diff options
| author | Jacob Helwig <jacob@puppetlabs.com> | 2011-07-26 16:15:38 -0700 |
|---|---|---|
| committer | Jacob Helwig <jacob@puppetlabs.com> | 2011-07-26 16:15:38 -0700 |
| commit | 5b167eba2b602f5c6c6c224790fa1eb56b239ad4 (patch) | |
| tree | 9440ead7019bf8cc3012e4d2743b163b27e8daad /lib/puppet/network | |
| parent | 0506874ebeac8f2fb7d6c754ed6b606eab56d216 (diff) | |
| parent | 5682125e1800f4c7b69b20fdd28f97a473d5d93c (diff) | |
| download | puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.tar.gz puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.tar.xz puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.zip | |
Merge branch '2.7.x'
* 2.7.x:
Deprecate RestAuthConfig#allowed? in favor of #check_authorization
Fix #6026 - security file should support inline comments
Fix #5010 - Allow leading whitespace in auth.conf
Fix #5777 - rule interpolation broke auth.conf CIDR rules
Diffstat (limited to 'lib/puppet/network')
| -rw-r--r-- | lib/puppet/network/authconfig.rb | 4 | ||||
| -rw-r--r-- | lib/puppet/network/rest_authconfig.rb | 7 | ||||
| -rw-r--r-- | lib/puppet/network/rest_authorization.rb | 2 |
3 files changed, 10 insertions, 3 deletions
diff --git a/lib/puppet/network/authconfig.rb b/lib/puppet/network/authconfig.rb index 4ba89fa71..1e486a2f9 100644 --- a/lib/puppet/network/authconfig.rb +++ b/lib/puppet/network/authconfig.rb @@ -102,7 +102,7 @@ module Puppet name = $3 if $2 == "path" name.chomp! right = newrights.newright(name, count, @file) - when /^\s*(allow|deny|method|environment|auth(?:enticated)?)\s+(.+)$/ + when /^\s*(allow|deny|method|environment|auth(?:enticated)?)\s+(.+?)(\s*#.*)?$/ parse_right_directive(right, $1, $2, count) else raise ConfigurationError, "Invalid line #{count}: #{line}" @@ -130,6 +130,7 @@ module Puppet end def parse_right_directive(right, var, value, count) + value.strip! case var when "allow" modify_right(right, :allow, value, "allowing %s access", count) @@ -159,6 +160,7 @@ module Puppet def modify_right(right, method, value, msg, count) value.split(/\s*,\s*/).each do |val| begin + val.strip! right.info msg % val right.send(method, val) rescue AuthStoreError => detail diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb index dfe8f85c4..7dcc81ef4 100644 --- a/lib/puppet/network/rest_authconfig.rb +++ b/lib/puppet/network/rest_authconfig.rb @@ -29,10 +29,15 @@ module Puppet @main end + def allowed?(request) + Puppet.deprecation_warning "allowed? should not be called for REST authorization - use check_authorization instead" + check_authorization(request) + end + # check wether this request is allowed in our ACL # raise an Puppet::Network::AuthorizedError if the request # is denied. - def allowed?(indirection, method, key, params) + def check_authorization(indirection, method, key, params) read # we're splitting the request in part because diff --git a/lib/puppet/network/rest_authorization.rb b/lib/puppet/network/rest_authorization.rb index 50f094e3e..d636d486a 100644 --- a/lib/puppet/network/rest_authorization.rb +++ b/lib/puppet/network/rest_authorization.rb @@ -16,7 +16,7 @@ module Puppet::Network # Verify that our client has access. def check_authorization(indirection, method, key, params) - authconfig.allowed?(indirection, method, key, params) + authconfig.check_authorization(indirection, method, key, params) end end end |