003 File Manager
Current Path:
/usr/local/lib/python3.8/site-packages/salt/states
usr
/
local
/
lib
/
python3.8
/
site-packages
/
salt
/
states
/
📁
..
📄
__init__.py
(25 B)
📁
__pycache__
📄
acme.py
(5.08 KB)
📄
alias.py
(2.49 KB)
📄
alternatives.py
(6.75 KB)
📄
ansiblegate.py
(7.61 KB)
📄
apache.py
(3.95 KB)
📄
apache_conf.py
(2.72 KB)
📄
apache_module.py
(2.73 KB)
📄
apache_site.py
(2.66 KB)
📄
aptpkg.py
(1.42 KB)
📄
archive.py
(67.76 KB)
📄
artifactory.py
(6.84 KB)
📄
at.py
(7.54 KB)
📄
augeas.py
(10.57 KB)
📄
aws_sqs.py
(2.59 KB)
📄
azurearm_compute.py
(10.86 KB)
📄
azurearm_dns.py
(25.09 KB)
📄
azurearm_network.py
(87.86 KB)
📄
azurearm_resource.py
(27.22 KB)
📄
beacon.py
(7.58 KB)
📄
bigip.py
(96.63 KB)
📄
blockdev.py
(5.13 KB)
📄
boto3_elasticache.py
(48.01 KB)
📄
boto3_elasticsearch.py
(32.6 KB)
📄
boto3_route53.py
(37.54 KB)
📄
boto3_sns.py
(12.69 KB)
📄
boto_apigateway.py
(82.78 KB)
📄
boto_asg.py
(31.93 KB)
📄
boto_cfn.py
(11.53 KB)
📄
boto_cloudfront.py
(6.01 KB)
📄
boto_cloudtrail.py
(13.18 KB)
📄
boto_cloudwatch_alarm.py
(6.4 KB)
📄
boto_cloudwatch_event.py
(12.33 KB)
📄
boto_cognitoidentity.py
(13.69 KB)
📄
boto_datapipeline.py
(18.5 KB)
📄
boto_dynamodb.py
(29.32 KB)
📄
boto_ec2.py
(71.98 KB)
📄
boto_elasticache.py
(16.75 KB)
📄
boto_elasticsearch_domain.py
(12.27 KB)
📄
boto_elb.py
(55.1 KB)
📄
boto_elbv2.py
(12.19 KB)
📄
boto_iam.py
(69.16 KB)
📄
boto_iam_role.py
(27.12 KB)
📄
boto_iot.py
(25.33 KB)
📄
boto_kinesis.py
(16.69 KB)
📄
boto_kms.py
(12.11 KB)
📄
boto_lambda.py
(35.52 KB)
📄
boto_lc.py
(11.04 KB)
📄
boto_rds.py
(26 KB)
📄
boto_route53.py
(19.38 KB)
📄
boto_s3.py
(9.32 KB)
📄
boto_s3_bucket.py
(24.67 KB)
📄
boto_secgroup.py
(32.62 KB)
📄
boto_sns.py
(8.92 KB)
📄
boto_sqs.py
(7.97 KB)
📄
boto_vpc.py
(61.77 KB)
📄
bower.py
(8.26 KB)
📄
btrfs.py
(10.31 KB)
📄
cabal.py
(5.73 KB)
📄
ceph.py
(1.9 KB)
📄
chef.py
(3.68 KB)
📄
chocolatey.py
(17.33 KB)
📄
chronos_job.py
(4.6 KB)
📄
cimc.py
(14.32 KB)
📄
cisconso.py
(3.14 KB)
📄
cloud.py
(14.4 KB)
📄
cmd.py
(41.24 KB)
📄
composer.py
(8.38 KB)
📄
cron.py
(23.39 KB)
📄
cryptdev.py
(6.17 KB)
📄
csf.py
(9.98 KB)
📄
cyg.py
(7.05 KB)
📄
ddns.py
(4.2 KB)
📄
debconfmod.py
(6.33 KB)
📄
dellchassis.py
(24.49 KB)
📄
disk.py
(6.49 KB)
📄
docker_container.py
(85.27 KB)
📄
docker_image.py
(16.38 KB)
📄
docker_network.py
(36.34 KB)
📄
docker_volume.py
(6.72 KB)
📄
drac.py
(4.17 KB)
📄
dvs.py
(26.29 KB)
📄
elasticsearch.py
(20.38 KB)
📄
elasticsearch_index.py
(3.25 KB)
📄
elasticsearch_index_template.py
(3.67 KB)
📄
environ.py
(5.81 KB)
📄
eselect.py
(2.27 KB)
📄
esxcluster.py
(21.16 KB)
📄
esxdatacenter.py
(3.24 KB)
📄
esxi.py
(61.77 KB)
📄
esxvm.py
(18.86 KB)
📄
etcd_mod.py
(8.36 KB)
📄
ethtool.py
(7.84 KB)
📄
event.py
(2.48 KB)
📄
file.py
(299.79 KB)
📄
firewall.py
(1.33 KB)
📄
firewalld.py
(26.08 KB)
📄
gem.py
(7.13 KB)
📄
git.py
(124.23 KB)
📄
github.py
(27.25 KB)
📄
glance_image.py
(2.26 KB)
📄
glassfish.py
(21.47 KB)
📄
glusterfs.py
(12.12 KB)
📄
gnomedesktop.py
(7.47 KB)
📄
gpg.py
(5.28 KB)
📄
grafana.py
(12.11 KB)
📄
grafana4_dashboard.py
(17.31 KB)
📄
grafana4_datasource.py
(6.15 KB)
📄
grafana4_org.py
(7.73 KB)
📄
grafana4_user.py
