diff options
| author | Pieter van de Bruggen <pieter@puppetlabs.com> | 2011-05-04 16:45:50 -0700 |
|---|---|---|
| committer | Pieter van de Bruggen <pieter@puppetlabs.com> | 2011-05-04 16:45:50 -0700 |
| commit | 8d792a06399c4399c16a3add752e2f48f27f5c04 (patch) | |
| tree | e68c82fbdb69f601e2ce5d5f034c19a1f7b6bd8b | |
| parent | d950921e0dffe3c2f5315e63d86881986d7e4041 (diff) | |
| parent | 5076c3794dcbfd708d9169d720b8fc5a41998a14 (diff) | |
| download | puppet-8d792a06399c4399c16a3add752e2f48f27f5c04.tar.gz puppet-8d792a06399c4399c16a3add752e2f48f27f5c04.tar.xz puppet-8d792a06399c4399c16a3add752e2f48f27f5c04.zip | |
Merge branch 'tickets/2.7.x/7179' into 2.7.x
| -rw-r--r-- | conf/auth.conf | 5 | ||||
| -rw-r--r-- | lib/puppet/network/rest_authconfig.rb | 1 | ||||
| -rwxr-xr-x | spec/unit/network/rest_authconfig_spec.rb | 13 |
3 files changed, 7 insertions, 12 deletions
diff --git a/conf/auth.conf b/conf/auth.conf index 431e4b205..cb202a989 100644 --- a/conf/auth.conf +++ b/conf/auth.conf @@ -53,6 +53,11 @@ path ~ ^/catalog/([^/]+)$ method find allow $1 +# allow nodes to retrieve their own node definition +path ~ ^/node/([^/]+)$ +method find +allow $1 + # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb index cf76978fe..dfe8f85c4 100644 --- a/lib/puppet/network/rest_authconfig.rb +++ b/lib/puppet/network/rest_authconfig.rb @@ -8,6 +8,7 @@ module Puppet DEFAULT_ACL = [ { :acl => "~ ^\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true }, + { :acl => "~ ^\/node\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true }, # this one will allow all file access, and thus delegate # to fileserver.conf { :acl => "/file" }, diff --git a/spec/unit/network/rest_authconfig_spec.rb b/spec/unit/network/rest_authconfig_spec.rb index 499a14b78..e1403997f 100755 --- a/spec/unit/network/rest_authconfig_spec.rb +++ b/spec/unit/network/rest_authconfig_spec.rb @@ -5,18 +5,7 @@ require 'puppet/network/rest_authconfig' describe Puppet::Network::RestAuthConfig do - DEFAULT_ACL = [ - { :acl => "~ ^\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true }, - # this one will allow all file access, and thus delegate - # to fileserver.conf - { :acl => "/file" }, - { :acl => "/certificate_revocation_list/ca", :method => :find, :authenticated => true }, - { :acl => "/report", :method => :save, :authenticated => true }, - { :acl => "/certificate/ca", :method => :find, :authenticated => false }, - { :acl => "/certificate/", :method => :find, :authenticated => false }, - { :acl => "/certificate_request", :method => [:find, :save], :authenticated => false }, - { :acl => "/status", :method => [:find], :authenticated => true }, - ] + DEFAULT_ACL = Puppet::Network::RestAuthConfig::DEFAULT_ACL before :each do FileTest.stubs(:exists?).returns(true) |