From 5363e6d9a53146333da0d109aae170befc1b9481 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Tue, 12 Feb 2013 07:48:33 -0500
Subject: Added client ACLs:

* IP and CIDR-based ACLs
* Metadata (group/hostname)-based ACLs
* Documentation
* Unit tests
---
 schemas/acl-metadata.xsd | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 schemas/acl-metadata.xsd

(limited to 'schemas/acl-metadata.xsd')

diff --git a/schemas/acl-metadata.xsd b/schemas/acl-metadata.xsd
new file mode 100644
index 000000000..7d996fb87
--- /dev/null
+++ b/schemas/acl-metadata.xsd
@@ -0,0 +1,79 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+            xmlns:py="http://genshi.edgewall.org/" xml:lang="en">
+  <xsd:annotation>
+    <xsd:documentation>
+      Schema for metadata-based client ACLs:
+      :ref:`server-plugins-misc-acl` ``metadata.xml``
+    </xsd:documentation>
+  </xsd:annotation>
+
+  <xsd:import namespace="http://genshi.edgewall.org/"
+              schemaLocation="genshi.xsd"/>
+
+  <xsd:complexType name="MetadataACLGroupType">
+    <xsd:annotation>
+      <xsd:documentation>
+        An **MetadataACLGroupType** is a tag used to provide logic.
+        Child entries of a MetadataACLGroupType tag only apply to
+        machines that match the condition specified -- either
+        membership in a group, or a matching client name.
+        :xml:attribute:`MetadataACLGroupType:negate` can be set to
+        negate the sense of the match.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:group ref="MetadataACLElements"/>
+    <xsd:attribute name='name' type='xsd:string'>
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the client or group to match on.  Child entries
+          will only apply to this client or group (unless
+          :xml:attribute:`MetadataACLGroupType:negate` is set).
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute name='negate' type='xsd:boolean'>
+      <xsd:annotation>
+        <xsd:documentation>
+          Negate the sense of the match, so that child entries only
+          apply to a client if it is not a member of the given group
+          or does not have the given name.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attributeGroup ref="py:genshiAttrs"/>
+  </xsd:complexType>
+
+  <xsd:complexType name="MetadataACLType">
+    <xsd:attribute type="xsd:string" name="method" use="required">
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the XML-RPC method to allow or deny.  Limited
+          wildcards are supported.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attributeGroup ref="py:genshiAttrs"/>
+  </xsd:complexType>
+
+  <xsd:complexType name="MetadataACLContainerType">
+    <xsd:annotation>
+      <xsd:documentation>
+        Top-level tag for describing metadata-based client ACLs.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:group ref="MetadataACLElements"/>
+  </xsd:complexType>
+
+  <xsd:group name="MetadataACLElements">
+    <xsd:choice minOccurs="1" maxOccurs="unbounded">
+      <xsd:group ref="py:genshiElements"/>
+      <xsd:element name="Allow" type="MetadataACLType"/>
+      <xsd:element name="Deny" type="MetadataACLType"/>
+      <xsd:element name="Group" type="MetadataACLGroupType"/>
+      <xsd:element name="Client" type="MetadataACLGroupType"/>
+      <xsd:element name="ACL" type="MetadataACLContainerType"/>
+    </xsd:choice>
+  </xsd:group>
+
+  <xsd:element name="ACL" type="MetadataACLContainerType"/>
+</xsd:schema>
-- 
cgit v1.2.3-1-g7c22


From 088ca5fee4cc99f9143f18a880cdec6712326e1e Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Tue, 12 Feb 2013 09:47:04 -0500
Subject: fixed unit tests

---
 schemas/acl-metadata.xsd | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'schemas/acl-metadata.xsd')

diff --git a/schemas/acl-metadata.xsd b/schemas/acl-metadata.xsd
index 7d996fb87..68994c940 100644
--- a/schemas/acl-metadata.xsd
+++ b/schemas/acl-metadata.xsd
@@ -21,7 +21,7 @@
         negate the sense of the match.
       </xsd:documentation>
     </xsd:annotation>
-    <xsd:group ref="MetadataACLElements"/>
+    <xsd:group ref="MetadataACLElements" minOccurs="1" maxOccurs="unbounded"/>
     <xsd:attribute name='name' type='xsd:string'>
       <xsd:annotation>
         <xsd:documentation>
@@ -61,11 +61,11 @@
         Top-level tag for describing metadata-based client ACLs.
       </xsd:documentation>
     </xsd:annotation>
-    <xsd:group ref="MetadataACLElements"/>
+    <xsd:group ref="MetadataACLElements" minOccurs="1" maxOccurs="unbounded"/>
   </xsd:complexType>
 
   <xsd:group name="MetadataACLElements">
-    <xsd:choice minOccurs="1" maxOccurs="unbounded">
+    <xsd:choice>
       <xsd:group ref="py:genshiElements"/>
       <xsd:element name="Allow" type="MetadataACLType"/>
       <xsd:element name="Deny" type="MetadataACLType"/>
-- 
cgit v1.2.3-1-g7c22