-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Very simple first version. If the given group or user doesn't have an acl at all then set the given acl. The current acl is not checked to conform to the requested acl.
- Loading branch information
Showing
3 changed files
with
66 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| ['user', 'group'].each do |what| | ||
| node['mapr']['config'].fetch('acls', {}).fetch(what, {}).each do |who, perms| | ||
| execute "set acl for #{what} #{who}" do | ||
| command "/opt/mapr/bin/maprcli acl edit -type cluster -#{what} #{who}:#{perms}" | ||
| user node['mapr']['config']['owner'] | ||
| only_if do | ||
| Mixlib::ShellOut.new("/opt/mapr/bin/maprcli acl show -type cluster -#{what} #{who}").tap do |command| | ||
| command.run_command | ||
| command.error! | ||
| end.stdout.empty? | ||
| end | ||
| end | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # Copyright:: 2018, Criteo, All Rights Reserved. | ||
|
|
||
| require 'spec_helper' | ||
|
|
||
| describe 'mapr::acls' do | ||
| let(:users) { ['fred', 'jane' ] } | ||
| context 'Two users should have acls' do | ||
| let(:chef_run) do | ||
| ChefSpec::SoloRunner.new( | ||
| platform: 'centos', | ||
| version: '7.4.1708', | ||
| ) do |node| | ||
| users.each do |u| | ||
| node.default['mapr']['config']['acls']['user'][u] = 'fc2' | ||
| node.default['mapr']['config']['acls']['user'][u] = 'fc2' | ||
| end | ||
| node.default['mapr']['config']['acls']['ignored']['lake'] = 'fc' | ||
| node.override['mapr']['config']['owner'] = 'alice' | ||
| end.converge(described_recipe) | ||
| end | ||
|
|
||
| before do | ||
| users.each do |u| | ||
| expect(Mixlib::ShellOut).to receive(:new) | ||
| .with("/opt/mapr/bin/maprcli acl show -type cluster -user #{u}") | ||
| .and_return(double(run_command: nil, stdout: acls, error!: nil)) | ||
| end | ||
| end | ||
|
|
||
| context 'no acls present' do | ||
| let(:acls) { '' } | ||
|
|
||
| it 'sets acl for all users' do | ||
| users.each do |u| | ||
| expect(chef_run).to run_execute("set acl for user #{u}") | ||
| .with(command: "/opt/mapr/bin/maprcli acl edit -type cluster -user #{u}:fc2", user: 'alice') | ||
| end | ||
| end | ||
| end | ||
|
|
||
| context 'existing acls' do | ||
| let(:acls) { "Allowed actions Principal\n[login, ss, cv, a, fc] User mapr\n" } | ||
|
|
||
| it 'does not set any acls' do | ||
| users.each do |u| | ||
| expect(chef_run).to_not run_execute("set acl for user #{u}") | ||
| end | ||
| end | ||
| end | ||
| end | ||
| end |