wip
This commit is contained in:
mwiegand
parent
76f05a43fb
commit
abf426bb12
2 changed files with 31 additions and 28 deletions
|
|
@ -1,6 +1,8 @@
|
|||
% for view_name, view_conf in views.items():
|
||||
acl "${view_name}" {
|
||||
${' '.join(f'{e};' for e in view_conf['acl'])}
|
||||
% for ac in sorted(view_conf['acl'], key=lambda e: (not e.startswith('!'), not e.startswith('key'))):
|
||||
${ac};
|
||||
% endfor
|
||||
};
|
||||
% endfor
|
||||
|
||||
|
|
@ -16,12 +18,6 @@ key "${name}" {
|
|||
% for view_name, view_conf in views.items():
|
||||
view "${view_name}" {
|
||||
match-clients {
|
||||
% for rejected_client in view_conf['rejected_clients']:
|
||||
! ${rejected_client};
|
||||
% endfor
|
||||
% for key in view_conf['keys']:
|
||||
${key};
|
||||
% endfor
|
||||
${view_name};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ defaults = {
|
|||
'192.168.0.0/16',
|
||||
},
|
||||
'keys': {},
|
||||
'rejected_keys': set(),
|
||||
},
|
||||
'external': {
|
||||
'default': True,
|
||||
|
|
@ -32,7 +31,6 @@ defaults = {
|
|||
'any',
|
||||
},
|
||||
'keys': {},
|
||||
'rejected_keys': set(),
|
||||
},
|
||||
},
|
||||
'keys': {
|
||||
|
|
@ -191,34 +189,43 @@ def generate_keys(metadata):
|
|||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'bind/views',
|
||||
)
|
||||
def collected_rejected_keys_from_other_views(metadata):
|
||||
def allow_keys_in_acl(metadata):
|
||||
return {
|
||||
'bind': {
|
||||
'views': {
|
||||
view: {
|
||||
'rejected_clients': {
|
||||
# reject other views keys
|
||||
*{
|
||||
key
|
||||
for other_view, other_conf in metadata.get('bind/views').items()
|
||||
if other_view != view
|
||||
and not other_conf.get('default')
|
||||
for key in other_conf['keys']
|
||||
},
|
||||
# reject other views acls
|
||||
*{
|
||||
other_view
|
||||
for other_view, other_conf in metadata.get('bind/views').items()
|
||||
if other_view != view
|
||||
and not other_conf.get('default')
|
||||
},
|
||||
|
||||
'acl': {
|
||||
f'key {key}'
|
||||
for key in conf['keys']
|
||||
}
|
||||
}
|
||||
for view in metadata.get('bind/views')
|
||||
for view, conf in metadata.get('bind/views').items()
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'bind/views',
|
||||
)
|
||||
def reject_keys_from_other_views(metadata):
|
||||
return {
|
||||
'bind': {
|
||||
'views': {
|
||||
view: {
|
||||
'acl': {
|
||||
f'! key {key}'
|
||||
for other_view, other_conf in metadata.get('bind/views').items()
|
||||
if other_view != view
|
||||
for key in other_conf['keys']
|
||||
}
|
||||
}
|
||||
for view, conf in metadata.get('bind/views').items()
|
||||
if not conf.get('default')
|
||||
}
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue