I'm trying to restrict the calling state.apply only for specific SLS files via the pam module.
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- 'path/to/sls'
When I call the API via CherryPy API I get 401.
curl http://sat_master/run -H 'content-type: application/json' \
-d [{"tgt":"target","arg":["path/to/sls"],"kwarg":{"pillar":{"foo1":"bar1","foo2":"bar2"}},"client":"local_async","fun":"state.apply","username":"myuser","password":"<passwrod>","eauth":"pam"}]
What I also tried:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- 'state.apply':
args:
- '.*'
kwargs:
'.*' : '.*'
If I don't specify args it works:
external_auth:
pam:
myuser:
- '@runner':
- jobs.list_job
- '*':
- test.ping
- state.apply
How do correctly do it?
The args field should be the field of the function object. I.e. :
Wrong:
'*':
- state.apply:
args:
- 'path/to/sls'
The JSON equivalent
{
"*": [
{
"state.apply": null,
"args": [
"path/to/sls"
]
}
]
}
Right:
'*':
- state.apply:
args:
- 'path/to/sls'
The JSON equivalent
{
"*": [
{
"state.apply": {
"args": [
"path/to/sls"
]
}
}
]
}