Hey. I love the basic change, but have a few semantic questions that I hope
you can answer more quickly than I could by reading the augeas source.
Is augeus creating these temporary files in a way that is safe against
symlink attacks and similar security issues?
Am I correct in understanding that we are writing a temporary copy for the
diff, then rewriting the change to the real file separately?
If so, could we instead use "rename" to avoid the costly parse/write cycle
being run twice per file?
Regards,
Daniel
--
Puppet Labs Developer –http://puppetlabs.com
Daniel Pittman <[email protected]>
Contact me via gtalk, email, or phone: +1 (877) 575-9775
Sent from a mobile device. Please forgive me if this is briefer than usual.
On Mar 18, 2011 5:11 AM, "Michael Knox" <[email protected]> wrote:
> From: Michael Knox <[email protected]>
>
> Utilising Augeas's SAVE_NEWFILE mode (similar to augtool -n) to
> determine the changes that will be made be made by Augeas.
> Output a unified diff to info
>
> Signed-off-by: Mike Knox <[email protected]>
> ---
> lib/puppet/provider/augeas/augeas.rb | 12 ++++++++++--
> 1 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/lib/puppet/provider/augeas/augeas.rb
b/lib/puppet/provider/augeas/augeas.rb
> index 427d997..7a8b4d1 100644
> --- a/lib/puppet/provider/augeas/augeas.rb
> +++ b/lib/puppet/provider/augeas/augeas.rb
> @@ -22,6 +22,7 @@ require 'strscan'
>
> Puppet::Type.type(:augeas).provide(:augeas) do
> include Puppet::Util
> + include Puppet::Util::Diff
>
> confine :true => Puppet.features.augeas?
>
> @@ -29,6 +30,8 @@ Puppet::Type.type(:augeas).provide(:augeas) do
>
> SAVE_NOOP = "noop"
> SAVE_OVERWRITE = "overwrite"
> + SAVE_NEWFILE = "newfile"
> + SAVE_BACKUP = "backup"
>
> COMMANDS = {
> "set" => [ :path, :string ],
> @@ -286,14 +289,19 @@ Puppet::Type.type(:augeas).provide(:augeas) do
> # actually do the save.
> if return_value and get_augeas_version >= "0.3.6"
> debug("Will attempt to save and only run if files changed")
> - set_augeas_save_mode(SAVE_NOOP)
> + set_augeas_save_mode(SAVE_NEWFILE)
> do_execute_changes
> save_result = @aug.save
> - saved_files = @aug.match("/augeas/events/saved")
> + saved_files = @aug.get("/augeas/events/saved")
> if save_result and not files_changed?
> debug("Skipping because no files were changed")
> return_value = false
> else
> + saved_files.each do |tmp_file|
> + saved_file = tmp_file.sub(/^\/files/, '')
> + info(diff(saved_file, saved_file + ".augnew"))
> + File.delete(saved_file + ".augnew")
> + end
> debug("Files changed, should execute")
> end
> end
> --
> 1.7.3.5
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
[email protected].
> For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
