class Chef::ScanAccessControl
ScanAccessControl
¶ ↑
Reads Access Control Settings on a file and writes them out to a resource (should be the current_resource
), attempting to match the style used by the new resource, that is, if users are specified with usernames in new_resource
, then the uids from stat will be looked up and usernames will be added to current_resource.
Why?¶ ↑
FileAccessControl
objects may operate on a temporary file, in which case we won't know if the access control settings changed (ex: rendering a template with both a change in content and ownership). For auditing purposes, we need to record the current state of a file system entity.
Attributes
Public Class Methods
# File lib/chef/scan_access_control.rb, line 43 def initialize(new_resource, current_resource) @new_resource, @current_resource = new_resource, current_resource end
Public Instance Methods
# File lib/chef/scan_access_control.rb, line 93 def current_group case new_resource.group when String, nil lookup_gid when Integer stat.gid else Chef::Log.error("The `group` parameter of the #{@new_resource} resource is set to an invalid value (#{new_resource.owner.inspect})") raise ArgumentError, "cannot resolve #{new_resource.group.inspect} to gid, group must be a string or integer" end end
# File lib/chef/scan_access_control.rb, line 119 def current_mode case new_resource.mode when String, Integer, nil "0#{(stat.mode & 07777).to_s(8)}" else Chef::Log.error("The `mode` parameter of the #{@new_resource} resource is set to an invalid value (#{new_resource.mode.inspect})") raise ArgumentError, "Invalid value #{new_resource.mode.inspect} for `mode` on resource #{@new_resource}" end end
# File lib/chef/scan_access_control.rb, line 66 def current_owner case new_resource.owner when String, nil lookup_uid when Integer stat.uid else Chef::Log.error("The `owner` parameter of the #{@new_resource} resource is set to an invalid value (#{new_resource.owner.inspect})") raise ArgumentError, "cannot resolve #{new_resource.owner.inspect} to uid, owner must be a string or integer" end end
# File lib/chef/scan_access_control.rb, line 105 def lookup_gid unless (pwent = Etc.getgrgid(stat.gid)).nil? pwent.name else stat.gid end rescue ArgumentError stat.gid end
# File lib/chef/scan_access_control.rb, line 78 def lookup_uid unless (pwent = Etc.getpwuid(stat.uid)).nil? pwent.name else stat.uid end rescue ArgumentError stat.uid end
Modifies @current_resource, setting the current access control state.
# File lib/chef/scan_access_control.rb, line 48 def set_all! if ::File.exist?(new_resource.path) set_owner set_group set_mode else # leave the values as nil. end end
Set the group attribute of current_resource
to whatever the current state is.
# File lib/chef/scan_access_control.rb, line 89 def set_group @current_resource.group(current_group) end
# File lib/chef/scan_access_control.rb, line 115 def set_mode @current_resource.mode(current_mode) end
Set the owner attribute of current_resource
to whatever the current state is. Attempts to match the format given in new_resource
: if the new_resource
specifies the owner as a string, the username for the uid will be looked up and owner will be set to the username, and vice versa.
# File lib/chef/scan_access_control.rb, line 62 def set_owner @current_resource.owner(current_owner) end
# File lib/chef/scan_access_control.rb, line 129 def stat @stat ||= if @new_resource.instance_of?(Chef::Resource::Link) ::File.lstat(@new_resource.path) else realpath = ::File.realpath(@new_resource.path) ::File.stat(realpath) end end