Authentication and Authorization

User

Any user has the following attributes:

  • username

  • password

  • permissions

  • list of banned agents

Getting Users Information

In order to print all users, execute the following command:

$ flopsar auth info FLOPSAR_WDIR

In order to print detailed information about a particular user (e.g. user1) execute the command:

$ flopsar auth info --username=user1 FLOPSAR_WDIR

Adding/Deleting Users

In order to add a new user user1, execute the following command:

$ flopsar auth add --username=user1 FLOPSAR_WDIR

In order to delete the user user1 execute the following command:

$ flopsar auth rm --username=user1 FLOPSAR_WDIR

Authentication

Flopsar supports two types of authentication providers: internal (local) and external.

Internal

This is a default authentication system used by Flopsar. All the users information is stored in Manager. The authentication itself is performed internally, i.e. is not delegated to any other external authentication system. This means, that users password are stored encrypted in Manager. In order to change a password for user1 user, you must make use of the following command:

$ flopsar auth mod --username=user1 --password FLOPSAR_WDIR

External

This type delegates the authentication to other, third-party authentication systems. In order to enable it, you need to implement a specific Server plugin and install it on the Manager.

Authorization

No matter which authentication type you choose, the authorization is always performed in the Manager. That means all users must exist in the Manager.

Permissions

The following permissions are available:

Symbol

Description

c

User can edit agents configuration.

p

User can see method parameters.

o

User can see agents online data.

q

User can query agents directly.

In order to set the permissions for the user user1, execute the command:

$ flopsar auth mod --username=user1 --perms=perms_vals FLOPSAR_WDIR

where perms_vals are the permissions symbols prefixed with + or - depending on whether you want to add or revoke the permission. For example, if you want to allow user1 to see methods parameters and agents online data, execute the following command:

$ flopsar auth mod --username=user1 --perms=+po FLOPSAR_WDIR

In order to revoke those permissions, execute the command:

$ flopsar auth mod --username=user1 --perms=-po FLOPSAR_WDIR

Banned Agents

A user can see all data from any agent by default. In order to prevent a user (user1) from seeing particular agents, you need to execute the following command:

$ flopsar auth mod --username=user1 --ban=agents_pattern FLOPSAR_WDIR

where agents_pattern is a regular expression for agents' names. In order to unban some agents, execute the command:

$ flopsar auth mod --username=user1 --unban=agents_pattern FLOPSAR_WDIR

Last updated