diff --git a/Netdisco/Changes b/Netdisco/Changes index 0c99e9ca..99f110de 100644 --- a/Netdisco/Changes +++ b/Netdisco/Changes @@ -8,6 +8,10 @@ * Allow "hidden" option to reports config + [BUG FIXES] + + * [#230] Config ACL using device property:regex + 2.032003 - 2015-05-05 [ENHANCEMENTS] diff --git a/Netdisco/lib/App/Netdisco/Util/Device.pm b/Netdisco/lib/App/Netdisco/Util/Device.pm index 6a050df3..0f25d489 100644 --- a/Netdisco/lib/App/Netdisco/Util/Device.pm +++ b/Netdisco/lib/App/Netdisco/Util/Device.pm @@ -150,38 +150,10 @@ sub match_devicetype { Given the IP address of a device, returns true if the configuration setting C<$setting_name> matches that device, else returns false. If the setting -is undefined or empty, then C also returns false. +is undefined or empty, then C also returns false. - print "rejected!" if check_no($ip, 'discover_no'); - -There are several options for what C<$setting_name> can contain: - -=over 4 - -=item * - -Hostname, IP address, IP prefix - -=item * - -IP address range, using a hyphen and no whitespace - -=item * - -Regular Expression in YAML format which will match the device DNS name, e.g.: - - - !!perl/regexp ^sep0.*$ - -=item * - -C<"property:regex"> - matched against a device property, such as C or C - -=back - -To simply match all devices, use "C" or IP Prefix "C<0.0.0.0/0>". -Property regular expressions are anchored (that is, they must match the whole -string). To match no devices we recommend an entry of "C" in the -setting. +See L for details of what +C<$setting_name> can contain. =cut @@ -194,45 +166,17 @@ sub check_device_no { my $config = setting($setting_name) || []; return 0 if not scalar @$config; - return check_acl($device->ip, $config); + return check_acl($device, $config); } =head2 check_device_only( $ip, $setting_name ) Given the IP address of a device, returns true if the configuration setting C<$setting_name> matches that device, else returns false. If the setting -is undefined or empty, then C also returns true. +is undefined or empty, then C also returns true. - print "rejected!" unless check_only($ip, 'discover_only'); - -There are several options for what C<$setting_name> can contain: - -=over 4 - -=item * - -Hostname, IP address, IP prefix - -=item * - -IP address range, using a hyphen and no whitespace - -=item * - -Regular Expression in YAML format which will match the device DNS name, e.g.: - - - !!perl/regexp ^sep0.*$ - -=item * - -C<"property:regex"> - matched against a device property, such as C or C - -=back - -To simply match all devices, use "C" or IP Prefix "C<0.0.0.0/0>". -Property regular expressions are anchored (that is, they must match the whole -string). To match no devices we recommend an entry of "C" in the -setting. +See L for details of what +C<$setting_name> can contain. =cut @@ -243,7 +187,7 @@ sub check_device_only { my $config = setting($setting_name) || []; return 1 if not scalar @$config; - return check_acl($device->ip, $config); + return check_acl($device, $config); } =head2 is_discoverable( $ip, $device_type? ) diff --git a/Netdisco/lib/App/Netdisco/Util/Permission.pm b/Netdisco/lib/App/Netdisco/Util/Permission.pm index 8b97b6d3..9f26e973 100644 --- a/Netdisco/lib/App/Netdisco/Util/Permission.pm +++ b/Netdisco/lib/App/Netdisco/Util/Permission.pm @@ -30,10 +30,41 @@ subroutines. Given an IP address, returns true if any of the items in C<< \@config >> matches that address, otherwise returns false. -Normally you use C and C, passing the name of the +Normally you use C and C, passing the name of the configuration setting to load. This helper instead requires not the name of the setting, but its value. +There are several options for what C<< \@config >> can contain: + +=over 4 + +=item * + +Hostname, IP address, IP prefix + +=item * + +IP address range, using a hyphen and no whitespace + +=item * + +Regular Expression in YAML format (no enforced anchors) which will match the +device DNS name (using a fresh DNS lookup, so works on new discovery), e.g.: + + - !!perl/regexp ^sep0.*$ + +=item * + +C<"property:regex"> - matched against a device property, such as C or +C (with enforced begin/end regex anchors) + +=back + +To simply match all devices, use "C" or IP Prefix "C<0.0.0.0/0>". +Property regular expressions are anchored (that is, they must match the whole +string). To match no devices we recommend an entry of "C" in the +setting. + =cut sub check_acl {