1 files changed, 18 insertions, 29 deletions

diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py
index fce90154e..bb0d6956a 100644
--- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py
+++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py
@@ -119,7 +119,6 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin):
             POSIXUser={None: dict(name=is_username)})
 
     def Run(self):
-        self.check_default_acls()
         self.check_packages()
         if "Defaults" in self.core.plugins:
             self.logger.info("Defaults plugin enabled; skipping required "
@@ -137,34 +136,21 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin):
                 "required-attr-format": "error",
                 "extra-attrs": "warning"}
 
-    def check_default_acls(self):
-        """ Check Path entries have valid default ACLs """
-        def check_acl(path):
-            """ Check that a default ACL contains either no entries or minimum
-            required entries """
-            defaults = 1 if len(path.xpath(
-                "/ACL[@type='default' and @scope='user']")) else 0
-            defaults += 1 if len(path.xpath(
-                "/ACL[@type='default' and @scope='user']")) else 0
-            defaults += 1 if len(path.xpath(
-                "/ACL[@type='default' and @scope='user']")) else 0
-            if defaults > 0 and defaults < 3:
-                self.LintError(
-                    "missing-elements",
-                    "A Path must have either no default ACLs or at"
-                    " least default:user::, default:group:: and"
-                    " default:other::")
-
-        if 'Bundler' in self.core.plugins:
-            for bundle in self.core.plugins['Bundler'].entries.values():
-                xdata = lxml.etree.XML(bundle.data)
-                for path in xdata.xpath("//BoundPath"):
-                    check_acl(path)
-        if 'Rules' in self.core.plugins:
-            for rules in self.core.plugins['Rules'].entries.values():
-                xdata = rules.pnode.data
-                for path in xdata.xpath("//Path"):
-                    check_acl(path)
+    def check_default_acl(self, path):
+        """ Check that a default ACL contains either no entries or minimum
+        required entries """
+        defaults = 1 if path.xpath(
+            "ACL[@type='default' and @scope='user' and @user='']") else 0
+        defaults += 1 if path.xpath(
+            "ACL[@type='default' and @scope='group' and @group='']") else 0
+        defaults += 1 if path.xpath(
+            "ACL[@type='default' and @scope='other']") else 0
+        if defaults > 0 and defaults < 3:
+            self.LintError(
+                "missing-elements",
+                "A Path must have either no default ACLs or at"
+                " least default:user::, default:group:: and"
+                " default:other::")
 
     def check_packages(self):
         """ Check Packages sources for Source entries with missing
@@ -265,6 +251,9 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin):
                     required_attrs['major'] = is_device_mode
                     required_attrs['minor'] = is_device_mode
 
+            if tag == 'Path':
+                self.check_default_acl(entry)
+
             if tag == 'ACL' and 'scope' in required_attrs:
                 required_attrs[entry.get('scope')] = is_username