(5.52 KB)
📄
grafana_dashboard.py
(17.74 KB)
📄
grafana_datasource.py
(5.31 KB)
📄
grains.py
(15.57 KB)
📄
group.py
(9.57 KB)
📄
heat.py
(9.69 KB)
📄
helm.py
(10.39 KB)
📄
hg.py
(6.33 KB)
📄
highstate_doc.py
(1.41 KB)
📄
host.py
(8.64 KB)
📄
http.py
(7.43 KB)
📄
icinga2.py
(9.07 KB)
📄
idem.py
(3.91 KB)
📄
ifttt.py
(2.12 KB)
📄
incron.py
(5.71 KB)
📄
influxdb08_database.py
(2.85 KB)
📄
influxdb08_user.py
(3.39 KB)
📄
influxdb_continuous_query.py
(2.81 KB)
📄
influxdb_database.py
(2.11 KB)
📄
influxdb_retention_policy.py
(4.82 KB)
📄
influxdb_user.py
(4.84 KB)
📄
infoblox_a.py
(4.24 KB)
📄
infoblox_cname.py
(4.19 KB)
📄
infoblox_host_record.py
(6.59 KB)
📄
infoblox_range.py
(6.85 KB)
📄
ini_manage.py
(12.67 KB)
📄
ipmi.py
(8.39 KB)
📄
ipset.py
(9.66 KB)
📄
iptables.py
(25.96 KB)
📄
jboss7.py
(23.95 KB)
📄
jenkins.py
(3.36 KB)
📄
junos.py
(17.78 KB)
📄
kapacitor.py
(6.46 KB)
📄
kernelpkg.py
(6.42 KB)
📄
keyboard.py
(2.01 KB)
📄
keystone.py
(27.12 KB)
📄
keystone_domain.py
(2.81 KB)
📄
keystone_endpoint.py
(4.69 KB)
📄
keystone_group.py
(3.25 KB)
📄
keystone_project.py
(3.36 KB)
📄
keystone_role.py
(2.33 KB)
📄
keystone_role_grant.py
(4.08 KB)
📄
keystone_service.py
(2.89 KB)
📄
keystone_user.py
(3.47 KB)
📄
keystore.py
(5.29 KB)
📄
kmod.py
(8.38 KB)
📄
kubernetes.py
(24.87 KB)
📄
layman.py
(2.44 KB)
📄
ldap.py
(19.78 KB)
📄
libcloud_dns.py
(5.7 KB)
📄
libcloud_loadbalancer.py
(5.66 KB)
📄
libcloud_storage.py
(5.13 KB)
📄
linux_acl.py
(24.43 KB)
📄
locale.py
(2.52 KB)
📄
logadm.py
(4.73 KB)
📄
logrotate.py
(3.86 KB)
📄
loop.py
(7.74 KB)
📄
lvm.py
(13.33 KB)
📄
lvs_server.py
(6.28 KB)
📄
lvs_service.py
(4.38 KB)
📄
lxc.py
(22.17 KB)
📄
lxd.py
(7.88 KB)
📄
lxd_container.py
(22.25 KB)
📄
lxd_image.py
(10.59 KB)
📄
lxd_profile.py
(7.11 KB)
📄
mac_assistive.py
(1.59 KB)
📄
mac_keychain.py
(5.59 KB)
📄
mac_xattr.py
(3.15 KB)
📄
macdefaults.py
(2.65 KB)
📄
macpackage.py
(6.76 KB)
📄
makeconf.py
(6.87 KB)
📄
marathon_app.py
(4.45 KB)
📄
mdadm_raid.py
(6.41 KB)
📄
memcached.py
(3.95 KB)
📄
modjk.py
(2.84 KB)
📄
modjk_worker.py
(6.49 KB)
📄
module.py
(17.99 KB)
📄
mongodb_database.py
(1.65 KB)
📄
mongodb_user.py
(6.26 KB)
📄
monit.py
(2.68 KB)
📄
mount.py
(49.55 KB)
📄
mssql_database.py
(3 KB)
📄
mssql_login.py
(3.64 KB)
📄
mssql_role.py
(2.37 KB)
📄
mssql_user.py
(3.51 KB)
📄
msteams.py
(2.53 KB)
📄
mysql_database.py
(6.05 KB)
📄
mysql_grants.py
(8.49 KB)
📄
mysql_query.py
(13.07 KB)
📄
mysql_user.py
(9.51 KB)
📄
net_napalm_yang.py
(9.15 KB)
📄
netacl.py
(31.92 KB)
📄
netconfig.py
(33.42 KB)
📄
netntp.py
(12.48 KB)
📄
netsnmp.py
(11.33 KB)
📄
netusers.py
(16.1 KB)
📄
network.py
(23.7 KB)
📄
neutron_network.py
(3.96 KB)
📄
neutron_secgroup.py
(4 KB)
📄
neutron_secgroup_rule.py
(4.75 KB)
📄
neutron_subnet.py
(4.29 KB)
📄
nexus.py
(4.97 KB)
📄
nfs_export.py
(4.92 KB)
📄
nftables.py
(19.5 KB)
📄
npm.py
(11.21 KB)
📄
ntp.py
(2.12 KB)
📄
nxos.py
(10.67 KB)
📄
nxos_upgrade.py
(3.5 KB)
📄
openstack_config.py
(3.26 KB)
📄
openvswitch_bridge.py
(3.13 KB)
📄
openvswitch_port.py
(17.25 KB)
📄
opsgenie.py
(4.07 KB)
📄
pagerduty.py
(1.89 KB)
📄
pagerduty_escalation_policy.py
(5.42 KB)
📄
pagerduty_schedule.py
(6.09 KB)
📄
