From 5363e6d9a53146333da0d109aae170befc1b9481 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Tue, 12 Feb 2013 07:48:33 -0500
Subject: Added client ACLs:

* IP and CIDR-based ACLs
* Metadata (group/hostname)-based ACLs
* Documentation
* Unit tests
---
 schemas/acl-ip.xsd       | 56 ++++++++++++++++++++++++++++++++++
 schemas/acl-metadata.xsd | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 135 insertions(+)
 create mode 100644 schemas/acl-ip.xsd
 create mode 100644 schemas/acl-metadata.xsd

(limited to 'schemas')

diff --git a/schemas/acl-ip.xsd b/schemas/acl-ip.xsd
new file mode 100644
index 000000000..1d6106c05
--- /dev/null
+++ b/schemas/acl-ip.xsd
@@ -0,0 +1,56 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xml:lang="en">
+  <xsd:annotation>
+    <xsd:documentation>
+      Schema for IP-based client ACLs:
+      :ref:`server-plugins-misc-acl` ``ip.xml``
+    </xsd:documentation>
+  </xsd:annotation>
+
+  <xsd:complexType name="IPACLType">
+    <xsd:attribute type="xsd:string" name="method" use="required">
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the XML-RPC method to allow or deny.  Limited
+          wildcards are supported.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute type="xsd:string" name="address">
+      <xsd:annotation>
+        <xsd:documentation>
+          The IP address to match against.  This is an exact match
+          unless :xml:attribute:`IPACLType:netmask` is defined.  If
+          this is not defined, all addresses match the given rule.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute type="xsd:string" name="netmask">
+      <xsd:annotation>
+        <xsd:documentation>
+          If this is defined, then it is combined with
+          :xml:attribute:`IPACLType:address` to produce a CIDR range,
+          which is used for matching instead of exact matching based
+          only on IP address.  This can be either an integer netmask
+          (e.g., ``netmask="24"``) or a dotted-quad (e.g.,
+          ``netmask="255.255.255.0"``).
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+  </xsd:complexType>
+
+  <xsd:complexType name="IPACLContainerType">
+    <xsd:annotation>
+      <xsd:documentation>
+        Top-level tag for describing metadata-based client ACLs.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:choice minOccurs="1" maxOccurs="unbounded">
+      <xsd:element name="Allow" type="IPACLType"/>
+      <xsd:element name="Deny" type="IPACLType"/>
+      <xsd:element name="Defer" type="IPACLType"/>
+      <xsd:element name="ACL" type="IPACLContainerType"/>
+    </xsd:choice>
+  </xsd:complexType>
+
+  <xsd:element name="ACL" type="IPACLContainerType"/>
+</xsd:schema>
diff --git a/schemas/acl-metadata.xsd b/schemas/acl-metadata.xsd
new file mode 100644
index 000000000..7d996fb87
--- /dev/null
+++ b/schemas/acl-metadata.xsd
@@ -0,0 +1,79 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+            xmlns:py="http://genshi.edgewall.org/" xml:lang="en">
+  <xsd:annotation>
+    <xsd:documentation>
+      Schema for metadata-based client ACLs:
+      :ref:`server-plugins-misc-acl` ``metadata.xml``
+    </xsd:documentation>
+  </xsd:annotation>
+
+  <xsd:import namespace="http://genshi.edgewall.org/"
+              schemaLocation="genshi.xsd"/>
+
+  <xsd:complexType name="MetadataACLGroupType">
+    <xsd:annotation>
+      <xsd:documentation>
+        An **MetadataACLGroupType** is a tag used to provide logic.
+        Child entries of a MetadataACLGroupType tag only apply to
+        machines that match the condition specified -- either
+        membership in a group, or a matching client name.
+        :xml:attribute:`MetadataACLGroupType:negate` can be set to
+        negate the sense of the match.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:group ref="MetadataACLElements"/>
+    <xsd:attribute name='name' type='xsd:string'>
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the client or group to match on.  Child entries
+          will only apply to this client or group (unless
+          :xml:attribute:`MetadataACLGroupType:negate` is set).
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute name='negate' type='xsd:boolean'>
+      <xsd:annotation>
+        <xsd:documentation>
+          Negate the sense of the match, so that child entries only
+          apply to a client if it is not a member of the given group
+          or does not have the given name.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attributeGroup ref="py:genshiAttrs"/>
+  </xsd:complexType>
+
+  <xsd:complexType name="MetadataACLType">
+    <xsd:attribute type="xsd:string" name="method" use="required">
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the XML-RPC method to allow or deny.  Limited
+          wildcards are supported.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attributeGroup ref="py:genshiAttrs"/>
+  </xsd:complexType>
+
+  <xsd:complexType name="MetadataACLContainerType">
+    <xsd:annotation>
+      <xsd:documentation>
+        Top-level tag for describing metadata-based client ACLs.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:group ref="MetadataACLElements"/>
+  </xsd:complexType>
+
+  <xsd:group name="MetadataACLElements">
+    <xsd:choice minOccurs="1" maxOccurs="unbounded">
+      <xsd:group ref="py:genshiElements"/>
+      <xsd:element name="Allow" type="MetadataACLType"/>
+      <xsd:element name="Deny" type="MetadataACLType"/>
+      <xsd:element name="Group" type="MetadataACLGroupType"/>
+      <xsd:element name="Client" type="MetadataACLGroupType"/>
+      <xsd:element name="ACL" type="MetadataACLContainerType"/>
+    </xsd:choice>
+  </xsd:group>
+
+  <xsd:element name="ACL" type="MetadataACLContainerType"/>
+</xsd:schema>
-- 
cgit v1.2.3-1-g7c22