8.1.4.1.2. cobbler.modules.authorization package
8.1.4.1.2.1. Submodules
8.1.4.1.2.2. cobbler.modules.authorization.allowall module
Authorization module that allows everything, which is the default for new Cobbler installs.
- cobbler.modules.authorization.allowall.authorize(api_handle: CobblerAPI, user: str, resource: str, arg1: Any = None, arg2: Any = None) → int[source]
Validate a user against a resource. NOTE: acls are not enforced as there is no group support in this module
- Parameters
api_handle – This parameter is not used currently.
user – This parameter is not used currently.
resource – This parameter is not used currently.
arg1 – This parameter is not used currently.
arg2 – This parameter is not used currently.
- Returns
Always
1
8.1.4.1.2.3. cobbler.modules.authorization.configfile module
Authorization module that allow users listed in /etc/cobbler/users.conf to be permitted to access resources. For instance, when using authz_ldap, you want to use authn_configfile, not authz_allowall, which will most likely NOT do what you want.
- cobbler.modules.authorization.configfile.authorize(api_handle: CobblerAPI, user: str, resource: str, arg1: Any = None, arg2: Any = None) → int[source]
Validate a user against a resource. All users in the file are permitted by this module.
- Parameters
api_handle – This parameter is not used currently.
user – The user to authorize.
resource – This parameter is not used currently.
arg1 – This parameter is not used currently.
arg2 – This parameter is not used currently.
- Returns
“0” if no authorized, “1” if authorized.
8.1.4.1.2.4. cobbler.modules.authorization.ownership module
Authorization module that allow users listed in /etc/cobbler/users.conf to be permitted to access resources, with the further restriction that Cobbler objects can be edited to only allow certain users/groups to access those specific objects.
- cobbler.modules.authorization.ownership.authorize(api_handle: CobblerAPI, user: str, resource: str, arg1: Optional[str] = None, arg2: Any = None) → int[source]
Validate a user against a resource. All users in the file are permitted by this module.
- Parameters
api_handle – The api to resolve required information.
user – The user to authorize to the resource.
resource – The resource the user is asking for access. This is something abstract like a remove operation.
arg1 – This is normally the name of the specific object in question.
arg2 – This parameter is pointless currently. Reserved for future code.
- Returns
1
if okay, otherwise0
.
8.1.4.1.2.5. Module contents
This module represents all Cobbler methods of authorization. All present modules may be used through the configuration
file modules.conf
normally found at /etc/cobbler/
.
In the following the specification of an authorization module is given:
The name of the only public method - except the generic
register()
method - must beauthorize
The attributes are - in exactly that order:
api_handle
,user
,resource
,arg1
,arg2
The
api_handle
must be the mainCobblerAPI
instance.The
user
andresource
attribute must be of typestr
.The attributes
arg1
andarg2
are reserved for the individual use of your authorization module and may have any type and form your desire.The method must return an integer in all cases.
The method should return
1
for success and0
for an authorization failure.Additional codes can be defined, however they should be documented in the module description.
The values of additional codes should be positive integers.
Errors should result in the return of
-1
and a log message to the standard Python logger obtioned vialogging.getLogger()
.The return value of
register()
must beauthz
.