Preserve master credentials on spawning platforms

Prevent spawning platform minions from having to re-authenticate on every job when using multiprocessing=True
dwoz · Aug 9, 2023 · 5d3896b · 5d3896b
1 parent a46d846
commit 5d3896b
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 3 deletions.
diff --git a/changelog/64914.fixed b/changelog/64914.fixed
@@ -0,0 +1,2 @@
+Preserve credentials on spawning platforms, minions no longer re-authenticate
+with every job when using `multiprocessing=True`.
diff --git a/salt/minion.py b/salt/minion.py
@@ -1763,24 +1763,26 @@ def _handle_decoded_payload(self, data):
         # python needs to be able to reconstruct the reference on the other
         # side.
         instance = self
+        creds_map = None
         multiprocessing_enabled = self.opts.get("multiprocessing", True)
         name = "ProcessPayload(jid={})".format(data["jid"])
         if multiprocessing_enabled:
             if salt.utils.platform.spawning_platform():
                 # let python reconstruct the minion on the other side if we're
                 # running on windows
                 instance = None
+                creds_map = salt.crypt.AsyncAuth.creds_map
             with default_signals(signal.SIGINT, signal.SIGTERM):
                 process = SignalHandlingProcess(
                     target=self._target,
                     name=name,
-                    args=(instance, self.opts, data, self.connected),
+                    args=(instance, self.opts, data, self.connected, creds_map),
                 )
                 process.register_after_fork_method(salt.utils.crypt.reinit_crypto)
         else:
             process = threading.Thread(
                 target=self._target,
-                args=(instance, self.opts, data, self.connected),
+                args=(instance, self.opts, data, self.connected, creds_map),
                 name=name,
             )
 
@@ -1804,7 +1806,9 @@ def ctx(self):
         return exitstack
 
     @classmethod
-    def _target(cls, minion_instance, opts, data, connected):
+    def _target(cls, minion_instance, opts, data, connected, creds_map):
+        if creds_map:
+            salt.crypt.AsyncAuth.creds_map = creds_map
         if not minion_instance:
             minion_instance = cls(opts, load_grains=False)
             minion_instance.connected = connected

diff --git a/tests/pytests/integration/minion/test_reauth.py b/tests/pytests/integration/minion/test_reauth.py
@@ -0,0 +1,51 @@
+import time
+import logging
+
+import pytest
+
+def test_reauth(salt_master_factory, event_listener):
+    """
+    Validate non of our platform need to re-authenticate when runing a job with
+    multiprocessing=True.
+    """
+    sls_name = "issue-50221"
+    sls_contents = """
+    custom_test_state:
+      test.configurable_test_state:
+        - name: example
+        - changes: True
+        - result: True
+        - comment: "Nothing has acutally been changed"
+    """
+    events = []
+    def handler(data):
+        events.append(data)
+    event_listener.register_auth_event_handler("test_reauth-master", handler)
+    master = salt_master_factory.salt_master_daemon(
+        "test_reauth-master",
+        overrides={"log_level": "info"},
+    )
+    sls_tempfile = master.state_tree.base.temp_file(
+        "{}.sls".format(sls_name), sls_contents
+    )
+    minion = master.salt_minion_daemon(
+        "test_reauth-minion",
+        overrides={"log_level": "info"},
+    )
+    cli = master.salt_cli()
+    start_time = time.time()
+    with master.started(), minion.started():
+        events = event_listener.get_events(
+            [(master.id, "salt/auth")],
+            after_time=start_time,
+        )
+        assert len(events) == 2
+        proc = cli.run("state.sls", sls_name, minion_tgt="*")
+        assert proc.returncode == 1
+        events = event_listener.get_events(
+            [(master.id, "salt/auth")],
+            after_time=start_time,
+        )
+        assert len(events) == 2
+
+