promotion 2.0 → 2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +3 -0
  3. data/lib/promotion/config.rb +4 -0
  4. data/lib/promotion/enforcer.rb +80 -54
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 108a5dc05ae4bb258ba20b5b00a77707a4031176
4
- data.tar.gz: c5a25b54336e9b6f5247cbda54812da242c3f7a9
3
+ metadata.gz: b3f7188bf0e354284ef6347e53d834e01f983a16
4
+ data.tar.gz: fae1df2fdc4ff0bc0b5fac4f1c56fb837eed1059
5
5
  SHA512:
6
- metadata.gz: 9497b89f2b3b4805d7db3f60fa64ee439475ad7e1f95b229876ecc94d3a120b02dda71c1a10fcfadd231b8620e5dc5af9c07634d23ec3b67dfdee68df74e6867
7
- data.tar.gz: baa82d045a06c70f4118678baab14f6c6170f2209c76b441f6c2ae66dbaf91af90f57aebf578d12de1140b71740c162066a4120a7cc990fa7964d589301032fa
6
+ metadata.gz: 4d97305cd29481d92de844c67b766ee47cc6a655e800809b13e6ddc10947ec71370d536bfdacf01fff6dbfc8061176dce0317433bc37652b29aecd174a7db0e1
7
+ data.tar.gz: d5d979d001482074f6557ecb90f15b01790da00d9fc8521dca7e67250edab3565972558118605dfba3192205c54844c91d04f7cf0912856a018d2a8e07580af1
data/CHANGELOG CHANGED
@@ -1,3 +1,6 @@
1
+ == Version 2.1
2
+ - Promotion now enforces the entire group and user specification. Previously, it would only check if the user or group existed.
3
+
1
4
  == Version 2.0
2
5
  - Promotion no longer changes the system-wide files, such as /etc/rc.conf.local. Instead it just recommends what should be changed.
3
6
  - Upgraded for Ruby 2.0, since 1.8.7 is no longer supported.
data/lib/promotion/config.rb CHANGED
@@ -26,8 +26,12 @@ module Files
26
26
  Newsyslog = "/etc/newsyslog.conf"
27
27
  # path to useradd executable
28
28
  Useradd = "/usr/sbin/useradd"
29
+ # path to usermod executable
30
+ Usermod = "/usr/sbin/usermod"
29
31
  # path to groupadd executable
30
32
  Groupadd = "/usr/sbin/groupadd"
33
+ # path to groupmod executable
34
+ Groupmod = "/usr/sbin/groupmod"
31
35
  # path to visudo executable
32
36
  Visudo = "/usr/sbin/visudo"
33
37
  # path to crontab executable
data/lib/promotion/enforcer.rb CHANGED
@@ -57,7 +57,7 @@ class Enforcer
57
57
  @spec.elements.each("/Specification/Groups/Group") { |group|
58
58
  gid = group.attributes["Gid"].to_i
59
59
  name = group.attributes["Name"]
60
- create_group(gid, name) unless group_exist?(gid, name)
60
+ ensure_group(gid, name)
61
61
  }
62
62
  @spec.elements.each("/Specification/Users/User") { |user|
63
63
  uid = user.attributes["Uid"].to_i
@@ -69,7 +69,7 @@ class Enforcer
69
69
  shell = user.attributes["Shell"] || "/bin/ksh"
70
70
  groups = user.attributes["Groups"] || ""
71
71
  groups = groups.gsub(/\s+/, ",") # adduser needs comma-separated groups
72
- create_user(uid, name, gid, uclass, gecos, home, shell, groups) unless user_exist?(uid, name)
72
+ ensure_user(uid, name, gid, uclass, gecos, home, shell, groups)
73
73
  }
74
74
  @spec.elements.each("/Specification/Folders/Folder[@Clear='true']") { |folder|
75
75
  path = folder.text().strip()
@@ -125,59 +125,85 @@ class Enforcer
125
125
  }
126
126
  end
127
127
 
