devpi-server 可以用来创建组吗?
Can devpi-server be used to create groups?
Devpi 的 --restrict-modify 参数文档指定除了指定用户的访问权限外,还可以修改组的访问权限:
specify which users/groups may create other users and their indices. Multiple users and groups are separated by commas. Groups need to be prefixed with a colon like this: ':group'. [...]
虽然没有关于如何实际创建一个组的文档;这是否直接与主机上可用的 Unix 组集成?
devpi服务器本身不做任何组管理。相反,它将它委托给 auth 插件。看看 devpiserver_auth_user hookspec:
return dict containing authentication validation results.
A dict must be returned with a key "status" with one of the following values:
- "ok" - authentication succeeded
- "unknown" - no matching user, other plugins are tried
- "reject" - invalid password, authentication stops
Optionally the plugin can return a list of group names the user is member of using the "groups" key of the result dict.
AFAIK 目前只有插件使用群组:devpi-ldap, check out its code for usage example。
至于绑定unix组的访问权限,你自己写一个这样的auth plugin就可以了。这是一个不做任何真实身份验证的插件的愚蠢示例,只返回请求访问的用户所属的 unix 组:
# myplugin.py
import grp
from pluggy import HookimplMarker
@hookimpl(tryfirst=True)
def devpiserver_auth_user(userdict, username, password):
# get all groups for the user
groups = [group.gr_name for group in grp.getgrall() if username in group.gr_mem]
return {'status': 'ok', 'groups': groups}
现在在插件的安装脚本中添加 devpi 的入口点,您就可以开始了:
from setuptools import setup
setup(
name='devpi-unix-group-auth',
py_modules=['myplugin'],
entry_points={
'console_scripts': {
'devpi_server': ['devpi-unix-group-auth = myplugin']
},
...
)
Devpi 的 --restrict-modify 参数文档指定除了指定用户的访问权限外,还可以修改组的访问权限:
specify which users/groups may create other users and their indices. Multiple users and groups are separated by commas. Groups need to be prefixed with a colon like this: ':group'. [...]
虽然没有关于如何实际创建一个组的文档;这是否直接与主机上可用的 Unix 组集成?
devpi服务器本身不做任何组管理。相反,它将它委托给 auth 插件。看看 devpiserver_auth_user hookspec:
return dict containing authentication validation results. A dict must be returned with a key "status" with one of the following values:
- "ok" - authentication succeeded
- "unknown" - no matching user, other plugins are tried
- "reject" - invalid password, authentication stops
Optionally the plugin can return a list of group names the user is member of using the "groups" key of the result dict.
AFAIK 目前只有插件使用群组:devpi-ldap, check out its code for usage example。
至于绑定unix组的访问权限,你自己写一个这样的auth plugin就可以了。这是一个不做任何真实身份验证的插件的愚蠢示例,只返回请求访问的用户所属的 unix 组:
# myplugin.py
import grp
from pluggy import HookimplMarker
@hookimpl(tryfirst=True)
def devpiserver_auth_user(userdict, username, password):
# get all groups for the user
groups = [group.gr_name for group in grp.getgrall() if username in group.gr_mem]
return {'status': 'ok', 'groups': groups}
现在在插件的安装脚本中添加 devpi 的入口点,您就可以开始了:
from setuptools import setup
setup(
name='devpi-unix-group-auth',
py_modules=['myplugin'],
entry_points={
'console_scripts': {
'devpi_server': ['devpi-unix-group-auth = myplugin']
},
...
)