A little while ago, we decided that we would put some system configuration into the store, and rely more or less on access controls to govern who could read/write that data, which is quite a nice flexible system. However, although I knew the ACL system existed, I didn’t actually know anything about it, or even if it worked.
Like most things store related, the code is reasonably clear, and when you try it you find it basically works. I rarely leave the store code in Bongo feeling unimpressed, which I suppose is a good feeling!
So, I documented what I learned about the ACL system on the wiki, and that resulted in this patch for bongo-config (mostly). Before, without ACLs, even logging in as admin meant you couldn’t read or write the Bongo configuration in the store – it just refused you access. Contrast with now:
= $ telnet localhost 689 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. 4242 NMAP <b7237b90laptop.alexhudson.com462e5b4d> = AUTH USER admin **** 1000 127.0.0.1 = STORE _system 1000 OK = COLLECTIONS 4240 Permission denied = READ /config/manager 2001 nmap.document 654 ... = QUIT
Everything marked ‘= ‘ is something I typed in. So, you can see, we switch to the _system store, and try to look at the contents with a collections command – this fails, we don’t have permission to do that. But we can read the bongo-manager configuration file.
Next stop, a basic but working Hawkeye 🙂