Class: Puppet::Network::Rights::Right

Inherits:
AuthStore show all
Defined in:
lib/puppet/network/rights.rb

Overview

A right.

Constant Summary collapse

ALL = 
[:save, :destroy, :find, :search]

Constants included from Util::Logging

Util::Logging::FILE_AND_LINE, Util::Logging::FILE_NO_LINE, Util::Logging::MM, Util::Logging::NO_FILE_LINE, Util::Logging::SUPPRESS_FILE_LINE

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from AuthStore

#allow, #allow_ip, #deny, #deny_ip, #empty?, #globalallow?, #interpolate, #reset_interpolation

Methods included from Util::Logging

#clear_deprecation_warnings, #debug, #deprecation_warning, #format_exception, #get_deprecation_offender, #log_and_raise, #log_deprecations_to_file, #log_exception, #puppet_deprecation_warning, #send_log, setup_facter_logging!, #warn_once

Constructor Details

#initialize(name, line, file) ⇒ Right

Returns a new instance of Right.



110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'lib/puppet/network/rights.rb', line 110

def initialize(name, line, file)
  @methods = []
  @environment = []
  @authentication = true # defaults to authenticated
  @name = name
  @line = line || 0
  @file = file
  @methods = ALL

  case name
  when /^\//
    @key = Regexp.new("^" + Regexp.escape(name))
  when /^~/ # this is a regex
    @name = name.gsub(/^~\s+/,'')
    @key = Regexp.new(@name)
  else
    raise ArgumentError, _("Unknown right type '%{name}'") % { name: name }
  end

  super()
end

Instance Attribute Details

#authenticationObject

Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename Right#methods



103
104
105
 
# File 'lib/puppet/network/rights.rb', line 103

def authentication
  @authentication
end

#environmentObject

Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename Right#methods



103
104
105
 
# File 'lib/puppet/network/rights.rb', line 103

def environment
  @environment
end

#fileObject

Returns the value of attribute file.



104
105
106
 
# File 'lib/puppet/network/rights.rb', line 104

def file
  @file
end

#keyObject

Returns the value of attribute key.



100
101
102
 
# File 'lib/puppet/network/rights.rb', line 100

def key
  @key
end

#lineObject

Returns the value of attribute line.



104
105
106
 
# File 'lib/puppet/network/rights.rb', line 104

def line
  @line
end

#methodsObject

Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename Right#methods



103
104
105
 
# File 'lib/puppet/network/rights.rb', line 103

def methods
  @methods
end

#nameObject

Returns the value of attribute name.



100
101
102
 
# File 'lib/puppet/network/rights.rb', line 100

def name
  @name
end

Instance Method Details

#==(name) ⇒ Object 



204
205
206
 
# File 'lib/puppet/network/rights.rb', line 204

def ==(name)
  self.name == name.gsub(/^~\s+/,'')
end

#allowed?(name, ip, args = {}) ⇒ Boolean

does this right is allowed for this triplet? if this right is too restrictive (ie we don’t match this access method) then return :dunno so that upper layers have a chance to try another right tailored to the given method

Returns:

  • (Boolean) 


145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
 
# File 'lib/puppet/network/rights.rb', line 145

def allowed?(name, ip, args = {})
  if not @methods.include?(args[:method])
    return :dunno
  elsif @environment.size > 0 and not @environment.include?(args[:environment])
    return :dunno
  elsif (@authentication and not args[:authenticated])
    return :dunno
  end

  begin
    # make sure any capture are replaced if needed
    interpolate(args[:match]) if args[:match]
    res = super(name,ip)
  ensure
    reset_interpolation
  end
  res
end

#match?(key) ⇒ Boolean

Returns:

  • (Boolean) 


199
200
201
202
 
# File 'lib/puppet/network/rights.rb', line 199

def match?(key)
  # otherwise match with the regex
  self.key.match(key)
end

#restrict_authenticated(authentication) ⇒ Object 



187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/puppet/network/rights.rb', line 187

def restrict_authenticated(authentication)
  case authentication
  when "yes", "on", "true", true
    authentication = true
  when "no", "off", "false", false, "all" ,"any", :all, :any
    authentication = false
  else
    raise ArgumentError, _("'%{name}' incorrect authenticated value: %{authentication}") % { name: name, authentication: authentication }
  end
  @authentication = authentication
end

#restrict_environment(environment) ⇒ Object

Raises:

  • (ArgumentError) 


180
181
182
183
184
185
 
# File 'lib/puppet/network/rights.rb', line 180

def restrict_environment(environment)
  env = Puppet.lookup(:environments).get(environment)
  raise ArgumentError, _("'%{env}' is already in the '%{name}' ACL") % { env: env, name: name } if @environment.include?(env)

  @environment << env
end

#restrict_method(m) ⇒ Object

restrict this right to some method only

Raises:

  • (ArgumentError) 


165
166
167
168
169
170
171
172
173
174
175
176
177
178
 
# File 'lib/puppet/network/rights.rb', line 165

def restrict_method(m)
  m = m.intern if m.is_a?(String)

  raise ArgumentError, _("'%{m}' is not an allowed value for method directive") % { m: m } unless ALL.include?(m)

  # if we were allowing all methods, then starts from scratch
  if @methods === ALL
    @methods = []
  end

  raise ArgumentError, _("'%{m}' is already in the '%{name}' ACL") % { m: m, name: name } if @methods.include?(m)

  @methods << m
end

#to_sObject 



132
133
134
 
# File 'lib/puppet/network/rights.rb', line 132

def to_s
  "access[#{@name}]"
end

#valid?Boolean

There’s no real check to do at this point

Returns:

  • (Boolean) 


137
138
139
 
# File 'lib/puppet/network/rights.rb', line 137

def valid?
  true
end