Puppet users - Sep 2012 - Question: Custom puppet type for semanage, converting inputs to flags?

Hi,

I''m just trying to get an idea about the best way to implement this:

I want a type that uses the ''semanage'' binary to manage
targeted policy (in
this case for files).

So for example to create a targeted policy, I might do something like:

semanage fcontext -a -f -d -t some_domain_t "/path/to/files(/.*)?"

... which would add a target policy that sets ''some_domain_t''
on all
directories in "/path/to/files/"

The question I have is about the "-d", which is a parameter to
"-f", that
directs policy to only cover directories (e.g. "-d" is for
directories,
"--" is for regular files, "-s" is for sockets, etc. -- see
the help for
semanage for the rest).

I want a property called :filetype that can have a value of :file, 
:directory, :all, :socket, :character, :block, etc. Once I get valid input, 
I want to convert the value to the appropriate flag for the command.
What''s
the best way to do this?

My current idea is to accept any input, and then have a case switch inside 
of a munge block, e.g.:

    munge do |value|
      case value
      when "file"
        value = "--"
      when "directory"
        value = "-d"
      ... etc..
      end
    end

Is this the "correct" way to implement this? Should this even be in
the
type definition (since these are details of the provider)?

Thanks for your help,
Jon

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Sun, Sep 9, 2012 at 10:46 AM, Jon McKenzie <jcmcken@gmail.com> wrote:
> Hi,
>
> I''m just trying to get an idea about the best way to implement
this:
>
> I want a type that uses the ''semanage'' binary to manage
targeted policy
> (in this case for files).
>
> So for example to create a targeted policy, I might do something like:
>
> semanage fcontext -a -f -d -t some_domain_t
"/path/to/files(/.*)?"
>
> ... which would add a target policy that sets
''some_domain_t'' on all
> directories in "/path/to/files/"
>
> The question I have is about the "-d", which is a parameter to
"-f", that
> directs policy to only cover directories (e.g. "-d" is for
directories,
> "--" is for regular files, "-s" is for sockets, etc. --
see the help for
> semanage for the rest).
>
> I want a property called :filetype that can have a value of :file,
> :directory, :all, :socket, :character, :block, etc. Once I get valid input,
> I want to convert the value to the appropriate flag for the command.
What''s
> the best way to do this?
>
> My current idea is to accept any input, and then have a case switch inside
> of a munge block, e.g.:
>
>     munge do |value|
>       case value
>       when "file"
>         value = "--"
>       when "directory"
>         value = "-d"
>       ... etc..
>       end
>     end
>
> Is this the "correct" way to implement this?

The syntax here looks correct. You may also want to use newvalues to
restrict the values that are allowed.

> Should this even be in the type definition (since these are details of the
> provider)?
>
That is a really good point. It would be more consistent with the model if
this munging was done in the provider. Of coarse in only really
''matters''
if you think the type will have multiple providers.

>
> Thanks for your help,
> Jon
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Dan, 

Thanks for the input. If I were to implement this in the provider, what 
would be the proper way to do that? Is there a validation/conversion hook I 
can override?

On Sunday, September 9, 2012 1:55:17 PM UTC-4, Dan Bode
wrote:
>
>
>
> On Sun, Sep 9, 2012 at 10:46 AM, Jon McKenzie
<jcm...@gmail.com<javascript:>
> > wrote:
>
>> Hi,
>>
>> I''m just trying to get an idea about the best way to implement
this:
>>
>> I want a type that uses the ''semanage'' binary to
manage targeted policy
>> (in this case for files).
>>
>> So for example to create a targeted policy, I might do something like:
>>
>> semanage fcontext -a -f -d -t some_domain_t
"/path/to/files(/.*)?"
>>
>> ... which would add a target policy that sets
''some_domain_t'' on all
>> directories in "/path/to/files/"
>>
>> The question I have is about the "-d", which is a parameter
to "-f", that
>> directs policy to only cover directories (e.g. "-d" is for
directories,
>> "--" is for regular files, "-s" is for sockets,
etc. -- see the help for
>> semanage for the rest).
>>
>> I want a property called :filetype that can have a value of :file, 
>> :directory, :all, :socket, :character, :block, etc. Once I get valid
input,
>> I want to convert the value to the appropriate flag for the command.
What''s
>> the best way to do this?
>>
>> My current idea is to accept any input, and then have a case switch 
>> inside of a munge block, e.g.:
>>
>>     munge do |value|
>>       case value
>>       when "file"
>>         value = "--"
>>       when "directory"
>>         value = "-d"
>>       ... etc..
>>       end
>>     end
>>
>> Is this the "correct" way to implement this?
>
>
> The syntax here looks correct. You may also want to use newvalues to 
> restrict the values that are allowed.
>  
>
>> Should this even be in the type definition (since these are details of 
>> the provider)?
>>
>
> That is a really good point. It would be more consistent with the model if 
> this munging was done in the provider. Of coarse in only really
''matters''
> if you think the type will have multiple providers.
>  
>
>>
>> Thanks for your help,
>> Jon
>>
>> -- 
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ.
>> To post to this group, send email to
puppet...@googlegroups.com<javascript:>
>> .
>> To unsubscribe from this group, send email to 
>> puppet-users...@googlegroups.com <javascript:>.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/5nVGbDoO7bAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.