# # Author:: AJ Christensen () # Copyright:: Copyright 2008-2016, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # require "chef/provider" require "chef/mixin/shell_out" require "chef/mixin/command" require "etc" class Chef class Provider class Group < Chef::Provider include Chef::Mixin::ShellOut include Chef::Mixin::Command attr_accessor :group_exists attr_accessor :change_desc def whyrun_supported? true end def initialize(new_resource, run_context) super @group_exists = true end def load_current_resource @current_resource = Chef::Resource::Group.new(@new_resource.name) @current_resource.group_name(@new_resource.group_name) group_info = nil begin group_info = Etc.getgrnam(@new_resource.group_name) rescue ArgumentError => e @group_exists = false Chef::Log.debug("#{@new_resource} group does not exist") end if group_info @new_resource.gid(group_info.gid) unless @new_resource.gid @current_resource.gid(group_info.gid) @current_resource.members(group_info.mem) end @current_resource end def define_resource_requirements requirements.assert(:modify) do |a| a.assertion { @group_exists } a.failure_message(Chef::Exceptions::Group, "Cannot modify #{@new_resource} - group does not exist!") a.whyrun("Group #{@new_resource} does not exist. Unless it would have been created earlier in this run, this attempt to modify it would fail.") end requirements.assert(:all_actions) do |a| # Make sure that the resource doesn't contain any common # user names in the members and exclude_members properties. if !@new_resource.members.nil? && !@new_resource.excluded_members.nil? common_members = @new_resource.members & @new_resource.excluded_members a.assertion { common_members.empty? } a.failure_message(Chef::Exceptions::ConflictingMembersInGroup, "Attempting to both add and remove users from a group: '#{common_members.join(', ')}'") # No why-run alternative end end end # Check to see if a group needs any changes. Populate # @change_desc with a description of why a change must occur # # ==== Returns # :: If a change is required # :: If a change is not required def compare_group @change_desc = [ ] if @new_resource.gid.to_s != @current_resource.gid.to_s @change_desc << "change gid #{@current_resource.gid} to #{@new_resource.gid}" end if @new_resource.append missing_members = [] @new_resource.members.each do |member| next if has_current_group_member?(member) validate_member!(member) missing_members << member end if missing_members.length > 0 @change_desc << "add missing member(s): #{missing_members.join(", ")}" end members_to_be_removed = [] @new_resource.excluded_members.each do |member| if has_current_group_member?(member) members_to_be_removed << member end end if members_to_be_removed.length > 0 @change_desc << "remove existing member(s): #{members_to_be_removed.join(", ")}" end else if @new_resource.members != @current_resource.members @change_desc << "replace group members with new list of members" end end !@change_desc.empty? end def has_current_group_member?(member) @current_resource.members.include?(member) end def validate_member!(member) # Sub-classes can do any validation if needed # and raise an error if validation fails true end def action_create case @group_exists when false converge_by("create group #{@new_resource.group_name}") do create_group Chef::Log.info("#{@new_resource} created") end else if compare_group converge_by(["alter group #{@new_resource.group_name}"] + change_desc) do manage_group Chef::Log.info("#{@new_resource} altered") end end end end def action_remove if @group_exists converge_by("remove group #{@new_resource.group_name}") do remove_group Chef::Log.info("#{@new_resource} removed") end end end def action_manage if @group_exists && compare_group converge_by(["manage group #{@new_resource.group_name}"] + change_desc) do manage_group Chef::Log.info("#{@new_resource} managed") end end end def action_modify if compare_group converge_by(["modify group #{@new_resource.group_name}"] + change_desc) do manage_group Chef::Log.info("#{@new_resource} modified") end end end def create_group raise NotImplementedError, "subclasses of Chef::Provider::Group should define #create_group" end def manage_group raise NotImplementedError, "subclasses of Chef::Provider::Group should define #manage_group" end def remove_group raise NotImplementedError, "subclasses of Chef::Provider::Group should define #remove_group" end end end end