-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Always use the local file_bucket on master
This fixes an issue where the master could be made to issue arbitrary HTTPS requests through carefully constructed URLs. Now the master will always use the file_bucket, whereas other applications retain their behavior of dynamically selecting the source (rest or file) based on the particular request.
- Loading branch information
Showing
6 changed files
with
125 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
require 'puppet/indirector/code' | ||
|
||
module Puppet::FileBucketFile | ||
class Selector < Puppet::Indirector::Code | ||
desc "Select the terminus based on the request" | ||
|
||
def select(request) | ||
if request.protocol == 'https' | ||
:rest | ||
else | ||
:file | ||
end | ||
end | ||
|
||
def get_terminus(request) | ||
indirection.terminus(select(request)) | ||
end | ||
|
||
def head(request) | ||
get_terminus(request).head(request) | ||
end | ||
|
||
def find(request) | ||
get_terminus(request).find(request) | ||
end | ||
|
||
def save(request) | ||
get_terminus(request).save(request) | ||
end | ||
|
||
def search(request) | ||
get_terminus(request).search(request) | ||
end | ||
|
||
def destroy(request) | ||
get_terminus(request).destroy(request) | ||
end | ||
|
||
def authorized?(request) | ||
terminus = get_terminus(request) | ||
if terminus.respond_to?(:authorized?) | ||
terminus.authorized?(request) | ||
else | ||
true | ||
end | ||
end | ||
end | ||
end | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
#!/usr/bin/env rspec | ||
|
||
require 'spec_helper' | ||
|
||
require 'puppet/file_bucket/file' | ||
|
||
describe Puppet::FileBucket::File do | ||
describe "#indirection" do | ||
before :each do | ||
# Never connect to the network, no matter what | ||
described_class.indirection.terminus(:rest).class.any_instance.stubs(:find) | ||
end | ||
|
||
describe "when running the master application" do | ||
before :each do | ||
Puppet::Application[:master].setup_terminuses | ||
end | ||
|
||
{ | ||
"md5/d41d8cd98f00b204e9800998ecf8427e" => :file, | ||
"https://puppetmaster:8140/production/file_bucket_file/md5/d41d8cd98f00b204e9800998ecf8427e" => :file, | ||
}.each do |key, terminus| | ||
it "should use the #{terminus} terminus when requesting #{key.inspect}" do | ||
described_class.indirection.terminus(terminus).class.any_instance.expects(:find) | ||
|
||
described_class.indirection.find(key) | ||
end | ||
end | ||
end | ||
|
||
describe "when running another application" do | ||
{ | ||
"md5/d41d8cd98f00b204e9800998ecf8427e" => :file, | ||
"https://puppetmaster:8140/production/file_bucket_file/md5/d41d8cd98f00b204e9800998ecf8427e" => :rest, | ||
}.each do |key, terminus| | ||
it "should use the #{terminus} terminus when requesting #{key.inspect}" do | ||
described_class.indirection.terminus(terminus).class.any_instance.expects(:find) | ||
|
||
described_class.indirection.find(key) | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
#!/usr/bin/env rspec | ||
require 'spec_helper' | ||
|
||
require 'puppet/indirector/file_bucket_file/selector' | ||
require 'puppet/indirector/file_bucket_file/file' | ||
require 'puppet/indirector/file_bucket_file/rest' | ||
|
||
describe Puppet::FileBucketFile::Selector do | ||
%w[head find save search destroy].each do |method| | ||
describe "##{method}" do | ||
it "should proxy to rest terminus for https requests" do | ||
request = stub 'request', :protocol => 'https' | ||
|
||
Puppet::FileBucketFile::Rest.any_instance.expects(method).with(request) | ||
|
||
subject.send(method, request) | ||
end | ||
|
||
it "should proxy to file terminus for other requests" do | ||
request = stub 'request', :protocol => 'file' | ||
|
||
Puppet::FileBucketFile::File.any_instance.expects(method).with(request) | ||
|
||
subject.send(method, request) | ||
end | ||
end | ||
end | ||
end | ||
|