Class: Puppet::Network::AuthStore

Inherits:

Object

• Object
• Puppet::Network::AuthStore

Includes:

Util::Logging

Defined in:

lib/puppet/network/authstore.rb

Direct Known Subclasses

FileServing::Mount, Handler::FileServer::Mount, Rights::Right

Defined Under Namespace

Classes: Declaration

Instance Method Summary

• #allow(pattern) ⇒ Object

  Mark a given pattern as allowed.

• #allowed?(name, ip) ⇒ Boolean

  Is a given combination of name and ip address allowed? If either input is non-nil, then both inputs must be provided.

• #deny(pattern) ⇒ Object

  Deny a given pattern.

• #empty? ⇒ Boolean

  does this auth store has any rules?.

• #globalallow? ⇒ Boolean

  Is global allow enabled?.

• #initialize ⇒ AuthStore constructor

  A new instance of AuthStore.

• #interpolate(match) ⇒ Object
• #reset_interpolation ⇒ Object
• #to_s ⇒ Object

Methods included from Util::Logging

#clear_deprecation_warnings, #deprecation_warning, #send_log

Constructor Details

#initialize ⇒ AuthStore

# File 'lib/puppet/network/authstore.rb', line 67

def initialize
  @globalallow = nil
  @declarations = []
end

Instance Method Details

#allow(pattern) ⇒ Object

Mark a given pattern as allowed.

# File 'lib/puppet/network/authstore.rb', line 15

def allow(pattern)
  # a simple way to allow anyone at all to connect
  if pattern == "*"
    @globalallow = true
  else
    store(:allow, pattern)
  end

  nil
end

#allowed?(name, ip) ⇒ Boolean

Is a given combination of name and ip address allowed? If either input is non-nil, then both inputs must be provided. If neither input is provided, then the authstore is considered local and defaults to “true”.

# File 'lib/puppet/network/authstore.rb', line 29

def allowed?(name, ip)
  if name or ip
    # This is probably unnecessary, and can cause some weirdnesses in
    # cases where we're operating over localhost but don't have a real
    # IP defined.
    raise Puppet::DevError, "Name and IP must be passed to 'allowed?'" unless name and ip
    # else, we're networked and such
  else
    # we're local
    return true
  end

  # yay insecure overrides
  return true if globalallow?

  if decl = declarations.find { |d| d.match?(name, ip) }
    return decl.result
  end

  info "defaulting to no access for #{name}"
  false
end

#deny(pattern) ⇒ Object

Deny a given pattern.

# File 'lib/puppet/network/authstore.rb', line 53

def deny(pattern)
  store(:deny, pattern)
end

#empty? ⇒ Boolean

does this auth store has any rules?

# File 'lib/puppet/network/authstore.rb', line 63

def empty?
  @globalallow.nil? && @declarations.size == 0
end

#globalallow? ⇒ Boolean

Is global allow enabled?

# File 'lib/puppet/network/authstore.rb', line 58

def globalallow?
  @globalallow
end

#interpolate(match) ⇒ Object

# File 'lib/puppet/network/authstore.rb', line 76

def interpolate(match)
  Thread.current[:declarations] = @declarations.collect { |ace| ace.interpolate(match) }.sort
end

#reset_interpolation ⇒ Object

# File 'lib/puppet/network/authstore.rb', line 80

def reset_interpolation
  Thread.current[:declarations] = nil
end

#to_s ⇒ Object

# File 'lib/puppet/network/authstore.rb', line 72

def to_s
  "authstore"
end