wip
This commit is contained in:
mwiegand
parent
76f05a43fb
commit
abf426bb12
2 changed files with 31 additions and 28 deletions
|
|
@ -1,6 +1,8 @@
|
||||||
% for view_name, view_conf in views.items():
|
% for view_name, view_conf in views.items():
|
||||||
acl "${view_name}" {
|
acl "${view_name}" {
|
||||||
${' '.join(f'{e};' for e in view_conf['acl'])}
|
% for ac in sorted(view_conf['acl'], key=lambda e: (not e.startswith('!'), not e.startswith('key'))):
|
||||||
|
${ac};
|
||||||
|
% endfor
|
||||||
};
|
};
|
||||||
% endfor
|
% endfor
|
||||||
|
|
||||||
|
|
@ -16,12 +18,6 @@ key "${name}" {
|
||||||
% for view_name, view_conf in views.items():
|
% for view_name, view_conf in views.items():
|
||||||
view "${view_name}" {
|
view "${view_name}" {
|
||||||
match-clients {
|
match-clients {
|
||||||
% for rejected_client in view_conf['rejected_clients']:
|
|
||||||
! ${rejected_client};
|
|
||||||
% endfor
|
|
||||||
% for key in view_conf['keys']:
|
|
||||||
${key};
|
|
||||||
% endfor
|
|
||||||
${view_name};
|
${view_name};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,6 @@ defaults = {
|
||||||
'192.168.0.0/16',
|
'192.168.0.0/16',
|
||||||
},
|
},
|
||||||
'keys': {},
|
'keys': {},
|
||||||
'rejected_keys': set(),
|
|
||||||
},
|
},
|
||||||
'external': {
|
'external': {
|
||||||
'default': True,
|
'default': True,
|
||||||
|
|
@ -32,7 +31,6 @@ defaults = {
|
||||||
'any',
|
'any',
|
||||||
},
|
},
|
||||||
'keys': {},
|
'keys': {},
|
||||||
'rejected_keys': set(),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'keys': {
|
'keys': {
|
||||||
|
|
@ -191,34 +189,43 @@ def generate_keys(metadata):
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
'bind/views',
|
'bind/views',
|
||||||
)
|
)
|
||||||
def collected_rejected_keys_from_other_views(metadata):
|
def allow_keys_in_acl(metadata):
|
||||||
return {
|
return {
|
||||||
'bind': {
|
'bind': {
|
||||||
'views': {
|
'views': {
|
||||||
view: {
|
view: {
|
||||||
'rejected_clients': {
|
'acl': {
|
||||||
# reject other views keys
|
f'key {key}'
|
||||||
*{
|
for key in conf['keys']
|
||||||
key
|
|
||||||
for other_view, other_conf in metadata.get('bind/views').items()
|
|
||||||
if other_view != view
|
|
||||||
and not other_conf.get('default')
|
|
||||||
for key in other_conf['keys']
|
|
||||||
},
|
|
||||||
# reject other views acls
|
|
||||||
*{
|
|
||||||
other_view
|
|
||||||
for other_view, other_conf in metadata.get('bind/views').items()
|
|
||||||
if other_view != view
|
|
||||||
and not other_conf.get('default')
|
|
||||||
},
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for view in metadata.get('bind/views')
|
for view, conf in metadata.get('bind/views').items()
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'bind/views',
|
||||||
|
)
|
||||||
|
def reject_keys_from_other_views(metadata):
|
||||||
|
return {
|
||||||
|
'bind': {
|
||||||
|
'views': {
|
||||||
|
view: {
|
||||||
|
'acl': {
|
||||||
|
f'! key {key}'
|
||||||
|
for other_view, other_conf in metadata.get('bind/views').items()
|
||||||
|
if other_view != view
|
||||||
|
for key in other_conf['keys']
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for view, conf in metadata.get('bind/views').items()
|
||||||
|
if not conf.get('default')
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue