[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, upstream, updated. puppet-0.24.5-rc3-1456-g2f0b1e5

James Turnbull james at lovedthanlost.net
Tue Oct 27 17:04:42 UTC 2009


The following commit has been merged in the upstream branch:
commit 7404e31d1ec418e9fdc276e0e619c045567cc00c
Author: Markus Roberts <Markus at reality.com>
Date:   Thu Sep 10 12:31:35 2009 -0700

    Fixs #2620 authconf interpolation, #2570 0-9 in domain names
    
    Partial refactoring to clean up the case in the ticket (host
    name containing dots, begining and ending with a digit, was
    mistaken for an IP address) and a range of related edge cases.
    
    Stopped short of a full refactoring (put off to 0.26 as #2623)
    
    Added tests for numerous edge cases.
    
    This also fixes the issue raised in #2570.
    
    Signed-off-by: Markus Roberts <Markus at reality.com>

diff --git a/lib/puppet/network/authstore.rb b/lib/puppet/network/authstore.rb
index 4707f36..ab31fae 100755
--- a/lib/puppet/network/authstore.rb
+++ b/lib/puppet/network/authstore.rb
@@ -220,8 +220,6 @@ module Puppet
             # and we're called with a MatchData whose capture 1 is puppet
             # we'll return a pattern of puppet.reductivelabs.com
             def interpolate(match)
-                return self if @name == :ip
-
                 clone = dup
                 clone.pattern = clone.pattern.reverse.collect do |p|
                     p.gsub(/\$(\d)/) { |m| match[$1.to_i] }
@@ -279,63 +277,41 @@ module Puppet
             # Parse our input pattern and figure out what kind of allowal
             # statement it is.  The output of this is used for later matching.
             def parse(value)
-                case value
-                when /^(\d+\.){1,3}\*$/ # an ip address with a '*' at the end
+                # Use the IPAddr class to determine if we've got a
+                # valid IP address.
+                @length = Integer($1) if value =~ /\/(\d+)$/
+                begin
+                    @pattern = IPAddr.new(value)
                     @name = :ip
-                    match = $1
-                    match.sub!(".", '')
-                    ary = value.split(".")
-
-                    mask = case ary.index(match)
-                    when 0; 8
-                    when 1; 16
-                    when 2; 24
-                    else
-                        raise AuthStoreError, "Invalid IP pattern %s" % value
-                    end
-
-                    @length = mask
-
-                    ary.pop
-                    while ary.length < 4
-                        ary.push("0")
-                    end
-
-                    begin
-                        @pattern = IPAddr.new(ary.join(".") + "/" + mask.to_s)
-                    rescue ArgumentError => detail
-                        raise AuthStoreError, "Invalid IP address pattern %s" % value
-                    end
-                when /^([a-zA-Z][-\w]*\.)+[-\w]+$/ # a full hostname
-                    # Change to /^([a-zA-Z][-\w]*\.)+[-\w]+\.?$/ for FQDN support
-                    @name = :domain
-                    @pattern = munge_name(value)
-                when /^\*(\.([a-zA-Z][-\w]*)){1,}$/ # *.domain.com
-                    @name = :domain
-                    @pattern = munge_name(value)
-                    @pattern.pop # take off the '*'
-                    @length = @pattern.length
-                when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
-                    @name = :dynamic
-                    @pattern = munge_name(value)
-                else
-                    # Else, use the IPAddr class to determine if we've got a
-                    # valid IP address.
-                    if value =~ /\/(\d+)$/
-                        @length = Integer($1)
-                    end
-                    begin
-                        @pattern = IPAddr.new(value)
+                rescue ArgumentError => detail
+                    case value
+                    when /^(\d+\.){1,3}\*$/ # an ip address with a '*' at the end
                         @name = :ip
-                    rescue ArgumentError => detail
-                        # so nothing matched, let's match as an opaque value
-                        # some sanity checks first
-                        unless value =~ /^[a-zA-Z0-9][-a-zA-Z0-9_.@]*$/
-                            raise AuthStoreError, "Invalid pattern %s" % value
+                        segments = value.split(".")[0..-2]
+                        @length = 8*segments.length
+                        begin
+                            @pattern = IPAddr.new((segments+[0,0,0])[0,4].join(".") + "/" + @length.to_s)
+                        rescue ArgumentError => detail
+                            raise AuthStoreError, "Invalid IP address pattern %s" % value
                         end
+                    when /^([a-zA-Z0-9][-\w]*\.)+[-\w]+$/ # a full hostname
+                        # Change to /^([a-zA-Z][-\w]*\.)+[-\w]+\.?$/ for FQDN support
+                        @name = :domain
+                        @pattern = munge_name(value)
+                    when /^\*(\.([a-zA-Z][-\w]*)){1,}$/ # *.domain.com
+                        @name = :domain
+                        @pattern = munge_name(value)
+                        @pattern.pop # take off the '*'
+                        @length = @pattern.length
+                    when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
+                        @name = :dynamic
+                        @pattern = munge_name(value)
+                    when /^[a-zA-Z0-9][-a-zA-Z0-9_.@]*$/
                         @pattern = [value]
                         @length = nil # force an exact match
                         @name = :opaque
+                    else
+                        raise AuthStoreError, "Invalid pattern %s" % value
                     end
                 end
             end
diff --git a/spec/unit/network/authstore.rb b/spec/unit/network/authstore.rb
index 4da3714..55b2c7b 100644
--- a/spec/unit/network/authstore.rb
+++ b/spec/unit/network/authstore.rb
@@ -6,25 +6,46 @@ require 'puppet/network/authconfig'
 
