From 4d1cbf293243bb4912a9274f3d4aae7a83859ae7 Mon Sep 17 00:00:00 2001 From: Vitaly Pyslar Date: Mon, 8 Apr 2019 14:27:31 +0300 Subject: [PATCH 1/3] (#9) Allow to use X in permission property --- lib/puppet/type/posix_acl.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/type/posix_acl.rb b/lib/puppet/type/posix_acl.rb index 1405f26..5ca788b 100644 --- a/lib/puppet/type/posix_acl.rb +++ b/lib/puppet/type/posix_acl.rb @@ -218,7 +218,7 @@ def insync?(is) s = p.tr '-', '' r << (s.sub!('r', '') ? 'r' : '-') r << (s.sub!('w', '') ? 'w' : '-') - r << (s.sub!('x', '') ? 'x' : '-') + r << (s.sub!(/x/i, '') ? $~.to_s : '-') raise ArgumentError, %(Invalid permission set "#{p}".) unless s.empty? end r From 6f8b67a34b9c6dbe9f777cd64d91ea5ffd249a61 Mon Sep 17 00:00:00 2001 From: Daniel Henninger Date: Wed, 12 Jun 2019 11:20:54 -0400 Subject: [PATCH 2/3] Added handling of X/x in comparisons to avoid constant updates. --- lib/puppet/provider/posix_acl/posixacl.rb | 7 +++++-- lib/puppet/type/posix_acl.rb | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/puppet/provider/posix_acl/posixacl.rb b/lib/puppet/provider/posix_acl/posixacl.rb index a534db5..bec66af 100644 --- a/lib/puppet/provider/posix_acl/posixacl.rb +++ b/lib/puppet/provider/posix_acl/posixacl.rb @@ -86,8 +86,11 @@ def permission=(_value) # TODO: Investigate why we're not using this parameter purge when :exact, :set cur_perm = permission - perm_to_set = @resource.value(:permission) - cur_perm - perm_to_unset = cur_perm - @resource.value(:permission) + # For comparison purposes, we want to change X to x as it's only useful + # for setfacl and isn't stored or noted by getfacl. + new_perm = @resource.value(:permission).map(&:downcase) + perm_to_set = new_perm - cur_perm + perm_to_unset = cur_perm - new_perm return false if perm_to_set.empty? && perm_to_unset.empty? # Take supplied perms literally, unset any existing perms which # are absent from ACLs given diff --git a/lib/puppet/type/posix_acl.rb b/lib/puppet/type/posix_acl.rb index 5ca788b..afd50e3 100644 --- a/lib/puppet/type/posix_acl.rb +++ b/lib/puppet/type/posix_acl.rb @@ -1,5 +1,6 @@ require 'set' require 'pathname' +require 'English' Puppet::Type.newtype(:posix_acl) do desc <<-EOT @@ -161,8 +162,10 @@ def unset_insync(cur_perm) (sp - cp).sort == sp end + # Make sure we are not misinterpreting recursive permission notation (e.g. rwX) when + # comparing current to new perms. def set_insync(cur_perm) # rubocop:disable Style/AccessorMethodName - should = @should.uniq.sort + should = @should.uniq.map(&:downcase).sort (cur_perm.sort == should) || (provider.check_set && (should - cur_perm).empty?) end @@ -218,7 +221,7 @@ def insync?(is) s = p.tr '-', '' r << (s.sub!('r', '') ? 'r' : '-') r << (s.sub!('w', '') ? 'w' : '-') - r << (s.sub!(/x/i, '') ? $~.to_s : '-') + r << (s.sub!(%r{x}i, '') ? $LAST_MATCH_INFO.to_s : '-') raise ArgumentError, %(Invalid permission set "#{p}".) unless s.empty? end r From 5d0484268a83c593e14e52ca37d9f0b74647390a Mon Sep 17 00:00:00 2001 From: Daniel Henninger Date: Mon, 17 Jun 2019 15:14:38 -0400 Subject: [PATCH 3/3] Use uniq after downcase. --- lib/puppet/type/posix_acl.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/type/posix_acl.rb b/lib/puppet/type/posix_acl.rb index afd50e3..ecae17f 100644 --- a/lib/puppet/type/posix_acl.rb +++ b/lib/puppet/type/posix_acl.rb @@ -165,7 +165,7 @@ def unset_insync(cur_perm) # Make sure we are not misinterpreting recursive permission notation (e.g. rwX) when # comparing current to new perms. def set_insync(cur_perm) # rubocop:disable Style/AccessorMethodName - should = @should.uniq.map(&:downcase).sort + should = @should.map(&:downcase).uniq.sort (cur_perm.sort == should) || (provider.check_set && (should - cur_perm).empty?) end