fix timeout for salt-api#62188
Conversation
|
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
ScriptAutomate
requested review from
a team and
garethgreenaway
and removed request for
a team and
ScriptAutomate
dwoz
force-pushed
the
fix-salt-api-auth
branch
from
fbef164 to
4e0b86b
Compare
twangboy
left a comment
twangboy
left a comment
There was a problem hiding this comment.
Please add a changelog and a test
| try: | ||
| fcall = salt.utils.args.format_call( | ||
| self.auth[fstr], _load, expected_extra_kws=AUTH_INTERNAL_KEYWORDS | ||
| ) |
There was a problem hiding this comment.
Could you add this to its own Try/Except block with an appropriate debug message?
twangboy
added
needs-testcase
Addresses @twangboy's CHANGES_REQUESTED on PR saltstack#62188. - changelog/62187.fixed.md describes the salt-api hang fix. - test_mk_token_missing_password_returns_empty pins the missing-password /username path: mk_token must return {} instead of raising SaltInvocationError, which previously escaped through the master clear-payload handler and hung salt-api workers for ~3 minutes per bad request. Co-authored-by: carrysauce <carrysauce@users.noreply.github.com>
Addresses @twangboy's CHANGES_REQUESTED on PR saltstack#62188. - changelog/62187.fixed.md describes the salt-api hang fix. - test_mk_token_missing_password_returns_empty pins the missing-password /username path: mk_token must return {} instead of raising SaltInvocationError, which previously escaped through the master clear-payload handler and hung salt-api workers for ~3 minutes per bad request. Co-authored-by: carrysauce <carrysauce@users.noreply.github.com>
Addresses @twangboy's CHANGES_REQUESTED on PR saltstack#62188. - changelog/62187.fixed.md describes the salt-api hang fix. - test_mk_token_missing_password_returns_empty pins the missing-password /username path: mk_token must return {} instead of raising SaltInvocationError, which previously escaped through the master clear-payload handler and hung salt-api workers for ~3 minutes per bad request. Co-authored-by: carrysauce <carrysauce@users.noreply.github.com>
3 participants
What does this PR do?
Move
format_callundertryblock to protect from DDoS from bad requests without password or username fields.What issues does this PR fix or reference?
Fixes: #62187
Merge requirements satisfied?
[NOTICE] Bug fixes or features added to Salt require tests.
Commits signed with GPG?
No
Please review Salt's Contributing Guide for best practices.
See GitHub's page on GPG signing for more information about signing commits with GPG.