From 5363e6d9a53146333da0d109aae170befc1b9481 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Tue, 12 Feb 2013 07:48:33 -0500
Subject: Added client ACLs:

* IP and CIDR-based ACLs
* Metadata (group/hostname)-based ACLs
* Documentation
* Unit tests
---
 src/lib/Bcfg2/Server/Plugin/interfaces.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'src/lib/Bcfg2/Server/Plugin/interfaces.py')

diff --git a/src/lib/Bcfg2/Server/Plugin/interfaces.py b/src/lib/Bcfg2/Server/Plugin/interfaces.py
index fcd342b33..c1dbb1578 100644
--- a/src/lib/Bcfg2/Server/Plugin/interfaces.py
+++ b/src/lib/Bcfg2/Server/Plugin/interfaces.py
@@ -596,3 +596,33 @@ class ClientRunHooks(object):
         :returns: None
         """
         pass
+
+
+class ClientACLs(object):
+    """ ClientACLs are used to grant or deny access to different
+    XML-RPC calls based on client IP or metadata. """
+
+    def check_acl_ip(self, address, rmi):
+        """ Check if the given IP address is authorized to make the
+        named XML-RPC call.
+
+        :param address: The address pair of the client to check ACLs for
+        :type address: tuple of (<ip address>, <port>)
+        :param rmi: The fully-qualified name of the RPC call
+        :param rmi: string
+        :returns: bool or None - True to allow, False to deny, None to
+                  defer to metadata ACLs
+        """
+        return True
+
+    def check_acl_metadata(self, metadata, rmi):
+        """ Check if the given client is authorized to make the named
+        XML-RPC call.
+
+        :param metadata: The client metadata
+        :type metadata: Bcfg2.Server.Plugins.Metadata.ClientMetadata
+        :param rmi: The fully-qualified name of the RPC call
+        :param rmi: string
+        :returns: bool
+        """
+        return True
-- 
cgit v1.2.3-1-g7c22