ironic-inspector/releasenotes/notes/http-basic-auth-fbe1da9669f...

28 lines
1.2 KiB
YAML

---
features:
- |
Enable Basic HTTP authentication middleware.
When the config option ``[DEFAULT]auth_strategy`` is set to ``http_basic``
then non-public API calls require a valid HTTP Basic authentication header
to be set.
The config option ``[DEFAULT]http_basic_auth_user_file`` defaults to
``/etc/ironic-inspector/htpasswd`` and points to a file that supports the
Apache htpasswd syntax[1]. This file is read for every request, so no
service restart is required when changes are made.
The only password digest supported is bcrypt, and the ``bcrypt``
python library is used for password checks since it supports ``$2y$``
prefixed bcrypt passwords as generated by the Apache htpasswd utility.
To try basic authentication, the following can be done:
* Set ``/etc/ironic-inspector/inspector.conf`` ``[DEFAULT]auth_strategy``
to ``http_basic``
* Populate the htpasswd file with entries, for example:
``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd``
* Make basic authenticated HTTP requests, for example:
``curl --user myName:myPassword http://localhost:6385/v1/introspection``
[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html