From: gustavo panizzo Date: Thu, 13 Jun 2019 07:36:05 +0000 (+0800) Subject: Add the posix_acl module X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=97927d5ad35af3af48b7a2d2f105aaf1802a8fcd;p=mirror%2Fdsa-puppet.git Add the posix_acl module --- diff --git a/3rdparty/Puppetfile b/3rdparty/Puppetfile index be0916c3f..0d751cbf9 100644 --- a/3rdparty/Puppetfile +++ b/3rdparty/Puppetfile @@ -16,6 +16,7 @@ mod 'puppetlabs/certregen', '0.2.0' mod 'mayflower-prosody', git: 'https://github.com/mayflower/puppet-prosody.git', ref: '863bb4ee0cd3369ad69a211042b4c5f7d66f4444' +mod 'puppet-posix_acl', '0.1.1' # OpenStack mod 'duritong/sysctl', '0.0.11' diff --git a/3rdparty/modules/posix_acl/CHANGELOG.md b/3rdparty/modules/posix_acl/CHANGELOG.md new file mode 100644 index 000000000..b95dc9c6a --- /dev/null +++ b/3rdparty/modules/posix_acl/CHANGELOG.md @@ -0,0 +1,87 @@ +# Changelog + +All notable changes to this project will be documented in this file. +Each new release typically also includes the latest modulesync defaults. +These should not affect the functionality of the module. + +## [v0.1.1](https://github.com/voxpupuli/puppet-posix_acl/tree/v0.1.1) (2018-10-14) + +[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/v0.1.0...v0.1.1) + +**Merged pull requests:** + +- modulesync 2.2.0 and allow puppet 6.x [\#53](https://github.com/voxpupuli/puppet-posix_acl/pull/53) ([bastelfreak](https://github.com/bastelfreak)) + +## [v0.1.0](https://github.com/voxpupuli/puppet-posix_acl/tree/v0.1.0) (2018-07-16) + +[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/0.0.5...v0.1.0) + +**Implemented enhancements:** + +- Move to Vox Pupuli [\#29](https://github.com/voxpupuli/puppet-posix_acl/issues/29) + +**Merged pull requests:** + +- Remove docker nodesets [\#47](https://github.com/voxpupuli/puppet-posix_acl/pull/47) ([bastelfreak](https://github.com/bastelfreak)) +- drop EOL OSs; fix puppet version range [\#46](https://github.com/voxpupuli/puppet-posix_acl/pull/46) ([bastelfreak](https://github.com/bastelfreak)) +- Rubocop: Fix Style/PredicateName [\#42](https://github.com/voxpupuli/puppet-posix_acl/pull/42) ([alexjfisher](https://github.com/alexjfisher)) +- Rubocop: Fix Style/GuardClause [\#41](https://github.com/voxpupuli/puppet-posix_acl/pull/41) ([alexjfisher](https://github.com/alexjfisher)) +- Rubocop: Fix Lint/UselessAssignment [\#40](https://github.com/voxpupuli/puppet-posix_acl/pull/40) ([alexjfisher](https://github.com/alexjfisher)) +- Rubocop auto fixes [\#39](https://github.com/voxpupuli/puppet-posix_acl/pull/39) ([alexjfisher](https://github.com/alexjfisher)) +- Fix metadata and add LICENSE file [\#36](https://github.com/voxpupuli/puppet-posix_acl/pull/36) ([alexjfisher](https://github.com/alexjfisher)) +- remove ruby 1.9.3 support [\#35](https://github.com/voxpupuli/puppet-posix_acl/pull/35) ([dobbymoodge](https://github.com/dobbymoodge)) + +## [0.0.5](https://github.com/voxpupuli/puppet-posix_acl/tree/0.0.5) (2017-12-12) + +[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/0.0.4...0.0.5) + +## [0.0.4](https://github.com/voxpupuli/puppet-posix_acl/tree/0.0.4) (2017-12-12) + +[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/0.0.3...0.0.4) + +**Fixed bugs:** + +- module name conflict [\#26](https://github.com/voxpupuli/puppet-posix_acl/issues/26) + +**Closed issues:** + +- Race condition with non existing file and recursemode =\> deep [\#22](https://github.com/voxpupuli/puppet-posix_acl/issues/22) +- Publish to the forge [\#21](https://github.com/voxpupuli/puppet-posix_acl/issues/21) + +**Merged pull requests:** + +- Time to deprecate Ruby 1.8.7 support [\#31](https://github.com/voxpupuli/puppet-posix_acl/pull/31) ([dobbymoodge](https://github.com/dobbymoodge)) +- Fixes ACL's with spaces [\#30](https://github.com/voxpupuli/puppet-posix_acl/pull/30) ([i1tech](https://github.com/i1tech)) +- fix another Ruby error when the file doesn't exist yet [\#28](https://github.com/voxpupuli/puppet-posix_acl/pull/28) ([tequeter](https://github.com/tequeter)) +- use inspect instead of join to stringify arrays [\#27](https://github.com/voxpupuli/puppet-posix_acl/pull/27) ([tequeter](https://github.com/tequeter)) +- Do not downcase acl group/user names when checking for insync?. [\#25](https://github.com/voxpupuli/puppet-posix_acl/pull/25) ([tdevelioglu](https://github.com/tdevelioglu)) +- Check if a path exists before calling getfacl [\#23](https://github.com/voxpupuli/puppet-posix_acl/pull/23) ([roidelapluie](https://github.com/roidelapluie)) + +## [0.0.3](https://github.com/voxpupuli/puppet-posix_acl/tree/0.0.3) (2016-01-13) + +[Full Changelog](https://github.com/voxpupuli/puppet-posix_acl/compare/650e19723054c74baa662d3f1589398550524b33...0.0.3) + +**Closed issues:** + +- Accept short acls. [\#4](https://github.com/voxpupuli/puppet-posix_acl/issues/4) + +**Merged pull requests:** + +- Switch from Modulefile to metadata.json [\#20](https://github.com/voxpupuli/puppet-posix_acl/pull/20) ([roidelapluie](https://github.com/roidelapluie)) +- Fix defaults: behaviour [\#19](https://github.com/voxpupuli/puppet-posix_acl/pull/19) ([roidelapluie](https://github.com/roidelapluie)) +- Add autorequire on parent ACL [\#18](https://github.com/voxpupuli/puppet-posix_acl/pull/18) ([roidelapluie](https://github.com/roidelapluie)) +- Fix ruby 1.8.7 quirks [\#17](https://github.com/voxpupuli/puppet-posix_acl/pull/17) ([dobbymoodge](https://github.com/dobbymoodge)) +- Better support for 'deep' recursive acls [\#15](https://github.com/voxpupuli/puppet-posix_acl/pull/15) ([roidelapluie](https://github.com/roidelapluie)) +- Adds space around operators in ternary expressions [\#14](https://github.com/voxpupuli/puppet-posix_acl/pull/14) ([dobbymoodge](https://github.com/dobbymoodge)) +- Add recursemode parameter to apply ACLs recursively [\#13](https://github.com/voxpupuli/puppet-posix_acl/pull/13) ([dobbymoodge](https://github.com/dobbymoodge)) +- Add the Puppetlabs Skeleton for testing [\#11](https://github.com/voxpupuli/puppet-posix_acl/pull/11) ([roidelapluie](https://github.com/roidelapluie)) +- Drop duplicate ACL's. [\#10](https://github.com/voxpupuli/puppet-posix_acl/pull/10) ([kevincox](https://github.com/kevincox)) +- Update sync [\#7](https://github.com/voxpupuli/puppet-posix_acl/pull/7) ([mwoodson](https://github.com/mwoodson)) +- Normalize ACL's. [\#5](https://github.com/voxpupuli/puppet-posix_acl/pull/5) ([kevincox](https://github.com/kevincox)) +- Make posixacl the default for the redhat family [\#3](https://github.com/voxpupuli/puppet-posix_acl/pull/3) ([nhemingway](https://github.com/nhemingway)) +- Add a acl::requirements class [\#2](https://github.com/voxpupuli/puppet-posix_acl/pull/2) ([duritong](https://github.com/duritong)) +- Fix typo and make Modulefile validate by puppet module tool [\#1](https://github.com/voxpupuli/puppet-posix_acl/pull/1) ([carlossg](https://github.com/carlossg)) + + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/3rdparty/modules/posix_acl/CONTRIBUTING.md b/3rdparty/modules/posix_acl/CONTRIBUTING.md new file mode 100644 index 000000000..bfeaa701c --- /dev/null +++ b/3rdparty/modules/posix_acl/CONTRIBUTING.md @@ -0,0 +1,220 @@ +Checklist (and a short version for the impatient) +================================================= + + * Commits: + + - Make commits of logical units. + + - Check for unnecessary whitespace with "git diff --check" before + committing. + + - Commit using Unix line endings (check the settings around "crlf" in + git-config(1)). + + - Do not check in commented out code or unneeded files. + + - The first line of