chef 10.28.2 → 10.30.0.rc.0

data/lib/chef/provider/group/groupadd.rb

@@ -65,8 +65,48 @@ class Chef
         end
         
         def modify_group_members
-          raise Chef::Exceptions::Group, "you must override modify_group_members in #{self.to_s}"
+          if @new_resource.append
+            if @new_resource.members && !@new_resource.members.empty?
+              members_to_be_added = [ ]
+              @new_resource.members.each do |member|
+                members_to_be_added << member if !@current_resource.members.include?(member)
+              end
+              members_to_be_added.each do |member|
+                Chef::Log.debug("#{@new_resource} appending member #{member} to group #{@new_resource.group_name}")
+                add_member(member)
+              end
+            end
+
+            if @new_resource.excluded_members && !@new_resource.excluded_members.empty?
+              members_to_be_removed = [ ]
+              @new_resource.excluded_members.each do |member|
+                members_to_be_removed << member if @current_resource.members.include?(member)
+              end
+
+              members_to_be_removed.each do |member|
+                Chef::Log.debug("#{@new_resource} removing member #{member} from group #{@new_resource.group_name}")
+                remove_member(member)
+              end
+            end
+          else
+            members_description = @new_resource.members.empty? ? "none" : @new_resource.members.join(", ")
+            Chef::Log.debug("#{@new_resource} setting group members to: #{members_description}")
+            set_members(@new_resource.members)
+          end
+        end
+
+        def add_member(member)
+          raise Chef::Exceptions::Group, "you must override add_member in #{self.to_s}"
+        end
+
+        def remove_member(member)
+          raise Chef::Exceptions::Group, "you must override remove_member in #{self.to_s}"
+        end
+
+        def set_members(members)
+          raise Chef::Exceptions::Group, "you must override set_members in #{self.to_s}"
         end
+
         # Little bit of magic as per Adam's useradd provider to pull the assign the command line flags
         #
         # ==== Returns

data/lib/chef/provider/group/groupmod.rb

@@ -44,45 +44,40 @@ class Chef
         # Manage the group when it already exists
         def manage_group
           if @new_resource.append
-            to_add = @new_resource.members.dup
-            to_add.reject! { |user| @current_resource.members.include?(user) }
-
-            to_delete = Array.new
-
-            Chef::Log.debug("#{@new_resource} not changing group members, the group has no members to add") if to_add.empty?
+            members_to_be_added = [ ]
+            if @new_resource.excluded_members && !@new_resource.excluded_members.empty?
+              # First find out if any member needs to be removed
+              members_to_be_removed = [ ]
+              @new_resource.excluded_members.each do |member|
+                members_to_be_removed << member if @current_resource.members.include?(member)
+              end
+
+              unless members_to_be_removed.empty?
+                # We are using a magic trick to remove the groups.
+                reset_group_membership
+
+                # Capture the members we need to add in
+                # members_to_be_added to be added later on.
+                @current_resource.members.each do |member|
+                  members_to_be_added << member unless members_to_be_removed.include?(member)
+                end
+              end
+            end
+
+            if @new_resource.members && !@new_resource.members.empty?
+              @new_resource.members.each do |member|
+                members_to_be_added << member if !@current_resource.members.include?(member)
+              end
+            end
+
+            Chef::Log.debug("#{@new_resource} not changing group members, the group has no members to add") if members_to_be_added.empty?
+
+            add_group_members(members_to_be_added)
           else
-            to_add = @new_resource.members.dup
-            to_add.reject! { |user| @current_resource.members.include?(user) }
-
-            to_delete = @current_resource.members.dup
-            to_delete.reject! { |user| @new_resource.members.include?(user) }
-
+            # We are resetting the members of a group so use the same trick
+            reset_group_membership
             Chef::Log.debug("#{@new_resource} setting group members to: none") if @new_resource.members.empty?
-          end
-
-          if to_delete.empty?
-            # If we are only adding new members to this group, then
-            # call add_group_members with only those users
-            add_group_members(to_add)
-          else
-            Chef::Log.debug("#{@new_resource} removing members #{to_delete.join(', ')}")
-
-            # This is tricky, but works: rename the existing group to
-            # "<name>_bak", create a new group with the same GID and
-            # "<name>", then set correct members on that group
-            rename = "group mod -n #{@new_resource.group_name}_bak #{@new_resource.group_name}"
-            shell_out!(rename)
-
-            create = "group add"
-            create << set_options(:overwrite_gid => true)
-            shell_out!(create)
-
-            # Ignore to_add here, since we're replacing the group we
-            # have to add all members who should be in the group.
             add_group_members(@new_resource.members)
-
-            remove = "group del #{@new_resource.group_name}_bak"
-            shell_out!(remove)
           end
         end
 
