### Authenticated ACL - those applies only when the client### has a valid cert

1. ### Authenticated ACL - those applies only when the client
2. ### has a valid certificate and is thus authenticated
3.  
4. # allow nodes to retrieve their own catalog (ie their configuration)
5. path ~ ^/catalog/([^/]+)$
6. method find
7. allow $1
8.  
9. # allow nodes to retrieve their own node definition
10. path ~ ^/node/([^/]+)$
11. method find
12. allow $1
13.  
14. # allow all nodes to access the certificates services
15. path /certificate_revocation_list/ca
16. method find
17. allow *
18.  
19. # allow all nodes to store their own reports
20. path ~ ^/report/([^/]+)$
21. method save
22. allow $1
23.  
24. # inconditionnally allow access to all files services
25. # which means in practice that fileserver.conf will
26. # still be used
27. path /file
28. allow *
29.  
30. ### Unauthenticated ACL, for clients for which the current master doesn't
31. ### have a valid certificate; we allow authenticated users, too, because
32. ### there isn't a great harm in letting that request through.
33.  
34. # allow access to the master CA
35. path /certificate/ca
36. auth any
37. method find
38. allow *
39.  
40. path /certificate/
41. auth any
42. method find
43. allow *
44.  
45. path /certificate_request
46. auth any
47. method find, save
48. allow *
49.  
50. # this one is not stricly necessary, but it has the merit
51. # to show the default policy which is deny everything else
52. path /
53. auth any
54.  
55. path /file_metadata
56. auth any
57. allow *