the commit message should be a short + description (50 characters is the soft limit, excluding ticket + number(s)), and should skip the full stop. + + - Associate the issue in the message. The first line should include + the issue number in the form "(#XXXX) Rest of message". + + - The body should provide a meaningful commit message, which: + + - uses the imperative, present tense: "change", not "changed" or + "changes". + + - includes motivation for the change, and contrasts its + implementation with the previous behavior. + + - Make sure that you have tests for the bug you are fixing, or + feature you are adding. + + - Make sure the test suites passes after your commit: + `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below + + - When introducing a new feature, make sure it is properly + documented in the README.md + + * Submission: + + * Pre-requisites: + + - Make sure you have a [GitHub account](https://github.com/join) + + - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. + + * Preferred method: + + - Fork the repository on GitHub. + + - Push your changes to a topic branch in your fork of the + repository. (the format ticket/1234-short_description_of_change is + usually preferred for this project). + + - Submit a pull request to the repository in the puppetlabs + organization. + +The long version +================ + + 1. Make separate commits for logically separate changes. + + Please break your commits down into logically consistent units + which include new or changed tests relevant to the rest of the + change. The goal of doing this is to make the diff easier to + read for whoever is reviewing your code. In general, the easier + your diff is to read, the more likely someone will be happy to + review it and get it into the code base. + + If you are going to refactor a piece of code, please do so as a + separate commit from your feature or bug fix changes. + + We also really appreciate changes that include tests to make + sure the bug is not re-introduced, and that the feature is not + accidentally broken. + + Describe the technical detail of the change(s). If your + description starts to get too long, that is a good sign that you + probably need to split up your commit into more finely grained + pieces. + + Commits which plainly describe the things which help + reviewers check the patch and future developers understand the + code are much more likely to be merged in with a minimum of + bike-shedding or requested changes. Ideally, the commit message + would include information, and be in a form suitable for + inclusion in the release notes for the version of Puppet that + includes them. + + Please also check that you are not introducing any trailing + whitespace or other "whitespace errors". You can do this by + running "git diff --check" on your changes before you commit. + + 2. Sending your patches + + To submit your changes via a GitHub pull request, we _highly_ + recommend that you have them on a topic branch, instead of + directly on "master". + It makes things much easier to keep track of, especially if + you decide to work on another thing before your first change + is merged in. + + GitHub has some pretty good + [general documentation](http://help.github.com/) on using + their site. They also have documentation on + [creating pull requests](http://help.github.com/send-pull-requests/). + + In general, after pushing your topic branch up to your + repository on GitHub, you can switch to the branch in the + GitHub UI and click "Pull Request" towards the top of the page + in order to open a pull request. + + + 3. Update the related GitHub issue. + + If there is a GitHub issue associated with the change you + submitted, then you should update the ticket to include the + location of your branch, along with any other commentary you + may wish to make. + +Testing +======= + +Getting Started +--------------- + +Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby +package manager such as [bundler](http://bundler.io/) what Ruby packages, +or Gems, are required to build, develop, and test this software. + +Please make sure you have [bundler installed](http://bundler.io/#getting-started) +on your system, then use it to install all dependencies needed for this project, +by running + +```shell +% bundle install +Fetching gem metadata from https://rubygems.org/........ +Fetching gem metadata from https://rubygems.org/.. +Using rake (10.1.0) +Using builder (3.2.2) +-- 8><-- many more --><8 -- +Using rspec-system-puppet (2.2.0) +Using serverspec (0.6.3) +Using rspec-system-serverspec (1.0.0) +Using bundler (1.3.5) +Your bundle is complete! +Use `bundle show [gemname]` to see where a bundled gem is installed. +``` + +NOTE some systems may require you to run this command with sudo. + +If you already have those gems installed, make sure they are up-to-date: + +```shell +% bundle update +``` + +With all dependencies in place and up-to-date we can now run the tests: + +```shell +% bundle exec rake spec +``` + +This will execute all the [rspec tests](http://rspec-puppet.com/) tests +under [spec/defines](./spec/defines), [spec/classes](./spec/classes), +and so on. rspec tests may have the same kind of dependencies as the +module they are testing. While the module defines in its [Modulefile](./Modulefile), +rspec tests define them in [.fixtures.yml](./fixtures.yml). + +Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) +tests. These tests spin up a virtual machine under +[VirtualBox](https://www.virtualbox.org/)) with, controlling it with +[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test +scenarios. In order to run these, you will need both of those tools +installed on your system. + +You can run them by issuing the following command + +```shell +% bundle exec rake spec_clean +% bundle exec rspec spec/acceptance +``` + +This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), +install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) +and then run all the tests under [spec/acceptance](./spec/acceptance). + +Writing Tests +------------- + +XXX getting started writing tests. + +If you have commit access to the repository +=========================================== + +Even if you have commit access to the repository, you will still need to +go through the process above, and have someone else review and merge +in your changes. The rule is that all changes must be reviewed by a +developer on the project (that did not write the code) to ensure that +all changes go through a code review process. + +Having someone other than the author of the topic branch recorded as +performing the merge is the record that they performed the code +review. + + +Additional Resources +==================== + +* [Getting additional help](http://puppetlabs.com/community/get-help) + +* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) + +* [Patchwork](https://patchwork.puppetlabs.com) + +* [General GitHub documentation](http://help.github.com/) + +* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) + diff --git a/3rdparty/modules/posix_acl/Gemfile b/3rdparty/modules/posix_acl/Gemfile new file mode 100644 index 000000000..7ed69d4e5 --- /dev/null +++ b/3rdparty/modules/posix_acl/Gemfile @@ -0,0 +1,82 @@ +source ENV['GEM_SOURCE'] || "https://rubygems.org" + +def location_for(place, fake_version = nil) + if place =~ /^(git[:@][^#]*)#(.