class Chef::Knife::AclBulkRemove

Public Instance Methods

run() click to toggle source
# File lib/chef/knife/acl_bulk_remove.rb, line 32
def run
  member_type, member_name, object_type, regex, perms = name_args
  object_name_matcher = /#{regex}/

  if name_args.length != 5
    show_usage
    ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms"
    exit 1
  end

  if member_name == "pivotal" && %w{client user}.include?(member_type)
    ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
    exit 1
  end
  if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
    ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
    ui.fatal "       Removal could prevent future attempts to modify permissions."
    exit 1
  end
  validate_perm_type!(perms)
  validate_member_type!(member_type)
  validate_member_name!(member_name)
  validate_object_type!(object_type)
  validate_member_exists!(member_type, member_name)

  if %w{containers groups}.include?(object_type)
    ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
    exit 1
  end

  objects_to_modify = []
  all_objects = rest.get_rest(object_type)
  objects_to_modify = all_objects.keys.select { |object_name| object_name =~ object_name_matcher }

  if objects_to_modify.empty?
    ui.info "No #{object_type} match the expression /#{regex}/"
    exit 0
  end

  ui.msg("The ACL of the following #{object_type} will be modified:")
  ui.msg("")
  ui.msg(ui.list(objects_to_modify.sort, :columns_down))
  ui.msg("")
  ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")

  objects_to_modify.each do |object_name|
    remove_from_acl!(member_type, member_name, object_type, object_name, perms)
  end
end