File ctime and mtime are now implemented as read-only properties, so they can be examined with audit.
Signed-off-by: Jesse Wolfe <[email protected]> --- lib/puppet/type/file.rb | 2 ++ lib/puppet/type/file/ctime.rb | 18 ++++++++++++++++++ lib/puppet/type/file/mtime.rb | 17 +++++++++++++++++ lib/puppet/type/file/type.rb | 17 +++++------------ spec/unit/type/file/ctime.rb | 35 +++++++++++++++++++++++++++++++++++ spec/unit/type/file/mtime.rb | 35 +++++++++++++++++++++++++++++++++++ spec/unit/type/file/type.rb | 20 ++++++++++++++++++++ 7 files changed, 132 insertions(+), 12 deletions(-) create mode 100644 lib/puppet/type/file/ctime.rb create mode 100644 lib/puppet/type/file/mtime.rb create mode 100644 spec/unit/type/file/ctime.rb create mode 100644 spec/unit/type/file/mtime.rb create mode 100644 spec/unit/type/file/type.rb diff --git a/lib/puppet/type/file.rb b/lib/puppet/type/file.rb index 6523c99..eee948c 100644 --- a/lib/puppet/type/file.rb +++ b/lib/puppet/type/file.rb @@ -797,3 +797,5 @@ require 'puppet/type/file/group' require 'puppet/type/file/mode' require 'puppet/type/file/type' require 'puppet/type/file/selcontext' # SELinux file context +require 'puppet/type/file/ctime' +require 'puppet/type/file/mtime' diff --git a/lib/puppet/type/file/ctime.rb b/lib/puppet/type/file/ctime.rb new file mode 100644 index 0000000..24b0987 --- /dev/null +++ b/lib/puppet/type/file/ctime.rb @@ -0,0 +1,18 @@ +module Puppet + Puppet::Type.type(:file).newproperty(:ctime) do + desc "A read-only state to check the file ctime." + + def retrieve + current_value = :absent + if stat = @resource.stat(false) + current_value = stat.ctime + end + current_value + end + + validate do + fail "ctime is read-only" + end + end +end + diff --git a/lib/puppet/type/file/mtime.rb b/lib/puppet/type/file/mtime.rb new file mode 100644 index 0000000..8ca7ed0 --- /dev/null +++ b/lib/puppet/type/file/mtime.rb @@ -0,0 +1,17 @@ +module Puppet + Puppet::Type.type(:file).newproperty(:mtime) do + desc "A read-only state to check the file mtime." + + def retrieve + current_value = :absent + if stat = @resource.stat(false) + current_value = stat.mtime + end + current_value + end + + validate do + fail "mtime is read-only" + end + end +end diff --git a/lib/puppet/type/file/type.rb b/lib/puppet/type/file/type.rb index eb50b81..4da54e2 100755 --- a/lib/puppet/type/file/type.rb +++ b/lib/puppet/type/file/type.rb @@ -3,23 +3,16 @@ module Puppet require 'etc' desc "A read-only state to check the file type." - #munge do |value| - # raise Puppet::Error, ":type is read-only" - #end - def retrieve - currentvalue = :absent + current_value = :absent if stat = @resource.stat(false) - currentvalue = stat.ftype + current_value = stat.ftype end - # so this state is never marked out of sync - @should = [currentvalue] - currentvalue + current_value end - - def sync - raise Puppet::Error, ":type is read-only" + validate do + fail "type is read-only" end end end diff --git a/spec/unit/type/file/ctime.rb b/spec/unit/type/file/ctime.rb new file mode 100644 index 0000000..6145cbf --- /dev/null +++ b/spec/unit/type/file/ctime.rb @@ -0,0 +1,35 @@ +#!/usr/bin/env ruby + +Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } + +describe Puppet::Type.type(:file).attrclass(:ctime) do + require 'puppet_spec/files' + include PuppetSpec::Files + + before do + @filename = tmpfile('ctime') + @resource = Puppet::Type.type(:file).new({:name => @filename}) + end + + it "should be able to audit the file's ctime" do + File.open(@filename, "w"){ } + + @resource[:audit] = [:ctime] + + # this .to_resource audit behavior is magical :-( + @resource.to_resource[:ctime].should == File.stat(@filename).ctime + end + + it "should return absent if auditing an absent file" do + @resource[:audit] = [:ctime] + + @resource.to_resource[:ctime].should == :absent + end + + it "should prevent the user from trying to set the ctime" do + lambda { + @resource[:ctime] = Time.now.to_s + }.should raise_error(Puppet::Error, /ctime is read-only/) + end + +end diff --git a/spec/unit/type/file/mtime.rb b/spec/unit/type/file/mtime.rb new file mode 100644 index 0000000..043156c --- /dev/null +++ b/spec/unit/type/file/mtime.rb @@ -0,0 +1,35 @@ +#!/usr/bin/env ruby + +Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } + +describe Puppet::Type.type(:file).attrclass(:mtime) do + require 'puppet_spec/files' + include PuppetSpec::Files + + before do + @filename = tmpfile('mtime') + @resource = Puppet::Type.type(:file).new({:name => @filename}) + end + + it "should be able to audit the file's mtime" do + File.open(@filename, "w"){ } + + @resource[:audit] = [:mtime] + + # this .to_resource audit behavior is magical :-( + @resource.to_resource[:mtime].should == File.stat(@filename).mtime + end + + it "should return absent if auditing an absent file" do + @resource[:audit] = [:mtime] + + @resource.to_resource[:mtime].should == :absent + end + + it "should prevent the user from trying to set the mtime" do + lambda { + @resource[:mtime] = Time.now.to_s + }.should raise_error(Puppet::Error, /mtime is read-only/) + end + +end diff --git a/spec/unit/type/file/type.rb b/spec/unit/type/file/type.rb new file mode 100644 index 0000000..e46f0e0 --- /dev/null +++ b/spec/unit/type/file/type.rb @@ -0,0 +1,20 @@ +#!/usr/bin/env ruby + +Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } + +describe Puppet::Type.type(:file).attrclass(:type) do + require 'puppet_spec/files' + include PuppetSpec::Files + + before do + @filename = tmpfile('type') + @resource = Puppet::Type.type(:file).new({:name => @filename}) + end + + it "should prevent the user from trying to set the type" do + lambda { + @resource[:type] = "fifo" + }.should raise_error(Puppet::Error, /type is read-only/) + end + +end -- 1.7.0.4 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
