summaryrefslogtreecommitdiff
path: root/lib/chef
diff options
context:
space:
mode:
authorJohn Keiser <john@johnkeiser.com>2016-01-27 13:59:04 -0800
committerJohn Keiser <john@johnkeiser.com>2016-02-01 08:08:13 -0800
commite39cc95d16188a88a9ae0ca1b8ec4c41ff4a983f (patch)
tree5ea98637b32088d165e096dfcff450ff57263e54 /lib/chef
parent1a0d94db2974d42f047d20dc7928893696d0bf1f (diff)
downloadchef-e39cc95d16188a88a9ae0ca1b8ec4c41ff4a983f.tar.gz
Add ACLs for policies, policy_groups and cookbook_artifacts
Diffstat (limited to 'lib/chef')
-rw-r--r--lib/chef/chef_fs/file_system/chef_server/acls_dir.rb9
-rw-r--r--lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb1
-rw-r--r--lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb40
-rw-r--r--lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb11
4 files changed, 57 insertions, 4 deletions
diff --git a/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb b/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb
index 4f8fff1bda..e9db42d14f 100644
--- a/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb
+++ b/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb
@@ -19,6 +19,7 @@
require "chef/chef_fs/file_system/base_fs_dir"
require "chef/chef_fs/file_system/chef_server/acl_dir"
require "chef/chef_fs/file_system/chef_server/cookbooks_acl_dir"
+require "chef/chef_fs/file_system/chef_server/policies_acl_dir"
require "chef/chef_fs/file_system/chef_server/acl_entry"
require "chef/chef_fs/data_handler/acl_data_handler"
@@ -27,7 +28,7 @@ class Chef
module FileSystem
module ChefServer
class AclsDir < BaseFSDir
- ENTITY_TYPES = %w{clients containers cookbooks data_bags environments groups nodes roles} # we don't read sandboxes, so we don't read their acls
+ ENTITY_TYPES = %w{clients containers cookbook_artifacts cookbooks data_bags environments groups nodes policies policy_groups roles} # we don't read sandboxes, so we don't read their acls
def data_handler
@data_handler ||= Chef::ChefFS::DataHandler::AclDataHandler.new
@@ -48,9 +49,13 @@ class Chef
def children
if @children.nil?
@children = ENTITY_TYPES.map do |entity_type|
+ # All three of these can be versioned (NAME-VERSION), but only have
+ # one ACL that covers them all (NAME.json).
case entity_type
- when "cookbooks"
+ when "cookbooks", "cookbook_artifacts"
CookbooksAclDir.new(entity_type, self)
+ when "policies"
+ PoliciesAclDir.new(entity_type, self)
else
AclDir.new(entity_type, self)
end
diff --git a/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb b/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb
index 2460aba47f..7cf11d8fc7 100644
--- a/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb
+++ b/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb
@@ -17,7 +17,6 @@
#
require "chef/chef_fs/file_system/chef_server/acl_dir"
-require "chef/chef_fs/file_system/chef_server/acl_entry"
class Chef
module ChefFS
diff --git a/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb b/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb
new file mode 100644
index 0000000000..1b1e036585
--- /dev/null
+++ b/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb
@@ -0,0 +1,40 @@
+#
+# Author:: John Keiser (<jkeiser@opscode.com>)
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/chef_fs/file_system/chef_server/acl_dir"
+
+class Chef
+ module ChefFS
+ module FileSystem
+ module ChefServer
+ class PoliciesAclDir < AclDir
+ # Policies are presented like /NAME-VERSION.json. But there is only
+ # one ACL for a given NAME. So we find out the unique policy names,
+ # and make one acls/policies/NAME.json for each one.
+ def children
+ if @children.nil?
+ names = parent.parent.child(name).children.map { |child| "#{child.policy_name}.json" }
+ @children = names.uniq.map { |name| make_child_entry(name, true) }
+ end
+ @children
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb b/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb
index a51a1ff5c9..941c0268cc 100644
--- a/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb
+++ b/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb
@@ -11,13 +11,22 @@ class Chef
# /policies/foo-1.0.0.json -> /policies/foo/revisions/1.0.0
def api_path(options={})
- policy_name, revision_id = data_handler.name_and_revision(name)
"#{parent.api_path}/#{policy_name}/revisions/#{revision_id}"
end
def write(file_contents)
raise OperationNotAllowedError.new(:write, self, nil, "cannot be updated: policy revisions are immutable once uploaded. If you want to change the policy, create a new revision with your changes")
end
+
+ def policy_name
+ policy_name, revision_id = data_handler.name_and_revision(name)
+ policy_name
+ end
+
+ def revision_id
+ policy_name, revision_id = data_handler.name_and_revision(name)
+ revision_id
+ end
end
end
end