Class: Policy
- Inherits:
-
Object
- Object
- Policy
- Extended by:
- Forwardable
- Includes:
- Enumerable
- Defined in:
- lib/policy.rb
Defined Under Namespace
Classes: PolicyError
Constant Summary collapse
- VALID_KEYS =
[:name, 'name', :rules, 'rules', :confine, 'confine'].freeze
Instance Attribute Summary collapse
-
#confines ⇒ Object
readonly
Returns the value of attribute confines.
-
#name ⇒ Object
readonly
Returns the value of attribute name.
-
#rules ⇒ Object
readonly
Returns the value of attribute rules.
Instance Method Summary collapse
- #check_rules ⇒ Object
- #enabled? ⇒ Boolean
-
#initialize(policy) ⇒ Policy
constructor
A new instance of Policy.
Constructor Details
#initialize(policy) ⇒ Policy
Returns a new instance of Policy.
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/policy.rb', line 22 def initialize(policy) if (invalid_keys = policy.keys - VALID_KEYS).size > 0 raise PolicyError, "invalid field(s) '#{invalid_keys.join(',')}'" end @name = policy[:name] or policy['name'] or raise PolicyError, 'missing required field "name"' @rules = policy[:rules] or policy['rules'] or raise PolicyError, 'missing required field "rules"' @confines = policy[:confine] or policy['confine'] @confines ||= {} unless @rules.is_a?(Array) raise PolicyError, 'rules field must be an Array' end unless @rules.size > 0 raise PolicyError, 'rules Array must contain at least one rule' end end |
Instance Attribute Details
#confines ⇒ Object (readonly)
Returns the value of attribute confines.
20 21 22 |
# File 'lib/policy.rb', line 20 def confines @confines end |
#name ⇒ Object (readonly)
Returns the value of attribute name.
19 20 21 |
# File 'lib/policy.rb', line 19 def name @name end |
#rules ⇒ Object (readonly)
Returns the value of attribute rules.
18 19 20 |
# File 'lib/policy.rb', line 18 def rules @rules end |
Instance Method Details
#check_rules ⇒ Object
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/policy.rb', line 55 def check_rules # Delay loading rules until Policy is checked. Puppet resources are expensive # and we avoid it incase enabled? = false @rules.map! { |r| Rule.new(r) } result = { :name => @name, :success => true, :rules => [] } @rules.each do |rule| rule_result = rule.check_resources result[:rules] << rule_result result[:success] = false unless rule_result[:success] end result end |
#enabled? ⇒ Boolean
41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/policy.rb', line 41 def enabled? Log.debug { "Checking confine rules for policy - #{@name}" } @confines.each do |fact_name, value| if (fact_value = Facter.value(fact_name)) != value Log.debug { "Skipping policy '#{@name} - #{fact_name}: #{fact_value.inspect} != #{value.inspect}"} return false end end Log.debug { "Policy '#{@name}' passed all confine rules." } true end |