@@ -99,6 +94,21 @@ class Chef
           end
         end
 
+        # This is tricky, but works: rename the existing group to
+        # "<name>_bak", create a new group with the same GID and
+        # "<name>", then set correct members on that group
+        def reset_group_membership
+          rename = "group mod -n #{@new_resource.group_name}_bak #{@new_resource.group_name}"
+          shell_out!(rename)
+
+          create = "group add"
+          create << set_options(:overwrite_gid => true)
+          shell_out!(create)
+
+          remove = "group del #{@new_resource.group_name}_bak"
+          shell_out!(remove)
+        end
+
         # Little bit of magic as per Adam's useradd provider to pull and assign the command line flags
         #
         # ==== Returns

data/lib/chef/provider/group/pw.rb

@@ -39,16 +39,28 @@ class Chef
         def create_group
           command = "pw groupadd"
           command << set_options
-          command << set_members_option
-          run_command(:command => command)
+          member_options = set_members_options
+          if member_options.empty?
+            run_command(:command => command)
+          else
+            member_options.each do |option|
+              run_command(:command => command + option)
+            end
+          end
         end
         
         # Manage the group when it already exists
         def manage_group
           command = "pw groupmod"
           command << set_options
-          command << set_members_option
-          run_command(:command => command)
+          member_options = set_members_options
+          if member_options.empty?
+            run_command(:command => command)
+          else
+            member_options.each do |option|
+              run_command(:command => command + option)
+            end
+          end
         end
         
         # Remove the group
@@ -70,21 +82,52 @@ class Chef
         end
 
         # Set the membership option depending on the current resource states
-        def set_members_option
-          opt = ""
-          unless @new_resource.members.empty?
-            opt << " -M #{@new_resource.members.join(',')}"
-            Chef::Log.debug("#{@new_resource} setting group members to #{@new_resource.members.join(', ')}")
+        def set_members_options
+          opts = [ ]
+          members_to_be_added = [ ]
+          members_to_be_removed = [ ]
+
+          if @new_resource.append
+            # Append is set so we will only add members given in the
+            # members list and remove members given in the
+            # excluded_members list.
+            if @new_resource.members && !@new_resource.members.empty?
+              @new_resource.members.each do |member|
+                members_to_be_added << member if !@current_resource.members.include?(member)
+              end
+            end
+
+            if @new_resource.excluded_members && !@new_resource.excluded_members.empty?
+              @new_resource.excluded_members.each do |member|
+                members_to_be_removed << member if @current_resource.members.include?(member)
+              end
+            end
           else
-            # New member list is empty so we should delete any old group members
-            unless @current_resource.members.empty?
-              opt << " -d #{@current_resource.members.join(',')}"
-              Chef::Log.debug("#{@new_resource} removing group members #{@current_resource.members.join(', ')}")
-            else
-              Chef::Log.debug("#{@new_resource} not changing group members, the group has no members")
+            # Append is not set so we're resetting the membership of
+            # the group to the given members.
+            members_to_be_added = @new_resource.members
+            @current_resource.members.each do |member|
+              # No need to re-add a member if it's present in the new
+              # list of members
+              if members_to_be_added.include? member
+                members_to_be_added.delete member
+              else
+                members_to_be_removed << member
+              end
             end
           end
-          opt
+
+          unless members_to_be_added.empty?
+            Chef::Log.debug("#{@new_resource} adding group members: #{members_to_be_added.join(',')}")
+            opts << " -m #{members_to_be_added.join(',')}"
+          end
+
+          unless members_to_be_removed.empty?
+            Chef::Log.debug("#{@new_resource} removing group members: #{members_to_be_removed.join(',')}")
+            opts << " -d #{members_to_be_removed.join(',')}"
+          end
+
+          opts
         end
         
