[Puppet-dev] Re: [PATCH 09/11] Fill REST request node with reverse lookup of IP address

Luke Kanies Sun, 19 Apr 2009 20:14:56 -0700

+1, comment below

On Apr 19, 2009, at 11:38 AM, Brice Figureau wrote:


>
> Signed-off-by: Brice Figureau <[email protected]>
> ---
> lib/puppet/network/http/mongrel/rest.rb |    7 +++++++
> lib/puppet/network/http/webrick/rest.rb |    8 ++++++++
> spec/unit/network/http/mongrel/rest.rb  |    5 +++--
> spec/unit/network/http/webrick/rest.rb  |    7 +++++--
> 4 files changed, 23 insertions(+), 4 deletions(-)
>
> diff --git a/lib/puppet/network/http/mongrel/rest.rb b/lib/puppet/ 
> network/http/mongrel/rest.rb
> index d9913dc..199e450 100644
> --- a/lib/puppet/network/http/mongrel/rest.rb
> +++ b/lib/puppet/network/http/mongrel/rest.rb
> @@ -1,4 +1,5 @@
> require 'puppet/network/http/handler'
> +require 'resolv'
>
> class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler
>
> @@ -71,6 +72,12 @@ class Puppet::Network::HTTP::MongrelREST <  
> Mongrel::HttpHandler
>             result[:node] = dn_matchdata[1].to_str
>             result[:authenticated] =  
> (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
>         else
> +            begin
> +                result[:node] = Resolv.getname(result[:ip])
> +            rescue => detail
> +                Puppet.err "Could not resolve %s: %s" %  
> [result[:ip], detail]
> +                result[:node] = nil
> +            end
>             result[:authenticated] = false
>         end
>
> diff --git a/lib/puppet/network/http/webrick/rest.rb b/lib/puppet/ 
> network/http/webrick/rest.rb
> index 8120c87..d419e8a 100644
> --- a/lib/puppet/network/http/webrick/rest.rb
> +++ b/lib/puppet/network/http/webrick/rest.rb
> @@ -1,4 +1,5 @@
> require 'puppet/network/http/handler'
> +require 'resolv'
>
> class Puppet::Network::HTTP::WEBrickREST <  
> WEBrick::HTTPServlet::AbstractServlet
>
> @@ -66,6 +67,13 @@ class Puppet::Network::HTTP::WEBrickREST <  
> WEBrick::HTTPServlet::AbstractServlet
>         if cert = request.client_cert and nameary =  
> cert.subject.to_a.find { |ary| ary[0] == "CN" }
>             result[:node] = nameary[1]
>             result[:authenticated] = true
> +        else
> +            begin
> +                result[:node] = Resolv.getname(result[:ip])
> +            rescue => detail
> +                Puppet.err "Could not resolve %s: %s" % [ip, detail]
> +                result[:node] = nil
> +            end

This common code could be moved into the Handler class, too.

>
>         end
>
>         result
> diff --git a/spec/unit/network/http/mongrel/rest.rb b/spec/unit/ 
> network/http/mongrel/rest.rb
> index 1926a6e..f797bc2 100755
> --- a/spec/unit/network/http/mongrel/rest.rb
> +++ b/spec/unit/network/http/mongrel/rest.rb
> @@ -194,11 +194,12 @@ describe "Puppet::Network::HTTP::MongrelREST" do
>                 @handler.params(@request)[:authenticated].should  
> be_false
>             end
>
> -            it "should not pass a node name to model method if no  
> certificate information is present" do
> +            it "should pass a reverse lookup of ip to model method  
> if no certificate information is present" do
>                 Puppet.settings.stubs(:value).returns "eh"
>                  
> Puppet.settings.expects(:value).with(:ssl_client_header).returns  
> "myheader"
>                 @request.stubs(:params).returns("myheader" => nil)
> -                @handler.params(@request).should_not  
> be_include(:node)
> +                Resolv.expects(:getname).returns("host.domain.com")
> +                @handler.params(@request)[:node].should ==  
> "host.domain.com"
>             end
>         end
>     end
> diff --git a/spec/unit/network/http/webrick/rest.rb b/spec/unit/ 
> network/http/webrick/rest.rb
> index 7600cff..d2046af 100755
> --- a/spec/unit/network/http/webrick/rest.rb
> +++ b/spec/unit/network/http/webrick/rest.rb
> @@ -138,9 +138,12 @@ describe Puppet::Network::HTTP::WEBrickREST do
>                 @handler.params(@request)[:node].should ==  
> "host.domain.com"
>             end
>
> -            it "should not pass a node name to model method if no  
> certificate is present" do
> +            it "should pass the reverse lookup of ip as node name  
> to model method if no certificate is present" do
>                 @request.stubs(:client_cert).returns nil
> -                @handler.params(@request).should_not  
> be_include(:node)
> +
> +                Resolv.expects(:getname).returns('host.domain.com')
> +
> +                @handler.params(@request)[:node].should ==  
> "host.domain.com"
>             end
>         end
>     end
> -- 
> 1.6.0.2
>
>
> >


-- 
The Number 1 Sign You Have Nothing to Do at Work...
     The 4th Division of Paperclips has overrun the Pushpin Infantry
     and General White-Out has called for a new skirmish.
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---

[Puppet-dev] Re: [PATCH 09/11] Fill REST request node with reverse lookup of IP address

Reply via email to