Class: Puppet::Network::Rights::Right
- Defined in:
- lib/vendor/puppet/network/rights.rb
Overview
A right.
Constant Summary collapse
- ALL =
[:save, :destroy, :find, :search]
Instance Attribute Summary collapse
-
#acl_type ⇒ Object
Returns the value of attribute acl_type.
-
#authentication ⇒ Object
Returns the value of attribute authentication.
-
#environment ⇒ Object
Returns the value of attribute environment.
-
#file ⇒ Object
Returns the value of attribute file.
-
#key ⇒ Object
Returns the value of attribute key.
-
#line ⇒ Object
Returns the value of attribute line.
-
#methods ⇒ Object
Returns the value of attribute methods.
-
#name ⇒ Object
Returns the value of attribute name.
Instance Method Summary collapse
-
#<=>(rhs) ⇒ Object
this is where all the magic happens.
- #==(name) ⇒ Object
-
#allowed?(name, ip, args = {}) ⇒ Boolean
does this right is allowed for this triplet? if this right is too restrictive (ie we don’t match this access method) then return :dunno so that upper layers have a chance to try another right tailored to the given method.
-
#initialize(name, line, file) ⇒ Right
constructor
A new instance of Right.
- #match?(key) ⇒ Boolean
- #namespace_to_key(key) ⇒ Object
- #regex? ⇒ Boolean
- #restrict_authenticated(authentication) ⇒ Object
- #restrict_environment(env) ⇒ Object
-
#restrict_method(m) ⇒ Object
restrict this right to some method only.
- #to_s ⇒ Object
-
#valid? ⇒ Boolean
There’s no real check to do at this point.
Methods inherited from AuthStore
#allow, #deny, #empty?, #globalallow?, #interpolate, #reset_interpolation
Methods included from Util::Logging
#clear_deprecation_warnings, #deprecation_warning, #send_log
Constructor Details
#initialize(name, line, file) ⇒ Right
Returns a new instance of Right.
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/vendor/puppet/network/rights.rb', line 142 def initialize(name, line, file) @methods = [] @environment = [] @authentication = true # defaults to authenticated @name = name @line = line || 0 @file = file case name when Symbol @acl_type = :name @key = name when /^\[(.+)\]$/ @acl_type = :name @key = $1.intern if name.is_a?(String) when /^\// @acl_type = :regex @key = Regexp.new("^" + Regexp.escape(name)) @methods = ALL when /^~/ # this is a regex @acl_type = :regex @name = name.gsub(/^~\s+/,'') @key = Regexp.new(@name) @methods = ALL else raise ArgumentError, "Unknown right type '#{name}'" end super() end |
Instance Attribute Details
#acl_type ⇒ Object
Returns the value of attribute acl_type.
134 135 136 |
# File 'lib/vendor/puppet/network/rights.rb', line 134 def acl_type @acl_type end |
#authentication ⇒ Object
Returns the value of attribute authentication.
135 136 137 |
# File 'lib/vendor/puppet/network/rights.rb', line 135 def authentication @authentication end |
#environment ⇒ Object
Returns the value of attribute environment.
135 136 137 |
# File 'lib/vendor/puppet/network/rights.rb', line 135 def environment @environment end |
#file ⇒ Object
Returns the value of attribute file.
136 137 138 |
# File 'lib/vendor/puppet/network/rights.rb', line 136 def file @file end |
#key ⇒ Object
Returns the value of attribute key.
134 135 136 |
# File 'lib/vendor/puppet/network/rights.rb', line 134 def key @key end |
#line ⇒ Object
Returns the value of attribute line.
136 137 138 |
# File 'lib/vendor/puppet/network/rights.rb', line 136 def line @line end |
#methods ⇒ Object
Returns the value of attribute methods.
135 136 137 |
# File 'lib/vendor/puppet/network/rights.rb', line 135 def methods @methods end |
#name ⇒ Object
Returns the value of attribute name.
