Merge branch '2.7.x'

* 2.7.x: Deprecate RestAuthConfig#allowed? in favor of #check_authorization Fix #6026 - security file should support inline comments Fix #5010 - Allow leading whitespace in auth.conf Fix #5777 - rule interpolation broke auth.conf CIDR rules
author: Jacob Helwig <jacob@puppetlabs.com> 2011-07-26 16:15:38 -0700
committer: Jacob Helwig <jacob@puppetlabs.com> 2011-07-26 16:15:38 -0700
commit: 5b167eba2b602f5c6c6c224790fa1eb56b239ad4 (patch)
tree: 9440ead7019bf8cc3012e4d2743b163b27e8daad /lib/puppet
parent: 0506874ebeac8f2fb7d6c754ed6b606eab56d216 (diff)
parent: 5682125e1800f4c7b69b20fdd28f97a473d5d93c (diff)
download: puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.tar.gz
puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.tar.xz
puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.zip
4 files changed, 16 insertions, 16 deletions
diff --git a/lib/puppet/file_serving/configuration/parser.rb b/lib/puppet/file_serving/configuration/parser.rb
index 334201d37..83b75e28f 100644
--- a/lib/puppet/file_serving/configuration/parser.rb
+++ b/lib/puppet/file_serving/configuration/parser.rb
@@ -24,9 +24,10 @@ class Puppet::FileServing::Configuration::Parser < Puppet::Util::LoadedFile
         when /^\s*$/; next # skip blank lines
         when /\[([-\w]+)\]/
           mount = newmount($1)
-        when /^\s*(\w+)\s+(.+)$/
+        when /^\s*(\w+)\s+(.+?)(\s*#.*)?$/
           var = $1
           value = $2
+          value.strip!
           raise(ArgumentError, "Fileserver configuration file does not use '=' as a separator") if value =~ /^=/
           case var
           when "path"
@@ -58,12 +59,8 @@ class Puppet::FileServing::Configuration::Parser < Puppet::Util::LoadedFile
       begin
         mount.info "allowing #{val} access"
         mount.allow(val)
-      rescue AuthStoreError => detail
-
-              raise ArgumentError.new(
-        detail.to_s,
-        
-          @count, file)
+      rescue Puppet::AuthStoreError => detail
+        raise ArgumentError.new(detail.to_s, @count, file)
       end
     }
   end
@@ -75,12 +72,8 @@ class Puppet::FileServing::Configuration::Parser < Puppet::Util::LoadedFile
       begin
         mount.info "denying #{val} access"
         mount.deny(val)
-      rescue AuthStoreError => detail
-
-              raise ArgumentError.new(
-        detail.to_s,
-        
-          @count, file)
+      rescue Puppet::AuthStoreError => detail
+        raise ArgumentError.new(detail.to_s, @count, file)
       end
     }
   end
diff --git a/lib/puppet/network/authconfig.rb b/lib/puppet/network/authconfig.rb
index 4ba89fa71..1e486a2f9 100644
--- a/lib/puppet/network/authconfig.rb
+++ b/lib/puppet/network/authconfig.rb
@@ -102,7 +102,7 @@ module Puppet
               name = $3 if $2 == "path"
               name.chomp!
               right = newrights.newright(name, count, @file)
-            when /^\s*(allow|deny|method|environment|auth(?:enticated)?)\s+(.+)$/
+            when /^\s*(allow|deny|method|environment|auth(?:enticated)?)\s+(.+?)(\s*#.*)?$/
               parse_right_directive(right, $1, $2, count)
             else
               raise ConfigurationError, "Invalid line #{count}: #{line}"
@@ -130,6 +130,7 @@ module Puppet
     end
 
     def parse_right_directive(right, var, value, count)
+      value.strip!
       case var
       when "allow"
         modify_right(right, :allow, value, "allowing %s access", count)
@@ -159,6 +160,7 @@ module Puppet
     def modify_right(right, method, value, msg, count)
       value.split(/\s*,\s*/).each do |val|
         begin
+          val.strip!
           right.info msg % val
           right.send(method, val)
         rescue AuthStoreError => detail
diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb
index dfe8f85c4..7dcc81ef4 100644
--- a/lib/puppet/network/rest_authconfig.rb
+++ b/lib/puppet/network/rest_authconfig.rb
@@ -29,10 +29,15 @@ module Puppet
       @main
     end
 
+    def allowed?(request)
+      Puppet.deprecation_warning "allowed? should not be called for REST authorization - use check_authorization instead"
+      check_authorization(request)
+    end
+
     # check wether this request is allowed in our ACL
     # raise an Puppet::Network::AuthorizedError if the request
     # is denied.
-    def allowed?(indirection, method, key, params)
+    def check_authorization(indirection, method, key, params)
       read
 
       # we're splitting the request in part because
diff --git a/lib/puppet/network/rest_authorization.rb b/lib/puppet/network/rest_authorization.rb
index 50f094e3e..d636d486a 100644
--- a/lib/puppet/network/rest_authorization.rb
+++ b/lib/puppet/network/rest_authorization.rb
@@ -16,7 +16,7 @@ module Puppet::Network
 
     # Verify that our client has access.
     def check_authorization(indirection, method, key, params)
-      authconfig.allowed?(indirection, method, key, params)
+      authconfig.check_authorization(indirection, method, key, params)
     end
   end
 end
author	Jacob Helwig <jacob@puppetlabs.com>	2011-07-26 16:15:38 -0700
committer	Jacob Helwig <jacob@puppetlabs.com>	2011-07-26 16:15:38 -0700
commit	5b167eba2b602f5c6c6c224790fa1eb56b239ad4 (patch)
tree	9440ead7019bf8cc3012e4d2743b163b27e8daad /lib/puppet
parent	0506874ebeac8f2fb7d6c754ed6b606eab56d216 (diff)
parent	5682125e1800f4c7b69b20fdd28f97a473d5d93c (diff)
download	puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.tar.gz puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.tar.xz puppet-5b167eba2b602f5c6c6c224790fa1eb56b239ad4.zip