(PUP-2336) Is inherited should not be allowed in aces

This fixes incorrect usage of the ace['inherited'] to ace['is_inherited']. Without this fix folks can use puppet resource and copy the inherited items into the manifest and get some interesting results.
puppetlabs · Apr 22, 2014 · 4fcc264 · 4fcc264
1 parent 9d2f0b4
commit 4fcc264
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lib/puppet/type/acl.rb b/lib/puppet/type/acl.rb
@@ -189,11 +189,11 @@ def initialize(*args)
       if value.nil? || value.empty?
         raise ArgumentError, "A non-empty permissions must be specified."
       end
-      if value['inherited']
+      if value['is_inherited']
         raise ArgumentError,
          "Puppet can not manage inherited ACEs.
          If you used puppet resource acl to build your manifest, please remove
-         any inherited => true entries in permissions when adding the resource
+         any is_inherited => true entries in permissions when adding the resource
          to the manifest.
          Reference: #{value.inspect}"
       end

diff --git a/spec/unit/type/acl_spec.rb b/spec/unit/type/acl_spec.rb
@@ -475,7 +475,7 @@ def test_should_set_autorequired_file(resource_path,file_path)
 
     it "should not allow inherited aces in manifests" do
       expect {
-        resource[:permissions] = {'identity' =>'bob','rights'=>['full'],'inherited'=>'true'}
+        resource[:permissions] = {'identity' =>'bob','rights'=>['full'],'is_inherited'=>'true'}
       }.to raise_error(Puppet::ResourceError, /Puppet can not manage inherited ACEs/)
     end