128
- # Detects if a user account exists with the given +uid+ and +name+
129
- def user_exist?(uid, name)
130
- begin
131
- user1 = Etc.getpwuid(uid)
132
- user2 = Etc.getpwnam(name)
133
- raise unless user1 == user2
134
- $log.info("User #{name}(#{uid}) already exists.")
135
- # FIXME: can we enforce group memberships, and other details /etc/passwd
128
+ # Ensure the user adheres to the spec
129
+ def ensure_user(uid, name, gid, uclass, gecos, home, shell, groups)
130
+ begin
131
+ user1 = Etc.getpwuid(uid) # uid exists
132
+ uidFound = true
136
133
  rescue
137
- return(false)
138
- end
139
- return(true)
140
- end
141
-
142
- # Creates a user account for the operating system
143
- def create_user(uid, name, gid, uclass, gecos, home, shell, groups)
144
- begin
145
- FileUtils.mkdir_p(home) unless File.directory?(home) # ensure no warning about missing folder
146
- command = Files::Useradd + " -u #{uid} -g #{gid} -L #{uclass} "
147
- command += "-c '#{gecos}' -d #{home} -s #{shell} -p '*************' "
148
- command += "-G #{groups} " if groups.length > 0
149
- command += " #{name} "
150
- raise unless system(command)
151
- $log.info("User #{name}(#{uid})created.")
152
- rescue => e
153
- $log.error("Unable to create user #{name}(#{uid})\n#{e.message}")
154
- exit 1
155
- end
134
+ uidFound = false
135
+ end
136
+ if uidFound
137
+ if user1.name == name # name matches - all good
138
+ $log.info("user #{name}(#{uid}) ok.")
139
+ else # we found the uid, but the name is wrong, so fix it
140
+ command = Files::usermod + " -l #{name} #{user1.name}"
141
+ raise unless system(command)
142
+ $log.warn("user #{name}(#{uid}) name modified.")
143
+ end
144
+ else # no uid found
145
+ begin
146
+ user2 = Etc.getpwnam(name)
147
+ nameFound = true
148
+ rescue
149
+ nameFound = false
150
+ end
151
+ if nameFound # fix the uid
152
+ command = Files::usermod + " -u #{uid} #{name}"
153
+ raise unless system(command)
154
+ $log.info("user #{name}(#{uid}) uid modified.")
155
+ else # create the user
156
+ FileUtils.mkdir_p(home) unless File.directory?(home) # ensure no warning about missing folder
157
+ command = Files::Useradd + " -u #{uid} -g #{gid} -L #{uclass} "
158
+ command << "-c '#{gecos}' -d #{home} -s #{shell} -p '*************' "
159
+ command << "-G #{groups} " if groups.length > 0
160
+ command << " #{name} "
161
+ raise unless system(command)
162
+ $log.info("User #{name}(#{uid})created.")
163
+ return
164
+ end
165
+ end
166
+ # now enforce the rest of the user spec
167
+ command = "#{Files::Usermod} -g #{gid} -L #{uclass} -c '#{gecos}' -d #{home} -s #{shell}"
168
+ command << "-S #{groups} " if groups.length > 0
169
+ command << " #{name} "
170
+ raise unless system(command)
171
+ $log.info("User #{name}(#{uid}) modified to conform to spec.")
156
172
  end
157
173
 
158
- # Detects if a group exists with the given +gid+ and +name+
159
- def group_exist?(gid, name)
160
- begin
161
- group1 = Etc.getgrgid(gid)
162
- group2 = Etc.getgrnam(name)
163
- raise unless group1 == group2
164
- $log.info("Group #{name}(#{gid}) already exists.")
174
+ # Ensure the group adheres to the spec
175
+ def ensure_group(gid, name)
176
+ begin
177
+ group1 = Etc.getgrgid(gid) # gid exists
178
+ gidFound = true
165
179
  rescue
166
- return(false)
167
- end
168
- return(true)
169
- end
170
-
171
- # Create a group in the operating system
172
- def create_group(gid, name)
173
- begin
174
- command = Files::Groupadd + " -v -g #{gid} #{name}"
175
- raise unless system(command)
176
- $log.info("Group #{name}(#{gid}) created.")
177
- rescue => e
178
- $log.error("Unable to create group #{name}(#{gid})\n#{e.message}")
179
- exit 1
180
- end
180
+ gidFound = false
181
+ end
182
+ if gidFound
183
+ if group1.name == name # name matches - all good
184
+ $log.info("Group #{name}(#{gid}) ok.")
185
+ else # we found the gid, but the name is wrong, so fix it
186
+ command = Files::Groupmod + " -n #{name} #{group1.name}"
187
+ raise unless system(command)
188
+ $log.warn("Group #{name}(#{gid}) name modified.")
189
+ end
190
+ else # no gid found
191
+ begin
192
+ group2 = Etc.getgrnam(name)
193
+ nameFound = true
194
+ rescue
195
+ nameFound = false
196
+ end
197
+ if nameFound # fix the gid
198
+ command = Files::Groupmod + " -g #{gid} #{name}"
199
+ raise unless system(command)
200
+ $log.info("Group #{name}(#{gid}) gid modified.")
201
+ else # create the group
202
+ command = Files::Groupadd + " -g #{gid} #{name}"
203
+ raise unless system(command)
204
+ $log.info("Group #{name}(#{gid}) created.")
205
+ end
206
+ end
181
207
  end
182
208
 
183
209
  # Removes a folder unconditionally
@@ -292,13 +318,13 @@ class Enforcer
292
318
  exit 1
293
319
  end
294
320
  end
295
-
321
+
296
322
  # Check out a repository path to the specified folder
297
323
  # or update it if it is already installed
298
324
  def svn_check_out(url, folder)
299
325
  begin
300
326
  if system("#{::Files::Svn} info #{folder}") # already exists
301
- system("#{::Files::Svn} up --force #{folder}")
327
+ system("#{::Files::Svn} up --force #{folder}")
302
328
  else
303
329
  system("#{::Files::Svn} co --force #{url} #{folder}")
304
330
  end
@@ -306,7 +332,7 @@ class Enforcer
306
332
  $log.error("Unable to deploy #{url} into #{folder}\n#{e.message}\n#{e.backtrace}")
307
333
  exit 1
308
334
  end
309
- end
335
+ end
310
336
 
311
337
  # Creates a zip archive from the specified files
312
338
  def build_zip_file(zipfile)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: promotion
3
3
  version: !ruby/object:Gem::Version
4
- version: '2.0'
4
+ version: '2.1'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Richard Kernahan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-10-30 00:00:00.000000000 Z
11
+ date: 2013-11-01 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: "\t\tThe Promotion tool is designed to make it easy and quick to deploy
14
14
  an application\n\t\tinto production. Originally built for use with OpenBSD, it can