Module: Chef::Mixin::Securable::WindowsMacros
- Defined in:
- lib/chef/mixin/securable.rb
Overview
should this be separated into different files?
Defines methods for adding attributes to a chef resource to describe Windows file security metadata.
This module is meant to be used to extend a class (instead of ‘include`-ing). A class is automatically extended with this module when it includes WindowsSecurableAttributes.
Instance Method Summary collapse
-
#rights_attribute(name) ⇒ Object
“meta-method” for dynamically creating rights attributes on resources.
Instance Method Details
#rights_attribute(name) ⇒ Object
“meta-method” for dynamically creating rights attributes on resources.
Multiple rights attributes can be declared. This enables resources to have multiple rights attributes with separate runtime states.
For example, Chef::Resource::RemoteDirectory supports different rights on the directories and files by declaring separate rights attributes for each (rights and files_rights).
User Level API
Given a resource that calls
rights_attribute(:rights)
Then the resource DSL could be used like this:
rights :read, ["Administrators","Everyone"]
rights :deny, "Pinky"
rights :full_control, "Users", :applies_to_children => true
rights :write, "John Keiser", :applies_to_children => :containers_only, :applies_to_self => false, :one_level_deep => true
Internal Data Structure
rights attributes support multiple right declarations in a single resource block–the data will be merged into a single internal hash.
The internal representation is a hash with the following keys:
-
‘:permissions`: Integer of Windows permissions flags, 1..2^32
or one of ‘[:full_control, :modify, :read_execute, :read, :write]`
-
‘:principals`: String or Array of Strings representing usernames on
the system.
-
‘:applies_to_children` (optional): Boolean
-
‘:applies_to_self` (optional): Boolean
-
‘:one_level_deep` (optional): Boolean
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'lib/chef/mixin/securable.rb', line 106 def rights_attribute(name) # equivalent to something like: # def rights(permissions=nil, principals=nil, args_hash=nil) define_method(name) do | = nil, principals = nil, args_hash = nil| rights = instance_variable_get("@#{name}".to_sym) unless .nil? input = { permissions: , principals: principals, } input.merge!(args_hash) unless args_hash.nil? validations = { permissions: { required: true }, principals: { required: true, kind_of: [String, Array] }, applies_to_children: { equal_to: [ true, false, :containers_only, :objects_only ] }, applies_to_self: { kind_of: [ TrueClass, FalseClass ] }, one_level_deep: { kind_of: [ TrueClass, FalseClass ] }, } validate(input, validations) [ ].flatten.each do || if .is_a?(Integer) if < 0 || > 1 << 32 raise ArgumentError, "permissions flags must be positive and <= 32 bits (#{})" end elsif !(%i{full_control modify read_execute read write}.include?(.to_sym)) raise ArgumentError, "permissions property must be :full_control, :modify, :read_execute, :read, :write or an integer representing Windows permission flags" end end [ principals ].flatten.each do |principal| unless principal.is_a?(String) raise ArgumentError, "principals property must be a string or array of strings representing usernames" end end if input[:applies_to_children] == false if input[:applies_to_self] == false raise ArgumentError, "'rights' property must specify either :applies_to_children or :applies_to_self." end if input[:one_level_deep] == true raise ArgumentError, "'rights' property specified :one_level_deep without specifying :applies_to_children." end end rights ||= [] rights << input end set_or_return( name, rights, {} ) end end |