Skip to content

Include minion ID in rejected authentication warning #68702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AhmadYasser1 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Include minion ID in rejected authentication warning #68702

AhmadYasser1 wants to merge 2 commits into from
+66 −2

Conversation

@AhmadYasser1
Copy link
Contributor

@AhmadYasser1 AhmadYasser1 commented Feb 9, 2026

What does this PR do?

Improves the minimum_auth_version rejection warning in salt/channel/server.py to include the minion ID. This helps administrators identify which minions are using outdated protocol versions and need to be upgraded.

Before this change, the warning only showed the protocol version numbers:

[WARNING] Rejected authentication attempt using protocol version 2 (minimum required: 3)

After this change, the warning includes the minion ID:

[WARNING] Rejected authentication attempt from minion 'my-minion-id' using protocol version 2 (minimum required: 3)

If the payload is encrypted (load is not a dict), the message falls back to 'unknown minion'.

What issues does this PR fix or reference?

Fixes #68671

Previous Behavior

The rejected authentication warning did not include the minion ID, making it difficult for administrators to identify which minion needed upgrading, especially in environments with many minions.

New Behavior

The warning now includes the minion ID extracted from the payload, allowing administrators to quickly identify and upgrade the affected minion.

Merge requirements satisfied?

  • Docs
  • Changelog
  • Tests written/updated

Commits signed with GPG?

No

@AhmadYasser1
Include minion ID in rejected authentication warning
ffa8c40 
When minimum_auth_version rejects a connection attempt, the warning
message now includes the minion ID (extracted from the payload load).
This allows administrators to quickly identify which minions are using
outdated protocol versions and need upgrading.

If the payload load is encrypted (not a dict), the message falls back
to 'unknown minion' to avoid errors.

Fixes saltstack#68671
@AhmadYasser1 AhmadYasser1 requested a review from a team as a code owner February 9, 2026 03:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve warning message for Rejected authentication attempts

1 participant

@AhmadYasser1