135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[#230] Config ACL using device property:regex

Browse Source 
I guess no-one uses this very much?!
This commit is contained in:
Oliver Gorwits
2015-05-17 10:35:40 +01:00
parent 9f9aba68a2
commit 9663b550bd
3 changed files with 44 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Netdisco/Changes
View File

@@ -8,6 +8,10 @@
* Allow "hidden" option to reports config
[BUG FIXES]
* [#230] Config ACL using device property:regex
2.032003 - 2015-05-05
[ENHANCEMENTS]

72
Netdisco/lib/App/Netdisco/Util/Device.pm
View File

@@ -150,38 +150,10 @@ sub match_devicetype {
Given the IP address of a device, returns true if the configuration setting
C<$setting_name> matches that device, else returns false. If the setting
is undefined or empty, then C<check_no> also returns false.
is undefined or empty, then C<check_device_no> also returns false.
print "rejected!" if check_no($ip, 'discover_no');
There are several options for what C<$setting_name> can contain:
=over 4
=item *
Hostname, IP address, IP prefix
=item *
IP address range, using a hyphen and no whitespace
=item *
Regular Expression in YAML format which will match the device DNS name, e.g.:
- !!perl/regexp ^sep0.*$
=item *
C<"property:regex"> - matched against a device property, such as C<model> or C<vendor>
=back
To simply match all devices, use "C<any>" or IP Prefix "C<0.0.0.0/0>".
Property regular expressions are anchored (that is, they must match the whole
string). To match no devices we recommend an entry of "C<localhost>" in the
setting.
See L<App::Netdisco::Util::Permission/check_acl> for details of what
C<$setting_name> can contain.
=cut
@@ -194,45 +166,17 @@ sub check_device_no {
my $config = setting($setting_name) || [];
return 0 if not scalar @$config;
return check_acl($device->ip, $config);
return check_acl($device, $config);
}
=head2 check_device_only( $ip, $setting_name )
Given the IP address of a device, returns true if the configuration setting
C<$setting_name> matches that device, else returns false. If the setting
is undefined or empty, then C<check_only> also returns true.
is undefined or empty, then C<check_device_only> also returns true.
print "rejected!" unless check_only($ip, 'discover_only');
There are several options for what C<$setting_name> can contain:
=over 4
=item *
Hostname, IP address, IP prefix
=item *
IP address range, using a hyphen and no whitespace
=item *
Regular Expression in YAML format which will match the device DNS name, e.g.:
- !!perl/regexp ^sep0.*$
=item *
C<"property:regex"> - matched against a device property, such as C<model> or C<vendor>
=back
To simply match all devices, use "C<any>" or IP Prefix "C<0.0.0.0/0>".
Property regular expressions are anchored (that is, they must match the whole
string). To match no devices we recommend an entry of "C<localhost>" in the
setting.
See L<App::Netdisco::Util::Permission/check_acl> for details of what
C<$setting_name> can contain.
=cut
@@ -243,7 +187,7 @@ sub check_device_only {
my $config = setting($setting_name) || [];
return 1 if not scalar @$config;
return check_acl($device->ip, $config);
return check_acl($device, $config);
}
=head2 is_discoverable( $ip, $device_type? )

33
Netdisco/lib/App/Netdisco/Util/Permission.pm
View File

@@ -30,10 +30,41 @@ subroutines.
Given an IP address, returns true if any of the items in C<< \@config >>
matches that address, otherwise returns false.
Normally you use C<check_no> and C<check_only>, passing the name of the
Normally you use C<check_device_no> and C<check_device_only>, passing the name of the
configuration setting to load. This helper instead requires not the name of
the setting, but its value.
There are several options for what C<< \@config >> can contain:
=over 4
=item *
Hostname, IP address, IP prefix
=item *
IP address range, using a hyphen and no whitespace
=item *
Regular Expression in YAML format (no enforced anchors) which will match the
device DNS name (using a fresh DNS lookup, so works on new discovery), e.g.:
- !!perl/regexp ^sep0.*$
=item *
C<"property:regex"> - matched against a device property, such as C<model> or
C<vendor> (with enforced begin/end regex anchors)
=back
To simply match all devices, use "C<any>" or IP Prefix "C<0.0.0.0/0>".
Property regular expressions are anchored (that is, they must match the whole
string). To match no devices we recommend an entry of "C<localhost>" in the
setting.
=cut
sub check_acl {