From d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Tue, 12 Nov 2013 23:48:25 +0100 Subject: Add probes.allowed_groups option to restrict group assignments. --- src/lib/Bcfg2/Server/Plugins/Probes.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/lib/Bcfg2/Server/Plugins/Probes.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Probes.py b/src/lib/Bcfg2/Server/Plugins/Probes.py index 84e1638d6..59a73c4aa 100644 --- a/src/lib/Bcfg2/Server/Plugins/Probes.py +++ b/src/lib/Bcfg2/Server/Plugins/Probes.py @@ -204,6 +204,7 @@ class Probes(Bcfg2.Server.Plugin.Probing, err = sys.exc_info()[1] raise Bcfg2.Server.Plugin.PluginInitError(err) + self.allowed_cgroups = core.setup['probe_allowed_groups'] self.probedata = dict() self.cgroups = dict() self.load_data() @@ -391,11 +392,18 @@ class Probes(Bcfg2.Server.Plugin.Probing, if line.split(':')[0] == 'group': newgroup = line.split(':')[1].strip() if newgroup not in cgroups: - cgroups.append(newgroup) + if self._group_allowed(newgroup): + cgroups.append(newgroup) + else: + self.logger.info("Disallowed group assignment %s from %s" + % (newgroup, client.hostname)) dlines.remove(line) dobj = ProbeData("\n".join(dlines)) cprobedata[data.get('name')] = dobj + def _group_allowed(self, group): + return any(r.match(group) for r in self.allowed_cgroups) + def get_additional_groups(self, meta): return self.cgroups.get(meta.hostname, list()) get_additional_groups.__doc__ = \ -- cgit v1.2.3-1-g7c22 From bf3adbb11ef36591d80b9b6f4d9768caf516b4e3 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 14 Nov 2013 09:35:06 -0500 Subject: testsuite: fixed unit tests for Probes allowed_groups option --- src/lib/Bcfg2/Server/Plugins/Probes.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins/Probes.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Probes.py b/src/lib/Bcfg2/Server/Plugins/Probes.py index 59a73c4aa..0df88d522 100644 --- a/src/lib/Bcfg2/Server/Plugins/Probes.py +++ b/src/lib/Bcfg2/Server/Plugins/Probes.py @@ -395,8 +395,9 @@ class Probes(Bcfg2.Server.Plugin.Probing, if self._group_allowed(newgroup): cgroups.append(newgroup) else: - self.logger.info("Disallowed group assignment %s from %s" - % (newgroup, client.hostname)) + self.logger.info( + "Disallowed group assignment %s from %s" % + (newgroup, client.hostname)) dlines.remove(line) dobj = ProbeData("\n".join(dlines)) cprobedata[data.get('name')] = dobj -- cgit v1.2.3-1-g7c22 From 881205322035f9ca7375ab0c67ab339c430dbe01 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 14 Nov 2013 09:51:59 -0500 Subject: Probes: added missing docstring --- src/lib/Bcfg2/Server/Plugins/Probes.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/lib/Bcfg2/Server/Plugins/Probes.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Probes.py b/src/lib/Bcfg2/Server/Plugins/Probes.py index 0df88d522..fdc047283 100644 --- a/src/lib/Bcfg2/Server/Plugins/Probes.py +++ b/src/lib/Bcfg2/Server/Plugins/Probes.py @@ -403,6 +403,9 @@ class Probes(Bcfg2.Server.Plugin.Probing, cprobedata[data.get('name')] = dobj def _group_allowed(self, group): + """ Determine if the named group can be set as a probe group + by checking the regexes listed in the [probes] groups_allowed + setting """ return any(r.match(group) for r in self.allowed_cgroups) def get_additional_groups(self, meta): -- cgit v1.2.3-1-g7c22