Update version according to OSCI-856

[packages/precise/mcollective.git] / doc / classes / MCollective / Security / Base.html

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Class: MCollective::Security::Base</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <meta http-equiv="Content-Script-Type" content="text/javascript" />
  <link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" />
  <script type="text/javascript">
  // <![CDATA[

  function popupCode( url ) {
    window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
  }

  function toggleCode( id ) {
    if ( document.getElementById )
      elem = document.getElementById( id );
    else if ( document.all )
      elem = eval( "document.all." + id );
    else
      return false;

    elemStyle = elem.style;
    
    if ( elemStyle.display != "block" ) {
      elemStyle.display = "block"
    } else {
      elemStyle.display = "none"
    }

    return true;
  }
  
  // Make codeblocks hidden by default
  document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
  
  // ]]>
  </script>

</head>
<body>



    <div id="classHeader">
        <table class="header-table">
        <tr class="top-aligned-row">
          <td><strong>Class</strong></td>
          <td class="class-name-in-header">MCollective::Security::Base</td>
        </tr>
        <tr class="top-aligned-row">
            <td><strong>In:</strong></td>
            <td>
                <a href="../../../files/lib/mcollective/security/base_rb.html">
                lib/mcollective/security/base.rb
                </a>
        <br />
            </td>
        </tr>

        <tr class="top-aligned-row">
            <td><strong>Parent:</strong></td>
            <td>
                Object
            </td>
        </tr>
        </table>
    </div>
  <!-- banner header -->

  <div id="bodyContent">



  <div id="contextContent">

    <div id="description">
      <p>
This is a base class the other security modules should inherit from it
handles statistics and validation of messages that should in most cases
apply to all security models.
</p>
<p>
To create your own security plugin you should provide a plugin that
inherits from this and provides the following methods:
</p>
<p>
<a href="Base.html#M000271">decodemsg</a> - Decodes a message that was
received from the middleware <a href="Base.html#M000270">encodereply</a> -
Encodes a reply message to a previous request message <a
href="Base.html#M000269">encoderequest</a> - Encodes a <a
href="Base.html#M000261">new</a> request message <a
href="Base.html#M000268">validrequest?</a> - Validates a request received
from the middleware
</p>
<p>
Optionally if you are identifying users by some other means like
certificate name you can provide your own <a
href="Base.html#M000267">callerid</a> method that can provide the rest of
the system with an id, and you would see this id being usable in SimpleRPC
authorization methods
</p>
<p>
The @initiated_by variable will be set to either :client or :node depending
on who is using this plugin. This is to help security providers that
operate in an asymetric mode like public/private key based systems.
</p>
<p>
Specifics of each of these are a bit fluid and the interfaces for this is
not set in stone yet, specifically the encode methods will be provided with
a helper that takes care of encoding the core requirements. The best place
to see how security works is by looking at the provided
MCollective::Security::PSK plugin.
</p>

    </div>


   </div>

    <div id="method-list">
      <h3 class="section-bar">Methods</h3>

      <div class="name-list">
      <a href="#M000267">callerid</a>&nbsp;&nbsp;
      <a href="#M000263">create_reply</a>&nbsp;&nbsp;
      <a href="#M000264">create_request</a>&nbsp;&nbsp;
      <a href="#M000271">decodemsg</a>&nbsp;&nbsp;
      <a href="#M000270">encodereply</a>&nbsp;&nbsp;
      <a href="#M000269">encoderequest</a>&nbsp;&nbsp;
      <a href="#M000260">inherited</a>&nbsp;&nbsp;
      <a href="#M000261">new</a>&nbsp;&nbsp;
      <a href="#M000265">should_process_msg?</a>&nbsp;&nbsp;
      <a href="#M000266">valid_callerid?</a>&nbsp;&nbsp;
      <a href="#M000262">validate_filter?</a>&nbsp;&nbsp;
      <a href="#M000268">validrequest?</a>&nbsp;&nbsp;
      </div>
    </div>

  </div>


    <!-- if includes -->

    <div id="section">





    <div id="attribute-list">
      <h3 class="section-bar">Attributes</h3>

      <div class="name-list">
        <table>
        <tr class="top-aligned-row context-row">
          <td class="context-item-name">initiated_by</td>
          <td class="context-item-value">&nbsp;[RW]&nbsp;</td>
          <td class="context-item-desc"></td>
        </tr>
        <tr class="top-aligned-row context-row">
          <td class="context-item-name">stats</td>
          <td class="context-item-value">&nbsp;[R]&nbsp;</td>
          <td class="context-item-desc"></td>
        </tr>
        </table>
      </div>
    </div>
      


