From 7e6fc0d80ccd29f206c3b56960ee1eef3afc33a3 Mon Sep 17 00:00:00 2001 From: Brice Figureau Date: Tue, 31 May 2011 20:01:36 +0200 Subject: Deprecate RestAuthConfig#allowed? in favor of #check_authorization #allowed? was a poorly named method since it isn't actually a predicate method. Instead of returning a boolean, this methods throws an exception when the access is denied (in order to keep the full context of what ACE triggered the deny). Given that #allowed? was overriding the behavior from AuthConfig, we leave a version of #allowed? in place that will issue a deprecation warning before delegating to #check_authorization. Once support for XML-RPC agents is removed from the master, we will be able to remove this delegation, since there should no longer be a reason for a distinction between AuthConfig and RestAuthConfig. Signed-off-by: Brice Figureau Signed-off-by: Jacob Helwig --- lib/puppet/network/rest_authconfig.rb | 7 ++++++- lib/puppet/network/rest_authorization.rb | 2 +- spec/integration/network/rest_authconfig_spec.rb | 2 +- spec/unit/network/rest_authconfig_spec.rb | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb index dfe8f85c4..7dcc81ef4 100644 --- a/lib/puppet/network/rest_authconfig.rb +++ b/lib/puppet/network/rest_authconfig.rb @@ -29,10 +29,15 @@ module Puppet @main end + def allowed?(request) + Puppet.deprecation_warning "allowed? should not be called for REST authorization - use check_authorization instead" + check_authorization(request) + end + # check wether this request is allowed in our ACL # raise an Puppet::Network::AuthorizedError if the request # is denied. - def allowed?(indirection, method, key, params) + def check_authorization(indirection, method, key, params) read # we're splitting the request in part because diff --git a/lib/puppet/network/rest_authorization.rb b/lib/puppet/network/rest_authorization.rb index 50f094e3e..d636d486a 100644 --- a/lib/puppet/network/rest_authorization.rb +++ b/lib/puppet/network/rest_authorization.rb @@ -16,7 +16,7 @@ module Puppet::Network # Verify that our client has access. def check_authorization(indirection, method, key, params) - authconfig.allowed?(indirection, method, key, params) + authconfig.check_authorization(indirection, method, key, params) end end end diff --git a/spec/integration/network/rest_authconfig_spec.rb b/spec/integration/network/rest_authconfig_spec.rb index 0e5278860..d2f539cd4 100644 --- a/spec/integration/network/rest_authconfig_spec.rb +++ b/spec/integration/network/rest_authconfig_spec.rb @@ -6,7 +6,7 @@ RSpec::Matchers.define :allow do |params| match do |auth| begin - auth.allowed?(params[0], params[1], params[2], params[3]) + auth.check_authorization(params[0], params[1], params[2], params[3]) true rescue Puppet::Network::AuthorizationError false diff --git a/spec/unit/network/rest_authconfig_spec.rb b/spec/unit/network/rest_authconfig_spec.rb index e1403997f..bebbb874f 100755 --- a/spec/unit/network/rest_authconfig_spec.rb +++ b/spec/unit/network/rest_authconfig_spec.rb @@ -29,7 +29,7 @@ describe Puppet::Network::RestAuthConfig do params = {:ip => "127.0.0.1", :node => "me", :environment => :env, :authenticated => true} @acl.expects(:is_request_forbidden_and_why?).with("path", :save, "to/resource", params).returns(nil) - @authconfig.allowed?("path", :save, "to/resource", params) + @authconfig.check_authorization("path", :save, "to/resource", params) end describe "when defining an acl with mk_acl" do -- cgit