[icinga-checkins] icinga.org: icinga-web/r1.5: * Fixed access.xml from siteconfig

git at icinga.org git at icinga.org
Thu Aug 25 16:08:57 CEST 2011


Module: icinga-web
Branch: r1.5
Commit: 55ee11bb6cf559ed880ee4b69634c0e1b53c5268
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=55ee11bb6cf559ed880ee4b69634c0e1b53c5268

Author: Jannis Moßhammer <jannis.mosshammer at netways.de>
Date:   Thu Aug 25 13:53:25 2011 +0200

* Fixed access.xml from siteconfig

---

 etc/sitecfg/access.xml |  224 ++++++++++++++++++++++-------------------------
 1 files changed, 105 insertions(+), 119 deletions(-)

diff --git a/etc/sitecfg/access.xml b/etc/sitecfg/access.xml
index f6f3c70..8d720f9 100644
--- a/etc/sitecfg/access.xml
+++ b/etc/sitecfg/access.xml
@@ -1,130 +1,116 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-    access.xml
-    This files defines which hosts exist, which icinga-instance they represent and which actions can be performed on them.
+<ae:configurations xmlns="http://icinga.org/api/config/parts/access/1.0" xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0">
+    <ae:configuration>
     
-    It conists of three parts: instances, defaults and hosts:
-    -instances:  
-        Simple mapping of instance names to host names,
-    
-    -defaults:
-        Defines read, write, and execute access on files an folders that are used if hosts have the useDefaults flag active
-        Rules will be accessed by their rules, especially important is the icinga_service, icinga_bin and icinga_pipe rules,
-        which define where the service control, the binary and the icinga pipe can be found
-
-    -hosts
-        Defines hosts/servers that can be accessed via icinga-web and which rules to use for them
-        The type can be either 'local', which means that actions will be performed directly on this system or 'ssh', which means
-        that the host will be accessed via ssh (see example below). Not that you need php-libssh2 to use this
-         
+<!--      
+         Map your instances to hosts here 
+        <instances>
+            <instance name="default">localhost</instance>
 
--->
+           
+             include user configs statically 
+        </instances>
 
-<settings prefix="modules.api.access." xmlns="http://agavi.org/agavi/config/parts/module/1.0" xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0">
-    
-    <!-- Map your instances to hosts here -->
-	<setting name="instances">
-        <!-- 
-        example: map instance default to localhost 
-        <ae:parameter name="default">localhost</ae:parameter>
         
+            Default settings that will be set if useDefaults is true
+        
+        <defaults>
+            <defaultHost>localhost</defaultHost>
+            <access>
+                 allowed to read to and from 
+                <readwrite>
+                    <folders>
+           			    <resource name="icinga_objects">/usr/local/icinga/etc/objects</resource>	
+                    </folders>
+                    <files>
+            		<resource name="icinga_cfg">/usr/local/icinga/etc/icinga.cfg</resource>	
+                    </files>
+                </readwrite>
+                 allowed to be read from 
+                <read>
+                </read>
+                 allowed to be written to 
+                <write>
+                    <files>
+                        <resource name="icinga_pipe">/usr/local/icinga/var/rw/icinga.cmd</resource>
+                    </files>
+                </write>
+                 allowed to be executed 
+                <execute>
+                    <files>
+                        <resource name="icinga_service">/etc/init.d/icinga</resource>
+                       
+                        <resource name="icinga_bin">/usr/local/icinga/bin/icinga</resource>
+                        <resource name="echo">/bin/echo</resource>
+                        <resource name="printf">printf</resource>
+                        <resource name="cp">/bin/cp</resource>
+                        <resource name="ls">/bin/ls</resource>
+                        <resource name="grep">/bin/grep</resource>
+                    </files>
+                </execute>
+            </access>
+          
+        </defaults>
         -->
-    </setting>
+        
+        <!-- Hosts that can be accessed via the console interface -->
+<!--        <hosts>
+            <host name="localhost">
+                <type>local</type>
+                 Only allow access to these files, folders or executables 
+                <access useDefaults="true">
+                    <read>
+                        <files>
+                            <resource name="test">test</resource>
+                        </files>  
+                    </read>
 
