Class: Puppetserver::Ca::Utils::FileSystem

Inherits:
Object
  • Object
show all
Defined in:
lib/puppetserver/ca/utils/file_system.rb

Constant Summary collapse

DIR_MODES =
{
  :ssldir => 0771,
  :cadir => 0755,
  :certdir => 0755,
  :privatekeydir => 0750,
  :publickeydir => 0755,
  :signeddir => 0755
}

Class Method Summary collapse

Class Method Details

.check_for_existing_files(one_or_more_paths) ⇒ Object



52
53
54
55
56
57
58
59
60
# File 'lib/puppetserver/ca/utils/file_system.rb', line 52

def self.check_for_existing_files(one_or_more_paths)
  errors = []
  Array(one_or_more_paths).each do |path|
    if File.exist?(path)
      errors << "Existing file at '#{path}'"
    end
  end
  errors
end

.ensure_dir(directory) ⇒ Object

Warning: directory mode should be specified in DIR_MODES above



34
35
36
37
38
39
# File 'lib/puppetserver/ca/utils/file_system.rb', line 34

def self.ensure_dir(directory)
  if !File.exist?(directory)
    FileUtils.mkdir_p(directory, mode: DIR_MODES[directory])
    ensure_ownership(directory)
  end
end

.ensure_dirs(one_or_more_dirs) ⇒ Object



27
28
29
30
31
# File 'lib/puppetserver/ca/utils/file_system.rb', line 27

def self.ensure_dirs(one_or_more_dirs)
  Array(one_or_more_dirs).each do |directory|
    ensure_dir(directory)
  end
end

.ensure_ownership(path) ⇒ Object

Chown the path to the puppet user when running as root. Skipped otherwise: a non-root process can only have created the path as itself, so ownership is already correct, and chowning to any other user would require CAP_CHOWN (unavailable in rootless containers).

Uses ‘FileUtils.chown` rather than `File.chown` so that when `path` is a symlink it operates on the link itself rather than its target.



75
76
77
78
79
80
# File 'lib/puppetserver/ca/utils/file_system.rb', line 75

def self.ensure_ownership(path)
  return unless running_as_root?
  user = pe_puppet_exists? ? 'pe-puppet' : 'puppet'
  group = pe_puppet_exists? ? 'pe-puppet' : 'puppet'
  FileUtils.chown(user, group, path)
end


62
63
64
65
66
# File 'lib/puppetserver/ca/utils/file_system.rb', line 62

def self.forcibly_symlink(source, link_target)
  FileUtils.remove_dir(link_target, true)
  FileUtils.symlink(source, link_target)
  ensure_ownership(link_target)
end

.pe_puppet_exists?Boolean

Returns:

  • (Boolean)


86
87
88
# File 'lib/puppetserver/ca/utils/file_system.rb', line 86

def self.pe_puppet_exists?
  !!(Etc.getpwnam('pe-puppet') rescue nil)
end

.running_as_root?Boolean

Returns:

  • (Boolean)


82
83
84
# File 'lib/puppetserver/ca/utils/file_system.rb', line 82

def self.running_as_root?
  !Gem.win_platform? && Process.euid == 0
end

.validate_file_paths(one_or_more_paths) ⇒ Object



41
42
43
44
45
46
47
48
49
50
# File 'lib/puppetserver/ca/utils/file_system.rb', line 41

def self.validate_file_paths(one_or_more_paths)
  errors = []
  Array(one_or_more_paths).each do |path|
    if !File.exist?(path) || !File.readable?(path)
      errors << "Could not read file '#{path}'"
    end
  end

  errors
end

.write_file(path, one_or_more_objects, mode) ⇒ Object



18
19
20
21
22
23
24
25
# File 'lib/puppetserver/ca/utils/file_system.rb', line 18

def self.write_file(path, one_or_more_objects, mode)
  File.open(path, 'w', mode) do |f|
    Array(one_or_more_objects).each do |object|
      f.puts object.to_s
    end
  end
  ensure_ownership(path)
end