diff options
| -rwxr-xr-x | lib/puppet/network/authstore.rb | 19 | ||||
| -rwxr-xr-x | spec/unit/network/authstore_spec.rb | 39 |
2 files changed, 49 insertions, 9 deletions
diff --git a/lib/puppet/network/authstore.rb b/lib/puppet/network/authstore.rb index 4ddd14feb..51fd34138 100755 --- a/lib/puppet/network/authstore.rb +++ b/lib/puppet/network/authstore.rb @@ -182,9 +182,11 @@ module Puppet # we'll return a pattern of puppet.reductivelabs.com def interpolate(match) clone = dup - clone.pattern = clone.pattern.reverse.collect do |p| - p.gsub(/\$(\d)/) { |m| match[$1.to_i] } - end.join(".") + if @name == :dynamic + clone.pattern = clone.pattern.reverse.collect do |p| + p.gsub(/\$(\d)/) { |m| match[$1.to_i] } + end.join(".") + end clone end @@ -199,8 +201,13 @@ module Puppet # Does the name match our pattern? def matchname?(name) - name = munge_name(name) - (pattern == name) or (not exact? and pattern.zip(name).all? { |p,n| p == n }) + case @name + when :domain, :dynamic, :opaque + name = munge_name(name) + (pattern == name) or (not exact? and pattern.zip(name).all? { |p,n| p == n }) + when :regex + Regexp.new(pattern.slice(1..-2)).match(name) + end end # Convert the name to a common pattern. @@ -240,6 +247,8 @@ module Puppet [:dynamic,:exact,nil,munge_name(value)] when /^\w[-.@\w]*$/ # ? Just like a host name but allow '@'s and ending '.'s [:opaque,:exact,nil,[value]] + when /^\/.*\/$/ # a regular expression + [:regex,:inexact,nil,value] else raise AuthStoreError, "Invalid pattern #{value}" end diff --git a/spec/unit/network/authstore_spec.rb b/spec/unit/network/authstore_spec.rb index d62c8abaa..d5ff42d6e 100755 --- a/spec/unit/network/authstore_spec.rb +++ b/spec/unit/network/authstore_spec.rb @@ -4,11 +4,11 @@ require 'spec_helper' require 'puppet/network/authconfig' describe Puppet::Network::AuthStore do - describe "when checking if the acl has some entries" do - before :each do - @authstore = Puppet::Network::AuthStore.new - end + before :each do + @authstore = Puppet::Network::AuthStore.new + end + describe "when checking if the acl has some entries" do it "should be empty if no ACE have been entered" do @authstore.should be_empty end @@ -31,6 +31,37 @@ describe Puppet::Network::AuthStore do @authstore.should_not be_empty end end + + describe "when checking global allow" do + it "should not be enabled by default" do + @authstore.should_not be_globalallow + @authstore.should_not be_allowed('foo.bar.com', '192.168.1.1') + end + + it "should always allow when enabled" do + @authstore.allow('*') + + @authstore.should be_globalallow + @authstore.should be_allowed('foo.bar.com', '192.168.1.1') + end + end + + describe "when checking a regex type of allow" do + before :each do + @authstore.allow('/^(test-)?host[0-9]+\.other-domain\.(com|org|net)$|some-domain\.com/') + @ip = '192.168.1.1' + end + ['host5.other-domain.com', 'test-host12.other-domain.net', 'foo.some-domain.com'].each { |name| + it "should allow the host #{name}" do + @authstore.should be_allowed(name, @ip) + end + } + ['host0.some-other-domain.com',''].each { |name| + it "should not allow the host #{name}" do + @authstore.should_not be_allowed(name, @ip) + end + } + end end describe Puppet::Network::AuthStore::Declaration do |