Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[template] file_(group)owner file_permission improvement #13188

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

[template] file_(group)owner file_permission improvement #13188

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7525673
Complete the tests of file_owner file_groupowner file_permissions
alanmcanonical Mar 14, 2025
68d4d8d
Fix ansible
alanmcanonical Mar 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 9 additions & 7 deletions shared/templates/file_groupowner/ansible.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,20 @@
# complexity = low
# disruption = low

{{%- for path in FILEPATH %}}
{{%- if IS_DIRECTORY %}}
{{%- if FILE_REGEX %}}

{{%- if RECURSIVE %}}
{{%- set FIND_RECURSE_ARGS="" %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{%- set FIND_RECURSE_ARGS="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{%- for path in FILEPATH %}}
{{%- if IS_DIRECTORY %}}
{{%- if FILE_REGEX %}}

- name: Find {{{ path }}} file(s) matching {{{ FILE_REGEX[loop.index0] }}}{{% if RECURSIVE %}} recursively{{% endif %}}
command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -group {{{ GID_OR_NAME }}} -regextype posix-extended -regex "{{{ FILE_REGEX[loop.index0] }}}"'
command: 'find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f ! -group {{{ GID_OR_NAME }}} -regextype posix-extended -regex "{{{ FILE_REGEX[loop.index0] }}}"'
register: files_found
changed_when: False
failed_when: False
Expand Down
11 changes: 10 additions & 1 deletion shared/templates/file_groupowner/tests/correct_groupowner.pass.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,21 @@
#!/bin/bash

{{%- if RECURSIVE %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{% for path in FILEPATH %}}
{{% if path.endswith("/") %}}
if [ ! -d {{{ path }}} ]; then
mkdir -p {{{ path }}}
fi
touch "{{{ path }}}"/cac_file_groupowner_test_file
{{% if FILE_REGEX %}}
echo "Create specific tests for this rule because of regex"
find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chgrp {{{ GID_OR_NAME }}} {} \;
{{% elif RECURSIVE %}}
find -L {{{ path }}} -type d -exec chgrp {{{ GID_OR_NAME }}} {} \;
{{% else %}}
Expand Down
9 changes: 6 additions & 3 deletions shared/templates/file_groupowner/tests/incorrect_groupowner.fail.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,21 @@
groupadd group_test

{{%- if RECURSIVE %}}
{{% set FIND_RECURSE_ARGS="" %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{% set FIND_RECURSE_ARGS="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{% for path in FILEPATH %}}
{{% if path.endswith("/") %}}
if [ ! -d {{{ path }}} ]; then
mkdir -p {{{ path }}}
fi
touch "{{{ path }}}"/cac_file_groupowner_test_file
{{% if FILE_REGEX %}}
find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ EXCLUDED_FILES_ARGS }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chgrp group_test {} \;
find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chgrp group_test {} \;
{{% elif RECURSIVE %}}
find -L {{{ path }}} -type d -exec chgrp group_test {} \;
{{% else %}}
Expand Down
16 changes: 9 additions & 7 deletions shared/templates/file_owner/ansible.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,20 @@
# complexity = low
# disruption = low

{{%- for path in FILEPATH %}}
{{%- if IS_DIRECTORY %}}
{{%- if FILE_REGEX %}}

{{%- if RECURSIVE %}}
{{%- set FIND_RECURSE_ARGS="" %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{%- set FIND_RECURSE_ARGS="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{%- for path in FILEPATH %}}
{{%- if IS_DIRECTORY %}}
{{%- if FILE_REGEX %}}

- name: Find {{{ path }}} file(s) matching {{{ FILE_REGEX[loop.index0] }}}{{% if RECURSIVE %}} recursively{{% endif %}}
command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -user {{{ UID_OR_NAME }}} -regextype posix-extended -regex "{{{ FILE_REGEX[loop.index0] }}}"'
command: 'find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f ! -user {{{ UID_OR_NAME }}} -regextype posix-extended -regex "{{{ FILE_REGEX[loop.index0] }}}"'
register: files_found
changed_when: False
failed_when: False
Expand Down
11 changes: 10 additions & 1 deletion shared/templates/file_owner/tests/correct_owner.pass.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,21 @@
#!/bin/bash

{{%- if RECURSIVE %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{% for path in FILEPATH %}}
{{% if path.endswith("/") %}}
if [ ! -d {{{ path }}} ]; then
mkdir -p {{{ path }}}
fi
touch "{{{ path }}}"/cac_file_owner_test_file
{{% if FILE_REGEX %}}
echo "Create specific tests for this rule because of regex"
find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chown {{{ UID_OR_NAME }}} {} \;
{{% elif RECURSIVE %}}
find -L {{{ path }}} -type d -exec chown {{{ UID_OR_NAME }}} {} \;
{{% else %}}
Expand Down
8 changes: 5 additions & 3 deletions shared/templates/file_owner/tests/incorrect_owner.fail.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@
useradd testuser_123

