Class: Chef::Provider::Group::Dscl

Inherits:
Chef::Provider::Group show all
Defined in:
lib/chef/provider/group/dscl.rb

Instance Attribute Summary

Attributes inherited from Chef::Provider::Group

#change_desc, #group_exists

Attributes inherited from Chef::Provider

#action, #after_resource, #current_resource, #logger, #new_resource, #run_context

Instance Method Summary collapse

Methods inherited from Chef::Provider::Group

#compare_group, #group_gid_match?, #group_members_match?, #has_current_group_member?, #initialize, #validate_member!

Methods inherited from Chef::Provider

action, action_description, action_descriptions, #action_nothing, #check_resource_semantics!, #cleanup_after_converge, #compile_and_converge_action, #converge_by, #converge_if_changed, #cookbook_name, #description, #events, include_resource_dsl?, include_resource_dsl_module, #initialize, #introduced, #load_after_resource, #node, #process_resource_requirements, provides, provides?, #recipe_name, #requirements, #resource_collection, #resource_updated?, #run_action, #set_updated_status, supports?, use, use_inline_resources, #validate_required_properties!, #whyrun_mode?, #whyrun_supported?

Methods included from Mixin::Provides

#provided_as, #provides, #provides?

Methods included from Mixin::DescendantsTracker

#descendants, descendants, direct_descendants, #direct_descendants, find_descendants_by_name, #find_descendants_by_name, #inherited, store_inherited

Methods included from Mixin::LazyModuleInclude

#descendants, #include, #included

Methods included from Mixin::PowershellOut

#powershell_out, #powershell_out!

Methods included from Mixin::WindowsArchitectureHelper

#assert_valid_windows_architecture!, #disable_wow64_file_redirection, #forced_32bit_override_required?, #is_i386_process_on_x86_64_windows?, #node_supports_windows_architecture?, #node_windows_architecture, #restore_wow64_file_redirection, #valid_windows_architecture?, #with_os_architecture, #wow64_architecture_override_required?, #wow64_directory

Methods included from DSL::Secret

#default_secret_config, #default_secret_service, #secret, #with_secret_config, #with_secret_service

Methods included from DSL::RenderHelpers

#render_json, #render_toml, #render_yaml

Methods included from DSL::ReaderHelpers

#parse_file, #parse_json, #parse_toml, #parse_yaml

Methods included from DSL::Powershell

#ps_credential

Methods included from DSL::RegistryHelper

#registry_data_exists?, #registry_get_subkeys, #registry_get_values, #registry_has_subkeys?, #registry_key_exists?, #registry_value_exists?

Methods included from DSL::ChefVault

#chef_vault, #chef_vault_item, #chef_vault_item_for_environment

Methods included from DSL::DataQuery

#data_bag, #data_bag_item, #search, #tagged?

Methods included from EncryptedDataBagItem::CheckEncrypted

#encrypted?

Methods included from DSL::PlatformIntrospection

#older_than_win_2012_or_8?, #platform?, #platform_family?, #value_for_platform, #value_for_platform_family

Methods included from DSL::Recipe

#exec, #have_resource_class_for?, #resource_class_for

Methods included from DSL::Definitions

add_definition, #evaluate_resource_definition, #has_resource_definition?

Methods included from DSL::Resources

add_resource_dsl, remove_resource_dsl

Methods included from DSL::Cheffish

load_cheffish

Methods included from DSL::RebootPending

#reboot_pending?

Methods included from DSL::IncludeRecipe

#include_recipe, #load_recipe

Methods included from Mixin::NotifyingBlock

#notifying_block, #subcontext_block

Methods included from DSL::DeclareResource

#build_resource, #declare_resource, #delete_resource, #delete_resource!, #edit_resource, #edit_resource!, #find_resource, #find_resource!, #resources, #with_run_context

Methods included from DSL::Compliance

#include_input, #include_profile, #include_waiver

Constructor Details

This class inherits a constructor from Chef::Provider::Group

Instance Method Details

#create_groupObject



151
152
153
154
155
# File 'lib/chef/provider/group/dscl.rb', line 151

def create_group
  dscl_create_group
  set_gid
  set_members
end

#define_resource_requirementsObject



142
143
144
145
146
147
148
149
# File 'lib/chef/provider/group/dscl.rb', line 142

def define_resource_requirements
  super
  requirements.assert(:all_actions) do |a|
    a.assertion { ::File.exist?("/usr/bin/dscl") }
    a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/bin/dscl for #{new_resource.name}"
    # No whyrun alternative: this component should be available in the base install of any given system that uses it
  end
end

#dscl(*args) ⇒ Object



26
27
28
29
30
31
32
33
34
35
36
# File 'lib/chef/provider/group/dscl.rb', line 26

def dscl(*args)
  argdup = args.dup
  cmd = argdup.shift
  shellcmd = [ "dscl", ".", "-#{cmd}", argdup ]
  status = shell_out(shellcmd)
  stdout_result = ""
  stderr_result = ""
  status.stdout.each_line { |line| stdout_result << line }
  status.stderr.each_line { |line| stderr_result << line }
  [shellcmd.flatten.compact.join(" "), status, stdout_result, stderr_result]
end

#dscl_create_groupObject



169
170
171
172
# File 'lib/chef/provider/group/dscl.rb', line 169

def dscl_create_group
  safe_dscl("create", "/Groups/#{new_resource.group_name}")
  safe_dscl("create", "/Groups/#{new_resource.group_name}", "Password", "*")
end

