:23:13,075 [salt.utils.http  :264 ][DEBUG   ][187] Requesting URL http://salt-alcali:8080/api/token/verify/ using POST method
2023-10-16 15:23:13,075 [salt.utils.http  :265 ][DEBUG   ][187] Using backend: tornado
2023-10-16 15:23:13,082 [salt.utils.http  :684 ][DEBUG   ][187] Response Status Code: 200
2023-10-16 15:23:13,083 [salt.loaded.int.auth.rest:62  ][DEBUG   ][187] eauth REST call returned 200: {'body': '{"alcali":null}', 'status': 200, 'dict': {'alcali': None}}
2023-10-16 15:23:13,083 [salt.loaded.int.auth.rest:99  ][DEBUG   ][187] acl from rest for user alcali: {'alcali': None}
2023-10-16 15:23:13,083 [salt.auth        :149 ][DEBUG   ][187] Authentication module threw can only concatenate list (not "dict") to list
2023-10-16 15:23:13,083 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'auto' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,086 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'file' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,087 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'keystone' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,088 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'ldap' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,206 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'pki' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,207 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'sharedsecret' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,208 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'yubico' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,209 [salt.utils.lazy  :102 ][DEBUG   ][187] Could not LazyLoad rest.groups: 'rest.groups' is not available.
2023-10-16 15:23:13,210 [salt.loader.lazy :977 ][DEBUG   ][187] The functions from module 'localfs' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,210 [salt.utils.lazy  :99  ][DEBUG   ][187] LazyLoaded localfs.mk_token
2023-10-16 15:23:13,220 [salt.loader.lazy :977 ][DEBUG   ][196] The functions from module 'localfs' are being loaded by dir() on the loaded module
2023-10-16 15:23:13,220 [salt.utils.lazy  :99  ][DEBUG   ][196] LazyLoaded localfs.get_token
2023-10-16 15:23:42,857 [salt.master      :481 ][DEBUG   ][200] Performing fileserver updates for items with an update interval of 60
2023-10-16 15:23:42,857 [salt.master      :463 ][DEBUG   ][200] Updating roots fileserver cache
2023-10-16 15:23:42,859 [salt.master      :486 ][DEBUG   ][200] Completed fileserver updates for items with an update interval of 60, waiting 60 seconds
@welcome
Copy link

welcome bot commented Oct 16, 2023

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@OrangeDog
Copy link
Contributor

What's your configuration? It looks like you've put a dict instead of a list.

@OrangeDog OrangeDog added Bug broken, incorrect, or confusing behavior info-needed waiting for more info Salt-API needs-triage labels Oct 16, 2023
@duhow
Copy link
Author

duhow commented Oct 17, 2023

Based on alcali source code, they are sending a dict {username: None}.
I understand then that the REST external_auth expects only a list of ACLs allowed? (The None here kinda makes that sense)
Was this behaviour previously changed or skipped?

https://github.com/latenighttales/alcali/blob/v3003.1.0/api/views/alcali.py#L520

Either way, this silent debug (error) seems to be stopping the validation request. May I suggest to wrap it into try-catch and warn the user at least?

@mattLLVW
Copy link
Contributor

@duhow i updated alcali, it should be fine now. Some new setting is needed in the master config:

https://github.com/latenighttales/alcali/pull/507/files#diff-2bd549d7f552587f14de08981d33c22702ba8cb794b3f63f8b07392c1cfcb5deR243

@duhow duhow mentioned this issue Oct 21, 2023
Merged
@duhow
Copy link
Author

duhow commented Oct 21, 2023

Thanks @mattLLVW , but I'm not using the alcali auth module, the issue is with rest.
This should be addressed with latenighttales/alcali#511 .

@duhow
Copy link
Author

duhow commented Oct 21, 2023

@OrangeDog feel free to resolve this issue, or implement any other additional logs (or similar) for the exception.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior Downstream-Bug info-needed waiting for more info needs-triage Salt-API
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix ACL expected response duhow/alcali
3 participants
@OrangeDog @duhow @mattLLVW