Question: Custom puppet type for semanage, converting inputs to flags?
48 views
Skip to first unread message
Jon McKenzie
Sep 9, 2012, 1:46:10 PM9/9/12
to puppet...@googlegroups.com
Hi,
I'm just trying to get an idea about the best way to implement this:
I want a type that uses the 'semanage' binary to manage targeted policy (in this case for files).
So for example to create a targeted policy, I might do something like:
semanage fcontext -a -f -d -t some_domain_t "/path/to/files(/.*)?"
... which would add a target policy that sets 'some_domain_t' on all directories in "/path/to/files/"
The question I have is about the "-d", which is a parameter to "-f", that directs policy to only cover directories (e.g. "-d" is for directories, "--" is for regular files, "-s" is for sockets, etc. -- see the help for semanage for the rest).
I want a property called :filetype that can have a value of :file, :directory, :all, :socket, :character, :block, etc. Once I get valid input, I want to convert the value to the appropriate flag for the command. What's the best way to do this?
My current idea is to accept any input, and then have a case switch inside of a munge block, e.g.:
munge do |value|
case value
when "file"
value = "--"
when "directory"
value = "-d"
... etc..
end
end
Is this the "correct" way to implement this? Should this even be in the type definition (since these are details of the provider)?
Thanks for your help,
Jon
I'm just trying to get an idea about the best way to implement this:
I want a type that uses the 'semanage' binary to manage targeted policy (in this case for files).
So for example to create a targeted policy, I might do something like:
semanage fcontext -a -f -d -t some_domain_t "/path/to/files(/.*)?"
... which would add a target policy that sets 'some_domain_t' on all directories in "/path/to/files/"
The question I have is about the "-d", which is a parameter to "-f", that directs policy to only cover directories (e.g. "-d" is for directories, "--" is for regular files, "-s" is for sockets, etc. -- see the help for semanage for the rest).
I want a property called :filetype that can have a value of :file, :directory, :all, :socket, :character, :block, etc. Once I get valid input, I want to convert the value to the appropriate flag for the command. What's the best way to do this?
My current idea is to accept any input, and then have a case switch inside of a munge block, e.g.:
munge do |value|
case value
when "file"
value = "--"
when "directory"
value = "-d"
... etc..
end
end
Is this the "correct" way to implement this? Should this even be in the type definition (since these are details of the provider)?
Thanks for your help,
Jon
Dan Bode
Sep 9, 2012, 1:54:51 PM9/9/12
to puppet...@googlegroups.com
The syntax here looks correct. You may also want to use newvalues to restrict the values that are allowed.
Should this even be in the type definition (since these are details of the provider)?
That is a really good point. It would be more consistent with the model if this munging was done in the provider. Of coarse in only really 'matters' if you think the type will have multiple providers.
Thanks for your help,
Jon
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jon McKenzie
Sep 9, 2012, 5:17:04 PM9/9/12
to puppet...@googlegroups.com
Hi Dan,
Thanks for the input. If I were to implement this in the provider, what would be the proper way to do that? Is there a validation/conversion hook I can override?
Thanks for the input. If I were to implement this in the provider, what would be the proper way to do that? Is there a validation/conversion hook I can override?
Reply all
Reply to author
Forward
0 new messages