diff options
| author | Stephan Renatus <srenatus@chef.io> | 2017-03-14 10:55:31 +0100 |
|---|---|---|
| committer | Stephan Renatus <srenatus@chef.io> | 2017-03-14 11:02:14 +0100 |
| commit | 7309eb4836c465feb5f0300d460fa6940769cfb8 (patch) | |
| tree | d6e658763062449d592a635c65a66c186965aced | |
| parent | 0db9891b7d91150de40a3ce5753efbcf29c6d09a (diff) | |
| download | chef-zero-7309eb4836c465feb5f0300d460fa6940769cfb8.tar.gz | |
fix hardcoded default acls to match chef-server
Due to a bug in oc-chef-pedant[1], we'd never noticed that this doesn't
return what it should return to match chef-server.
[1]: https://github.com/chef/chef-server/pull/1145
Signed-off-by: Stephan Renatus <srenatus@chef.io>
| -rw-r--r-- | lib/chef_zero/chef_data/default_creator.rb | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb index 51872d5..e70b2c2 100644 --- a/lib/chef_zero/chef_data/default_creator.rb +++ b/lib/chef_zero/chef_data/default_creator.rb @@ -270,7 +270,8 @@ module ChefZero def get_org_acl_default(path) object_path = AclPath.get_object_path(path) - # The actual things containers correspond to don't have to exist, as long as the container does + # The actual things containers correspond to don't have to exist, as + # long as the container does return nil if !data_exists?(object_path) basic_acl = case path[3..-1].join("/") @@ -282,7 +283,10 @@ module ChefZero "delete" => { "groups" => %w{admins} }, "grant" => { "groups" => %w{admins} }, } - when "containers/environments", "containers/roles", "containers/policy_groups", "containers/policies" + when "containers/environments", "containers/roles", + "containers/policy_groups", "containers/policies", + "containers/cookbooks", "containers/cookbook_artifacts", + "containers/data" { "create" => { "groups" => %w{admins users} }, "read" => { "groups" => %w{admins users clients} }, @@ -290,14 +294,6 @@ module ChefZero "delete" => { "groups" => %w{admins users} }, "grant" => { "groups" => %w{admins} }, } - when "containers/cookbooks", "containers/cookbook_artifacts", "containers/data" - { - "create" => { "groups" => %w{admins users clients} }, - "read" => { "groups" => %w{admins users clients} }, - "update" => { "groups" => %w{admins users clients} }, - "delete" => { "groups" => %w{admins users clients} }, - "grant" => { "groups" => %w{admins} }, - } when "containers/nodes" { "create" => { "groups" => %w{admins users clients} }, |