Revision 27a8a190 lib/server/rapi.py
b/lib/server/rapi.py | ||
---|---|---|
73 | 73 |
""" |
74 | 74 |
AUTH_REALM = "Ganeti Remote API" |
75 | 75 |
|
76 |
def __init__(self, user_fn, _client_cls=None): |
|
76 |
def __init__(self, user_fn, reqauth, _client_cls=None):
|
|
77 | 77 |
"""Initializes this class. |
78 | 78 |
|
79 | 79 |
@type user_fn: callable |
80 | 80 |
@param user_fn: Function receiving username as string and returning |
81 | 81 |
L{http.auth.PasswordFileUser} or C{None} if user is not found |
82 |
@type reqauth: bool |
|
83 |
@param reqauth: Whether to require authentication |
|
82 | 84 |
|
83 | 85 |
""" |
84 | 86 |
# pylint: disable=W0233 |
... | ... | |
88 | 90 |
self._client_cls = _client_cls |
89 | 91 |
self._resmap = connector.Mapper() |
90 | 92 |
self._user_fn = user_fn |
93 |
self._reqauth = reqauth |
|
91 | 94 |
|
92 | 95 |
@staticmethod |
93 | 96 |
def FormatErrorMessage(values): |
... | ... | |
143 | 146 |
"""Determine whether authentication is required. |
144 | 147 |
|
145 | 148 |
""" |
146 |
return bool(self._GetRequestContext(req).handler_access) |
|
149 |
return self._reqauth or bool(self._GetRequestContext(req).handler_access)
|
|
147 | 150 |
|
148 | 151 |
def Authenticate(self, req, username, password): |
149 | 152 |
"""Checks whether a user can access a resource. |
... | ... | |
324 | 327 |
|
325 | 328 |
users = RapiUsers() |
326 | 329 |
|
327 |
handler = RemoteApiHandler(users.Get) |
|
330 |
handler = RemoteApiHandler(users.Get, options.reqauth)
|
|
328 | 331 |
|
329 | 332 |
# Setup file watcher (it'll be driven by asyncore) |
330 | 333 |
SetupFileWatcher(pathutils.RAPI_USERS_FILE, |
... | ... | |
360 | 363 |
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]", |
361 | 364 |
version="%%prog (ganeti) %s" % |
362 | 365 |
constants.RELEASE_VERSION) |
366 |
parser.add_option("--require-authentication", dest="reqauth", |
|
367 |
default=False, action="store_true", |
|
368 |
help=("Disable anonymous HTTP requests and require" |
|
369 |
" authentication")) |
|
363 | 370 |
|
364 | 371 |
daemon.GenericMain(constants.RAPI, parser, CheckRapi, PrepRapi, ExecRapi, |
365 | 372 |
default_ssl_cert=pathutils.RAPI_CERT_FILE, |
Also available in: Unified diff