Class: Puppet::Type::Acl::Ace

Inherits:

Hash

• Object
• Hash
• Puppet::Type::Acl::Ace

Defined in:

lib/puppet/type/acl/ace.rb

Overview

Ace is an Access Control Entry for use with the Access Control List (ACL) type. ACEs contain information about the trustee, the rights, and on some systems how they are inherited and propagated to subtypes.

Instance Attribute Summary

• #affects ⇒ Object

  Returns the value of attribute affects.

• #child_types ⇒ Object

  Returns the value of attribute child_types.

• #identity ⇒ Object

  Returns the value of attribute identity.

• #is_inherited ⇒ Object readonly

  Returns the value of attribute is_inherited.

• #mask ⇒ Object

  Returns the value of attribute mask.

• #perm_type ⇒ Object

  Returns the value of attribute perm_type.

• #rights ⇒ Object

  Returns the value of attribute rights.

Instance Method Summary

• #==(other) ⇒ Boolean (also: #eql?)

  This ensures we are looking at the same ace with the same rights.

• #[](key) ⇒ Object

  Returns value of specified key in instance fields hash.

• #convert_from_symbols(symbols) ⇒ Array

  Converts an array of symbols into strings.

• #convert_to_symbol(value) ⇒ Symbol

  Converts a value into a symbol.

• #convert_to_symbols(values) ⇒ Array

  Converts an array of values to symbols.

• #encode_with(coder) ⇒ Object

  added to support Ruby 2.3 which serializes Hashes differently when writing YAML than previous Ruby versions, which can break the last run report or corrective changes reports due to attempts to serialize the attached provider.

• #ensure_mask_when_mask_specific ⇒ Object

  Ensures that ‘mask` is set to `value` when `rights` is set to `mask_specific`.

• #ensure_none_or_self_only_sync ⇒ Object

  Ensures valid usage of ‘child_types` and `affects`.

• #ensure_rights_order ⇒ Object

  Returns ‘rights` sorted in reverse order.

• #ensure_rights_values_compatible ⇒ Object

  Ensures the values of ‘rights` are valid An error is raised if a condition is invalid.

• #ensure_unique_values(values) ⇒ Array

  Checks that a supplied array of values are unique.

• #get_comparison_ids(other = nil) ⇒ Array

  Used as part of the ‘same?` method to determine if the current ACE is the same as a supplied ACE.

• #hash ⇒ Hash

  Returns hash of instance’s fields.

• #id ⇒ Object

  Retrieves value of ‘id`.

• #id=(value) ⇒ Object

  Sets value of ‘id`.

• #inherited? ⇒ Boolean

  Returns value of is_inherited.

• #initialize(permission_hash, provider = nil) ⇒ Ace constructor

  A new instance of Ace.

• #inspect ⇒ String (also: #to_s)

  Returns string representation of instance’s fields.

• #keys ⇒ Object

  The following methods: keys, values, [](key) make ‘puppet resource acl somelocation` believe that this is actually a Hash and can pull the values from this object.

• #same?(other) ⇒ Boolean

  This ensures we are looking at the same ace even if the rights are different.

• #to_hash ⇒ Hash

  Returns hash of instance’s fields.

• #validate(value, *allowed_values) ⇒ Object

  Checks if a supplied value matches an allowed set of values.

• #validate_array(name, values) ⇒ Object

  Checks if a supplied value is an array and returns it.

• #validate_individual_values(values, *allowed_values) ⇒ Array

  Checks if a supplied set of values matches an allowed set of values.

• #validate_non_empty(name, value) ⇒ Object

  Checks if a supplied value is non empty.

• #values ⇒ Array

  Returns values of instance fields.

Constructor Details

#initialize(permission_hash, provider = nil) ⇒ Ace

Returns a new instance of Ace.

