promotion 2.0 → 2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +3 -0
  3. data/lib/promotion/config.rb +4 -0
  4. data/lib/promotion/enforcer.rb +80 -54
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 108a5dc05ae4bb258ba20b5b00a77707a4031176
4
- data.tar.gz: c5a25b54336e9b6f5247cbda54812da242c3f7a9
3
+ metadata.gz: b3f7188bf0e354284ef6347e53d834e01f983a16
4
+ data.tar.gz: fae1df2fdc4ff0bc0b5fac4f1c56fb837eed1059
5
5
  SHA512:
6
- metadata.gz: 9497b89f2b3b4805d7db3f60fa64ee439475ad7e1f95b229876ecc94d3a120b02dda71c1a10fcfadd231b8620e5dc5af9c07634d23ec3b67dfdee68df74e6867
7
- data.tar.gz: baa82d045a06c70f4118678baab14f6c6170f2209c76b441f6c2ae66dbaf91af90f57aebf578d12de1140b71740c162066a4120a7cc990fa7964d589301032fa
6
+ metadata.gz: 4d97305cd29481d92de844c67b766ee47cc6a655e800809b13e6ddc10947ec71370d536bfdacf01fff6dbfc8061176dce0317433bc37652b29aecd174a7db0e1
7
+ data.tar.gz: d5d979d001482074f6557ecb90f15b01790da00d9fc8521dca7e67250edab3565972558118605dfba3192205c54844c91d04f7cf0912856a018d2a8e07580af1
data/CHANGELOG CHANGED
@@ -1,3 +1,6 @@
1
+ == Version 2.1
2
+ - Promotion now enforces the entire group and user specification. Previously, it would only check if the user or group existed.
3
+
1
4
  == Version 2.0
2
5
  - Promotion no longer changes the system-wide files, such as /etc/rc.conf.local. Instead it just recommends what should be changed.
3
6
  - Upgraded for Ruby 2.0, since 1.8.7 is no longer supported.
data/lib/promotion/config.rb CHANGED
@@ -26,8 +26,12 @@ module Files
26
26
  Newsyslog = "/etc/newsyslog.conf"
27
27
  # path to useradd executable
28
28
  Useradd = "/usr/sbin/useradd"
29
+ # path to usermod executable
30
+ Usermod = "/usr/sbin/usermod"
29
31
  # path to groupadd executable
30
32
  Groupadd = "/usr/sbin/groupadd"
33
+ # path to groupmod executable
34
+ Groupmod = "/usr/sbin/groupmod"
31
35
  # path to visudo executable
32
36
  Visudo = "/usr/sbin/visudo"
33
37
  # path to crontab executable
data/lib/promotion/enforcer.rb CHANGED
@@ -57,7 +57,7 @@ class Enforcer
57
57
  @spec.elements.each("/Specification/Groups/Group") { |group|
58
58
  gid = group.attributes["Gid"].to_i
59
59
  name = group.attributes["Name"]
60
- create_group(gid, name) unless group_exist?(gid, name)
60
+ ensure_group(gid, name)
61
61
  }
62
62
  @spec.elements.each("/Specification/Users/User") { |user|
63
63
  uid = user.attributes["Uid"].to_i
@@ -69,7 +69,7 @@ class Enforcer
69
69
  shell = user.attributes["Shell"] || "/bin/ksh"
70
70
  groups = user.attributes["Groups"] || ""
71
71
  groups = groups.gsub(/\s+/, ",") # adduser needs comma-separated groups
72
- create_user(uid, name, gid, uclass, gecos, home, shell, groups) unless user_exist?(uid, name)
72
+ ensure_user(uid, name, gid, uclass, gecos, home, shell, groups)
73
73
  }
74
74
  @spec.elements.each("/Specification/Folders/Folder[@Clear='true']") { |folder|
75
75
  path = folder.text().strip()
@@ -125,59 +125,85 @@ class Enforcer
125
125
  }
126
126
  end
127
127
 
128
- # Detects if a user account exists with the given +uid+ and +name+
129
- def user_exist?(uid, name)
130
- begin
131
- user1 = Etc.getpwuid(uid)
132
- user2 = Etc.getpwnam(name)
133
- raise unless user1 == user2
134
- $log.info("User #{name}(#{uid}) already exists.")
135
- # FIXME: can we enforce group memberships, and other details /etc/passwd
128
+ # Ensure the user adheres to the spec
129
+ def ensure_user(uid, name, gid, uclass, gecos, home, shell, groups)
130
+ begin
131
+ user1 = Etc.getpwuid(uid) # uid exists
132
+ uidFound = true
136
133
  rescue
137
- return(false)
138
- end
139
- return(true)
140
- end
141
-
142
- # Creates a user account for the operating system
143
- def create_user(uid, name, gid, uclass, gecos, home, shell, groups)
144
- begin
145
- FileUtils.mkdir_p(home) unless File.directory?(home) # ensure no warning about missing folder
146
- command = Files::Useradd + " -u #{uid} -g #{gid} -L #{uclass} "
147
- command += "-c '#{gecos}' -d #{home} -s #{shell} -p '*************' "
148
- command += "-G #{groups} " if groups.length > 0
149
- command += " #{name} "
150
- raise unless system(command)
151
- $log.info("User #{name}(#{uid})created.")
152
- rescue => e
153
- $log.error("Unable to create user #{name}(#{uid})\n#{e.message}")
154
- exit 1
155
- end
134
+ uidFound = false
135
+ end
136
+ if uidFound
137
+ if user1.name == name # name matches - all good
138
+ $log.info("user #{name}(#{uid}) ok.")
139
+ else # we found the uid, but the name is wrong, so fix it
140
+ command = Files::usermod + " -l #{name} #{user1.name}"
141
+ raise unless system(command)
142
+ $log.warn("user #{name}(#{uid}) name modified.")
143
+ end
144
+ else # no uid found
145
+ begin
146
+ user2 = Etc.getpwnam(name)
147
+ nameFound = true
148
+ rescue
149
+ nameFound = false
150
+ end
151
+ if nameFound # fix the uid
152
+ command = Files::usermod + " -u #{uid} #{name}"
153
+ raise unless system(command)
154
+ $log.info("user #{name}(#{uid}) uid modified.")
155
+ else # create the user
156
+ FileUtils.mkdir_p(home) unless File.directory?(home) # ensure no warning about missing folder
157
+ command = Files::Useradd + " -u #{uid} -g #{gid} -L #{uclass} "
158
+ command << "-c '#{gecos}' -d #{home} -s #{shell} -p '*************' "
159
+ command << "-G #{groups} " if groups.length > 0
160
+ command << " #{name} "
161
+ raise unless system(command)
162
+ $log.info("User #{name}(#{uid})created.")
163
+ return
164
+ end
165
+ end
166
+ # now enforce the rest of the user spec
167
+ command = "#{Files::Usermod} -g #{gid} -L #{uclass} -c '#{gecos}' -d #{home} -s #{shell}"
168
+ command << "-S #{groups} " if groups.length > 0
169
+ command << " #{name} "
170
+ raise unless system(command)
171
+ $log.info("User #{name}(#{uid}) modified to conform to spec.")
156
172
  end
157
173
 
158
- # Detects if a group exists with the given +gid+ and +name+
159
- def group_exist?(gid, name)
160
- begin
161
- group1 = Etc.getgrgid(gid)
162
- group2 = Etc.getgrnam(name)
163
- raise unless group1 == group2
164
- $log.info("Group #{name}(#{gid}) already exists.")
174
+ # Ensure the group adheres to the spec
175
+ def ensure_group(gid, name)
176
+ begin
177
+ group1 = Etc.getgrgid(gid) # gid exists
178
+ gidFound = true
165
179
  rescue
166
- return(false)
167
- end
168
- return(true)
169
- end
170
-
171
- # Create a group in the operating system
172
- def create_group(gid, name)
173
- begin
174
- command = Files::Groupadd + " -v -g #{gid} #{name}"
175
- raise unless system(command)
176
- $log.info("Group #{name}(#{gid}) created.")
177
- rescue => e
178
- $log.error("Unable to create group #{name}(#{gid})\n#{e.message}")
179
- exit 1
180
- end
180
+ gidFound = false
181
+ end
182
+ if gidFound
183
+ if group1.name == name # name matches - all good
184
+ $log.info("Group #{name}(#{gid}) ok.")
185
+ else # we found the gid, but the name is wrong, so fix it
186
+ command = Files::Groupmod + " -n #{name} #{group1.name}"
187
+ raise unless system(command)
188
+ $log.warn("Group #{name}(#{gid}) name modified.")
189
+ end
190
+ else # no gid found
191
+ begin
192
+ group2 = Etc.getgrnam(name)
193
+ nameFound = true
194
+ rescue
195
+ nameFound = false
196
+ end
197
+ if nameFound # fix the gid
198
+ command = Files::Groupmod + " -g #{gid} #{name}"
199
+ raise unless system(command)
200
+ $log.info("Group #{name}(#{gid}) gid modified.")
201
+ else # create the group
202
+ command = Files::Groupadd + " -g #{gid} #{name}"
203
+ raise unless system(command)
204
+ $log.info("Group #{name}(#{gid}) created.")
205
+ end
206
+ end
181
207
  end
182
208
 
183
209
  # Removes a folder unconditionally
@@ -292,13 +318,13 @@ class Enforcer
292
318
  exit 1
293
319
  end
294
320
  end
295
-
321
+
296
322
  # Check out a repository path to the specified folder
297
323
  # or update it if it is already installed
298
324
  def svn_check_out(url, folder)
299
325
  begin
300
326
  if system("#{::Files::Svn} info #{folder}") # already exists
301
- system("#{::Files::Svn} up --force #{folder}")
327
+ system("#{::Files::Svn} up --force #{folder}")
302
328
  else
303
329
  system("#{::Files::Svn} co --force #{url} #{folder}")
304
330
  end
@@ -306,7 +332,7 @@ class Enforcer
306
332
  $log.error("Unable to deploy #{url} into #{folder}\n#{e.message}\n#{e.backtrace}")
307
333
  exit 1
308
334
  end
309
- end
335
+ end
310
336
 
311
337
  # Creates a zip archive from the specified files
312
338
  def build_zip_file(zipfile)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: promotion
3
3
  version: !ruby/object:Gem::Version
4
- version: '2.0'
4
+ version: '2.1'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Richard Kernahan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-10-30 00:00:00.000000000 Z
11
+ date: 2013-11-01 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: "\t\tThe Promotion tool is designed to make it easy and quick to deploy
14
14
  an application\n\t\tinto production. Originally built for use with OpenBSD, it can