1 files changed, 34 insertions, 19 deletions

diff --git a/src/lib/Bcfg2/Server/Plugin/interfaces.py b/src/lib/Bcfg2/Server/Plugin/interfaces.py
index 33f6d338c..522c6a220 100644
--- a/src/lib/Bcfg2/Server/Plugin/interfaces.py
+++ b/src/lib/Bcfg2/Server/Plugin/interfaces.py
@@ -6,6 +6,7 @@ import copy
 import threading
 import lxml.etree
 import Bcfg2.Server
+import Bcfg2.Options
 from Bcfg2.Compat import Queue, Empty, Full, cPickle
 from Bcfg2.Server.Plugin.base import Plugin
 from Bcfg2.Server.Plugin.exceptions import PluginInitError, \
@@ -552,20 +553,23 @@ class Version(Plugin):
 
     create = False
 
+    options = Plugin.options + [
+        Bcfg2.Options.PathOption(cf=('server', 'vcs_root'),
+                                 default='<repository>',
+                                 help='Server VCS repository root')]
+
     #: The path to the VCS metadata file or directory, relative to the
     #: base of the Bcfg2 repository.  E.g., for Subversion this would
     #: be ".svn"
     __vcs_metadata_path__ = None
 
+    __rmi__ = Plugin.__rmi__ + ['get_revision']
+
     def __init__(self, core, datastore):
         Plugin.__init__(self, core, datastore)
 
-        if core.setup['vcs_root']:
-            self.vcs_root = core.setup['vcs_root']
-        else:
-            self.vcs_root = datastore
         if self.__vcs_metadata_path__:
-            self.vcs_path = os.path.join(self.vcs_root,
+            self.vcs_path = os.path.join(Bcfg2.Options.setup.vcs_root,
                                          self.__vcs_metadata_path__)
 
             if not os.path.exists(self.vcs_path):
@@ -622,20 +626,31 @@ class ClientRunHooks(object):
         pass
 
 
-class Caching(object):
-    """ A plugin that caches more than just the data received from the
-    FAM.  This presents a unified interface to clear the cache. """
+class ClientACLs(object):
+    """ ClientACLs are used to grant or deny access to different
+    XML-RPC calls based on client IP or metadata. """
 
-    def expire_cache(self, key=None):
-        """ Expire the cache associated with the given key.
+    def check_acl_ip(self, address, rmi):  # pylint: disable=W0613
+        """ Check if the given IP address is authorized to make the
+        named XML-RPC call.
 
-        :param key: The key to expire the cache for.  Because cache
-                    implementations vary tremendously between plugins,
-                    this could be any number of things, but generally
-                    a hostname.  It also may or may not be possible to
-                    expire the cache for a single host; this interface
-                    does not require any guarantee about that.
-        :type key: varies
-        :returns: None
+        :param address: The address pair of the client to check ACLs for
+        :type address: tuple of (<ip address>, <port>)
+        :param rmi: The fully-qualified name of the RPC call
+        :param rmi: string
+        :returns: bool or None - True to allow, False to deny, None to
+                  defer to metadata ACLs
         """
-        raise NotImplementedError
+        return True
+
+    def check_acl_metadata(self, metadata, rmi):  # pylint: disable=W0613
+        """ Check if the given client is authorized to make the named
+        XML-RPC call.
+
+        :param metadata: The client metadata
+        :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata
+        :param rmi: The fully-qualified name of the RPC call
+        :param rmi: string
+        :returns: bool
+        """
+        return True