pagerduty_service.py
(3.93 KB)
📄
pagerduty_user.py
(1.18 KB)
📄
panos.py
(48.13 KB)
📄
pbm.py
(20.46 KB)
📄
pcs.py
(36.46 KB)
📄
pdbedit.py
(3.48 KB)
📄
pecl.py
(3.65 KB)
📄
pip_state.py
(37.55 KB)
📄
pkg.py
(127.05 KB)
📄
pkgbuild.py
(11.37 KB)
📄
pkgng.py
(685 B)
📄
pkgrepo.py
(23.59 KB)
📄
portage_config.py
(5.01 KB)
📄
ports.py
(5.65 KB)
📄
postgres_cluster.py
(4.19 KB)
📄
postgres_database.py
(6.08 KB)
📄
postgres_extension.py
(5.68 KB)
📄
postgres_group.py
(8.52 KB)
📄
postgres_initdb.py
(2.84 KB)
📄
postgres_language.py
(3.94 KB)
📄
postgres_privileges.py
(7.86 KB)
📄
postgres_schema.py
(4.34 KB)
📄
postgres_tablespace.py
(6.62 KB)
📄
postgres_user.py
(9.49 KB)
📄
powerpath.py
(2.34 KB)
📄
probes.py
(15.06 KB)
📄
process.py
(1.32 KB)
📄
proxy.py
(4.94 KB)
📄
pushover.py
(3.13 KB)
📄
pyenv.py
(6.07 KB)
📄
pyrax_queues.py
(2.97 KB)
📄
quota.py
(1.4 KB)
📄
rabbitmq_cluster.py
(1.84 KB)
📄
rabbitmq_plugin.py
(2.77 KB)
📄
rabbitmq_policy.py
(4.58 KB)
📄
rabbitmq_upstream.py
(7.9 KB)
📄
rabbitmq_user.py
(8.89 KB)
📄
rabbitmq_vhost.py
(3.04 KB)
📄
rbac_solaris.py
(6.67 KB)
📄
rbenv.py
(7.36 KB)
📄
rdp.py
(1.28 KB)
📄
redismod.py
(4.76 KB)
📄
reg.py
(19.22 KB)
📄
rsync.py
(4.45 KB)
📄
rvm.py
(6.56 KB)
📄
salt_proxy.py
(1.34 KB)
📄
saltmod.py
(30.88 KB)
📄
saltutil.py
(8.91 KB)
📄
schedule.py
(11.89 KB)
📄
selinux.py
(18.61 KB)
📄
serverdensity_device.py
(6.41 KB)
📄
service.py
(37.06 KB)
📄
slack.py
(4.98 KB)
📄
smartos.py
(44.89 KB)
📄
smtp.py
(2.3 KB)
📄
snapper.py
(7.24 KB)
📄
solrcloud.py
(4.48 KB)
📄
splunk.py
(4.32 KB)
📄
splunk_search.py
(3.17 KB)
📄
sqlite3.py
(14.7 KB)
📄
ssh_auth.py
(19.1 KB)
📄
ssh_known_hosts.py
(7.87 KB)
📄
stateconf.py
(494 B)
📄
status.py
(2.21 KB)
📄
statuspage.py
(17.29 KB)
📄
supervisord.py
(10.48 KB)
📄
svn.py
(8.14 KB)
📄
sysctl.py
(3.82 KB)
📄
syslog_ng.py
(2.97 KB)
📄
sysrc.py
(2.82 KB)
📄
telemetry_alert.py
(7.04 KB)
📄
test.py
(13.09 KB)
📄
testinframod.py
(1.35 KB)
📄
timezone.py
(3.42 KB)
📄
tls.py
(1.81 KB)
📄
tomcat.py
(9.72 KB)
📄
trafficserver.py
(8.82 KB)
📄
tuned.py
(3.32 KB)
📄
uptime.py
(1.87 KB)
📄
user.py
(35.43 KB)
📄
vagrant.py
(11.4 KB)
📄
vault.py
(3.28 KB)
📄
vbox_guest.py
(4.05 KB)
📄
victorops.py
(3.32 KB)
📄
virt.py
(80.06 KB)
📄
virtualenv_mod.py
(11.21 KB)
📄
webutil.py
(3.78 KB)
📄
win_certutil.py
(2.88 KB)
📄
win_dacl.py
(7.96 KB)
📄
win_dism.py
(13.02 KB)
📄
win_dns_client.py
(8.32 KB)
📄
win_firewall.py
(6.87 KB)
📄
win_iis.py
(31.56 KB)
📄
win_lgpo.py
(25.41 KB)
📄
win_license.py
(1.6 KB)
📄
win_network.py
(14.18 KB)
📄
win_path.py
(6.39 KB)
📄
win_pki.py
(5.56 KB)
📄
win_powercfg.py
(3.79 KB)
📄
win_servermanager.py
(10.4 KB)
📄
win_smtp_server.py
(10.01 KB)
📄
win_snmp.py
(6.64 KB)
📄
win_system.py
(13.78 KB)
📄
win_wua.py
(14.47 KB)
📄
win_wusa.py
(3.53 KB)
📄
winrepo.py
(2.74 KB)
📄
wordpress.py
(4.82 KB)
📄
x509.py
(26.98 KB)
📄
xml.py
(1.75 KB)
📄
xmpp.py
(2.61 KB)
📄
zabbix_action.py
(9.35 KB)
📄
zabbix_host.py
(27.25 KB)
📄
zabbix_hostgroup.py
(5.64 KB)
📄
zabbix_mediatype.py
(16.89 KB)
📄
zabbix_template.py
(35.14 KB)
📄
zabbix_user.py
(15.76 KB)
📄
zabbix_usergroup.py
(9.64 KB)
📄
zabbix_usermacro.py
(9.69 KB)
📄
zabbix_valuemap.py
