class Puppet::Network::Rights::Right

A right.

Constants

ALL

Attributes

authentication[RW]

Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename #methods

environment[RW]

Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename #methods

file[RW]

key[RW]

line[RW]

methods[RW]

Overriding Object#methods sucks for debugging. If we’re in here in the future, it would be nice to rename #methods

name[RW]

Public Class Methods

new(name, line, file) click to toggle source

Calls superclass method Puppet::Network::AuthStore.new

# File lib/puppet/network/rights.rb, line 120
def initialize(name, line, file)
  @methods = []
  @environment = []
  @authentication = true # defaults to authenticated
  @name = name
  @line = line || 0
  @file = file
  @methods = ALL

  case name
  when /^\//
    @key = Regexp.new("^" + Regexp.escape(name))
  when /^~/ # this is a regex
    @name = name.gsub(/^~\s+/,'')
    @key = Regexp.new(@name)
  else
    raise ArgumentError, "Unknown right type '#{name}'"
  end

  super()
end

Public Instance Methods

==(name) click to toggle source

# File lib/puppet/network/rights.rb, line 214
def ==(name)
  self.name == name.gsub(/^~\s+/,'')
end

allowed?(name, ip, args = {}) click to toggle source

does this right is allowed for this triplet? if this right is too restrictive (ie we don’t match this access method) then return :dunno so that upper layers have a chance to try another right tailored to the given method

Calls superclass method Puppet::Network::AuthStore#allowed?

# File lib/puppet/network/rights.rb, line 155
def allowed?(name, ip, args = {})
  if not @methods.include?(args[:method])
    return :dunno
  elsif @environment.size > 0 and not @environment.include?(args[:environment])
    return :dunno
  elsif (@authentication and not args[:authenticated])
    return :dunno
  end

  begin
    # make sure any capture are replaced if needed
    interpolate(args[:match]) if args[:match]
    res = super(name,ip)
  ensure
    reset_interpolation
  end
  res
end

match?(key) click to toggle source

# File lib/puppet/network/rights.rb, line 209
def match?(key)
  # otherwise match with the regex
  self.key.match(key)
end

restrict_authenticated(authentication) click to toggle source

# File lib/puppet/network/rights.rb, line 197
def restrict_authenticated(authentication)
  case authentication
  when "yes", "on", "true", true
    authentication = true
  when "no", "off", "false", false, "all" ,"any", :all, :any
    authentication = false
  else
    raise ArgumentError, "'#{name}' incorrect authenticated value: #{authentication}"
  end
  @authentication = authentication
end

restrict_environment(env) click to toggle source

# File lib/puppet/network/rights.rb, line 190
def restrict_environment(env)
  env = Puppet::Node::Environment.new(env)
  raise ArgumentError, "'#{env}' is already in the '#{name}' ACL" if @environment.include?(env)

  @environment << env
end

restrict_method(m) click to toggle source

restrict this right to some method only

# File lib/puppet/network/rights.rb, line 175
def restrict_method(m)
  m = m.intern if m.is_a?(String)

  raise ArgumentError, "'#{m}' is not an allowed value for method directive" unless ALL.include?(m)

  # if we were allowing all methods, then starts from scratch
  if @methods === ALL
    @methods = []
  end

  raise ArgumentError, "'#{m}' is already in the '#{name}' ACL" if @methods.include?(m)

  @methods << m
end

to_s() click to toggle source

# File lib/puppet/network/rights.rb, line 142
def to_s
  "access[#{@name}]"
end

valid?() click to toggle source

There’s no real check to do at this point

# File lib/puppet/network/rights.rb, line 147
def valid?
  true
end