135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[#230] Config ACL using device property:regex

Browse Source 
I guess no-one uses this very much?!
This commit is contained in:
Oliver Gorwits
2015-05-17 10:35:40 +01:00
parent 9f9aba68a2
commit 9663b550bd
3 changed files with 44 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Netdisco/Changes
View File

@@ -8,6 +8,10 @@
* Allow "hidden" option to reports config * Allow "hidden" option to reports config
[BUG FIXES]
* [#230] Config ACL using device property:regex
2.032003 - 2015-05-05 2.032003 - 2015-05-05
[ENHANCEMENTS] [ENHANCEMENTS]

72
Netdisco/lib/App/Netdisco/Util/Device.pm
View File

@@ -150,38 +150,10 @@ sub match_devicetype {
Given the IP address of a device, returns true if the configuration setting Given the IP address of a device, returns true if the configuration setting
C<$setting_name> matches that device, else returns false. If the setting C<$setting_name> matches that device, else returns false. If the setting
is undefined or empty, then C<check_no> also returns false. is undefined or empty, then C<check_device_no> also returns false.
print "rejected!" if check_no($ip, 'discover_no'); See L<App::Netdisco::Util::Permission/check_acl> for details of what
C<$setting_name> can contain.
There are several options for what C<$setting_name> can contain:
=over 4
=item *
Hostname, IP address, IP prefix
=item *
IP address range, using a hyphen and no whitespace
=item *
Regular Expression in YAML format which will match the device DNS name, e.g.:
- !!perl/regexp ^sep0.*$
=item *
C<"property:regex"> - matched against a device property, such as C<model> or C<vendor>
=back
To simply match all devices, use "C<any>" or IP Prefix "C<0.0.0.0/0>".
Property regular expressions are anchored (that is, they must match the whole
string). To match no devices we recommend an entry of "C<localhost>" in the
setting.
=cut =cut
@@ -194,45 +166,17 @@ sub check_device_no {
my $config = setting($setting_name) || []; my $config = setting($setting_name) || [];
return 0 if not scalar @$config; return 0 if not scalar @$config;
return check_acl($device->ip, $config); return check_acl($device, $config);
} }
=head2 check_device_only( $ip, $setting_name ) =head2 check_device_only( $ip, $setting_name )
Given the IP address of a device, returns true if the configuration setting Given the IP address of a device, returns true if the configuration setting
C<$setting_name> matches that device, else returns false. If the setting C<$setting_name> matches that device, else returns false. If the setting
is undefined or empty, then C<check_only> also returns true. is undefined or empty, then C<check_device_only> also returns true.
print "rejected!" unless check_only($ip, 'discover_only'); See L<App::Netdisco::Util::Permission/check_acl> for details of what
C<$setting_name> can contain.
There are several options for what C<$setting_name> can contain:
=over 4
=item *
Hostname, IP address, IP prefix
=item *
IP address range, using a hyphen and no whitespace
=item *
Regular Expression in YAML format which will match the device DNS name, e.g.:
- !!perl/regexp ^sep0.*$
=item *
C<"property:regex"> - matched against a device property, such as C<model> or C<vendor>
=back
To simply match all devices, use "C<any>" or IP Prefix "C<0.0.0.0/0>".
Property regular expressions are anchored (that is, they must match the whole
string). To match no devices we recommend an entry of "C<localhost>" in the
setting.
=cut =cut
@@ -243,7 +187,7 @@ sub check_device_only {
my $config = setting($setting_name) || []; my $config = setting($setting_name) || [];
return 1 if not scalar @$config; return 1 if not scalar @$config;
return check_acl($device->ip, $config); return check_acl($device, $config);
} }
=head2 is_discoverable( $ip, $device_type? ) =head2 is_discoverable( $ip, $device_type? )

33
Netdisco/lib/App/Netdisco/Util/Permission.pm
View File

@@ -30,10 +30,41 @@ subroutines.
Given an IP address, returns true if any of the items in C<< \@config >> Given an IP address, returns true if any of the items in C<< \@config >>
matches that address, otherwise returns false. matches that address, otherwise returns false.
Normally you use C<check_no> and C<check_only>, passing the name of the Normally you use C<check_device_no> and C<check_device_only>, passing the name of the
configuration setting to load. This helper instead requires not the name of configuration setting to load. This helper instead requires not the name of
the setting, but its value. the setting, but its value.
There are several options for what C<< \@config >> can contain:
=over 4
=item *
Hostname, IP address, IP prefix
=item *
IP address range, using a hyphen and no whitespace
=item *
Regular Expression in YAML format (no enforced anchors) which will match the
device DNS name (using a fresh DNS lookup, so works on new discovery), e.g.:
- !!perl/regexp ^sep0.*$
=item *
C<"property:regex"> - matched against a device property, such as C<model> or
C<vendor> (with enforced begin/end regex anchors)
=back
To simply match all devices, use "C<any>" or IP Prefix "C<0.0.0.0/0>".
Property regular expressions are anchored (that is, they must match the whole
string). To match no devices we recommend an entry of "C<localhost>" in the
setting.
=cut =cut
sub check_acl { sub check_acl {