From d1cfc16642d28d52345cdbc50a4fe2024e5cd0ad Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Mon, 21 Nov 2016 18:32:43 +0100 Subject: Server/Lint: name attribute is required for all Path entries --- src/lib/Bcfg2/Server/Lint/RequiredAttrs.py | 39 +++++++++++++++--------------- 1 file changed, 19 insertions(+), 20 deletions(-) (limited to 'src/lib/Bcfg2/Server/Lint') diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py index ebf4c4954..91ef036fb 100644 --- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py +++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py @@ -53,26 +53,25 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): def __init__(self, *args, **kwargs): Bcfg2.Server.Lint.ServerPlugin.__init__(self, *args, **kwargs) self.required_attrs = dict( - Path=dict( - device=dict(name=is_filename, - owner=is_username, - group=is_username, - dev_type=lambda v: v in device_map), - directory=dict(name=is_filename, owner=is_username, - group=is_username, mode=is_octal_mode), - file=dict(name=is_filename, owner=is_username, - group=is_username, mode=is_octal_mode, - __text__=None), - hardlink=dict(name=is_filename, to=is_filename), - symlink=dict(name=is_filename), - ignore=dict(name=is_filename), - nonexistent=dict(name=is_filename), - permissions=dict(name=is_filename, owner=is_username, - group=is_username, mode=is_octal_mode), - vcs=dict(vcstype=lambda v: (v != 'Path' and - hasattr(Bcfg2.Client.Tools.VCS.VCS, - "Install%s" % v)), - revision=None, sourceurl=None)), + Path={ + '__any__': dict(name=is_filename), + 'device': dict(owner=is_username, group=is_username, + dev_type=lambda v: v in device_map), + 'directory': dict(owner=is_username, group=is_username, + mode=is_octal_mode), + 'file': dict(owner=is_username, group=is_username, + mode=is_octal_mode, __text__=None), + 'hardlink': dict(to=is_filename), + 'symlink': dict(), + 'ignore': dict(), + 'nonexistent': dict(), + 'permissions': dict(owner=is_username, group=is_username, + mode=is_octal_mode), + 'vcs': dict(vcstype=lambda v: (v != 'Path' and + hasattr(Bcfg2.Client.Tools.VCS.VCS, + "Install%s" % v)), + revision=None, sourceurl=None), + }, Service={"__any__": dict(name=None), "smf": dict(name=None, FMRI=None)}, Action={None: dict(name=None, -- cgit v1.2.3-1-g7c22 From 25273992fa25f39ec17468d61c01be2056157d88 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Mon, 21 Nov 2016 18:33:56 +0100 Subject: Server/Lint: Add required attrs for augeas path entries --- src/lib/Bcfg2/Server/Lint/RequiredAttrs.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/lib/Bcfg2/Server/Lint') diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py index 91ef036fb..842241fcb 100644 --- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py +++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py @@ -55,6 +55,8 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): self.required_attrs = dict( Path={ '__any__': dict(name=is_filename), + 'augeas': dict(owner=is_username, group=is_username, + mode=is_octal_mode), 'device': dict(owner=is_username, group=is_username, dev_type=lambda v: v in device_map), 'directory': dict(owner=is_username, group=is_username, -- cgit v1.2.3-1-g7c22 From 05c6c143d70f5a9ec1fb5d508713176e1bd97063 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Mon, 21 Nov 2016 18:35:44 +0100 Subject: Server/Lint: Add missing required attributes owner, group and mode are required for all path entries representing files or directories. --- src/lib/Bcfg2/Server/Lint/RequiredAttrs.