class Chef::Resource::WindowsShare
Public Instance Methods
convert True/False into “$True” & “$False”
# File lib/chef/resource/windows_share.rb, line 330 def bool_string(bool) # bool ? 1 : 0 bool ? "$true" : "$false" end
# File lib/chef/resource/windows_share.rb, line 232 def different_path? return false if current_resource.nil? # going from nil to something isn't different for our concerns return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path) true end
given the string output of Get-SmbShareAccess parse out arrays of full access users, change users, and read only users
# File lib/chef/resource/windows_share.rb, line 169 def parse_permissions(json_results) json_results = [json_results] unless json_results.is_a?(Array) # single result is not an array f_users = [] c_users = [] r_users = [] json_results.each do |perm| next unless perm["AccessControlType"] == 0 # allow case perm["AccessRight"] when 0 then f_users << stripped_account(perm["AccountName"]) # 0 full control when 1 then c_users << stripped_account(perm["AccountName"]) # 1 == change when 2 then r_users << stripped_account(perm["AccountName"]) # 2 == read end end [f_users, c_users, r_users] end
determine if permissions need to be updated. Brand new share with no permissions defined: no Brand new share with permissions defined: yes Existing share with differing permissions: yes
@param [String] type the permissions type (Full, Read, or Change)
# File lib/chef/resource/windows_share.rb, line 305 def permissions_need_update?(type) property_name = "#{type}_users" # brand new share, but nothing to set return false if current_resource.nil? && new_resource.send(property_name).empty? # brand new share with new permissions to set return true if current_resource.nil? && !new_resource.send(property_name).empty? # there's a difference between the current and desired state return true unless (new_resource.send(property_name) - current_resource.send(property_name)).empty? # anything else false end
revoke user permissions from a share @param [Array] users
# File lib/chef/resource/windows_share.rb, line 323 def revoke_user_permissions(users) revoke_command = "Revoke-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{users.join('","')}\" -Force" Chef::Log.debug("Running '#{revoke_command}' to revoke share permissions") powershell_exec!(revoke_command) end
local names are returned from Get-SmbShareAccess in the full format MACHINE\NAME but users of this resource would simply say NAME so we need to strip the values for comparison
# File lib/chef/resource/windows_share.rb, line 190 def stripped_account(name) name.slice!("#{node["hostname"]}\\") name end
update existing permissions on a share
# File lib/chef/resource/windows_share.rb, line 282 def update_permissions # revoke any users that had something, but now has nothing revoke_user_permissions(users_to_revoke) unless users_to_revoke.empty? # set permissions for each of the permission types %w{full read change}.each do |perm_type| # set permissions for a brand new share OR # update permissions if the current state and desired state differ next unless permissions_need_update?(perm_type) grant_command = "Grant-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{new_resource.send("#{perm_type}_users").join('","')}\" -Force -AccessRight #{perm_type}" Chef::Log.debug("Running '#{grant_command}' to update the share permissions") powershell_exec!(grant_command) end end
determine what users in the current state don't exist in the desired state users/groups will have their permissions updated with the same command that sets it, but removes must be performed with Revoke-SmbShareAccess
# File lib/chef/resource/windows_share.rb, line 273 def users_to_revoke @users_to_revoke ||= if current_resource.nil? [] else # if it exists then calculate the current to new resource diffs (current_resource.full_users + current_resource.change_users + current_resource.read_users) - (new_resource.full_users + new_resource.change_users + new_resource.read_users) end end