Update docs to include info about allowedURL properties

rundeck · Apr 26, 2011 · 4ff298f · 4ff298f
1 parent b1c05e7
commit 4ff298f
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 1 deletion.
diff --git a/docs/en/07-administration/07-chapter1.md b/docs/en/07-administration/07-chapter1.md
@@ -115,6 +115,11 @@ Configuration used by shell tools. This file contains a number of
 settings used by the shell tools to interoperate with the RunDeck
 services. 
 
+Some important settings:
+
+* `framework.resources.allowedURL.X`: a sequence of regular expressions (for `X` starting at 0 and increasing). These are matched against requested providerURL values when
+the `/project/name/resources/refresh` API endpoint is called. See [Refreshing Resources for a Project](#refreshing-resources-for-a-project).
+
 #### log4j.properties
 
 RunDeck uses [log4j] as its application logging facility. This file
@@ -135,9 +140,11 @@ generated at project setup time. There are two important settings in
 this file:
 
 * `project.resources.file`: Path to the project resource model document
-  (see [resources-v10(5)](resources-v10.html)).
+  (see [resource-v10(5)](resource-v10.html) and [resource-yaml-v12(5)](resource-yaml-v12.html)).
 * `project.resources.url`: (Optional) The URL to an external
   [Resource Model Provider](#resource-model-provider).
+* `project.resources.allowedURL.X`: a sequence of regular expressions (for `X` starting at 0 and increasing). These are matched against requested providerURL values when
+the `/project/name/resources/refresh` API endpoint is called. See [Refreshing Resources for a Project](#refreshing-resources-for-a-project).
 
 #### jaas-loginmodule.conf
 

diff --git a/docs/en/09-api/01-chapter10.md b/docs/en/09-api/01-chapter10.md
@@ -513,6 +513,22 @@ Optional Parameters:
 
 Result: A success or failure result with a message.
 
+The URL requested as the `providerURL` must be allowed by the `project.properties` and `framework.properties` configuration settings according to these rules:
+
+* If the `providerURL` matches the value of `project.resources.url`, it is allowed.
+* Otherwise, these properties are checked as regular expressions to match the URL:
+    * `project.resources.allowedURL.X` in project.properties (X starts at 0).
+    * `framework.resources.allowedURL.X` in framework.properties
+* If both files define allowedURL regexes, the URL must match a regex in both of them.
+* Otherwise, if only one file defines regexes, the URL must match one of them.
+* Otherwise if no regexes are defined in either file, the URL is rejected.
+
+Multiple regexes can be specified in those config files by adding muliple properties:
+
+    project.resources.allowedURL.0=^http://myserver:9090/resources/.*$
+    project.resources.allowedURL.1=^http://server2:9090/resources/.*$
+
+
 ### Listing History
 
 List the event history for a project.