|
1
|
|
|
# frozen_string_literal: true |
|
2
|
|
|
|
|
3
|
|
|
require_relative 'group/privilege' |
|
4
|
|
|
require_relative '../action/group/set_members' |
|
5
|
|
|
require_relative '../action/group/append_members' |
|
6
|
|
|
require_relative '../action/group/exclude_members' |
|
7
|
|
|
require_relative '../action/group/remove' |
|
8
|
|
|
require_relative '../model/policy' |
|
9
|
|
|
|
|
10
|
|
|
module AMA |
|
11
|
|
|
module Chef |
|
12
|
|
|
module User |
|
13
|
|
|
class Planner |
|
14
|
|
|
# This planner creates actions altering group state |
|
15
|
|
|
class Group |
|
16
|
|
|
def initialize |
|
17
|
|
|
@privilege = Privilege.new |
|
18
|
|
|
end |
|
19
|
|
|
|
|
20
|
|
|
# @param [Hash{Symbol, AMA::Chef::User::Model::Group}] current_state |
|
21
|
|
|
# @param [Hash{Symbol, AMA::Chef::User::Model::Group}] desired_state |
|
22
|
|
|
def plan(current_state, desired_state) |
|
23
|
|
|
(current_state.keys | desired_state.keys).flat_map do |id| |
|
24
|
|
|
process(current_state[id], desired_state[id]) |
|
25
|
|
|
end |
|
26
|
|
|
end |
|
27
|
|
|
|
|
28
|
|
|
private |
|
29
|
|
|
|
|
30
|
|
|
# @param [AMA::Chef::User::Model::Group] current_state |
|
31
|
|
|
# @param [AMA::Chef::User::Model::Group] desired_state |
|
32
|
|
|
def process(current_state, desired_state) |
|
33
|
|
|
actions = privilege_actions(current_state, desired_state) |
|
34
|
|
|
group = desired_state || current_state |
|
35
|
|
|
return [] if group.policy == Model::Policy::NONE |
|
36
|
|
|
if desired_state.nil? |
|
37
|
|
|
actions.push(*deletion_actions(current_state)) |
|
38
|
|
|
else |
|
39
|
|
|
actions.push(*creation_actions(current_state, desired_state)) |
|
40
|
|
|
end |
|
41
|
|
|
post_process_actions(actions) |
|
42
|
|
|
end |
|
43
|
|
|
|
|
44
|
|
|
def ns |
|
45
|
|
|
::AMA::Chef::User::Action::Group |
|
46
|
|
|
end |
|
47
|
|
|
|
|
48
|
|
|
def creation_actions(current_state, desired_state) |
|
49
|
|
|
group = desired_state |
|
50
|
|
|
unless desired_state.policy == Model::Policy::EDIT |
|
51
|
|
|
return [ns::SetMembers.new(group)] |
|
52
|
|
|
end |
|
53
|
|
|
actions = [ns::AppendMembers.new(group)] |
|
54
|
|
|
current_members = current_state ? current_state.members : Set.new |
|
55
|
|
|
excluded_members = current_members - desired_state.members |
|
56
|
|
|
return actions if excluded_members.empty? |
|
57
|
|
|
actions.unshift(ns::ExcludeMembers.new(group, excluded_members)) |
|
58
|
|
|
end |
|
59
|
|
|
|
|
60
|
|
|
def deletion_actions(current_state) |
|
61
|
|
|
if current_state.policy.remove? |
|
62
|
|
|
return [ns::Remove.new(current_state)] |
|
63
|
|
|
end |
|
64
|
|
|
return [] if current_state.members.empty? |
|
65
|
|
|
[ns::ExcludeMembers.new(current_state, current_state.members)] |
|
66
|
|
|
end |
|
67
|
|
|
|
|
68
|
|
|
def post_process_actions(actions) |
|
69
|
|
|
actions.each do |action| |
|
70
|
|
|
action.class_name = action.class.to_s |
|
71
|
|
|
end |
|
72
|
|
|
actions |
|
73
|
|
|
end |
|
74
|
|
|
|
|
75
|
|
View Code Duplication |
def privilege_actions(current_state, desired_state) |
|
|
|
|
|
|
76
|
|
|
return [] if desired_state.nil? && !current_state.policy.remove? |
|
77
|
|
|
group = desired_state || current_state |
|
78
|
|
|
current = current_state.nil? ? {} : current_state.privileges |
|
79
|
|
|
desired = desired_state.nil? ? {} : desired_state.privileges |
|
80
|
|
|
@privilege.plan(group, current, desired) |
|
81
|
|
|
end |
|
82
|
|
|
end |
|
83
|
|
|
end |
|
84
|
|
|
end |
|
85
|
|
|
end |
|
86
|
|
|
end |
|
87
|
|
|
|
ama-team /
cookbook-linux-user-management
Loading history...