Jon McKenzie
2012-Sep-09 17:46 UTC
[Puppet Users] Question: Custom puppet type for semanage, converting inputs to flags?
Hi,
I''m just trying to get an idea about the best way to implement this:
I want a type that uses the ''semanage'' binary to manage
targeted policy (in
this case for files).
So for example to create a targeted policy, I might do something like:
semanage fcontext -a -f -d -t some_domain_t "/path/to/files(/.*)?"
... which would add a target policy that sets ''some_domain_t''
on all
directories in "/path/to/files/"
The question I have is about the "-d", which is a parameter to
"-f", that
directs policy to only cover directories (e.g. "-d" is for
directories,
"--" is for regular files, "-s" is for sockets, etc. -- see
the help for
semanage for the rest).
I want a property called :filetype that can have a value of :file,
:directory, :all, :socket, :character, :block, etc. Once I get valid input,
I want to convert the value to the appropriate flag for the command.
What''s
the best way to do this?
My current idea is to accept any input, and then have a case switch inside
of a munge block, e.g.:
munge do |value|
case value
when "file"
value = "--"
when "directory"
value = "-d"
... etc..
end
end
Is this the "correct" way to implement this? Should this even be in
the
type definition (since these are details of the provider)?
Thanks for your help,
Jon
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Dan Bode
2012-Sep-09 17:54 UTC
Re: [Puppet Users] Question: Custom puppet type for semanage, converting inputs to flags?
On Sun, Sep 9, 2012 at 10:46 AM, Jon McKenzie <jcmcken@gmail.com> wrote:> Hi, > > I''m just trying to get an idea about the best way to implement this: > > I want a type that uses the ''semanage'' binary to manage targeted policy > (in this case for files). > > So for example to create a targeted policy, I might do something like: > > semanage fcontext -a -f -d -t some_domain_t "/path/to/files(/.*)?" > > ... which would add a target policy that sets ''some_domain_t'' on all > directories in "/path/to/files/" > > The question I have is about the "-d", which is a parameter to "-f", that > directs policy to only cover directories (e.g. "-d" is for directories, > "--" is for regular files, "-s" is for sockets, etc. -- see the help for > semanage for the rest). > > I want a property called :filetype that can have a value of :file, > :directory, :all, :socket, :character, :block, etc. Once I get valid input, > I want to convert the value to the appropriate flag for the command. What''s > the best way to do this? > > My current idea is to accept any input, and then have a case switch inside > of a munge block, e.g.: > > munge do |value| > case value > when "file" > value = "--" > when "directory" > value = "-d" > ... etc.. > end > end > > Is this the "correct" way to implement this?The syntax here looks correct. You may also want to use newvalues to restrict the values that are allowed.> Should this even be in the type definition (since these are details of the > provider)? >That is a really good point. It would be more consistent with the model if this munging was done in the provider. Of coarse in only really ''matters'' if you think the type will have multiple providers.> > Thanks for your help, > Jon > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jon McKenzie
2012-Sep-09 21:17 UTC
Re: [Puppet Users] Question: Custom puppet type for semanage, converting inputs to flags?
Hi Dan, Thanks for the input. If I were to implement this in the provider, what would be the proper way to do that? Is there a validation/conversion hook I can override? On Sunday, September 9, 2012 1:55:17 PM UTC-4, Dan Bode wrote:> > > > On Sun, Sep 9, 2012 at 10:46 AM, Jon McKenzie <jcm...@gmail.com<javascript:> > > wrote: > >> Hi, >> >> I''m just trying to get an idea about the best way to implement this: >> >> I want a type that uses the ''semanage'' binary to manage targeted policy >> (in this case for files). >> >> So for example to create a targeted policy, I might do something like: >> >> semanage fcontext -a -f -d -t some_domain_t "/path/to/files(/.*)?" >> >> ... which would add a target policy that sets ''some_domain_t'' on all >> directories in "/path/to/files/" >> >> The question I have is about the "-d", which is a parameter to "-f", that >> directs policy to only cover directories (e.g. "-d" is for directories, >> "--" is for regular files, "-s" is for sockets, etc. -- see the help for >> semanage for the rest). >> >> I want a property called :filetype that can have a value of :file, >> :directory, :all, :socket, :character, :block, etc. Once I get valid input, >> I want to convert the value to the appropriate flag for the command. What''s >> the best way to do this? >> >> My current idea is to accept any input, and then have a case switch >> inside of a munge block, e.g.: >> >> munge do |value| >> case value >> when "file" >> value = "--" >> when "directory" >> value = "-d" >> ... etc.. >> end >> end >> >> Is this the "correct" way to implement this? > > > The syntax here looks correct. You may also want to use newvalues to > restrict the values that are allowed. > > >> Should this even be in the type definition (since these are details of >> the provider)? >> > > That is a really good point. It would be more consistent with the model if > this munging was done in the provider. Of coarse in only really ''matters'' > if you think the type will have multiple providers. > > >> >> Thanks for your help, >> Jon >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ. >> To post to this group, send email to puppet...@googlegroups.com<javascript:> >> . >> To unsubscribe from this group, send email to >> puppet-users...@googlegroups.com <javascript:>. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/5nVGbDoO7bAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.