ironic-inspector

History

Steve Baker 196c019771 Enable Basic HTTP authentication middleware. When the config option ``auth_strategy`` is set to ``http_basic`` then non-public API calls require a valid HTTP Basic authentication header to be set. The config option ``http_basic_auth_user_file`` defaults to ``/etc/ironic-inspector/htpasswd`` and points to a file which supports the Apache htpasswd syntax[1]. This file is read for every request, so no service restart is required when changes are made. The only password digest supported is bcrypt, and the ``bcrypt`` python library is used for password checks since it supports ``$2y$`` prefixed bcrypt passwords as generated by the Apache htpasswd utility. To try basic authentication, the following can be done: * Set ``/etc/ironic-inspector/inspector.conf`` ``DEFAULT`` ``auth_strategy`` to ``http_basic`` * Populate the htpasswd file with entries, for example: ``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd`` * Make basic authenticated HTTP requests, for example: ``curl --user myName:myPassword http://localhost:6385/v1/introspection`` [1] https://httpd.apache.org/docs/current/misc/password_encryptions.html Change-Id: If50dfbfc18445ad9fe27e17cb0ee1b317ff25a0b Depends-On: https://review.opendev.org/729070 Story: 2007656 Task: 39826	2020-06-05 01:28:40 +12:00
..
notes	Enable Basic HTTP authentication middleware.	2020-06-05 01:28:40 +12:00
source	Switch to newer openstackdocstheme and reno versions	2020-05-20 10:59:56 +02:00

Steve Baker 196c019771 Enable Basic HTTP authentication middleware.

When the config option ``auth_strategy`` is set to ``http_basic`` then
non-public API calls require a valid HTTP Basic authentication header to be
set. The config option ``http_basic_auth_user_file`` defaults to
``/etc/ironic-inspector/htpasswd`` and points to a file which supports the
Apache htpasswd syntax[1]. This file is read for every request, so no
service restart is required when changes are made.

The only password digest supported is bcrypt, and the ``bcrypt``
python library is used for password checks since it supports ``$2y$``
prefixed bcrypt passwords as generated by the Apache htpasswd utility.

To try basic authentication, the following can be done:

* Set ``/etc/ironic-inspector/inspector.conf`` ``DEFAULT`` ``auth_strategy``
  to ``http_basic``
* Populate the htpasswd file with entries, for example:
  ``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd``
* Make basic authenticated HTTP requests, for example:
  ``curl --user myName:myPassword http://localhost:6385/v1/introspection``

[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html

Change-Id: If50dfbfc18445ad9fe27e17cb0ee1b317ff25a0b
Depends-On: https://review.opendev.org/729070
Story: 2007656
Task: 39826

2020-06-05 01:28:40 +12:00

notes

Enable Basic HTTP authentication middleware.

2020-06-05 01:28:40 +12:00

source

Switch to newer openstackdocstheme and reno versions

2020-05-20 10:59:56 +02:00