salt.auth.django

Provide authentication using Django Web Framework

depends:
  • Django Web Framework

Django authentication depends on the presence of the django framework in the PYTHONPATH, the Django project's settings.py file being in the PYTHONPATH and accessible via the DJANGO_SETTINGS_MODULE environment variable.

Django auth can be defined like any other eauth module:

external_auth:
  django:
    fred:
      - .*
      - '@runner'

This will authenticate Fred via Django and allow him to run any execution module and all runners.

The authorization details can optionally be located inside the Django database. The relevant entry in the models.py file would look like this:

class SaltExternalAuthModel(models.Model):
    user_fk = models.ForeignKey(auth.User)
    minion_matcher = models.CharField()
    minion_fn = models.CharField()

The external_auth clause in the master config would then look like this:

external_auth:
  django:
    ^model: <fully-qualified reference to model class>

When a user attempts to authenticate via Django, Salt will import the package indicated via the keyword ^model. That model must have the fields indicated above, though the model DOES NOT have to be named 'SaltExternalAuthModel'.

salt.auth.django.auth(username, password)

Simple Django auth

salt.auth.django.django_auth_setup()
salt.auth.django.retrieve_auth_entries(u=None)
Parameters:
  • django_auth_class -- Reference to the django model class for auth
  • u -- Username to filter for
Returns:

Dictionary that can be slotted into the __opts__ structure for eauth that designates the user associated ACL

Database records such as:

username minion_or_fn_matcher minion_fn
fred   test.ping
fred server1 network.interfaces
fred server1 raid.list
fred server2 .*
guru .*  
smartadmin server1 .*

Should result in an eauth config such as:

fred:
  - test.ping
  - server1:
      - network.interfaces
      - raid.list
  - server2:
      - .*
guru:
  - .*
smartadmin:
  - server1:
    - .*