lib/puppet/network/authconfig.rb in puppet-0.24.9 vs lib/puppet/network/authconfig.rb in puppet-0.25.0
- old
+ new
@@ -14,11 +14,11 @@
# Just proxy the setting methods to our rights stuff
[:allow, :deny].each do |method|
define_method(method) do |*args|
@rights.send(method, *args)
- end
+ end
end
# Here we add a little bit of semantics. They can set auth on a whole
# namespace or on just a single method in the namespace.
def allowed?(request)
@@ -30,23 +30,22 @@
if @rights.include?(name)
return @rights[name].allowed?(request.name, request.ip)
elsif @rights.include?(namespace)
return @rights[namespace].allowed?(request.name, request.ip)
- else
- return false
end
+ false
end
# Does the file exist? Puppetmasterd does not require it, but
# puppetd does.
def exists?
FileTest.exists?(@file)
end
def initialize(file = nil, parsenow = true)
- @file ||= Puppet[:authconfig]
+ @file = file || Puppet[:authconfig]
unless @file
raise Puppet::DevError, "No authconfig file defined"
end
return unless self.exists?
@@ -76,11 +75,11 @@
Puppet.notice "%s vs %s" % [tmp, @configstamp]
end
else
return
end
- else
+ else
Puppet.notice "%s and %s" % [@configtimeout, @configstatted]
end
end
parse()
@@ -97,48 +96,25 @@
File.open(@file) { |f|
right = nil
count = 1
f.each { |line|
case line
- when /^\s*#/: next # skip comments
- when /^\s*$/: next # skip blank lines
- when /\[([\w.]+)\]/: # "namespace" or "namespace.method"
- name = $1
- if newrights.include?(name)
- raise FileServerError, "%s is already set at %s" %
- [newrights[name], name]
+ when /^\s*#/ # skip comments
+ count += 1
+ next
+ when /^\s*$/ # skip blank lines
+ count += 1
+ next
+ when /^(?:(\[[\w.]+\])|(path)\s+((?:~\s+)?[^ ]+))\s*$/ # "namespace" or "namespace.method" or "path /path" or "path ~ regex"
+ name = $1
+ if $2 == "path"
+ name = $3
end
- newrights.newright(name)
- right = newrights[name]
- when /^\s*(\w+)\s+(.+)$/:
- var = $1
- value = $2
- case var
- when "allow":
- value.split(/\s*,\s*/).each { |val|
- begin
- right.info "allowing %s access" % val
- right.allow(val)
- rescue AuthStoreError => detail
- raise ConfigurationError, "%s at line %s of %s" %
- [detail.to_s, count, @config]
- end
- }
- when "deny":
- value.split(/\s*,\s*/).each { |val|
- begin
- right.info "denying %s access" % val
- right.deny(val)
- rescue AuthStoreError => detail
- raise ConfigurationError, "%s at line %s of %s" %
- [detail.to_s, count, @config]
- end
- }
- else
- raise ConfigurationError,
- "Invalid argument '%s' at line %s" % [var, count]
- end
+ name.chomp!
+ right = newrights.newright(name, count, @file)
+ when /^\s*(allow|deny|method|environment|auth(?:enticated)?)\s+(.+)$/
+ parse_right_directive(right, $1, $2, count)
else
raise ConfigurationError, "Invalid line %s: %s" % [count, line]
end
count += 1
}
@@ -160,8 +136,47 @@
newrights.each { |name, right|
right.valid?
}
@rights = newrights
end
+
+ def parse_right_directive(right, var, value, count)
+ case var
+ when "allow"
+ modify_right(right, :allow, value, "allowing %s access", count)
+ when "deny"
+ modify_right(right, :deny, value, "denying %s access", count)
+ when "method"
+ unless right.acl_type == :regex
+ raise ConfigurationError, "'method' directive not allowed in namespace ACL at line %s of %s" % [count, @config]
+ end
+ modify_right(right, :restrict_method, value, "allowing 'method' %s", count)
+ when "environment"
+ unless right.acl_type == :regex
+ raise ConfigurationError, "'environment' directive not allowed in namespace ACL at line %s of %s" % [count, @config]
+ end
+ modify_right(right, :restrict_environment, value, "adding environment %s", count)
+ when /auth(?:enticated)?/
+ unless right.acl_type == :regex
+ raise ConfigurationError, "'authenticated' directive not allowed in namespace ACL at line %s of %s" % [count, @config]
+ end
+ modify_right(right, :restrict_authenticated, value, "adding authentication %s", count)
+ else
+ raise ConfigurationError,
+ "Invalid argument '%s' at line %s" % [var, count]
+ end
+ end
+
+ def modify_right(right, method, value, msg, count)
+ value.split(/\s*,\s*/).each do |val|
+ begin
+ right.info msg % val
+ right.send(method, val)
+ rescue AuthStoreError => detail
+ raise ConfigurationError, "%s at line %s of %s" % [detail.to_s, count, @file]
+ end
+ end
+ end
+
end
end