diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-12 07:48:33 -0500 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-12 09:18:38 -0500 |
commit | 5363e6d9a53146333da0d109aae170befc1b9481 (patch) | |
tree | 22f1180360c6844f3ca1f77a7cee59a01c05ad9b /src/lib/Bcfg2/Server/Plugin/interfaces.py | |
parent | d0cb9264234851ad65ec8502a56c3afefd39fbad (diff) | |
download | bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.gz bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.tar.bz2 bcfg2-5363e6d9a53146333da0d109aae170befc1b9481.zip |
Added client ACLs:
* IP and CIDR-based ACLs
* Metadata (group/hostname)-based ACLs
* Documentation
* Unit tests
Diffstat (limited to 'src/lib/Bcfg2/Server/Plugin/interfaces.py')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugin/interfaces.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/lib/Bcfg2/Server/Plugin/interfaces.py b/src/lib/Bcfg2/Server/Plugin/interfaces.py index fcd342b33..c1dbb1578 100644 --- a/src/lib/Bcfg2/Server/Plugin/interfaces.py +++ b/src/lib/Bcfg2/Server/Plugin/interfaces.py @@ -596,3 +596,33 @@ class ClientRunHooks(object): :returns: None """ pass + + +class ClientACLs(object): + """ ClientACLs are used to grant or deny access to different + XML-RPC calls based on client IP or metadata. """ + + def check_acl_ip(self, address, rmi): + """ Check if the given IP address is authorized to make the + named XML-RPC call. + + :param address: The address pair of the client to check ACLs for + :type address: tuple of (<ip address>, <port>) + :param rmi: The fully-qualified name of the RPC call + :param rmi: string + :returns: bool or None - True to allow, False to deny, None to + defer to metadata ACLs + """ + return True + + def check_acl_metadata(self, metadata, rmi): + """ Check if the given client is authorized to make the named + XML-RPC call. + + :param metadata: The client metadata + :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata + :param rmi: The fully-qualified name of the RPC call + :param rmi: string + :returns: bool + """ + return True |