9.1.4.1.2. cobbler.modules.authorization package

9.1.4.1.2.1. Submodules

9.1.4.1.2.2. cobbler.modules.authorization.allowall module

Authorization module that allows everything, which is the default for new Cobbler installs.

cobbler.modules.authorization.allowall.authorize(api_handle, user, resource, arg1=None, arg2=None) int[source]

Validate a user against a resource. NOTE: acls are not enforced as there is no group support in this module

Parameters
  • api_handle – This parameter is not used currently.

  • user – This parameter is not used currently.

  • resource – This parameter is not used currently.

  • arg1 – This parameter is not used currently.

  • arg2 – This parameter is not used currently.

Returns

Always 1

cobbler.modules.authorization.allowall.register() str[source]

The mandatory Cobbler module registration hook.

Returns

Always “authz”

9.1.4.1.2.3. cobbler.modules.authorization.configfile module

Authorization module that allow users listed in /etc/cobbler/users.conf to be permitted to access resources. For instance, when using authz_ldap, you want to use authn_configfile, not authz_allowall, which will most likely NOT do what you want.

cobbler.modules.authorization.configfile.authorize(api_handle, user: str, resource: str, arg1=None, arg2=None) int[source]

Validate a user against a resource. All users in the file are permitted by this module.

Parameters
  • api_handle – This parameter is not used currently.

  • user – The user to authorize.

  • resource – This parameter is not used currently.

  • arg1 – This parameter is not used currently.

  • arg2 – This parameter is not used currently.

Returns

“0” if no authorized, “1” if authorized.

cobbler.modules.authorization.configfile.register() str[source]

The mandatory Cobbler module registration hook.

Returns

Always “authz”.

9.1.4.1.2.4. cobbler.modules.authorization.ownership module

Authorization module that allow users listed in /etc/cobbler/users.conf to be permitted to access resources, with the further restriction that Cobbler objects can be edited to only allow certain users/groups to access those specific objects.

cobbler.modules.authorization.ownership.authorize(api_handle, user: str, resource: str, arg1=None, arg2=None) int[source]

Validate a user against a resource. All users in the file are permitted by this module.

Parameters
  • api_handle – The api to resolve required information.

  • user – The user to authorize to the resource.

  • resource – The resource the user is asking for access. This is something abstract like a remove operation.

  • arg1 – This is normally the name of the specific object in question.

  • arg2 – This parameter is pointless currently. Reserved for future code.

Returns

1 if okay, otherwise 0.

cobbler.modules.authorization.ownership.register() str[source]

The mandatory Cobbler module registration hook.

Returns

Always “authz”

9.1.4.1.2.5. Module contents

This module represents all Cobbler methods of authorization. All present modules may be used through the configuration file modules.conf normally found at /etc/cobbler/.

In the following the specification of an authorization module is given:

  1. The name of the only public method - except the generic register() method - must be authorize

  2. The attributes are - in exactly that order: api_handle, user, resource, arg1, arg2

  3. The api_handle must be the main CobblerAPI instance.

  4. The user and resource attribute must be of type str.

  5. The attributes arg1 and arg2 are reserved for the individual use of your authorization module and may have any type and form your desire.

  6. The method must return an integer in all cases.

  7. The method should return 1 for success and ``0` for an authorization failure.

  8. Additional codes can be defined, however they should be documented in the module description.

  9. The values of additional codes should be positive integers.

  10. Errors should result in the return of -1 and a log message to the standard Python logger obtioned via logging.getLogger().

  11. The return value of register() must be authz.