Default ACL service

Contents

• Default ACL service

  • Setup

  • EAPI methods

    • acl.deploy

    • acl.destroy

    • acl.export

    • acl.format

    • acl.get_config

    • acl.list

    • acl.undeploy

Base authorization service, see Authentication, authorization and accounting for more details.

Setup

Use the template EVA_DIR/share/svc-tpl/svc-tpl-aaa-acl.yml:

# ACL service
command: svc/eva-aaa-acl
bus:
  path: var/bus.ipc
config:
  # forbid authentication if no any valid ACL found
  forbid_empty_acls: false
  # set true to turn on strict ACL formatting - a user/API key won't be
  # authenticated if any of assigned ACLs is missing
  strict_acl_formatting: false
user: nobody

Create the service using eva-shell:

eva svc create eva.aaa.acl /opt/eva4/share/svc-tpl/svc-tpl-aaa-acl.yml

or using the bus CLI client:

cd /opt/eva4
cat DEPLOY.yml | ./bin/yml2mp | \
    ./sbin/bus ./var/bus.ipc rpc call eva.core svc.deploy -

(see eva.core::svc.deploy for more info)

EAPI methods

See EAPI commons for the common information about the bus, types, errors and RPC calls.

acl.deploy

Description	Deploys ACLs
Parameters	required
Returns	nothing

Parameters

Name	Type	Description	Required
acls	Vec<struct>	ACLs (same as got in acl.export)	yes

acl.destroy

Description	Destroy a single ACL
Parameters	required
Returns	nothing

Parameters

Name	Type	Description	Required
i	String	ACL ID	yes

acl.export

Description	Export ACLs as a deployment
Parameters	required
Returns	ACL deployment struct

Parameters

Name	Type	Description	Required
i	String	ACL ID (can be mask)	yes

Return payload example:

{
    "acls": [
        {
            "id": "default",
            "meta": {
                "name": [
                    "default ACL"
                ]
            },
            "read": {
                "items": [
                    "#"
                ]
            },
            "write": {
                "items": [
                    "#"
                ]
            }
        }
    ]
}

acl.format

Description	Prepares/combines ACL(s)
Parameters	required
Returns	ACL, prepared for authorization

Parameters

Name	Type	Description	Required
i	String/Vec<String>	ACL ID or multiple IDs	yes

Return payload example:

{
    "admin": true,
    "from": [
        "admin",
        "default"
    ],
    "id": "admin+default",
    "meta": {
        "name": [
            "default ACL"
        ]
    },
    "read": {
        "items": [
            "#"
        ]
    },
    "write": {
        "items": [
            "#"
        ]
    }
}

acl.get_config

Description	Get configuration of a single ACL
Parameters	required
Returns	ACL configuration

Parameters

Name	Type	Description	Required
i	String	ACL ID	yes

Return payload example:

{
    "id": "default",
    "meta": {
        "name": [
            "default ACL"
        ]
    },
    "read": {
        "items": [
            "#"
        ]
    },
    "write": {
        "items": [
            "#"
        ]
    }
}

acl.list

Description	Get list of ACLs and their properties
Parameters	none
Returns	List of ACLs (struct)

Return payload example:

[
    {
        "admin": true,
        "id": "admin"
    },
    {
        "id": "default",
        "meta": {
            "name": [
                "default ACL"
            ]
        },
        "read": {
            "items": [
                "#"
            ]
        },
        "write": {
            "items": [
                "#"
            ]
        }
    }
]

acl.undeploy

Description	Undeploy ACLs
Parameters	required
Returns	nothing

Parameters

Name	Type	Description	Required
acls	Vec<struct/String>	ACLs or a list of ACL IDs	yes