Module: Chef::FileAccessControl::Unix

Included in:

Chef::FileAccessControl

Defined in:

lib/chef/file_access_control/unix.rb

Constant Summary

UINT =

(1 << 32)

UID_MAX =

(1 << 32) - 10

Instance Method Summary

• #current_gid ⇒ Object
• #current_mode ⇒ Object
• #current_uid ⇒ Object
• #define_resource_requirements ⇒ Object
• #describe_changes ⇒ Object
• #gid_from_resource(resource) ⇒ Object
• #manage_symlink_attrs? ⇒ Boolean
• #mode_from_resource(res) ⇒ Object
• #mode_to_s(mode) ⇒ Object
• #requires_changes? ⇒ Boolean

  TODO factor this up.

• #set_all ⇒ Object
• #set_all! ⇒ Object
• #set_group ⇒ Object
• #set_group! ⇒ Object
• #set_mode ⇒ Object
• #set_mode! ⇒ Object
• #set_owner ⇒ Object
• #set_owner! ⇒ Object
• #should_update_group? ⇒ Boolean
• #should_update_mode? ⇒ Boolean
• #should_update_owner? ⇒ Boolean
• #stat ⇒ Object
• #target_gid ⇒ Object
• #target_mode ⇒ Object
• #target_uid ⇒ Object

Instance Method Details

#current_gid ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 103

def current_gid
  gid_from_resource(current_resource)
end

#current_mode ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 171

def current_mode
  mode_from_resource(current_resource)
end

#current_uid ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 63

def current_uid
  uid_from_resource(current_resource)
end

#define_resource_requirements ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 46

def define_resource_requirements
  uid_from_resource(resource)
  gid_from_resource(resource)
end

#describe_changes ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 51

def describe_changes
  changes = []
  changes << "change mode from '#{mode_to_s(current_mode)}' to '#{mode_to_s(target_mode)}'" if should_update_mode?
  changes << "change owner from '#{current_resource.owner}' to '#{resource.owner}'" if should_update_owner?
  changes << "change group from '#{current_resource.group}' to '#{resource.group}'" if should_update_group?
  changes
end

#gid_from_resource(resource) ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 107

def gid_from_resource(resource)
  return nil if resource == nil or resource.group.nil?
  if resource.group.kind_of?(String)
    diminished_radix_complement( Etc.getgrnam(resource.group).gid )
  elsif resource.group.kind_of?(Integer)
    resource.group
  else
    Chef::Log.error("The `group` parameter of the #@resource resource is set to an invalid value (#{resource.owner.inspect})")
    raise ArgumentError, "cannot resolve #{resource.group.inspect} to gid, group must be a string or integer"
  end
rescue ArgumentError
  provider.requirements.assert(:create, :create_if_missing, :touch) do |a|
    a.assertion { false }
    a.failure_message(Chef::Exceptions::GroupIDNotFound, "cannot determine group id for '#{resource.group}', does the group exist on this system?")
    a.whyrun("Assuming group #{resource.group} would have been created")
  end
  return nil
end

#manage_symlink_attrs? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/file_access_control/unix.rb', line 215

def manage_symlink_attrs?
  @provider.manage_symlink_access?
end

#mode_from_resource(res) ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 158

def mode_from_resource(res)
  return nil if res == nil or res.mode.nil?
  (res.mode.respond_to?(:oct) ? res.mode.oct : res.mode.to_i) & 007777
end

#mode_to_s(mode) ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 167

def mode_to_s(mode)
  mode.nil? ? "" : "0#{mode.to_s(8)}"
end

#requires_changes? ⇒ Boolean

TODO factor this up

Returns:

• (Boolean)

# File 'lib/chef/file_access_control/unix.rb', line 42

def requires_changes?
  should_update_mode? || should_update_owner? || should_update_group?
end

#set_all ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 35

def set_all
  set_owner
  set_group
  set_mode
end

#set_all! ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 29

def set_all!
  set_owner!
  set_group!
  set_mode!
end

#set_group ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 154

def set_group
  set_group! if should_update_group?
end

#set_group! ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 146

def set_group!
  unless target_gid.nil?
    chown(nil, target_gid, file)
    Chef::Log.info("#{log_string} group changed to #{target_gid}")
    modified
  end
end

#set_mode ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 203

def set_mode
  set_mode! if should_update_mode?
end

#set_mode! ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 195

def set_mode!
  unless target_mode.nil?
    chmod(target_mode, file)
    Chef::Log.info("#{log_string} mode changed to #{target_mode.to_s(8)}")
    modified
  end
end

#set_owner ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 95

def set_owner
  set_owner! if should_update_owner?
end

#set_owner! ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 87

def set_owner!
  unless target_uid.nil?
    chown(target_uid, nil, file)
    Chef::Log.info("#{log_string} owner changed to #{target_uid}")
    modified
  end
end

#should_update_group? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/file_access_control/unix.rb', line 126

def should_update_group?
  if target_gid.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.debug("found target_gid == nil, so no group was specified on resource, not managing group")
    return false
  elsif current_gid.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.debug("found current_gid == nil, so we are creating a new file, updating group")
    return true
  elsif target_gid != current_gid
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.debug("found target_gid != current_gid, updating group")
    return true
  else
    Chef::Log.debug("found target_gid == current_gid, not updating group")
    # the user has specified a permission, but it matches the file, so behave idempotently
    return false
  end
end

#should_update_mode? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/file_access_control/unix.rb', line 175

def should_update_mode?
  if target_mode.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.debug("found target_mode == nil, so no mode was specified on resource, not managing mode")
    return false
  elsif current_mode.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.debug("found current_mode == nil, so we are creating a new file, updating mode")
    return true
  elsif target_mode != current_mode
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.debug("found target_mode != current_mode, updating mode")
    return true
  else
    Chef::Log.debug("found target_mode == current_mode, not updating mode")
    # the user has specified a permission, but it matches the file, so behave idempotently
    return false
  end
end

#should_update_owner? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/file_access_control/unix.rb', line 67

def should_update_owner?
  if target_uid.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.debug("found target_uid == nil, so no owner was specified on resource, not managing owner")
    return false
  elsif current_uid.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.debug("found current_uid == nil, so we are creating a new file, updating owner")
    return true
  elsif target_uid != current_uid
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.debug("found target_uid != current_uid, updating owner")
    return true
  else
    Chef::Log.debug("found target_uid == current_uid, not updating owner")
    # the user has specified a permission, but it matches the file, so behave idempotently
    return false
  end
end

#stat ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 207

def stat
  if manage_symlink_attrs?
    @stat ||= File.lstat(file)
  else
    @stat ||= File.stat(file)
  end
end

#target_gid ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 99

def target_gid
  gid_from_resource(resource)
end

#target_mode ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 163

def target_mode
  mode_from_resource(resource)
end

#target_uid ⇒ Object

# File 'lib/chef/file_access_control/unix.rb', line 59

def target_uid
  uid_from_resource(resource)
end