[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, master, updated. debian/0.24.6-1-356-g5718585

James Turnbull james at lovedthanlost.net
Fri Jan 23 14:21:55 UTC 2009


The following commit has been merged in the master branch:
commit 0f2fc88a392fd0c28a914d6914f447ecce51701c
Author: Nigel Kersten <nigelk at google.com>
Date:   Thu Dec 4 17:26:06 2008 -0800

    Finished work on rules creation and deletion

diff --git a/lib/puppet/provider/macauthorization/macauthorization.rb b/lib/puppet/provider/macauthorization/macauthorization.rb
index 8d20f08..40051ba 100644
--- a/lib/puppet/provider/macauthorization/macauthorization.rb
+++ b/lib/puppet/provider/macauthorization/macauthorization.rb
@@ -16,24 +16,14 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
     @rights = {}
     @rules = {}
     @parsed_auth_db = {}
-    @comment = ""
+    @comment = ""  # Not implemented yet. Is there any real need to?
     
+    # This map exists due to the use of hyphens and reserved words in
+    # the authorization schema.
     PuppetToNativeAttributeMap = {  :allow_root => "allow-root",
                                     :authenticate_user => "authenticate-user",                                    
-                                    :authclass => "class",
+                                    :auth_class => "class",
                                     :k_of_n => "k-of-n",
-                                    # :comment => "comment",
-                                    # :group => "group,"
-                                    # :shared => "shared",
-                                    # :mechanisms => "mechanisms"
-                                    }
-                              
-    NativeToPuppetAttributeMap = {  "allow-root" => :allow_root,
-                                    "authenticate-user" => :authenticate_user,
-                                    # "class" => :authclass,
-                                    # "comment" => :comment,
-                                    # "shared" => :shared,
-                                    # "mechanisms" => :mechanisms, 
                                     }
 
     mk_resource_methods
@@ -42,27 +32,24 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
         attr_accessor :parsed_auth_db
         attr_accessor :rights
         attr_accessor :rules
-        attr_accessor :comments
+        attr_accessor :comments  # Not implemented yet. Is there any real need to?
     end
     
     def self.prefetch(resources)
-        Puppet.notice("self.prefetch.")
         self.populate_rules_rights
     end
     
     def self.instances
-        Puppet.notice("self.instances")
         self.populate_rules_rights
         self.parsed_auth_db.collect do |k,v|
-            new(:name => k)  # doesn't seem to matter if I fill them in?
+            new(:name => k)
         end
     end
     
     def self.populate_rules_rights
-        Puppet.notice("self.populate_rules_rights")
-        auth_plist = Plist::parse_xml("/etc/authorization")
+        auth_plist = Plist::parse_xml(AuthorizationDB)
         if not auth_plist
-            Puppet.notice("This should be an error nigel")
+            raise Puppet::Error.new("Unable to parse authorization db at #{AuthorizationDB}")
         end
         self.rights = auth_plist["rights"].dup
         self.rules = auth_plist["rules"].dup
@@ -71,21 +58,72 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
     end
     
     def initialize(resource)
-        Puppet.notice "initialize"
-        self.class.populate_rules_rights
+        if self.class.parsed_auth_db.nil?
+            self.class.prefetch
+        end
         super
     end
     
-    def flush
+    
+    def create
+        # we just fill the @property_hash in here and let the flush method deal with it
+        new_values = {}
+        Puppet::Type.type(resource.class.name).validproperties.each do |property|
+            next if property == :ensure
+            if value = resource.should(property) and value != ""
+                new_values[property] = value
+            end
+        end
+        @property_hash = new_values.dup
+    end
+
+    def destroy
+        # We explicitly delete here rather than in the flush method.
         case resource[:auth_type]
         when :right
-            flush_right
+            destroy_right
         when :rule
-            flush_rule
+            destroy_rule
+        else
+            raise Puppet::Error("You must specify the auth_type when removing macauthorization resources.")
+        end
+    end
+    
+    def destroy_right
+        security :authorizationdb, :remove, resource[:name]
+    end
+    
+    def destroy_rule
+        authdb = Plist::parse_xml(AuthorizationDB)
+        authdb_rules = authdb["rules"].dup
+        if authdb_rules[resource[:name]]
+            authdb["rules"].delete(resource[:name])
+            Plist::Emit.save_plist(authdb, AuthorizationDB)
+        end
+    end
+    
+    def exists?
+        if self.class.parsed_auth_db.has_key?(resource[:name])
+            # return :present
+            return true
         else
-            raise Puppet::Error("flushing something that isn't a right or a rule.")
+            return false
+        end
+    end
+    
+    
+    def flush
+        if resource[:ensure] != :absent  # deletion happens in the destroy methods
+            case resource[:auth_type]
+            when :right
+                flush_right
+            when :rule
+                flush_rule
+            else
+                raise Puppet::Error.new("flushing something that isn't a right or a rule.")
+            end
+            @property_hash.clear
         end
-        @property_hash.clear # huh? do I have to? 
     end
     
