Class: Puppet::Network::AuthStore

Inherits:
Object
  • Object
show all
Includes:
Util::Logging
Defined in:
lib/puppet/network/authstore.rb

Direct Known Subclasses

FileServing::Mount, Rights::Right

Defined Under Namespace

Classes: Declaration

Instance Method Summary collapse

Methods included from Util::Logging

#clear_deprecation_warnings, #debug, #deprecation_warning, #format_exception, #get_deprecation_offender, #log_and_raise, #log_deprecations_to_file, #log_exception, #puppet_deprecation_warning, #send_log, setup_facter_logging!, #warn_once

Constructor Details

#initializeAuthStore


76
77
78
79
# File 'lib/puppet/network/authstore.rb', line 76

def initialize
  @globalallow = nil
  @declarations = []
end

Instance Method Details

#allow(pattern) ⇒ Object

Mark a given pattern as allowed.


42
43
44
45
46
47
48
49
50
51
# File 'lib/puppet/network/authstore.rb', line 42

def allow(pattern)
  # a simple way to allow anyone at all to connect
  if pattern == "*"
    @globalallow = true
  else
    store(:allow, pattern)
  end

  nil
end

#allow_ip(pattern) ⇒ Object


53
54
55
# File 'lib/puppet/network/authstore.rb', line 53

def allow_ip(pattern)
  store(:allow_ip, pattern)
end

#allowed?(name, ip) ⇒ Boolean

Is a given combination of name and ip address allowed? If either input is non-nil, then both inputs must be provided. If neither input is provided, then the authstore is considered local and defaults to “true”.


17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/puppet/network/authstore.rb', line 17

def allowed?(name, ip)
  if name or ip
    # This is probably unnecessary, and can cause some weirdness in
    # cases where we're operating over localhost but don't have a real
    # IP defined.
    raise Puppet::DevError, _("Name and IP must be passed to 'allowed?'") unless name and ip
    # else, we're networked and such
  else
    # we're local
    return true
  end

  # yay insecure overrides
  return true if globalallow?

  decl = declarations.find { |d| d.match?(name, ip) }
  if decl
    return decl.result
  end

  info _("defaulting to no access for %{name}") % { name: name }
  false
end

#deny(pattern) ⇒ Object

Deny a given pattern.


58
59
60
# File 'lib/puppet/network/authstore.rb', line 58

def deny(pattern)
  store(:deny, pattern)
end

#deny_ip(pattern) ⇒ Object


62
63
64
# File 'lib/puppet/network/authstore.rb', line 62

def deny_ip(pattern)
  store(:deny_ip, pattern)
end

#empty?Boolean

does this auth store has any rules?


72
73
74
# File 'lib/puppet/network/authstore.rb', line 72

def empty?
  @globalallow.nil? && @declarations.size == 0
end

#globalallow?Boolean

Is global allow enabled?


67
68
69
# File 'lib/puppet/network/authstore.rb', line 67

def globalallow?
  @globalallow
end

#interpolate(match) ⇒ Object


85
86
87
# File 'lib/puppet/network/authstore.rb', line 85

def interpolate(match)
  @modified_declarations = @declarations.collect { |ace| ace.interpolate(match) }.sort
end

#reset_interpolationObject


89
90
91
# File 'lib/puppet/network/authstore.rb', line 89

def reset_interpolation
  @modified_declarations = nil
end

#to_sObject


81
82
83
# File 'lib/puppet/network/authstore.rb', line 81

def to_s
  "authstore"
end