PR#1329: Update plugin doc (confusing sentence) - koji

koji

#1329 Update plugin doc (confusing sentence)

Merged 4 years ago by mikem. Opened 4 years ago by tkopecek.

tkopecek/koji doc_fix into master

Update plugin doc (confusing sentence)

Tomas Kopecek • 4 years ago

a42b6a6

docs/source/writing_a_plugin.rst

file modified

+4 -1

		`@@ -84,6 +84,7 @@`
		`::`

		`def mymethod(arg1, arg2, kwarg1=None):`
		`+ context.session.assertPerm('admin')`
		`# Here is where you actually do something`

		`mymethod.exported = True`
		`@@ -94,7 +95,9 @@`
		`arguments you need.`
		- You must export your method by setting its ``exported`` attribute to
		``True``
		- - The ``context.session.assertPerm()`` is how you ensure that the
		+ - The ``context.session.assertPerm('admin')`` is how you ensure that only
		`+ the user with administrator privileges can use this call. Read-only`
		`+ methods can be (in most cases) public, so such line is not needed.`

		Save your plugin as e.g ``mymethod.py``, then install it in the Koji Hub
		plugins folder: ``/usr/lib/koji-hub-plugins/``

no initial comment

mikem commented 4 years ago

Commit adf68f2 fixes this pull-request

Pull-Request has been merged by mikem

4 years ago

ktdreyer commented 4 years ago

Read-only methods can be (in most cases) public - now you have me curious. Does Koji have a read-only method that requires authentication?

mikem commented 4 years ago

Does Koji have a read-only method that requires authentication?

Yes, several of the host methods for example.

ktdreyer commented 4 years ago

I see, thanks. I was curious if there was any security sensitive information.

Reading hub/kojihub.py, it looks like this is done with host = Host() and host.verify(), and each of the HostExports methods has that pattern. Most of those RPCs do something with the host object. For example host.isEnabled evaluates "am I enabled or not", or host.getHostTasks evaluates the tasks specific to the logged-in host.

So for these read-only methods, the authentication mechanism is a convenient way to reference the kojid instance's data, and it's not a way to restrict sensitive information.