tt daemon auth

[unera]

The module

• reads tarantool.yaml
• section tvisord.auth contains
  • method (default - basic)
  • database (default - 'tvisord/htpasswd')

Commands

$ tt tvisordauth --method
basic

$ tt tvisordauth --check "basic dXNlcjpwYXNzd29yZA=="
ok

If authorisation is not configured, then --method returns disabled, --check returns ok for every request.

[LeonidVas]

Seems like this task should be in https://github.com/tarantool/tvisor .

[Totktonada]

@LeonidVas I would like to see a developer side decomposition.

[LeonidVas]

Blocked by https://github.com/tarantool/tt/issues/10

In the first stage, I propose to add authentication based on the following points:

• authentication is considered per env
• only "basic access authentication" is implemented
• necessary to track changes in the tarantool.yaml configuration to update credentials if they are changed in tarantool.yaml

[LeonidVas]

Yet several comments:

• credentials of env are stored in the htpasswd files (see https://github.com/tarantool/tt/issues/23#issue-1014294532) near tarantool.yaml or in the location specified in tarantool.yaml
• tt daemon configcheck command is used to check the configuration
• tt daemon reload (by SIGHUP signal) command is used to update the current daemon configuration
• If auth is not configured, an error 511 will be returned when trying to communicate with this env.

[LeonidVas]

The link that may (or may not) be useful: https://gist.github.com/Mons/6796d146cb2549e1b7108b923e589653