Merge pull request #759 from jimis/acl_mask

Add support for ACL mask.

cdist/conf/type/__acl/explorer/acl_is

@@ -19,5 +19,8 @@
 #
 
 if [ -e "/$__object_id" ]
-then getfacl "/$__object_id" | grep -E '^((default:|)(user|group)):[a-z]' || true
+then
+    getfacl "/$__object_id" 2>/dev/null \
+        | grep -E '^((default:)?(user|group):[^:]|(default:)?mask::)' \
+        || true
 fi

cdist/conf/type/__acl/gencode-remote

@@ -37,13 +37,24 @@ do
         then echo "default:$parameter:$l"
         fi
     done < "$__object/parameter/$parameter"
-done )"
+done
+if [ -f "$__object/parameter/mask" ]
+then
+    l=$( cat "$__object/parameter/mask" )
+
+    echo "mask::$l"
+
+    if [ -f "$__object/parameter/default" ]
+    then echo "default:mask::$l"
+    fi
+fi
+)"
 
 setfacl_exec='setfacl'
 
 if [ -f "$__object/parameter/recursive" ]
 then
-    if echo "$os" | grep -E 'macosx|netbsd|freebsd|openbsd'
+    if echo "$os" | grep -Eq 'macosx|netbsd|freebsd|openbsd'
     then
         echo "$os setfacl do not support recursive operations" >&2
     else
@@ -53,7 +64,7 @@ fi
 
 if [ -f "$__object/parameter/remove" ]
 then
-    if echo "$os" | grep 'solaris'
+    if echo "$os" | grep -Fq 'solaris'
     then
         # Solaris setfacl behaves differently.
         # We will not support Solaris for now, because no way to test it.

cdist/conf/type/__acl/man.rst

@@ -13,6 +13,12 @@ ACL must be defined as 3-symbol combination, using `r`, `w`, `x` and `-`.
 See setfacl(1) and acl(5) for more details.
 
 
+OPTIONAL PARAMETERS
+-------------------
+mask
+   Add mask ACL entry.
+
+
 OPTIONAL MULTIPLE PARAMETERS
 ----------------------------
 user
@@ -46,7 +52,8 @@ EXAMPLES
         --user alice:rwx \
         --user bob:r-x \
         --group project-group:rwx \
-        --group some-other-group:r-x
+        --group some-other-group:r-x \
+        --mask r-x
 
 
 AUTHORS

cdist/conf/type/__acl/parameter/optional

@@ -0,0 +1 @@
+mask