salt icon indicating copy to clipboard operation
salt copied to clipboard
verified publisher icon saltstack

[master] rest_cherrypy: accept / force credentials via HTTP header

Open Malte-Wagner opened this issue 1 year ago • 2 comments

The acceptance of HTTP headers opens the possibility to either set or force credentials for a session. A reverse proxy, can handle authentication and inject the custom headers X-Forwarded-User, X-Forwarded-Password and/or X-Forwarded-Eauth. In general, these headers can work in conjunction with the eauth sharedsecret / rest / auto methods to externalize and flexibilize authentication, without raising code complexity for new or niche authentication methods inside salt.

What does this PR do?

This PR enables rest_cherrypy to gather credentials via HTTP headers, that may be set by reverse proxy, to use them for session creation or session checking.

What issues does this PR fix or reference?

https://github.com/saltstack/salt/issues/22046

Previous Behavior

Credentials are only allowed via request body.

New Behavior

Credentials are allowed via request body and http header. Prevalence is http header over request body values.

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

  • [x] Docs
  • [ ] Changelog - https://docs.saltproject.io/en/master/topics/development/changelog.html
  • [ ] Tests written/updated

Commits signed with GPG?

Yes

Please review Salt's Contributing Guide for best practices, including the PR Guidelines.

See GitHub's page on GPG signing for more information about signing commits with GPG.

Malte-Wagner avatar Aug 19 '24 11:08 Malte-Wagner

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

welcome[bot] avatar Aug 19 '24 11:08 welcome[bot]

Hi @dwoz ,

is something still needed for this MR?

Thanks Malte

Malte-Wagner avatar Oct 11 '24 12:10 Malte-Wagner

Thanks - i'll work on that.

Malte-Wagner avatar Feb 01 '25 19:02 Malte-Wagner