Added client ACLs:

* IP and CIDR-based ACLs * Metadata (group/hostname)-based ACLs * Documentation * Unit tests
author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-02-12 07:48:33 -0500
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-02-12 09:18:38 -0500
commit: 5363e6d9a53146333da0d109aae170befc1b9481 (patch)
tree: 22f1180360c6844f3ca1f77a7cee59a01c05ad9b /schemas/acl-ip.xsd
parent: d0cb9264234851ad65ec8502a56c3afefd39fbad (diff)
download: bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.gz
bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.bz2
bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.zip
1 files changed, 56 insertions, 0 deletions
diff --git a/schemas/acl-ip.xsd b/schemas/acl-ip.xsd
new file mode 100644
index 000000000..1d6106c05
--- /dev/null
+++ b/schemas/acl-ip.xsd
@@ -0,0 +1,56 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xml:lang="en">
+  <xsd:annotation>
+    <xsd:documentation>
+      Schema for IP-based client ACLs:
+      :ref:`server-plugins-misc-acl` ``ip.xml``
+    </xsd:documentation>
+  </xsd:annotation>
+
+  <xsd:complexType name="IPACLType">
+    <xsd:attribute type="xsd:string" name="method" use="required">
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the XML-RPC method to allow or deny.  Limited
+          wildcards are supported.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute type="xsd:string" name="address">
+      <xsd:annotation>
+        <xsd:documentation>
+          The IP address to match against.  This is an exact match
+          unless :xml:attribute:`IPACLType:netmask` is defined.  If
+          this is not defined, all addresses match the given rule.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute type="xsd:string" name="netmask">
+      <xsd:annotation>
+        <xsd:documentation>
+          If this is defined, then it is combined with
+          :xml:attribute:`IPACLType:address` to produce a CIDR range,
+          which is used for matching instead of exact matching based
+          only on IP address.  This can be either an integer netmask
+          (e.g., ``netmask="24"``) or a dotted-quad (e.g.,
+          ``netmask="255.255.255.0"``).
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+  </xsd:complexType>
+
+  <xsd:complexType name="IPACLContainerType">
+    <xsd:annotation>
+      <xsd:documentation>
+        Top-level tag for describing metadata-based client ACLs.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:choice minOccurs="1" maxOccurs="unbounded">
+      <xsd:element name="Allow" type="IPACLType"/>
+      <xsd:element name="Deny" type="IPACLType"/>
+      <xsd:element name="Defer" type="IPACLType"/>
+      <xsd:element name="ACL" type="IPACLContainerType"/>
+    </xsd:choice>
+  </xsd:complexType>
+
+  <xsd:element name="ACL" type="IPACLContainerType"/>
+</xsd:schema>
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-02-12 07:48:33 -0500
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-02-12 09:18:38 -0500
commit	5363e6d9a53146333da0d109aae170befc1b9481 (patch)
tree	22f1180360c6844f3ca1f77a7cee59a01c05ad9b /schemas/acl-ip.xsd
parent	d0cb9264234851ad65ec8502a56c3afefd39fbad (diff)
download	bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.gz bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.bz2 bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.zip