diff options
author | Simon Ruderich <simon@ruderich.org> | 2013-11-12 23:48:25 +0100 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-11-14 09:27:08 -0500 |
commit | d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3 (patch) | |
tree | 95b76849268d44bcf6ea81f957159e3a568dcf69 /src/lib/Bcfg2/Server/Plugins/Probes.py | |
parent | 557377e8a1d0492f4c26b95c4a74172a9210ac3e (diff) | |
download | bcfg2-d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3.tar.gz bcfg2-d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3.tar.bz2 bcfg2-d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3.zip |
Add probes.allowed_groups option to restrict group assignments.
Diffstat (limited to 'src/lib/Bcfg2/Server/Plugins/Probes.py')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Probes.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Probes.py b/src/lib/Bcfg2/Server/Plugins/Probes.py index 84e1638d6..59a73c4aa 100644 --- a/src/lib/Bcfg2/Server/Plugins/Probes.py +++ b/src/lib/Bcfg2/Server/Plugins/Probes.py @@ -204,6 +204,7 @@ class Probes(Bcfg2.Server.Plugin.Probing, err = sys.exc_info()[1] raise Bcfg2.Server.Plugin.PluginInitError(err) + self.allowed_cgroups = core.setup['probe_allowed_groups'] self.probedata = dict() self.cgroups = dict() self.load_data() @@ -391,11 +392,18 @@ class Probes(Bcfg2.Server.Plugin.Probing, if line.split(':')[0] == 'group': newgroup = line.split(':')[1].strip() if newgroup not in cgroups: - cgroups.append(newgroup) + if self._group_allowed(newgroup): + cgroups.append(newgroup) + else: + self.logger.info("Disallowed group assignment %s from %s" + % (newgroup, client.hostname)) dlines.remove(line) dobj = ProbeData("\n".join(dlines)) cprobedata[data.get('name')] = dobj + def _group_allowed(self, group): + return any(r.match(group) for r in self.allowed_cgroups) + def get_additional_groups(self, meta): return self.cgroups.get(meta.hostname, list()) get_additional_groups.__doc__ = \ |