mirror of
https://github.com/valitydev/salt.git
synced 2024-11-09 01:36:48 +00:00
adding ip restrictions
Adding code to restrict access based on a simple list of IP addresses. Added new "tool" (salt_ip_verify_tool) and reading the list of allowed IPs from the salt master config.
This commit is contained in:
parent
8aedd948e3
commit
2001669011
@ -197,6 +197,32 @@ def salt_token_tool():
|
||||
cherrypy.request.cookie['session_id'] = x_auth
|
||||
|
||||
|
||||
def salt_ip_verify_tool():
|
||||
'''
|
||||
If there is a list of restricted IPs, verify current
|
||||
client is coming from one of those IPs.
|
||||
'''
|
||||
# This is overly cumbersome and crude,
|
||||
# But, it's also safe... ish...
|
||||
salt_config = cherrypy.config.get('saltopts', None)
|
||||
if salt_config:
|
||||
cherrypy_conf = salt_config.get('rest_cherrypy', None)
|
||||
if cherrypy_conf:
|
||||
auth_ip_list = cherrypy_conf.get('authorized_ips', None)
|
||||
if auth_ip_list:
|
||||
print auth_ip_list
|
||||
logger.debug("Found IP list: {0}".format(auth_ip_list))
|
||||
rem_ip = cherrypy.request.headers.get('Remote-Addr', None)
|
||||
logger.debug("Request from IP: {0}".format(rem_ip))
|
||||
if not rem_ip in auth_ip_list:
|
||||
logger.error("Blocked IP: {0}".format(rem_ip))
|
||||
cherrypy.response.status = 403
|
||||
return {
|
||||
'status': cherrypy.response.status,
|
||||
'return': "Bad IP",
|
||||
}
|
||||
|
||||
|
||||
def salt_auth_tool():
|
||||
'''
|
||||
Redirect all unauthenticated requests to the login page
|
||||
@ -205,8 +231,6 @@ def salt_auth_tool():
|
||||
if not cherrypy.session.has_key('token'):
|
||||
raise cherrypy.InternalRedirect('/login')
|
||||
|
||||
print cherrypy.config
|
||||
|
||||
# Session is authenticated; inform caches
|
||||
cherrypy.response.headers['Cache-Control'] = 'private'
|
||||
|
||||
@ -393,6 +417,7 @@ class LowDataAdapter(object):
|
||||
|
||||
'tools.hypermedia_out.on': True,
|
||||
'tools.hypermedia_in.on': True,
|
||||
'tools.salt_ip_verify.on': True,
|
||||
}
|
||||
|
||||
def __init__(self):
|
||||
@ -1143,5 +1168,7 @@ def get_app(opts):
|
||||
salt_auth_tool, priority=60)
|
||||
cherrypy.tools.hypermedia_out = cherrypy.Tool('before_handler',
|
||||
hypermedia_out)
|
||||
cherrypy.tools.salt_ip_verify = cherrypy.Tool('before_handler',
|
||||
salt_ip_verify_tool)
|
||||
|
||||
return root, apiopts, cpyopts
|
||||
|
Loading…
Reference in New Issue
Block a user