Class: Chef::Provider::Group::Dscl

Inherits:

Chef::Provider::Group

Object
Chef::Provider
Chef::Provider::Group
Chef::Provider::Group::Dscl

show all

Defined in:: lib/chef/provider/group/dscl.rb

Instance Attribute Summary

Attributes inherited from Chef::Provider::Group

#change_desc, #group_exists

Attributes inherited from Chef::Provider

#action, #after_resource, #current_resource, #logger, #new_resource, #run_context

Instance Method Summary collapse

Constructor Details

This class inherits a constructor from Chef::Provider::Group

Instance Method Details

#create_group ⇒ `Object`

# File 'lib/chef/provider/group/dscl.rb', line 151

def create_group
  dscl_create_group
  set_gid
  set_members
end

#define_resource_requirements ⇒ `Object`

# File 'lib/chef/provider/group/dscl.rb', line 142

def define_resource_requirements
  super
  requirements.assert(:all_actions) do |a|
    a.assertion { ::File.exist?("/usr/bin/dscl") }
    a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/bin/dscl for #{new_resource.name}"
    # No whyrun alternative: this component should be available in the base install of any given system that uses it
  end
end

#dscl(*args) ⇒ `Object`

# File 'lib/chef/provider/group/dscl.rb', line 26

def dscl(*args)
  argdup = args.dup
  cmd = argdup.shift
  shellcmd = [ "dscl", ".", "-#{cmd}", argdup ]
  status = shell_out(shellcmd)
  stdout_result = ""
  stderr_result = ""
  status.stdout.each_line { |line| stdout_result << line }
  status.stderr.each_line { |line| stderr_result << line }
  [shellcmd.flatten.compact.join(" "), status, stdout_result, stderr_result]
end

#dscl_create_group ⇒ `Object`

# File 'lib/chef/provider/group/dscl.rb', line 169

def dscl_create_group
  safe_dscl("create", "/Groups/#{new_resource.group_name}")
  safe_dscl("create", "/Groups/#{new_resource.group_name}", "Password", "*")
end

#get_free_gid(search_limit = 1000) ⇒ `Object`

get a free GID greater than 200

# File 'lib/chef/provider/group/dscl.rb', line 76

def get_free_gid(search_limit = 1000)
  gid = nil; next_gid_guess = 200
  groups_gids = safe_dscl("list", "/Groups", "gid")
  while next_gid_guess < search_limit + 200
    if groups_gids&.match?(Regexp.new("#{Regexp.escape(next_gid_guess.to_s)}\n"))
      next_gid_guess += 1
    else
      gid = next_gid_guess
      break
    end
  end
  gid || raise("gid not found. Exhausted. Searched #{search_limit} times")
end

#gid_used?(gid) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/chef/provider/group/dscl.rb', line 90

def gid_used?(gid)
  return false unless gid

  search_gids = safe_dscl("search", "/Groups", "PrimaryGroupID", gid.to_s)

  # dscl -search should not return anything if the gid doesn't exist,
  # but on the off-chance that it does, check whether the given gid is
  # in the output.
  !!(search_gids =~ /\b#{gid}\b/)
end

#load_current_resource ⇒ `Object`

# File 'lib/chef/provider/group/dscl.rb', line 47

def load_current_resource
  @current_resource = Chef::Resource::Group.new(new_resource.name)
  current_resource.group_name(new_resource.group_name)
  group_info = nil
  begin
    group_info = safe_dscl("read", "/Groups/#{new_resource.group_name}")
  rescue Chef::Exceptions::Group
    @group_exists = false
    logger.trace("#{new_resource} group does not exist")
  end

  if group_info
    group_info.each_line do |line|
      key, val = line.split(": ")
      val.strip! if val
      case key.downcase
      when "primarygroupid"
        new_resource.gid(val) unless new_resource.gid
        current_resource.gid(val)
      when "groupmembership"
        current_resource.members(val.split(" "))
      end
    end
  end

  current_resource
end

#manage_group ⇒ `Object`

# File 'lib/chef/provider/group/dscl.rb', line 157

def manage_group
  if new_resource.group_name && (current_resource.group_name != new_resource.group_name)
    dscl_create_group
  end
  if new_resource.gid && (current_resource.gid != new_resource.gid.to_s)
    set_gid
  end
  if new_resource.members || new_resource.excluded_members
    set_members
  end
end

#remove_group ⇒ `Object`



174
175
176

# File 'lib/chef/provider/group/dscl.rb', line 174

def remove_group
  safe_dscl("delete", "/Groups/#{new_resource.group_name}")
end

#safe_dscl(*args) ⇒ `Object`

Raises:

(Chef::Exceptions::Group)