       end

data/lib/chef/provider/group/suse.rb

@@ -39,21 +39,24 @@ class Chef
           end
         end
 
-        def modify_group_members
-          unless @new_resource.members.empty?
-            if(@new_resource.append)
-              @new_resource.members.each do |member|
-                Chef::Log.debug("#{@new_resource} appending member #{member} to group #{@new_resource.group_name}")
-                shell_out!("groupmod -A #{member} #{@new_resource.group_name}")
-              end
-            else
-              Chef::Log.debug("#{@new_resource} setting group members to #{@new_resource.members.join(', ')}")
-              shell_out!("groupmod -A #{@new_resource.members.join(',')} #{@new_resource.group_name}")
-            end
-          else
-            Chef::Log.debug("#{@new_resource} not changing group members, the group has no members")
+        def set_members(members)
+          unless @current_resource.members.empty?
+            shell_out!("groupmod -R #{@current_resource.members.join(',')} #{@new_resource.group_name}")
           end
+
+          unless members.empty?
+            shell_out!("groupmod -A #{members.join(',')} #{@new_resource.group_name}")
+          end
+        end
+
+        def add_member(member)
+          shell_out!("groupmod -A #{member} #{@new_resource.group_name}")
         end
+
+        def remove_member(member)
+          shell_out!("groupmod -R #{member} #{@new_resource.group_name}")
+        end
+
       end
     end
   end

data/lib/chef/provider/group/usermod.rb

@@ -17,12 +17,14 @@
 #
 
 require 'chef/provider/group/groupadd'
+require 'chef/mixin/shell_out'
 
 class Chef
   class Provider
     class Group
       class Usermod < Chef::Provider::Group::Groupadd
-        
+        include Chef::Mixin::ShellOut
+
         def load_current_resource
           super
         end
@@ -36,32 +38,52 @@ class Chef
             # No whyrun alternative: this component should be available in the base install of any given system that uses it
           end
 
-          requirements.assert(:modify, :create) do |a|
-            a.assertion { @new_resource.members.empty? || @new_resource.append } 
+          requirements.assert(:modify, :manage) do |a|
+            a.assertion { @new_resource.members.empty? || @new_resource.append }
             a.failure_message Chef::Exceptions::Group, "setting group members directly is not supported by #{self.to_s}, must set append true in group"
             # No whyrun alternative - this action is simply not supported.
           end
-        end
-        
-        def modify_group_members
-          case node[:platform]
-          when "openbsd", "netbsd", "aix", "solaris2"
-            append_flags = "-G"
-          when "solaris"
-            append_flags = "-a -G"
+
+          requirements.assert(:all_actions) do |a|
+            a.assertion { @new_resource.excluded_members.empty? }
+            a.failure_message Chef::Exceptions::Group, "excluded_members is not supported by #{self.to_s}"
+            # No whyrun alternative - this action is simply not supported.
           end
+        end
 
