Module: OpscodeAcl::AclBase

Defined in:: lib/chef/knife/acl_base.rb

Constant Summary collapse

PERM_TYPES =

%w(create read update delete grant)

MEMBER_TYPES =

%w(client group user)

OBJECT_TYPES =

%w(clients containers cookbooks data environments groups nodes roles)

OBJECT_NAME_SPEC =

/^[\-[:alnum:]_\.]+$/

Instance Method Summary collapse

Instance Method Details

#add_to_acl!(member_type, member_name, object_type, object_name, perms) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 87

def add_to_acl!(member_type, member_name, object_type, object_name, perms)
  acl = get_acl(object_type, object_name)
  perms.split(',').each do |perm|
    ui.msg "Adding '#{member_name}' to '#{perm}' ACE of '#{object_name}'"
    ace = acl[perm]

    case member_type
    when "client", "user"
      next if ace['actors'].include?(member_name)
      ace['actors'] << member_name
    when "group"
      next if ace['groups'].include?(member_name)
      ace['groups'] << member_name
    end

    update_ace!(object_type, object_name, perm, ace)
  end
end

#add_to_group!(member_type, member_name, group_name) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 129

def add_to_group!(member_type, member_name, group_name)
  validate_member_exists!(member_type, member_name)
  existing_group = rest.get_rest("groups/#{group_name}")
  ui.msg "Adding '#{member_name}' to '#{group_name}' group"
  if !existing_group["#{member_type}s"].include?(member_name)
    existing_group["#{member_type}s"] << member_name
    new_group = {
      "groupname" => existing_group["groupname"],
      "orgname" => existing_group["orgname"],
      "actors" => {
        "users" => existing_group["users"],
        "clients" => existing_group["clients"],
        "groups" => existing_group["groups"]
      }
    }
    rest.put_rest("groups/#{group_name}", new_group)
  end
end

#get_ace(object_type, object_name, perm) ⇒ `Object`



83
84
85

# File 'lib/chef/knife/acl_base.rb', line 83

def get_ace(object_type, object_name, perm)
  get_acl(object_type, object_name)[perm]
end

#get_acl(object_type, object_name) ⇒ `Object`



79
80
81

# File 'lib/chef/knife/acl_base.rb', line 79

def get_acl(object_type, object_name)
  rest.get_rest("#{object_type}/#{object_name}/_acl")
end

#is_usag?(gname) ⇒ `Boolean`

Returns:

(Boolean)



75
76
77

# File 'lib/chef/knife/acl_base.rb', line 75

def is_usag?(gname)
  gname.length == 32 && gname =~ /^[0-9a-f]+$/
end

#remove_from_acl!(member_type, member_name, object_type, object_name, perms) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 106

def remove_from_acl!(member_type, member_name, object_type, object_name, perms)
  acl = get_acl(object_type, object_name)
  perms.split(',').each do |perm|
    ui.msg "Removing '#{member_name}' from '#{perm}' ACE of '#{object_name}'"
    ace = acl[perm]

    case member_type
    when "client", "user"
      next unless ace['actors'].include?(member_name)
      ace['actors'].delete(member_name)
    when "group"
      next unless ace['groups'].include?(member_name)
      ace['groups'].delete(member_name)
    end

    update_ace!(object_type, object_name, perm, ace)
  end
end

#remove_from_group!(member_type, member_name, group_name) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 148

def remove_from_group!(member_type, member_name, group_name)
  validate_member_exists!(member_type, member_name)
  existing_group = rest.get_rest("groups/#{group_name}")
  ui.msg "Removing '#{member_name}' from '#{group_name}' group"
  if existing_group["#{member_type}s"].include?(member_name)
    existing_group["#{member_type}s"].delete(member_name)
    new_group = {
      "groupname" => existing_group["groupname"],
      "orgname" => existing_group["orgname"],
      "actors" => {
        "users" => existing_group["users"],
        "clients" => existing_group["clients"],
        "groups" => existing_group["groups"]
      }
    }
    rest.put_rest("groups/#{group_name}", new_group)
  end
end

