Class: Chef::Provider::Script

Inherits:
Execute show all
Extended by:
Forwardable
Defined in:
lib/chef/provider/script.rb

Direct Known Subclasses

WindowsScript

Instance Attribute Summary collapse

Attributes inherited from Chef::Provider

#action, #cookbook_name, #current_resource, #new_resource, #recipe_name, #run_context

Instance Method Summary collapse

Methods inherited from Execute

#define_resource_requirements, #timeout

Methods inherited from Chef::Provider

action, #action_nothing, #check_resource_semantics!, #cleanup_after_converge, #compile_and_converge_action, #converge_by, #converge_if_changed, #define_resource_requirements, #events, include_resource_dsl?, include_resource_dsl_module, #node, #process_resource_requirements, provides, provides?, #requirements, #resource_collection, #resource_updated?, #run_action, #set_updated_status, supports?, use_inline_resources, #whyrun_mode?, #whyrun_supported?

Methods included from Mixin::Provides

#provided_as, #provides, #provides?

Methods included from Mixin::DescendantsTracker

#descendants, descendants, #direct_descendants, direct_descendants, #find_descendants_by_name, find_descendants_by_name, #inherited, store_inherited

Methods included from Mixin::LazyModuleInclude

#descendants, #include, #included

Methods included from Mixin::NotifyingBlock

#notifying_block, #subcontext_block

Methods included from DSL::DeclareResource

#build_resource, #declare_resource, #delete_resource, #delete_resource!, #edit_resource, #edit_resource!, #find_resource, #find_resource!, #with_run_context

Methods included from Mixin::ShellOut

#a_to_s, #clean_array, #shell_out, #shell_out!, #shell_out_compact, #shell_out_compact!, #shell_out_compact_timeout, #shell_out_compact_timeout!, #shell_out_with_systems_locale, #shell_out_with_systems_locale!

Methods included from Mixin::PathSanity

#enforce_path_sanity, #sanitized_path

Methods included from Mixin::PowershellOut

#powershell_out, #powershell_out!

Methods included from Mixin::WindowsArchitectureHelper

#assert_valid_windows_architecture!, #disable_wow64_file_redirection, #forced_32bit_override_required?, #is_i386_process_on_x86_64_windows?, #node_supports_windows_architecture?, #node_windows_architecture, #restore_wow64_file_redirection, #valid_windows_architecture?, #with_os_architecture, #wow64_architecture_override_required?, #wow64_directory

Methods included from DSL::PlatformIntrospection

#docker?, #platform?, #platform_family?, #value_for_platform, #value_for_platform_family

Constructor Details

#initialize(new_resource, run_context) ⇒ Script


41
42
43
44
# File 'lib/chef/provider/script.rb', line 41

def initialize(new_resource, run_context)
  super
  self.code = new_resource.code
end

Instance Attribute Details

#codeObject

Returns the value of attribute code


39
40
41
# File 'lib/chef/provider/script.rb', line 39

def code
  @code
end

Instance Method Details

#action_runObject


58
59
60
61
62
63
64
65
66
67
# File 'lib/chef/provider/script.rb', line 58

def action_run
  script_file.puts(code)
  script_file.close

  set_owner_and_group

  super

  unlink_script_file
end

#commandObject


46
47
48
# File 'lib/chef/provider/script.rb', line 46

def command
  "\"#{interpreter}\" #{flags} \"#{script_file.path}\""
end

#grant_alternate_user_read_accessObject


81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# File 'lib/chef/provider/script.rb', line 81

def grant_alternate_user_read_access
  # Do nothing if an alternate user isn't specified -- the file
  # will already have the correct permissions for the user as part
  # of the default ACL behavior on Windows.
  return if new_resource.user.nil?

  # Duplicate the script file's existing DACL
  # so we can add an ACE later
  securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(script_file.path)
  aces = securable_object.security_descriptor.dacl.reduce([]) { |result, current| result.push(current) }

  username = new_resource.user

  if new_resource.domain
    username = new_resource.domain + '\\' + new_resource.user
  end

  # Create an ACE that allows the alternate user read access to the script
  # file so it can be read and executed.
  user_sid = Chef::ReservedNames::Win32::Security::SID.(username)
  read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0)
  aces.push(read_ace)
  acl = Chef::ReservedNames::Win32::Security::ACL.create(aces)

  # This actually applies the modified DACL to the file
  # Use parentheses to bypass RuboCop / ChefStyle warning
  # about useless setter
  (securable_object.dacl = acl)
end

#load_current_resourceObject


50
51
52
53
54
55
56
# File 'lib/chef/provider/script.rb', line 50

def load_current_resource
  super
  # @todo Chef-13: change this to an exception
  if code.nil?
    Chef::Log.warn "#{new_resource}: No code attribute was given, resource does nothing, this behavior is deprecated and will be removed in Chef-13"
  end
end

#script_fileObject


111
112
113
# File 'lib/chef/provider/script.rb', line 111

def script_file
  @script_file ||= Tempfile.open("chef-script")
end

#set_owner_and_groupObject


69
70
71
72
73
74
75
76
77
78
79
# File 'lib/chef/provider/script.rb', line 69

def set_owner_and_group
  if Chef::Platform.windows?
    # And on Windows also this is a no-op if there is no user specified.
    grant_alternate_user_read_access
  else
    # FileUtils itself implements a no-op if +user+ or +group+ are nil
    # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file')
    # as an unprivileged user.
    FileUtils.chown(new_resource.user, new_resource.group, script_file.path)
  end
end

115
116
117
# File 'lib/chef/provider/script.rb', line 115

def unlink_script_file
  script_file && script_file.close!
end