Commit b19d5ac8 authored by Alex Tayts's avatar Alex Tayts
Browse files

change tabs to spaces in the code

parent 146e168c
......@@ -2,174 +2,174 @@ require "digest/md5"
require "etc"
Puppet::Type.type(:wallet).provide(:wallet) do
desc "Wallet support"
confine :osfamily => [:redhat, :debian]
commands :wallet => "/usr/bin/wallet",
:kdestroy => "/usr/bin/kdestroy",
:kstart => "/usr/bin/k5start",
:klist => "/usr/bin/klist",
:ktutil => "/usr/bin/ktutil"
desc "Wallet support"
confine :osfamily => [:redhat, :debian]
commands :wallet => "/usr/bin/wallet",
:kdestroy => "/usr/bin/kdestroy",
:kstart => "/usr/bin/k5start",
:klist => "/usr/bin/klist",
:ktutil => "/usr/bin/ktutil"
#### does resource exist?
##############################
def exists?
if File.file?(@resource[:path])
exists = true
# do not go further than that if a file
# is destined to deletion
return true if @resource[:ensure] == :absent
# if file is a keytab, read what's in it
if @resource[:type].to_s == "keytab"
begin
if @resource[:heimdal] == :true
# Heimdal Kerberos is installed
princs = ktutil("-k", @resource[:path], "list").split("\n")
else
# MIT Kerberos is installed
princs = klist("-k", @resource[:path]).split("\n")
end
# Check if a principal we need is present. If absent,
# we do not need further verification
exists = (princs.any? { |s| s.include?(@resource[:name]) })
if @resource[:verify] == :true
begin
# try to get a ticket with the keytab
kstart("-q", "-f", @resource[:path], @resource[:name])
# cleanup the keytab
kdestroy()
rescue
# failed to get a ticket i.e. keytab is stale
exists = false
end
end
rescue
# Keytab is damaged, get it out of the way
# and require a refresh from wallet.
Puppet.notice("#{@resource.instance_variable_get(:@path)}: keytab '#{@resource[:path]}' is damaged. Renaming to '#{@resource[:path]}.bad'")
File.rename(@resource[:path], "#{@resource[:path]}.bad")
exists = false
end
else
if @resource[:verify] == :true
# checksum the wallet object and compare to a
# local file
begin
if @resource[:auth_principal].nil?
wallet_obj = kstart("-U", "-q", "-f", @resource[:auth_keytab], "--", "/usr/bin/wallet", "get", @resource[:type], @resource[:name])
else
wallet_obj = kstart("-q", "-f", @resource[:auth_keytab], @resource[:auth_principal], "--", "/usr/bin/wallet", "get", @resource[:type], @resource[:name])
end
rescue Puppet::ExecutionFailure => detail
raise Puppet::Error, "Failed to acquire wallet object. #{@resource.class.name} #{@resource.name}: #{detail}", detail.backtrace
end
local_md5 = Digest::MD5.file(@resource[:path])
object_md5 = Digest::MD5.hexdigest(wallet_obj)
exists = (object_md5.to_s == local_md5.to_s)
end
end
else
# file doesn't exist
exists = false
end
return exists
end
def exists?
if File.file?(@resource[:path])
exists = true
# do not go further than that if a file
# is destined to deletion
return true if @resource[:ensure] == :absent
# if file is a keytab, read what's in it
if @resource[:type].to_s == "keytab"
begin
if @resource[:heimdal] == :true
# Heimdal Kerberos is installed
princs = ktutil("-k", @resource[:path], "list").split("\n")
else
# MIT Kerberos is installed
princs = klist("-k", @resource[:path]).split("\n")
end
# Check if a principal we need is present. If absent,
# we do not need further verification
exists = (princs.any? { |s| s.include?(@resource[:name]) })
if @resource[:verify] == :true
begin
# try to get a ticket with the keytab
kstart("-q", "-f", @resource[:path], @resource[:name])
# cleanup the keytab
kdestroy()
rescue
# failed to get a ticket i.e. keytab is stale
exists = false
end
end
rescue
# Keytab is damaged, get it out of the way
# and require a refresh from wallet.
Puppet.notice("#{@resource.instance_variable_get(:@path)}: keytab '#{@resource[:path]}' is damaged. Renaming to '#{@resource[:path]}.bad'")
File.rename(@resource[:path], "#{@resource[:path]}.bad")
exists = false
end
else
if @resource[:verify] == :true
# checksum the wallet object and compare to a
# local file
begin
if @resource[:auth_principal].nil?