*)/ + [fake_version, { :git => $1, :branch => $2, :require => false }].compact + elsif place =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [place, { :require => false }] + end +end + +group :test do + gem 'puppetlabs_spec_helper', '>= 2.11.0', :require => false + gem 'rspec-puppet-facts', '>= 1.8.0', :require => false + gem 'rspec-puppet-utils', :require => false + gem 'puppet-lint-leading_zero-check', :require => false + gem 'puppet-lint-trailing_comma-check', :require => false + gem 'puppet-lint-version_comparison-check', :require => false + gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false + gem 'puppet-lint-unquoted_string-check', :require => false + gem 'puppet-lint-variable_contains_upcase', :require => false + gem 'metadata-json-lint', :require => false + gem 'redcarpet', :require => false + gem 'rubocop', '~> 0.49.1', :require => false if RUBY_VERSION >= '2.3.0' + gem 'rubocop-rspec', '~> 1.15.0', :require => false if RUBY_VERSION >= '2.3.0' + gem 'mocha', '~> 1.4.0', :require => false + gem 'coveralls', :require => false + gem 'simplecov-console', :require => false + gem 'rack', '~> 1.0', :require => false if RUBY_VERSION < '2.2.2' + gem 'parallel_tests', :require => false +end + +group :development do + gem 'travis', :require => false + gem 'travis-lint', :require => false + gem 'guard-rake', :require => false + gem 'overcommit', '>= 0.39.1', :require => false +end + +group :system_tests do + gem 'winrm', :require => false + if beaker_version = ENV['BEAKER_VERSION'] + gem 'beaker', *location_for(beaker_version) + else + gem 'beaker', '>= 3.9.0', :require => false + end + if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] + gem 'beaker-rspec', *location_for(beaker_rspec_version) + else + gem 'beaker-rspec', :require => false + end + gem 'serverspec', :require => false + gem 'beaker-hostgenerator', '>= 1.1.10', :require => false + gem 'beaker-docker', :require => false + gem 'beaker-puppet', :require => false + gem 'beaker-puppet_install_helper', :require => false + gem 'beaker-module_install_helper', :require => false + gem 'rbnacl', '>= 4', :require => false if RUBY_VERSION >= '2.2.6' + gem 'rbnacl-libsodium', :require => false if RUBY_VERSION >= '2.2.6' + gem 'bcrypt_pbkdf', :require => false +end + +group :release do + gem 'github_changelog_generator', :require => false, :git => 'https://github.com/github-changelog-generator/github-changelog-generator' if RUBY_VERSION >= '2.2.2' + gem 'puppet-blacksmith', :require => false + gem 'voxpupuli-release', :require => false, :git => 'https://github.com/voxpupuli/voxpupuli-release-gem' + gem 'puppet-strings', '>= 1.0', :require => false +end + + + +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion.to_s, :require => false, :groups => [:test] +else + gem 'facter', :require => false, :groups => [:test] +end + +ENV['PUPPET_VERSION'].nil? ? puppetversion = '~> 5.0' : puppetversion = ENV['PUPPET_VERSION'].to_s +gem 'puppet', puppetversion, :require => false, :groups => [:test] + +# vim: syntax=ruby diff --git a/3rdparty/modules/posix_acl/LICENSE b/3rdparty/modules/posix_acl/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/3rdparty/modules/posix_acl/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/3rdparty/modules/posix_acl/README.org b/3rdparty/modules/posix_acl/README.org new file mode 100644 index 000000000..de4826326 --- /dev/null +++ b/3rdparty/modules/posix_acl/README.org @@ -0,0 +1,174 @@ +#+TITLE: Acl module for Puppet + +* Description +This plugin module provides a way to set POSIX 1.e (and other standards) file ACLs via Puppet. + +* Usage: + - the =posix_acl= resource =title= is used as the path specifier. + - ACLs are specified in the =permission= property as an array of strings in the same format as is used for =setfacl=. + - the =action= parameter can be one of =set=, =exact=, =unset= or =purge=. These are described in detail below. + - the =provider= parameter allows a choice of filesystem ACL provider. Currently only POSIX 1.e is implemented. + - the =recursive= parameter allows you to apply the ACLs to all files under the specified path. + + : posix_acl { "/var/log/httpd": + : action => set, + : permission => [ + : "user::rwx", + : "group::---", + : "mask::r-x", + : "other::---", + : "group:logview:r-x", + : "default:user::rwx", + : "default:group::---", + : "default:mask::rwx", + : "default:other::---", + : "default:group:logview:r-x", + : ], + : provider => posixacl, + : require => [ + : Group["logview"], + : Package["httpd"], + : Mount["/var"], + : ], + : recursive => false, + : } + +** Using action => set: +The =set= option for the =action= parameter allows you to specify a minimal set of ACLs which will be guaranteed by Puppet. ACLs applied to the path which do not match those specified in the =permission= property will remain unchanged. +*** Initial permissions: + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + : mask::rwx + : group:webadmin:r-x + : group:httpadmin:rwx +*** Specified acls: + : permission => [ + : 'user::rwx', + : 'group::r-x', + : 'other::r-x', + : 'mask::rwx', + : 'group:webadmin:rwx', + : 'user:apache:rwx', + : ], +*** Updated permissions: + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + : mask::rwx + : user:apache:rwx + : group:webadmin:rwx + : group:httpadmin:rwx +** Using action => exact: +The =exact= option for the =action= parameter will specify the exact set of ACLs guaranteed and enforced by Puppet. ACLs applied to the path which do not match those specified in the =permission= property will be removed. +*** Initial permissions: + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + : mask::rwx + : group:webadmin:r-x + : group:httpadmin:rwx +*** Specified acls: + : permission => [ + : 'user::rwx', + : 'group::r-x', + : 'other::r-x', + : 'mask::rwx', + : 'group:webadmin:r--', + : 'user:apache:rwx', + : ], +*** Updated permissions: + - group:httpadmin permission is removed + - user:apache permission is added + - group:webadmin permission is updated + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + : mask::rwx + : group:webadmin:r-- + : user:apache:rwx +** Using action => unset: +The =unset= option for the =action= parameter will specify the set of ACLs guaranteed by Puppet to NOT be applied to the path. ACLs applied to the path which match those specified in the =permission= property will be removed. ACLs applied to the path which do not match those specified in the =permission= property will remain unchanged. +*** Initial permissions: + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + : mask::rwx + : group:webadmin:r-x + : group:httpadmin:rwx +*** Specified acls: + : permission => [ + : 'user::rwx', + : 'group::r-x', + : 'other::r-x', + : 'mask::rwx', + : 'group:webadmin:r--', + : 'user:apache:rwx', + : ], +*** Updated permissions: + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + : mask::rwx + : group:httpadmin:rwx +** Using action => purge: +The =purge= option for the =action= parameter will cause Puppet to remove any file ACLs applied to the path. + +NOTE: Although the =permission= property is unused for this action, it needs to have a valid ACL value for the action to work. This is a known issue. +*** Initial permissions: + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + : mask::rwx + : group:webadmin:r-x + : group:httpadmin:rwx +*** Specified acls: +See above + : permission => [ + : 'user::rwx', + : 'group::r-x', + : 'other::r-x', + : 'mask::rwx', + : 'group:webadmin:r--', + : 'user:apache:rwx', + : ], +*** Updated permissions: + - All file ACLs are removed + : # file /var/www/site1 + : user::rwx + : group::r-x + : other::r-x + +* Notes: +** Conflicts with "file" resource type: +If the path being modified is managed via the =File= resource type, the path's mode bits must match the value specified in the =permission= property of the ACL +** Mask check: +The ACL setter doesn't recalculate the rights mask based on the user/group ACLs specified, so it is possible to specify ACLs on a file for which a more restrictive set of rights is enforced, known as "effective rights". For example, with these =permission= parameters on a file =test=: + : permission => [ + : 'user::rw-', + : 'group::---', + : 'mask::r--', + : 'other::---', + : 'user:apache:rwx', + : 'group:root:r-x', + : 'group:admin:rwx', + : ], + +The output of =getfacl test= reveals a more restrictive set of effective rights, which might not be what was expected: + : # file: test + : # owner: root + : # group: root + : user::rw- + : group::--- + : other::--- + : mask::r-- + : user:apache:rwx #effective:r-- + : group:root:r-x #effective:r-- + : group:admin:rwx #effective:r-- diff --git a/3rdparty/modules/posix_acl/Rakefile b/3rdparty/modules/posix_acl/Rakefile new file mode 100644 index 000000000..279580ac6 --- /dev/null +++ b/3rdparty/modules/posix_acl/Rakefile @@ -0,0 +1,92 @@ +require 'puppetlabs_spec_helper/rake_tasks' + +# load optional tasks for releases +# only available if gem group releases is installed +begin + require 'puppet_blacksmith/rake_tasks' + require 'voxpupuli/release/rake_tasks' + require 'puppet-strings/tasks' +rescue LoadError +end + +PuppetLint.configuration.log_format = '%{path}:%{line}:%{check}:%{KIND}:%{message}' +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.send('relative') +PuppetLint.configuration.send('disable_140chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') + +exclude_paths = %w( + pkg/**/* + vendor/**/* + .vendor/**/* + spec/**/* +) +PuppetLint.configuration.ignore_paths = exclude_paths +PuppetSyntax.exclude_paths = exclude_paths + +desc 'Auto-correct puppet-lint offenses' +task 'lint:auto_correct' do + PuppetLint.configuration.fix = true + Rake::Task[:lint].invoke +end + +desc 'Run acceptance tests' +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end + +desc 'Run tests metadata_lint, release_checks' +task test: [ + :metadata_lint, + :release_checks, +] + +desc "Run main 'test' task and report merged results to coveralls" +task test_with_coveralls: [:test] do + if Dir.exist?(File.expand_path('../lib', __FILE__)) + require 'coveralls/rake/task' + Coveralls::RakeTask.new + Rake::Task['coveralls:push'].invoke + else + puts 'Skipping reporting to coveralls. Module has no lib dir' + end +end + +desc "Print supported beaker sets" +task 'beaker_sets', [:directory] do |t, args| + directory = args[:directory] + + metadata = JSON.load(File.read('metadata.json')) + + (metadata['operatingsystem_support'] || []).each do |os| + (os['operatingsystemrelease'] || []).each do |release| + if directory + beaker_set = "#{directory}/#{os['operatingsystem'].downcase}-#{release}" + else + beaker_set = "#{os['operatingsystem'].downcase}-#{release}-x64" + end + + filename = "spec/acceptance/nodesets/#{beaker_set}.yml" + + puts beaker_set if File.exists? filename + end + end +end + +begin + require 'github_changelog_generator/task' + GitHubChangelogGenerator::RakeTask.new :changelog do |config| + version = (Blacksmith::Modulefile.new).version + config.future_release = "v#{version}" if version =~ /^\d+\.\d+.\d+$/ + config.header = "# Changelog\n\nAll notable changes to this project will be documented in this file.\nEach new release typically also includes the latest modulesync defaults.\nThese should not affect the functionality of the module." + config.exclude_labels = %w{duplicate question invalid wontfix wont-fix modulesync skip-changelog} + config.user = 'voxpupuli' + metadata_json = File.join(File.dirname(__FILE__), 'metadata.json') + metadata = JSON.load(File.read(metadata_json)) + config.project = metadata['name'] + end +rescue LoadError +end +# vim: syntax=ruby diff --git a/3rdparty/modules/posix_acl/checksums.json b/3rdparty/modules/posix_acl/checksums.json new file mode 100644 index 000000000..14780a684 --- /dev/null +++ b/3rdparty/modules/posix_acl/checksums.json @@ -0,0 +1,42 @@ +{ + "CHANGELOG.md": "a9773633c6662eb81dc1746eab49dc25", + "CONTRIBUTING.md": "ad65d271f183b5adb9fdd58207939f5f", + "Gemfile": "cdd43fe4fc5ef35ddc132407551180b2", + "LICENSE": "3b83ef96387f14655fc854ddc3c6bd57", + "README.org": "64db9bd628c28fe105bc2be006b5fd17", + "Rakefile": "3c6f218e7e63e1a6e24251f365423e49", + "lib/puppet/provider/posix_acl/genericacl.rb": "4f0869eb98de0f3c8d1d7bd57d27ba96", + "lib/puppet/provider/posix_acl/posixacl.rb": "de6392553292e752fee9426e83a33e66", + "lib/puppet/type/posix_acl.rb": "2d5efc0bf8039f81eb28745b561dd1f6", + "manifests/requirements.pp": "899a1e79ead355c8f98aad3520e80d39", + "metadata.json": "4f219497dd99654406b0c37e31f8d31f", + "spec/acceptance/nodesets/archlinux-2-x64.yml": "daafcfcb4c8c8766856f52cec6ae5e86", + "spec/acceptance/nodesets/centos-511-x64.yml": "ca8258bc835dd985a1754689d124cd66", + "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151", + "spec/acceptance/nodesets/centos-6-x64.yml": "58065782a8d40780d9728257a23504cd", + "spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b", + "spec/acceptance/nodesets/centos-65-x64.yml": "3e5c36e6aa5a690229e720f4048bb8af", + "spec/acceptance/nodesets/centos-66-x64-pe.yml": "e68e03dc562bf58f7c5bba54a1a34619", + "spec/acceptance/nodesets/centos-7-x64.yml": "68d3556f670b8ac0a169a8270ff8c37a", + "spec/acceptance/nodesets/debian-78-x64.yml": "56af2760a64c13a0bccd59404435939c", + "spec/acceptance/nodesets/debian-82-x64.yml": "26f2f696e6073549fe0a844f9a46f85b", + "spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml": "b3dc2d81918fcc6d56855c88ba5b7ce8", + "spec/acceptance/nodesets/ec2/image_templates.yaml": "516f9c4c3407993a100090ce9e1a643c", + "spec/acceptance/nodesets/ec2/rhel-73-x64.yml": "e74670a1cb8eea32afc879a5d786f9bd", + "spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml": "2506efcc9fb420132edc37bf88d6e21d", + "spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml": "87efd97ff1b073c3448f429a8ffc5a7c", + "spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml": "e9db4dd16c60c52b433694130c2583a0", + "spec/acceptance/nodesets/fedora-25-x64.yml": "807fbf45f95fc7bc2af8c689d34e4160", + "spec/acceptance/nodesets/fedora-26-x64.yml": "e7ee1e18590548ff098192c2127c6697", + "spec/acceptance/nodesets/fedora-27-x64.yml": "326a10c4eb327ccd85775dfa0f76e5c1", + "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297", + "spec/acceptance/nodesets/ubuntu-server-1204-x64.yml": "0dd7639bf95bfb18169ebba9a2bac163", + "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269", + "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "7455367b784060b921360b29a56cd74c", + "spec/acceptance/nodesets/ubuntu-server-1604-x64.yml": "37673118cc3bf052755d65fb5dd90226", + "spec/default_facts.yml": "11504073ebebb30015eb85ff9805f2d9", + "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c", + "spec/spec_helper.rb": "2e78c273353985a5b95d70b47019a344", + "spec/unit/puppet/provider/posixacl_spec.rb": "9715390fbd16bd566ea0784a1739facc", + "spec/unit/puppet/type/acl_spec.rb": "e349f44546d03614e01bbc08a943778c" +} \ No newline at end of file diff --git a/3rdparty/modules/posix_acl/lib/puppet/provider/posix_acl/genericacl.rb b/3rdparty/modules/posix_acl/lib/puppet/provider/posix_acl/genericacl.rb new file mode 100644 index 000000000..3acf1a566 --- /dev/null +++ b/3rdparty/modules/posix_acl/lib/puppet/provider/posix_acl/genericacl.rb @@ -0,0 +1,2 @@ +Puppet::Type.type(:posix_acl).provide(:genericacl, parent: Puppet::Provider) do +end diff --git a/3rdparty/modules/posix_acl/lib/puppet/provider/posix_acl/posixacl.rb b/3rdparty/modules/posix_acl/lib/puppet/provider/posix_acl/posixacl.rb new file mode 100644 index 000000000..a534db529 --- /dev/null +++ b/3rdparty/modules/posix_acl/lib/puppet/provider/posix_acl/posixacl.rb @@ -0,0 +1,109 @@ +Puppet::Type.type(:posix_acl).provide(:posixacl, parent: Puppet::Provider) do + desc 'Provide posix 1e acl functions using posix getfacl/setfacl commands' + + commands setfacl: '/usr/bin/setfacl' + commands getfacl: '/usr/bin/getfacl' + + confine feature: :posix + defaultfor operatingsystem: [:debian, :ubuntu, :redhat, :centos, :fedora, :sles] + + def exists? + permission + end + + def unset_perm(perm, path) + # Don't try to unset mode bits, it doesn't make sense! + return if perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):} + + perm = perm.split(':')[0..-2].join(':') + if check_recursive + setfacl('-R', '-n', '-x', perm, path) + else + setfacl('-n', '-x', perm, path) + end + end + + def set_perm(perm, path) + if check_recursive + setfacl('-R', '-n', '-m', perm, path) + else + setfacl('-n', '-m', perm, path) + end + end + + def unset + @resource.value(:permission).each do |perm| + unset_perm(perm, @resource.value(:path)) + end + end + + def purge + if check_recursive + setfacl('-R', '-b', @resource.value(:path)) + else + setfacl('-b', @resource.value(:path)) + end + end + + def permission + return [] unless File.exist?(@resource.value(:path)) + value = [] + # String#lines would be nice, but we need to support Ruby 1.8.5 + getfacl('--absolute-names', '--no-effective', @resource.value(:path)).split("\n").each do |line| + # Strip comments and blank lines + value << line.gsub('\040', ' ') if line !~ %r{^#} && line != '' + end + value.sort + end + + def check_recursive + # Changed functionality to return boolean true or false + @resource.value(:recursive) == :true && resource.value(:recursemode) == :lazy + end + + def check_exact + @resource.value(:action) == :exact + end + + def check_unset + @resource.value(:action) == :unset + end + + def check_purge + @resource.value(:action) == :purge + end + + def check_set + @resource.value(:action) == :set + end + + def permission=(_value) # TODO: Investigate why we're not using this parameter + Puppet.debug @resource.value(:action) + case @resource.value(:action) + when :unset + unset + when :purge + purge + when :exact, :set + cur_perm = permission + perm_to_set = @resource.value(:permission) - cur_perm + perm_to_unset = cur_perm - @resource.value(:permission) + return false if perm_to_set.empty? && perm_to_unset.empty? + # Take supplied perms literally, unset any existing perms which + # are absent from ACLs given + if check_exact + perm_to_unset.each do |perm| + # Skip base perms in unset step + if perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):} + Puppet.debug "skipping unset of base perm: #{perm}" + else + unset_perm(perm, @resource.value(:path)) + end + end + end + perm_to_set.each do |perm| + set_perm(perm, @resource.value(:path)) + end + end + end +end diff --git a/3rdparty/modules/posix_acl/lib/puppet/type/posix_acl.rb b/3rdparty/modules/posix_acl/lib/puppet/type/posix_acl.rb new file mode 100644 index 000000000..1405f268c --- /dev/null +++ b/3rdparty/modules/posix_acl/lib/puppet/type/posix_acl.rb @@ -0,0 +1,279 @@ +require 'set' +require 'pathname' + +Puppet::Type.newtype(:posix_acl) do + desc <<-EOT + Ensures that a set of ACL permissions are applied to a given file + or directory. + + Example: + + posix_acl { '/var/www/html': + action => exact, + permission => [ + 'user::rwx', + 'group::r-x', + 'mask::rwx', + 'other::r--', + 'default:user::rwx', + 'default:user:www-data:r-x', + 'default:group::r-x', + 'default:mask::rwx', + 'default:other::r--', + ], + provider => posixacl, + recursive => true, + } + + In this example, Puppet will ensure that the user and group + permissions are set recursively on /var/www/html as well as add + default permissions that will apply to new directories and files + created under /var/www/html + + Setting an ACL can change a file's mode bits, so if the file is + managed by a File resource, that resource needs to set the mode + bits according to what the calculated mode bits will be, for + example, the File resource for the ACL above should be: + + file { '/var/www/html': + mode => 754, + } + EOT + + newparam(:action) do + desc 'What do we do with this list of ACLs? Options are set, unset, exact, and purge' + newvalues(:set, :unset, :exact, :purge) + defaultto :set + end + + newparam(:path) do + desc 'The file or directory to which the ACL applies.' + isnamevar + validate do |value| + path = Pathname.new(value) + unless path.absolute? + raise ArgumentError, "Path must be absolute: #{path}" + end + end + end + + newparam(:recursemode) do + desc "Should Puppet apply the ACL recursively with the -R option or + apply it to individual files? + + lazy means -R option + deep means apply to every file" + + newvalues(:lazy, :deep) + defaultto :lazy + end + + # Credits to @itdoesntwork + # http://stackoverflow.com/questions/26878341/how-do-i-tell-if-one-path-is-an-ancestor-of-another + def self.descendant?(a, b) + a_list = File.expand_path(a).split('/') + b_list = File.expand_path(b).split('/') + + b_list[0..a_list.size - 1] == a_list && b_list != a_list + end + + # Snippet based on upstream Puppet (ASL 2.0) + [:posix_acl, :file].each do |autorequire_type| + autorequire(autorequire_type) do + req = [] + path = Pathname.new(self[:path]) + # rubocop:disable Style/MultilineBlockChain + if autorequire_type != :posix_acl + if self[:recursive] == :true + catalog.resources.select do |r| + r.is_a?(Puppet::Type.type(autorequire_type)) && self.class.descendant?(self[:path], r[:path]) + end.each do |found| + req << found[:path] + end + end + req << self[:path] + end + unless path.root? + # Start at our parent, to avoid autorequiring ourself + parents = path.parent.enum_for(:ascend) + # should this be = or == ? I don't know + if found = parents.find { |p| catalog.resource(autorequire_type, p.to_s) } # rubocop:disable Lint/AssignmentInCondition + req << found.to_s + end + end + req + end + # rubocop:enable Style/MultilineBlockChain + end + # End of Snippet + + autorequire(:package) do + ['acl'] + end + + newproperty(:permission, array_matching: :all) do + desc 'ACL permission(s).' + + def is_to_s(value) # rubocop:disable Style/PredicateName + if value == :absent || value.include?(:absent) + super + else + value.sort.inspect + end + end + + def should_to_s(value) + if value == :absent || value.include?(:absent) + super + else + value.sort.inspect + end + end + + def retrieve + provider.permission + end + + # Remove permission bits from an ACL line, eg: + # 'user:root:rwx' becomes 'user:root:' + def strip_perms(pl) + Puppet.debug 'permission.strip_perms' + value = [] + pl.each do |perm| + unless perm =~ %r{^(((u(ser)?)|(g(roup)?)|(m(ask)?)|(o(ther)?)):):} + perm = perm.split(':', -1)[0..-2].join(':') + value << perm + end + end + value.sort + end + + # in unset_insync and set_insync the test_should has been added as a work around + # to prevent puppet-posix_acl from interpreting recursive permission notation (e.g. rwX) + # from causing a false mismatch. A better solution needs to be implemented to + # recursively check permissions, not rely upon getfacl + def unset_insync(cur_perm) + # Puppet.debug "permission.unset_insync" + test_should = [] + @should.each { |x| test_should << x.downcase } + cp = strip_perms(cur_perm) + sp = strip_perms(test_should) + (sp - cp).sort == sp + end + + def set_insync(cur_perm) # rubocop:disable Style/AccessorMethodName + should = @should.uniq.sort + (cur_perm.sort == should) || (provider.check_set && (should - cur_perm).empty?) + end + + def purge_insync(cur_perm) + # Puppet.debug "permission.purge_insync" + cur_perm.each do |perm| + # If anything other than the mode bits are set, we're not in sync + return false unless perm =~ %r{^(((u(ser)?)|(g(roup)?)|(o(ther)?)):):} + end + true + end + + def insync?(is) + Puppet.debug "permission.insync? is: #{is.inspect} @should: #{@should.inspect}" + return purge_insync(is) if provider.check_purge + return unset_insync(is) if provider.check_unset + set_insync(is) + end + + # Munge into normalised form + munge do |acl| + r = '' + a = acl.split ':', -1 # -1 keeps trailing empty fields. + raise ArgumentError, "Too few fields. At least 3 required, got #{a.length}." if a.length < 3 + raise ArgumentError, "Too many fields. At most 4 allowed, got #{a.length}." if a.length > 4 + if a.length == 4 + d = a.shift + raise ArgumentError, %(First field of 4 must be "d" or "default", got "#{d}".) unless %w[d default].include?(d) + r << 'default:' + end + t = a.shift # Copy the type. + r << case t + when 'u', 'user' + 'user:' + when 'g', 'group' + 'group:' + when 'o', 'other' + 'other:' + when 'm', 'mask' + 'mask:' + else + raise ArgumentError, %(Unknown type "#{t}", expected "user", "group", "other" or "mask".) + end + r << "#{a.shift}:" # Copy the "who". + p = a.shift + if p =~ %r{[0-7]} + p = p.oct + r << (p | 4 ? 'r' : '-') + r << (p | 2 ? 'w' : '-') + r << (p | 1 ? 'x' : '-') + else + # Not the most efficient but checks for multiple and invalid chars. + s = p.tr '-', '' + r << (s.sub!('r', '') ? 'r' : '-') + r << (s.sub!('w', '') ? 'w' : '-') + r << (s.sub!('x', '') ? 'x' : '-') + raise ArgumentError, %(Invalid permission set "#{p}".) unless s.empty? + end + r + end + end + + newparam(:recursive) do + desc 'Apply ACLs recursively.' + newvalues(:true, :false) + defaultto :false + end + + def self.pick_default_perms(acl) + acl.reject { |a| a.split(':', -1).length == 4 } + end + + def newchild(path) + options = @original_parameters.merge(name: path).reject { |_param, value| value.nil? } + unless File.directory?(options[:name]) + options[:permission] = self.class.pick_default_perms(options[:permission]) if options.include?(:permission) + end + [:recursive, :recursemode, :path].each do |param| + options.delete(param) if options.include?(param) + end + self.class.new(options) + end + + def generate + return [] unless self[:recursive] == :true && self[:recursemode] == :deep + results = [] + paths = Set.new + if File.directory?(self[:path]) + Dir.chdir(self[:path]) do + Dir['**/*'].each do |path| + paths << ::File.join(self[:path], path) + end + end + end + # At the time we generate extra resources, all the files might now be present yet. + # In prediction to that we also create ACL resources for child file resources that + # might not have been applied yet. + catalog.resources.select do |r| + r.is_a?(Puppet::Type.type(:file)) && self.class.descendant?(self[:path], r[:path]) + end.each do |found| # rubocop:disable Style/MultilineBlockChain + paths << found[:path] + end + paths.each do |path| + results << newchild(path) + end + results + end + + validate do + unless self[:permission] + raise(Puppet::Error, 'permission is a required property.') + end + end +end diff --git a/3rdparty/modules/posix_acl/manifests/requirements.pp b/3rdparty/modules/posix_acl/manifests/requirements.pp new file mode 100644 index 000000000..b4ad25e97 --- /dev/null +++ b/3rdparty/modules/posix_acl/manifests/requirements.pp @@ -0,0 +1,5 @@ +class posix_acl::requirements { + package { 'acl': + ensure => 'present', + } +} diff --git a/3rdparty/modules/posix_acl/metadata.json b/3rdparty/modules/posix_acl/metadata.json new file mode 100644 index 000000000..6998bdeba --- /dev/null +++ b/3rdparty/modules/posix_acl/metadata.json @@ -0,0 +1,47 @@ +{ + "name": "puppet-posix_acl", + "version": "0.1.1", + "author": "Vox Pupuli", + "summary": "Puppet ACL Module", + "license": "Apache-2.0", + "source": "https://github.com/voxpupuli/puppet-posix_acl.git", + "project_page": "https://github.com/voxpupuli/puppet-posix_acl", + "issues_url": "https://github.com/voxpupuli/puppet-posix_acl/issues", + "dependencies": [ + + ], + "data_provider": null, + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "7" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 4.10.0 < 7.0.0" + } + ], + "description": "Manages posix 1e ACLs on files, provides base classes so additional ACL standards can be supported." +} diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/archlinux-2-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/archlinux-2-x64.yml new file mode 100644 index 000000000..89b63003f --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/archlinux-2-x64.yml @@ -0,0 +1,13 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + archlinux-2-x64: + roles: + - master + platform: archlinux-2-x64 + box: archlinux/archlinux + hypervisor: vagrant +CONFIG: + type: foss diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-511-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-511-x64.yml new file mode 100644 index 000000000..089d646a5 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-511-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-511-x64: + roles: + - master + platform: el-5-x86_64 + box: puppetlabs/centos-5.11-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-59-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-59-x64.yml new file mode 100644 index 000000000..2ad90b86a --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-59-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-59-x64: + roles: + - master + platform: el-5-x86_64 + box : centos-59-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: git diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-6-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-6-x64.yml new file mode 100644 index 000000000..16abc8f1c --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-6-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-6-x64: + roles: + - master + platform: el-6-x86_64 + box: centos/6 + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-64-x64-pe.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-64-x64-pe.yml new file mode 100644 index 000000000..7d9242f1b --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-64-x64-pe.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-64-x64: + roles: + - master + - database + - dashboard + platform: el-6-x86_64 + box : centos-64-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: pe diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-65-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-65-x64.yml new file mode 100644 index 000000000..4e2cb809e --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-65-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-65-x64: + roles: + - master + platform: el-6-x86_64 + box : centos-65-x64-vbox436-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + type: foss diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-66-x64-pe.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-66-x64-pe.yml new file mode 100644 index 000000000..1e7aea6d4 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-66-x64-pe.yml @@ -0,0 +1,17 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-66-x64: + roles: + - master + - database + - dashboard + platform: el-6-x86_64 + box: puppetlabs/centos-6.6-64-puppet-enterprise + hypervisor: vagrant +CONFIG: + type: pe +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-7-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-7-x64.yml new file mode 100644 index 000000000..e05a3ae16 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/centos-7-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-7-x64: + roles: + - master + platform: el-7-x86_64 + box: centos/7 + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/debian-78-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/debian-78-x64.yml new file mode 100644 index 000000000..6ef6de8c8 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/debian-78-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + debian-78-x64: + roles: + - master + platform: debian-7-amd64 + box: puppetlabs/debian-7.8-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/debian-82-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/debian-82-x64.yml new file mode 100644 index 000000000..9897a8fc7 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/debian-82-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + debian-82-x64: + roles: + - master + platform: debian-8-amd64 + box: puppetlabs/debian-8.2-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml new file mode 100644 index 000000000..19dd43ed7 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml @@ -0,0 +1,31 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +# Amazon Linux is not a RHEL clone. +# +HOSTS: + amazonlinux-2016091-x64: + roles: + - master + platform: centos-6-x86_64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: amazonlinux-2016091-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/image_templates.yaml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/image_templates.yaml new file mode 100644 index 000000000..e50593ee0 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/image_templates.yaml @@ -0,0 +1,34 @@ +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# see also: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +# Hint: image IDs (ami-*) for the same image are different per location. +# +AMI: + # Amazon Linux AMI 2016.09.1 (HVM), SSD Volume Type + amazonlinux-2016091-eu-central-1: + :image: + :aio: ami-af0fc0c0 + :region: eu-central-1 + # Red Hat Enterprise Linux 7.3 (HVM), SSD Volume Type + rhel-73-eu-central-1: + :image: + :aio: ami-e4c63e8b + :region: eu-central-1 + # SUSE Linux Enterprise Server 12 SP2 (HVM), SSD Volume Type + sles-12sp2-eu-central-1: + :image: + :aio: ami-c425e4ab + :region: eu-central-1 + # Ubuntu Server 16.04 LTS (HVM), SSD Volume Type + ubuntu-1604-eu-central-1: + :image: + :aio: ami-fe408091 + :region: eu-central-1 + # Microsoft Windows Server 2016 Base + windows-2016-base-eu-central-1: + :image: + :aio: ami-88ec20e7 + :region: eu-central-1 diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/rhel-73-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/rhel-73-x64.yml new file mode 100644 index 000000000..7fac8236a --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/rhel-73-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + rhel-73-x64: + roles: + - master + platform: el-7-x86_64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: rhel-73-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml new file mode 100644 index 000000000..8542154df --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + sles-12sp2-x64: + roles: + - master + platform: sles-12-x86_64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: sles-12sp2-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml new file mode 100644 index 000000000..9cf59d59e --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + ubuntu-1604-x64: + roles: + - master + platform: ubuntu-16.04-amd64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: ubuntu-1604-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ubuntu +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml new file mode 100644 index 000000000..0932e29c8 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + windows-2016-base-x64: + roles: + - master + platform: windows-2016-64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: windows-2016-base-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-25-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-25-x64.yml new file mode 100644 index 000000000..54dd33054 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-25-x64.yml @@ -0,0 +1,16 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +HOSTS: + fedora-25-x64: + roles: + - master + platform: fedora-25-x86_64 + box: fedora/25-cloud-base + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-26-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-26-x64.yml new file mode 100644 index 000000000..598822b0e --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-26-x64.yml @@ -0,0 +1,16 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +HOSTS: + fedora-26-x64: + roles: + - master + platform: fedora-26-x86_64 + box: fedora/26-cloud-base + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-27-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-27-x64.yml new file mode 100644 index 000000000..c2b61ebbf --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/fedora-27-x64.yml @@ -0,0 +1,18 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# platform is fedora 26 because there is no puppet-agent +# for fedora 27 as of 2017-11-17 +HOSTS: + fedora-27-x64: + roles: + - master + platform: fedora-26-x86_64 + box: fedora/27-cloud-base + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml new file mode 100644 index 000000000..5ca1514e4 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + ubuntu-server-10044-x64: + roles: + - master + platform: ubuntu-10.04-amd64 + box : ubuntu-server-10044-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: foss diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml new file mode 100644 index 000000000..29102c565 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + ubuntu-server-1204-x64: + roles: + - master + platform: ubuntu-12.04-amd64 + box: puppetlabs/ubuntu-12.04-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml new file mode 100644 index 000000000..d065b304f --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + ubuntu-server-12042-x64: + roles: + - master + platform: ubuntu-12.04-amd64 + box : ubuntu-server-12042-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: foss diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 000000000..054e65880 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + ubuntu-server-1404-x64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml new file mode 100644 index 000000000..bc85e0e84 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + ubuntu-server-1604-x64: + roles: + - master + platform: ubuntu-16.04-amd64 + box: puppetlabs/ubuntu-16.04-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/3rdparty/modules/posix_acl/spec/default_facts.yml b/3rdparty/modules/posix_acl/spec/default_facts.yml new file mode 100644 index 000000000..2f6698d5b --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/default_facts.yml @@ -0,0 +1,13 @@ +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# use default_module_facts.yaml for module specific +# facts. +# +# Hint if using with rspec-puppet-facts ("on_supported_os.each"): +# if a same named fact exists in facterdb it will be overridden. +--- +ipaddress: "172.16.254.254" +is_pe: false +macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/3rdparty/modules/posix_acl/spec/spec.opts b/3rdparty/modules/posix_acl/spec/spec.opts new file mode 100644 index 000000000..91cd6427e --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/spec.opts @@ -0,0 +1,6 @@ +--format +s +--colour +--loadby +mtime +--backtrace diff --git a/3rdparty/modules/posix_acl/spec/spec_helper.rb b/3rdparty/modules/posix_acl/spec/spec_helper.rb new file mode 100644 index 000000000..88bca595c --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/spec_helper.rb @@ -0,0 +1,34 @@ +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-puppet-facts' +include RspecPuppetFacts + +if Dir.exist?