# File 'lib/puppet/type/acl/ace.rb', line 26

def initialize(permission_hash, provider = nil)
  super()

  @provider = provider
  id = permission_hash['identity']
  id = permission_hash['id'] if id.nil? || id.empty?
  self.identity = id
  self.id = permission_hash['id']
  @mask = permission_hash['mask']
  self.rights = permission_hash['rights']
  self.perm_type = permission_hash['perm_type']
  if permission_hash['type']
    Puppet.deprecation_warning('Permission `type` is deprecated and has been replaced with perm_type for allow or deny')
    if permission_hash['perm_type'] && permission_hash['type'] != permission_hash['perm_type']
      raise ArgumentError, "Can not accept both `type` => #{permission_hash['type']} and `perm_type` => #{permission_hash['perm_type']}"
    end
    self.perm_type = permission_hash['type']
  end
  self.child_types = permission_hash['child_types']
  self.affects = permission_hash['affects']
  @is_inherited = permission_hash['is_inherited'] || false
  @hash = nil
end

Instance Attribute Details

#affects ⇒ Object

Returns the value of attribute affects.

# File 'lib/puppet/type/acl/ace.rb', line 22

def affects
  @affects
end

#child_types ⇒ Object

Returns the value of attribute child_types.

# File 'lib/puppet/type/acl/ace.rb', line 21

def child_types
  @child_types
end

#identity ⇒ Object

Returns the value of attribute identity.

# File 'lib/puppet/type/acl/ace.rb', line 18

def identity
  @identity
end

#is_inherited ⇒ Object (readonly)

Returns the value of attribute is_inherited.

# File 'lib/puppet/type/acl/ace.rb', line 23

def is_inherited
  @is_inherited
end

#mask ⇒ Object

Returns the value of attribute mask.

# File 'lib/puppet/type/acl/ace.rb', line 24

def mask
  @mask
end

#perm_type ⇒ Object

Returns the value of attribute perm_type.

# File 'lib/puppet/type/acl/ace.rb', line 20

def perm_type
  @perm_type
end

#rights ⇒ Object

Returns the value of attribute rights.

# File 'lib/puppet/type/acl/ace.rb', line 19

def rights
  @rights
end

Instance Method Details

#==(other) ⇒ Boolean Also known as: eql?

This ensures we are looking at the same ace with the same rights. We want to know if the two aces are equal on all important data points.

Parameters:

• other (Ace) —

  The ace that we are comparing to.

Returns:

• (Boolean) —

  True if all points are equal

# File 'lib/puppet/type/acl/ace.rb', line 348

def ==(other)
  return false unless other.is_a?(Ace)

  same?(other) &&
    @rights == other.rights
end

#[](key) ⇒ Object

Returns value of specified key in instance fields hash.

Parameters:

• key (String) —

  Key used to get value from hash.

Returns:

• (Object) —

  Value of field.

# File 'lib/puppet/type/acl/ace.rb', line 407

def [](key)
  to_hash[key]
end

#convert_from_symbols(symbols) ⇒ Array

Converts an array of symbols into strings.

Parameters:

• symbols (Array) —

  Array of symbols.

Returns:

• (Array) —

  Converted strings of ‘symbols`.

# File 'lib/puppet/type/acl/ace.rb', line 137

def convert_from_symbols(symbols)
  values = []
  symbols.each do |value|
    values << value.to_s
  end

  values
end

#convert_to_symbol(value) ⇒ Symbol

Converts a value into a symbol

Parameters:

• value (Object) —

  Object to convert

Returns:

• (Symbol) —

  Symbol of object

# File 'lib/puppet/type/acl/ace.rb', line 74

def convert_to_symbol(value)
  return nil if value.nil? || value.empty?
  return value if value.is_a?(Symbol)

  value.downcase.to_sym
end

#convert_to_symbols(values) ⇒ Array

Converts an array of values to symbols.

Parameters:

• values (Array) —

  Array of strings.

Returns:

• (Array) —

  Converted symbols ‘values`.

# File 'lib/puppet/type/acl/ace.rb', line 124

def convert_to_symbols(values)
  value_syms = []
  values.each do |value|
    value_syms << convert_to_symbol(value)
  end

  value_syms
end

#encode_with(coder) ⇒ Object

added to support Ruby 2.3 which serializes Hashes differently when writing YAML than previous Ruby versions, which can break the last run report or corrective changes reports due to attempts to serialize the attached provider

# File 'lib/puppet/type/acl/ace.rb', line 434

def encode_with(coder)
  # produce a set of plain key / value pairs by removing the "tag"
  # by setting it to nil, producing YAML serialization like
  # "---\nidentity: Administrators\nrights:\n- full\n"
  # with the tag set to its default value, serialization appears like
  # "--- !ruby/object:Puppet::Type::Acl::Ace\nidentity: Administrators\nrights:\n- full\n"
  coder.represent_map nil, to_hash

  # rubocop:disable Layout/LineLength
  # without this method implemented, serialization varies based on Ruby version like:
  # Ruby 2.3
  # "--- !ruby/hash-with-ivars:Puppet::Type::Acl::Ace\nelements: {}\nivars:\n  :@provider: \n  :@identity: Administrators\n  :@hash: \n  :@id: S-32-12-0\n  :@mask: '2023422'\n  :@rights:\n  - :full\n  :@perm_type: :allow\n  :@child_types: :all\n  :@affects: :all\n  :@is_inherited: false\n"
  # Ruby 2.1.9
  # "--- !ruby/hash:Puppet::Type::Acl::Ace {}\n"
  # rubocop:enable Layout/LineLength
end

#ensure_mask_when_mask_specific ⇒ Object

Ensures that ‘mask` is set to `value` when `rights` is set to `mask_specific`. An error is raised if the condition is not matched.

# File 'lib/puppet/type/acl/ace.rb', line 172

def ensure_mask_when_mask_specific
  if @rights.include?(:mask_specific) && (@mask.nil? || @mask.empty?) # rubocop:disable Style/GuardClause  Changing this to a guard clause makes the line long and unreadable
    raise ArgumentError, "If you specify rights => ['mask_specific'], you must also include mask => 'value'. Reference: #{inspect}"
  end
end

#ensure_none_or_self_only_sync ⇒ Object

Ensures valid usage of ‘child_types` and `affects`. A `Puppet.warning` is raised if incorrect usage is found.

# File 'lib/puppet/type/acl/ace.rb', line 192

def ensure_none_or_self_only_sync
  return if @child_types.nil? || @affects.nil?
  return if @child_types == :none && @affects == :self_only
  return unless @child_types == :none || @affects == :self_only

  if @child_types == :none && (@affects != :all && @affects != :self_only)
    Puppet.warning("If child_types => 'none', affects => value will be ignored. Please remove affects or set affects => 'self_only' to remove this warning. Reference: #{inspect}")
  end
  @affects = :self_only if @child_types == :none

  if @affects == :self_only && (@child_types != :all && @child_types != :none)
    Puppet.warning("If affects => 'self_only', child_types => value will be ignored. Please remove child_types or set child_types => 'none' to remove this warning. Reference: #{inspect}")
  end
  @child_types = :none if @affects == :self_only
end

#ensure_rights_order ⇒ Object

Returns ‘rights` sorted in reverse order

Returns:

• (Object) —

  Sorted rights

# File 'lib/puppet/type/acl/ace.rb', line 149

def ensure_rights_order
  @rights.sort_by! { |r| Puppet::Type::Acl::Rights.new(r).order }
end

#ensure_rights_values_compatible ⇒ Object

Ensures the values of ‘rights` are valid An error is raised if a condition is invalid.

# File 'lib/puppet/type/acl/ace.rb', line 155

def ensure_rights_values_compatible
  if @rights.include?(:mask_specific) && rights.count != 1
    raise ArgumentError, "In each ace, when specifying rights, if you include 'mask_specific', it should be without anything else e.g. rights => ['mask_specific']. Please decide whether 'mask_specific' or predetermined rights and correct the manifest. Reference: #{inspect}" # rubocop:disable Layout/LineLength
  end

  if @rights.include?(:full) && rights.count != 1
    Puppet.warning("In each ace, when specifying rights, if you include 'full', it should be without anything else e.g. rights => ['full']. Please remove the extraneous rights from the manifest to remove this warning. Reference: #{inspect}") # rubocop:disable Layout/LineLength
    @rights = [:full]
  end
  if @rights.include?(:modify) && rights.count != 1 # rubocop:disable Style/GuardClause  Changing this to a guard clause makes the line long and unreadable
    Puppet.warning("In each ace, when specifying rights, if you include 'modify', it should be without anything else e.g. rights => ['modify']. Please remove the extraneous rights from the manifest to remove this warning. Reference: #{inspect}") # rubocop:disable Layout/LineLength
    @rights = [:modify]
  end
end

#ensure_unique_values(values) ⇒ Array

Checks that a supplied array of values are unique.

Parameters:

• values (Array)

Returns:

• (Array) —

  Return ‘values` with unique values else return `values`.

# File 'lib/puppet/type/acl/ace.rb', line 182

def ensure_unique_values(values)
  if values.is_a?(Array)
    return values.uniq
  end

  values
end

#get_comparison_ids(other = nil) ⇒ Array

Used as part of the ‘same?` method to determine if the current ACE is the same as a supplied ACE

Parameters:

• other (Ace) (defaults to: nil) —

  ACE to compare to

Returns:

• (Array) —

  IDs of the supplied ACEs

# File 'lib/puppet/type/acl/ace.rb', line 296

def get_comparison_ids(other = nil)
  ignore_other = true
  id_has_value = false
  other_id_has_value = false
  other_id = nil

  unless other.nil?
    ignore_other = false
    other_id_has_value = true unless other.id.nil? || other.id.empty?
  end

  id_has_value = true unless id.nil? || id.empty?

  if id_has_value && (ignore_other || other_id_has_value)
    id = self.id
    other_id = other.id unless ignore_other
  elsif @provider&.respond_to?(:get_account_name)
    id = @provider.get_account_name(@identity)
    other_id = @provider.get_account_name(other.identity) unless ignore_other
  else
    id = @identity
    other_id = other.identity unless ignore_other
  end

  [id, other_id]
end

#hash ⇒ Hash

Returns hash of instance’s fields

Returns:

• (Hash) —

  Hash of instance fields

# File 'lib/puppet/type/acl/ace.rb', line 360

def hash
  get_comparison_ids[0].hash ^
    @rights.hash ^
    @perm_type.hash ^
    @child_types.hash ^
    @affects.hash ^
    @is_inherited.hash
end

#id ⇒ Object

Retrieves value of ‘id`

Returns:

• (Object) —

  SID of ACE

# File 'lib/puppet/type/acl/ace.rb', line 219

def id
  if @id.nil? || @id.empty?
    if @identity && @provider && @provider.respond_to?(:get_account_id)
      @id = @provider.get_account_id(@identity)
    end
  end

  @id
end

#id=(value) ⇒ Object

Sets value of ‘id`.

Parameters:

• value (Object)

# File 'lib/puppet/type/acl/ace.rb', line 232

def id=(value)
  @id = value
  @hash = nil
end

#inherited? ⇒ Boolean

Returns value of is_inherited

Returns:

• (Boolean) —

  Value of is_inherited

# File 'lib/puppet/type/acl/ace.rb', line 66

def inherited?
  is_inherited
end

#inspect ⇒ String Also known as: to_s

Returns string representation of instance’s fields.

Returns:

• (String) —

  String of instance hash.

# File 'lib/puppet/type/acl/ace.rb', line 414

def inspect
  hash = to_hash
  return_value = hash.keys.map { |key|
    key_value = hash[key]
    if key_value.is_a? Array
      "#{key} => #{key_value}"
    else
      "#{key} => '#{key_value}'"
    end
  }.join(', ')

  "\n { #{return_value} }"
end

#keys ⇒ Object

The following methods: keys, values, [](key) make ‘puppet resource acl somelocation` believe that this is actually a Hash and can pull the values from this object.