#get_free_gid(search_limit = 1000) ⇒ Object

get a free GID greater than 200



76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/chef/provider/group/dscl.rb', line 76

def get_free_gid(search_limit = 1000)
  gid = nil; next_gid_guess = 200
  groups_gids = safe_dscl("list", "/Groups", "gid")
  while next_gid_guess < search_limit + 200
    if groups_gids&.match?(Regexp.new("#{Regexp.escape(next_gid_guess.to_s)}\n"))
      next_gid_guess += 1
    else
      gid = next_gid_guess
      break
    end
  end
  gid || raise("gid not found. Exhausted. Searched #{search_limit} times")
end

#gid_used?(gid) ⇒ Boolean

Returns:

  • (Boolean)


90
91
92
93
94
95
96
97
98
99
# File 'lib/chef/provider/group/dscl.rb', line 90

def gid_used?(gid)
  return false unless gid

  search_gids = safe_dscl("search", "/Groups", "PrimaryGroupID", gid.to_s)

  # dscl -search should not return anything if the gid doesn't exist,
  # but on the off-chance that it does, check whether the given gid is
  # in the output.
  !!(search_gids =~ /\b#{gid}\b/)
end

#load_current_resourceObject



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/chef/provider/group/dscl.rb', line 47

def load_current_resource
  @current_resource = Chef::Resource::Group.new(new_resource.name)
  current_resource.group_name(new_resource.group_name)
  group_info = nil
  begin
    group_info = safe_dscl("read", "/Groups/#{new_resource.group_name}")
  rescue Chef::Exceptions::Group
    @group_exists = false
    logger.trace("#{new_resource} group does not exist")
  end

  if group_info
    group_info.each_line do |line|
      key, val = line.split(": ")
      val.strip! if val
      case key.downcase
      when "primarygroupid"
        new_resource.gid(val) unless new_resource.gid
        current_resource.gid(val)
      when "groupmembership"
        current_resource.members(val.split(" "))
      end
    end
  end

  current_resource
end

#manage_groupObject



157
158
159
160
161
162
163
164
165
166
167
# File 'lib/chef/provider/group/dscl.rb', line 157

def manage_group
  if new_resource.group_name && (current_resource.group_name != new_resource.group_name)
    dscl_create_group
  end
  if new_resource.gid && (current_resource.gid != new_resource.gid.to_s)
    set_gid
  end
  if new_resource.members || new_resource.excluded_members
    set_members
  end
end

#remove_groupObject



174
175
176
# File 'lib/chef/provider/group/dscl.rb', line 174

def remove_group
  safe_dscl("delete", "/Groups/#{new_resource.group_name}")
end

#safe_dscl(*args) ⇒ Object



38
39
40
41
42
43
44
45
# File 'lib/chef/provider/group/dscl.rb', line 38

def safe_dscl(*args)
  result = dscl(*args)
  return "" if ( args.first =~ /^delete/ ) && ( result[1].exitstatus != 0 )
  raise(Chef::Exceptions::Group, "dscl error: #{result.inspect}") unless result[1].exitstatus == 0
  raise(Chef::Exceptions::Group, "dscl error: #{result.inspect}") if /No such key: /.match?(result[2])

  result[2]
end

#set_gidObject



101
102
103
104
105
106
# File 'lib/chef/provider/group/dscl.rb', line 101

def set_gid
  new_resource.gid(get_free_gid) if [nil, ""].include? new_resource.gid
  raise(Chef::Exceptions::Group, "gid is already in use") if gid_used?(new_resource.gid)

  safe_dscl("create", "/Groups/#{new_resource.group_name}", "PrimaryGroupID", new_resource.gid)
end

#set_membersObject



108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# File 'lib/chef/provider/group/dscl.rb', line 108

def set_members
  # First reset the memberships if the append is not set
  unless new_resource.append
    logger.trace("#{new_resource} removing group members #{current_resource.members.join(" ")}") unless current_resource.members.empty?
    safe_dscl("create", "/Groups/#{new_resource.group_name}", "GroupMembers", "") # clear guid list
    safe_dscl("create", "/Groups/#{new_resource.group_name}", "GroupMembership", "") # clear user list
    current_resource.members([ ])
  end

  # Add any members that need to be added
  if new_resource.members && !new_resource.members.empty?
    members_to_be_added = [ ]
    new_resource.members.each do |member|
      members_to_be_added << member unless current_resource.members.include?(member)
    end
    unless members_to_be_added.empty?
      logger.trace("#{new_resource} setting group members #{members_to_be_added.join(", ")}")
      safe_dscl("append", "/Groups/#{new_resource.group_name}", "GroupMembership", *members_to_be_added)
    end
  end

  # Remove any members that need to be removed
  if new_resource.excluded_members && !new_resource.excluded_members.empty?
    members_to_be_removed = [ ]
    new_resource.excluded_members.each do |member|
      members_to_be_removed << member if current_resource.members.include?(member)
    end
    unless members_to_be_removed.empty?
      logger.trace("#{new_resource} removing group members #{members_to_be_removed.join(", ")}")
      safe_dscl("delete", "/Groups/#{new_resource.group_name}", "GroupMembership", *members_to_be_removed)
    end
  end
end