diff options
| author | Brice Figureau <brice-puppet@daysofwonder.com> | 2011-05-31 20:01:36 +0200 |
|---|---|---|
| committer | Jacob Helwig <jacob@puppetlabs.com> | 2011-07-26 14:04:28 -0700 |
| commit | 7e6fc0d80ccd29f206c3b56960ee1eef3afc33a3 (patch) | |
| tree | aae7597cf9e6730a27506877774cf76eaf268837 /lib/puppet | |
| parent | 6401dfe5602fd39cc59ec1f1b3822110e4ad864a (diff) | |
| download | puppet-7e6fc0d80ccd29f206c3b56960ee1eef3afc33a3.tar.gz puppet-7e6fc0d80ccd29f206c3b56960ee1eef3afc33a3.tar.xz puppet-7e6fc0d80ccd29f206c3b56960ee1eef3afc33a3.zip | |
Deprecate RestAuthConfig#allowed? in favor of #check_authorization
#allowed? was a poorly named method since it isn't actually a predicate
method. Instead of returning a boolean, this methods throws an
exception when the access is denied (in order to keep the full context
of what ACE triggered the deny).
Given that #allowed? was overriding the behavior from AuthConfig, we
leave a version of #allowed? in place that will issue a deprecation
warning before delegating to #check_authorization. Once support for
XML-RPC agents is removed from the master, we will be able to remove
this delegation, since there should no longer be a reason for a
distinction between AuthConfig and RestAuthConfig.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/network/rest_authconfig.rb | 7 | ||||
| -rw-r--r-- | lib/puppet/network/rest_authorization.rb | 2 |
2 files changed, 7 insertions, 2 deletions
diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb index dfe8f85c4..7dcc81ef4 100644 --- a/lib/puppet/network/rest_authconfig.rb +++ b/lib/puppet/network/rest_authconfig.rb @@ -29,10 +29,15 @@ module Puppet @main end + def allowed?(request) + Puppet.deprecation_warning "allowed? should not be called for REST authorization - use check_authorization instead" + check_authorization(request) + end + # check wether this request is allowed in our ACL # raise an Puppet::Network::AuthorizedError if the request # is denied. - def allowed?(indirection, method, key, params) + def check_authorization(indirection, method, key, params) read # we're splitting the request in part because diff --git a/lib/puppet/network/rest_authorization.rb b/lib/puppet/network/rest_authorization.rb index 50f094e3e..d636d486a 100644 --- a/lib/puppet/network/rest_authorization.rb +++ b/lib/puppet/network/rest_authorization.rb @@ -16,7 +16,7 @@ module Puppet::Network # Verify that our client has access. def check_authorization(indirection, method, key, params) - authconfig.allowed?(indirection, method, key, params) + authconfig.check_authorization(indirection, method, key, params) end end end |