    <!-- if method_list -->
    <div id="methods">
      <h3 class="section-bar">Public Class methods</h3>

      <div id="method-M000260" class="method-detail">
        <a name="M000260"></a>

        <div class="method-heading">
          <a href="#M000260" class="method-signature">
          <span class="method-name">inherited</span><span class="method-args">(klass)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Register plugins that inherits base
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000260-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000260-source">
<pre>
    <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 32</span>
32:       <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">inherited</span>(<span class="ruby-identifier">klass</span>)
33:         <span class="ruby-constant">PluginManager</span> <span class="ruby-operator">&lt;&lt;</span> {<span class="ruby-identifier">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">&quot;security_plugin&quot;</span>, <span class="ruby-identifier">:class</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">klass</span>.<span class="ruby-identifier">to_s</span>}
34:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000261" class="method-detail">
        <a name="M000261"></a>

        <div class="method-heading">
          <a href="#M000261" class="method-signature">
          <span class="method-name">new</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Initializes configuration and logging as well as prepare a zero&#8216;d
hash of stats various security methods and filter validators should
increment stats, see MCollective::Security::Psk for a sample
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000261-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000261-source">
<pre>
    <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 38</span>
38:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">initialize</span>
39:         <span class="ruby-ivar">@config</span> = <span class="ruby-constant">Config</span>.<span class="ruby-identifier">instance</span>
40:         <span class="ruby-ivar">@log</span> = <span class="ruby-constant">Log</span>
41:         <span class="ruby-ivar">@stats</span> = <span class="ruby-constant">PluginManager</span>[<span class="ruby-value str">&quot;global_stats&quot;</span>]
42:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <h3 class="section-bar">Public Instance methods</h3>

      <div id="method-M000267" class="method-detail">
        <a name="M000267"></a>

        <div class="method-heading">
          <a href="#M000267" class="method-signature">
          <span class="method-name">callerid</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Returns a unique id for the caller, by default we just use the unix user
id, security plugins can provide their own means of doing ids.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000267-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000267-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 219</span>
219:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">callerid</span>
220:         <span class="ruby-node">&quot;uid=#{Process.uid}&quot;</span>
221:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000263" class="method-detail">
        <a name="M000263"></a>

        <div class="method-heading">
          <a href="#M000263" class="method-signature">
          <span class="method-name">create_reply</span><span class="method-args">(reqid, agent, body)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000263-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000263-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 167</span>
167:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">create_reply</span>(<span class="ruby-identifier">reqid</span>, <span class="ruby-identifier">agent</span>, <span class="ruby-identifier">body</span>)
168:         <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Encoded a message for request #{reqid}&quot;</span>)
169: 
170:         {<span class="ruby-identifier">:senderid</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@config</span>.<span class="ruby-identifier">identity</span>,
171:          <span class="ruby-identifier">:requestid</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">reqid</span>,
172:          <span class="ruby-identifier">:senderagent</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">agent</span>,
173:          <span class="ruby-identifier">:msgtime</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>.<span class="ruby-identifier">utc</span>.<span class="ruby-identifier">to_i</span>,
174:          <span class="ruby-identifier">:body</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">body</span>}
175:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000264" class="method-detail">
        <a name="M000264"></a>

        <div class="method-heading">
          <a href="#M000264" class="method-signature">
          <span class="method-name">create_request</span><span class="method-args">(reqid, filter, msg, initiated_by, target_agent, target_collective, ttl=60)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000264-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000264-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 177</span>
177:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">create_request</span>(<span class="ruby-identifier">reqid</span>, <span class="ruby-identifier">filter</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">initiated_by</span>, <span class="ruby-identifier">target_agent</span>, <span class="ruby-identifier">target_collective</span>, <span class="ruby-identifier">ttl</span>=<span class="ruby-value">60</span>)
178:         <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Encoding a request for agent '#{target_agent}' in collective #{target_collective} with request id #{reqid}&quot;</span>)
179: 
180:         {<span class="ruby-identifier">:body</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">msg</span>,
181:          <span class="ruby-identifier">:senderid</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@config</span>.<span class="ruby-identifier">identity</span>,
182:          <span class="ruby-identifier">:requestid</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">reqid</span>,
183:          <span class="ruby-identifier">:filter</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">filter</span>,
184:          <span class="ruby-identifier">:collective</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_collective</span>,
185:          <span class="ruby-identifier">:agent</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_agent</span>,
186:          <span class="ruby-identifier">:callerid</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">callerid</span>,
187:          <span class="ruby-identifier">:ttl</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">ttl</span>,
188:          <span class="ruby-identifier">:msgtime</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span>.<span class="ruby-identifier">utc</span>.<span class="ruby-identifier">to_i</span>}
189:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000271" class="method-detail">
        <a name="M000271"></a>

