# File lib/puppet/network/authstore.rb, line 75 def initialize @globalallow = nil @declarations = [] end
Mark a given pattern as allowed.
# File lib/puppet/network/authstore.rb, line 41 def allow(pattern) # a simple way to allow anyone at all to connect if pattern == "*" @globalallow = true else store(:allow, pattern) end nil end
# File lib/puppet/network/authstore.rb, line 52 def allow_ip(pattern) store(:allow_ip, pattern) end
Is a given combination of name and ip address allowed? If either input is non-nil, then both inputs must be provided. If neither input is provided, then the authstore is considered local and defaults to “true”.
# File lib/puppet/network/authstore.rb, line 17 def allowed?(name, ip) if name or ip # This is probably unnecessary, and can cause some weirdnesses in # cases where we're operating over localhost but don't have a real # IP defined. raise Puppet::DevError, "Name and IP must be passed to 'allowed?'" unless name and ip # else, we're networked and such else # we're local return true end # yay insecure overrides return true if globalallow? if decl = declarations.find { |d| d.match?(name, ip) } return decl.result end info "defaulting to no access for #{name}" false end
Deny a given pattern.
# File lib/puppet/network/authstore.rb, line 57 def deny(pattern) store(:deny, pattern) end
# File lib/puppet/network/authstore.rb, line 61 def deny_ip(pattern) store(:deny_ip, pattern) end
does this auth store has any rules?
# File lib/puppet/network/authstore.rb, line 71 def empty? @globalallow.nil? && @declarations.size == 0 end
Is global allow enabled?
# File lib/puppet/network/authstore.rb, line 66 def globalallow? @globalallow end
# File lib/puppet/network/authstore.rb, line 84 def interpolate(match) Thread.current[:declarations] = @declarations.collect { |ace| ace.interpolate(match) }.sort end
# File lib/puppet/network/authstore.rb, line 88 def reset_interpolation Thread.current[:declarations] = nil end
# File lib/puppet/network/authstore.rb, line 80 def to_s "authstore" end