(8.11 KB)
📄
zcbuildout.py
(5.16 KB)
📄
zenoss.py
(2.89 KB)
📄
zfs.py
(34.27 KB)
📄
zk_concurrency.py
(5.81 KB)
📄
zone.py
(46.49 KB)
📄
zookeeper.py
(11.53 KB)
📄
zpool.py
(13.08 KB)
Editing: linux_acl.py
""" Linux File Access Control Lists The Linux ACL state module requires the `getfacl` and `setfacl` binaries. Ensure a Linux ACL is present .. code-block:: yaml root: acl.present: - name: /root - acl_type: user - acl_name: damian - perms: rwx Ensure a Linux ACL does not exist .. code-block:: yaml root: acl.absent: - name: /root - acl_type: user - acl_name: damian - perms: rwx Ensure a Linux ACL list is present .. code-block:: yaml root: acl.list_present: - name: /root - acl_type: user - acl_names: - damian - homer - perms: rwx Ensure a Linux ACL list does not exist .. code-block:: yaml root: acl.list_absent: - name: /root - acl_type: user - acl_names: - damian - homer - perms: rwx """ import logging import os import salt.utils.path from salt.exceptions import CommandExecutionError log = logging.getLogger(__name__) __virtualname__ = "acl" def __virtual__(): """ Ensure getfacl & setfacl exist """ if salt.utils.path.which("getfacl") and salt.utils.path.which("setfacl"): return __virtualname__ return ( False, "The linux_acl state cannot be loaded: the getfacl or setfacl binary is not in" " the path.", ) def present(name, acl_type, acl_name="", perms="", recurse=False, force=False): """ Ensure a Linux ACL is present name The acl path acl_type The type of the acl is used for it can be 'user' or 'group' acl_name The user or group perms Set the permissions eg.: rwx recurse Set the permissions recursive in the path force Wipe out old permissions and ensure only the new permissions are set """ ret = {"name": name, "result": True, "changes": {}, "comment": ""} _octal = {"r": 4, "w": 2, "x": 1, "-": 0} _octal_lookup = {0: "-", 1: "r", 2: "w", 4: "x"} if not os.path.exists(name): ret["comment"] = "{} does not exist".format(name) ret["result"] = False return ret __current_perms = __salt__["acl.getfacl"](name, recursive=recurse) if acl_type.startswith(("d:", "default:")): _acl_type = ":".join(acl_type.split(":")[1:]) _current_perms = __current_perms[name].get("defaults", {}) _default = True else: _acl_type = acl_type _current_perms = __current_perms[name] _default = False # The getfacl execution module lists default with empty names as being # applied to the user/group that owns the file, e.g., # default:group::rwx would be listed as default:group:root:rwx # In this case, if acl_name is empty, we really want to search for root # but still uses '' for other # We search through the dictionary getfacl returns for the owner of the # file if acl_name is empty. if acl_name == "": _search_name = __current_perms[name].get("comment").get(_acl_type, "") else: _search_name = acl_name if _current_perms.get(_acl_type, None) or _default: try: user = [ i for i in _current_perms[_acl_type] if next(iter(i.keys())) == _search_name ].pop() except (AttributeError, IndexError, StopIteration, KeyError): user = None if user: octal_sum = sum([_octal.get(i, i) for i in perms]) need_refresh = False # If recursive check all paths retrieved via acl.getfacl if recurse: for path in __current_perms: acl_found = False if _default: # Recusive default acls only apply to directories if not os.path.isdir(path): continue _current_perms_path = __current_perms[path].get("defaults", {}) else: _current_perms_path = __current_perms[path] for user_acl in _current_perms_path.get(_acl_type, []): if ( _search_name in user_acl and user_acl[_search_name]["octal"] == octal_sum ): acl_found = True if not acl_found: need_refresh = True break # Check the permissions from the already located file elif user[_search_name]["octal"] == sum([_octal.get(i, i) for i in perms]): need_refresh = False # If they don't match then refresh else: need_refresh = True if not need_refresh: ret["comment"] = "Permissions are in the desired state" else: _num = user[_search_name]["octal"] new_perms = "{}{}{}".format( _octal_lookup[_num & 1], _octal_lookup[_num & 2], _octal_lookup[_num & 4], ) changes = { "new": {"acl_name": acl_name, "acl_type": acl_type, "perms": perms}, "old": { "acl_name": acl_name, "acl_type": acl_type, "perms": new_perms, }, } if __opts__["test"]: ret.update( { "comment": ( "Updated permissions will be applied for " "{}: {} -> {}".format(acl_name, new_perms, perms) ), "result": None, "changes": changes, } ) return ret try: if force: __salt__["acl.wipefacls"]( name, recursive=recurse, raise_err=True ) __salt__["acl.modfacl"]( acl_type, acl_name, perms, name, recursive=recurse, raise_err=True, ) ret.update( { "comment": "Updated permissions for {}".format(acl_name), "result": True, "changes": changes, } ) except CommandExecutionError as exc: ret.update( { "comment": "Error updating permissions for {}: {}".format( acl_name, exc.strerror ), "result": False, } ) else: changes = { "new": {"acl_name": acl_name, "acl_type": acl_type, "perms": perms} } if __opts__["test"]: ret.update( { "comment": "New permissions will be applied for {}: {}".format( acl_name, perms ), "result": None, "changes": changes, } ) ret["result"] = None return ret try: if force: __salt__["acl.wipefacls"](name, recursive=recurse, raise_err=True) __salt__["acl.modfacl"]( acl_type, acl_name, perms, name, recursive=recurse, raise_err=True ) ret.update( { "comment": "Applied new permissions for {}".format(acl_name), "result": True, "changes": changes, } ) except CommandExecutionError as exc: ret.update( { "comment": "Error updating permissions for {}: {}".format( acl_name, exc.strerror ), "result": False, } ) else: ret["comment"] = "ACL Type does not exist" ret["result"] = False return ret def absent(name, acl_type, acl_name="", perms="", recurse=False): """ Ensure a Linux ACL does not exist name The acl path acl_type The type of the acl is used for, it can be 'user' or 'group' acl_name The user or group perms Remove the permissions eg.: rwx recurse Set the permissions recursive in the path """ ret = {"name": name, "result": True, "changes": {}, "comment": ""} if not