diff options
author | John Keiser <john@johnkeiser.com> | 2016-01-27 13:59:04 -0800 |
---|---|---|
committer | John Keiser <john@johnkeiser.com> | 2016-02-01 08:08:13 -0800 |
commit | e39cc95d16188a88a9ae0ca1b8ec4c41ff4a983f (patch) | |
tree | 5ea98637b32088d165e096dfcff450ff57263e54 /lib/chef | |
parent | 1a0d94db2974d42f047d20dc7928893696d0bf1f (diff) | |
download | chef-e39cc95d16188a88a9ae0ca1b8ec4c41ff4a983f.tar.gz |
Add ACLs for policies, policy_groups and cookbook_artifacts
Diffstat (limited to 'lib/chef')
4 files changed, 57 insertions, 4 deletions
diff --git a/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb b/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb index 4f8fff1bda..e9db42d14f 100644 --- a/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb @@ -19,6 +19,7 @@ require "chef/chef_fs/file_system/base_fs_dir" require "chef/chef_fs/file_system/chef_server/acl_dir" require "chef/chef_fs/file_system/chef_server/cookbooks_acl_dir" +require "chef/chef_fs/file_system/chef_server/policies_acl_dir" require "chef/chef_fs/file_system/chef_server/acl_entry" require "chef/chef_fs/data_handler/acl_data_handler" @@ -27,7 +28,7 @@ class Chef module FileSystem module ChefServer class AclsDir < BaseFSDir - ENTITY_TYPES = %w{clients containers cookbooks data_bags environments groups nodes roles} # we don't read sandboxes, so we don't read their acls + ENTITY_TYPES = %w{clients containers cookbook_artifacts cookbooks data_bags environments groups nodes policies policy_groups roles} # we don't read sandboxes, so we don't read their acls def data_handler @data_handler ||= Chef::ChefFS::DataHandler::AclDataHandler.new @@ -48,9 +49,13 @@ class Chef def children if @children.nil? @children = ENTITY_TYPES.map do |entity_type| + # All three of these can be versioned (NAME-VERSION), but only have + # one ACL that covers them all (NAME.json). case entity_type - when "cookbooks" + when "cookbooks", "cookbook_artifacts" CookbooksAclDir.new(entity_type, self) + when "policies" + PoliciesAclDir.new(entity_type, self) else AclDir.new(entity_type, self) end diff --git a/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb b/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb index 2460aba47f..7cf11d8fc7 100644 --- a/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb @@ -17,7 +17,6 @@ # require "chef/chef_fs/file_system/chef_server/acl_dir" -require "chef/chef_fs/file_system/chef_server/acl_entry" class Chef module ChefFS diff --git a/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb b/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb new file mode 100644 index 0000000000..1b1e036585 --- /dev/null +++ b/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb @@ -0,0 +1,40 @@ +# +# Author:: John Keiser (<jkeiser@opscode.com>) +# Copyright:: Copyright (c) 2013 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/chef_fs/file_system/chef_server/acl_dir" + +class Chef + module ChefFS + module FileSystem + module ChefServer + class PoliciesAclDir < AclDir + # Policies are presented like /NAME-VERSION.json. But there is only + # one ACL for a given NAME. So we find out the unique policy names, + # and make one acls/policies/NAME.json for each one. + def children + if @children.nil? + names = parent.parent.child(name).children.map { |child| "#{child.policy_name}.json" } + @children = names.uniq.map { |name| make_child_entry(name, true) } + end + @children + end + end + end + end + end +end diff --git a/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb b/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb index a51a1ff5c9..941c0268cc 100644 --- a/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb +++ b/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb @@ -11,13 +11,22 @@ class Chef # /policies/foo-1.0.0.json -> /policies/foo/revisions/1.0.0 def api_path(options={}) - policy_name, revision_id = data_handler.name_and_revision(name) "#{parent.api_path}/#{policy_name}/revisions/#{revision_id}" end def write(file_contents) raise OperationNotAllowedError.new(:write, self, nil, "cannot be updated: policy revisions are immutable once uploaded. If you want to change the policy, create a new revision with your changes") end + + def policy_name + policy_name, revision_id = data_handler.name_and_revision(name) + policy_name + end + + def revision_id + policy_name, revision_id = data_handler.name_and_revision(name) + revision_id + end end end end |