Class: Chef::FileContentManagement::Deploy::MvWindows

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/file_content_management/deploy/mv_windows.rb

Constant Summary collapse

Security =
Chef::ReservedNames::Win32::Security
ACL =
Security::ACL

Instance Method Summary collapse

Instance Method Details

#create(file) ⇒ Object



37
38
39
40
# File 'lib/chef/file_content_management/deploy/mv_windows.rb', line 37

def create(file)
  Chef::Log.trace("Touching #{file} to create it")
  FileUtils.touch(file)
end

#deploy(src, dst) ⇒ Object



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# File 'lib/chef/file_content_management/deploy/mv_windows.rb', line 42

def deploy(src, dst)
  #
  # At the time of deploy ACLs are correctly configured on the
  # dst. This would be a simple atomic move operations in
  # windows was not converting inherited ACLs of src to
  # non-inherited ACLs in certain cases.See:
  # http://blogs.msdn.com/b/oldnewthing/archive/2006/08/24/717181.aspx
  #

  #
  # First cache the ACLs of dst file
  #

  dst_so = Security::SecurableObject.new(dst)
  begin
    # get the sd with the SACL
    dst_sd = dst_so.security_descriptor(true)
  rescue Chef::Exceptions::Win32APIError
    # Catch and raise if the user is not elevated enough.
    # At this point we can't configure the file as expected so
    # we're failing action on the resource.
    raise Chef::Exceptions::WindowsNotAdmin, "can not get the security information for '#{dst}' due to missing Administrator privileges."
  end

  dacl_present = dst_sd.dacl_present?
  if dacl_present
    if dst_sd.dacl.nil?
      apply_dacl = nil
    else
      apply_dacl = ACL.create(dst_sd.dacl.select { |ace| !ace.inherited? })
    end
  end

  sacl_present = dst_sd.sacl_present?
  if sacl_present
    if dst_sd.sacl.nil?
      apply_sacl = nil
    else
      apply_sacl = ACL.create(dst_sd.sacl.select { |ace| !ace.inherited? })
    end
  end

  #
  # Then deploy the file
  #

  FileUtils.mv(src, dst)

  #
  # Then apply the cached acls to the new dst file
  #

  dst_so = Security::SecurableObject.new(dst)
  dst_so.group = dst_sd.group
  dst_so.owner = dst_sd.owner
  dst_so.set_dacl(apply_dacl, dst_sd.dacl_inherits?) if dacl_present
  dst_so.set_sacl(apply_sacl, dst_sd.sacl_inherits?) if sacl_present
end