@ -57,14 +57,14 @@ options:
description:
description:
- actual user or group that the ACL applies to when matching entity types user or group are selected.
- actual user or group that the ACL applies to when matching entity types user or group are selected.
type:
e type:
version_added: "1.5"
version_added: "1.5"
required: false
required: false
default: null
default: null
choices: [ 'user', 'group', 'mask', 'other' ]
choices: [ 'user', 'group', 'mask', 'other' ]
description:
description:
- if the target is a directory, setting this to yes will make it the default acl for entities created inside the directory. It causes an error if name is a file.
- if the target is a directory, setting this to yes will make it the default acl for entities created inside the directory. It causes an error if name is a file.
d
permissions:
permissions:
version_added: "1.5"
version_added: "1.5"
@ -73,11 +73,11 @@ d
description:
description:
- Permissions to apply/remove can be any combination of r, w and x (read, write and execute respectively)
- Permissions to apply/remove can be any combination of r, w and x (read, write and execute respectively)
entry:(deprecated)
entry:
required: false
required: false
default: null
default: null
description:
description:
- The acl to set or remove. This must always be quoted in the form of '<type>:<qualifier>:<perms>'. The qualifier may be empty for some types, but the type and perms are always requried. '-' can be used as placeholder when you do not care about permissions. This is now superceeded by entity, type and permissions fields.
- DEPRECATED. The acl to set or remove. This must always be quoted in the form of '<e type>:<qualifier>:<perms>'. The qualifier may be empty for some types, but the type and perms are always requried. '-' can be used as placeholder when you do not care about permissions. This is now superceeded by entity, type and permissions fields.
author: Brian Coca
author: Brian Coca
notes:
notes:
@ -86,13 +86,13 @@ notes:
EXAMPLES = '''
EXAMPLES = '''
# Grant user Joe read access to a file
# Grant user Joe read access to a file
- acl: name=/etc/foo.conf entity=joe type=user permissions="r" state=present
- acl: name=/etc/foo.conf entity=joe e type=user permissions="r" state=present
# Removes the acl for Joe on a specific file
# Removes the acl for Joe on a specific file
- acl: name=/etc/foo.conf entity=joe type=user state=absent
- acl: name=/etc/foo.conf entity=joe e type=user state=absent
# Sets default acl for joe on foo.d
# Sets default acl for joe on foo.d
- acl: name=/etc/foo.d entity=joe type=user permissions=rw default=yes state=present
- acl: name=/etc/foo.d entity=joe e type=user permissions=rw default=yes state=present
# Same as previous but using entry shorthand
# Same as previous but using entry shorthand
- acl: name=/etc/foo.d entrty="default:user:joe:rw-" state=present
- acl: name=/etc/foo.d entrty="default:user:joe:rw-" state=present
@ -190,9 +190,9 @@ def main():
module = AnsibleModule(
module = AnsibleModule(
argument_spec = dict(
argument_spec = dict(
name = dict(required=True,aliases=['path'], type='str'),
name = dict(required=True,aliases=['path'], type='str'),
entry = dict(required=False, type='str'),
entry = dict(required=False, e type='str'),
entity = dict(required=False, type='str', default=''),
entity = dict(required=False, type='str', default=''),
type = dict(required=False, choices=['other', 'user', 'group', 'mask'], type='str'),
e type = dict(required=False, choices=['other', 'user', 'group', 'mask'], type='str'),
permissions = dict(required=False, type='str'),
permissions = dict(required=False, type='str'),
state = dict(required=False, default='query', choices=[ 'query', 'present', 'absent' ], type='str'),
state = dict(required=False, default='query', choices=[ 'query', 'present', 'absent' ], type='str'),
follow = dict(required=False, type='bool', default=True),
follow = dict(required=False, type='bool', default=True),
@ -204,7 +204,7 @@ def main():
path = module.params.get('name')
path = module.params.get('name')
entry = module.params.get('entry')
entry = module.params.get('entry')
entity = module.params.get('entity')
entity = module.params.get('entity')
type = module.params.get('type')
e type = module.params.get('e type')
permissions = module.params.get('permissions')
permissions = module.params.get('permissions')
state = module.params.get('state')
state = module.params.get('state')
follow = module.params.get('follow')
follow = module.params.get('follow')
@ -214,16 +214,16 @@ def main():
module.fail_json(msg="path not found or not accessible!")
module.fail_json(msg="path not found or not accessible!")
if state in ['present','absent']:
if state in ['present','absent']:
if not entry and not type:
if not entry and not e type:
module.fail_json(msg="%s requries to have ither either type and permissions or entry to be set" % state)
module.fail_json(msg="%s requries to have ither either e type and permissions or entry to be set" % state)
if entry:
if entry:
if type or entity or permissions:
if e type or entity or permissions:
module.fail_json(msg="entry and another incompatible field (entity, type or permissions) are also set")
module.fail_json(msg="entry and another incompatible field (entity, e type or permissions) are also set")
if entry.count(":") not in [2,3]:
if entry.count(":") not in [2,3]:
module.fail_json(msg="Invalid entry: '%s', it requires 3 or 4 sections divided by ':'" % entry)
module.fail_json(msg="Invalid entry: '%s', it requires 3 or 4 sections divided by ':'" % entry)
default, type, entity, permissions = split_entry(entry)
default, e type, entity, permissions = split_entry(entry)
changed=False
changed=False
msg = ""
msg = ""
@ -236,8 +236,8 @@ def main():
continue
continue
old_default, old_type, old_entity, old_permissions = split_entry(oldentry)
old_default, old_type, old_entity, old_permissions = split_entry(oldentry)
if old_default == default:
if old_default == default:
if old_type == type:
if old_type == e type:
if type in ['user', 'group']:
if e type in ['user', 'group']:
if old_entity == entity:
if old_entity == entity:
matched = True
matched = True
if not old_permissions == permissions:
if not old_permissions == permissions:
@ -253,8 +253,8 @@ def main():
changed=True
changed=True
if changed and not module.check_mode:
if changed and not module.check_mode:
set_acl(module,path,':'.join([type, str(entity), permissions]),follow,default)
set_acl(module,path,':'.join([e type, str(entity), permissions]),follow,default)
msg="%s is present" % ':'.join([type, str(entity), permissions])
msg="%s is present" % ':'.join([e type, str(entity), permissions])
elif state == 'absent':
elif state == 'absent':
for oldentry in currentacls:
for oldentry in currentacls:
@ -262,8 +262,8 @@ def main():
continue
continue
old_default, old_type, old_entity, old_permissions = split_entry(oldentry)
old_default, old_type, old_entity, old_permissions = split_entry(oldentry)
if old_default == default:
if old_default == default:
if old_type == type:
if old_type == e type:
if type in ['user', 'group']:
if e type in ['user', 'group']:
if old_entity == entity:
if old_entity == entity:
changed=True
changed=True
break
break
@ -271,8 +271,8 @@ def main():
changed=True
changed=True
break
break
if changed and not module.check_mode:
if changed and not module.check_mode:
rm_acl(module,path,':'.join([type, entity, '---']),follow,default)
rm_acl(module,path,':'.join([e type, entity, '---']),follow,default)
msg="%s is absent" % ':'.join([type, entity, '---'])
msg="%s is absent" % ':'.join([e type, entity, '---'])
else:
else:
msg="current acl"
msg="current acl"
Brian Coca
11 years ago