Puppet Function: polkit::validate_identity
- Defined in:
- lib/puppet/functions/polkit/validate_identity.rb
- Function type:
- Ruby 4.x API
Overview
Validate that all entries are valid PolicyKit identities per pkla-check-authorization(8). Abort catalog compilation if any entry fails this check.
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/puppet/functions/polkit/validate_identity.rb', line 5 Puppet::Functions.create_function(:'polkit::validate_identity') do # @param identity Polkit identity; must begin with a 'unix-user:' # or 'unix_group:' header; the value portion can contain a wildcard. # For example, 'unix-user:username' or 'unix-group:mygroup*' # # @return None dispatch :validate_identity do required_param 'String', :identity end # @param identities Array of Polkit identities; each must begin # with a 'unix-user:' or 'unix_group:' header; each value portion # can contain a wildcard. # # @return None dispatch :validate_identities do required_param 'Array[String]', :identities end def validate_identity(identity) validate_identities(Array(identity)) end def validate_identities(identities) valid_headers = [ 'unix-user', 'unix-group', 'unix-netgroup' ] identities.each do |entry| next if entry == 'default' header,val = entry.split(':') unless valid_headers.include?(header) fail("polkit::validate_identity(): Error, identity specifier '#{header}' must be one of '#{valid_headers.join(', ')}' for entry '#{entry}'") end valid_name = Regexp.new(/^[A-Za-z0-9_.*-]+$/) unless valid_name.match(val) fail("polkit::validate_identity(): Error, value '#{val}' is invalid for entry '#{entry}'") end if header == 'unix-netgroup' && val.include?('*') fail("polkit::validate_identity(): Error, value '#{val}' cannot contain glob for entry '#{entry}'") end end end end |