(File.expand_path('../../lib', __FILE__)) + require 'coveralls' + require 'simplecov' + require 'simplecov-console' + SimpleCov.formatters = [ + SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::Console + ] + SimpleCov.start do + track_files 'lib/**/*.rb' + add_filter '/spec' + add_filter '/vendor' + add_filter '/.vendor' + end +end + +RSpec.configure do |c| + default_facts = {} + default_facts.merge!(YAML.load(File.read(File.expand_path('../default_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_facts.yml', __FILE__)) + default_facts.merge!(YAML.load(File.read(File.expand_path('../default_module_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_module_facts.yml', __FILE__)) + c.default_facts = default_facts + + # Coverage generation + c.after(:suite) do + RSpec::Puppet::Coverage.report! + end +end diff --git a/3rdparty/modules/posix_acl/spec/unit/puppet/provider/posixacl_spec.rb b/3rdparty/modules/posix_acl/spec/unit/puppet/provider/posixacl_spec.rb new file mode 100644 index 000000000..b05712697 --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/unit/puppet/provider/posixacl_spec.rb @@ -0,0 +1,26 @@ +require 'spec_helper' +require 'rspec/mocks' + +provider_class = Puppet::Type.type(:posix_acl).provider(:posixacl) + +describe provider_class do + it 'declares a getfacl command' do + expect do + provider_class.command :getfacl + end.not_to raise_error + end + it 'declares a setfacl command' do + expect do + provider_class.command :setfacl + end.not_to raise_error + end + it 'encodes spaces in group names' do + RSpec::Mocks.with_temporary_scope do + Puppet::Type.stubs(:getfacl).returns("group:test group:rwx\n") + File.stubs(:exist?).returns(true) + expect do + provider_class.command :permission + end == ['group:test\040group:rwx'] + end + end +end diff --git a/3rdparty/modules/posix_acl/spec/unit/puppet/type/acl_spec.rb b/3rdparty/modules/posix_acl/spec/unit/puppet/type/acl_spec.rb new file mode 100644 index 000000000..aa62a427b --- /dev/null +++ b/3rdparty/modules/posix_acl/spec/unit/puppet/type/acl_spec.rb @@ -0,0 +1,156 @@ +require 'spec_helper' + +# rubocop:disable RSpec/MultipleExpectations +acl_type = Puppet::Type.type(:posix_acl) + +describe acl_type do + context 'when not setting parameters' do + it 'fails without permissions' do + expect do + acl_type.new name: '/tmp/foo' + end.to raise_error + end + end + context 'when setting parameters' do + it 'works with a correct permission parameter' do + resource = acl_type.new name: '/tmp/foo', permission: ['user:root:rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:permission]).to eq(['user:root:rwx']) + end + it 'converts a permission string to an array' do + resource = acl_type.new name: '/tmp/foo', permission: 'user:root:rwx' + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:permission]).to eq(['user:root:rwx']) + end + it 'converts the u: shorcut to user:' do + resource = acl_type.new name: '/tmp/foo', permission: ['u:root:rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:permission]).to eq(['user:root:rwx']) + end + it 'converts the g: shorcut to group:' do + resource = acl_type.new name: '/tmp/foo', permission: ['g:root:rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:permission]).to eq(['group:root:rwx']) + end + it 'converts the m: shorcut to mask:' do + resource = acl_type.new name: '/tmp/foo', permission: ['m::rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:permission]).to eq(['mask::rwx']) + end + it 'converts the o: shorcut to other:' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:permission]).to eq(['other::rwx']) + end + it 'has the "set" action by default' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:action]).to eq(:set) + end + it 'accepts an action "set"' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :set + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:action]).to eq(:set) + end + it 'accepts an action "purge"' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :purge + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:action]).to eq(:purge) + end + it 'accepts an action "unset"' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :unset + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:action]).to eq(:unset) + end + it 'accepts an action "exact"' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :exact + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:action]).to eq(:exact) + end + it 'has path as namevar' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:path]).to eq(resource[:name]) + end + it 'accepts a path parameter' do + resource = acl_type.new path: '/tmp/foo', permission: ['o::rwx'], action: :exact + expect(resource[:path]).to eq('/tmp/foo') + expect(resource[:name]).to eq(resource[:path]) + end + it 'is not recursive by default' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:recursive]).to eq(:false) + end + it 'accepts a recursive "true"' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursive: true + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:recursive]).to eq(:true) + end + it 'accepts a recurse "false"' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursive: false + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:recursive]).to eq(:false) + end + it 'gets recursemode lazy by default' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'] + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:recursemode]).to eq(:lazy) + end + it 'accepts a recursemode deep' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursemode: 'deep' + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:recursemode]).to eq(:deep) + end + it 'accepts a recursemode lazy' do + resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recursemode: :lazy + expect(resource[:name]).to eq('/tmp/foo') + expect(resource[:recursemode]).to eq(:lazy) + end + it 'fails with a wrong action' do + expect do + acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :xset + end.to raise_error + end + it 'fails with a wrong recurselimit' do + expect do + acl_type.new name: '/tmp/foo', permission: ['o::rwx'], recurselimit: :a + end.to raise_error + end + it 'fails with a wrong first argument' do + expect do + acl_type.new name: '/tmp/foo', permission: ['wrong::rwx'] + end.to raise_error + end + it 'fails with a wrong last argument' do + expect do + acl_type.new name: '/tmp/foo', permission: ['user::-_-'] + end.to raise_error + end + end + + context 'when removing default parameters' do + basic_perms = ['user:foo:rwx', 'group:foo:rwx'] + advanced_perms = ['user:foo:rwx', 'group:foo:rwx', 'default:user:foo:---'] + advanced_perms_results = ['user:foo:rwx', 'group:foo:rwx'] + mysql_perms = [ + 'user:mysql:rwx', + 'd:user:mysql:rw', + 'mask::rwx' + ] + mysql_perms_results = [ + 'user:mysql:rwx', + 'mask::rwx' + ] + it 'does not do anything with no defaults' do + expect(acl_type.pick_default_perms(basic_perms)).to match_array(basic_perms) + end + it 'removes defaults' do + expect(acl_type.pick_default_perms(advanced_perms)).to match_array(advanced_perms_results) + end + it 'removes defaults with d:' do + expect(acl_type.pick_default_perms(mysql_perms)).to match_array(mysql_perms_results) + end + end +end +# rubocop:enable RSpec/MultipleExpectations