# File 'lib/chef/provider/group/dscl.rb', line 38

def safe_dscl(*args)
  result = dscl(*args)
  return "" if ( args.first =~ /^delete/ ) && ( result[1].exitstatus != 0 )
  raise(Chef::Exceptions::Group, "dscl error: #{result.inspect}") unless result[1].exitstatus == 0
  raise(Chef::Exceptions::Group, "dscl error: #{result.inspect}") if /No such key: /.match?(result[2])

  result[2]
end

#set_gid ⇒ `Object`

Raises:

(Chef::Exceptions::Group)

# File 'lib/chef/provider/group/dscl.rb', line 101

def set_gid
  new_resource.gid(get_free_gid) if [nil, ""].include? new_resource.gid
  raise(Chef::Exceptions::Group, "gid is already in use") if gid_used?(new_resource.gid)

  safe_dscl("create", "/Groups/#{new_resource.group_name}", "PrimaryGroupID", new_resource.gid)
end

#set_members ⇒ `Object`

# File 'lib/chef/provider/group/dscl.rb', line 108

def set_members
  # First reset the memberships if the append is not set
  unless new_resource.append
    logger.trace("#{new_resource} removing group members #{current_resource.members.join(" ")}") unless current_resource.members.empty?
    safe_dscl("create", "/Groups/#{new_resource.group_name}", "GroupMembers", "") # clear guid list
    safe_dscl("create", "/Groups/#{new_resource.group_name}", "GroupMembership", "") # clear user list
    current_resource.members([ ])
  end

  # Add any members that need to be added
  if new_resource.members && !new_resource.members.empty?
    members_to_be_added = [ ]
    new_resource.members.each do |member|
      members_to_be_added << member unless current_resource.members.include?(member)
    end
    unless members_to_be_added.empty?
      logger.trace("#{new_resource} setting group members #{members_to_be_added.join(", ")}")
      safe_dscl("append", "/Groups/#{new_resource.group_name}", "GroupMembership", *members_to_be_added)
    end
  end

  # Remove any members that need to be removed
  if new_resource.excluded_members && !new_resource.excluded_members.empty?
    members_to_be_removed = [ ]
    new_resource.excluded_members.each do |member|
      members_to_be_removed << member if current_resource.members.include?(member)
    end
    unless members_to_be_removed.empty?
      logger.trace("#{new_resource} removing group members #{members_to_be_removed.join(", ")}")
      safe_dscl("delete", "/Groups/#{new_resource.group_name}", "GroupMembership", *members_to_be_removed)
    end
  end
end

Class: Chef::Provider::Group::Dscl

Instance Attribute Summary

Attributes inherited from Chef::Provider::Group

Attributes inherited from Chef::Provider

Instance Method Summary collapse

Methods inherited from Chef::Provider::Group

Methods inherited from Chef::Provider

Methods included from Mixin::Provides

Methods included from Mixin::DescendantsTracker

Methods included from Mixin::LazyModuleInclude

Methods included from Mixin::PowershellOut

Methods included from Mixin::WindowsArchitectureHelper

Methods included from DSL::Secret

Methods included from DSL::RenderHelpers

Methods included from DSL::ReaderHelpers

Methods included from DSL::Powershell

Methods included from DSL::RegistryHelper

Methods included from DSL::ChefVault

Methods included from DSL::DataQuery

Methods included from EncryptedDataBagItem::CheckEncrypted

Methods included from DSL::PlatformIntrospection

Methods included from DSL::Recipe

Methods included from DSL::Definitions

Methods included from DSL::Resources

Methods included from DSL::Cheffish

Methods included from DSL::RebootPending

Methods included from DSL::IncludeRecipe

Methods included from Mixin::NotifyingBlock

Methods included from DSL::DeclareResource

Methods included from DSL::Compliance

Constructor Details

Instance Method Details

#create_group ⇒ Object

#define_resource_requirements ⇒ Object

#dscl(*args) ⇒ Object

#dscl_create_group ⇒ Object

#get_free_gid(search_limit = 1000) ⇒ Object

#gid_used?(gid) ⇒ Boolean

#load_current_resource ⇒ Object

#manage_group ⇒ Object

#remove_group ⇒ Object

#safe_dscl(*args) ⇒ Object

#set_gid ⇒ Object

#set_members ⇒ Object

#create_group ⇒ `Object`

#define_resource_requirements ⇒ `Object`

#dscl(*args) ⇒ `Object`

#dscl_create_group ⇒ `Object`

#get_free_gid(search_limit = 1000) ⇒ `Object`

#gid_used?(gid) ⇒ `Boolean`

#load_current_resource ⇒ `Object`

#manage_group ⇒ `Object`

#remove_group ⇒ `Object`

#safe_dscl(*args) ⇒ `Object`

#set_gid ⇒ `Object`

#set_members ⇒ `Object`