Class: Chef::ScanAccessControl
- Inherits:
-
Object
- Object
- Chef::ScanAccessControl
- Defined in:
- lib/chef/scan_access_control.rb
Overview
ScanAccessControl
Reads Access Control Settings on a file and writes them out to a resource (should be the current_resource), attempting to match the style used by the new resource, that is, if users are specified with usernames in new_resource, then the uids from stat will be looked up and usernames will be added to current_resource.
Why?
FileAccessControl objects may operate on a temporary file, in which case we won’t know if the access control settings changed (ex: rendering a template with both a change in content and ownership). For auditing purposes, we need to record the current state of a file system entity. – Not yet sure if this is the optimal way to solve the problem. But it’s progress towards the end goal.
TODO: figure out if all this works with macOS’ negative uids TODO: windows
Instance Attribute Summary collapse
-
#current_resource ⇒ Object
readonly
Returns the value of attribute current_resource.
-
#new_resource ⇒ Object
readonly
Returns the value of attribute new_resource.
Instance Method Summary collapse
- #current_group ⇒ Object
- #current_mode ⇒ Object
- #current_owner ⇒ Object
-
#initialize(new_resource, current_resource) ⇒ ScanAccessControl
constructor
A new instance of ScanAccessControl.
- #lookup_gid ⇒ Object
- #lookup_uid ⇒ Object
-
#set_all! ⇒ Object
Modifies @current_resource, setting the current access control state.
-
#set_group ⇒ Object
Set the group attribute of
current_resource
to whatever the current state is. - #set_mode ⇒ Object
-
#set_owner ⇒ Object
Set the owner attribute of
current_resource
to whatever the current state is. - #stat ⇒ Object
Constructor Details
#initialize(new_resource, current_resource) ⇒ ScanAccessControl
Returns a new instance of ScanAccessControl.
43 44 45 |
# File 'lib/chef/scan_access_control.rb', line 43 def initialize(new_resource, current_resource) @new_resource, @current_resource = new_resource, current_resource end |
Instance Attribute Details
#current_resource ⇒ Object (readonly)
Returns the value of attribute current_resource.
41 42 43 |
# File 'lib/chef/scan_access_control.rb', line 41 def current_resource @current_resource end |
#new_resource ⇒ Object (readonly)
Returns the value of attribute new_resource.
40 41 42 |
# File 'lib/chef/scan_access_control.rb', line 40 def new_resource @new_resource end |
Instance Method Details
#current_group ⇒ Object
93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/chef/scan_access_control.rb', line 93 def current_group case new_resource.group when String, nil lookup_gid when Integer stat.gid else Chef::Log.error("The `group` parameter of the #{@new_resource} resource is set to an invalid value (#{new_resource.owner.inspect})") raise ArgumentError, "cannot resolve #{new_resource.group.inspect} to gid, group must be a string or integer" end end |
#current_mode ⇒ Object
119 120 121 122 123 124 125 126 127 |
# File 'lib/chef/scan_access_control.rb', line 119 def current_mode case new_resource.mode when String, Integer, nil "0#{(stat.mode & 07777).to_s(8)}" else Chef::Log.error("The `mode` parameter of the #{@new_resource} resource is set to an invalid value (#{new_resource.mode.inspect})") raise ArgumentError, "Invalid value #{new_resource.mode.inspect} for `mode` on resource #{@new_resource}" end end |
#current_owner ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/chef/scan_access_control.rb', line 66 def current_owner case new_resource.owner when String, nil lookup_uid when Integer stat.uid else Chef::Log.error("The `owner` parameter of the #{@new_resource} resource is set to an invalid value (#{new_resource.owner.inspect})") raise ArgumentError, "cannot resolve #{new_resource.owner.inspect} to uid, owner must be a string or integer" end end |
#lookup_gid ⇒ Object
105 106 107 108 109 110 111 112 113 |
# File 'lib/chef/scan_access_control.rb', line 105 def lookup_gid unless (pwent = TargetIO::Etc.getgrgid(stat.gid)).nil? pwent.name else stat.gid end rescue ArgumentError stat.gid end |
#lookup_uid ⇒ Object
78 79 80 81 82 83 84 85 86 |
# File 'lib/chef/scan_access_control.rb', line 78 def lookup_uid unless (pwent = TargetIO::Etc.getpwuid(stat.uid)).nil? pwent.name else stat.uid end rescue ArgumentError stat.uid end |
#set_all! ⇒ Object
Modifies @current_resource, setting the current access control state.
48 49 50 51 52 53 54 55 56 |
# File 'lib/chef/scan_access_control.rb', line 48 def set_all! if ::TargetIO::File.exist?(new_resource.path) set_owner set_group set_mode else # leave the values as nil. end end |
#set_group ⇒ Object
Set the group attribute of current_resource
to whatever the current state is.
89 90 91 |
# File 'lib/chef/scan_access_control.rb', line 89 def set_group @current_resource.group(current_group) end |
#set_mode ⇒ Object
115 116 117 |
# File 'lib/chef/scan_access_control.rb', line 115 def set_mode @current_resource.mode(current_mode) end |
#set_owner ⇒ Object
Set the owner attribute of current_resource
to whatever the current state is. Attempts to match the format given in new_resource: if the new_resource specifies the owner as a string, the username for the uid will be looked up and owner will be set to the username, and vice versa.
62 63 64 |
# File 'lib/chef/scan_access_control.rb', line 62 def set_owner @current_resource.owner(current_owner) end |
#stat ⇒ Object
129 130 131 132 133 134 135 136 |
# File 'lib/chef/scan_access_control.rb', line 129 def stat @stat ||= if @new_resource.instance_of?(Chef::Resource::Link) ::TargetIO::File.lstat(@new_resource.path) else realpath = ::TargetIO::File.realpath(@new_resource.path) ::TargetIO::File.stat(realpath) end end |