Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### Authenticated ACL - those applies only when the client
- ### has a valid certificate and is thus authenticated
- # allow nodes to retrieve their own catalog (ie their configuration)
- path ~ ^/catalog/([^/]+)$
- method find
- allow $1
- # allow nodes to retrieve their own node definition
- path ~ ^/node/([^/]+)$
- method find
- allow $1
- # allow all nodes to access the certificates services
- path /certificate_revocation_list/ca
- method find
- allow *
- # allow all nodes to store their own reports
- path ~ ^/report/([^/]+)$
- method save
- allow $1
- # inconditionnally allow access to all files services
- # which means in practice that fileserver.conf will
- # still be used
- path /file
- allow *
- ### Unauthenticated ACL, for clients for which the current master doesn't
- ### have a valid certificate; we allow authenticated users, too, because
- ### there isn't a great harm in letting that request through.
- # allow access to the master CA
- path /certificate/ca
- auth any
- method find
- allow *
- path /certificate/
- auth any
- method find
- allow *
- path /certificate_request
- auth any
- method find, save
- allow *
- # this one is not stricly necessary, but it has the merit
- # to show the default policy which is deny everything else
- path /
- auth any
- path /file_metadata
- auth any
- allow *
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement