connection

Table of Contents

The context connection is used by the shortcut attribute in access promises to access information about the remote agent requesting access.

access:
    "/var/cfengine/cmdb/$(connection.key).json"
      shortcut   => "me.json",
      admit_keys => { "$(connection.key)" };

Note: The usage of the connection variables is strictly limited to literal strings within the promiser and admit/deny lists of access promise types; they cannot be passed into functions or stored in other variables. These variables can only be used with incoming connections that use protocol_version >=2 ( or "latest" ).

connection.key

This variable contains the public key sha of the connecting client in the form 'SHA=...'.

access:
    "/var/cfengine/cmdb/$(connection.key).json"
      shortcut   => "me.json",
      admit_keys => { "$(connection.key)" };

connection.ip

This variable contains the IP address of the connecting remote agent.

access:
    "/var/cfengine/cmdb/$(connection.ip).json"
      shortcut   => "myip.json",
      admit_keys => { "$(connection.key)" };

connection.hostname

This variable contains the hostname of the connecting client as determined by a reverse DNS lookup from cf-serverd.

access:
    "/var/cfengine/cmdb/$(connection.hostname).json"
      shortcut   => "myhostname.json",
      admit_keys => { "$(connection.key)" };

Note: Reverse lookups are only performed when necessary. To avoid the performance impact of reverse dns lookups for each connection avoid using admit_hostnames, using hostnames in your admit rules, and these connection variables.