| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
When the PUT body is large enough that Mongrel::HTTPRequest#body returns a StringIO object instead of a String. StringIO#to_s then returns "<StringIO#8236987299>" instead of the string contents.
When that string is passed to YAML it returns false which is then passed to save_object without any real time checking.
This is a combination of patches from Jordan Curzon and Ricky Zhou.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opaque strings
This patch removes the limitation of allow/deny which were
only matching ip addresses or hostname (or pattern of).
It makes sure any kind of string can be matched (by strict
equality) while still keeping the old behaviour.
Opaque strings can only contains: alphanumeric characters, -
_ and @.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were two problems:
* server->client communications is using Content-Type with the
direct format name instead of the format mime-type.
* client->server communications is not using Content-Type to
send the format of the serialized object. Instead it is using the
first member of the Accept header. The Accept header is usually
reserved for the other side, ie what the client will accept
when the server will respond.
This patch makes sure s->c communication contains correct Content-Type
headers.
This patch also adds a Content-Type header containing the mime-type of
the object sent by the client when saving.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
| |
Earlier ruby 1.8 versions do not have start_with? for Strings.
Found by John Barbuto.
|
| |
|
|
| |
Signed-off-by: Jordan Curzon <curzonj@gmail.com>
|
| |
|
|
|
|
|
|
| |
Mongrel::HttpRequest.query_parse outputs a params hash with nil
keys given certain query strings. Network::HTTP::Handler.decode_params
needs to check the incoming values.
Signed-off-by: Jordan Curzon <curzonj@gmail.com>
|
| |
|
|
|
|
| |
We just add a bit of information to the exception.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Also making some log messages more informative.
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Mongrel puppet code uses REMOTE_ADDR to set the ip address which will
be use to authenticate the client access.
Since mongrel is always used in a proxy mode with Puppet, REMOTE_ADDR
is always the address of the proxy (usually 127.0.0.1), which defeats
the purpose.
With this changeset, the mongrel code now uses the X-Forwarded-For
HTTP header value if it is passed over the REMOTE_ADDR.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Fixes #2268 "Rack::RewindableInput is not a valid input stream."
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously, when you created a module you had to specify
the path. Now Module instances can use the module path
to look up their paths, and there are methods for determining
whether the module is present (if the path is present).
Also cleaned up the methods for figuring out what's in
the module (plugins, etc.).
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
The Server class has all of the logic now,
instead of doing weird things in the defaults.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This lays the ground: a wrapper for the REST handler, and an application
confirming to the Rack standard. Also includes a base class for Rack
handlers, as RackREST will not stay the only one, and there needs to be
a central place where client authentication data can be checked.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because of ruby bug:
http://rubyforge.org/tracker/?group_id=426&atid=1698&func=detail&aid=8886
and
http://redmine.ruby-lang.org/issues/show/1331
YAML dump of hashes using ruby objects as keys is incorrect leading
to an error when deserializing the YAML in puppetd.
The error is easy to correct by a post-process fix-up of
the generated YAML, which transforms:
&id004 !ruby/object:Puppet::Relationship ?
to the correct:
? &id004 !ruby/object:Puppet::Relationship
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, unauthenticated REST requests where inconditionnaly
allowed, as long as they were to the certificate terminus.
This could be a security hole, so now the REST requests, authenticated
or unauthenticated are all submitted to the REST authorization
layer.
The default authorizations now contains directives to allow unauthenticated
requests to the various certificate terminus to allow new hosts.
The conf/auth.conf file has been modified to match such defaults.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
unauthenticated request
Introduces a new auth.conf directive (auth or authenticated) which
takes an argument (on,yes/off,no/all,any).
This can be used to restrict an ACL to only some state of
authentication of a REST request, or any.
If no auth directive is given, the ACL will only trigger for
authenticated requests.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The idea is to raise an AuthorizationException at the same place
we check the authorization instead of in an upper level to be
able to spot where the authorization took place in the exception
backtrace.
Moreover, this changes also makes Rights::allowed? to return
the matching acl so that the upper layer can have a chance to
report which ACL resulted in the match.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
| |
With the help of the new auth.conf directive 'environment',
any ACL can now be restricted to a specific environment.
Omission of the directive means that the ACL will apply
to all the defined environment.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new configuration file (and configuration
setting to set it).
Each REST request is checked against this configuration file, and is
either allowed or denied.
The configuration file has the following format:
path /uripath
method <methods>
allow <ip> or <name>
deny <ip> or <name>
or
path ~ <regex>
method <methods>
allow <ip> or <name>
deny <ip> or <name>
where regex is a ruby regex.
This last syntax allows deny/allow interpolation from
the regex captures:
path ~ /files[^/]+/files/([^/]+)/([^/])/
method find
allow $2.$1
If you arrange your files/ directory to have files in
'domain.com/host/', then only the referenced host will
be able to access their files, other hosts will be denied.
