From a34899f8853835372d94a98635dcddbe9cc1f906 Mon Sep 17 00:00:00 2001 From: Thomas Phipps Date: Thu, 9 Mar 2023 20:41:56 +0000 Subject: [PATCH] porting #63836 to master --- changelog/63835.fixed.md | 1 + salt/netapi/rest_cherrypy/app.py | 8 +++--- .../netapi/rest_cherrypy/conftest.py | 8 ++++-- .../netapi/rest_cherrypy/test_arg_kwarg.py | 1 + .../netapi/rest_cherrypy/test_jobs.py | 1 + .../netapi/rest_cherrypy/test_run.py | 25 +++++++++++++++++++ 6 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 changelog/63835.fixed.md diff --git a/changelog/63835.fixed.md b/changelog/63835.fixed.md new file mode 100644 index 000000000000..78709b4e74dc --- /dev/null +++ b/changelog/63835.fixed.md @@ -0,0 +1 @@ +fix cherrypy 400 error output to be less generic. diff --git a/salt/netapi/rest_cherrypy/app.py b/salt/netapi/rest_cherrypy/app.py index 514a9527fcb5..be4c84d4f2af 100644 --- a/salt/netapi/rest_cherrypy/app.py +++ b/salt/netapi/rest_cherrypy/app.py @@ -863,10 +863,10 @@ def hypermedia_handler(*args, **kwargs): salt.exceptions.AuthorizationError, salt.exceptions.EauthAuthenticationError, salt.exceptions.TokenAuthenticationError, - ): - raise cherrypy.HTTPError(401) - except salt.exceptions.SaltInvocationError: - raise cherrypy.HTTPError(400) + ) as e: + raise cherrypy.HTTPError(401, e.message) + except salt.exceptions.SaltInvocationError as e: + raise cherrypy.HTTPError(400, e.message) except ( salt.exceptions.SaltDaemonNotRunning, salt.exceptions.SaltReqTimeoutError, diff --git a/tests/pytests/integration/netapi/rest_cherrypy/conftest.py b/tests/pytests/integration/netapi/rest_cherrypy/conftest.py index eadb5e1f1307..bc0eb017bce4 100644 --- a/tests/pytests/integration/netapi/rest_cherrypy/conftest.py +++ b/tests/pytests/integration/netapi/rest_cherrypy/conftest.py @@ -8,9 +8,13 @@ @pytest.fixture -def client_config(client_config, netapi_port): +def client_config(client_config, netapi_port, request): client_config["rest_cherrypy"] = {"port": netapi_port, "debug": True} - client_config["netapi_enable_clients"] = ["local", "runner"] + marker = request.node.get_closest_marker("netapi_client_data") + if marker is None: + client_config["netapi_enable_clients"] = [] + else: + client_config["netapi_enable_clients"] = marker.args[0] return client_config diff --git a/tests/pytests/integration/netapi/rest_cherrypy/test_arg_kwarg.py b/tests/pytests/integration/netapi/rest_cherrypy/test_arg_kwarg.py index 4d120f0a5de0..65e12a082d63 100644 --- a/tests/pytests/integration/netapi/rest_cherrypy/test_arg_kwarg.py +++ b/tests/pytests/integration/netapi/rest_cherrypy/test_arg_kwarg.py @@ -6,6 +6,7 @@ @pytest.mark.slow_test +@pytest.mark.netapi_client_data(["local", "runner"]) async def test_accepts_arg_kwarg_keys( http_client, auth_creds, content_type_map, subtests ): diff --git a/tests/pytests/integration/netapi/rest_cherrypy/test_jobs.py b/tests/pytests/integration/netapi/rest_cherrypy/test_jobs.py index 629818145221..c073e04907fd 100644 --- a/tests/pytests/integration/netapi/rest_cherrypy/test_jobs.py +++ b/tests/pytests/integration/netapi/rest_cherrypy/test_jobs.py @@ -4,6 +4,7 @@ @pytest.mark.slow_test +@pytest.mark.netapi_client_data(["local", "runner"]) async def test_all_jobs(http_client, auth_creds, content_type_map): """ test query to /jobs returns job data diff --git a/tests/pytests/integration/netapi/rest_cherrypy/test_run.py b/tests/pytests/integration/netapi/rest_cherrypy/test_run.py index 5e23b55a4743..e012d13c5937 100644 --- a/tests/pytests/integration/netapi/rest_cherrypy/test_run.py +++ b/tests/pytests/integration/netapi/rest_cherrypy/test_run.py @@ -5,6 +5,7 @@ from salt.ext.tornado.httpclient import HTTPError +@pytest.mark.netapi_client_data(["local"]) async def test_run_good_login(http_client, auth_creds): """ Test the run URL with good auth credentials @@ -16,6 +17,24 @@ async def test_run_good_login(http_client, auth_creds): assert response.code == 200 +async def test_run_netapi_client_not_set(http_client, auth_creds): + """ + Test the run URL with good auth credentials + """ + low = {"client": "local", "tgt": "*", "fun": "test.ping", **auth_creds} + body = urllib.parse.urlencode(low) + + response = await http_client.fetch( + "/run", method="POST", body=body, raise_error=False + ) + assert response.code == 400 + assert ( + "Client disabled: 'local'. Add to 'netapi_enable_clients' master config option to enable" + in response.body + ) + + +@pytest.mark.netapi_client_data(["local"]) async def test_run_bad_login(http_client): """ Test the run URL with bad auth credentials @@ -36,6 +55,7 @@ async def test_run_bad_login(http_client): assert exc.value.code == 401 +@pytest.mark.netapi_client_data(["local"]) async def test_run_empty_token(http_client): """ Test the run URL with empty token @@ -51,6 +71,7 @@ async def test_run_empty_token(http_client): assert exc.value.code == 401 +@pytest.mark.netapi_client_data(["local"]) async def test_run_empty_token_upercase(http_client): """ Test the run URL with empty token with upercase characters @@ -66,6 +87,7 @@ async def test_run_empty_token_upercase(http_client): assert exc.value.code == 401 +@pytest.mark.netapi_client_data(["local"]) async def test_run_wrong_token(http_client): """ Test the run URL with incorrect token @@ -81,6 +103,7 @@ async def test_run_wrong_token(http_client): assert exc.value.code == 401 +@pytest.mark.netapi_client_data(["local"]) async def test_run_pathname_token(http_client): """ Test the run URL with path that exists in token @@ -101,6 +124,7 @@ async def test_run_pathname_token(http_client): assert exc.value.code == 401 +@pytest.mark.netapi_client_data(["local"]) async def test_run_pathname_not_exists_token(http_client): """ Test the run URL with path that does not exist in token @@ -122,6 +146,7 @@ async def test_run_pathname_not_exists_token(http_client): @pytest.mark.slow_test +@pytest.mark.netapi_client_data(["local"]) async def test_run_extra_parameters(http_client, auth_creds): """ Test the run URL with good auth credentials