diff options
| author | Luke Kanies <luke@madstop.com> | 2008-05-27 10:36:16 -0600 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-06-09 16:39:26 -0500 |
| commit | 1205881c8f022cd0dd26ed896976f9451549c571 (patch) | |
| tree | 7a9bd74817886cf946ac48acffdb48f4acace00c /lib/puppet/network/http/webrick | |
| parent | e8044f93efd29fab87d67f55461df371dec8bdff (diff) | |
| download | puppet-1205881c8f022cd0dd26ed896976f9451549c571.tar.gz puppet-1205881c8f022cd0dd26ed896976f9451549c571.tar.xz puppet-1205881c8f022cd0dd26ed896976f9451549c571.zip | |
The mongrel and webrick REST handlers now extract certificate information.
All requests should now have an ipaddress add to them, they
should always be marked authenticated or not, and they should
have the certificate name set as their 'node' if a certificate
is present.
They both use the same methods they use for xmlrpc,
although there's no common code, to facilitate deprecation
of xmlrpc.
Diffstat (limited to 'lib/puppet/network/http/webrick')
| -rw-r--r-- | lib/puppet/network/http/webrick/rest.rb | 51 |
1 files changed, 36 insertions, 15 deletions
diff --git a/lib/puppet/network/http/webrick/rest.rb b/lib/puppet/network/http/webrick/rest.rb index b43912196..a235fb4f3 100644 --- a/lib/puppet/network/http/webrick/rest.rb +++ b/lib/puppet/network/http/webrick/rest.rb @@ -1,46 +1,67 @@ require 'puppet/network/http/handler' class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet - + include Puppet::Network::HTTP::Handler - + def initialize(server, handler) - raise ArgumentError, "server is required" unless server - super(server) - initialize_for_puppet(:server => server, :handler => handler) + raise ArgumentError, "server is required" unless server + super(server) + initialize_for_puppet(:server => server, :handler => handler) + end + + # We had to expose this method for testing purposes. + def params(request) + result = request.query + result.merge(client_information(request)) end # WEBrick uses a service() method to respond to requests. Simply delegate to the handler response() method. def service(request, response) process(request, response) end - + private - + def http_method(request) request.request_method end - + def path(request) # LAK:NOTE See http://snurl.com/21zf8 [groups_google_com] x = '/' + request.path.split('/')[1] end - + def request_key(request) # LAK:NOTE See http://snurl.com/21zf8 [groups_google_com] x = request.path.split('/')[2] end - + def body(request) request.body end - - def params(request) - request.query - end - + def encode_result(request, response, result, status = 200) response.status = status response.body = result end + + # Retrieve node/cert/ip information from the request object. + def client_information(request) + result = {} + if peer = request.peeraddr and ip = peer[3] + result[:ip] = ip + end + + # If they have a certificate (which will almost always be true) + # then we get the hostname from the cert, instead of via IP + # info + result[:authenticated] = false + if cert = request.client_cert and nameary = cert.subject.to_a.find { |ary| ary[0] == "CN" } + result[:node] = nameary[1] + result[:authenticated] = true + end + + result + end end |