Class: Puppet::Network::Rights::Right
- Defined in:
- lib/puppet/network/rights.rb
Overview
A right.
Constant Summary collapse
- ALL =
[:save, :destroy, :find, :search]
Constants included from Util::Logging
Util::Logging::FILE_AND_LINE, Util::Logging::FILE_NO_LINE, Util::Logging::MM, Util::Logging::NO_FILE_LINE, Util::Logging::SUPPRESS_FILE_LINE
Instance Attribute Summary collapse
-
#authentication ⇒ Object
Overriding Object#methods sucks for debugging.
-
#environment ⇒ Object
Overriding Object#methods sucks for debugging.
-
#file ⇒ Object
Returns the value of attribute file.
-
#key ⇒ Object
Returns the value of attribute key.
-
#line ⇒ Object
Returns the value of attribute line.
-
#methods ⇒ Object
Overriding Object#methods sucks for debugging.
-
#name ⇒ Object
Returns the value of attribute name.
Instance Method Summary collapse
- #==(name) ⇒ Object
-
#allowed?(name, ip, args = {}) ⇒ Boolean
does this right is allowed for this triplet? if this right is too restrictive (ie we don’t match this access method) then return :dunno so that upper layers have a chance to try another right tailored to the given method.
-
#initialize(name, line, file) ⇒ Right
constructor
A new instance of Right.
- #match?(key) ⇒ Boolean
- #restrict_authenticated(authentication) ⇒ Object
- #restrict_environment(environment) ⇒ Object
-
#restrict_method(m) ⇒ Object
restrict this right to some method only.
- #to_s ⇒ Object
-
#valid? ⇒ Boolean
There’s no real check to do at this point.
Methods inherited from AuthStore
#allow, #allow_ip, #deny, #deny_ip, #empty?, #globalallow?, #interpolate, #reset_interpolation
Methods included from Util::Logging
#clear_deprecation_warnings, #debug, #deprecation_warning, #format_exception, #get_deprecation_offender, #log_and_raise, #log_deprecations_to_file, #log_exception, #puppet_deprecation_warning, #send_log, setup_facter_logging!, #warn_once
Constructor Details
#initialize(name, line, file) ⇒ Right
Returns a new instance of Right.
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
# File 'lib/puppet/network/rights.rb', line 110 def initialize(name, line, file) @methods = [] @environment = [] @authentication = true # defaults to authenticated @name = name @line = line || 0 @file = file @methods = ALL case name when /^\// @key = Regexp.new("^" + Regexp.escape(name)) when /^~/ # this is a regex @name = name.gsub(/^~\s+/,'') @key = Regexp.new(@name) else raise ArgumentError, _("Unknown right type '%{name}'") % { name: name } end super() end |
Instance Attribute Details
#authentication ⇒ Object
Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename Right#methods
103 104 105 |
# File 'lib/puppet/network/rights.rb', line 103 def authentication @authentication end |
#environment ⇒ Object
Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename Right#methods
103 104 105 |
# File 'lib/puppet/network/rights.rb', line 103 def environment @environment end |
#file ⇒ Object
Returns the value of attribute file.
104 105 106 |
# File 'lib/puppet/network/rights.rb', line 104 def file @file end |
#key ⇒ Object
Returns the value of attribute key.
100 101 102 |
# File 'lib/puppet/network/rights.rb', line 100 def key @key end |
#line ⇒ Object
Returns the value of attribute line.
104 105 106 |
# File 'lib/puppet/network/rights.rb', line 104 def line @line end |
#methods ⇒ Object
Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename Right#methods
103 104 105 |
# File 'lib/puppet/network/rights.rb', line 103 def methods @methods end |
#name ⇒ Object
Returns the value of attribute name.
100 101 102 |
# File 'lib/puppet/network/rights.rb', line 100 def name @name end |
Instance Method Details
#==(name) ⇒ Object
204 205 206 |
# File 'lib/puppet/network/rights.rb', line 204 def ==(name) self.name == name.gsub(/^~\s+/,'') end |
#allowed?(name, ip, args = {}) ⇒ Boolean
does this right is allowed for this triplet? if this right is too restrictive (ie we don’t match this access method) then return :dunno so that upper layers have a chance to try another right tailored to the given method
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
# File 'lib/puppet/network/rights.rb', line 145 def allowed?(name, ip, args = {}) if not @methods.include?(args[:method]) return :dunno elsif @environment.size > 0 and not @environment.include?(args[:environment]) return :dunno elsif (@authentication and not args[:authenticated]) return :dunno end begin # make sure any capture are replaced if needed interpolate(args[:match]) if args[:match] res = super(name,ip) ensure reset_interpolation end res end |
#match?(key) ⇒ Boolean
199 200 201 202 |
# File 'lib/puppet/network/rights.rb', line 199 def match?(key) # otherwise match with the regex self.key.match(key) end |
#restrict_authenticated(authentication) ⇒ Object
187 188 189 190 191 192 193 194 195 196 197 |
# File 'lib/puppet/network/rights.rb', line 187 def restrict_authenticated(authentication) case authentication when "yes", "on", "true", true authentication = true when "no", "off", "false", false, "all" ,"any", :all, :any authentication = false else raise ArgumentError, _("'%{name}' incorrect authenticated value: %{authentication}") % { name: name, authentication: authentication } end @authentication = authentication end |
#restrict_environment(environment) ⇒ Object
180 181 182 183 184 185 |
# File 'lib/puppet/network/rights.rb', line 180 def restrict_environment(environment) env = Puppet.lookup(:environments).get(environment) raise ArgumentError, _("'%{env}' is already in the '%{name}' ACL") % { env: env, name: name } if @environment.include?(env) @environment << env end |
#restrict_method(m) ⇒ Object
restrict this right to some method only
165 166 167 168 169 170 171 172 173 174 175 176 177 178 |
# File 'lib/puppet/network/rights.rb', line 165 def restrict_method(m) m = m.intern if m.is_a?(String) raise ArgumentError, _("'%{m}' is not an allowed value for method directive") % { m: m } unless ALL.include?(m) # if we were allowing all methods, then starts from scratch if @methods === ALL @methods = [] end raise ArgumentError, _("'%{m}' is already in the '%{name}' ACL") % { m: m, name: name } if @methods.include?(m) @methods << m end |
#to_s ⇒ Object
132 133 134 |
# File 'lib/puppet/network/rights.rb', line 132 def to_s "access[#{@name}]" end |
#valid? ⇒ Boolean
There’s no real check to do at this point
137 138 139 |
# File 'lib/puppet/network/rights.rb', line 137 def valid? true end |