Merge branch 'master' of github.com:puppetlabs/puppet

5 files changed, 10 insertions, 64 deletions

diff --git a/lib/puppet/network/authconfig.rb b/lib/puppet/network/authconfig.rb
index 4ba89fa71..1e486a2f9 100644
--- a/lib/puppet/network/authconfig.rb
+++ b/lib/puppet/network/authconfig.rb
@@ -102,7 +102,7 @@ module Puppet
               name = $3 if $2 == "path"
               name.chomp!
               right = newrights.newright(name, count, @file)
-            when /^\s*(allow|deny|method|environment|auth(?:enticated)?)\s+(.+)$/
+            when /^\s*(allow|deny|method|environment|auth(?:enticated)?)\s+(.+?)(\s*#.*)?$/
               parse_right_directive(right, $1, $2, count)
             else
               raise ConfigurationError, "Invalid line #{count}: #{line}"
@@ -130,6 +130,7 @@ module Puppet
     end
 
     def parse_right_directive(right, var, value, count)
+      value.strip!
       case var
       when "allow"
         modify_right(right, :allow, value, "allowing %s access", count)
@@ -159,6 +160,7 @@ module Puppet
     def modify_right(right, method, value, msg, count)
       value.split(/\s*,\s*/).each do |val|
         begin
+          val.strip!
           right.info msg % val
           right.send(method, val)
         rescue AuthStoreError => detail
diff --git a/lib/puppet/network/client.rb b/lib/puppet/network/client.rb
index c56b21393..f9c4c5fea 100644
--- a/lib/puppet/network/client.rb
+++ b/lib/puppet/network/client.rb
@@ -82,11 +82,6 @@ class Puppet::Network::Client
 
       self.read_cert
 
-      # We have to start the HTTP connection manually before we start
-      # sending it requests or keep-alive won't work.  Note that with #1010,
-      # we don't currently actually want keep-alive.
-      @driver.start if @driver.respond_to? :start and Puppet::Network::HttpPool.keep_alive?
-
       @local = false
     elsif hash.include?(driverparam)
       @driver = hash[driverparam]
diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb
index 7d227b4d4..8baf48c77 100644
--- a/lib/puppet/network/http_pool.rb
+++ b/lib/puppet/network/http_pool.rb
@@ -1,53 +1,14 @@
 require 'puppet/ssl/host'
 require 'net/https'
-require 'puppet/util/cacher'
 
 module Puppet::Network; end
 
-# Manage Net::HTTP instances for keep-alive.
 module Puppet::Network::HttpPool
-  class << self
-    include Puppet::Util::Cacher
-
-    private
-
-    cached_attr(:http_cache) { Hash.new }
-  end
-
   # Use the global localhost instance.
   def self.ssl_host
     Puppet::SSL::Host.localhost
   end
 
-  # 2008/03/23
-  # LAK:WARNING: Enabling this has a high propability of
-  # causing corrupt files and who knows what else.  See #1010.
-  HTTP_KEEP_ALIVE = false
-
-  def self.keep_alive?
-    HTTP_KEEP_ALIVE
-  end
-
-  # Clear our http cache, closing all connections.
-  def self.clear_http_instances
-    http_cache.each do |name, connection|
-      connection.finish if connection.started?
-    end
-    Puppet::Util::Cacher.expire
-  end
-
-  # Make sure we set the driver up when we read the cert in.
-  def self.read_cert
-    if val = super # This calls read_cert from the Puppet::SSLCertificates::Support module.
-      # Clear out all of our connections, since they previously had no cert and now they
-      # should have them.
-      clear_http_instances
-      return val
-    else
-      return false
-    end
-  end
-
   # Use cert information from a Puppet client to set up the http object.
   def self.cert_setup(http)
     # Just no-op if we don't have certs.
@@ -63,21 +24,6 @@ module Puppet::Network::HttpPool
   # Retrieve a cached http instance if caching is enabled, else return
   # a new one.
   def self.http_instance(host, port, reset = false)
-    # We overwrite the uninitialized @http here with a cached one.
-    key = "#{host}:#{port}"
-
-    # Return our cached instance if we've got a cache, as long as we're not
-    # resetting the instance.
-    if keep_alive?
-      return http_cache[key] if ! reset and http_cache[key]
-
-      # Clean up old connections if we have them.
-      if http = http_cache[key]
-        http_cache.delete(key)
-        http.finish if http.started?
-      end
-    end
-
     args = [host, port]
     if Puppet[:http_proxy_host] == "none"
       args << nil << nil
@@ -97,8 +43,6 @@ module Puppet::Network::HttpPool
 
     cert_setup(http)
 
-    http_cache[key] = http if keep_alive?
-
     http
   end
 end
diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb
index dfe8f85c4..7dcc81ef4 100644
--- a/lib/puppet/network/rest_authconfig.rb
+++ b/lib/puppet/network/rest_authconfig.rb
@@ -29,10 +29,15 @@ module Puppet
       @main
     end
 
+    def allowed?(request)
+      Puppet.deprecation_warning "allowed? should not be called for REST authorization - use check_authorization instead"
+      check_authorization(request)
+    end
+
     # check wether this request is allowed in our ACL
     # raise an Puppet::Network::AuthorizedError if the request
     # is denied.
-    def allowed?(indirection, method, key, params)
+    def check_authorization(indirection, method, key, params)
       read
 
       # we're splitting the request in part because
diff --git a/lib/puppet/network/rest_authorization.rb b/lib/puppet/network/rest_authorization.rb
index 50f094e3e..d636d486a 100644
--- a/lib/puppet/network/rest_authorization.rb
+++ b/lib/puppet/network/rest_authorization.rb
@@ -16,7 +16,7 @@ module Puppet::Network
 
     # Verify that our client has access.
     def check_authorization(indirection, method, key, params)
-      authconfig.allowed?(indirection, method, key, params)
+      authconfig.check_authorization(indirection, method, key, params)
     end
   end
 end