From 05225352aa7434ec35d2691420adb1f81923d4ec Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Fri, 19 Apr 2019 14:48:26 +0300 Subject: [PATCH] __acl: check for missing users and groups (common mistake) --- .../type/__acl/explorer/missing_users_groups | 47 +++++++++++++++++++ cdist/conf/type/__acl/gencode-remote | 8 ++++ 2 files changed, 55 insertions(+) create mode 100755 cdist/conf/type/__acl/explorer/missing_users_groups diff --git a/cdist/conf/type/__acl/explorer/missing_users_groups b/cdist/conf/type/__acl/explorer/missing_users_groups new file mode 100755 index 00000000..883fb84d --- /dev/null +++ b/cdist/conf/type/__acl/explorer/missing_users_groups @@ -0,0 +1,47 @@ +#!/bin/sh -e +# +# 2019 Ander Punnar (ander-at-kvlt-dot-ee) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +[ ! -e "/$__object_id" ] && exit 0 + +for parameter in user group +do + if [ ! -f "$__object/parameter/$parameter" ] + then + continue + fi + + while read -r acl + do + check="$( echo "$acl" | awk -F: '{print $1}' )" + + if [ "$parameter" = 'user' ] + then + getent_db=passwd + else + getent_db="$parameter" + fi + + if ! getent "$getent_db" "$check" > /dev/null + then + echo "missing $parameter '$check'" + fi + done \ + < "$__object/parameter/$parameter" +done diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote index 5bb19aa8..3dd0aef6 100755 --- a/cdist/conf/type/__acl/gencode-remote +++ b/cdist/conf/type/__acl/gencode-remote @@ -22,6 +22,14 @@ file_is="$( cat "$__object/explorer/file_is" )" [ "$file_is" = 'missing' ] && exit 0 +missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )" + +if [ -n "$missing_users_groups" ] +then + echo "$missing_users_groups" >&2 + exit 1 +fi + os="$( cat "$__global/explorer/os" )" acl_is="$( cat "$__object/explorer/acl_is" )"