Authentication and Authorization
User
Any user has the following attributes:
- username
- password
- permissions
- list of banned agents
Getting Users Information
In order to print all users, execute the following command:
$ flopsar auth info FLOPSAR_WDIR
In order to print detailed information about a particular user (e.g. user1) execute the command:
$ flopsar auth info --username=user1 FLOPSAR_WDIR
Adding/Deleting Users
In order to add a new user user1, execute the following command:
$ flopsar auth add --username=user1 FLOPSAR_WDIR
In order to delete the user user1 execute the following command:
$ flopsar auth rm --username=user1 FLOPSAR_WDIR
Authentication
Flopsar supports two types of authentication providers: internal (local) and external.
Internal
This is a default authentication system used by Flopsar. All the users information is stored in Manager. The authentication itself is performed internally, i.e. is not delegated to any other external authentication system. This means, that users password are stored encrypted in Manager. In order to change a password for user1 user, you must make use of the following command:
$ flopsar auth mod --username=user1 --password FLOPSAR_WDIR
External
This type delegates the authentication to other, third-party authentication systems. In order to enable it, you need to implement a specific Server plugin and install it on the Manager.
Authorization
No matter which authentication type you choose, the authorization is always performed in the Manager. That means all users must exist in the Manager.
Permissions
The following permissions are available:
| Symbol | Description |
|---|---|
c | User can edit agents configuration. |
p | User can see method parameters. |
o | User can see agents online data. |
q | User can query agents directly. |
In order to set the permissions for the user user1, execute the command:
$ flopsar auth mod --username=user1 --perms=perms_vals FLOPSAR_WDIR
where perms_vals are the permissions symbols prefixed with + or - depending on whether you want to add or revoke the permission. For example, if you want to allow user1 to see methods parameters and agents online data, execute the following command:
$ flopsar auth mod --username=user1 --perms=+po FLOPSAR_WDIR
In order to revoke those permissions, execute the command:
$ flopsar auth mod --username=user1 --perms=-po FLOPSAR_WDIR
Banned Agents
A user can see all data from any agent by default. In order to prevent a user (user1) from seeing particular agents, you need to execute the following command:
$ flopsar auth mod --username=user1 --ban=agents_pattern FLOPSAR_WDIR
where agents_pattern is a regular expression for agents' names. In order to unban some agents, execute the command:
$ flopsar auth mod --username=user1 --unban=agents_pattern FLOPSAR_WDIR