Add {READ|WRITE}_LOGIN_REQUIRED configuration to the ara-api role

These configuration options allow for the API to require authentication before accepting read or write requests [1]. [1]: https://ara.readthedocs.io/en/feature-1.0/api-security.html Change-Id: I130631b52b6532e3e7cc559d700055a687d257b7
2019-03-11 12:18:55 -04:00 · 2019-03-11 12:18:55 -04:00 · 8f33433f37
commit 8f33433f37
parent 9bac0a8c47
2 changed files with 8 additions and 0 deletions
--- a/roles/ara_api/defaults/main.yaml
+++ b/roles/ara_api/defaults/main.yaml
@ -90,6 +90,12 @@ ara_api_settings: "{{ ara_api_base_dir }}/settings.yaml"
 # ARA_ENV - Environment to load configuration for
 ara_api_env: default

+# ARA_READ_LOGIN_REQUIRED - Whether authentication is required for reading data
+ara_api_read_login_required: false
+
+# ARA_WRITE_LOGIN_REQUIRED - Whether authentication is required for writing data
+ara_api_write_login_required: false
+
 # ARA_LOG_LEVEL - Log level of the different components
 ara_api_log_level: INFO

--- a/roles/ara_api/tasks/config.yaml
+++ b/roles/ara_api/tasks/config.yaml
@ -79,6 +79,8 @@
      LOGGING: "{{ ara_api_logging }}"
      LOG_LEVEL: "{{ ara_api_log_level }}"
      SECRET_KEY: "{{ ara_api_secret_key }}"
+      READ_LOGIN_REQUIRED: "{{ ara_api_read_login_required }}"
+      WRITE_LOGIN_REQUIRED: "{{ ara_api_write_login_required }}"
  set_fact:
    ara_api_configuration: "{'{{ ara_api_env }}': {{ reconciled_configuration }} }"
  no_log: yes