28 lines
1.1 KiB
Ruby
28 lines
1.1 KiB
Ruby
|
|
def load_current_resource
|
|
@current_resource = Chef::Resource::Rbac.new(@new_resource.name)
|
|
end
|
|
|
|
action :create do
|
|
definition = new_resource.name
|
|
|
|
new_resource.updated_by_last_action(false)
|
|
|
|
manage_auth = "solaris.smf.manage.#{definition}:::Manage #{definition} Service States::"
|
|
manage = execute "add RBAC #{definition} management to /etc/security/auth_attr" do
|
|
command "echo \"#{manage_auth}\" >> /etc/security/auth_attr"
|
|
not_if "grep \"#{manage_auth}\" /etc/security/auth_attr"
|
|
end
|
|
|
|
# This additional permission allows the user to call svccfg -s service setprop
|
|
# to set dynamic properties without having to re-run chef. This may be
|
|
# moved into a separate LWRP in the future.
|
|
value_auth = "solaris.smf.value.#{definition}:::Change value of #{definition} Service::"
|
|
value = execute "add RBAC #{definition} value to /etc/security/auth_attr" do
|
|
command "echo \"#{value_auth}\" >> /etc/security/auth_attr"
|
|
not_if "grep \"#{value_auth}\" /etc/security/auth_attr"
|
|
end
|
|
|
|
new_resource.updated_by_last_action(manage.updated_by_last_action? || value.updated_by_last_action?)
|
|
end
|