[__acl] remove deprecated parameters, fix some bugs and improve manual

2020-09-15 00:55:26 +03:00 · 2020-09-15 00:55:26 +03:00 · e3d906a85f
commit e3d906a85f
parent 2885c6a248
11 changed files with 26 additions and 75 deletions
--- a/cdist/conf/type/__acl/explorer/checks
+++ b/cdist/conf/type/__acl/explorer/checks
@ -1,39 +0,0 @@
-#!/bin/sh -e
-#
-# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# TODO check if filesystem has ACL turned on etc
-
-if [ -f "$__object/parameter/acl" ]
-then
-    grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
-    | while read -r acl
-    do
-        param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
-        check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
-
-        [ "$param" = 'user' ] && db=passwd || db="$param"
-
-        if ! getent "$db" "$check" > /dev/null
-        then
-            echo "missing $param '$check'" >&2
-            exit 1
-        fi
-    done
-fi
--- a/cdist/conf/type/__acl/explorer/getent
+++ b/cdist/conf/type/__acl/explorer/getent
@ -0,0 +1,4 @@
+#!/bin/sh -e
+
+getent passwd | awk -F: '{print "user:"$1}'
+getent group | awk -F: '{print "group:"$1}'
--- a/cdist/conf/type/__acl/gencode-remote
+++ b/cdist/conf/type/__acl/gencode-remote
@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"

 if [ "$file_is" = 'missing' ] \
    && [ -z "$__cdist_dry_run" ] \
-    && \( [ ! -f "$__object/parameter/file" ] \
-        || [ ! -f "$__object/parameter/directory" ] \)
+    && [ ! -f "$__object/parameter/file" ] \
+    && [ ! -f "$__object/parameter/directory" ]
 then
    exit 0
 fi
@ -47,28 +47,26 @@ then
 elif [ -f "$__object/parameter/entry" ]
 then
    acl_should="$( cat "$__object/parameter/entry" )"
-elif [ -f "$__object/parameter/acl" ]
-then
-    acl_should="$( cat "$__object/parameter/acl" )"
-elif
-    [ -f "$__object/parameter/user" ] \
-        || [ -f "$__object/parameter/group" ] \
-        || [ -f "$__object/parameter/mask" ] \
-        || [ -f "$__object/parameter/other" ]
-then
-    acl_should="$( for param in user group mask other
-    do
-        [ ! -f "$__object/parameter/$param" ] && continue
-
-        echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
-
-        echo "$param$sep$( cat "$__object/parameter/$param" )"
-    done )"
 else
    echo 'no parameters set' >&2
    exit 1
 fi

+# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
+# let's check if target has necessary users and groups, since mistyped or missing
+# users/groups in target is most common reason.
+echo "$acl_should" \
+    | grep -Po '(user|group):[^:]+' \
+    | sort -u \
+    | while read -r l
+    do
+        if ! grep "$l" -Fxq "$__object/explorer/getent"
+        then
+            echo "no $l' in target" | sed "s/:/ '/" >&2
+            exit 1
+        fi
+    done
+
 if [ -f "$__object/parameter/default" ]
 then
    acl_should="$( echo "$acl_should" \
--- a/cdist/conf/type/__acl/man.rst
+++ b/cdist/conf/type/__acl/man.rst
@ -12,11 +12,14 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB

 See ``setfacl`` and ``acl`` manpages for more details.

+One of ``--entry`` or ``--source`` must be used.

-REQUIRED MULTIPLE PARAMETERS
+
+OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
 entry
   Set ACL entry following ``getfacl`` output syntax.
+   Must be used if ``--source`` is not used.


 OPTIONAL PARAMETERS
@ -25,6 +28,7 @@ source
   Read ACL entries from stdin or file.
   Ordering of entries is not important.
   When reading from file, comments and empty lines are ignored.
+   Must be used if ``--entry`` is not used.

 file
   Create/change file with ``__file`` using ``user:group:mode`` pattern.
@ -48,12 +52,6 @@ remove
   ``mask`` and ``other`` entries can't be removed, but only changed.


-DEPRECATED PARAMETERS
---------------------
-Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
-will be removed in future versions. Please use ``entry`` parameter instead.
-
-
 EXAMPLES
 --------

--- a/cdist/conf/type/__acl/parameter/deprecated/acl
+++ b/cdist/conf/type/__acl/parameter/deprecated/acl
@ -1 +0,0 @@
-see manual for details
--- a/cdist/conf/type/__acl/parameter/deprecated/group
+++ b/cdist/conf/type/__acl/parameter/deprecated/group
@ -1 +0,0 @@
-see manual for details
--- a/cdist/conf/type/__acl/parameter/deprecated/mask
+++ b/cdist/conf/type/__acl/parameter/deprecated/mask
@ -1 +0,0 @@
-see manual for details
--- a/cdist/conf/type/__acl/parameter/deprecated/other
+++ b/cdist/conf/type/__acl/parameter/deprecated/other
@ -1 +0,0 @@
-see manual for details
--- a/cdist/conf/type/__acl/parameter/deprecated/user
+++ b/cdist/conf/type/__acl/parameter/deprecated/user
@ -1 +0,0 @@
-see manual for details
--- a/cdist/conf/type/__acl/parameter/optional
+++ b/cdist/conf/type/__acl/parameter/optional
@ -1,5 +1,3 @@
-mask
-other
 source
 file
 directory
--- a/cdist/conf/type/__acl/parameter/optional_multiple
+++ b/cdist/conf/type/__acl/parameter/optional_multiple
@ -1,4 +1 @@
 entry
-acl
-user
-group