27 lines
1.2 KiB
YAML
27 lines
1.2 KiB
YAML
---
|
|
features:
|
|
- |
|
|
Enable Basic HTTP authentication middleware.
|
|
|
|
When the config option ``auth_strategy`` is set to ``http_basic`` then
|
|
non-public API calls require a valid HTTP Basic authentication header to be
|
|
set. The config option ``http_basic_auth_user_file`` defaults to
|
|
``/etc/ironic-inspector/htpasswd`` and points to a file which supports the
|
|
Apache htpasswd syntax[1]. This file is read for every request, so no
|
|
service restart is required when changes are made.
|
|
|
|
The only password digest supported is bcrypt, and the ``bcrypt``
|
|
python library is used for password checks since it supports ``$2y$``
|
|
prefixed bcrypt passwords as generated by the Apache htpasswd utility.
|
|
|
|
To try basic authentication, the following can be done:
|
|
|
|
* Set ``/etc/ironic-inspector/inspector.conf`` ``DEFAULT`` ``auth_strategy``
|
|
to ``http_basic``
|
|
* Populate the htpasswd file with entries, for example:
|
|
``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd``
|
|
* Make basic authenticated HTTP requests, for example:
|
|
``curl --user myName:myPassword http://localhost:6385/v1/introspection``
|
|
|
|
[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html
|