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/lib/Bcfg2/Server/Lint') diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py index 842241fcb..ec65af650 100644 --- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py +++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py @@ -58,12 +58,14 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): 'augeas': dict(owner=is_username, group=is_username, mode=is_octal_mode), 'device': dict(owner=is_username, group=is_username, + mode=is_octal_mode, dev_type=lambda v: v in device_map), 'directory': dict(owner=is_username, group=is_username, mode=is_octal_mode), 'file': dict(owner=is_username, group=is_username, mode=is_octal_mode, __text__=None), - 'hardlink': dict(to=is_filename), + 'hardlink': dict(owner=is_username, group=is_username, + mode=is_octal_mode, to=is_filename), 'symlink': dict(), 'ignore': dict(), 'nonexistent': dict(), -- cgit v1.2.3-1-g7c22 From cc1dc22226b74eae13973aea1e1ae6db478f2c66 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Mon, 21 Nov 2016 19:20:25 +0100 Subject: Server/Lint: Fix code style --- src/lib/Bcfg2/Server/Lint/RequiredAttrs.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'src/lib/Bcfg2/Server/Lint') diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py index ec65af650..3f1157912 100644 --- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py +++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py @@ -47,6 +47,13 @@ def is_device_mode(val): return re.match(r'^\d+$', val) +def is_vcs_type(val): + """ Return True if val is a supported vcs type handled by the + current client tool """ + return (val != 'Path' and + hasattr(Bcfg2.Client.Tools.VCS.VCS, 'Install%s' % val)) + + class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): """ Verify attributes for configuration entries that cannot be verified with an XML schema alone. """ @@ -71,10 +78,8 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): 'nonexistent': dict(), 'permissions': dict(owner=is_username, group=is_username, mode=is_octal_mode), - 'vcs': dict(vcstype=lambda v: (v != 'Path' and - hasattr(Bcfg2.Client.Tools.VCS.VCS, - "Install%s" % v)), - revision=None, sourceurl=None), + 'vcs': dict(vcstype=is_vcs_type, revision=None, + sourceurl=None), }, Service={"__any__": dict(name=None), "smf": dict(name=None, FMRI=None)}, -- cgit v1.2.3-1-g7c22 From e72b0c3ed58493503bd43b1520103398866bf7f0 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Tue, 29 Nov 2016 16:47:18 +0100 Subject: Server/Lint: Replace dict with {} --- src/lib/Bcfg2/Server/Lint/RequiredAttrs.py | 158 ++++++++++++++++++----------- 1 file changed, 99 insertions(+), 59 deletions(-) (limited to 'src/lib/Bcfg2/Server/Lint') diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py index 3f1157912..56b4e7477 100644 --- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py +++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py @@ -59,66 +59,106 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): verified with an XML schema alone. """ def __init__(self, *args, **kwargs): Bcfg2.Server.Lint.ServerPlugin.__init__(self, *args, **kwargs) - self.required_attrs = dict( - Path={ - '__any__': dict(name=is_filename), - 'augeas': dict(owner=is_username, group=is_username, - mode=is_octal_mode), - 'device': dict(owner=is_username, group=is_username, - mode=is_octal_mode, - dev_type=lambda v: v in device_map), - 'directory': dict(owner=is_username, group=is_username, - mode=is_octal_mode), - 'file': dict(owner=is_username, group=is_username, - mode=is_octal_mode, __text__=None), - 'hardlink': dict(owner=is_username, group=is_username, - mode=is_octal_mode, to=is_filename), - 'symlink': dict(), - 'ignore': dict(), - 'nonexistent': dict(), - 'permissions': dict(owner=is_username, group=is_username, - mode=is_octal_mode), - 'vcs': dict(vcstype=is_vcs_type, revision=None, - sourceurl=None), + self.required_attrs = { + 'Path': { + '__any__': {'name': is_filename}, + 'augeas': {'owner': is_username, 'group': is_username, + 'mode': is_octal_mode}, + 'device': {'owner': is_username, 