-          unless @new_resource.members.empty?
-            if(@new_resource.append)
-              @new_resource.members.each do |member|
-                Chef::Log.debug("#{@new_resource} appending member #{member} to group #{@new_resource.group_name}")
-                run_command(:command => "usermod #{append_flags} #{@new_resource.group_name} #{member}" )
-              end
+        def set_members(members)
+          return if members.empty?
+          # This provider only supports adding members with
+          # append. Only if the action is create we will go
+          # ahead and add members.
+          if @new_resource.action == :create
+            members.each do |member|
+              add_member(member)
             end
           else
-            Chef::Log.debug("#{@new_resource} not changing group members, the group has no members")
+            raise Chef::Exceptions::UnsupportedAction, "Setting members directly is not supported by #{self.to_s}"
           end
         end
+
+        def add_member(member)
+          shell_out!("usermod #{append_flags} #{@new_resource.group_name} #{member}")
+        end
+
+        def remove_member(member)
+          # This provider only supports adding members with
+          # append. This function should never be called.
+          raise Chef::Exceptions::UnsupportedAction, "Removing members members is not supported by #{self.to_s}"
+        end
+
+        def append_flags
+          case node[:platform]
+          when "openbsd", "netbsd", "aix", "solaris2", "smartos"
+            "-G"
+          when "solaris", "suse", "opensuse"
+            "-a -G"
+          end
+        end
+
       end
     end
   end

data/lib/chef/provider/group/windows.rb

@@ -57,13 +57,20 @@ class Chef
         
         def manage_group
           if @new_resource.append
-            begin
-              #ERROR_MEMBER_IN_ALIAS if a member already exists in the group
-              @net_group.local_add_members(@new_resource.members)
-            rescue
-              members = @new_resource.members + @current_resource.members
-              @net_group.local_set_members(members.uniq)
+            members_to_be_added = [ ]
+            @new_resource.members.each do |member|
+              members_to_be_added << member if !@current_resource.members.include?(member)
             end
+
+            # local_add_members will raise ERROR_MEMBER_IN_ALIAS if a
+            # member already exists in the group.
+            @net_group.local_add_members(members_to_be_added) unless members_to_be_added.empty?
+
+            members_to_be_removed = [ ]
+            @new_resource.excluded_members.each do |member|
+              members_to_be_removed << member if @current_resource.members.include?(member)
+            end
+            @net_group.local_delete_members(members_to_be_removed) unless members_to_be_removed.empty?
           else
             @net_group.local_set_members(@new_resource.members)
           end

data/lib/chef/provider/package/yum.rb

@@ -947,6 +947,7 @@ class Chef
         end # YumCache
 
         include Chef::Mixin::GetSourceFromPackage
+        include Chef::Mixin::ShellOut
 
         def initialize(new_resource, run_context)
           super

data/lib/chef/provider/remote_file.rb

@@ -42,7 +42,7 @@ class Chef
           if matches_current_checksum?(raw_file)
             Chef::Log.debug "#{@new_resource} target and source checksums are the same - not updating"
           else
-            description = [] 
+            description = []
             description << "copy file downloaded from #{@new_resource.source} into #{@new_resource.path}"
             description << diff_current(raw_file.path)
             converge_by(description) do
@@ -52,7 +52,7 @@ class Chef
               raw_file.close!
             end
             # whyrun mode cleanup - the temp file will never be used,
-            # so close/unlink it here. 
+            # so close/unlink it here.
             if whyrun_mode?
               raw_file.close!
             end
@@ -121,6 +121,12 @@ class Chef
         false
       end
 
+      def managing_content?
+        return true if @new_resource.checksum
+        return true if !@new_resource.source.nil? && @action != :create_if_missing
+        false
+      end
+
     end
   end
 end

data/lib/chef/provider/ruby_block.rb

@@ -29,7 +29,7 @@ class Chef
       end
 
       def action_create
-        converge_by("execute the ruby block #{@new_resource.name}") do 
+        converge_by("execute the ruby block #{@new_resource.name}") do
           @new_resource.block.call
           Chef::Log.info("#{@new_resource} called")
         end