Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acl: do not remove all default entries #32615

Merged
merged 1 commit into from
Nov 9, 2017
Merged

acl: do not remove all default entries #32615

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 1 addition & 4 deletions lib/ansible/modules/files/acl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,10 +199,7 @@ def build_command(module, mode, path, follow, default, recursive, entry=''):
cmd.append('-h')

if default:
if mode == 'rm':
cmd.insert(1, '-k')
else: # mode == 'set' or mode == 'get'
cmd.insert(1, '-d')
cmd.insert(1, '-d')

cmd.append(path)
return cmd
Expand Down
74 changes: 60 additions & 14 deletions test/integration/targets/acl/tasks/acl.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,18 @@

- set_fact:
ansible_user: ansible_user
ansible_group: ansible_group
ansible_file: /tmp/ansible_file
ansible_dir: /tmp/ansible_dir

- name: Create ansible user
user:
name: "{{ ansible_user }}"

- name: Create ansible group
group:
name: "{{ ansible_group }}"

- name: Create ansible file
file:
path: "{{ ansible_file }}"
Expand Down Expand Up @@ -52,8 +57,8 @@
that:
- output|changed
- not output|failed
- "'user:ansible_user:r--' in output.acl"
- "'user:ansible_user:r--' in getfacl_output.stdout_lines"
- "'user:{{ ansible_user }}:r--' in output.acl"
- "'user:{{ ansible_user }}:r--' in getfacl_output.stdout_lines"
##############################################################################
- name: Obtain the acl for a specific file
acl:
Expand All @@ -70,12 +75,12 @@
- not output|changed
- not output|failed
- "'user::rw-' in output.acl"
- "'user:ansible_user:r--' in output.acl"
- "'user:{{ ansible_user }}:r--' in output.acl"
- "'group::r--' in output.acl"
- "'mask::r--' in output.acl"
- "'other::r--' in output.acl"
- "'user::rw-' in getfacl_output.stdout_lines"
- "'user:ansible_user:r--' in getfacl_output.stdout_lines"
- "'user:{{ ansible_user }}:r--' in getfacl_output.stdout_lines"
- "'group::r--' in getfacl_output.stdout_lines"
- "'mask::r--' in getfacl_output.stdout_lines"
- "'other::r--' in getfacl_output.stdout_lines"
Expand All @@ -97,8 +102,8 @@
that:
- output|changed
- not output|failed
- "'user:ansible_user:r--' not in output.acl"
- "'user:ansible_user:r--' not in getfacl_output.stdout_lines"
- "'user:{{ ansible_user }}:r--' not in output.acl"
- "'user:{{ ansible_user }}:r--' not in getfacl_output.stdout_lines"
##############################################################################
- name: Sets default acl for ansible user on ansible dir
acl:
Expand All @@ -119,16 +124,17 @@
that:
- output|changed
- not output|failed
- "'user:ansible_user:rw-' in output.acl"
- "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines"
- "'user:{{ ansible_user }}:rw-' in output.acl"
- "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Cleanup
shell: "setfacl -b {{ ansible_dir }}"
##############################################################################
- name: Same as previous but using entry shorthand
acl:
path: "{{ ansible_dir }}"
entry: "default:user:{{ ansible_user }}:rw-"
entry: "user:{{ ansible_user }}:rw-"
default: yes
state: present
register: output

Expand All @@ -141,13 +147,14 @@
that:
- output|changed
- not output|failed
- "'user:ansible_user:rw-' in output.acl"
- "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines"
- "'user:{{ ansible_user }}:rw-' in output.acl"
- "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Same as previous, to test idempotence
acl:
path: "{{ ansible_dir }}"
entry: "default:user:{{ ansible_user }}:rw-"
entry: "user:{{ ansible_user }}:rw-"
default: yes
state: present
register: output

Expand All @@ -160,6 +167,45 @@
that:
- not output|changed
- not output|failed
- "'user:ansible_user:rw-' in output.acl"
- "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines"
- "'user:{{ ansible_user }}:rw-' in output.acl"
- "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Cleanup
shell: "setfacl -b {{ ansible_dir }}"
##############################################################################
- name: Set default acls
acl:
path: "{{ ansible_dir }}"
entry: "{{ item }}"
default: yes
state: present
with_items:
- "user:{{ ansible_user }}:rw-"
- "group:{{ ansible_group }}:rw-"

- name: Remove default group ansible_user acl
acl:
path: "{{ ansible_dir }}"
entry: "group:{{ ansible_group }}:rw-"
default: yes
state: absent
register: output

- name: get getfacl output
shell: "getfacl {{ ansible_dir }}"
register: getfacl_output

- name: verify output
assert:
that:
- output|changed
- not output|failed
- "'user::rwx' in getfacl_output.stdout_lines"
- "'group::r-x' in getfacl_output.stdout_lines"
- "'other::r-x' in getfacl_output.stdout_lines"
- "'default:user::rwx' in getfacl_output.stdout_lines"
- "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines"
- "'default:group::r-x' in getfacl_output.stdout_lines"
- "'default:mask::rwx' in getfacl_output.stdout_lines"
- "'default:other::r-x' in getfacl_output.stdout_lines"
- "'default:group:{{ ansible_group }}:rw-' not in getfacl_output.stdout_lines"