'group': is_username, + 'mode': is_octal_mode, + 'dev_type': lambda v: v in device_map}, + 'directory': {'owner': is_username, 'group': is_username, + 'mode': is_octal_mode}, + 'file': {'owner': is_username, 'group': is_username, + 'mode': is_octal_mode, '__text__': None}, + 'hardlink': {'owner': is_username, 'group': is_username, + 'mode': is_octal_mode, 'to': is_filename}, + 'symlink': {}, + 'ignore': {}, + 'nonexistent': {}, + 'permissions': {'owner': is_username, 'group': is_username, + 'mode': is_octal_mode}, + 'vcs': {'vcstype': is_vcs_type, 'revision': None, + 'sourceurl': None}, }, - Service={"__any__": dict(name=None), - "smf": dict(name=None, FMRI=None)}, - Action={None: dict(name=None, - timing=lambda v: v in ['pre', 'post', 'both'], - when=lambda v: v in ['modified', 'always'], - status=lambda v: v in ['ignore', 'check'], - command=None)}, - ACL=dict( - default=dict(scope=lambda v: v in ['user', 'group'], - perms=lambda v: re.match(r'^([0-7]|[rwx\-]{0,3}', - v)), - access=dict(scope=lambda v: v in ['user', 'group'], - perms=lambda v: re.match(r'^([0-7]|[rwx\-]{0,3}', - v)), - mask=dict(perms=lambda v: re.match(r'^([0-7]|[rwx\-]{0,3}', - v))), - Package={"__any__": dict(name=None)}, - SEBoolean={None: dict(name=None, - value=lambda v: v in ['on', 'off'])}, - SEModule={None: dict(name=None, __text__=None)}, - SEPort={ - None: dict(name=lambda v: re.match(r'^\d+(-\d+)?/(tcp|udp)', - v), - selinuxtype=is_selinux_type)}, - SEFcontext={None: dict(name=None, selinuxtype=is_selinux_type)}, - SENode={None: dict(name=lambda v: "/" in v, - selinuxtype=is_selinux_type, - proto=lambda v: v in ['ipv6', 'ipv4'])}, - SELogin={None: dict(name=is_username, - selinuxuser=is_selinux_user)}, - SEUser={None: dict(name=is_selinux_user, - roles=lambda v: all(is_selinux_user(u) - for u in " ".split(v)), - prefix=None)}, - SEInterface={None: dict(name=None, selinuxtype=is_selinux_type)}, - SEPermissive={None: dict(name=is_selinux_type)}, - POSIXGroup={None: dict(name=is_username)}, - POSIXUser={None: dict(name=is_username)}) + 'Service': { + '__any__': {'name': None}, + 'smf': {'name': None, 'FMRI': None} + }, + 'Action': { + None: { + 'name': None, + 'timing': lambda v: v in ['pre', 'post', 'both'], + 'when': lambda v: v in ['modified', 'always'], + 'status': lambda v: v in ['ignore', 'check'], + 'command': None, + }, + }, + 'ACL': { + 'default': { + 'scope': lambda v: v in ['user', 'group'], + 'perms': lambda v: re.match(r'^([0-7]|[rwx\-]{0,3}', v), + }, + 'access': { + 'scope': lambda v: v in ['user', 'group'], + 'perms': lambda v: re.match(r'^([0-7]|[rwx\-]{0,3}', v), + }, + 'mask': { + 'perms': lambda v: re.match(r'^([0-7]|[rwx\-]{0,3}', v), + }, + }, + 'Package': { + '__any__': {'name': None}, + }, + 'SEBoolean': { + None: { + 'name': None, + 'value': lambda v: v in ['on', 'off'], + }, + }, + 'SEModule': { + None: {'name': None, '__text__': None}, + }, + 'SEPort': { + None: { + 'name': lambda v: re.match(r'^\d+(-\d+)?/(tcp|udp)', v), + 'selinuxtype': is_selinux_type, + }, + }, + 'SEFcontext': { + None: {'name': None, 'selinuxtype': is_selinux_type}, + }, + 'SENode': { + None: { + 'name': lambda v: "/" in v, + 'selinuxtype': is_selinux_type, + 'proto': lambda v: v in ['ipv6', 'ipv4'] + }, + }, + 'SELogin': { + None: {'name': is_username, 'selinuxuser': is_selinux_user}, + }, + 'SEUser': { + None: { + 'name': is_selinux_user, + 'roles': lambda v: all(is_selinux_user(u) + for u in " ".split(v)), + 'prefix': None, + }, + }, + 'SEInterface': { + None: {'name': None, 'selinuxtype': is_selinux_type}, + }, + 'SEPermissive': { + None: {'name': is_selinux_type}, + }, + 'POSIXGroup': { + None: {'name': is_username}, + }, + 'POSIXUser': { + None: {'name': is_username}, + }, + } def Run(self): self.check_packages() -- cgit v1.2.3-1-g7c22