{{%- if RECURSIVE %}}
{{% set FIND_RECURSE_ARGS="" %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{% set FIND_RECURSE_ARGS="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{% for path in FILEPATH %}}
Expand All @@ -15,7 +17,7 @@ if [ ! -d {{{ path }}} ]; then
fi
touch "{{{ path }}}"/cac_file_owner_test_file
{{% if FILE_REGEX %}}
find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chown testuser_123 {} \;
find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chown testuser_123 {} \;
{{% elif RECURSIVE %}}
find -L {{{ path }}} -type d -exec chown testuser_123 {} \;
{{% else %}}
Expand Down
16 changes: 9 additions & 7 deletions shared/templates/file_permissions/ansible.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@
# complexity = low
# disruption = low

{{%- if RECURSIVE %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{% for path in FILEPATH %}}
{{% if IS_DIRECTORY %}}

Expand All @@ -17,12 +25,6 @@
{{% set FIND_FILE_REGEX="" %}}
{{%- endif %}}

{{%- if RECURSIVE %}}
{{% set FIND_RECURSE_ARGS="" %}}
{{%- else %}}
{{% set FIND_RECURSE_ARGS="-maxdepth 1" %}}
{{%- endif %}}

{{%- if ALLOW_STRICTER_PERMISSIONS %}}
{{% set PERMS="-perm /" + SEARCH_MODE %}}
{{%- else %}}
Expand All @@ -36,7 +38,7 @@
{{%- endif %}}

- name: Find {{{ path }}} file(s){{% if RECURSIVE %}} recursively{{% endif %}}
command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} {{{ EXCLUDED_FILES_ARGS }}} {{{ FIND_TYPE }}} {{{ FIND_FILE_REGEX }}}'
command: 'find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} {{{ PERMS }}} {{{ EXCLUDED_FILES_ARGS }}} {{{ FIND_TYPE }}} {{{ FIND_FILE_REGEX }}}'
register: files_found
changed_when: False
failed_when: False
Expand Down
11 changes: 10 additions & 1 deletion shared/templates/file_permissions/tests/correct_permissions.pass.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,21 @@
#!/bin/bash

{{%- if RECURSIVE %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{% for path in FILEPATH %}}
{{% if path.endswith("/") %}}
if [ ! -d {{{ path }}} ]; then
mkdir -p {{{ path }}}
fi
touch "{{{ path }}}"/cac_file_permissions_test_file
{{% if FILE_REGEX %}}
echo "Create specific tests for this rule because of regex"
find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod {{{ FILEMODE }}} {} \;
{{% elif RECURSIVE %}}
find -L {{{ path }}} -type d -exec chmod {{{ FILEMODE }}} {} \;
{{% else %}}
Expand Down
9 changes: 6 additions & 3 deletions shared/templates/file_permissions/tests/lenient_permissions.fail.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
#!/bin/bash

{{%- if RECURSIVE %}}
{{% set FIND_RECURSE_ARGS="" %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{% set FIND_RECURSE_ARGS="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{%- if EXCLUDED_FILES %}}
Expand All @@ -17,8 +19,9 @@
if [ ! -d {{{ path }}} ]; then
mkdir -p {{{ path }}}
fi
touch "{{{ path }}}"/cac_file_permissions_test_file
{{% if FILE_REGEX %}}
find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ EXCLUDED_FILES_ARGS }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod 777 {} \;
find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} {{{ EXCLUDED_FILES_ARGS }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod 777 {} \;
{{% elif RECURSIVE %}}
find -H {{{ path }}} -type d -maxdepth 1 -exec chmod 777 {} \;
{{% else %}}
Expand Down
11 changes: 10 additions & 1 deletion shared/templates/file_permissions/tests/stricter_permisions.pass.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,21 @@
#!/bin/bash

{{%- if RECURSIVE %}}
{{%- set FIND_RECURSE_ARGS_DEP="" %}}
{{%- set FIND_RECURSE_ARGS_SYM="" %}}
{{%- else %}}
{{%- set FIND_RECURSE_ARGS_DEP="-maxdepth 1" %}}
{{%- set FIND_RECURSE_ARGS_SYM="-L" %}}
{{%- endif %}}

{{% for path in FILEPATH %}}
{{% if path.endswith("/") %}}
if [ ! -d {{{ path }}} ]; then
mkdir -p {{{ path }}}
fi
touch "{{{ path }}}"/cac_file_permissions_test_file
{{% if FILE_REGEX %}}
echo "Create specific tests for this rule because of regex"
find {{{ FIND_RECURSE_ARGS_SYM }}} {{{ path }}} {{{ FIND_RECURSE_ARGS_DEP }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod {{{ FILEMODE }}} {} \;
{{% elif RECURSIVE %}}
find -L {{{ path }}} -type d -exec chmod {{{ FILEMODE }}} {} \;
{{% else %}}
Expand Down
Loading