cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add acl freebsd (#3656)

Browse source 
* FreeBSD do not support --omit-header and --absolute-names

* The option for following symlink wth getfacl is different on FreeBSD

* ZFS on Freebsd use nfsv4 acls, who use a slightly different syntax

* FreeBSD do not have a --test flag, so always return 'True'

* FreeBSD do not have the --omit-headers options, so we have to filter by ourself

* Mark Freebsd as working for the acl module
This commit is contained in:
Michael Scherer 2016-08-23 17:11:34 +02:00 committed by Brian Coca
parent 368ca738fa
commit f6450e577f
1 changed files with 29 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
files/acl.py
View file

@ -152,8 +152,10 @@ def split_entry(entry):
return [d, t, e, p] return [d, t, e, p]
def build_entry(etype, entity, permissions=None): def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
'''Builds and returns an entry string. Does not include the permissions bit if they are not provided.''' '''Builds and returns an entry string. Does not include the permissions bit if they are not provided.'''
if use_nfsv4_acls:
return ':'.join([etype, entity, permissions, 'allow'])
if permissions: if permissions:
return etype + ':' + entity + ':' + permissions return etype + ':' + entity + ':' + permissions
else: else:
@ -171,14 +173,18 @@ def build_command(module, mode, path, follow, default, recursive, entry=''):
else: # mode == 'get' else: # mode == 'get'
cmd = [module.get_bin_path('getfacl', True)] cmd = [module.get_bin_path('getfacl', True)]
# prevents absolute path warnings and removes headers # prevents absolute path warnings and removes headers
cmd.append('--omit-header') if get_platform().lower() == 'linux':
cmd.append('--absolute-names') cmd.append('--omit-header')
cmd.append('--absolute-names')
if recursive: if recursive:
cmd.append('--recursive') cmd.append('--recursive')
if not follow: if not follow:
cmd.append('--physical') if get_platform().lower() == 'linux':
cmd.append('--physical')
elif get_platform().lower() == 'freebsd':
cmd.append('-h')
if default: if default:
if(mode == 'rm'): if(mode == 'rm'):
@ -192,6 +198,10 @@ def build_command(module, mode, path, follow, default, recursive, entry=''):
def acl_changed(module, cmd): def acl_changed(module, cmd):
'''Returns true if the provided command affects the existing ACLs, false otherwise.''' '''Returns true if the provided command affects the existing ACLs, false otherwise.'''
# FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
if get_platform().lower() == 'freebsd':
return True
cmd = cmd[:] # lists are mutables so cmd would be overriden without this cmd = cmd[:] # lists are mutables so cmd would be overriden without this
cmd.insert(1, '--test') cmd.insert(1, '--test')
lines = run_acl(module, cmd) lines = run_acl(module, cmd)
@ -210,7 +220,11 @@ def run_acl(module, cmd, check_rc=True):
e = get_exception() e = get_exception()
module.fail_json(msg=e.strerror) module.fail_json(msg=e.strerror)
lines = out.splitlines() lines = []
for l in out.splitlines():
if not l.startswith('#'):
lines.append(l.strip())
if lines and not lines[-1].split(): if lines and not lines[-1].split():
# trim last line only when it is empty # trim last line only when it is empty
return lines[:-1] return lines[:-1]
@ -239,12 +253,13 @@ def main():
follow=dict(required=False, type='bool', default=True), follow=dict(required=False, type='bool', default=True),
default=dict(required=False, type='bool', default=False), default=dict(required=False, type='bool', default=False),
recursive=dict(required=False, type='bool', default=False), recursive=dict(required=False, type='bool', default=False),
use_nfsv4_acls=dict(required=False, type='bool', default=False)
), ),
supports_check_mode=True, supports_check_mode=True,
) )
if get_platform().lower() != 'linux': if get_platform().lower() not in ['linux', 'freebsd']:
module.fail_json(msg="The acl module is only available for Linux distributions.") module.fail_json(msg="The acl module is not available on this system.")
path = module.params.get('name') path = module.params.get('name')
entry = module.params.get('entry') entry = module.params.get('entry')
@ -255,6 +270,7 @@ def main():
follow = module.params.get('follow') follow = module.params.get('follow')
default = module.params.get('default') default = module.params.get('default')
recursive = module.params.get('recursive') recursive = module.params.get('recursive')
use_nfsv4_acls = module.params.get('use_nfsv4_acls')
if not os.path.exists(path): if not os.path.exists(path):
module.fail_json(msg="Path not found or not accessible.") module.fail_json(msg="Path not found or not accessible.")
@ -289,11 +305,15 @@ def main():
if default_flag != None: if default_flag != None:
default = default_flag default = default_flag
if get_platform().lower() == 'freebsd':
if recursive:
module.fail_json(msg="recursive is not supported on that platform.")
changed = False changed = False
msg = "" msg = ""
if state == 'present': if state == 'present':
entry = build_entry(etype, entity, permissions) entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
command = build_command( command = build_command(
module, 'set', path, follow, module, 'set', path, follow,
default, recursive, entry default, recursive, entry
@ -305,7 +325,7 @@ def main():
msg = "%s is present" % entry msg = "%s is present" % entry
elif state == 'absent': elif state == 'absent':
entry = build_entry(etype, entity) entry = build_entry(etype, entity, use_nfsv4_acls)
command = build_command( command = build_command(
module, 'rm', path, follow, module, 'rm', path, follow,
default, recursive, entry default, recursive, entry