wallet_obj = kstart("-U", "-q", "-f", @resource[:auth_keytab], "--", "/usr/bin/wallet", "get", @resource[:type], @resource[:name])
else
wallet_obj = kstart("-q", "-f", @resource[:auth_keytab], @resource[:auth_principal], "--", "/usr/bin/wallet", "get", @resource[:type], @resource[:name])
end
rescue Puppet::ExecutionFailure => detail
raise Puppet::Error, "Failed to acquire wallet object. #{@resource.class.name} #{@resource.name}: #{detail}", detail.backtrace
end
local_md5 = Digest::MD5.file(@resource[:path])
object_md5 = Digest::MD5.hexdigest(wallet_obj)
exists = (object_md5.to_s == local_md5.to_s)
end
end
else
# file doesn't exist
exists = false
end
return exists
end
#### create resource
##############################
def create
begin
if @resource[:auth_principal].nil?
kstart("-U", "-q", "-f", @resource[:auth_keytab], "--", "/usr/bin/wallet", "-f", @resource[:path], "get", @resource[:type], @resource[:name])
else
kstart("-q", "-f", @resource[:auth_keytab], @resource[:auth_principal], "--", "/usr/bin/wallet", "-f", @resource[:path], "get", @resource[:type], @resource[:name])
end
rescue Puppet::ExecutionFailure => detail
raise Puppet::Error, "Failed to acquire wallet object. #{@resource.class.name} #{@resource.name}: #{detail}", detail.backtrace
end
File.chmod(Integer("0" + @resource[:mode].to_s), @resource[:path]) unless @resource[:mode].nil?
File.chown(arg_to_uid(@resource[:owner]), arg_to_gid(@resource[:group]), @resource[:path]) unless (@resource[:owner].nil? and @resource[:group].nil?)
end
def create
begin
if @resource[:auth_principal].nil?
kstart("-U", "-q", "-f", @resource[:auth_keytab], "--", "/usr/bin/wallet", "-f", @resource[:path], "get", @resource[:type], @resource[:name])
else
kstart("-q", "-f", @resource[:auth_keytab], @resource[:auth_principal], "--", "/usr/bin/wallet", "-f", @resource[:path], "get", @resource[:type], @resource[:name])
end
rescue Puppet::ExecutionFailure => detail
raise Puppet::Error, "Failed to acquire wallet object. #{@resource.class.name} #{@resource.name}: #{detail}", detail.backtrace
end
File.chmod(Integer("0" + @resource[:mode].to_s), @resource[:path]) unless @resource[:mode].nil?
File.chown(arg_to_uid(@resource[:owner]), arg_to_gid(@resource[:group]), @resource[:path]) unless (@resource[:owner].nil? and @resource[:group].nil?)
end
#### destroy resource
##############################
def destroy
File.unlink(resource[:path])
end
def destroy
File.unlink(resource[:path])
end
#### manage properties
##############################
def mode
"%o" % (File.stat(@resource[:path]).mode & 007777)
end
def mode
"%o" % (File.stat(@resource[:path]).mode & 007777)
end
def mode=(value)
File.chmod(Integer("0" + value.to_s), @resource[:path])
end
def mode=(value)
File.chmod(Integer("0" + value.to_s), @resource[:path])
end
def owner
File.stat(@resource[:path]).uid
end
def owner
File.stat(@resource[:path]).uid
end
def owner=(value)
File.chown(arg_to_uid(value), nil, @resource[:path])
end
def owner=(value)
File.chown(arg_to_uid(value), nil, @resource[:path])
end
def group
File.stat(@resource[:path]).gid
end
def group
File.stat(@resource[:path]).gid
end
def group=(value)
File.chown(nil, arg_to_gid(value), @resource[:path])
end
def group=(value)
File.chown(nil, arg_to_gid(value), @resource[:path])
end
#### helper functions
##############################
def arg_to_gid(value)
case value
when String
if value =~ /^[-0-9]+$/
Integer(value)
else
Etc.getgrnam(value).gid
end
else
value
end
end
def arg_to_uid(value)
case value
when String
if value =~ /^[-0-9]+$/
Integer(value)
else
Etc.getpwnam(value).uid
end
else
value
end
end
def arg_to_gid(value)
case value
when String
if value =~ /^[-0-9]+$/
Integer(value)
else
Etc.getgrnam(value).gid
end
else
value
end
end
def arg_to_uid(value)
case value
when String
if value =~ /^[-0-9]+$/
Integer(value)
else
Etc.getpwnam(value).uid
end
else
value
end
end
end
......@@ -2,125 +2,125 @@ require 'puppet/parameter/boolean'
require 'etc'
Puppet::Type.newtype(:wallet) do
@doc = "Get a file from wallet"
ensurable do
desc "Get a file from wallet or remove it"
defaultvalues
defaultto(:present)
end
newparam(:name) do
desc "Wallet object to download"
isrequired
end
newparam(:path) do
desc "The local file to save wallet object to"
validate do |value|
unless Puppet::Util.absolute_path?(value)
fail Puppet::Error, "File paths must be fully qualified, not '#{value}'"
end
end
end
newparam(:type) do
desc "Type of wallet object"
defaultto('keytab')
newvalues('file', 'keytab', 'duo-pam', 'duo-radius' 'duo-rdp')
end
newparam(:auth_keytab) do
desc "Keytab used to authenticate to wallet"
defaultto('/etc/krb5.keytab')
validate do |value|
unless Puppet::Util.absolute_path?(value)
fail Puppet::Error, "File paths must be fully qualified, not '#{value}'"
end
end
end
newparam(:auth_principal) do
desc "Principal in auth_keytab used to authenticate to wallet"
validate do |value|
unless /^(host|service|webauth|smtp|pop|postgres|nfs|lpr|ldap|imap|ftp|cifs|afpserver|HTTP)\/[0-9a-zA-Z\.\-]+$/.match(value)
raise Puppet::Error, "Principal name #{value} is invalid."
