From 45e9ed441e6271982702e5c0eb25022142c1177a Mon Sep 17 00:00:00 2001
From: Dimitrios Apostolou <jimis@gmx.net>
Date: Mon, 15 Apr 2019 13:04:07 +0200
Subject: [PATCH] Add support for ACL mask.

---
 cdist/conf/type/__acl/explorer/acl_is    |  5 ++++-
 cdist/conf/type/__acl/gencode-remote     | 13 ++++++++++++-
 cdist/conf/type/__acl/man.rst            |  9 ++++++++-
 cdist/conf/type/__acl/parameter/optional |  1 +
 4 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 cdist/conf/type/__acl/parameter/optional

diff --git a/cdist/conf/type/__acl/explorer/acl_is b/cdist/conf/type/__acl/explorer/acl_is
index 4dc98c51..fbb1be3f 100755
--- a/cdist/conf/type/__acl/explorer/acl_is
+++ b/cdist/conf/type/__acl/explorer/acl_is
@@ -19,5 +19,8 @@
 #
 
 if [ -e "/$__object_id" ]
-then getfacl "/$__object_id" | grep -E '^((default:|)(user|group)):[a-z]' || true
+then
+    getfacl "/$__object_id" \
+        | grep -E '^((default:)?(user|group):[^:]|(default:)?mask::)' \
+        || true
 fi
diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote
index a59d49e0..1c1a1b06 100755
--- a/cdist/conf/type/__acl/gencode-remote
+++ b/cdist/conf/type/__acl/gencode-remote
@@ -37,7 +37,18 @@ do
         then echo "default:$parameter:$l"
         fi
     done < "$__object/parameter/$parameter"
-done )"
+done
+if [ -f "$__object/parameter/mask" ]
+then
+    l=$( cat "$__object/parameter/mask" )
+
+    echo "mask::$l"
+
+    if [ -f "$__object/parameter/default" ]
+    then echo "default:mask::$l"
+    fi
+fi
+)"
 
 setfacl_exec='setfacl'
 
diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst
index 39db4d75..c10ee1a0 100644
--- a/cdist/conf/type/__acl/man.rst
+++ b/cdist/conf/type/__acl/man.rst
@@ -13,6 +13,12 @@ ACL must be defined as 3-symbol combination, using `r`, `w`, `x` and `-`.
 See setfacl(1) and acl(5) for more details.
 
 
+OPTIONAL PARAMETERS
+-------------------
+mask
+   Add mask ACL entry.
+
+
 OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
 user
@@ -46,7 +52,8 @@ EXAMPLES
         --user alice:rwx \
         --user bob:r-x \
         --group project-group:rwx \
-        --group some-other-group:r-x
+        --group some-other-group:r-x \
+        --mask r-x
 
 
 AUTHORS
diff --git a/cdist/conf/type/__acl/parameter/optional b/cdist/conf/type/__acl/parameter/optional
new file mode 100644
index 00000000..bb4fcf2b
--- /dev/null
+++ b/cdist/conf/type/__acl/parameter/optional
@@ -0,0 +1 @@
+mask