Add nomask option to the acl module (#39810)

* Add nomask option to the acl module

* acl: allow to choose if and when to recalculate the effective right masks of the files
This commit is contained in:
plumbeo 2018-06-13 21:08:00 +02:00 committed by Brian Coca
parent c4bf168940
commit 9b0883c70d

View file

@ -73,6 +73,14 @@ options:
type: bool
default: 'no'
version_added: "2.0"
recalculate_mask:
description:
- Select if and when to recalculate the effective right masks of the files, see setfacl documentation for more info. Incompatible with C(state=query).
choices: [ default, mask, no_mask ]
default: 'default'
version_added: "2.6"
author:
- Brian Coca (@bcoca)
- Jérémie Astori (@astorije)
@ -174,7 +182,7 @@ def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
return etype + ':' + entity
def build_command(module, mode, path, follow, default, recursive, entry=''):
def build_command(module, mode, path, follow, default, recursive, recalculate_mask, entry=''):
'''Builds and returns a getfacl/setfacl command.'''
if mode == 'set':
cmd = [module.get_bin_path('setfacl', True)]
@ -192,6 +200,11 @@ def build_command(module, mode, path, follow, default, recursive, entry=''):
if recursive:
cmd.append('--recursive')
if recalculate_mask == 'mask' and mode in ['set', 'rm']:
cmd.append('--mask')
elif recalculate_mask == 'no_mask' and mode in ['set', 'rm']:
cmd.append('--no-mask')
if not follow:
if get_platform().lower() == 'linux':
cmd.append('--physical')
@ -261,6 +274,12 @@ def main():
follow=dict(required=False, type='bool', default=True),
default=dict(required=False, type='bool', default=False),
recursive=dict(required=False, type='bool', default=False),
recalculate_mask=dict(
required=False,
default='default',
choices=['default', 'mask', 'no_mask'],
type='str'
),
use_nfsv4_acls=dict(required=False, type='bool', default=False)
),
supports_check_mode=True,
@ -278,13 +297,18 @@ def main():
follow = module.params.get('follow')
default = module.params.get('default')
recursive = module.params.get('recursive')
recalculate_mask = module.params.get('recalculate_mask')
use_nfsv4_acls = module.params.get('use_nfsv4_acls')
if not os.path.exists(path):
module.fail_json(msg="Path not found or not accessible.")
if state == 'query' and recursive:
module.fail_json(msg="'recursive' MUST NOT be set when 'state=query'.")
if state == 'query':
if recursive:
module.fail_json(msg="'recursive' MUST NOT be set when 'state=query'.")
if recalculate_mask in ['mask', 'no_mask']:
module.fail_json(msg="'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.")
if not entry:
if state == 'absent' and permissions:
@ -324,7 +348,7 @@ def main():
entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
command = build_command(
module, 'set', path, follow,
default, recursive, entry
default, recursive, recalculate_mask, entry
)
changed = acl_changed(module, command)
@ -336,7 +360,7 @@ def main():
entry = build_entry(etype, entity, use_nfsv4_acls)
command = build_command(
module, 'rm', path, follow,
default, recursive, entry
default, recursive, recalculate_mask, entry
)
changed = acl_changed(module, command)
@ -349,7 +373,7 @@ def main():
acl = run_acl(
module,
build_command(module, 'get', path, follow, default, recursive)
build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
)
module.exit_json(changed=changed, msg=msg, acl=acl)