#update_ace!(object_type, object_name, ace_type, ace) ⇒ `Object`



125
126
127

# File 'lib/chef/knife/acl_base.rb', line 125

def update_ace!(object_type, object_name, ace_type, ace)
  rest.put_rest("#{object_type}/#{object_name}/_acl/#{ace_type}", ace_type => ace)
end

#validate_member_exists!(member_type, member_name) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 63

def validate_member_exists!(member_type, member_name)
  begin
    true if rest.get_rest("#{member_type}s/#{member_name}")
  rescue NameError
    # ignore "NameError: uninitialized constant Chef::ApiClient" when finding a client
    true
  rescue
    ui.fatal "#{member_type} '#{member_name}' does not exist"
    exit 1
  end
end

#validate_member_name!(name) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 49

def validate_member_name!(name)
  # Same rules apply to objects and members
  validate_object_name!(name)
end

#validate_member_type!(type) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 42

def validate_member_type!(type)
  if ! MEMBER_TYPES.include?(type)
    ui.fatal "Unknown member type \"#{type}\". The following types are permitted: #{MEMBER_TYPES.join(', ')}"
    exit 1
  end
end

#validate_object_name!(name) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 35

def validate_object_name!(name)
  if ! OBJECT_NAME_SPEC.match(name)
    ui.fatal "Invalid name: #{name}"
    exit 1
  end
end

#validate_object_type!(type) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 28

def validate_object_type!(type)
  if ! OBJECT_TYPES.include?(type)
    ui.fatal "Unknown object type \"#{type}\".  The following types are permitted: #{OBJECT_TYPES.join(', ')}"
    exit 1
  end
end

#validate_perm_type!(perms) ⇒ `Object`

# File 'lib/chef/knife/acl_base.rb', line 54

def validate_perm_type!(perms)
  perms.split(',').each do |perm|
    if ! PERM_TYPES.include?(perm)
      ui.fatal "Invalid permission \"#{perm}\". The following permissions are permitted: #{PERM_TYPES.join(',')}"
      exit 1
    end
  end
end

Module: OpscodeAcl::AclBase

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#add_to_acl!(member_type, member_name, object_type, object_name, perms) ⇒ Object

#add_to_group!(member_type, member_name, group_name) ⇒ Object

#get_ace(object_type, object_name, perm) ⇒ Object

#get_acl(object_type, object_name) ⇒ Object

#is_usag?(gname) ⇒ Boolean

#remove_from_acl!(member_type, member_name, object_type, object_name, perms) ⇒ Object

#remove_from_group!(member_type, member_name, group_name) ⇒ Object

#update_ace!(object_type, object_name, ace_type, ace) ⇒ Object

#validate_member_exists!(member_type, member_name) ⇒ Object

#validate_member_name!(name) ⇒ Object

#validate_member_type!(type) ⇒ Object

#validate_object_name!(name) ⇒ Object

#validate_object_type!(type) ⇒ Object

#validate_perm_type!(perms) ⇒ Object

#add_to_acl!(member_type, member_name, object_type, object_name, perms) ⇒ `Object`

#add_to_group!(member_type, member_name, group_name) ⇒ `Object`

#get_ace(object_type, object_name, perm) ⇒ `Object`

#get_acl(object_type, object_name) ⇒ `Object`

#is_usag?(gname) ⇒ `Boolean`

#remove_from_acl!(member_type, member_name, object_type, object_name, perms) ⇒ `Object`

#remove_from_group!(member_type, member_name, group_name) ⇒ `Object`

#update_ace!(object_type, object_name, ace_type, ace) ⇒ `Object`

#validate_member_exists!(member_type, member_name) ⇒ `Object`

#validate_member_name!(name) ⇒ `Object`

#validate_member_type!(type) ⇒ `Object`

#validate_object_name!(name) ⇒ `Object`

#validate_object_type!(type) ⇒ `Object`

#validate_perm_type!(perms) ⇒ `Object`