end
end
end
newparam(:heimdal, :boolean => true) do
desc "Kerberos distribution"
defaultto(:false)
newvalues(:true, :false)
end
newparam(:verify, :boolean => true) do
desc "Enable/disable wallet object validation"
defaultto(:false)
newvalues(:true, :false)
end
newproperty(:owner) do
desc "Owner of the local file"
# make sure that no matter how owner is specified
# (integer, string of numbers, user name), we always
# compare an integer uid to a value given by the provider.
munge do |value|
case value
when String
if value =~ /^[-0-9]+$/
value = Integer(value)
else
value = Etc.getpwnam(value).uid
end
end
return value
end
end
newproperty(:group) do
desc "Group permission on the local file"
# make sure that no matter how group is specified
# (integer, string of numbers, group name), we always
# compare an integer gid to a value given by the provider.
munge do |value|
case value
when String
if value =~ /^[-0-9]+$/
value = Integer(value)
else
value = Etc.getgrnam(value).gid
end
end
return value
end
end
newproperty(:mode) do
desc "Manage the file's mode."
# make sure we always compare modes as integers
munge do |value|
case value
when String
if value =~ /^[-0-9]+$/
value = Integer(value)
end
end
return value
end
end
@doc = "Get a file from wallet"
ensurable do
desc "Get a file from wallet or remove it"
defaultvalues
defaultto(:present)
end
newparam(:name) do
desc "Wallet object to download"
isrequired
end
newparam(:path) do
desc "The local file to save wallet object to"
validate do |value|
unless Puppet::Util.absolute_path?(value)
fail Puppet::Error, "File paths must be fully qualified, not '#{value}'"
end
end
end
newparam(:type) do
desc "Type of wallet object"
defaultto('keytab')
newvalues('file', 'keytab', 'duo-pam', 'duo-radius' 'duo-rdp')
end
newparam(:auth_keytab) do
desc "Keytab used to authenticate to wallet"
defaultto('/etc/krb5.keytab')
validate do |value|
unless Puppet::Util.absolute_path?(value)
fail Puppet::Error, "File paths must be fully qualified, not '#{value}'"
end
end
end
newparam(:auth_principal) do
desc "Principal in auth_keytab used to authenticate to wallet"
validate do |value|
unless /^(host|service|webauth|smtp|pop|postgres|nfs|lpr|ldap|imap|ftp|cifs|afpserver|HTTP)\/[0-9a-zA-Z\.\-]+$/.match(value)
raise Puppet::Error, "Principal name #{value} is invalid."
end
end
end
newparam(:heimdal, :boolean => true) do
desc "Kerberos distribution"
defaultto(:false)
newvalues(:true, :false)
end
newparam(:verify, :boolean => true) do
desc "Enable/disable wallet object validation"
defaultto(:false)
newvalues(:true, :false)
end
newproperty(:owner) do
desc "Owner of the local file"
# make sure that no matter how owner is specified
# (integer, string of numbers, user name), we always
# compare an integer uid to a value given by the provider.
munge do |value|
case value
when String
if value =~ /^[-0-9]+$/
value = Integer(value)
else
value = Etc.getpwnam(value).uid
end
end
return value
end
end
newproperty(:group) do
desc "Group permission on the local file"
# make sure that no matter how group is specified
# (integer, string of numbers, group name), we always
# compare an integer gid to a value given by the provider.
munge do |value|
case value
when String
if value =~ /^[-0-9]+$/
value = Integer(value)
else
value = Etc.getgrnam(value).gid
end
end
return value
end
end
newproperty(:mode) do
desc "Manage the file's mode."
# make sure we always compare modes as integers
munge do |value|
case value
when String
if value =~ /^[-0-9]+$/
value = Integer(value)
end
end
return value
end
end
# require any parent directory be created first
autorequire :file do
[ File.dirname(self[:path]) ]
end
# require any parent directory be created first
autorequire :file do
[ File.dirname(self[:path]) ]
end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment