diff options
author | Steven Danna <steve@chef.io> | 2017-03-14 10:31:06 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-14 10:31:06 +0000 |
commit | 973a5c3b82855a34188c2a7c812038215b56db42 (patch) | |
tree | d6e658763062449d592a635c65a66c186965aced | |
parent | 0db9891b7d91150de40a3ce5753efbcf29c6d09a (diff) | |
parent | 7309eb4836c465feb5f0300d460fa6940769cfb8 (diff) | |
download | chef-zero-973a5c3b82855a34188c2a7c812038215b56db42.tar.gz |
Merge pull request #257 from chef/sr/fix-acls
fix hardcoded default acls to match chef-server
-rw-r--r-- | lib/chef_zero/chef_data/default_creator.rb | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb index 51872d5..e70b2c2 100644 --- a/lib/chef_zero/chef_data/default_creator.rb +++ b/lib/chef_zero/chef_data/default_creator.rb @@ -270,7 +270,8 @@ module ChefZero def get_org_acl_default(path) object_path = AclPath.get_object_path(path) - # The actual things containers correspond to don't have to exist, as long as the container does + # The actual things containers correspond to don't have to exist, as + # long as the container does return nil if !data_exists?(object_path) basic_acl = case path[3..-1].join("/") @@ -282,7 +283,10 @@ module ChefZero "delete" => { "groups" => %w{admins} }, "grant" => { "groups" => %w{admins} }, } - when "containers/environments", "containers/roles", "containers/policy_groups", "containers/policies" + when "containers/environments", "containers/roles", + "containers/policy_groups", "containers/policies", + "containers/cookbooks", "containers/cookbook_artifacts", + "containers/data" { "create" => { "groups" => %w{admins users} }, "read" => { "groups" => %w{admins users clients} }, @@ -290,14 +294,6 @@ module ChefZero "delete" => { "groups" => %w{admins users} }, "grant" => { "groups" => %w{admins} }, } - when "containers/cookbooks", "containers/cookbook_artifacts", "containers/data" - { - "create" => { "groups" => %w{admins users clients} }, - "read" => { "groups" => %w{admins users clients} }, - "update" => { "groups" => %w{admins users clients} }, - "delete" => { "groups" => %w{admins users clients} }, - "grant" => { "groups" => %w{admins} }, - } when "containers/nodes" { "create" => { "groups" => %w{admins users clients} }, |