diff options
author | Tim Smith <tsmith@chef.io> | 2020-06-05 10:04:30 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-05 10:04:30 -0700 |
commit | 6772c7c1f2c5e8e4814bef8b4a6e706e1cfad636 (patch) | |
tree | ccfb05599a1ce1594eca2a6a21c025679cd4a30f /lib/chef/provider/script.rb | |
parent | bf2d814febe70da55a7dbb487d762e3162eb04c0 (diff) | |
parent | 21f0369b506d96bea0dd6cfaecbcd95908d9ceaf (diff) | |
download | chef-6772c7c1f2c5e8e4814bef8b4a6e706e1cfad636.tar.gz |
Merge pull request #9932 from chef/script-resources-use-pipes
Change script resources to use pipes rather than writing to temp files
Diffstat (limited to 'lib/chef/provider/script.rb')
-rw-r--r-- | lib/chef/provider/script.rb | 77 |
1 files changed, 4 insertions, 73 deletions
diff --git a/lib/chef/provider/script.rb b/lib/chef/provider/script.rb index a630fa2efd..71b86e8657 100644 --- a/lib/chef/provider/script.rb +++ b/lib/chef/provider/script.rb @@ -34,84 +34,15 @@ class Chef provides :ruby provides :script - def_delegators :new_resource, :interpreter, :flags - - attr_accessor :code - - def initialize(new_resource, run_context) - super - self.code = new_resource.code - end + def_delegators :new_resource, :interpreter, :flags, :code def command - "\"#{interpreter}\" #{flags} \"#{script_file.path}\"" - end - - def load_current_resource - super - end - - action :run do - script_file.puts(code) - script_file.close - - set_owner_and_group - - super() - - unlink_script_file - end - - def set_owner_and_group - if ChefUtils.windows? - # And on Windows also this is a no-op if there is no user specified. - grant_alternate_user_read_access - else - # FileUtils itself implements a no-op if +user+ or +group+ are nil - # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file') - # as an unprivileged user. - FileUtils.chown(new_resource.user, new_resource.group, script_file.path) - end + "\"#{interpreter}\" #{flags}" end - def grant_alternate_user_read_access - # Do nothing if an alternate user isn't specified -- the file - # will already have the correct permissions for the user as part - # of the default ACL behavior on Windows. - return if new_resource.user.nil? - - # Duplicate the script file's existing DACL - # so we can add an ACE later - securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(script_file.path) - aces = securable_object.security_descriptor.dacl.reduce([]) { |result, current| result.push(current) } - - username = new_resource.user - - if new_resource.domain - username = new_resource.domain + '\\' + new_resource.user - end - - # Create an ACE that allows the alternate user read access to the script - # file so it can be read and executed. - user_sid = Chef::ReservedNames::Win32::Security::SID.from_account(username) - read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0) - aces.push(read_ace) - acl = Chef::ReservedNames::Win32::Security::ACL.create(aces) - - # This actually applies the modified DACL to the file - # Use parentheses to bypass RuboCop / ChefStyle warning - # about useless setter - (securable_object.dacl = acl) + def input + code end - - def script_file - @script_file ||= Tempfile.open("chef-script") - end - - def unlink_script_file - script_file && script_file.close! - end - end end end |