diff options
| author | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-04-21 23:53:48 +0200 |
|---|---|---|
| committer | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-04-23 20:52:03 +0200 |
| commit | dc1cd6fb6b143b6525953e619a716f04e678727c (patch) | |
| tree | ab38c7fac99ba1cddab062176142ba071caea831 /lib/puppet/rails/database | |
| parent | 85233768f080b4cbc4e20eb0c354b6d859a2fb23 (diff) | |
| download | puppet-dc1cd6fb6b143b6525953e619a716f04e678727c.tar.gz puppet-dc1cd6fb6b143b6525953e619a716f04e678727c.tar.xz puppet-dc1cd6fb6b143b6525953e619a716f04e678727c.zip | |
Fix #1875 - Add a REST authorization system
This patch introduces a new configuration file (and configuration
setting to set it).
Each REST request is checked against this configuration file, and is
either allowed or denied.
The configuration file has the following format:
path /uripath
method <methods>
allow <ip> or <name>
deny <ip> or <name>
or
path ~ <regex>
method <methods>
allow <ip> or <name>
deny <ip> or <name>
where regex is a ruby regex.
This last syntax allows deny/allow interpolation from
the regex captures:
path ~ /files[^/]+/files/([^/]+)/([^/])/
method find
allow $2.$1
If you arrange your files/ directory to have files in
'domain.com/host/', then only the referenced host will
be able to access their files, other hosts will be denied.
For instance:
files/reductivelabs.com/dns/...
files/reductivelabs.com/www/...
then only files in dns can be accessible by dns.reductivelabs.com
and so on...
If the auth.conf file doesn't exist puppet uses sane defaults that allows
clients to check-in and ask for their configurations...
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Diffstat (limited to 'lib/puppet/rails/database')
0 files changed, 0 insertions, 0 deletions