Merge pull request #195 from voxpupuli/revert-173-simplify_acl_template

Revert "Simplify the acl template"
voxpupuli · Mar 8, 2016 · 801746f · 801746f
2 parents c2817f0 + 7fba718
commit 801746f
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 29 deletions.
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -82,9 +82,9 @@
           {'allow' => '*'},
         ],
       },
-      'by' => {
-        'group' => ['admin'],
-      }
+      'by' => [{
+        'group' => ['admin']
+      }]
     },
     {
       'description' => 'Admin, all access',
@@ -99,9 +99,9 @@
           {'allow' => '*'},
         ],
       },
-      'by' => {
-        'group' => ['admin'],
-      }
+      'by' => [{
+        'group' => ['admin']
+      }]
     }
   ]
 
@@ -124,9 +124,9 @@
           {'allow' => ['read','run']}
         ],
       },
-      'by' => {
-        'group' => ['api_token_group'],
-      }
+      'by' => [{
+        'group' => ['api_token_group']
+      }]
     },
     {
       'description' => 'API Application level access control',
@@ -144,9 +144,9 @@
           { 'match' => {'path' => '(keys|keys/.*)'}, 'allow' => '*' },
         ],
       },
-      'by' => {
-        'group' => ['api_token_group'],
-      }
+      'by' => [{
+        'group' => ['api_token_group']
+      }]
     }
   ]
 

diff --git a/spec/classes/config/global/aclpolicyfile_spec.rb b/spec/classes/config/global/aclpolicyfile_spec.rb
@@ -14,37 +14,36 @@
           }
         end
 
-        default_acl = <<-CONFIG
----
-description: "Admin, all access"
+        default_acl = <<-CONFIG.gsub(/[^\S\n]{10}/, '')
+description: 'Admin, all access'
 context:
-  project: ".*"
+  project: '.*'
 for:
   resource:
-    - allow: "*"
+    - allow: '*'
   adhoc:
-    - allow: "*"
+    - allow: '*'
   job:
-    - allow: "*"
+    - allow: '*'
   node:
-    - allow: "*"
+    - allow: '*'
 by:
   group:
-    - admin
+    - 'admin'
 
 ---
-description: "Admin, all access"
+
+description: 'Admin, all access'
 context:
-  application: rundeck
+  application: 'rundeck'
 for:
   resource:
-    - allow: "*"
+    - allow: '*'
   project:
-    - allow: "*"
+    - allow: '*'
 by:
   group:
-      - admin
-
+    - 'admin'
         CONFIG
 
         it do

diff --git a/templates/aclpolicy.erb b/templates/aclpolicy.erb
@@ -1,4 +1,44 @@
-<%- @acl_policies.each do |policy| -%>
-<%= YAML.dump(policy) %>
+<%- @acl_policies.each_with_index do |policy, index| -%>
+description: '<%= policy['description'] %>'
+context:
+  <%= policy['context'].keys[0] %>: '<%= policy['context'].values[0] %>'
+for:
+<%- policy['for'].each do |resource,kind| -%>
+  <%= resource %>:
+  <%- kind.each do |rules| -%>
+  <%- first_key = true -%>
+  <%- rules.each do |type, action| -%>
+  <%- if %w( allow deny ).include?(type) -%>
+    <% if first_key -%>-<%- else %> <% end -%> <%= type %>: <%- if action.is_a? String -%>'<%= action %>'<%-else-%><%= action %><%-end%>
+  <%- elsif %w( match equals contains ).include?(type) -%>
+    <%- action.each do |k,v| -%>
+    <% if first_key -%>-<%- else %> <% end -%> <%= type %>:
+      <%- if %w( kind path name group rundeck_server ).include?(k) -%><%='  '%><%- else -%><%-end-%>
+      <%= k %>: <%- if v.is_a? String -%>'<%= v %>'<%-else-%><%= v %><%-end%>
+    <%- end -%>
+  <%- end -%>
+  <%- first_key = false -%>
+  <%- end -%>
+  <%- end -%>
+<%- end -%>
+by:
+<%- policy['by'].each do |by| -%>
+<%-   if !by['group'].nil? && by['group'] != :undef -%>
+  group:
+  <%- by['group'].each do |group| -%>
+    - '<%= group %>'
+  <%- end -%>
+<%-   end -%>
+<%-   if !by['username'].nil? && by['username'] != :undef -%>
+  username:
+  <%- by['username'].each do |username| -%>
+    - '<%= username %>'
+  <%- end -%>
+<%-   end -%>
+<%- end -%>
+<%- if index != (@acl_policies.length-1) -%>
 
+---
+
+<%- end -%>
 <%- end -%>