Commit c51b30bf authored by Tim Smith's avatar Tim Smith
Browse files

Convert cron_manage def to cron_access custom resource



Rename it to reflect what it does
Convert it to a resource using the accumulator pattern
Signed-off-by: default avatarTim Smith <tsmith@chef.io>
parent 3aebeaad
......@@ -61,24 +61,27 @@ cron_d 'Setup the daily usage cron job' do
end
```
## Definitions
### `cron_access`
### `cron_manage`
The `cron_access` resource can be used to manage the `/etc/cron.allow` and `/etc/cron.deny` files.
The `cron_manage` definition can be used to manage the `/etc/cron.allow` and `/etc/cron.deny` files. Include this cookbook as dependency to your cookbook and execute the definition as:
Note: This resource was previously a Chef definition cron_manage. The legacy name will still function, but should be updated.
#### Actions
- `:deny` - Add the user to the cron.deny file (default).
- `:allow` - Add the user to the cron.allow file.
#### Properties
- `user` - username that you want to control (optional).
- `action` - `:allow` or `:deny`. :deny is the default.
- `user` - username that you want to control. If not provided the resource name will be used as the user.
#### Examples
The following will add the user mike to the `/etc/cron.allow` file:
```ruby
cron_manage 'mike' do
user 'mike'
cron_access 'mike' do
action :allow
end
```
......@@ -86,13 +89,12 @@ end
The following will add the user john to the `/etc/cron.deny` file:
```ruby
cron_manage 'john' do
user 'john' #optional, resource name will be used if not specified.
cron_access "Make sure john can't touch cron" do
user 'john'
action :deny #optional, deny is the default
end
```
## Maintainers
This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/)
......
#
# Cookbook:: cron
# Definition:: manage
# resource:: access
#
# Author:: Sander Botman. <sbotman@schubergphilis.com>
# Author:: Sander Botman <sbotman@schubergphilis.com>
# Author:: Tim Smith <tsmith@chef.io>
#
# Copyright:: 2014-2018, Sander Botman
# Copyright:: 2018, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -19,27 +21,36 @@
# limitations under the License.
#
define :cron_manage, user: nil, action: :deny do
file = if params[:action] == :allow
'/etc/cron.allow'
else
'/etc/cron.deny'
end
resource_name :cron_access
provides :cron_access
provides :cron_manage # legacy name
t = nil
begin
t = resources(template: file)
rescue Chef::Exceptions::ResourceNotFound
t = template file do
property :user, String, name_property: true
action :allow do
with_run_context :root do
edit_resource(:template, '/etc/cron.allow') do |new_resource|
source 'cron_manage.erb'
cookbook 'cron'
mode '0600'
variables users: [],
recipe_file: __FILE__.to_s.split('cookbooks/').last,
template_file: source.to_s
variables['users'] ||= []
variables['users'] << new_resource.user
action :nothing
delayed_action :create
end
end
end
user = params[:user].nil? ? params[:name] : params[:user]
t.variables[:users] << user
action :deny do
with_run_context :root do
edit_resource(:template, '/etc/cron.deny') do |new_resource|
source 'cron_manage.erb'
cookbook 'cron'
mode '0600'
variables['users'] ||= []
variables['users'] << new_resource.user
action :nothing
delayed_action :create
end
end
end
# Generated by Chef. Changes will be overwritten.
# ----------------------------------------------------------------
# NOTE: This file is controlled by chef templates!
# Do not edit or change this file but use the cron_manage resource.
# template file : <%= @template_file %>
# recipe file : <%= @recipe_file %>
# ----------------------------------------------------------------
<% @users.sort.uniq.each do |user| -%>
<%= user %>
<% end -%>
......@@ -124,14 +124,20 @@ end
# Test the definition
#####################
cron_manage 'alice' do
cron_access 'alice' do
action :allow
end
cron_manage 'bob' do
cron_access 'bob' do
action :allow
end
cron_manage 'tom' do
cron_access 'tom' do
action :allow
end
# legacy resource name
cron_manage 'Bill breaks things. Take away cron' do
user 'bill'
action :deny
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment