Commit a2e60f14 authored by René Nussbaumer's avatar René Nussbaumer

Update the authentication mapping in RAPI if users file has been updated

Please note: This only works if the file existed upon startup. If the file was
created later, ganeti-rapi has to be restarted.
Signed-off-by: default avatarRené Nussbaumer <rn@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
parent a68fe106
...@@ -32,6 +32,12 @@ import sys ...@@ -32,6 +32,12 @@ import sys
import os import os
import os.path import os.path
try:
from pyinotify import pyinotify # pylint: disable-msg=E0611
except ImportError:
import pyinotify
from ganeti import asyncnotifier
from ganeti import constants from ganeti import constants
from ganeti import http from ganeti import http
from ganeti import daemon from ganeti import daemon
...@@ -89,10 +95,37 @@ class RemoteApiHttpServer(http.auth.HttpServerRequestAuthentication, ...@@ -89,10 +95,37 @@ class RemoteApiHttpServer(http.auth.HttpServerRequestAuthentication,
# Load password file # Load password file
if os.path.isfile(constants.RAPI_USERS_FILE): if os.path.isfile(constants.RAPI_USERS_FILE):
self._users = http.auth.ReadPasswordFile(constants.RAPI_USERS_FILE) wm = pyinotify.WatchManager()
hdl = asyncnotifier.SingleFileEventHandler(wm, self._OnUsersFileUpdate,
constants.RAPI_USERS_FILE)
self._users_inotify_handler = hdl
asyncnotifier.AsyncNotifier(wm, default_proc_fun=hdl)
self._users = None
self._OnUsersFileUpdate(False)
else: else:
self._users = None self._users = None
def _OnUsersFileUpdate(self, notifier_enabled):
"""Called upon update of the RAPI users file by pyinotify.
@type notifier_enabled: boolean
@param notifier_enabled: whether the notifier is still enabled
"""
logging.info("Reloading modified %s", constants.RAPI_USERS_FILE)
try:
users = http.auth.ReadPasswordFile(constants.RAPI_USERS_FILE)
self._users = users
except Exception, err: # pylint: disable-msg=W0703
# We don't care about the type of exception
logging.error("Error while reading %s: %s", constants.RAPI_USERS_FILE,
err)
# Renable the watch again if we'd an atomic update of the file (e.g. mv)
if not notifier_enabled:
self._users_inotify_handler.enable()
def _GetRequestContext(self, req): def _GetRequestContext(self, req):
"""Returns the context for a request. """Returns the context for a request.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment