mod 'mayflower-prosody',
git: 'https://github.com/mayflower/puppet-prosody.git',
ref: '863bb4ee0cd3369ad69a211042b4c5f7d66f4444'
+mod 'puppet-posix_acl', '0.1.1'
# OpenStack
mod 'duritong/sysctl', '0.0.11'
--- /dev/null
+# Changelog
+
+All notable changes to this project will be documented in this file.
+Each new release typically also includes the latest modulesync defaults.
+These should not affect the functionality of the module.
+
+## [v0.1.1](https://github.com/voxpupuli/puppet-posix_acl/tree/v0.1.1) (2018-10-14)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/v0.1.0...v0.1.1)
+
+**Merged pull requests:**
+
+- modulesync 2.2.0 and allow puppet 6.x [\#53](https://github.com/voxpupuli/puppet-posix_acl/pull/53) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v0.1.0](https://github.com/voxpupuli/puppet-posix_acl/tree/v0.1.0) (2018-07-16)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/0.0.5...v0.1.0)
+
+**Implemented enhancements:**
+
+- Move to Vox Pupuli [\#29](https://github.com/voxpupuli/puppet-posix_acl/issues/29)
+
+**Merged pull requests:**
+
+- Remove docker nodesets [\#47](https://github.com/voxpupuli/puppet-posix_acl/pull/47) ([bastelfreak](https://github.com/bastelfreak))
+- drop EOL OSs; fix puppet version range [\#46](https://github.com/voxpupuli/puppet-posix_acl/pull/46) ([bastelfreak](https://github.com/bastelfreak))
+- Rubocop: Fix Style/PredicateName [\#42](https://github.com/voxpupuli/puppet-posix_acl/pull/42) ([alexjfisher](https://github.com/alexjfisher))
+- Rubocop: Fix Style/GuardClause [\#41](https://github.com/voxpupuli/puppet-posix_acl/pull/41) ([alexjfisher](https://github.com/alexjfisher))
+- Rubocop: Fix Lint/UselessAssignment [\#40](https://github.com/voxpupuli/puppet-posix_acl/pull/40) ([alexjfisher](https://github.com/alexjfisher))
+- Rubocop auto fixes [\#39](https://github.com/voxpupuli/puppet-posix_acl/pull/39) ([alexjfisher](https://github.com/alexjfisher))
+- Fix metadata and add LICENSE file [\#36](https://github.com/voxpupuli/puppet-posix_acl/pull/36) ([alexjfisher](https://github.com/alexjfisher))
+- remove ruby 1.9.3 support [\#35](https://github.com/voxpupuli/puppet-posix_acl/pull/35) ([dobbymoodge](https://github.com/dobbymoodge))
+
+## [0.0.5](https://github.com/voxpupuli/puppet-posix_acl/tree/0.0.5) (2017-12-12)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/0.0.4...0.0.5)
+
+## [0.0.4](https://github.com/voxpupuli/puppet-posix_acl/tree/0.0.4) (2017-12-12)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/0.0.3...0.0.4)
+
+**Fixed bugs:**
+
+- module name conflict [\#26](https://github.com/voxpupuli/puppet-posix_acl/issues/26)
+
+**Closed issues:**
+
+- Race condition with non existing file and recursemode =\> deep [\#22](https://github.com/voxpupuli/puppet-posix_acl/issues/22)
+- Publish to the forge [\#21](https://github.com/voxpupuli/puppet-posix_acl/issues/21)
+
+**Merged pull requests:**
+
+- Time to deprecate Ruby 1.8.7 support [\#31](https://github.com/voxpupuli/puppet-posix_acl/pull/31) ([dobbymoodge](https://github.com/dobbymoodge))
+- Fixes ACL's with spaces [\#30](https://github.com/voxpupuli/puppet-posix_acl/pull/30) ([i1tech](https://github.com/i1tech))
+- fix another Ruby error when the file doesn't exist yet [\#28](https://github.com/voxpupuli/puppet-posix_acl/pull/28) ([tequeter](https://github.com/tequeter))
+- use inspect instead of join to stringify arrays [\#27](https://github.com/voxpupuli/puppet-posix_acl/pull/27) ([tequeter](https://github.com/tequeter))
+- Do not downcase acl group/user names when checking for insync?. [\#25](https://github.com/voxpupuli/puppet-posix_acl/pull/25) ([tdevelioglu](https://github.com/tdevelioglu))
+- Check if a path exists before calling getfacl [\#23](https://github.com/voxpupuli/puppet-posix_acl/pull/23) ([roidelapluie](https://github.com/roidelapluie))
+
+## [0.0.3](https://github.com/voxpupuli/puppet-posix_acl/tree/0.0.3) (2016-01-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/650e19723054c74baa662d3f1589398550524b33...0.0.3)
+
+**Closed issues:**
+
+- Accept short acls. [\#4](https://github.com/voxpupuli/puppet-posix_acl/issues/4)
+
+**Merged pull requests:**
+
+- Switch from Modulefile to metadata.json [\#20](https://github.com/voxpupuli/puppet-posix_acl/pull/20) ([roidelapluie](https://github.com/roidelapluie))
+- Fix defaults: behaviour [\#19](https://github.com/voxpupuli/puppet-posix_acl/pull/19) ([roidelapluie](https://github.com/roidelapluie))
+- Add autorequire on parent ACL [\#18](https://github.com/voxpupuli/puppet-posix_acl/pull/18) ([roidelapluie](https://github.com/roidelapluie))
+- Fix ruby 1.8.7 quirks [\#17](https://github.com/voxpupuli/puppet-posix_acl/pull/17) ([dobbymoodge](https://github.com/dobbymoodge))
+- Better support for 'deep' recursive acls [\#15](https://github.com/voxpupuli/puppet-posix_acl/pull/15) ([roidelapluie](https://github.com/roidelapluie))
+- Adds space around operators in ternary expressions [\#14](https://github.com/voxpupuli/puppet-posix_acl/pull/14) ([dobbymoodge](https://github.com/dobbymoodge))
+- Add recursemode parameter to apply ACLs recursively [\#13](https://github.com/voxpupuli/puppet-posix_acl/pull/13) ([dobbymoodge](https://github.com/dobbymoodge))
+- Add the Puppetlabs Skeleton for testing [\#11](https://github.com/voxpupuli/puppet-posix_acl/pull/11) ([roidelapluie](https://github.com/roidelapluie))
+- Drop duplicate ACL's. [\#10](https://github.com/voxpupuli/puppet-posix_acl/pull/10) ([kevincox](https://github.com/kevincox))
+- Update sync [\#7](https://github.com/voxpupuli/puppet-posix_acl/pull/7) ([mwoodson](https://github.com/mwoodson))
+- Normalize ACL's. [\#5](https://github.com/voxpupuli/puppet-posix_acl/pull/5) ([kevincox](https://github.com/kevincox))
+- Make posixacl the default for the redhat family [\#3](https://github.com/voxpupuli/puppet-posix_acl/pull/3) ([nhemingway](https://github.com/nhemingway))
+- Add a acl::requirements class [\#2](https://github.com/voxpupuli/puppet-posix_acl/pull/2) ([duritong](https://github.com/duritong))
+- Fix typo and make Modulefile validate by puppet module tool [\#1](https://github.com/voxpupuli/puppet-posix_acl/pull/1) ([carlossg](https://github.com/carlossg))
+
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
--- /dev/null
+Checklist (and a short version for the impatient)
+=================================================
+
+ * Commits:
+
+ - Make commits of logical units.
+
+ - Check for unnecessary whitespace with "git diff --check" before
+ committing.
+
+ - Commit using Unix line endings (check the settings around "crlf" in
+ git-config(1)).
+
+ - Do not check in commented out code or unneeded files.
+
+ - The first line of the commit message should be a short
+ description (50 characters is the soft limit, excluding ticket
+ number(s)), and should skip the full stop.
+
+ - Associate the issue in the message. The first line should include
+ the issue number in the form "(#XXXX) Rest of message".
+
+ - The body should provide a meaningful commit message, which:
+
+ - uses the imperative, present tense: "change", not "changed" or
+ "changes".
+
+ - includes motivation for the change, and contrasts its
+ implementation with the previous behavior.
+
+ - Make sure that you have tests for the bug you are fixing, or
+ feature you are adding.
+
+ - Make sure the test suites passes after your commit:
+ `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below
+
+ - When introducing a new feature, make sure it is properly
+ documented in the README.md
+
+ * Submission:
+
+ * Pre-requisites:
+
+ - Make sure you have a [GitHub account](https://github.com/join)
+
+ - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for.
+
+ * Preferred method:
+
+ - Fork the repository on GitHub.
+
+ - Push your changes to a topic branch in your fork of the
+ repository. (the format ticket/1234-short_description_of_change is
+ usually preferred for this project).
+
+ - Submit a pull request to the repository in the puppetlabs
+ organization.
+
+The long version
+================
+
+ 1. Make separate commits for logically separate changes.
+
+ Please break your commits down into logically consistent units
+ which include new or changed tests relevant to the rest of the
+ change. The goal of doing this is to make the diff easier to
+ read for whoever is reviewing your code. In general, the easier
+ your diff is to read, the more likely someone will be happy to
+ review it and get it into the code base.
+
+ If you are going to refactor a piece of code, please do so as a
+ separate commit from your feature or bug fix changes.
+
+ We also really appreciate changes that include tests to make
+ sure the bug is not re-introduced, and that the feature is not
+ accidentally broken.
+
+ Describe the technical detail of the change(s). If your
+ description starts to get too long, that is a good sign that you
+ probably need to split up your commit into more finely grained
+ pieces.
+
+ Commits which plainly describe the things which help
+ reviewers check the patch and future developers understand the
+ code are much more likely to be merged in with a minimum of
+ bike-shedding or requested changes. Ideally, the commit message
+ would include information, and be in a form suitable for
+ inclusion in the release notes for the version of Puppet that
+ includes them.
+
+ Please also check that you are not introducing any trailing
+ whitespace or other "whitespace errors". You can do this by
+ running "git diff --check" on your changes before you commit.
+
+ 2. Sending your patches
+
+ To submit your changes via a GitHub pull request, we _highly_
+ recommend that you have them on a topic branch, instead of
+ directly on "master".
+ It makes things much easier to keep track of, especially if
+ you decide to work on another thing before your first change
+ is merged in.
+
+ GitHub has some pretty good
+ [general documentation](http://help.github.com/) on using
+ their site. They also have documentation on
+ [creating pull requests](http://help.github.com/send-pull-requests/).
+
+ In general, after pushing your topic branch up to your
+ repository on GitHub, you can switch to the branch in the
+ GitHub UI and click "Pull Request" towards the top of the page
+ in order to open a pull request.
+
+
+ 3. Update the related GitHub issue.
+
+ If there is a GitHub issue associated with the change you
+ submitted, then you should update the ticket to include the
+ location of your branch, along with any other commentary you
+ may wish to make.
+
+Testing
+=======
+
+Getting Started
+---------------
+
+Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby
+package manager such as [bundler](http://bundler.io/) what Ruby packages,
+or Gems, are required to build, develop, and test this software.
+
+Please make sure you have [bundler installed](http://bundler.io/#getting-started)
+on your system, then use it to install all dependencies needed for this project,
+by running
+
+```shell
+% bundle install
+Fetching gem metadata from https://rubygems.org/........
+Fetching gem metadata from https://rubygems.org/..
+Using rake (10.1.0)
+Using builder (3.2.2)
+-- 8><-- many more --><8 --
+Using rspec-system-puppet (2.2.0)
+Using serverspec (0.6.3)
+Using rspec-system-serverspec (1.0.0)
+Using bundler (1.3.5)
+Your bundle is complete!
+Use `bundle show [gemname]` to see where a bundled gem is installed.
+```
+
+NOTE some systems may require you to run this command with sudo.
+
+If you already have those gems installed, make sure they are up-to-date:
+
+```shell
+% bundle update
+```
+
+With all dependencies in place and up-to-date we can now run the tests:
+
+```shell
+% bundle exec rake spec
+```
+
+This will execute all the [rspec tests](http://rspec-puppet.com/) tests
+under [spec/defines](./spec/defines), [spec/classes](./spec/classes),
+and so on. rspec tests may have the same kind of dependencies as the
+module they are testing. While the module defines in its [Modulefile](./Modulefile),
+rspec tests define them in [.fixtures.yml](./fixtures.yml).
+
+Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker)
+tests. These tests spin up a virtual machine under
+[VirtualBox](https://www.virtualbox.org/)) with, controlling it with
+[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test
+scenarios. In order to run these, you will need both of those tools
+installed on your system.
+
+You can run them by issuing the following command
+
+```shell
+% bundle exec rake spec_clean
+% bundle exec rspec spec/acceptance
+```
+
+This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
+install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
+and then run all the tests under [spec/acceptance](./spec/acceptance).
+
+Writing Tests
+-------------
+
+XXX getting started writing tests.
+
+If you have commit access to the repository
+===========================================
+
+Even if you have commit access to the repository, you will still need to
+go through the process above, and have someone else review and merge
+in your changes. The rule is that all changes must be reviewed by a
+developer on the project (that did not write the code) to ensure that
+all changes go through a code review process.
+
+Having someone other than the author of the topic branch recorded as
+performing the merge is the record that they performed the code
+review.
+
+
+Additional Resources
+====================
+
+* [Getting additional help](http://puppetlabs.com/community/get-help)
+
+* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests)
+
+* [Patchwork](https://patchwork.puppetlabs.com)
+
+* [General GitHub documentation](http://help.github.com/)
+
+* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)
+
--- /dev/null
+source ENV['GEM_SOURCE'] || "https://rubygems.org"
+
+def location_for(place, fake_version = nil)
+ if place =~ /^(git[:@][^#]*)#(.*)/
+ [fake_version, { :git => $1, :branch => $2, :require => false }].compact
+ elsif place =~ /^file:\/\/(.*)/
+ ['>= 0', { :path => File.expand_path($1), :require => false }]
+ else
+ [place, { :require => false }]
+ end
+end
+
+group :test do
+ gem 'puppetlabs_spec_helper', '>= 2.11.0', :require => false
+ gem 'rspec-puppet-facts', '>= 1.8.0', :require => false
+ gem 'rspec-puppet-utils', :require => false
+ gem 'puppet-lint-leading_zero-check', :require => false
+ gem 'puppet-lint-trailing_comma-check', :require => false
+ gem 'puppet-lint-version_comparison-check', :require => false
+ gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false
+ gem 'puppet-lint-unquoted_string-check', :require => false
+ gem 'puppet-lint-variable_contains_upcase', :require => false
+ gem 'metadata-json-lint', :require => false
+ gem 'redcarpet', :require => false
+ gem 'rubocop', '~> 0.49.1', :require => false if RUBY_VERSION >= '2.3.0'
+ gem 'rubocop-rspec', '~> 1.15.0', :require => false if RUBY_VERSION >= '2.3.0'
+ gem 'mocha', '~> 1.4.0', :require => false
+ gem 'coveralls', :require => false
+ gem 'simplecov-console', :require => false
+ gem 'rack', '~> 1.0', :require => false if RUBY_VERSION < '2.2.2'
+ gem 'parallel_tests', :require => false
+end
+
+group :development do
+ gem 'travis', :require => false
+ gem 'travis-lint', :require => false
+ gem 'guard-rake', :require => false
+ gem 'overcommit', '>= 0.39.1', :require => false
+end
+
+group :system_tests do
+ gem 'winrm', :require => false
+ if beaker_version = ENV['BEAKER_VERSION']
+ gem 'beaker', *location_for(beaker_version)
+ else
+ gem 'beaker', '>= 3.9.0', :require => false
+ end
+ if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION']
+ gem 'beaker-rspec', *location_for(beaker_rspec_version)
+ else
+ gem 'beaker-rspec', :require => false
+ end
+ gem 'serverspec', :require => false
+ gem 'beaker-hostgenerator', '>= 1.1.10', :require => false
+ gem 'beaker-docker', :require => false
+ gem 'beaker-puppet', :require => false
+ gem 'beaker-puppet_install_helper', :require => false
+ gem 'beaker-module_install_helper', :require => false
+ gem 'rbnacl', '>= 4', :require => false if RUBY_VERSION >= '2.2.6'
+ gem 'rbnacl-libsodium', :require => false if RUBY_VERSION >= '2.2.6'
+ gem 'bcrypt_pbkdf', :require => false
+end
+
+group :release do
+ gem 'github_changelog_generator', :require => false, :git => 'https://github.com/github-changelog-generator/github-changelog-generator' if RUBY_VERSION >= '2.2.2'
+ gem 'puppet-blacksmith', :require => false
+ gem 'voxpupuli-release', :require => false, :git => 'https://github.com/voxpupuli/voxpupuli-release-gem'
+ gem 'puppet-strings', '>= 1.0', :require => false
+end
+
+
+
+if facterversion = ENV['FACTER_GEM_VERSION']
+ gem 'facter', facterversion.to_s, :require => false, :groups => [:test]
+else
+ gem 'facter', :require => false, :groups => [:test]
+end
+
+ENV['PUPPET_VERSION'].nil? ? puppetversion = '~> 5.0' : puppetversion = ENV['PUPPET_VERSION'].to_s
+gem 'puppet', puppetversion, :require => false, :groups => [:test]
+
+# vim: syntax=ruby
--- /dev/null
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
--- /dev/null
+#+TITLE: Acl module for Puppet
+
+* Description
+This plugin module provides a way to set POSIX 1.e (and other standards) file ACLs via Puppet.
+
+* Usage:
+ - the =posix_acl= resource =title= is used as the path specifier.
+ - ACLs are specified in the =permission= property as an array of strings in the same format as is used for =setfacl=.
+ - the =action= parameter can be one of =set=, =exact=, =unset= or =purge=. These are described in detail below.
+ - the =provider= parameter allows a choice of filesystem ACL provider. Currently only POSIX 1.e is implemented.
+ - the =recursive= parameter allows you to apply the ACLs to all files under the specified path.
+
+ : posix_acl { "/var/log/httpd":
+ : action => set,
+ : permission => [
+ : "user::rwx",
+ : "group::---",
+ : "mask::r-x",
+ : "other::---",
+ : "group:logview:r-x",
+ : "default:user::rwx",
+ : "default:group::---",
+ : "default:mask::rwx",
+ : "default:other::---",
+ : "default:group:logview:r-x",
+ : ],
+ : provider => posixacl,
+ : require => [
+ : Group["logview"],
+ : Package["httpd"],
+ : Mount["/var"],
+ : ],
+ : recursive => false,
+ : }
+
+** Using action => set:
+The =set= option for the =action= parameter allows you to specify a minimal set of ACLs which will be guaranteed by Puppet. ACLs applied to the path which do not match those specified in the =permission= property will remain unchanged.
+*** Initial permissions:
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+ : mask::rwx
+ : group:webadmin:r-x
+ : group:httpadmin:rwx
+*** Specified acls:
+ : permission => [
+ : 'user::rwx',
+ : 'group::r-x',
+ : 'other::r-x',
+ : 'mask::rwx',
+ : 'group:webadmin:rwx',
+ : 'user:apache:rwx',
+ : ],
+*** Updated permissions:
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+ : mask::rwx
+ : user:apache:rwx
+ : group:webadmin:rwx
+ : group:httpadmin:rwx
+** Using action => exact:
+The =exact= option for the =action= parameter will specify the exact set of ACLs guaranteed and enforced by Puppet. ACLs applied to the path which do not match those specified in the =permission= property will be removed.
+*** Initial permissions:
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+ : mask::rwx
+ : group:webadmin:r-x
+ : group:httpadmin:rwx
+*** Specified acls:
+ : permission => [
+ : 'user::rwx',
+ : 'group::r-x',
+ : 'other::r-x',
+ : 'mask::rwx',
+ : 'group:webadmin:r--',
+ : 'user:apache:rwx',
+ : ],
+*** Updated permissions:
+ - group:httpadmin permission is removed
+ - user:apache permission is added
+ - group:webadmin permission is updated
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+ : mask::rwx
+ : group:webadmin:r--
+ : user:apache:rwx
+** Using action => unset:
+The =unset= option for the =action= parameter will specify the set of ACLs guaranteed by Puppet to NOT be applied to the path. ACLs applied to the path which match those specified in the =permission= property will be removed. ACLs applied to the path which do not match those specified in the =permission= property will remain unchanged.
+*** Initial permissions:
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+ : mask::rwx
+ : group:webadmin:r-x
+ : group:httpadmin:rwx
+*** Specified acls:
+ : permission => [
+ : 'user::rwx',
+ : 'group::r-x',
+ : 'other::r-x',
+ : 'mask::rwx',
+ : 'group:webadmin:r--',
+ : 'user:apache:rwx',
+ : ],
+*** Updated permissions:
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+ : mask::rwx
+ : group:httpadmin:rwx
+** Using action => purge:
+The =purge= option for the =action= parameter will cause Puppet to remove any file ACLs applied to the path.
+
+NOTE: Although the =permission= property is unused for this action, it needs to have a valid ACL value for the action to work. This is a known issue.
+*** Initial permissions:
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+ : mask::rwx
+ : group:webadmin:r-x
+ : group:httpadmin:rwx
+*** Specified acls:
+See above
+ : permission => [
+ : 'user::rwx',
+ : 'group::r-x',
+ : 'other::r-x',
+ : 'mask::rwx',
+ : 'group:webadmin:r--',
+ : 'user:apache:rwx',
+ : ],
+*** Updated permissions:
+ - All file ACLs are removed
+ : # file /var/www/site1
+ : user::rwx
+ : group::r-x
+ : other::r-x
+
+* Notes:
+** Conflicts with "file" resource type:
+If the path being modified is managed via the =File= resource type, the path's mode bits must match the value specified in the =permission= property of the ACL
+** Mask check:
+The ACL setter doesn't recalculate the rights mask based on the user/group ACLs specified, so it is possible to specify ACLs on a file for which a more restrictive set of rights is enforced, known as "effective rights". For example, with these =permission= parameters on a file =test=:
+ : permission => [
+ : 'user::rw-',
+ : 'group::---',
+ : 'mask::r--',
+ : 'other::---',
+ : 'user:apache:rwx',
+ : 'group:root:r-x',
+ : 'group:admin:rwx',
+ : ],
+
+The output of =getfacl test= reveals a more restrictive set of effective rights, which might not be what was expected:
+ : # file: test
+ : # owner: root
+ : # group: root
+ : user::rw-
+ : group::---
+ : other::---
+ : mask::r--
+ : user:apache:rwx #effective:r--
+ : group:root:r-x #effective:r--
+ : group:admin:rwx #effective:r--
--- /dev/null
+require 'puppetlabs_spec_helper/rake_tasks'
+
+# load optional tasks for releases
+# only available if gem group releases is installed
+begin
+ require 'puppet_blacksmith/rake_tasks'
+ require 'voxpupuli/release/rake_tasks'
+ require 'puppet-strings/tasks'
+rescue LoadError
+end
+
+PuppetLint.configuration.log_format = '%{path}:%{line}:%{check}:%{KIND}:%{message}'
+PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.send('relative')
+PuppetLint.configuration.send('disable_140chars')
+PuppetLint.configuration.send('disable_class_inherits_from_params_class')
+PuppetLint.configuration.send('disable_documentation')
+PuppetLint.configuration.send('disable_single_quote_string_with_variables')
+
+exclude_paths = %w(
+ pkg/**/*
+ vendor/**/*
+ .vendor/**/*
+ spec/**/*
+)
+PuppetLint.configuration.ignore_paths = exclude_paths
+PuppetSyntax.exclude_paths = exclude_paths
+
+desc 'Auto-correct puppet-lint offenses'
+task 'lint:auto_correct' do
+ PuppetLint.configuration.fix = true
+ Rake::Task[:lint].invoke
+end
+
+desc 'Run acceptance tests'
+RSpec::Core::RakeTask.new(:acceptance) do |t|
+ t.pattern = 'spec/acceptance'
+end
+
+desc 'Run tests metadata_lint, release_checks'
+task test: [
+ :metadata_lint,
+ :release_checks,
+]
+
+desc "Run main 'test' task and report merged results to coveralls"
+task test_with_coveralls: [:test] do
+ if Dir.exist?(File.expand_path('../lib', __FILE__))
+ require 'coveralls/rake/task'
+ Coveralls::RakeTask.new
+ Rake::Task['coveralls:push'].invoke
+ else
+ puts 'Skipping reporting to coveralls. Module has no lib dir'
+ end
+end
+
+desc "Print supported beaker sets"
+task 'beaker_sets', [:directory] do |t, args|
+ directory = args[:directory]
+
+ metadata = JSON.load(File.read('metadata.json'))
+
+ (metadata['operatingsystem_support'] || []).each do |os|
+ (os['operatingsystemrelease'] || []).each do |release|
+ if directory
+ beaker_set = "#{directory}/#{os['operatingsystem'].downcase}-#{release}"
+ else
+ beaker_set = "#{os['operatingsystem'].downcase}-#{release}-x64"
+ end
+
+ filename = "spec/acceptance/nodesets/#{beaker_set}.yml"
+
+ puts beaker_set if File.exists? filename
+ end
+ end
+end
+
+begin
+ require 'github_changelog_generator/task'
+ GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+ version = (Blacksmith::Modulefile.new).version
+ config.future_release = "v#{version}" if version =~ /^\d+\.\d+.\d+$/
+ config.header = "# Changelog\n\nAll notable changes to this project will be documented in this file.\nEach new release typically also includes the latest modulesync defaults.\nThese should not affect the functionality of the module."
+ config.exclude_labels = %w{duplicate question invalid wontfix wont-fix modulesync skip-changelog}
+ config.user = 'voxpupuli'
+ metadata_json = File.join(File.dirname(__FILE__), 'metadata.json')
+ metadata = JSON.load(File.read(metadata_json))
+ config.project = metadata['name']
+ end
+rescue LoadError
+end
+# vim: syntax=ruby
--- /dev/null
+{
+ "CHANGELOG.md": "a9773633c6662eb81dc1746eab49dc25",
+ "CONTRIBUTING.md": "ad65d271f183b5adb9fdd58207939f5f",
+ "Gemfile": "cdd43fe4fc5ef35ddc132407551180b2",
+ "LICENSE": "3b83ef96387f14655fc854ddc3c6bd57",
+ "README.org": "64db9bd628c28fe105bc2be006b5fd17",
+ "Rakefile": "3c6f218e7e63e1a6e24251f365423e49",
+ "lib/puppet/provider/posix_acl/genericacl.rb": "4f0869eb98de0f3c8d1d7bd57d27ba96",
+ "lib/puppet/provider/posix_acl/posixacl.rb": "de6392553292e752fee9426e83a33e66",
+ "lib/puppet/type/posix_acl.rb": "2d5efc0bf8039f81eb28745b561dd1f6",
+ "manifests/requirements.pp": "899a1e79ead355c8f98aad3520e80d39",
+ "metadata.json": "4f219497dd99654406b0c37e31f8d31f",
+ "spec/acceptance/nodesets/archlinux-2-x64.yml": "daafcfcb4c8c8766856f52cec6ae5e86",
+ "spec/acceptance/nodesets/centos-511-x64.yml": "ca8258bc835dd985a1754689d124cd66",
+ "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
+ "spec/acceptance/nodesets/centos-6-x64.yml": "58065782a8d40780d9728257a23504cd",
+ "spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b",
+ "spec/acceptance/nodesets/centos-65-x64.yml": "3e5c36e6aa5a690229e720f4048bb8af",
+ "spec/acceptance/nodesets/centos-66-x64-pe.yml": "e68e03dc562bf58f7c5bba54a1a34619",
+ "spec/acceptance/nodesets/centos-7-x64.yml": "68d3556f670b8ac0a169a8270ff8c37a",
+ "spec/acceptance/nodesets/debian-78-x64.yml": "56af2760a64c13a0bccd59404435939c",
+ "spec/acceptance/nodesets/debian-82-x64.yml": "26f2f696e6073549fe0a844f9a46f85b",
+ "spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml": "b3dc2d81918fcc6d56855c88ba5b7ce8",
+ "spec/acceptance/nodesets/ec2/image_templates.yaml": "516f9c4c3407993a100090ce9e1a643c",
+ "spec/acceptance/nodesets/ec2/rhel-73-x64.yml": "e74670a1cb8eea32afc879a5d786f9bd",
+ "spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml": "2506efcc9fb420132edc37bf88d6e21d",
+ "spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml": "87efd97ff1b073c3448f429a8ffc5a7c",
+ "spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml": "e9db4dd16c60c52b433694130c2583a0",
+ "spec/acceptance/nodesets/fedora-25-x64.yml": "807fbf45f95fc7bc2af8c689d34e4160",
+ "spec/acceptance/nodesets/fedora-26-x64.yml": "e7ee1e18590548ff098192c2127c6697",
+ "spec/acceptance/nodesets/fedora-27-x64.yml": "326a10c4eb327ccd85775dfa0f76e5c1",
+ "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297",
+ "spec/acceptance/nodesets/ubuntu-server-1204-x64.yml": "0dd7639bf95bfb18169ebba9a2bac163",
+ "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269",
+ "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "7455367b784060b921360b29a56cd74c",
+ "spec/acceptance/nodesets/ubuntu-server-1604-x64.yml": "37673118cc3bf052755d65fb5dd90226",
+ "spec/default_facts.yml": "11504073ebebb30015eb85ff9805f2d9",
+ "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c",
+ "spec/spec_helper.rb": "2e78c273353985a5b95d70b47019a344",
+ "spec/unit/puppet/provider/posixacl_spec.rb": "9715390fbd16bd566ea0784a1739facc",
+ "spec/unit/puppet/type/acl_spec.rb": "e349f44546d03614e01bbc08a943778c"
+}
\ No newline at end of file
--- /dev/null
+Puppet::Type.type(:posix_acl).provide(:genericacl, parent: Puppet::Provider) do
+end
--- /dev/null
+Puppet::Type.type(:posix_acl).provide(:posixacl, parent: Puppet::Provider) do
+ desc 'Provide posix 1e acl functions using posix getfacl/setfacl commands'
+
+ commands setfacl: '/usr/bin/setfacl'
+ commands getfacl: '/usr/bin/getfacl'
+
+ confine feature: :posix
+ defaultfor operatingsystem: [:debian, :ubuntu, :redhat, :centos, :fedora, :sles]
+
+ def exists?
+ permission
+ end
+
+ def unset_perm(perm, path)
+ # Don't try to unset mode bits, it doesn't make sense!
+ return if perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):}
+
+ perm = perm.split(':')[0..-2].join(':')
+ if check_recursive
+ setfacl('-R', '-n', '-x', perm, path)
+ else
+ setfacl('-n', '-x', perm, path)
+ end
+ end
+
+ def set_perm(perm, path)
+ if check_recursive
+ setfacl('-R', '-n', '-m', perm, path)
+ else
+ setfacl('-n', '-m', perm, path)
+ end
+ end
+
+ def unset
+ @resource.value(:permission).each do |perm|
+ unset_perm(perm, @resource.value(:path))
+ end
+ end
+
+ def purge
+ if check_recursive
+ setfacl('-R', '-b', @resource.value(:path))
+ else
+ setfacl('-b', @resource.value(:path))
+ end
+ end
+
+ def permission
+ return [] unless File.exist?(@resource.value(:path))
+ value = []
+ # String#lines would be nice, but we need to support Ruby 1.8.5
+ getfacl('--absolute-names', '--no-effective', @resource.value(:path)).split("\n").each do |line|
+ # Strip comments and blank lines
+ value << line.gsub('\040', ' ') if line !~ %r{^#} && line != ''
+ end
+ value.sort
+ end
+
+ def check_recursive
+ # Changed functionality to return boolean true or false
+ @resource.value(:recursive) == :true && resource.value(:recursemode) == :lazy
+ end
+
+ def check_exact
+ @resource.value(:action) == :exact
+ end
+
+ def check_unset
+ @resource.value(:action) == :unset
+ end
+
+ def check_purge
+ @resource.value(:action) == :purge
+ end
+
+ def check_set
+ @resource.value(:action) == :set
+ end
+
+ def permission=(_value) # TODO: Investigate why we're not using this parameter
+ Puppet.debug @resource.value(:action)
+ case @resource.value(:action)
+ when :unset
+ unset
+ when :purge
+ purge
+ when :exact, :set
+ cur_perm = permission
+ perm_to_set = @resource.value(:permission) - cur_perm
+ perm_to_unset = cur_perm - @resource.value(:permission)
+ return false if perm_to_set.empty? && perm_to_unset.empty?
+ # Take supplied perms literally, unset any existing perms which
+ # are absent from ACLs given
+ if check_exact
+ perm_to_unset.each do |perm|
+ # Skip base perms in unset step
+ if perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):}
+ Puppet.debug "skipping unset of base perm: #{perm}"
+ else
+ unset_perm(perm, @resource.value(:path))
+ end
+ end
+ end
+ perm_to_set.each do |perm|
+ set_perm(perm, @resource.value(:path))
+ end
+ end
+ end
+end
--- /dev/null
+require 'set'
+require 'pathname'
+
+Puppet::Type.newtype(:posix_acl) do
+ desc <<-EOT
+ Ensures that a set of ACL permissions are applied to a given file
+ or directory.
+
+ Example:
+
+ posix_acl { '/var/www/html':
+ action => exact,
+ permission => [
+ 'user::rwx',
+ 'group::r-x',
+ 'mask::rwx',
+ 'other::r--',
+ 'default:user::rwx',
+ 'default:user:www-data:r-x',
+ 'default:group::r-x',
+ 'default:mask::rwx',
+ 'default:other::r--',
+ ],
+ provider => posixacl,
+ recursive => true,
+ }
+
+ In this example, Puppet will ensure that the user and group
+ permissions are set recursively on /var/www/html as well as add
+ default permissions that will apply to new directories and files
+ created under /var/www/html
+
+ Setting an ACL can change a file's mode bits, so if the file is
+ managed by a File resource, that resource needs to set the mode
+ bits according to what the calculated mode bits will be, for
+ example, the File resource for the ACL above should be:
+
+ file { '/var/www/html':
+ mode => 754,
+ }
+ EOT
+
+ newparam(:action) do
+ desc 'What do we do with this list of ACLs? Options are set, unset, exact, and purge'
+ newvalues(:set, :unset, :exact, :purge)
+ defaultto :set
+ end
+
+ newparam(:path) do
+ desc 'The file or directory to which the ACL applies.'
+ isnamevar
+ validate do |value|
+ path = Pathname.new(value)
+ unless path.absolute?
+ raise ArgumentError, "Path must be absolute: #{path}"
+ end
+ end
+ end
+
+ newparam(:recursemode) do
+ desc "Should Puppet apply the ACL recursively with the -R option or
+ apply it to individual files?
+
+ lazy means -R option
+ deep means apply to every file"
+
+ newvalues(:lazy, :deep)
+ defaultto :lazy
+ end
+
+ # Credits to @itdoesntwork
+ # http://stackoverflow.com/questions/26878341/how-do-i-tell-if-one-path-is-an-ancestor-of-another
+ def self.descendant?(a, b)
+ a_list = File.expand_path(a).split('/')
+ b_list = File.expand_path(b).split('/')
+
+ b_list[0..a_list.size - 1] == a_list && b_list != a_list
+ end
+
+ # Snippet based on upstream Puppet (ASL 2.0)
+ [:posix_acl, :file].each do |autorequire_type|
+ autorequire(autorequire_type) do
+ req = []
+ path = Pathname.new(self[:path])
+ # rubocop:disable Style/MultilineBlockChain
+ if autorequire_type != :posix_acl
+ if self[:recursive] == :true
+ catalog.resources.select do |r|
+ r.is_a?(Puppet::Type.type(autorequire_type)) && self.class.descendant?(self[:path], r[:path])
+ end.each do |found|
+ req << found[:path]
+ end
+ end
+ req << self[:path]
+ end
+ unless path.root?
+ # Start at our parent, to avoid autorequiring ourself
+ parents = path.parent.enum_for(:ascend)
+ # should this be = or == ? I don't know
+ if found = parents.find { |p| catalog.resource(autorequire_type, p.to_s) } # rubocop:disable Lint/AssignmentInCondition
+ req << found.to_s
+ end
+ end
+ req
+ end
+ # rubocop:enable Style/MultilineBlockChain
+ end
+ # End of Snippet
+
+ autorequire(:package) do
+ ['acl']
+ end
+
+ newproperty(:permission, array_matching: :all) do
+ desc 'ACL permission(s).'
+
+ def is_to_s(value) # rubocop:disable Style/PredicateName
+ if value == :absent || value.include?(:absent)
+ super
+ else
+ value.sort.inspect
+ end
+ end
+
+ def should_to_s(value)
+ if value == :absent || value.include?(:absent)
+ super
+ else
+ value.sort.inspect
+ end
+ end
+
+ def retrieve
+ provider.permission
+ end
+
+ # Remove permission bits from an ACL line, eg:
+ # 'user:root:rwx' becomes 'user:root:'
+ def strip_perms(pl)
+ Puppet.debug 'permission.strip_perms'
+ value = []
+ pl.each do |perm|
+ unless perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):}
+ perm = perm.split(':', -1)[0..-2].join(':')
+ value << perm
+ end
+ end
+ value.sort
+ end
+
+ # in unset_insync and set_insync the test_should has been added as a work around
+ # to prevent puppet-posix_acl from interpreting recursive permission notation (e.g. rwX)
+ # from causing a false mismatch. A better solution needs to be implemented to
+ # recursively check permissions, not rely upon getfacl
+ def unset_insync(cur_perm)
+ # Puppet.debug "permission.unset_insync"
+ test_should = []
+ @should.each { |x| test_should << x.downcase }
+ cp = strip_perms(cur_perm)
+ sp = strip_perms(test_should)
+ (sp - cp).sort == sp
+ end
+
+ def set_insync(cur_perm) # rubocop:disable Style/AccessorMethodName
+ should = @should.uniq.sort
+ (cur_perm.sort == should) || (provider.check_set && (should - cur_perm).empty?)
+ end
+
+ def purge_insync(cur_perm)
+ # Puppet.debug "permission.purge_insync"
+ cur_perm.each do |perm|
+ # If anything other than the mode bits are set, we're not in sync
+ return false unless perm =~ %r{^(((u(ser)?)|(g(roup)?)|(o(ther)?)):):}
+ end
+ true
+ end
+
+ def insync?(is)
+ Puppet.debug "permission.insync? is: #{is.inspect} @should: #{@should.inspect}"
+ return purge_insync(is) if provider.check_purge
+ return unset_insync(is) if provider.check_unset
+ set_insync(is)
+ end
+
+ # Munge into normalised form
+ munge do |acl|
+ r = ''
+ a = acl.split ':', -1 # -1 keeps trailing empty fields.
+ raise ArgumentError, "Too few fields. At least 3 required, got #{a.length}." if a.length < 3
+ raise ArgumentError, "Too many fields. At most 4 allowed, got #{a.length}." if a.length > 4
+ if a.length == 4
+ d = a.shift
+ raise ArgumentError, %(First field of 4 must be "d" or "default", got "#{d}".) unless %w[d default].include?(d)
+ r << 'default:'
+ end
+ t = a.shift # Copy the type.
+ r << case t
+ when 'u', 'user'
+ 'user:'
+ when 'g', 'group'
+ 'group:'
+ when 'o', 'other'
+ 'other:'
+ when 'm', 'mask'
+ 'mask:'
+ else
+ raise ArgumentError, %(Unknown type "#{t}", expected "user", "group", "other" or "mask".)
+ end
+ r << "#{a.shift}:" # Copy the "who".
+ p = a.shift
+ if p =~ %r{[0-7]}
+ p = p.oct
+ r << (p | 4 ? 'r' : '-')
+ r << (p | 2 ? 'w' : '-')
+ r << (p | 1 ? 'x' : '-')
+ else
+ # Not the most efficient but checks for multiple and invalid chars.
+ s = p.tr '-', ''
+ r << (s.sub!('r', '') ? 'r' : '-')
+ r << (s.sub!('w', '') ? 'w' : '-')
+ r << (s.sub!('x', '') ? 'x' : '-')
+ raise ArgumentError, %(Invalid permission set "#{p}".) unless s.empty?
+ end
+ r
+ end
+ end
+
+ newparam(:recursive) do
+ desc 'Apply ACLs recursively.'
+ newvalues(:true, :false)
+ defaultto :false
+ end
+
+ def self.pick_default_perms(acl)
+ acl.reject { |a| a.split(':', -1).length == 4 }
+ end
+
+ def newchild(path)
+ options = @original_parameters.merge(name: path).reject { |_param, value| value.nil? }
+ unless File.directory?(options[:name])
+ options[:permission] = self.class.pick_default_perms(options[:permission]) if options.include?(:permission)
+ end
+ [:recursive, :recursemode, :path].each do |param|
+ options.delete(param) if options.include?(param)
+ end
+ self.class.new(options)
+ end
+
+ def generate
+ return [] unless self[:recursive] == :true && self[:recursemode] == :deep
+ results = []
+ paths = Set.new
+ if File.directory?(self[:path])
+ Dir.chdir(self[:path]) do
+ Dir['**/*'].each do |path|
+ paths << ::File.join(self[:path], path)
+ end
+ end
+ end
+ # At the time we generate extra resources, all the files might now be present yet.
+ # In prediction to that we also create ACL resources for child file resources that
+ # might not have been applied yet.
+ catalog.resources.select do |r|
+ r.is_a?(Puppet::Type.type(:file)) && self.class.descendant?(self[:path], r[:path])
+ end.each do |found| # rubocop:disable Style/MultilineBlockChain
+ paths << found[:path]
+ end
+ paths.each do |path|
+ results << newchild(path)
+ end
+ results
+ end
+
+ validate do
+ unless self[:permission]
+ raise(Puppet::Error, 'permission is a required property.')
+ end
+ end
+end
--- /dev/null
+class posix_acl::requirements {
+ package { 'acl':
+ ensure => 'present',
+ }
+}
--- /dev/null
+{
+ "name": "puppet-posix_acl",
+ "version": "0.1.1",
+ "author": "Vox Pupuli",
+ "summary": "Puppet ACL Module",
+ "license": "Apache-2.0",
+ "source": "https://github.com/voxpupuli/puppet-posix_acl.git",
+ "project_page": "https://github.com/voxpupuli/puppet-posix_acl",
+ "issues_url": "https://github.com/voxpupuli/puppet-posix_acl/issues",
+ "dependencies": [
+
+ ],
+ "data_provider": null,
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": [
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "CentOS",
+ "operatingsystemrelease": [
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "OracleLinux",
+ "operatingsystemrelease": [
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Scientific",
+ "operatingsystemrelease": [
+ "7"
+ ]
+ }
+ ],
+ "requirements": [
+ {
+ "name": "puppet",
+ "version_requirement": ">= 4.10.0 < 7.0.0"
+ }
+ ],
+ "description": "Manages posix 1e ACLs on files, provides base classes so additional ACL standards can be supported."
+}
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ archlinux-2-x64:
+ roles:
+ - master
+ platform: archlinux-2-x64
+ box: archlinux/archlinux
+ hypervisor: vagrant
+CONFIG:
+ type: foss
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-511-x64:
+ roles:
+ - master
+ platform: el-5-x86_64
+ box: puppetlabs/centos-5.11-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
--- /dev/null
+HOSTS:
+ centos-59-x64:
+ roles:
+ - master
+ platform: el-5-x86_64
+ box : centos-59-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-6-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box: centos/6
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
--- /dev/null
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ - database
+ - dashboard
+ platform: el-6-x86_64
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: pe
--- /dev/null
+HOSTS:
+ centos-65-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box : centos-65-x64-vbox436-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: foss
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-66-x64:
+ roles:
+ - master
+ - database
+ - dashboard
+ platform: el-6-x86_64
+ box: puppetlabs/centos-6.6-64-puppet-enterprise
+ hypervisor: vagrant
+CONFIG:
+ type: pe
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ centos-7-x64:
+ roles:
+ - master
+ platform: el-7-x86_64
+ box: centos/7
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ debian-78-x64:
+ roles:
+ - master
+ platform: debian-7-amd64
+ box: puppetlabs/debian-7.8-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ debian-82-x64:
+ roles:
+ - master
+ platform: debian-8-amd64
+ box: puppetlabs/debian-8.2-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+# Amazon Linux is not a RHEL clone.
+#
+HOSTS:
+ amazonlinux-2016091-x64:
+ roles:
+ - master
+ platform: centos-6-x86_64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: amazonlinux-2016091-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
--- /dev/null
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# see also: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+# Hint: image IDs (ami-*) for the same image are different per location.
+#
+AMI:
+ # Amazon Linux AMI 2016.09.1 (HVM), SSD Volume Type
+ amazonlinux-2016091-eu-central-1:
+ :image:
+ :aio: ami-af0fc0c0
+ :region: eu-central-1
+ # Red Hat Enterprise Linux 7.3 (HVM), SSD Volume Type
+ rhel-73-eu-central-1:
+ :image:
+ :aio: ami-e4c63e8b
+ :region: eu-central-1
+ # SUSE Linux Enterprise Server 12 SP2 (HVM), SSD Volume Type
+ sles-12sp2-eu-central-1:
+ :image:
+ :aio: ami-c425e4ab
+ :region: eu-central-1
+ # Ubuntu Server 16.04 LTS (HVM), SSD Volume Type
+ ubuntu-1604-eu-central-1:
+ :image:
+ :aio: ami-fe408091
+ :region: eu-central-1
+ # Microsoft Windows Server 2016 Base
+ windows-2016-base-eu-central-1:
+ :image:
+ :aio: ami-88ec20e7
+ :region: eu-central-1
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ rhel-73-x64:
+ roles:
+ - master
+ platform: el-7-x86_64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: rhel-73-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ sles-12sp2-x64:
+ roles:
+ - master
+ platform: sles-12-x86_64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: sles-12sp2-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ ubuntu-1604-x64:
+ roles:
+ - master
+ platform: ubuntu-16.04-amd64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: ubuntu-1604-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ubuntu
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# Additional ~/.fog config file with AWS EC2 credentials
+# required.
+#
+# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md
+#
+HOSTS:
+ windows-2016-base-x64:
+ roles:
+ - master
+ platform: windows-2016-64
+ hypervisor: ec2
+ # refers to image_tempaltes.yaml AMI[vmname] entry:
+ vmname: windows-2016-base-eu-central-1
+ # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]:
+ snapshot: aio
+ # t2.micro is free tier eligible (https://aws.amazon.com/en/free/):
+ amisize: t2.micro
+ # required so that beaker sanitizes sshd_config and root authorized_keys:
+ user: ec2-user
+CONFIG:
+ type: aio
+ :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+HOSTS:
+ fedora-25-x64:
+ roles:
+ - master
+ platform: fedora-25-x86_64
+ box: fedora/25-cloud-base
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+HOSTS:
+ fedora-26-x64:
+ roles:
+ - master
+ platform: fedora-26-x86_64
+ box: fedora/26-cloud-base
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# platform is fedora 26 because there is no puppet-agent
+# for fedora 27 as of 2017-11-17
+HOSTS:
+ fedora-27-x64:
+ roles:
+ - master
+ platform: fedora-26-x86_64
+ box: fedora/27-cloud-base
+ hypervisor: vagrant
+CONFIG:
+ type: aio
+...
+# vim: syntax=yaml
--- /dev/null
+HOSTS:
+ ubuntu-server-10044-x64:
+ roles:
+ - master
+ platform: ubuntu-10.04-amd64
+ box : ubuntu-server-10044-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: foss
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ ubuntu-server-1204-x64:
+ roles:
+ - master
+ platform: ubuntu-12.04-amd64
+ box: puppetlabs/ubuntu-12.04-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
--- /dev/null
+HOSTS:
+ ubuntu-server-12042-x64:
+ roles:
+ - master
+ platform: ubuntu-12.04-amd64
+ box : ubuntu-server-12042-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: foss
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ ubuntu-server-1404-x64:
+ roles:
+ - master
+ platform: ubuntu-14.04-amd64
+ box: puppetlabs/ubuntu-14.04-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
--- /dev/null
+---
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+HOSTS:
+ ubuntu-server-1604-x64:
+ roles:
+ - master
+ platform: ubuntu-16.04-amd64
+ box: puppetlabs/ubuntu-16.04-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ type: foss
+...
+# vim: syntax=yaml
--- /dev/null
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+#
+# use default_module_facts.yaml for module specific
+# facts.
+#
+# Hint if using with rspec-puppet-facts ("on_supported_os.each"):
+# if a same named fact exists in facterdb it will be overridden.
+---
+ipaddress: "172.16.254.254"
+is_pe: false
+macaddress: "AA:AA:AA:AA:AA:AA"
--- /dev/null
+--format
+s
+--colour
+--loadby
+mtime
+--backtrace
--- /dev/null
+# This file is managed via modulesync
+# https://github.com/voxpupuli/modulesync
+# https://github.com/voxpupuli/modulesync_config
+require 'puppetlabs_spec_helper/module_spec_helper'
+require 'rspec-puppet-facts'
+include RspecPuppetFacts
+
+if Dir.exist?(File.expand_path('../../lib', __FILE__))
+ require 'coveralls'
+ require 'simplecov'
+ require 'simplecov-console'
+ SimpleCov.formatters = [
+ SimpleCov::Formatter::HTMLFormatter,
+ SimpleCov::Formatter::Console
+ ]
+ SimpleCov.start do
+ track_files 'lib/**/*.rb'
+ add_filter '/spec'
+ add_filter '/vendor'
+ add_filter '/.vendor'
+ end
+end
+
+RSpec.configure do |c|
+ default_facts = {}
+ default_facts.merge!(YAML.load(File.read(File.expand_path('../default_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_facts.yml', __FILE__))
+ default_facts.merge!(YAML.load(File.read(File.expand_path('../default_module_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_module_facts.yml', __FILE__))
+ c.default_facts = default_facts
+
+ # Coverage generation
+ c.after(:suite) do
+ RSpec::Puppet::Coverage.report!
+ end
+end
--- /dev/null
+require 'spec_helper'
+require 'rspec/mocks'
+
+provider_class = Puppet::Type.type(:posix_acl).provider(:posixacl)
+
+describe provider_class do
+ it 'declares a getfacl command' do
+ expect do
+ provider_class.command :getfacl
+ end.not_to raise_error
+ end
+ it 'declares a setfacl command' do
+ expect do
+ provider_class.command :setfacl
+ end.not_to raise_error
+ end
+ it 'encodes spaces in group names' do
+ RSpec::Mocks.with_temporary_scope do
+ Puppet::Type.stubs(:getfacl).returns("group:test group:rwx\n")
+ File.stubs(:exist?).returns(true)
+ expect do
+ provider_class.command :permission
+ end == ['group:test\040group:rwx']
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+# rubocop:disable RSpec/MultipleExpectations
+acl_type = Puppet::Type.type(:posix_acl)
+
+describe acl_type do
+ context 'when not setting parameters' do
+ it 'fails without permissions' do
+ expect do
+ acl_type.new name: '/tmp/foo'
+ end.to raise_error
+ end
+ end
+ context 'when setting parameters' do
+ it 'works with a correct permission parameter' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['user:root:rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:permission]).to eq(['user:root:rwx'])
+ end
+ it 'converts a permission string to an array' do
+ resource = acl_type.new name: '/tmp/foo', permission: 'user:root:rwx'
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:permission]).to eq(['user:root:rwx'])
+ end
+ it 'converts the u: shorcut to user:' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['u:root:rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:permission]).to eq(['user:root:rwx'])
+ end
+ it 'converts the g: shorcut to group:' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['g:root:rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:permission]).to eq(['group:root:rwx'])
+ end
+ it 'converts the m: shorcut to mask:' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['m::rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:permission]).to eq(['mask::rwx'])
+ end
+ it 'converts the o: shorcut to other:' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:permission]).to eq(['other::rwx'])
+ end
+ it 'has the "set" action by default' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:action]).to eq(:set)
+ end
+ it 'accepts an action "set"' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :set
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:action]).to eq(:set)
+ end
+ it 'accepts an action "purge"' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :purge
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:action]).to eq(:purge)
+ end
+ it 'accepts an action "unset"' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :unset
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:action]).to eq(:unset)
+ end
+ it 'accepts an action "exact"' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :exact
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:action]).to eq(:exact)
+ end
+ it 'has path as namevar' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:path]).to eq(resource[:name])
+ end
+ it 'accepts a path parameter' do
+ resource = acl_type.new path: '/tmp/foo', permission: ['o::rwx'], action: :exact
+ expect(resource[:path]).to eq('/tmp/foo')
+ expect(resource[:name]).to eq(resource[:path])
+ end
+ it 'is not recursive by default' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:recursive]).to eq(:false)
+ end
+ it 'accepts a recursive "true"' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursive: true
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:recursive]).to eq(:true)
+ end
+ it 'accepts a recurse "false"' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursive: false
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:recursive]).to eq(:false)
+ end
+ it 'gets recursemode lazy by default' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx']
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:recursemode]).to eq(:lazy)
+ end
+ it 'accepts a recursemode deep' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursemode: 'deep'
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:recursemode]).to eq(:deep)
+ end
+ it 'accepts a recursemode lazy' do
+ resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursemode: :lazy
+ expect(resource[:name]).to eq('/tmp/foo')
+ expect(resource[:recursemode]).to eq(:lazy)
+ end
+ it 'fails with a wrong action' do
+ expect do
+ acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :xset
+ end.to raise_error
+ end
+ it 'fails with a wrong recurselimit' do
+ expect do
+ acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recurselimit: :a
+ end.to raise_error
+ end
+ it 'fails with a wrong first argument' do
+ expect do
+ acl_type.new name: '/tmp/foo', permission: ['wrong::rwx']
+ end.to raise_error
+ end
+ it 'fails with a wrong last argument' do
+ expect do
+ acl_type.new name: '/tmp/foo', permission: ['user::-_-']
+ end.to raise_error
+ end
+ end
+
+ context 'when removing default parameters' do
+ basic_perms = ['user:foo:rwx', 'group:foo:rwx']
+ advanced_perms = ['user:foo:rwx', 'group:foo:rwx', 'default:user:foo:---']
+ advanced_perms_results = ['user:foo:rwx', 'group:foo:rwx']
+ mysql_perms = [
+ 'user:mysql:rwx',
+ 'd:user:mysql:rw',
+ 'mask::rwx'
+ ]
+ mysql_perms_results = [
+ 'user:mysql:rwx',
+ 'mask::rwx'
+ ]
+ it 'does not do anything with no defaults' do
+ expect(acl_type.pick_default_perms(basic_perms)).to match_array(basic_perms)
+ end
+ it 'removes defaults' do
+ expect(acl_type.pick_default_perms(advanced_perms)).to match_array(advanced_perms_results)
+ end
+ it 'removes defaults with d:' do
+ expect(acl_type.pick_default_perms(mysql_perms)).to match_array(mysql_perms_results)
+ end
+ end
+end
+# rubocop:enable RSpec/MultipleExpectations
projects / mirror / dsa-puppet.git / commitdiff