For instance:
files/reductivelabs.com/dns/...
files/reductivelabs.com/www/...
then only files in dns can be accessible by dns.reductivelabs.com
and so on...
If the auth.conf file doesn't exist puppet uses sane defaults that allows
clients to check-in and ask for their configurations...
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new set of directive to the authconfig
parser/file format:
path /uripath or patch ~ <regex>
This directive declares a new kind of ACL based on the uri path.
method save, find
This directive which is to be used under path directive restricts a
path ACL to only some REST verbs.
The ACL path system matches on path prefix possible, or
on regex matches (first match wins).
If no path are matching, then the authorization is not allowed.
The same if no ACL matches for the given REST verb.
The old namespace right matching still works as usual.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The idea is to have allow/deny authorization directives
that are dynamic: their evaluation is deferred until
we perform the authorization checking in allowed?.
This is done to allow replacing backreferences in allow/deny
directives by parameters of the match that selected this right.
For instance, it is possible to:
allow $1.$2
And using Right::interpolate() with the result of a regex match
using 2 captures, will evaluate $1.$2 to those captures.
For instance, if we captured [host, reductivelabs.com], then the
allow directive is replaced by:
allow host.reductivelabs.com
It is then safe to call allowed?, after which we can reset the
interpolation.
This interpolation is thread-safe.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
authconfig regex support
|
| |
|
|
|
|
|
|
|
|
| |
This isn't that great, but at least it provides
basic tuning of the format.
Also removing the catalog_format default, since it's
no longer used.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is mostly a configuration change, with some
code getting removed.
Also adding an extra require in Format;
Puppet::Provider requires Puppet::Provider::Confiner,
so the constant lookup is weird.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This code hasn't been modified since the introduction of the
fileset recurselimit parameter. Tests depending on this code
were failing.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
| |
This is done for security reasons - if a client is
unauthenticated, we don't want them to be able to
just configure their own authentication information.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit includes multiple, related changes, all
in one commit because the whole thing was necessary to
reach a functional tree again:
* The URI starts with the environment, so:
/production/certificate/foo
/development/file_content/path/to/your/file
* All REST handling is done by a single instance mounted
at / for webrick and Mongrel, rather than having individual
instances mounted at, say, /certificate.
* All REST URI translation is done by an API module. Currently
only the 'v1' module exists with no support for additional modules,
but it's well-separated and will be easy to expand as we need it.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This module is now used by the client and
server side, rather than having a Handler module
that's 90% server functionality but also used by
the client.
While we don't automatically get api choice from this,
it at least provides a pattern for how we'll handle API
development over time.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
| |
Things are actually in a broken state here because we've
got a conflict between how the two sides do their work
and some extraction needs to get done. This commit
is just a stopping-point so I can do the necessary
refactoring.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the first main phase to having a common module for
handling the REST api - this Handler module will be included
by all of the web server REST modules and the Indirector
Request class, so there's a common place that understands
how the URI consists.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
semicolons
|
| |
|
|
|
|
|
|
|
|
| |
This means, at the least, that we can now serve files
via REST when they have spaces and other weird characters
in their names.
This involves a small change to many files.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
The interface is *much* cleaner, and I'd removed one of the methods
used in this code.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We previously only handled simple strings as values,
but we know handle true and false as booleans, we URI-escape
all strings, and we can yaml-encode and then escape arrays of
strings.
This could get abused a bit, in that we're just yaml-dumping anything
that's an array, but it should be pretty safe. Mmmm, should.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
communication
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/indirector/facts/facter.rb
lib/puppet/provider/augeas/augeas.rb
lib/puppet/util/filetype.rb
spec/unit/indirector/facts/facter.rb
spec/unit/provider/augeas/augeas.rb
test/util/filetype.rb
|
| | |
| |
| |
| |
| |
| |
| |
| | |
There were apparently some circumstances that
resulted in the connection not being closed; this just closes
it every time if it's still open after the rpc call is complete.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I split it all into smaller, manageable chunks,
and used methods for each step, instead
of having one huge call.
Note that I made all of the tests first, then
refactored the code, so I'm confident there's no
behavior change.
I don't know that this is actually a lot cleaner,
but it seems that way to me. I'm open to
skipping this, but I think it makes the whole thing
a lot cleaner.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This will eventually be used by puppetrun, but
for now is just called by the old-school Runner handler.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This replaces the short-lived EventManager class, all of
the service- and timer-related code in puppet.rb, and moves
code from agent.rb, server.rb, and other places into one
class responsible for starting, stopping, pids, and more.
The Daemon module is no longer in existence, so it's been
removed from the classes that were using it.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| | |
That class is gone, so until the Client class
is no longer necessary, using a different class.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| | |
We now always get the format name and the method that
failed.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Made minor changes, including removing the parent class.
The functionality hasn't changed yet -- that comes in later patches --
but all but a couple of the older tests pass.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
