I think this is pretty much ready to merge, other than however Brice responds to my last comment. I'm certainly comfortable merging it at this point.
On Apr 11, 2009, at 12:39 PM, Brice Figureau wrote: > > Hi, here is the 3rd version of the REST Authorization layer. > I _think_ it can be merged to master, if it still meets the review > requirements, because there was not too many comments for the > last review pass. > > Changelog since v2: > * I rebased -i the regex patch into the path patch because it > overrided > too much code from it, it made no sense to ship them isolated. > > * I added a system to report the matching ACL (ie line and file) in > case of > a denied request (see last patch) > > * the rest is pretty much the same as in the v2 > > Please comment and review as usual, > Brice > > Brice Figureau (8): > Add RSpec unit tests for authconfig > Add RSpec unit tests for network rights > Add dynamic authorization to authstore > Enhance authconfig format to support uri paths and regex > Fix #1875 - Add a REST authorization system > Fix some indirector failing tests > Add environment support in the REST authorization layer > Refactor rest authorization to raise exceptions deeper > > conf/auth.conf | 68 +++ > lib/puppet/defaults.rb | 5 + > lib/puppet/network/authconfig.rb | 95 +++-- > lib/puppet/network/authstore.rb | 41 ++- > lib/puppet/network/http/handler.rb | 9 + > lib/puppet/network/rest_authconfig.rb | 72 +++ > lib/puppet/network/rest_authorization.rb | 64 +++ > lib/puppet/network/rights.rb | 204 ++++++++-- > spec/integration/indirector/certificate/rest.rb | 4 +- > .../indirector/certificate_request/rest.rb | 4 +- > .../indirector/certificate_revocation_list/rest.rb | 4 +- > spec/integration/indirector/report/rest.rb | 2 + > spec/integration/indirector/rest.rb | 10 +- > spec/unit/network/authconfig.rb | 258 +++++++++++ > spec/unit/network/http/handler.rb | 33 ++ > spec/unit/network/rest_authconfig.rb | 119 +++++ > spec/unit/network/rest_authorization.rb | 68 +++ > spec/unit/network/rights.rb | 474 +++++++++++ > +++++++++ > test/network/authstore.rb | 49 ++- > test/network/rights.rb | 6 +- > 20 files changed, 1513 insertions(+), 76 deletions(-) > create mode 100644 conf/auth.conf > create mode 100644 lib/puppet/network/rest_authconfig.rb > create mode 100644 lib/puppet/network/rest_authorization.rb > create mode 100644 spec/unit/network/authconfig.rb > create mode 100644 spec/unit/network/rest_authconfig.rb > create mode 100644 spec/unit/network/rest_authorization.rb > create mode 100644 spec/unit/network/rights.rb > > > > -- I can win an argument on any topic, against any opponent. People know this, and steer clear of me at parties. Often, as a sign of their great respect, they don't even invite me. -- Dave Barry --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