        <div class="method-heading">
          <a href="#M000271" class="method-signature">
          <span class="method-name">decodemsg</span><span class="method-args">(msg)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
<a href="../Security.html">Security</a> providers should provide this, see
MCollective::Security::Psk
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000271-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000271-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 239</span>
239:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decodemsg</span>(<span class="ruby-identifier">msg</span>)
240:         <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">&quot;decodemsg is not implemented in #{self.class}&quot;</span>)
241:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000270" class="method-detail">
        <a name="M000270"></a>

        <div class="method-heading">
          <a href="#M000270" class="method-signature">
          <span class="method-name">encodereply</span><span class="method-args">(sender, msg, requestcallerid=nil)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
<a href="../Security.html">Security</a> providers should provide this, see
MCollective::Security::Psk
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000270-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000270-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 234</span>
234:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encodereply</span>(<span class="ruby-identifier">sender</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">requestcallerid</span>=<span class="ruby-keyword kw">nil</span>)
235:         <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">&quot;encodereply is not implemented in #{self.class}&quot;</span>)
236:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000269" class="method-detail">
        <a name="M000269"></a>

        <div class="method-heading">
          <a href="#M000269" class="method-signature">
          <span class="method-name">encoderequest</span><span class="method-args">(sender, msg, filter={})</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
<a href="../Security.html">Security</a> providers should provide this, see
MCollective::Security::Psk
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000269-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000269-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 229</span>
229:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encoderequest</span>(<span class="ruby-identifier">sender</span>, <span class="ruby-identifier">msg</span>, <span class="ruby-identifier">filter</span>={})
230:         <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">&quot;encoderequest is not implemented in #{self.class}&quot;</span>)
231:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000265" class="method-detail">
        <a name="M000265"></a>

        <div class="method-heading">
          <a href="#M000265" class="method-signature">
          <span class="method-name">should_process_msg?</span><span class="method-args">(msg, msgid)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Give a MC::Message instance and a message id this will figure out if you
the incoming message id matches the one the <a
href="../Message.html">Message</a> object is expecting and raise if its not
</p>
<p>
Mostly used by security plugins to figure out if they should do the hard
work of decrypting etc messages that would only later on be ignored
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000265-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000265-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 196</span>
196:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">should_process_msg?</span>(<span class="ruby-identifier">msg</span>, <span class="ruby-identifier">msgid</span>)
197:         <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span>
198:           <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">msgid</span>
199:             <span class="ruby-identifier">msgtext</span> = <span class="ruby-value str">&quot;Got a message with id %s but was expecting %s, ignoring message&quot;</span> <span class="ruby-operator">%</span> [<span class="ruby-identifier">msgid</span>, <span class="ruby-identifier">msg</span>.<span class="ruby-identifier">expected_msgid</span>]
200:             <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span> <span class="ruby-identifier">msgtext</span>
201:             <span class="ruby-identifier">raise</span> <span class="ruby-constant">MsgDoesNotMatchRequestID</span>, <span class="ruby-identifier">msgtext</span>
202:           <span class="ruby-keyword kw">end</span>
203:         <span class="ruby-keyword kw">end</span>
204: 
205:         <span class="ruby-keyword kw">true</span>
206:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000266" class="method-detail">
        <a name="M000266"></a>

        <div class="method-heading">
          <a href="#M000266" class="method-signature">
          <span class="method-name">valid_callerid?</span><span class="method-args">(id)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Validates a <a href="Base.html#M000267">callerid</a>. We do not want to
allow things like \ and / in callerids since other plugins make assumptions
that these are safe strings.
</p>
<p>
callerids are generally in the form uid=123 or cert=foo etc so we do that
here but security plugins could override this for some complex uses
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000266-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000266-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 213</span>
213:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">valid_callerid?</span>(<span class="ruby-identifier">id</span>)
214:         <span class="ruby-operator">!</span><span class="ruby-operator">!</span><span class="ruby-identifier">id</span>.<span class="ruby-identifier">match</span>(<span class="ruby-regexp re">/^[\w]+=[\w\.\-]+$/</span>)
215:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000262" class="method-detail">
        <a name="M000262"></a>