-    <!--
-        Default settings that will be set if useDefaults is true
-    -->
-    <setting name="defaults">
-        <!-- 
-            sets the default host to use 
-		    <ae:parameter name="host">localhost</ae:parameter>
-        -->
-		<!-- 
-            Define default access rights
-        <ae:parameter name="access">
-			<ae:parameter name="rw">
-				<ae:parameter name="folders">
-				</ae:parameter>
-				<ae:parameter name="files">
-				</ae:parameter>
-			</ae:parameter>
-			<ae:parameter name="r">
-			</ae:parameter>
-			<ae:parameter name="w">
-				<ae:parameter name="files">
-					<ae:parameter name="icinga_pipe">/usr/local/icinga/var/rw/icinga.cmd</ae:parameter>
-				</ae:parameter>
-			</ae:parameter>
-			<ae:parameter name="x">
-				<ae:parameter name="files">
-					<ae:parameter name="icinga_service">/etc/init.d/icinga</ae:parameter>
-					<ae:parameter name="icinga_bin">/usr/local/icinga/bin/icinga</ae:parameter>
-					<ae:parameter name="echo">/bin/echo</ae:parameter>
-					<ae:parameter name="printf">printf</ae:parameter>
-					<ae:parameter name="cp">/bin/cp</ae:parameter>
-					<ae:parameter name="ls">/bin/ls</ae:parameter>
-					<ae:parameter name="grep">/bin/grep</ae:parameter>
-				</ae:parameter>
-			</ae:parameter>
-		</ae:parameter>						
-       --> 
-	</setting>
-	
-	
-	<!-- Hosts that can be accessed via the console interface -->
-	<setting name="hosts">
-	<!-- localhost overwrite
-    	<ae:parameter name="localhost">
-			<ae:parameter name="type">local</ae:parameter>
+                    
+                </access>
+            </host>-->
+            
+            <!--  Example for ssh connection with user/password auth -->
+<!--            <host name="vm_host1">
+                <type>ssh</type>
+                <ssh-config>
+                    <host>localhost</host>
+                    <port>22</port>
+                    <auth>
+                        <type>password</type>
+                        <user>jmosshammer</user>
+                        <password>test</password>
+                    </auth>
+                </ssh-config> 
+                
+                <access useDefaults="true" />
+               
+            </host>-->
 
-			<ae:parameter name="access">
-				<ae:parameter name="useDefaults">true</ae:parameter>
-			</ae:parameter>
-		</ae:parameter>
-    -->
-		<!--  Example for ssh connection with user/password auth -->
-<!--		<ae:parameter name="vm_host1">
-			<ae:parameter name="type">ssh</ae:parameter>
-			<ae:parameter name="ssh">
-				<ae:parameter name="host">localhost</ae:parameter>
-				<ae:parameter name="port">22</ae:parameter>
-				<ae:parameter name="auth">
-					<ae:parameter name="type">password</ae:parameter>
-					<ae:parameter name="user">jmosshammer</ae:parameter>
-					<ae:parameter name="password">test</ae:parameter>
-				</ae:parameter>
-			</ae:parameter> 
-			<ae:parameter name="access">
-				<ae:parameter name="useDefaults">true</ae:parameter>
-			</ae:parameter>	
-			
-		</ae:parameter>
 
--->
-<!--
-		  This is experimental, try to avoid password encrypted keyfiles when encountering errors
-		  Example for ssh connection with pubkey auth -->					
-<!--	<ae:parameter name="vm_host2">
-			<ae:parameter name="type">ssh</ae:parameter>
-			<ae:parameter name="ssh">
-				<ae:parameter name="host">localhost</ae:parameter>
-				<ae:parameter name="port">22</ae:parameter>
-				<ae:parameter name="auth">
-					<ae:parameter name="type">key</ae:parameter>
-					<ae:parameter name="user">testuser</ae:parameter>
-					<ae:parameter name="pubKey">/usr/local/icinga-web/app/modules/Api/lib/.ssh/host1_rsa.pub</ae:parameter>
-					<ae:parameter name="privKey">/usr/local/icinga-web/app/modules/Api/lib/.ssh/host1_rsa</ae:parameter>
-					<ae:parameter name="password">secret123</ae:parameter>
-				</ae:parameter>
-			</ae:parameter> 
-			
-		
-			<ae:parameter name="access">
-				<ae:parameter name="useDefaults">true</ae:parameter>
-			</ae:parameter>	
-		</ae:parameter>
--->
+    <!--
+              This is experimental, try to avoid password encrypted keyfiles when encountering errors
+              Example for ssh connection with pubkey auth -->					
+    <!--	
+            <host name="vm_host2">
+                <type>ssh</type>
+                <ssh-config>
+                    <host>localhost</ae:parameter>
+                    <port>22</ae:parameter>
+                    <auth>
+                        <type>key</type>
+                        <user>testuser</user>	
+                        <private-key>/usr/local/icinga-web/app/modules/Api/lib/.ssh/host1_rsa</private-key>
+                        <password>secret123</password>
+                    </auth>
+                </ssh-config> 
+                
+            
+                <access useDefaults="true" />
+            </host>
+  
+
 
-	</setting>
+        </hosts>  -->	
 
-</settings>
+    </ae:configuration>
+</ae:configurations>





More information about the icinga-checkins mailing list