Class: Policy

Inherits:

Object

• Object
• Policy

Extended by:

Forwardable

Includes:

Enumerable

Defined in:

lib/policy.rb

Defined Under Namespace

Classes: PolicyError

Constant Summary

VALID_KEYS =

[:name, 'name', :rules, 'rules', :confine, 'confine'].freeze

Instance Attribute Summary

• #confines ⇒ Object readonly

  Returns the value of attribute confines.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #rules ⇒ Object readonly

  Returns the value of attribute rules.

Instance Method Summary

• #check_rules ⇒ Object
• #enabled? ⇒ Boolean
• #initialize(policy) ⇒ Policy constructor

  A new instance of Policy.

Constructor Details

#initialize(policy) ⇒ Policy

Returns a new instance of Policy.

# File 'lib/policy.rb', line 22

def initialize(policy)
  if (invalid_keys = policy.keys - VALID_KEYS).size > 0
    raise PolicyError, "invalid field(s) '#{invalid_keys.join(',')}'"
  end

  @name = policy[:name] or policy['name'] or raise PolicyError, 'missing required field "name"'
  @rules = policy[:rules] or policy['rules'] or raise PolicyError, 'missing required field "rules"'
  @confines = policy[:confine] or policy['confine']
  @confines ||= {}

  unless @rules.is_a?(Array)
    raise PolicyError, 'rules field must be an Array'
  end

  unless @rules.size > 0
    raise PolicyError, 'rules Array must contain at least one rule'
  end
end

Instance Attribute Details

#confines ⇒ Object (readonly)

Returns the value of attribute confines.

# File 'lib/policy.rb', line 20

def confines
  @confines
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/policy.rb', line 19

def name
  @name
end

#rules ⇒ Object (readonly)

Returns the value of attribute rules.

# File 'lib/policy.rb', line 18

def rules
  @rules
end

Instance Method Details

#check_rules ⇒ Object

# File 'lib/policy.rb', line 55

def check_rules
  # Delay loading rules until Policy is checked. Puppet resources are expensive
  # and we avoid it incase enabled? = false
  @rules.map! { |r| Rule.new(r) }

  result = { :name => @name,
             :success => true,
             :rules => [] }
  @rules.each do |rule|
    rule_result = rule.check_resources
    result[:rules] << rule_result
    result[:success] = false unless rule_result[:success]
  end

  result
end

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/policy.rb', line 41

def enabled?
  Log.debug { "Checking confine rules for policy - #{@name}" }

  @confines.each do |fact_name, value|
    if (fact_value = Facter.value(fact_name)) != value
      Log.debug { "Skipping policy '#{@name} - #{fact_name}: #{fact_value.inspect} != #{value.inspect}"}
      return false
    end
  end

  Log.debug { "Policy '#{@name}' passed all confine rules." }
  true
end