Hi, I'm resending only patch from 08 to 11, as the 7 first patches didn't change.
Changelog since v2: * patch 08: I moved as deeply as possible the place where we throw the AuthorizationError on deny so that we don't have to leak private structures to the outside just to get information about the ACL that triggered a deny. * patch 09: new patch. See my mail (with ID:<[email protected]>) to puppet-dev about this * patch 10: new patch. Introduces a new auth.conf directive, and changes P::N::Rights to restrict rights to some authenticated/unauthenticated state of the incoming request. * patch 11: change the way REST requests are authorized. Unauthenticated requests are now passed through the authorization layer instead of being inconditionally allowed (as long they were for the various certificate indirectors). This means the default set of rules has been extended to support this. Please, allow a new review pass for those 4 new patches, as there were some quite big changes. Thanks, Brice Brice Figureau (11): Add RSpec unit tests for authconfig Add RSpec unit tests for network rights Add dynamic authorization to authstore Enhance authconfig format to support uri paths and regex Fix #1875 - Add a REST authorization system Fix some indirector failing tests Add environment support in the REST authorization layer Refactor rest authorization to raise exceptions deeper Fill REST request node with reverse lookup of IP address Allow REST auth system to restrict an ACL to authenticated or unauthenticated request Unify auth/unauthenticated request authorization system conf/auth.conf | 101 ++++ lib/puppet/defaults.rb | 5 + lib/puppet/network/authconfig.rb | 95 +++-- lib/puppet/network/authstore.rb | 41 ++- lib/puppet/network/http/handler.rb | 10 + lib/puppet/network/http/mongrel/rest.rb | 7 + lib/puppet/network/http/webrick/rest.rb | 8 + lib/puppet/network/rest_authconfig.rb | 84 ++++ lib/puppet/network/rest_authorization.rb | 25 + lib/puppet/network/rights.rb | 253 +++++++++- spec/integration/indirector/certificate/rest.rb | 4 +- .../indirector/certificate_request/rest.rb | 4 +- .../indirector/certificate_revocation_list/rest.rb | 4 +- spec/integration/indirector/report/rest.rb | 2 + spec/integration/indirector/rest.rb | 10 +- spec/unit/network/authconfig.rb | 292 +++++++++++ spec/unit/network/http/handler.rb | 33 ++ spec/unit/network/http/mongrel/rest.rb | 5 +- spec/unit/network/http/webrick/rest.rb | 7 +- spec/unit/network/rest_authconfig.rb | 128 +++++ spec/unit/network/rest_authorization.rb | 43 ++ spec/unit/network/rights.rb | 505 ++++++++++++++++++++ test/network/authstore.rb | 49 ++- 23 files changed, 1637 insertions(+), 78 deletions(-) create mode 100644 conf/auth.conf create mode 100644 lib/puppet/network/rest_authconfig.rb create mode 100644 lib/puppet/network/rest_authorization.rb create mode 100644 spec/unit/network/authconfig.rb create mode 100644 spec/unit/network/rest_authconfig.rb create mode 100644 spec/unit/network/rest_authorization.rb create mode 100644 spec/unit/network/rights.rb --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
