diff options
| author | Seth Vidal <skvidal@fedoraproject.org> | 2007-10-18 10:45:02 -0400 |
|---|---|---|
| committer | Seth Vidal <skvidal@fedoraproject.org> | 2007-10-18 10:45:02 -0400 |
| commit | 967f120791f8f813890b83b2d767f0b3e682edea (patch) | |
| tree | 1ec4f004935669cc9a2d2cd7903c992a36f30fe5 /func | |
| parent | b4b771c5aced0739eb7a875bf126d21dbdaff06b (diff) | |
| download | third_party-func-967f120791f8f813890b83b2d767f0b3e682edea.tar.gz third_party-func-967f120791f8f813890b83b2d767f0b3e682edea.tar.xz third_party-func-967f120791f8f813890b83b2d767f0b3e682edea.zip | |
swap out minion-acl config file for minion-acl.d dir of .acl files
Diffstat (limited to 'func')
| -rw-r--r-- | func/commonconfig.py | 2 | ||||
| -rwxr-xr-x | func/minion/server.py | 3 | ||||
| -rwxr-xr-x | func/minion/utils.py | 50 |
3 files changed, 32 insertions, 23 deletions
diff --git a/func/commonconfig.py b/func/commonconfig.py index e3b1760..5c3485f 100644 --- a/func/commonconfig.py +++ b/func/commonconfig.py @@ -13,5 +13,5 @@ class FuncdConfig(BaseConfig): log_level = Option('INFO') certmaster = Option('certmaster') cert_dir = Option('/etc/pki/func') - acl_config = Option('/etc/func/minion-acl.conf') + acl_dir = Option('/etc/func/minion-acl.d') diff --git a/func/minion/server.py b/func/minion/server.py index c900a09..3ef7786 100755 --- a/func/minion/server.py +++ b/func/minion/server.py @@ -218,7 +218,8 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, return peer_cert.get_subject().CN def _check_acl(self, cert, ip, method, params): - acls = utils.get_acls_from_config(fn=self.config.acl_config) + acls = utils.get_acls_from_config(acldir=self.config.acl_dir) + # certmaster always gets to run things ca_cn = self._our_ca.get_subject().CN ca_hash = self._our_ca.subject_name_hash() diff --git a/func/minion/utils.py b/func/minion/utils.py index 447acc8..7599657 100755 --- a/func/minion/utils.py +++ b/func/minion/utils.py @@ -19,6 +19,7 @@ import sys import time import traceback import xmlrpclib +import glob import codes from func import certs @@ -158,35 +159,42 @@ def daemonize(pidfile=None): open(pidfile, "w").write(str(pid)) sys.exit(0) -def get_acls_from_config(fn='/etc/func/minion-acl.conf'): +def get_acls_from_config(acldir='/etc/func/minion-acl.d'): """ - takes a fn = filename of config file + takes a dir of .acl files returns a dict of hostname+hash = [methods, to, run] """ acls = {} - if not os.path.exists(fn): - print 'acl config file does not exist: %s' % fn - return acls - try: - fo = open(fn, 'r') - except (IOError, OSError), e: - print 'cannot open acl config file: %s' % e + if not os.path.exists(acldir): + print 'acl dir does not exist: %s' % acldir return acls - for line in fo.readlines(): - if line.startswith('#'): continue - if line.strip() == '': continue - line = line.replace('\n', '') - (host, methods) = line.split('=') - host = host.strip().lower() - methods = methods.strip() - methods = methods.replace(',',' ') - methods = methods.split() - if not acls.has_key(host): - acls[host] = [] - acls[host].extend(methods) + # get the set of files + acl_glob = '%s/*.acl' % acldir + files = glob.glob(acl_glob) + + for acl_file in files: + + try: + fo = open(acl_file, 'r') + except (IOError, OSError), e: + print 'cannot open acl config file: %s - %s' % (acl_file, e) + continue + + for line in fo.readlines(): + if line.startswith('#'): continue + if line.strip() == '': continue + line = line.replace('\n', '') + (host, methods) = line.split('=') + host = host.strip().lower() + methods = methods.strip() + methods = methods.replace(',',' ') + methods = methods.split() + if not acls.has_key(host): + acls[host] = [] + acls[host].extend(methods) return acls |