Merge pull request #29240 from clan/linux_acl

handle acl_type [[d]efault:][user|group|mask|other]

salt/modules/linux_acl.py

@@ -109,11 +109,12 @@ def getfacl(*args, **kwargs):
                 if entity in vals:
                     del vals[entity]
                     if acl_type == 'acl':
-                        ret[dentry][entity] = vals
+                        ret[dentry][entity] = [{"": vals}]
                     elif acl_type == 'default':
                         if 'defaults' not in ret[dentry]:
                             ret[dentry]['defaults'] = {}
-                        ret[dentry]['defaults'][entity] = vals
+                        ret[dentry]['defaults'][entity] = [{"": vals}]
+
     return ret
 
 

salt/states/linux_acl.py

@@ -57,11 +57,19 @@ def present(name, acl_type, acl_name='', perms='', recurse=False):
            'comment': ''}
 
     _octal = {'r': 4, 'w': 2, 'x': 1}
-    _current_perms = __salt__['acl.getfacl'](name)
 
-    if _current_perms[name].get(acl_type, None):
+    __current_perms = __salt__['acl.getfacl'](name)
+
+    if acl_type.startswith(('d:', 'default:')):
+        _acl_type = ':'.join(acl_type.split(':')[1:])
+        _current_perms = __current_perms[name].get('defaults', {})
+    else:
+        _acl_type = acl_type
+        _current_perms = __current_perms[name]
+
+    if _current_perms.get(_acl_type, None):
         try:
-            user = [i for i in _current_perms[name][acl_type] if next(six.iterkeys(i)) == acl_name].pop()
+            user = [i for i in _current_perms[_acl_type] if next(six.iterkeys(i)) == acl_name].pop()
         except (AttributeError, IndexError, StopIteration):
             user = None
 
@@ -106,11 +114,18 @@ def absent(name, acl_type, acl_name='', perms='', recurse=False):
            'changes': {},
            'comment': ''}
 
-    _current_perms = __salt__['acl.getfacl'](name)
+    __current_perms = __salt__['acl.getfacl'](name)
 
-    if _current_perms[name].get(acl_type, None):
+    if acl_type.startswith(('d:', 'default:')):
+        _acl_type = ':'.join(acl_type.split(':')[1:])
+        _current_perms = __current_perms[name].get('defaults', {})
+    else:
+        _acl_type = acl_type
+        _current_perms = __current_perms[name]
+
+    if _current_perms.get(_acl_type, None):
         try:
-            user = [i for i in _current_perms[name][acl_type] if next(six.iterkeys(i)) == acl_name].pop()
+            user = [i for i in _current_perms[_acl_type] if next(six.iterkeys(i)) == acl_name].pop()
         except IndexError:
             user = None
 

tests/integration/modules/linux_acl.py

@@ -60,9 +60,10 @@ class LinuxAclModuleTest(integration.ModuleCase,
 
     def test_getfacl_w_single_file_without_acl(self):
         ret = self.run_function('acl.getfacl', arg=[self.myfile])
+        self.maxDiff = None
         self.assertEqual(
             ret,
-            {self.myfile: {'other': {'octal': 4, 'permissions': {'read': True, 'write': False, 'execute': False}},
+            {self.myfile: {'other': [{'': {'octal': 4, 'permissions': {'read': True, 'write': False, 'execute': False}}}],
                            'user': [{'root': {'octal': 6, 'permissions': {'read': True, 'write': True, 'execute': False}}}],
                            'group': [{'root': {'octal': 4, 'permissions': {'read': True, 'write': False, 'execute': False}}}],
                            'comment': {'owner': 'root', 'group': 'root', 'file': self.myfile}}}