Revision 27a8a190 lib/server/rapi.py

b/lib/server/rapi.py
73 73 
  """
74 74 
  AUTH_REALM = "Ganeti Remote API"
75 75 

  		





  76
  
  
    
  def __init__(self, user_fn, _client_cls=None):


  		





  
  76
  
    
  def __init__(self, user_fn, reqauth, _client_cls=None):


  		





  77
  77
  
    
    """Initializes this class.


  		





  78
  78
  
    

  		





  79
  79
  
    
    @type user_fn: callable


  		





  80
  80
  
    
    @param user_fn: Function receiving username as string and returning


  		





  81
  81
  
    
      L{http.auth.PasswordFileUser} or C{None} if user is not found


  		





  
  82
  
    
    @type reqauth: bool


  		





  
  83
  
    
    @param reqauth: Whether to require authentication


  		





  82
  84
  
    

  		





  83
  85
  
    
    """


  		





  84
  86
  
    
    # pylint: disable=W0233


  		





  ......




  88
  90
  
    
    self._client_cls = _client_cls


  		





  89
  91
  
    
    self._resmap = connector.Mapper()


  		





  90
  92
  
    
    self._user_fn = user_fn


  		





  
  93
  
    
    self._reqauth = reqauth


  		





  91
  94
  
    

  		





  92
  95
  
    
  @staticmethod


  		





  93
  96
  
    
  def FormatErrorMessage(values):


  		





  ......




  143
  146
  
    
    """Determine whether authentication is required.


  		





  144
  147
  
    

  		





  145
  148
  
    
    """


  		





  146
  
  
    
    return bool(self._GetRequestContext(req).handler_access)


  		





  
  149
  
    
    return self._reqauth or bool(self._GetRequestContext(req).handler_access)


  		





  147
  150
  
    

  		





  148
  151
  
    
  def Authenticate(self, req, username, password):


  		





  149
  152
  
    
    """Checks whether a user can access a resource.


  		





  ......




  324
  327
  
    

  		





  325
  328
  
    
  users = RapiUsers()


  		





  326
  329
  
    

  		





  327
  
  
    
  handler = RemoteApiHandler(users.Get)


  		





  
  330
  
    
  handler = RemoteApiHandler(users.Get, options.reqauth)


  		





  328
  331
  
    

  		





  329
  332
  
    
  # Setup file watcher (it'll be driven by asyncore)


  		





  330
  333
  
    
  SetupFileWatcher(pathutils.RAPI_USERS_FILE,


  		





  ......




  360
  363
  
    
                                 usage="%prog [-f] [-d] [-p port] [-b ADDRESS]",


  		





  361
  364
  
    
                                 version="%%prog (ganeti) %s" %


  		





  362
  365
  
    
                                 constants.RELEASE_VERSION)


  		





  
  366
  
    
  parser.add_option("--require-authentication", dest="reqauth",


  		





  
  367
  
    
                    default=False, action="store_true",


  		





  
  368
  
    
                    help=("Disable anonymous HTTP requests and require"


  		





  
  369
  
    
                          " authentication"))


  		





  363
  370
  
    

  		





  364
  371
  
    
  daemon.GenericMain(constants.RAPI, parser, CheckRapi, PrepRapi, ExecRapi,


  		





  365
  372
  
    
                     default_ssl_cert=pathutils.RAPI_CERT_FILE,


  		












Also available in:
  Unified diff