summaryrefslogtreecommitdiffstats
path: root/spec/unit/network/rest_authconfig.rb
Commit message (Collapse)AuthorAgeFilesLines
* [#3994] rename the specs to have _spec.rb at the endMarkus Roberts2010-06-231-148/+0
| | | | | | | | | Some spec files like active_record.rb had names that would confuse the load path and get loaded instead of the intended implentation when the spec was run from the same directory as the file. Author: Matt Robinson <matt@puppetlabs.com> Date: Fri Jun 11 15:29:33 2010 -0700
* Feature #3383 RAL over RESTJesse Wolfe2010-02-171-0/+1
| | | | | | | | ralsh --host works now, and is using REST. A node running puppetd --listen will allow ralsh to find, search, and modify live resources, via REST. Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
* Feature #3115 REST-ified status()Jesse Wolfe2010-02-171-0/+1
| | | | | | | | | | | | | | | | | | This patch re-implements the status() remote procedure as a REST interface. A running server returns key-value pairs, currently the only implemented key is "is_alive" which will always be set to true. Some future tool will consume this by: Puppet::Status.indirection.terminus_class = :rest Puppet::Status.find('https://puppet:8140/production/status/default') Now with unit tests. plus fixes a typo. plus integration test and default security setting. plus tests suggested by Brice. Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
* Fixing 2851 spec/unit/network/rest_authconfig.rb test descriptions changeJesse Wolfe2009-12-171-2/+2
| | | | | | | | | | | | | Some test names change arbitrarily since they were interpolating hashes instead of strings. This patch replaces, for example: - should insert methodfindacl/certificate_revocation_list/caauthenticatedtrue if not present with: - should insert /certificate_revocation_list/ca if not present Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
* Fixed #2410 - default acl logs as info instead of warn.Sam Livingston-Gray2009-07-141-2/+2
| | | | Signed-off-by: Sam Livingston-Gray <geeksam@gmail.com>
* Adding test for current auth config warning.Sam Livingston-Gray2009-07-141-0/+5
| | | | This is a step in fixing bug #2410.
* Fixing a bunch of warningsLuke Kanies2009-06-031-1/+1
| | | | | | This commit should have no functional effect. Signed-off-by: Luke Kanies <luke@madstop.com>
* Unify auth/unauthenticated request authorization systemBrice Figureau2009-04-231-16/+38
| | | | | | | | | | | | | Before this change, unauthenticated REST requests where inconditionnaly allowed, as long as they were to the certificate terminus. This could be a security hole, so now the REST requests, authenticated or unauthenticated are all submitted to the REST authorization layer. The default authorizations now contains directives to allow unauthenticated requests to the various certificate terminus to allow new hosts. The conf/auth.conf file has been modified to match such defaults. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
* Refactor rest authorization to raise exceptions deeperBrice Figureau2009-04-231-1/+1
| | | | | | | | | | | | | The idea is to raise an AuthorizationException at the same place we check the authorization instead of in an upper level to be able to spot where the authorization took place in the exception backtrace. Moreover, this changes also makes Rights::allowed? to return the matching acl so that the upper layer can have a chance to report which ACL resulted in the match. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
* Add environment support in the REST authorization layerBrice Figureau2009-04-231-2/+3
| | | | | | | | | With the help of the new auth.conf directive 'environment', any ACL can now be restricted to a specific environment. Omission of the directive means that the ACL will apply to all the defined environment. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
* Fix #1875 - Add a REST authorization systemBrice Figureau2009-04-231-0/+118
This patch introduces a new configuration file (and configuration setting to set it). Each REST request is checked against this configuration file, and is either allowed or denied. The configuration file has the following format: path /uripath method <methods> allow <ip> or <name> deny <ip> or <name> or path ~ <regex> method <methods> allow <ip> or <name> deny <ip> or <name> where regex is a ruby regex. This last syntax allows deny/allow interpolation from the regex captures: path ~ /files[^/]+/files/([^/]+)/([^/])/ method find allow $2.$1 If you arrange your files/ directory to have files in 'domain.com/host/', then only the referenced host will be able to access their files, other hosts will be denied. For instance: files/reductivelabs.com/dns/... files/reductivelabs.com/www/... then only files in dns can be accessible by dns.reductivelabs.com and so on... If the auth.conf file doesn't exist puppet uses sane defaults that allows clients to check-in and ask for their configurations... Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
generated by cgit (git 2.34.1) at 2026-01-16 21:46:14 +0000