 describe Puppet::Network::AuthStore::Declaration do
 
-    describe "when the pattern is simple numeric IP" do
-        before :each do
-            @ip = '100.101.99.98'
-            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow, at ip)
-        end
-        it "should match the specified IP" do
-            @declaration.should be_match('www.testsite.org', at ip)
+    ['100.101.99.98','100.100.100.100','1.2.3.4','11.22.33.44'].each { |ip|
+        describe "when the pattern is a simple numeric IP such as #{ip}" do
+            before :each do
+                @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,ip)
+            end
+            it "should match the specified IP" do
+                @declaration.should be_match('www.testsite.org',ip)
+            end
+            it "should not match other IPs" do
+                @declaration.should_not be_match('www.testsite.org','200.101.99.98')
+            end
         end
-        it "should not match other IPs" do
-            @declaration.should_not be_match('www.testsite.org','200.101.99.98')
-        end
-    end
+
+        (1..3).each { |n|
+            describe "when the pattern is a IP mask with #{n} numeric segments and a *" do
+                before :each do
+                    @ip_pattern = ip.split('.')[0,n].join('.')+'.*'
+                    @declaration = Puppet::Network::AuthStore::Declaration.new(:allow, at ip_pattern)
+                end
+                it "should match an IP in the range" do
+                    @declaration.should be_match('www.testsite.org',ip)
+                end
+                it "should not match other IPs" do
+                    @declaration.should_not be_match('www.testsite.org','200.101.99.98')
+                end
+                it "should not match IPs that differ in the last non-wildcard segment" do
+                    other = ip.split('.')
+                    other[n-1].succ!
+                    @declaration.should_not be_match('www.testsite.org',other.join('.'))
+                end
+            end
+        }    
+    }
 
     describe "when the pattern is a numeric IP with a back reference" do
         before :each do
             @ip = '100.101.$1'
             @declaration = Puppet::Network::AuthStore::Declaration.new(:allow, at ip).interpolate('12.34'.match(/(.*)/))
         end
-        it "should match an IP with the apropriate interpolation" do
+        it "should match an IP with the appropriate interpolation" do
             @declaration.should be_match('www.testsite.org', at ip.sub(/\$1/,'12.34'))
         end
         it "should not match other IPs" do
@@ -32,20 +53,25 @@ describe Puppet::Network::AuthStore::Declaration do
         end
     end
 
-    describe "when the pattern is a PQDN" do
-        before :each do
-            @host = 'spirit.mars.nasa.gov'
-            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow, at host)
-        end
-        it "should match the specified PQDN" do
-            pending "FQDN consensus"
-            @declaration.should be_match(@host,'200.101.99.98')
-        end
-        it "should not match a similar FQDN" do
-            pending "FQDN consensus"
-            @declaration.should_not be_match(@host+'.','200.101.99.98')
-        end
-    end
+    {
+    'spirit.mars.nasa.gov' => 'a PQDN',
+    'ratchet.2ndsiteinc.com' => 'a PQDN with digits',
+    'a.c.ru' => 'a PQDN with short segments',
+    }.each {|pqdn,desc|
+        describe "when the pattern is #{desc}" do
+            before :each do
+                @host = pqdn
+                @declaration = Puppet::Network::AuthStore::Declaration.new(:allow, at host)
+            end
+            it "should match the specified PQDN" do
+                @declaration.should be_match(@host,'200.101.99.98')
+            end
+            it "should not match a similar FQDN" do
+                pending "FQDN consensus"
+                @declaration.should_not be_match(@host+'.','200.101.99.98')
+            end
+        end
+    }
 
     describe "when the pattern is a FQDN" do
         before :each do
@@ -57,7 +83,6 @@ describe Puppet::Network::AuthStore::Declaration do
             @declaration.should be_match(@host,'200.101.99.98')
         end
         it "should not match a similar PQDN" do
-            #pending "FQDN consensus"
             @declaration.should_not be_match(@host[0..-2],'200.101.99.98')
         end
     end
@@ -70,7 +95,31 @@ describe Puppet::Network::AuthStore::Declaration do
             @pattern = %{^/catalog/([^/]+)$}
             @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,'$1')
         end
-        it "should match an IP with the apropriate interpolation" do
+        it "should match an IP with the appropriate interpolation" do
+            @declaration.interpolate(@item.match(@pattern)).should be_match(@host,'10.0.0.5')
+        end
+    end
+
+    describe "when the pattern is an opaque string with a back reference and the matched data contains dots" do
+        before :each do
+            @host = 'admin.mgmt.nym1'
+            @item = "/catalog/#{@host}"
+            @pattern = %{^/catalog/([^/]+)$}
+            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,'$1')
+        end
+        it "should match a name with the appropriate interpolation" do
+            @declaration.interpolate(@item.match(@pattern)).should be_match(@host,'10.0.0.5')
+        end
+    end
+
+    describe "when the pattern is an opaque string with a back reference and the matched data contains dots with an initial prefix that looks like an IP address" do
+        before :each do
+            @host = '01.admin.mgmt.nym1'
+            @item = "/catalog/#{@host}"
+            @pattern = %{^/catalog/([^/]+)$}
+            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,'$1')
+        end
+        it "should match a name with the appropriate interpolation" do
             @declaration.interpolate(@item.match(@pattern)).should be_match(@host,'10.0.0.5')
         end
     end

-- 
Puppet packaging for Debian



More information about the Pkg-puppet-devel mailing list