Fix implementation following backend scenario.

Backend will know (somehow) list of possible frontends which are allowed to access it -- and fully it. Snippet for security per location is left for future frontend implementation.

Fix implementation following backend scenario.
Backend will know (somehow) list of possible frontends which are allowed to access it -- and fully it. Snippet for security per location is left for future frontend implementation.
d07200b8 · Łukasz Nowak · 8e41481c · d07200b8 · d07200b8
Commit d07200b8 authored May 17, 2011 by Łukasz Nowak
2 changed files
--- a/slapos/recipe/erp5/src/slapos/recipe/erp5/__init__.py
+++ b/slapos/recipe/erp5/src/slapos/recipe/erp5/__init__.py
@@ -697,17 +697,18 @@ class Recipe(BaseSlapRecipe):
    return apache_conf

  def _writeApacheConfiguration(self, prefix, apache_conf, backend,
-      location_access_mapping=None):
-    if location_access_mapping is None:
-      location_access_mapping = {}
+      access_control_string=None):
    rewrite_rule_template = \
        "RewriteRule (.*) http://%(backend)s$1 [L,P]"
-    path_template = pkg_resources.resource_string(__name__,
-      'template/apache.zope.conf.path.in')
-    if location_access_mapping is None:
+    if access_control_string is None:
+      path_template = pkg_resources.resource_string(__name__,
+        'template/apache.zope.conf.path.in')
      path = path_template % dict(path='/')
    else:
-      path = ''
+      path_template = pkg_resources.resource_string(__name__,
+        'template/apache.zope.conf.path-protected.in')
+      path = path_template % dict(path='/',
+          access_control_string=access_control_string)
    d = dict(
          path=path,
          backend=backend,
@@ -722,15 +723,10 @@ class Recipe(BaseSlapRecipe):
    ))
    apache_conf_string = pkg_resources.resource_string(__name__,
          'template/apache.zope.conf.in') % apache_conf
-    location_template = pkg_resources.resource_string(__name__,
-          'template/apache.location-snippet.conf.in')
-    for location, allow_string in location_access_mapping.iteritems():
-      apache_conf_string += '\n' + location_template % dict(location=location,
-          allow_string=allow_string) + '\n'
    return self.createConfigurationFile(prefix + '.conf', apache_conf_string)

  def installLoginApache(self, ip, port, backend, key, certificate,
-      suffix='', location_access_mapping=None):
+      suffix='', access_control_string=None):
    ssl_template = """SSLEngine on
 SSLCertificateFile %(login_certificate)s
 SSLCertificateKeyFile %(login_key)s
@@ -743,7 +739,7 @@ SSLRandomSeed connect builtin
    apache_conf['ssl_snippet'] = ssl_template % dict(
        login_certificate=certificate, login_key=key)
    apache_config_file = self._writeApacheConfiguration('login_apache'+suffix,
-        apache_conf, backend, location_access_mapping)
+        apache_conf, backend, access_control_string)
    self.path_list.append(apache_config_file)
    self.path_list.extend(zc.buildout.easy_install.scripts([(
      'login_apache'+suffix,

--- a/slapos/recipe/erp5/src/slapos/recipe/erp5/template/apache.zope.conf.path-protected.in
+++ b/slapos/recipe/erp5/src/slapos/recipe/erp5/template/apache.zope.conf.path-protected.in
+# Path protected
+<Location %(path)s>
+  Order Deny,Allow
+  Deny from all
+  Allow from %(access_control_string)s
+</Location>
+