     def flush_right
@@ -95,85 +133,83 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
         cmds = [] << :security << "authorizationdb" << "read" << resource[:name]
         output = execute(cmds, :combine => false)
         current_values = Plist::parse_xml(output)
+        if current_values.nil?
+            current_values = {}
+        end
         specified_values = convert_plist_to_native_attributes(@property_hash)
 
         # take the current values, merge the specified values to obtain a complete
         # description of the new values.
         new_values = current_values.merge(specified_values)
-        Puppet.notice "new values: #{new_values}"
-        
-        # the security binary only allows for writes using stdin, so we dump this
-        # to a tempfile.
+        set_right(resource[:name], new_values)
+    end
+    
+    def flush_rule
+        authdb = Plist::parse_xml(AuthorizationDB)
+        authdb_rules = authdb["rules"].dup
+        current_values = {}
+        if authdb_rules[resource[:name]]
+            current_values = authdb_rules[resource[:name]]
+        end
+        specified_values = convert_plist_to_native_attributes(@property_hash)
+        new_values = current_values.merge(specified_values)
+        set_rule(resource[:name], new_values)
+    end
+    
+    def set_right(name, values)
+        # Both creates and modifies rights as it simply overwrites them.
+        # The security binary only allows for writes using stdin, so we
+        # dump the values to a tempfile.
+        values = convert_plist_to_native_attributes(values)
         tmp = Tempfile.new('puppet_macauthorization')
         begin
-            tmp.flush
-            Plist::Emit.save_plist(new_values, tmp.path)
             # tmp.flush
-            cmds = [] << :security << "authorizationdb" << "write" << resource[:name]
-            output = execute(cmds, :stdinfile => tmp.path.to_s)
+            Plist::Emit.save_plist(values, tmp.path)
+            # tmp.flush
+            cmds = [] << :security << "authorizationdb" << "write" << name
+            output = execute(cmds, :combine => false, :stdinfile => tmp.path.to_s)
         ensure
             tmp.close
             tmp.unlink
         end
     end
     
-    def flush_rule
-        # unfortunately the security binary doesn't support modifying rules at all
+    def set_rule(name, values)
+        # Both creates and modifies rules as it overwrites the entry in the rules
+        # dictionary.
+        # Unfortunately the security binary doesn't support modifying rules at all
         # so we have to twiddle the whole plist... :( See Apple Bug #6386000
+        values = convert_plist_to_native_attributes(values)
         authdb = Plist::parse_xml(AuthorizationDB)
-        authdb_rules = authdb["rules"].dup
-        current_values = []
-        if authdb_rules[resource[:name]]
-            current_values = authdb_rules[resource[:name]]
-        end
-        specified_values = convert_plist_to_native_attributes(@property_hash)
-        new_values = current_values.merge(specified_values)
-        authdb["rules"][resource[:name]] = new_values
+        authdb["rules"][name] = values
+
         begin
             Plist::Emit.save_plist(authdb, AuthorizationDB)
-        rescue # what do I rescue here? TODO
-            raise Puppet::Error.new("couldn't write to authorizationdb")
+        rescue
+            raise Puppet::Error.new("Couldn't write to authorization db at #{AuthorizationDB}")
         end
     end
     
