... | @@ -45,9 +45,22 @@ The initial version of JetConf will support two types of datastores: |
... | @@ -45,9 +45,22 @@ The initial version of JetConf will support two types of datastores: |
|
However, JetConf implementation must be prepared to integrate other
|
|
However, JetConf implementation must be prepared to integrate other
|
|
types of datastores that may be added in the future.
|
|
types of datastores that may be added in the future.
|
|
|
|
|
|
|
|
Every datastore can have an access control module associated with it.
|
|
|
|
If so, every read/write operation will be verified with this ACM.
|
|
|
|
|
|
## Access Control
|
|
## Access Control
|
|
|
|
|
|
TBD
|
|
The current version of JetConf implements NACM (RFC6536) access control
|
|
|
|
system, which enables to specify fine-grained access permissions to
|
|
|
|
particular data resources. However, some limitations may apply, because
|
|
|
|
NACM does not have official support for RESTCONF yet, i.e. there can
|
|
|
|
be potential problems with HTTP caching etc.
|
|
|
|
|
|
|
|
The NACM data are stored in its own separate datastore. The NACM data can
|
|
|
|
only be edited by privileged users (see JetConf Server Configuration).
|
|
|
|
|
|
|
|
In the future, it is also possible to implement another kinds of ACM,
|
|
|
|
i.e. a simple r/o and r/w user list.
|
|
|
|
|
|
## Dependencies
|
|
## Dependencies
|
|
|
|
|
... | @@ -126,8 +139,22 @@ a minumum set of server configuration parameters: |
... | @@ -126,8 +139,22 @@ a minumum set of server configuration parameters: |
|
|
|
|
|
## Server Loop
|
|
## Server Loop
|
|
|
|
|
|
TBD
|
|
JetConf currently uses HYPER, which is a HTTP/2 protocol implementation
|
|
|
|
for Python 3. The communication is done exclusively over secure TLS
|
|
|
|
connection.
|
|
|
|
|
|
|
|
For user authentication, JetConf uses client certificates issued by custom
|
|
|
|
certification authority. The certificate of this CA needs to be specified
|
|
|
|
in the 'server' section of config file.
|
|
|
|
|
|
|
|
The 'e-mail' field of client certificate serves as the username.
|
|
|
|
|
|
## Python Modules
|
|
## Python Modules
|
|
|
|
|
|
TBD |
|
* rest_server - A module providing the HTTP/2 and user authentication
|
|
|
|
functionality for REST operations.
|
|
|
|
* http_handlers - Handlers connecting HTTP requests to datastore operations
|
|
|
|
* data - Datastore implementation
|
|
|
|
* nacm - Basic NACM implementation
|
|
|
|
* config - Module for reading and parsing the config file
|
|
|
|
* helpers - A few static helper classes shared across modules |