diff options
| author | Nigel Kersten <nigelk@google.com> | 2009-07-06 14:55:52 -0700 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-07-11 00:47:17 +1000 |
| commit | 858d3334004bbcd642443a5de061b9733a8e765c (patch) | |
| tree | a1bf222e653c333304d5e908a741651b6446af34 | |
| parent | 44f127f738f6427bdf2adbe1d06d57b7b62e715e (diff) | |
| download | puppet-858d3334004bbcd642443a5de061b9733a8e765c.tar.gz puppet-858d3334004bbcd642443a5de061b9733a8e765c.tar.xz puppet-858d3334004bbcd642443a5de061b9733a8e765c.zip | |
Fixes #2258,#2257,#2256. Maintain correct type for integers/booleans, allow correct values, and fix rule array handling
| -rw-r--r-- | lib/puppet/provider/macauthorization/macauthorization.rb | 13 | ||||
| -rw-r--r-- | lib/puppet/type/macauthorization.rb | 33 | ||||
| -rwxr-xr-x | spec/unit/type/macauthorization.rb | 38 |
3 files changed, 77 insertions, 7 deletions
diff --git a/lib/puppet/provider/macauthorization/macauthorization.rb b/lib/puppet/provider/macauthorization/macauthorization.rb index 58f12b94c..0c7a9a633 100644 --- a/lib/puppet/provider/macauthorization/macauthorization.rb +++ b/lib/puppet/provider/macauthorization/macauthorization.rb @@ -258,9 +258,9 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe value = self.class.parsed_auth_db[resource_name][native_attribute] case value when true, "true", :true - value = :true + value = true when false, "false", :false - value = :false + value = false end @property_hash[attribute] = value @@ -287,7 +287,14 @@ Puppet::Type.type(:macauthorization).provide :macauthorization, :parent => Puppe end define_method(field.to_s + "=") do |value| - @property_hash[field] = value + case value + when true, "true", :true + @property_hash[field] = true + when false, "false", :false + @property_hash[field] = false + else + @property_hash[field] = value + end end end diff --git a/lib/puppet/type/macauthorization.rb b/lib/puppet/type/macauthorization.rb index 3399cf3e2..7fdc5bfa3 100644 --- a/lib/puppet/type/macauthorization.rb +++ b/lib/puppet/type/macauthorization.rb @@ -17,7 +17,15 @@ Puppet::Type.newtype(:macauthorization) do when false, "false", :false :false else - raise Puppet::Error("munge_boolean only takes booleans") + fail("munge_boolean only takes booleans") + end + end + + def munge_integer(value) + begin + Integer(value) + rescue ArgumentError + fail("munge_integer only takes integers") end end @@ -74,6 +82,9 @@ Puppet::Type.newtype(:macauthorization) do newvalue(:user) newvalue(:'evaluate-mechanisms') + newvalue(:allow) + newvalue(:deny) + newvalue(:rule) end newproperty(:comment) do @@ -86,15 +97,22 @@ Puppet::Type.newtype(:macauthorization) do end newproperty(:k_of_n) do - desc "k-of-n. Built-in rights only show a value of '1' or absent, - other values may be acceptable. Undocumented." + desc "k-of-n describes how large a subset of rule mechanisms must + succeed for successful authentication. If there are 'n' mechanisms, + then 'k' (the integer value of this parameter) mechanisms must succeed. + The most common setting for this parameter is '1'. If k-of-n is not + set, then 'n-of-n' mechanisms must succeed." + + munge do |value| + @resource.munge_integer(value) + end end newproperty(:mechanisms, :array_matching => :all) do desc "an array of suitable mechanisms." end - newproperty(:rule, :array_match => :all) do + newproperty(:rule, :array_matching => :all) do desc "The rule(s) that this right refers to." end @@ -132,10 +150,17 @@ Puppet::Type.newtype(:macauthorization) do authenticate every time, set the timeout to 0. For minimum security, remove the timeout attribute so the user authenticates only once per session." + + munge do |value| + @resource.munge_integer(value) + end end newproperty(:tries) do desc "The number of tries allowed." + munge do |value| + @resource.munge_integer(value) + end end end diff --git a/spec/unit/type/macauthorization.rb b/spec/unit/type/macauthorization.rb index 191a16bd0..8785984fe 100755 --- a/spec/unit/type/macauthorization.rb +++ b/spec/unit/type/macauthorization.rb @@ -13,6 +13,7 @@ describe Puppet::Type.type(:macauthorization), "when checking macauthorization o provider_class = macauth_type.provider(macauth_type.providers[0]) Plist.stubs(:parse_xml).with("/etc/authorization").returns(authplist) macauth_type.stubs(:defaultprovider).returns provider_class + @resource = macauth_type.new(:name => 'foo') end describe "when validating attributes" do @@ -70,4 +71,41 @@ describe Puppet::Type.type(:macauthorization), "when checking macauthorization o end + [:k_of_n, :timeout, :tries].each do |property| + describe "when managing the #{property} property" do + it "should convert number-looking strings into actual numbers" do + prop = macauth_type.attrclass(property).new(:resource => @resource) + prop.should = "300" + prop.should.must == 300 + end + it "should support integers as a value" do + prop = macauth_type.attrclass(property).new(:resource => @resource) + prop.should = 300 + prop.should.must == 300 + end + it "should raise an error for non-integer values" do + prop = macauth_type.attrclass(property).new(:resource => @resource) + lambda { prop.should = "foo" }.should raise_error(Puppet::Error) + end + end + end + + [:allow_root, :authenticate_user, :session_owner, :shared].each do |property| + describe "when managing the #{property} property" do + it "should convert boolean-looking false strings into actual booleans" do + prop = macauth_type.attrclass(property).new(:resource => @resource) + prop.should = "false" + prop.should.must == :false + end + it "should convert boolean-looking true strings into actual booleans" do + prop = macauth_type.attrclass(property).new(:resource => @resource) + prop.should = "true" + prop.should.must == :true + end + it "should raise an error for non-boolean values" do + prop = macauth_type.attrclass(property).new(:resource => @resource) + lambda { prop.should = "foo" }.should raise_error(Puppet::Error) + end + end + end end |