        <div class="method-heading">
          <a href="#M000262" class="method-signature">
          <span class="method-name">validate_filter?</span><span class="method-args">(filter)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Takes a Hash with a filter in it and validates it against host information.
</p>
<p>
At present this supports filter matches against the following criteria:
</p>
<ul>
<li>puppet_class|cf_class - Presence of a configuration management class in

<pre>
                        the file configured with classesfile
</pre>
</li>
<li>agent - Presence of a <a href="../../MCollective.html">MCollective</a>
agent with a supplied name

</li>
<li>fact - The value of a fact avout this system

</li>
<li>identity - the configured identity of the system

</li>
</ul>
<p>
TODO: Support REGEX and/or multiple filter keys to be AND&#8216;d
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000262-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000262-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 55</span>
 55:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">validate_filter?</span>(<span class="ruby-identifier">filter</span>)
 56:         <span class="ruby-identifier">failed</span> = <span class="ruby-value">0</span>
 57:         <span class="ruby-identifier">passed</span> = <span class="ruby-value">0</span>
 58: 
 59:         <span class="ruby-identifier">passed</span> = <span class="ruby-value">1</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">empty_filter?</span>(<span class="ruby-identifier">filter</span>)
 60: 
 61:         <span class="ruby-identifier">filter</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">key</span><span class="ruby-operator">|</span>
 62:           <span class="ruby-keyword kw">case</span> <span class="ruby-identifier">key</span>
 63:           <span class="ruby-keyword kw">when</span> <span class="ruby-regexp re">/puppet_class|cf_class/</span>
 64:             <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
 65:               <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Checking for class #{f}&quot;</span>)
 66:               <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_cf_class?</span>(<span class="ruby-identifier">f</span>) <span class="ruby-keyword kw">then</span>
 67:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Passing based on configuration management class #{f}&quot;</span>)
 68:                 <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
 69:               <span class="ruby-keyword kw">else</span>
 70:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Failing based on configuration management class #{f}&quot;</span>)
 71:                 <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
 72:               <span class="ruby-keyword kw">end</span>
 73:             <span class="ruby-keyword kw">end</span>
 74: 
 75:           <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;compound&quot;</span>
 76:             <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">compound</span><span class="ruby-operator">|</span>
 77:               <span class="ruby-identifier">result</span> = <span class="ruby-keyword kw">false</span>
 78:               <span class="ruby-identifier">truth_values</span> = []
 79: 
 80:               <span class="ruby-keyword kw">begin</span>
 81:                 <span class="ruby-identifier">compound</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">expression</span><span class="ruby-operator">|</span>
 82:                   <span class="ruby-keyword kw">case</span> <span class="ruby-identifier">expression</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">first</span>
 83:                     <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;statement&quot;</span>
 84:                       <span class="ruby-identifier">truth_values</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">Matcher</span>.<span class="ruby-identifier">eval_compound_statement</span>(<span class="ruby-identifier">expression</span>).<span class="ruby-identifier">to_s</span>
 85:                     <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;fstatement&quot;</span>
 86:                       <span class="ruby-identifier">truth_values</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">Matcher</span>.<span class="ruby-identifier">eval_compound_fstatement</span>(<span class="ruby-identifier">expression</span>.<span class="ruby-identifier">values</span>.<span class="ruby-identifier">first</span>)
 87:                     <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;and&quot;</span>
 88:                       <span class="ruby-identifier">truth_values</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-value str">&quot;&amp;&amp;&quot;</span>
 89:                     <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;or&quot;</span>
 90:                       <span class="ruby-identifier">truth_values</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-value str">&quot;||&quot;</span>
 91:                     <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;(&quot;</span>
 92:                       <span class="ruby-identifier">truth_values</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-value str">&quot;(&quot;</span>
 93:                     <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;)&quot;</span>
 94:                       <span class="ruby-identifier">truth_values</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-value str">&quot;)&quot;</span>
 95:                     <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;not&quot;</span>
 96:                       <span class="ruby-identifier">truth_values</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-value str">&quot;!&quot;</span>
 97:                   <span class="ruby-keyword kw">end</span>
 98:                 <span class="ruby-keyword kw">end</span>
 99: 
100:                 <span class="ruby-identifier">result</span> = <span class="ruby-identifier">eval</span>(<span class="ruby-identifier">truth_values</span>.<span class="ruby-identifier">join</span>(<span class="ruby-value str">&quot; &quot;</span>))
101:               <span class="ruby-keyword kw">rescue</span> <span class="ruby-constant">DDLValidationError</span>
102:                 <span class="ruby-identifier">result</span> = <span class="ruby-keyword kw">false</span>
103:               <span class="ruby-keyword kw">end</span>
104: 
105:               <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">result</span>
106:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">&quot;Passing based on class and fact composition&quot;</span>)
107:                 <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span><span class="ruby-value">1</span>
108:               <span class="ruby-keyword kw">else</span>
109:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">&quot;Failing based on class and fact composition&quot;</span>)
110:                 <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span><span class="ruby-value">1</span>
111:               <span class="ruby-keyword kw">end</span>
112:             <span class="ruby-keyword kw">end</span>
113: 
114:           <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;agent&quot;</span>
115:             <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
116:               <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_agent?</span>(<span class="ruby-identifier">f</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">f</span> <span class="ruby-operator">==</span> <span class="ruby-value str">&quot;mcollective&quot;</span>
117:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Passing based on agent #{f}&quot;</span>)
118:                 <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
119:               <span class="ruby-keyword kw">else</span>
120:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Failing based on agent #{f}&quot;</span>)
121:                 <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
122:               <span class="ruby-keyword kw">end</span>
123:             <span class="ruby-keyword kw">end</span>
124: 
125:           <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;fact&quot;</span>
126:             <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
127:               <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_fact?</span>(<span class="ruby-identifier">f</span>[<span class="ruby-identifier">:fact</span>], <span class="ruby-identifier">f</span>[<span class="ruby-identifier">:value</span>], <span class="ruby-identifier">f</span>[<span class="ruby-identifier">:operator</span>])
128:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Passing based on fact #{f[:fact]} #{f[:operator]} #{f[:value]}&quot;</span>)
129:                 <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
130:               <span class="ruby-keyword kw">else</span>
131:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-node">&quot;Failing based on fact #{f[:fact]} #{f[:operator]} #{f[:value]}&quot;</span>)
132:                 <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
133:               <span class="ruby-keyword kw">end</span>
134:             <span class="ruby-keyword kw">end</span>
135: 
136:           <span class="ruby-keyword kw">when</span> <span class="ruby-value str">&quot;identity&quot;</span>
137:             <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">empty?</span>
138:               <span class="ruby-comment cmt"># Identity filters should not be 'and' but 'or' as each node can only have one identity</span>
139:               <span class="ruby-identifier">matched</span> = <span class="ruby-identifier">filter</span>[<span class="ruby-identifier">key</span>].<span class="ruby-identifier">select</span>{<span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">has_identity?</span>(<span class="ruby-identifier">f</span>)}.<span class="ruby-identifier">size</span>
140: 
141:               <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">matched</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>
142:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">&quot;Passing based on identity&quot;</span>)
143:                 <span class="ruby-identifier">passed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
144:               <span class="ruby-keyword kw">else</span>
145:                 <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">&quot;Failed based on identity&quot;</span>)
146:                 <span class="ruby-identifier">failed</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
147:               <span class="ruby-keyword kw">end</span>
148:             <span class="ruby-keyword kw">end</span>
149:           <span class="ruby-keyword kw">end</span>
150:         <span class="ruby-keyword kw">end</span>
151: 
152:         <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">failed</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">passed</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
153:           <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">&quot;Message passed the filter checks&quot;</span>)
154: 
155:           <span class="ruby-ivar">@stats</span>.<span class="ruby-identifier">passed</span>
156: 
157:           <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">true</span>
158:         <span class="ruby-keyword kw">else</span>
159:           <span class="ruby-constant">Log</span>.<span class="ruby-identifier">debug</span>(<span class="ruby-value str">&quot;Message failed the filter checks&quot;</span>)
160: 
161:           <span class="ruby-ivar">@stats</span>.<span class="ruby-identifier">filtered</span>
162: 
163:           <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">false</span>
164:         <span class="ruby-keyword kw">end</span>
165:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000268" class="method-detail">
        <a name="M000268"></a>

        <div class="method-heading">
          <a href="#M000268" class="method-signature">
          <span class="method-name">validrequest?</span><span class="method-args">(req)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
<a href="../Security.html">Security</a> providers should provide this, see
MCollective::Security::Psk
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000268-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000268-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/security/base.rb, line 224</span>
224:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">validrequest?</span>(<span class="ruby-identifier">req</span>)
225:         <span class="ruby-constant">Log</span>.<span class="ruby-identifier">error</span>(<span class="ruby-node">&quot;validrequest? is not implemented in #{self.class}&quot;</span>)
226:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>


    </div>


  </div>


<div id="validator-badges">
  <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>

</body>
</html>