tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: Add syntax draft for restricting custom variables 

refs #10965
This commit is contained in:
Eric Lippmann 2016-02-17 13:35:48 +01:00
parent b005df68a2
commit d183919ca3
1 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
modules/monitoring/doc/restrict-custom-variables.md Normal file
View File

@ -0,0 +1,79 @@
# Restrict Access to Custom Variables (WIP)
* Restriction name: monitoring/blacklist/properties
* Restriction value: Comma separated list of GLOB like filters
Imagine the following host custom variable structure.
````
host.vars.
|-- cmdb_name
|-- cmdb_id
|-- cmdb_location
|-- wiki_id
|-- passwords.
| |-- mysql_password
| |-- ldap_password
| `-- mongodb_password
|-- legacy.
| |-- cmdb_name
| |-- mysql_password
| `-- wiki_id
`-- backup.
`-- passwords.
|-- mysql_password
`-- ldap_password
````
`host.vars.cmdb_name`
Blacklists cmdb_name in the first level of the custom variable structure only.
`host.vars.legacy.cmdb_name` is not blacklisted.
`host.vars.cmdb_*`
All custom variables in the first level of the structure which begin with `cmdb_` become blacklisted.
Deeper custom variables are ignored. `host.vars.legacy.cmdb_name` is not blacklisted.
`host.vars.*id`
All custom variables in the first level of the structure which end with `id` become blacklisted.
Deeper custom variables are ignored. `host.vars.legacy.wiki_id` is not blacklisted.
`host.vars.*.mysql_password`
Matches all custom variables on the second level which are equal to `mysql_password`.
`host.vars.*.*password`
Matches all custom variables on the second level which end with `password`.
`host.vars.*.{mysql_password,ldap_password}`
Matches all custorm variables on the second level which equal `mysql_password` or `ldap_password`.
`host.vars.**.*password`
Matches all custom variables on all levels which end with `password`.
Please note the two asterisks, `**`, here for crossing level boundaries. This syntax is used for matching the complete
custom variable structure.
If you want to restrict all custom variables that end with password for both hosts and services, you have to define
the following restriction.
`host.vars.**.*password,service.vars.**.*password`
## Escape Meta Characters
Use backslash to escape the meta characters
* {
* }
* *
* ,
`host.vars.\*fall`
Matches all custom variables in the first level which equal `*fall`.