Hi, I'm proposing here an experimental refactoring that aims to bring a plugin system for authenticating puppet master and agent.
For the moment, I just extracted the SSL bits of the master, the agent, the network http client, and the various web server we support. It is very rough and experimental. For instance I didn't test mongrel nor rack. It's not yet clear for the moment how people can add their own auth plugin (beside dropping the files in the correct folders). The chosen auth plugin used is controlled by the $auth puppet settings which defaults to "ssl" of course. I didn't implement any new authentication system, but adding more (especially the 'no security' one) should be relatively easy. As I said elsewhere/before, I won't provide myself the "no security" plugin. I see more this work as the fundations on which some other people will implement newer system like kerberos or Radius (which BTW might need more hooks in the system). Please review, comments and propose changes, both on the ruby side and on the feature set. The full patchset is available in my github repository: https://github.com/masterzen/puppet/tree/feature/master/3958 Thanks! Brice Brice Figureau (8): Pluggable authentication system Refactor ssl part of the agent and client http setup Refactor master SSL setup to the ssl auth plugin Inject the correct network handler auth plugin Move resolve_node to Puppet::Auth::Handler Convert webrick network handler to the plugable auth system Convert the mongrel rest handler to the plugable auth system Convert the rack rest handler to the plugable auth system. lib/puppet/application/agent.rb | 12 +-- lib/puppet/application/master.rb | 19 +--- lib/puppet/auth.rb | 53 ++++++++++ lib/puppet/auth/client.rb | 3 + lib/puppet/auth/client/ssl.rb | 36 +++++++ lib/puppet/auth/handler.rb | 19 ++++ lib/puppet/auth/handler/mongrel/ssl.rb | 17 +++ lib/puppet/auth/handler/rack/ssl.rb | 18 ++++ lib/puppet/auth/handler/webrick/ssl.rb | 39 +++++++ lib/puppet/auth/server.rb | 3 + lib/puppet/auth/server/ssl.rb | 23 ++++ lib/puppet/defaults.rb | 1 + lib/puppet/network/http/handler.rb | 12 -- lib/puppet/network/http/mongrel/rest.rb | 13 +-- lib/puppet/network/http/rack/rest.rb | 12 +-- lib/puppet/network/http/webrick.rb | 26 +----- lib/puppet/network/http/webrick/rest.rb | 9 +-- lib/puppet/network/http_pool.rb | 19 +--- spec/unit/application/agent_spec.rb | 53 +--------- spec/unit/application/master_spec.rb | 63 ++---------- spec/unit/auth/client/ssl_spec.rb | 146 +++++++++++++++++++++++++++ spec/unit/auth/handler/mongrel/ssl_spec.rb | 57 +++++++++++ spec/unit/auth/handler/rack/ssl_spec.rb | 70 +++++++++++++ spec/unit/auth/handler/webrick/ssl_spec.rb | 107 ++++++++++++++++++++ spec/unit/auth/handler_spec.rb | 54 ++++++++++ spec/unit/auth/server/ssl_spec.rb | 73 +++++++++++++ spec/unit/auth_spec.rb | 83 +++++++++++++++ spec/unit/network/http/handler_spec.rb | 20 ---- spec/unit/network/http/mongrel/rest_spec.rb | 56 ++--------- spec/unit/network/http/rack/rest_spec.rb | 65 ++---------- spec/unit/network/http/webrick/rest_spec.rb | 34 +++---- spec/unit/network/http/webrick_spec.rb | 75 ++------------ spec/unit/network/http_pool_spec.rb | 95 +---------------- 33 files changed, 876 insertions(+), 509 deletions(-) create mode 100644 lib/puppet/auth.rb create mode 100644 lib/puppet/auth/client.rb create mode 100644 lib/puppet/auth/client/ssl.rb create mode 100644 lib/puppet/auth/handler.rb create mode 100644 lib/puppet/auth/handler/mongrel/ssl.rb create mode 100644 lib/puppet/auth/handler/rack/ssl.rb create mode 100644 lib/puppet/auth/handler/webrick/ssl.rb create mode 100644 lib/puppet/auth/server.rb create mode 100644 lib/puppet/auth/server/ssl.rb create mode 100644 spec/unit/auth/client/ssl_spec.rb create mode 100644 spec/unit/auth/handler/mongrel/ssl_spec.rb create mode 100644 spec/unit/auth/handler/rack/ssl_spec.rb create mode 100644 spec/unit/auth/handler/webrick/ssl_spec.rb create mode 100644 spec/unit/auth/handler_spec.rb create mode 100644 spec/unit/auth/server/ssl_spec.rb create mode 100644 spec/unit/auth_spec.rb -- 1.7.2.1 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
