class Chef::Provider::Script

Attributes

code[RW]

Public Class Methods

new(new_resource, run_context) click to toggle source
Calls superclass method Chef::Provider::new
# File lib/chef/provider/script.rb, line 41
def initialize(new_resource, run_context)
  super
  self.code = new_resource.code
end

Public Instance Methods

action_run() click to toggle source
Calls superclass method Chef::Provider::Execute#action_run
# File lib/chef/provider/script.rb, line 54
def action_run
  script_file.puts(code)
  script_file.close

  set_owner_and_group

  super

  unlink_script_file
end
command() click to toggle source
# File lib/chef/provider/script.rb, line 46
def command
  "\"#{interpreter}\" #{flags} \"#{script_file.path}\""
end
grant_alternate_user_read_access() click to toggle source
# File lib/chef/provider/script.rb, line 77
def grant_alternate_user_read_access
  # Do nothing if an alternate user isn't specified -- the file
  # will already have the correct permissions for the user as part
  # of the default ACL behavior on Windows.
  return if new_resource.user.nil?

  # Duplicate the script file's existing DACL
  # so we can add an ACE later
  securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(script_file.path)
  aces = securable_object.security_descriptor.dacl.reduce([]) { |result, current| result.push(current) }

  username = new_resource.user

  if new_resource.domain
    username = new_resource.domain + '\\' + new_resource.user
  end

  # Create an ACE that allows the alternate user read access to the script
  # file so it can be read and executed.
  user_sid = Chef::ReservedNames::Win32::Security::SID.from_account(username)
  read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0)
  aces.push(read_ace)
  acl = Chef::ReservedNames::Win32::Security::ACL.create(aces)

  # This actually applies the modified DACL to the file
  # Use parentheses to bypass RuboCop / ChefStyle warning
  # about useless setter
  (securable_object.dacl = acl)
end
load_current_resource() click to toggle source
# File lib/chef/provider/script.rb, line 50
def load_current_resource
  super
end
script_file() click to toggle source
# File lib/chef/provider/script.rb, line 107
def script_file
  @script_file ||= Tempfile.open("chef-script")
end
set_owner_and_group() click to toggle source
# File lib/chef/provider/script.rb, line 65
def set_owner_and_group
  if Chef::Platform.windows?
    # And on Windows also this is a no-op if there is no user specified.
    grant_alternate_user_read_access
  else
    # FileUtils itself implements a no-op if +user+ or +group+ are nil
    # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file')
    # as an unprivileged user.
    FileUtils.chown(new_resource.user, new_resource.group, script_file.path)
  end
end