79878d7f4d
Change-Id: I35b5df4b7e3d519c8b567d5cf0d424aafee68fa9
28 lines
1.2 KiB
YAML
28 lines
1.2 KiB
YAML
---
|
|
features:
|
|
- |
|
|
Enable Basic HTTP authentication middleware.
|
|
|
|
When the config option ``[DEFAULT]auth_strategy`` is set to ``http_basic``
|
|
then non-public API calls require a valid HTTP Basic authentication header
|
|
to be set.
|
|
The config option ``[DEFAULT]http_basic_auth_user_file`` defaults to
|
|
``/etc/ironic-inspector/htpasswd`` and points to a file that supports the
|
|
Apache htpasswd syntax[1]. This file is read for every request, so no
|
|
service restart is required when changes are made.
|
|
|
|
The only password digest supported is bcrypt, and the ``bcrypt``
|
|
python library is used for password checks since it supports ``$2y$``
|
|
prefixed bcrypt passwords as generated by the Apache htpasswd utility.
|
|
|
|
To try basic authentication, the following can be done:
|
|
|
|
* Set ``/etc/ironic-inspector/inspector.conf`` ``[DEFAULT]auth_strategy``
|
|
to ``http_basic``
|
|
* Populate the htpasswd file with entries, for example:
|
|
``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd``
|
|
* Make basic authenticated HTTP requests, for example:
|
|
``curl --user myName:myPassword http://localhost:6385/v1/introspection``
|
|
|
|
[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html
|