Defined Type: splunk::acl
- Defined in:
- manifests/acl.pp
Overview
splunk::acl()
ensures that the Splunk user can read the file inputs defined optionally set acls on parent paths
not optimal, but I could not find another solution on the puppet forge
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'manifests/acl.pp', line 8
define splunk::acl(
Optional[String] $target = undef,
Optional[String] $group = $splunk::user,
Optional[String] $type = 'file',
Optional[Boolean] $recurse = false,
Optional[Boolean] $parents = false
) {
# Validate parameters
#
if $target == undef {
$object = $title
} else {
$object = $target
}
if $recurse != true and $recurse != false {
fail('variable "recurse" must be either true or false')
}
if $facts['kernel'] == 'Linux' {
# returns 0 if the object is a file
$testdir = "test -d ${object}"
# Calculate the ACE by combining $group, and $readonly.
# Set the $subject and $db to later verify that the subject exists.
#
$subject = $group
if $type == 'file' {
$perm = 'r--'
} else {
$perm = 'r-x'
}
$acl = "group:${group}:${perm}"
$gacl = "group:${group}:r-x"
# returns 0 if the mount containing the object supports ACLs
$testacl = "getfacl -e ${object} > /dev/null 2>&1"
exec { "set_acl_${object}":
command => "setfacl -m ${acl} ${object}",
onlyif => $testacl,
path => '/bin:/usr/bin:/sbin:/usr/sbin',
}
if $recurse == true {
exec { "set_acl_recursive_${object}":
command => "setfacl -R -m ${acl} ${object}",
onlyif => $testacl,
path => '/bin:/usr/bin:/sbin:/usr/sbin',
}
}
}
}
|