Vh5ddlmZmZmZeZdZdZdZddl Z ddl Z ddl m Z ddl mZdZdd Zdd Zdd Zdd Zd Zedk(reyy))absolute_importdivisionprint_functionu --- module: acl short_description: Set and retrieve file ACL information. description: - Set and retrieve file ACL information. version_added: "1.0.0" options: path: description: - The full path of the file or object. type: path required: true aliases: [ name ] state: description: - Define whether the ACL should be present or not. - The V(query) state gets the current ACL without changing it, for use in C(register) operations. choices: [ absent, present, query ] default: query type: str follow: description: - Whether to follow symlinks on the path if a symlink is encountered. type: bool default: true default: description: - If O(path) is a directory, setting this to V(true) will make it the default ACL for entities created inside the directory. - Setting O(default=true) causes an error if O(path) is a file. type: bool default: false entity: description: - The actual user or group that the ACL applies to when matching entity types user or group are selected. type: str default: "" etype: description: - The entity type of the ACL to apply, see C(setfacl) documentation for more info. choices: [ group, mask, other, user ] type: str permissions: description: - The permissions to apply/remove can be any combination of C(r), C(w), C(x) (read, write and execute respectively), and C(X) (execute permission if the file is a directory or already has execute permission for some user) type: str entry: description: - DEPRECATED. - The ACL to set or remove. - This must always be quoted in the form of C(::). - The qualifier may be empty for some types, but the type and perms are always required. - C(-) can be used as placeholder when you do not care about permissions. - This is now superseded by entity, type and permissions fields. type: str recursive: description: - Recursively sets the specified ACL. - Incompatible with O(state=query). - Alias O(recurse) added in version 1.3.0. type: bool default: false aliases: [ recurse ] use_nfsv4_acls: description: - Use NFSv4 ACLs instead of POSIX ACLs. - This feature uses C(nfs4_setfacl) and C(nfs4_getfacl). The behavior depends on those implementation. And currently it only supports C(A) in ACE, so C(D) must be replaced with the appropriate C(A). - Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value. - More info C(man nfs4_setfacl) type: bool default: false recalculate_mask: description: - Select if and when to recalculate the effective right masks of the files. - See C(setfacl) documentation for more info. - Incompatible with O(state=query). choices: [ default, mask, no_mask ] default: default type: str author: - Brian Coca (@bcoca) - Jérémie Astori (@astorije) notes: - The M(ansible.posix.acl) module requires that ACLs are enabled on the target filesystem and that the C(setfacl) and C(getfacl) binaries are installed. - As of Ansible 2.0, this module only supports Linux distributions. - As of Ansible 2.3, the O(name) option has been changed to O(path) as default, but O(name) still works as well. a - name: Grant user Joe read access to a file ansible.posix.acl: path: /etc/foo.conf entity: joe etype: user permissions: r state: present - name: Removes the ACL for Joe on a specific file ansible.posix.acl: path: /etc/foo.conf entity: joe etype: user state: absent - name: Sets default ACL for joe on /etc/foo.d/ ansible.posix.acl: path: /etc/foo.d/ entity: joe etype: user permissions: rw default: true state: present - name: Same as previous but using entry shorthand ansible.posix.acl: path: /etc/foo.d/ entry: default:user:joe:rw- state: present - name: Obtain the ACL for a specific file ansible.posix.acl: path: /etc/foo.conf register: acl_info z acl: description: Current ACL on provided path (after changes, if any) returned: success type: list sample: [ "user::rwx", "group::rwx", "other::rwx" ] N) AnsibleModule) to_nativec|jd}d}|jjdrd}|jdt |dk(r|j d|\}}}|j}|jdrd}n>|jd rd }n*|jd rd }n|jd rd}nd}||||gS)z+ splits entry and ensures normalized return:NdTruuserggroupmmaskoother)splitlower startswithpoplenappend)entryar teps e/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/ansible/posix/plugins/modules/acl.py split_entryr s  CA A {{}$  a 1v{ GAq!  A||C  c   c   c    q!Q<ct|rdjd|dk(rdnd||dzgS|r|dz|zdz|zS|dz|zS)zbBuilds and returns an entry string. Does not include the permissions bit if they are not provided.r Arrtcy)join)etypeentity permissionsuse_nfsv4_aclss r build_entryr+sWxxUg%5c2v{UZGZ[\\s{V#c)K77 3; r!c |dk(r/|j|rdnddg} | j|rdnd|gn|dk(r+|j|rdnddg} | jd|gn|jd dg} tjj d k(rK|r|jd dg} n$|jd dg} | j d | j d |r|s| j d|dk(r|dvr| j dn|dk(r|dvr| j d|so|smtjj d k(r| j dn6tjj dk(r| j d|r| j dd| j || S)z-Builds and returns a getfacl/setfacl command.set nfs4_setfaclsetfaclTz-az-mrmz-xgetfacllinux nfs4_getfaclz--absolute-namesz --omit-headerz --recursiver)r-r0z--maskno_maskz --no-maskz --physicalfreebsdz-hz-d) get_bin_pathextendplatformsystemrrinsert) modulemodepathfollowdefault recursiverecalculate_maskr*rcmds r build_commandrDs u}""^>TXYZ NDe<= ""^>TXYZ D%=!""9d34 ??  " " $ /**>4@A**9d;< -. JJ ' =!6!dm&; 8 Y &4=+@ ; . ??  " " $ / JJ| $ __  $ $ &) 3 JJt  1dJJt Jr!ctjjdk(ry|dd}|jddt ||}d}|D]%}|j dr|sy|s||k(s!|dz }'|d k(ryy) zPReturns true if the provided command affects the existing ACLs, false otherwise.r5TNr6z--testrz*,*Fr )r9r:rr;run_aclendswith)r<rCrr*linescounterlines r acl_changedrKs I- a&CJJq( FC EG ==  etm qLG !| r!c\ |j||\}}}g}j D]3}|j dr|j |j5|r|djs|ddS|S#t$r%}|jt|Yd}~d}~wwxYw)zDRuns the provided command and returns the output as a list of lines.)check_rcmsgN#) run_command Exception fail_jsonr splitlinesrrstripr) r<rCrMrcouterrrrHls rrFrFs+++C(+CS# E ^^ $||C LL #$ U2Y__&Sbz L +Yq\**+sA== B+B&&B+ctttdddgtdtddtdgd  tdtdd gd  tddtddtdddgtddgd tdd d}tjj dvr|j d|j jd}|j jd}|j jd}|j jd}|j jd}|j jd}|j jd}|j jd}|j jd} |j jd } |j jd!} tjj|s|j d"|d k(r*| r|j d#| d$vr|j d%|sO|d&k(r|r| s|j d'|d&k(r|s|j d(|d)vr|s|j d*|z|r|s|s|r|j d+|d,k(r%|jd-d.vr|j d/|d&k(r%|jd-d0vr|j d1|d k(r|j d2t|\} }}}| | }tjj d3k(r| r|j d4d} d}|d,k(rOt|||| }t|d5|||| | | | }t|||| } | r|j s t#||d6|z}nl|d&k(r`| rt|||| }n t||| }t|d7|||| | | | }t|||| } | r|j s t#||dd8|z}n|d k(rd9}t#|t|d:|||| | | }|j%| ||;y)Tname)typerequiredaliasesstr)r]r$)r]r@)rrrr )r]choicesquery)absentpresentrb)r]r@raboolFrecurse)r]r@r_r@)r@rr4) r>rr(r'r)stater?r@rArBr*) argument_specsupports_check_mode)r2r5z/The acl module is not available on this system.rNrr(r'r)rgr?rArBr*z!Path not found or not accessible.z/'recursive' MUST NOT be set when 'state=query'.)rr4zM'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.rcz2'permissions' MUST NOT be set when 'state=absent'.z)'entity' MUST be set when 'state=absent'.)rdrcz$'etype' MUST be set when 'state=%s'.zH'entry' MUST NOT be set when 'entity', 'etype' or 'permissions' are set.rdr )r zF'entry' MUST have 3 or 4 sections divided by ':' when 'state=present'.)r6r zE'entry' MUST have 2 or 3 sections divided by ':' when 'state=absent'.z+'entry' MUST NOT be set when 'state=query'.r5z,recursive is not supported on that platform.r-z %s is presentr0z %s is absentz current aclget)changedrOacl)rdictr9r:rrTparamsrkosr>existscountr r+rDrK check_moderF exit_json)r<r>rr(r'r)rgr?r@rArBr* default_flagrlrOcommandrms rmainrwsu 6D6(CE"UB/:%(6 VT2fe4 {K!!6  VU;- 0!3F8 (<<NO ==  V $D MM  g &E ]]  x (F MM  g &E--##M2K MM  g &E ]]  x (Fmm *G !!+.I}}(();<]]&&'78N 77>>$ @A     !R  S 2 2   !p  q  H ^   !U  V H V   !L  M ) )%   !G%!O  P Fk   !k  l I ekk#&6&&@   !i  j H U[[%5%?   !h  i G    !N  O3>u3E0 eV[  #"G I-    !O  PG C E6;G E4 Y 0.% fgunE 6,, FG $% (  v{NKEv~>E D$ Y 0.% fgunE 6,, FGU +u$ '   E4) n  C W#37r!__main__)NF)r$)F)T) __future__rrrr] __metaclass__ DOCUMENTATIONEXAMPLESRETURNrpr9ansible.module_utils.basicransible.module_utils._textrr r+rDrKrFrw__name__r!rrsnA@ X t# J  40< &R4&~8B zFr!