# File 'lib/puppet/type/acl/ace.rb', line 392

def keys
  to_hash.keys
end

#same?(other) ⇒ Boolean

This ensures we are looking at the same ace even if the rights are different. Contextually we have two ace objects and we are trying to determine if they are the same ace or different given all of the different compare points.

Parameters:

• other (Ace) —

  The ace that we are comparing to.

Returns:

• (Boolean) —

  True if all points are equal

# File 'lib/puppet/type/acl/ace.rb', line 330

def same?(other)
  return false unless other.is_a?(Ace)

  account_ids = get_comparison_ids(other)

  account_ids[0] == account_ids[1] &&
    @child_types == other.child_types &&
    @affects == other.affects &&
    @is_inherited == other.is_inherited &&
    @perm_type == other.perm_type
end

#to_hash ⇒ Hash

Returns hash of instance’s fields

Returns:

• (Hash) —

  Hash of instance fields

# File 'lib/puppet/type/acl/ace.rb', line 372

def to_hash
  return @hash if @hash

  ace_hash = {}
  ace_hash['identity'] = identity
  ace_hash['rights'] = convert_from_symbols(rights)
  ace_hash['mask'] = mask if rights == [:mask_specific] && !mask.nil?
  ace_hash['perm_type'] = perm_type unless perm_type == :allow || perm_type.nil?
  ace_hash['child_types'] = child_types unless child_types == :all || child_types == :none || child_types.nil?
  ace_hash['affects'] = affects unless affects == :all || affects.nil?
  ace_hash['is_inherited'] = is_inherited if is_inherited

  @hash = ace_hash
  @hash
end

#validate(value, *allowed_values) ⇒ Object

Checks if a supplied value matches an allowed set of values.

Parameters:

• value (Object)
• allowed_values (Array)

Returns:

• (Object) —

  Return supplied value if it matches.

# File 'lib/puppet/type/acl/ace.rb', line 55

def validate(value, *allowed_values)
  validator = Puppet::Parameter::ValueCollection.new
  validator.newvalues(*allowed_values)
  validator.validate(value)

  value
end

#validate_array(name, values) ⇒ Object

Checks if a supplied value is an array and returns it.

Parameters:

• values (Object) —

  Value to validate

Returns:

• (Object) —

  Supplied value if it is an array.

Raises:

• (ArgumentError)

# File 'lib/puppet/type/acl/ace.rb', line 101

def validate_array(name, values)
  raise ArgumentError, "Value for #{name} should be an array. Perhaps try ['#{values}']?" unless values.is_a?(Array)

  values
end

#validate_individual_values(values, *allowed_values) ⇒ Array

Checks if a supplied set of values matches an allowed set of values.

Parameters:

• values (Array)
• allowed_values (Array)

Returns:

• (Array) —

  Returns supplied values if they all match.

# File 'lib/puppet/type/acl/ace.rb', line 112

def validate_individual_values(values, *allowed_values)
  values.each do |value|
    validate(value, *allowed_values)
  end

  values
end

#validate_non_empty(name, value) ⇒ Object

Checks if a supplied value is non empty

Parameters:

• name —

  Name of value used for logging an error

• value (Object) —

  Value to validate

Returns:

• (Object) —

  Supplied value if it is non empty.

# File 'lib/puppet/type/acl/ace.rb', line 86

def validate_non_empty(name, value)
  if value.nil? || value == ''
    raise ArgumentError, "A non-empty #{name} must be specified."
  end
  if value.is_a?(Array) && value.count.zero?
    raise ArgumentError, "Value for #{name} should have least one element in the array."
  end

  value
end

#values ⇒ Array

Returns values of instance fields

Returns:

• (Array) —

  Values of fields from hash

# File 'lib/puppet/type/acl/ace.rb', line 399

def values
  to_hash.values
end