tabulon/cdist
1
0
Fork 0
forked from ungleich-public/cdist
Code Pull requests Activity

Merge branch '__acl_remove_deprecated' into 'master'

Browse source 
[__acl] remove deprecated parameters, fix some bugs and improve manual

Closes #823

See merge request ungleich-public/cdist!933
This commit is contained in:
poljakowski 2020-10-19 06:54:13 +02:00
commit f96f23e970
11 changed files with 26 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

39
cdist/conf/type/__acl/explorer/checks
View file

@ -1,39 +0,0 @@
#!/bin/sh -e
#
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO check if filesystem has ACL turned on etc
if [ -f "$__object/parameter/acl" ]
then
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
| while read -r acl
do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
then
echo "missing $param '$check'" >&2
exit 1
fi
done
fi

4
cdist/conf/type/__acl/explorer/getent Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh -e
getent passwd | awk -F: '{print "user:"$1}'
getent group | awk -F: '{print "group:"$1}'

36
cdist/conf/type/__acl/gencode-remote
View file

@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
if [ "$file_is" = 'missing' ] \ if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \ && [ -z "$__cdist_dry_run" ] \
&& \( [ ! -f "$__object/parameter/file" ] \ && [ ! -f "$__object/parameter/file" ] \
|| [ ! -f "$__object/parameter/directory" ] \) && [ ! -f "$__object/parameter/directory" ]
then then
exit 0 exit 0
fi fi
@ -47,28 +47,26 @@ then
elif [ -f "$__object/parameter/entry" ] elif [ -f "$__object/parameter/entry" ]
then then
acl_should="$( cat "$__object/parameter/entry" )" acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else else
echo 'no parameters set' >&2 echo 'no parameters set' >&2
exit 1 exit 1
fi fi
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
# let's check if target has necessary users and groups, since mistyped or missing
# users/groups in target is most common reason.
echo "$acl_should" \
| grep -Po '(user|group):[^:]+' \
| sort -u \
| while read -r l
do
if ! grep "$l" -Fxq "$__object/explorer/getent"
then
echo "no $l' in target" | sed "s/:/ '/" >&2
exit 1
fi
done
if [ -f "$__object/parameter/default" ] if [ -f "$__object/parameter/default" ]
then then
acl_should="$( echo "$acl_should" \ acl_should="$( echo "$acl_should" \

12
cdist/conf/type/__acl/man.rst
View file

@ -12,11 +12,14 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
See ``setfacl`` and ``acl`` manpages for more details. See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
REQUIRED MULTIPLE PARAMETERS
OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------
entry entry
Set ACL entry following ``getfacl`` output syntax. Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
@ -25,6 +28,7 @@ source
Read ACL entries from stdin or file. Read ACL entries from stdin or file.
Ordering of entries is not important. Ordering of entries is not important.
When reading from file, comments and empty lines are ignored. When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file file
Create/change file with ``__file`` using ``user:group:mode`` pattern. Create/change file with ``__file`` using ``user:group:mode`` pattern.
@ -48,12 +52,6 @@ remove
``mask`` and ``other`` entries can't be removed, but only changed. ``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``entry`` parameter instead.
EXAMPLES EXAMPLES
-------- --------

1
cdist/conf/type/__acl/parameter/deprecated/acl
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/group
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/mask
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/other
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/user
View file

@ -1 +0,0 @@
see manual for details

2
cdist/conf/type/__acl/parameter/optional
View file

@ -1,5 +1,3 @@
mask
other
source source
file file
directory directory

3
cdist/conf/type/__acl/parameter/optional_multiple
View file

@ -1,4 +1 @@
entry entry
acl
user
group