Added client ACLs:

* IP and CIDR-based ACLs
* Metadata (group/hostname)-based ACLs
* Documentation
* Unit tests

1 files changed, 30 insertions, 0 deletions

diff --git a/src/lib/Bcfg2/Server/Plugin/interfaces.py b/src/lib/Bcfg2/Server/Plugin/interfaces.py
index fcd342b33..c1dbb1578 100644
--- a/src/lib/Bcfg2/Server/Plugin/interfaces.py
+++ b/src/lib/Bcfg2/Server/Plugin/interfaces.py
@@ -596,3 +596,33 @@ class ClientRunHooks(object):
         :returns: None
         """
         pass
+
+
+class ClientACLs(object):
+    """ ClientACLs are used to grant or deny access to different
+    XML-RPC calls based on client IP or metadata. """
+
+    def check_acl_ip(self, address, rmi):
+        """ Check if the given IP address is authorized to make the
+        named XML-RPC call.
+
+        :param address: The address pair of the client to check ACLs for
+        :type address: tuple of (<ip address>, <port>)
+        :param rmi: The fully-qualified name of the RPC call
+        :param rmi: string
+        :returns: bool or None - True to allow, False to deny, None to
+                  defer to metadata ACLs
+        """
+        return True
+
+    def check_acl_metadata(self, metadata, rmi):
+        """ Check if the given client is authorized to make the named
+        XML-RPC call.
+
+        :param metadata: The client metadata
+        :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata
+        :param rmi: The fully-qualified name of the RPC call
+        :param rmi: string
+        :returns: bool
+        """
+        return True