Skip to content

Commit

Permalink
Skip extra traversals of minion cache for auth
Browse files Browse the repository at this point in the history
With a large amount of minions and large ACL sets, check_minions starts
to become rather expensive.  The master's publish was already obtaining
this list ( albeit later in execution ), but by moving it up and passing
it to CkMinion's auth_check, it allows CkMinion's validate_tgt to skip a
cache traversal. Related to saltstack#33948
  • Loading branch information
Steve Hajducko committed Sep 17, 2016
1 parent 73ee12e commit 7fb1dba
Showing 1 changed file with 17 additions and 12 deletions.
29 changes: 17 additions & 12 deletions salt/master.py
Original file line number Diff line number Diff line change
Expand Up @@ -1980,6 +1980,14 @@ def publish(self, clear_load):
)
return ''

# Retrieve the minions list
delimiter = clear_load.get('kwargs', {}).get('delimiter', DEFAULT_TARGET_DELIM)
minions = self.ckminions.check_minions(
clear_load['tgt'],
clear_load.get('tgt_type', 'glob'),
delimiter
)

# Check for external auth calls
if extra.get('token', False):
# A token was passed, check it
Expand Down Expand Up @@ -2041,7 +2049,8 @@ def publish(self, clear_load):
clear_load['fun'],
clear_load['arg'],
clear_load['tgt'],
clear_load.get('tgt_type', 'glob'))
clear_load.get('tgt_type', 'glob'),
minions=minions)
if not good:
# Accept find_job so the CLI will function cleanly
if clear_load['fun'] != 'saltutil.find_job':
Expand Down Expand Up @@ -2138,7 +2147,8 @@ def publish(self, clear_load):
clear_load['fun'],
clear_load['arg'],
clear_load['tgt'],
clear_load.get('tgt_type', 'glob')
clear_load.get('tgt_type', 'glob'),
minions=minions
)
if not good:
# Accept find_job so the CLI will function cleanly
Expand Down Expand Up @@ -2170,7 +2180,8 @@ def publish(self, clear_load):
clear_load['fun'],
clear_load['arg'],
clear_load['tgt'],
clear_load.get('tgt_type', 'glob'))
clear_load.get('tgt_type', 'glob'),
minions=minions)
if not good:
# Accept find_job so the CLI will function cleanly
if clear_load['fun'] != 'saltutil.find_job':
Expand Down Expand Up @@ -2215,7 +2226,8 @@ def publish(self, clear_load):
clear_load['fun'],
clear_load['arg'],
clear_load['tgt'],
clear_load.get('tgt_type', 'glob'))
clear_load.get('tgt_type', 'glob'),
minions=minions)
if not good:
# Accept find_job so the CLI will function cleanly
if clear_load['fun'] != 'saltutil.find_job':
Expand All @@ -2235,14 +2247,7 @@ def publish(self, clear_load):
'Authentication failure of type "other" occurred.'
)
return ''
# FIXME Needs additional refactoring
# Retrieve the minions list
delimiter = clear_load.get('kwargs', {}).get('delimiter', DEFAULT_TARGET_DELIM)
minions = self.ckminions.check_minions(
clear_load['tgt'],
clear_load.get('tgt_type', 'glob'),
delimiter
)

# If we order masters (via a syndic), don't short circuit if no minions
# are found
if not self.opts.get('order_masters'):
Expand Down

0 comments on commit 7fb1dba

Please sign in to comment.