134 135 136 |
# File 'lib/vendor/puppet/network/rights.rb', line 134 def name @name end |
Instance Method Details
#<=>(rhs) ⇒ Object
this is where all the magic happens. we’re sorting the rights array with this scheme:
* namespace rights are all in front
* regex path rights are then all queued in file order
258 259 260 261 262 263 264 265 266 |
# File 'lib/vendor/puppet/network/rights.rb', line 258 def <=>(rhs) # move namespace rights at front return self.acl_type == :name ? -1 : 1 if self.acl_type != rhs.acl_type # sort by creation order (ie first match appearing in the file will win) # that is don't sort, in which case the sort algorithm will order in the # natural array order (ie the creation order) 0 end |
#==(name) ⇒ Object
268 269 270 |
# File 'lib/vendor/puppet/network/rights.rb', line 268 def ==(name) return(acl_type == :name ? self.key == namespace_to_key(name) : self.name == name.gsub(/^~\s+/,'')) end |
#allowed?(name, ip, args = {}) ⇒ Boolean
does this right is allowed for this triplet? if this right is too restrictive (ie we don’t match this access method) then return :dunno so that upper layers have a chance to try another right tailored to the given method
189 190 191 192 193 194 195 196 197 198 199 200 201 202 |
# File 'lib/vendor/puppet/network/rights.rb', line 189 def allowed?(name, ip, args = {}) return :dunno if acl_type == :regex and not @methods.include?(args[:method]) return :dunno if acl_type == :regex and @environment.size > 0 and not @environment.include?(args[:environment]) return :dunno if acl_type == :regex and not @authentication.nil? and args[:authenticated] != @authentication begin # make sure any capture are replaced if needed interpolate(args[:match]) if acl_type == :regex and args[:match] res = super(name,ip) ensure reset_interpolation if acl_type == :regex end res end |
#match?(key) ⇒ Boolean
241 242 243 244 245 246 247 |
# File 'lib/vendor/puppet/network/rights.rb', line 241 def match?(key) # if we are a namespace compare directly return self.key == namespace_to_key(key) if acl_type == :name # otherwise match with the regex self.key.match(key) end |
#namespace_to_key(key) ⇒ Object
249 250 251 252 |
# File 'lib/vendor/puppet/network/rights.rb', line 249 def namespace_to_key(key) key = key.intern if key.is_a?(String) key end |
#regex? ⇒ Boolean
181 182 183 |
# File 'lib/vendor/puppet/network/rights.rb', line 181 def regex? acl_type == :regex end |
#restrict_authenticated(authentication) ⇒ Object
227 228 229 230 231 232 233 234 235 236 237 238 239 |
# File 'lib/vendor/puppet/network/rights.rb', line 227 def restrict_authenticated(authentication) case authentication when "yes", "on", "true", true authentication = true when "no", "off", "false", false authentication = false when "all","any", :all, :any authentication = nil else raise ArgumentError, "'#{name}' incorrect authenticated value: #{authentication}" end @authentication = authentication end |
#restrict_environment(env) ⇒ Object
220 221 222 223 224 225 |
# File 'lib/vendor/puppet/network/rights.rb', line 220 def restrict_environment(env) env = Puppet::Node::Environment.new(env) raise ArgumentError, "'#{env}' is already in the '#{name}' ACL" if @environment.include?(env) @environment << env end |
#restrict_method(m) ⇒ Object
restrict this right to some method only
205 206 207 208 209 210 211 212 213 214 215 216 217 218 |
# File 'lib/vendor/puppet/network/rights.rb', line 205 def restrict_method(m) m = m.intern if m.is_a?(String) raise ArgumentError, "'#{m}' is not an allowed value for method directive" unless ALL.include?(m) # if we were allowing all methods, then starts from scratch if @methods === ALL @methods = [] end raise ArgumentError, "'#{m}' is already in the '#{name}' ACL" if @methods.include?(m) @methods << m end |
#to_s ⇒ Object
172 173 174 |
# File 'lib/vendor/puppet/network/rights.rb', line 172 def to_s "access[#{@name}]" end |
#valid? ⇒ Boolean
There’s no real check to do at this point
177 178 179 |
# File 'lib/vendor/puppet/network/rights.rb', line 177 def valid? true end |