... | ... | @@ -151,37 +151,37 @@ a minumum set of server configuration parameters: |
|
|
|
|
|
1. The client opens a secure TLS connection.
|
|
|
|
|
|
1. The client is authenticated via a client certificate. The
|
|
|
2. The client is authenticated via a client certificate. The
|
|
|
certificate of the CA that issued the client certificate needs to
|
|
|
be specified in the configuration file. The *e-mail* field obtained
|
|
|
from the client certificate is henceforth used as the user name,
|
|
|
in particular for access control. If the client cannot be
|
|
|
authenicated, `401 Unauthorized` is sent, and the connection
|
|
|
terminated.
|
|
|
authenicated, for example because his certificate has expired or
|
|
|
because it was not issued by correct CA, the connection is terminated.
|
|
|
|
|
|
1. The NACM data is queried to determine which groups the user is a
|
|
|
member of.
|
|
|
|
|
|
1. The server waits for an incoming client request.
|
|
|
3. The server waits for an incoming client request.
|
|
|
|
|
|
1. A received request is parsed and handed over to the appropriate
|
|
|
4. A received request is parsed and handed over to the appropriate
|
|
|
component. If the media type specified is not supported (in
|
|
|
particular, is not `+json`), `415 Unsupported Media Type` is sent,
|
|
|
If the message is otherwise invalid, `400 Bad Request` is sent.
|
|
|
|
|
|
1. Depending on the type of the request (read, write or RPC operation
|
|
|
5. The NACM data is queried to determine which groups the user is a
|
|
|
member of.
|
|
|
|
|
|
6. Depending on the type of the request (read, write or RPC operation
|
|
|
invocation) and the Request-URI, the required permissions are
|
|
|
determined, and the NACM database is checked to verify that the
|
|
|
user posseses all of them. If not, `403 Forbidden` is sent.
|
|
|
|
|
|
1. If the request is an RPC operation, it is invoked and an
|
|
|
7. If the request is an RPC operation, it is invoked and an
|
|
|
appropriate reply or error message generated.
|
|
|
|
|
|
1. If the request is a read operation, the corresponding data are retrieved
|
|
|
8. If the request is a read operation, the corresponding data are retrieved
|
|
|
from the datastore and formatted into a reply, or an error status
|
|
|
code is returned.
|
|
|
|
|
|
1. If the request is a write operation, the changes are applied using
|
|
|
9. If the request is a write operation, the changes are applied using
|
|
|
a persistent structure API (so that the original unmodified
|
|
|
configuration remains available). The new configration is passed to
|
|
|
the Yangson library for validation. If the validation succeeds, the
|
... | ... | @@ -189,8 +189,8 @@ a minumum set of server configuration parameters: |
|
|
server instrumentation that applies the necessary changes. An
|
|
|
appropriate response or error code is generated and sent.
|
|
|
|
|
|
1. After finishing one of the steps 7, 8 or 9, the server returns to
|
|
|
step 4.
|
|
|
10. After finishing one of the steps 7, 8 or 9, the server returns to
|
|
|
step 3.
|
|
|
|
|
|
## Python Modules
|
|
|
|
... | ... | |