-    # This mainly converts the keys from the puppet attributes to the 'native'
-    # ones, but also enforces that the keys are all Strings rather than Symbols
-    # so that any merges of the resultant Hash are sane.
     def convert_plist_to_native_attributes(propertylist)
+        # This mainly converts the keys from the puppet attributes to the 'native'
+        # ones, but also enforces that the keys are all Strings rather than Symbols
+        # so that any merges of the resultant Hash are sane.
+        newplist = {}
         propertylist.each_pair do |key, value|
-            new_key = nil
+            next if key == :ensure
+            next if key == :auth_type
+            new_key = key
             if PuppetToNativeAttributeMap.has_key?(key)
                 new_key = PuppetToNativeAttributeMap[key].to_s
             elsif not key.is_a?(String)
                 new_key = key.to_s
             end
-            if not new_key.nil?
-                propertylist.delete(key)
-                propertylist[new_key] = value
-            end
-        end
-        propertylist
-    end
-    
-    def create
-        Puppet.notice "creating #{resource[:name]}"
-        return :true
-    end
-
-    def destroy
-        Puppet.notice "destroying #{resource[:name]}"
-    end
-
-    def exists?
-        if self.class.parsed_auth_db.has_key?(resource[:name])
-            :true
-        else
-            :false
+            newplist[new_key] = value
         end
+        newplist
     end
     
     def retrieve_value(resource_name, attribute)
-        # Puppet.notice "retrieve #{attribute} from #{resource_name}"
         
         if not self.class.parsed_auth_db.has_key?(resource_name)
             raise Puppet::Error.new("Unable to find resource #{resource_name} in authorization db.")
@@ -184,7 +220,7 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
         else
             native_attribute = attribute.to_s
         end
-        
+
         if self.class.parsed_auth_db[resource_name].has_key?(native_attribute)
             value = self.class.parsed_auth_db[resource_name][native_attribute]
             case value
@@ -193,6 +229,7 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
             when false, "false", :false
                 value = :false
             end
+
             @property_hash[attribute] = value
             return value
         else
@@ -218,7 +255,7 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
     end
         
     def auth_class
-        retrieve_value(resource[:name], :authclass)
+        retrieve_value(resource[:name], :auth_class)
     end
     
     def auth_class=(value)
@@ -270,24 +307,27 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe
     end
     
     def shared=(value)
-        Puppet.notice "setting shared to: #{value} of kind #{value.class}"
         @property_hash[:shared] = value
     end
     
     def auth_type
-        if self.class.rights.has_key?(resource[:name])
-            return :right
-        elsif self.class.rules.has_key?(resource[:name])
-            return :rule
+        if resource.should(:auth_type) != nil
+            return resource.should(:auth_type)
+        elsif self.exists?
+            # this is here just for ralsh, so it can work out what type it is.
+            if self.class.rights.has_key?(resource[:name])
+                return :right
+            elsif self.class.rules.has_key?(resource[:name])
+                return :rule
+            else
+                raise Puppet::Error.new("Unable to determine if macauthorization type: #{resource[:name]} is a right or a rule.")
+            end
         else
-            Puppet.notice "self.class.rights.keys #{self.class.rights.keys}"
-            Puppet.notice "self.class.rules.keys #{self.class.rules.keys}"            
-            raise Puppet::Error.new("wtf mate?")
+            raise Puppet::Error.new("You must specify the auth_type for new macauthorization resources.")
         end
     end
     
     def auth_type=(value)
-        Puppet.notice "set auth_type="
         @property_hash[:auth_type] = value
     end
     
diff --git a/lib/puppet/type/macauthorization.rb b/lib/puppet/type/macauthorization.rb
index 5e05d22..0fae8ab 100644
--- a/lib/puppet/type/macauthorization.rb
+++ b/lib/puppet/type/macauthorization.rb
@@ -58,8 +58,8 @@ Puppet::Type.newtype(:macauthorization) do
     newproperty(:auth_class) do
         desc "Corresponds to 'class' in the authorization store. class is
         a reserved word in Puppet syntax, so we use 'authclass'."
-        newvalue(:user)
-        newvalue(:'evaluate-mechanisms')
+        # newvalue(:user)
+        # newvalue(:'evaluate-mechanisms')
     end
     
     newproperty(:comment) do
@@ -74,7 +74,7 @@ Puppet::Type.newtype(:macauthorization) do
         desc "k-of-n. odd."
     end
     
-    newproperty(:mechanisms, :array_match => :all) do
+    newproperty(:mechanisms, :array_matching => :all) do
         desc "mechanisms"
     end
     

-- 
Puppet packaging for Debian



More information about the Pkg-puppet-devel mailing list