bitbake: hashserv: Add user permissions

Adds support for the hashserver to have per-user permissions. User management is done via a new "auth" RPC API where a client can authenticate itself with the server using a randomly generated token. The user can then be given permissions to read, report, manage the database, or manage other users. In addition to explicit user logins, the server supports anonymous users which is what all users start as before they make the "auth" RPC call. Anonymous users can be assigned a set of permissions by the server, making it unnecessary for users to authenticate to use the server. The set of Anonymous permissions defines the default behavior of the server, for example if set to "@read", Anonymous users are unable to report equivalent hashes with authenticating. Similarly, setting the Anonymous permissions to "@none" would require authentication for users to perform any action. User creation and management is entirely manual (although bitbake-hashclient is very useful as a front end). There are many different mechanisms that could be implemented to allow user self-registration (e.g. OAuth, LDAP, etc.), and implementing these is outside the scope of the server. Instead, it is recommended to implement a registration service that validates users against the necessary service, then adds them as a user in the hash equivalence server. (Bitbake rev: 69e5417413ee2414fffaa7dd38057573bac56e35) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Joshua Watt <JPEWhacker@gmail.com> 2023-11-03 08:26:31 -0600
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-09 17:33:03 +0000
commit: 1af725b2eca63fa113cedb6d77eb5c5f1de6e2f0 (patch)
tree: adf200a0b03b8ee1f1a56c55e2ec657dcc7ed04a /bitbake/lib/hashserv/__init__.py
parent: 6e67b000efb89c4e3121fd907a47dc7042c07bed (diff)
download: poky-1af725b2eca63fa113cedb6d77eb5c5f1de6e2f0.tar.gz
1 files changed, 46 insertions, 23 deletions
diff --git a/bitbake/lib/hashserv/__init__.py b/bitbake/lib/hashserv/__init__.py
index 9a8ee4e88b..552a33278f 100644
--- a/bitbake/lib/hashserv/__init__.py
+++ b/bitbake/lib/hashserv/__init__.py
@@ -8,6 +8,7 @@ from contextlib import closing
 import re
 import itertools
 import json
+from collections import namedtuple
 from urllib.parse import urlparse
 UNIX_PREFIX = "unix://"
@@ -18,6 +19,8 @@ ADDR_TYPE_UNIX = 0
 ADDR_TYPE_TCP = 1
 ADDR_TYPE_WS = 2
+User = namedtuple("User", ("username", "permissions"))
 def parse_address(addr):
    if addr.startswith(UNIX_PREFIX):
@@ -43,7 +46,10 @@ def create_server(
    upstream=None,
    read_only=False,
    db_username=None,
-    db_password=None
+    db_password=None,
+    anon_perms=None,
+    admin_username=None,
+    admin_password=None,
 ):
    def sqlite_engine():
        from .sqlite import DatabaseEngine
@@ -62,7 +68,17 @@ def create_server(
    else:
        db_engine = sqlite_engine()
-    s = server.Server(db_engine, upstream=upstream, read_only=read_only)
+    if anon_perms is None:
+        anon_perms = server.DEFAULT_ANON_PERMS
+    s = server.Server(
+        db_engine,
+        upstream=upstream,
+        read_only=read_only,
+        anon_perms=anon_perms,
+        admin_username=admin_username,
+        admin_password=admin_password,
+    )
    (typ, a) = parse_address(addr)
    if typ == ADDR_TYPE_UNIX:
@@ -76,33 +92,40 @@ def create_server(
    return s
-def create_client(addr):
+def create_client(addr, username=None, password=None):
    from . import client
-    c = client.Client()
+    c = client.Client(username, password)
-    (typ, a) = parse_address(addr)
-    if typ == ADDR_TYPE_UNIX:
-        c.connect_unix(*a)
-    elif typ == ADDR_TYPE_WS:
-        c.connect_websocket(*a)
-    else:
-        c.connect_tcp(*a)
-    return c
+    try:
+        (typ, a) = parse_address(addr)
+        if typ == ADDR_TYPE_UNIX:
+            c.connect_unix(*a)
+        elif typ == ADDR_TYPE_WS:
+            c.connect_websocket(*a)
+        else:
+            c.connect_tcp(*a)
+        return c
+    except Exception as e:
+        c.close()
+        raise e
-async def create_async_client(addr):
+async def create_async_client(addr, username=None, password=None):
    from . import client
-    c = client.AsyncClient()
+    c = client.AsyncClient(username, password)
-    (typ, a) = parse_address(addr)
+    try:
-    if typ == ADDR_TYPE_UNIX:
+        (typ, a) = parse_address(addr)
-        await c.connect_unix(*a)
+        if typ == ADDR_TYPE_UNIX:
-    elif typ == ADDR_TYPE_WS:
+            await c.connect_unix(*a)
-        await c.connect_websocket(*a)
+        elif typ == ADDR_TYPE_WS:
-    else:
+            await c.connect_websocket(*a)
-        await c.connect_tcp(*a)
+        else:
+            await c.connect_tcp(*a)
-    return c
+        return c
+    except Exception as e:
+        await c.close()
+        raise e
author	Joshua Watt <JPEWhacker@gmail.com>	2023-11-03 08:26:31 -0600
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-09 17:33:03 +0000
commit	1af725b2eca63fa113cedb6d77eb5c5f1de6e2f0 (patch)
tree	adf200a0b03b8ee1f1a56c55e2ec657dcc7ed04a /bitbake/lib/hashserv/__init__.py
parent	6e67b000efb89c4e3121fd907a47dc7042c07bed (diff)
download	poky-1af725b2eca63fa113cedb6d77eb5c5f1de6e2f0.tar.gz