Provide authentication using Django Web Framework
depends: |
|
---|
Django authentication depends on the presence of the django framework in the
PYTHONPATH
, the Django project's settings.py
file being in the
PYTHONPATH
and accessible via the DJANGO_SETTINGS_MODULE
environment
variable.
Django auth can be defined like any other eauth module:
external_auth:
django:
fred:
- .*
- '@runner'
This will authenticate Fred via Django and allow him to run any execution module and all runners.
The authorization details can optionally be located inside the Django database.
The relevant entry in the models.py
file would look like this:
class SaltExternalAuthModel(models.Model):
user_fk = models.ForeignKey(auth.User)
minion_matcher = models.CharField()
minion_fn = models.CharField()
The external_auth
clause in the master config would then look
like this:
external_auth:
django:
^model: <fully-qualified reference to model class>
When a user attempts to authenticate via Django, Salt will import the package
indicated via the keyword ^model
. That model must have the fields
indicated above, though the model DOES NOT have to be named
'SaltExternalAuthModel'.
salt.auth.django.
auth
(username, password)¶Simple Django auth
salt.auth.django.
django_auth_setup
()¶Prepare the connection to the Django authentication framework
salt.auth.django.
retrieve_auth_entries
(u=None)¶Parameters: | u -- Username to filter for |
---|---|
Returns: | Dictionary that can be slotted into the __opts__ structure for
eauth that designates the user associated ACL |
Database records such as:
username | minion_or_fn_matcher | minion_fn |
---|---|---|
fred | test.ping | |
fred | server1 | network.interfaces |
fred | server1 | raid.list |
fred | server2 | .* |
guru | .* | |
smartadmin | server1 | .* |
Should result in an eauth config such as:
fred:
- test.ping
- server1:
- network.interfaces
- raid.list
- server2:
- .*
guru:
- .*
smartadmin:
- server1:
- .*