os.path.exists(name): ret["comment"] = "{} does not exist".format(name) ret["result"] = False return ret __current_perms = __salt__["acl.getfacl"](name, recursive=recurse) if acl_type.startswith(("d:", "default:")): _acl_type = ":".join(acl_type.split(":")[1:]) _current_perms = __current_perms[name].get("defaults", {}) _default = True else: _acl_type = acl_type _current_perms = __current_perms[name] _default = False # The getfacl execution module lists default with empty names as being # applied to the user/group that owns the file, e.g., # default:group::rwx would be listed as default:group:root:rwx # In this case, if acl_name is empty, we really want to search for root # but still uses '' for other # We search through the dictionary getfacl returns for the owner of the # file if acl_name is empty. if acl_name == "": _search_name = __current_perms[name].get("comment").get(_acl_type, "") else: _search_name = acl_name if _current_perms.get(_acl_type, None) or _default: try: user = [ i for i in _current_perms[_acl_type] if next(iter(i.keys())) == _search_name ].pop() except (AttributeError, IndexError, StopIteration, KeyError): user = None need_refresh = False for path in __current_perms: acl_found = False for user_acl in __current_perms[path].get(_acl_type, []): if _search_name in user_acl: acl_found = True break if acl_found: need_refresh = True break if user or need_refresh: ret["comment"] = "Removing permissions" if __opts__["test"]: ret["result"] = None return ret __salt__["acl.delfacl"](acl_type, acl_name, perms, name, recursive=recurse) else: ret["comment"] = "Permissions are in the desired state" else: ret["comment"] = "ACL Type does not exist" ret["result"] = False return ret def list_present(name, acl_type, acl_names=None, perms="", recurse=False, force=False): """ Ensure a Linux ACL list is present Takes a list of acl names and add them to the given path name The acl path acl_type The type of the acl is used for it can be 'user' or 'group' acl_names The list of users or groups perms Set the permissions eg.: rwx recurse Set the permissions recursive in the path force Wipe out old permissions and ensure only the new permissions are set """ if acl_names is None: acl_names = [] ret = {"name": name, "result": True, "changes": {}, "comment": ""} _octal = {"r": 4, "w": 2, "x": 1, "-": 0} _octal_perms = sum([_octal.get(i, i) for i in perms]) if not os.path.exists(name): ret["comment"] = "{} does not exist".format(name) ret["result"] = False return ret __current_perms = __salt__["acl.getfacl"](name) if acl_type.startswith(("d:", "default:")): _acl_type = ":".join(acl_type.split(":")[1:]) _current_perms = __current_perms[name].get("defaults", {}) _default = True else: _acl_type = acl_type _current_perms = __current_perms[name] _default = False _origin_group = _current_perms.get("comment", {}).get("group", None) _origin_owner = _current_perms.get("comment", {}).get("owner", None) _current_acl_types = [] diff_perms = False for key in _current_perms[acl_type]: for current_acl_name in key.keys(): _current_acl_types.append(current_acl_name.encode("utf-8")) diff_perms = _octal_perms == key[current_acl_name]["octal"] if acl_type == "user": try: _current_acl_types.remove(_origin_owner) except ValueError: pass else: try: _current_acl_types.remove(_origin_group) except ValueError: pass diff_acls = set(_current_acl_types) ^ set(acl_names) if not diff_acls and diff_perms and not force: ret = { "name": name, "result": True, "changes": {}, "comment": "Permissions and {}s are in the desired state".format( acl_type ), } return ret # The getfacl execution module lists default with empty names as being # applied to the user/group that owns the file, e.g., # default:group::rwx would be listed as default:group:root:rwx # In this case, if acl_names is empty, we really want to search for root # but still uses '' for other # We search through the dictionary getfacl returns for the owner of the # file if acl_names is empty. if acl_names == "": _search_names = __current_perms[name].get("comment").get(_acl_type, "") else: _search_names = acl_names if _current_perms.get(_acl_type, None) or _default: try: users = {} for i in _current_perms[_acl_type]: if i and next(iter(i.keys())) in _search_names: users.update(i) except (AttributeError, KeyError): users = None if users: changes = {} for count, search_name in enumerate(_search_names): if search_name in users: if users[search_name]["octal"] == sum( [_octal.get(i, i) for i in perms] ): ret["comment"] = "Permissions are in the desired state" else: changes.update( { "new": { "acl_name": ", ".join(acl_names), "acl_type": acl_type, "perms": _octal_perms, }, "old": { "acl_name": ", ".join(acl_names), "acl_type": acl_type, "perms": str(users[search_name]["octal"]), }, } ) if __opts__["test"]: ret.update( { "comment": ( "Updated permissions will be applied for " "{}: {} -> {}".format( acl_names, str(users[search_name]["octal"]), perms, ) ), "result": None, "changes": changes, } ) return ret try: if force: __salt__["acl.wipefacls"]( name, recursive=recurse, raise_err=True ) for acl_name in acl_names: __salt__["acl.modfacl"]( acl_type, acl_name, perms, name, recursive=recurse, raise_err=True, ) ret.update( { "comment": "Updated permissions for {}".format( acl_names ), "result": True, "changes": changes, } ) except CommandExecutionError as exc: ret.update( { "comment": ( "Error updating permissions for {}: {}".format( acl_names, exc.strerror ) ), "result": False, } ) else: changes = { "new": { "acl_name": ", ".join(acl_names), "acl_type": acl_type, "perms": perms, } } if __opts__["test"]: ret.update( { "comment": ( "New permissions will be applied for {}: {}".format( acl_names, perms ) ), "result": None, "changes": changes, } ) ret["result"] = None return ret try: if force: __salt__["acl.wipefacls"]( name, recursive=recurse, raise_err=True ) for acl_name in acl_names: __salt__["acl.modfacl"]( acl_type, acl_name, perms, name, recursive=recurse, raise_err=True, ) ret.update( { "comment": "Applied new permissions for {}".format( ", ".join(acl_names) ), "result": True, "changes": changes, } ) except CommandExecutionError as exc: ret.update( { "comment": ( "Error updating permissions for {}: {}".format( acl_names, exc.strerror ) ), "result": False, } ) else: changes = { "new": { "acl_name": ", ".join(acl_names), "acl_type": acl_type, "perms": perms, } } if __opts__["test"]: ret.update( { "comment": "New permissions will be applied for {}: {}".format( acl_names, perms ), "result": None, "changes": changes, } ) ret["result"] = None return ret try: if force: __salt__["acl.wipefacls"](name, recursive=recurse, raise_err=True) for acl_name in acl_names: __salt__["acl.modfacl"]( acl_type, acl_name, perms, name, recursive=recurse, raise_err=True, ) ret.update( { "comment": "Applied new permissions for {}".format( ", ".join(acl_names) ), "result": True, "changes": changes, } ) except CommandExecutionError as exc: ret.update( { "comment": "Error updating permissions for {}: {}".format( acl_names, exc.strerror ), "result": False, } ) else: ret["comment"] = "ACL Type does not exist" ret["result"] = False return ret def list_absent(name, acl_type, acl_names=None, recurse=False): """ Ensure a Linux ACL list does not exist Takes a list of acl names and remove them from the given path name The acl path acl_type The type of the acl is used for, it can be 'user' or 'group' acl_names The list of users or groups perms Remove the permissions eg.: rwx recurse Set the permissions recursive in the path """ if acl_names is None: acl_names = [] ret = {"name": name, "result": True, "changes": {}, "comment": ""} if not os.path.exists(name): ret["comment"] = "{} does not exist".format(name) ret["result"] = False return ret __current_perms = __salt__["acl.getfacl"](name) if acl_type.startswith(("d:", "default:")): _acl_type = ":".join(acl_type.split(":")[1:]) _current_perms = __current_perms[name].get("defaults", {}) _default = True else: _acl_type = acl_type _current_perms = __current_perms[name] _default = False # The getfacl execution module lists default with empty names as being # applied to the user/group that owns the file, e.g., # default:group::rwx would be listed as default:group:root:rwx # In this case, if acl_names is empty, we really want to search for root # but still uses '' for other # We search through the dictionary getfacl returns for the owner of the # file if acl_names is empty. if not acl_names: _search_names = set(__current_perms[name].get("comment").get(_acl_type, "")) else: _search_names = set(acl_names) if _current_perms.get(_acl_type, None) or _default: try: users = {} for i in _current_perms[_acl_type]: if i and next(iter(i.keys())) in _search_names: users.update(i) except (AttributeError, KeyError): users = None if users: ret["comment"] = "Removing permissions" if __opts__["test"]: ret["result"] = None return ret for acl_name in acl_names: __salt__["acl.delfacl"](acl_type, acl_name, name, recursive=recurse) else: ret["comment"] = "Permissions are in the desired state" else: ret["comment"] = "ACL Type does not exist" ret["result"] = False return ret
Upload File
Create Folder