Implement handling of missing files

README.md

@@ -10,6 +10,7 @@
   * [Using action => exact](#using-action-=>-exact)
   * [Using action => unset](#using-action-=>-unset)
   * [Using action => purge](#using-action-=>-purge)
+  * [Using ignore_missing](#using-ignore_missing)
 7. [Limitations](#limitations)
 
 
@@ -24,6 +25,7 @@ This plugin module provides a way to set POSIX 1.e (and other standards) file AC
 * The `action` parameter can be one of `set`, `exact`, `unset` or `purge`. These are described in detail below.
 * The `provider` parameter allows a choice of filesystem ACL provider. Currently only POSIX 1.e is implemented.
 * The `recursive` parameter allows you to apply the ACLs to all files under the specified path.
+* The `ignore_missing` parameter allows you to set the behavior in case the specified path is not found.
 
 ```
 posix_acl { "/var/log/httpd":
@@ -204,6 +206,12 @@ group::r-x
 other::r-x
 ```
 
+### Using ignore_missing
+The `ignore_missing` parameter allows to set the behavior in case the specified path does not exist. It can take these values:
+* `false` (default): If the path is missing, an Error is raised.
+* `notify`: If the path is missing, no action is taken, but a notice is shown in the agent output.
+* `quiet`: If the path is missing, the ACL is silently ignored.
+
 ## Limitations
 ### Conflicts with "file" resource type:
 If the path being modified is managed via the `File` resource type, the path's mode bits must match the value specified in the `permission` property of the ACL.

lib/puppet/provider/posix_acl/posixacl.rb

@@ -56,7 +56,7 @@ def purge
   end
 
   def permission
-    return [] unless File.exist?(@resource.value(:path))
+    return ['DOES_NOT_EXIST'] unless File.exist?(@resource.value(:path))
 
     value = []
     # String#lines would be nice, but we need to support Ruby 1.8.5

lib/puppet/type/posix_acl.rb

@@ -49,6 +49,15 @@
     defaultto :set
   end
 
+  newparam(:ignore_missing) do
+    desc 'What to do if files are missing:
+      false: fail run,
+      quiet: quietly do nothing,
+      notify: do not try to to set ACL, but add notice to run'
+    newvalues(:false, :quiet, :notify)
+    defaultto :false
+  end
+
   newparam(:path) do
     desc 'The file or directory to which the ACL applies.'
     isnamevar
@@ -179,6 +188,18 @@ def purge_insync(cur_perm)
 
     def insync?(is)
       Puppet.debug "permission.insync? is: #{is.inspect} @should: #{@should.inspect}"
+      # handle missing file
+      if provider.permission.include?('DOES_NOT_EXIST')
+        case @resource.value(:ignore_missing)
+        when :false
+          raise ArgumentError, "Path #{@resource.value(:path)} not found"
+        when :quiet
+          return true
+        when :notify
+          Puppet.notice("Not setting ACL for #{@resource.value(:path)} as it does not exist.")
+          return true
+        end
+      end
       return purge_insync(is) if provider.check_purge
       return unset_insync(is) if provider.check_unset
 

spec/unit/puppet/type/acl_spec.rb

@@ -128,6 +128,24 @@
       expect(resource[:recursemode]).to eq(:lazy)
     end
 
+    it 'gets ignore_missing false by default' do
+      resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx']
+      expect(resource[:name]).to eq('/tmp/foo')
+      expect(resource[:ignore_missing]).to eq(:false)
+    end
+
+    it 'accepts an ignore_missing "quiet"' do
+      resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], ignore_missing: :quiet
+      expect(resource[:name]).to eq('/tmp/foo')
+      expect(resource[:ignore_missing]).to eq(:quiet)
+    end
+
+    it 'accepts an ignore_missing "notice"' do
+      resource = acl_type.new name: '/tmp/foo', permission: ['o::rwx'], ignore_missing: :notify
+      expect(resource[:name]).to eq('/tmp/foo')
+      expect(resource[:ignore_missing]).to eq(:notify)
+    end
+
     it 'fails with a wrong action' do
       expect do
         acl_type.new name: '/tmp/foo', permission: ['o::rwx'], action: :xset
@@ -151,6 +169,12 @@
         acl_type.new name: '/tmp/foo', permission: ['user::-_-']
       end.to raise_error
     end
+
+    it 'fails with a wrong ignore_missing' do
+      expect do
+        acl_type.new name: '/tmp/foo', permission: ['o::rwx'], ignore_missing: :true
+      end.to raise_error
+    end
   end
 
   context 'when removing default parameters' do