Class: Puppet::Network::AuthStore

Inherits:
Object
  • Object
show all
Includes:
Util::Logging
Defined in:
lib/puppet/network/authstore.rb

Direct Known Subclasses

FileServing::Mount, Rights::Right

Defined Under Namespace

Classes: Declaration

Instance Method Summary collapse

Methods included from Util::Logging

#clear_deprecation_warnings, #debug, #deprecation_warning, #format_backtrace, #format_exception, #get_deprecation_offender, #log_and_raise, #log_deprecations_to_file, #log_exception, #puppet_deprecation_warning, #send_log, setup_facter_logging!, #warn_once

Constructor Details

#initializeAuthStore

Returns a new instance of AuthStore.


76
77
78
79
# File 'lib/puppet/network/authstore.rb', line 76

def initialize
  @globalallow = nil
  @declarations = []
end

Instance Method Details

#allow(pattern) ⇒ Object

Mark a given pattern as allowed.


42
43
44
45
46
47
48
49
50
51
# File 'lib/puppet/network/authstore.rb', line 42

def allow(pattern)
  # a simple way to allow anyone at all to connect
  if pattern == "*"
    @globalallow = true
  else
    store(:allow, pattern)
  end

  nil
end

#allow_ip(pattern) ⇒ Object


53
54
55
# File 'lib/puppet/network/authstore.rb', line 53

def allow_ip(pattern)
  store(:allow_ip, pattern)
end

#allowed?(name, ip) ⇒ Boolean

Is a given combination of name and ip address allowed? If either input is non-nil, then both inputs must be provided. If neither input is provided, then the authstore is considered local and defaults to “true”.

Returns:

  • (Boolean)

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/puppet/network/authstore.rb', line 17

def allowed?(name, ip)
  if name or ip
    # This is probably unnecessary, and can cause some weirdness in
    # cases where we're operating over localhost but don't have a real
    # IP defined.
    raise Puppet::DevError, _("Name and IP must be passed to 'allowed?'") unless name and ip
    # else, we're networked and such
  else
    # we're local
    return true
  end

  # yay insecure overrides
  return true if globalallow?

  decl = declarations.find { |d| d.match?(name, ip) }
  if decl
    return decl.result
  end

  info _("defaulting to no access for %{name}") % { name: name }
  false
end

#deny(pattern) ⇒ Object

Deny a given pattern.


58
59
60
# File 'lib/puppet/network/authstore.rb', line 58

def deny(pattern)
  store(:deny, pattern)
end

#deny_ip(pattern) ⇒ Object


62
63
64
# File 'lib/puppet/network/authstore.rb', line 62

def deny_ip(pattern)
  store(:deny_ip, pattern)
end

#empty?Boolean

does this auth store has any rules?

Returns:

  • (Boolean)

72
73
74
# File 'lib/puppet/network/authstore.rb', line 72

def empty?
  @globalallow.nil? && @declarations.size == 0
end

#globalallow?Boolean

Is global allow enabled?

Returns:

  • (Boolean)

67
68
69
# File 'lib/puppet/network/authstore.rb', line 67

def globalallow?
  @globalallow
end

#interpolate(match) ⇒ Object


85
86
87
# File 'lib/puppet/network/authstore.rb', line 85

def interpolate(match)
  @modified_declarations = @declarations.collect { |ace| ace.interpolate(match) }.sort
end

#reset_interpolationObject


89
90
91
# File 'lib/puppet/network/authstore.rb', line 89

def reset_interpolation
  @modified_declarations = nil
end

#to_sObject


81
82
83
# File 'lib/puppet/network/authstore.rb', line 81

def to_s
  "authstore"
end