File Coverage

blib/lib/Beam/Runnable/DenyUsers.pm
Criterion Covered Total %
statement 15 15 100.0
branch n/a
condition n/a
subroutine 5 5 100.0
pod n/a
total 20 20 100.0


line stmt bran cond sub pod time code
1             package Beam::Runnable::DenyUsers;
2             our $VERSION = '0.015';
3             # ABSTRACT: Deny certain users from running a command
4              
5             #pod =head1 SYNOPSIS
6             #pod
7             #pod ### In a Runnable module
8             #pod package My::Runnable::Script;
9             #pod use Moo;
10             #pod with 'Beam::Runnable', 'Beam::Runnable::DenyUsers';
11             #pod has '+deny_users' => ( default => [ 'root' ] );
12             #pod sub run { }
13             #pod
14             #pod ### In a container config file
15             #pod runnable:
16             #pod $class: My::Runnable::Script
17             #pod $with:
18             #pod - 'Beam::Runnable::DenyUsers'
19             #pod deny_users:
20             #pod - root
21             #pod - doug
22             #pod
23             #pod =head1 DESCRIPTION
24             #pod
25             #pod This role checks to ensure that certain users don't run a command. If an
26             #pod unauthorized user runs the command, it dies with an error instead.
27             #pod
28             #pod B This is mostly a demonstration of a L role.
29             #pod Users that can write to the configuration file can edit who is denied
30             #pod to run the command, and there are other ways to prevent access to
31             #pod a file/command.
32             #pod
33             #pod =head1 SEE ALSO
34             #pod
35             #pod L, L, L<< perlvar/$> >>
36             #pod
37             #pod =cut
38              
39 1     1   645 use strict;
  1         3  
  1         33  
40 1     1   6 use warnings;
  1         3  
  1         24  
41 1     1   5 use Moo::Role;
  1         2  
  1         5  
42 1     1   345 use List::Util qw( any );
  1         3  
  1         112  
43 1     1   8 use Types::Standard qw( ArrayRef Str );
  1         8  
  1         9  
44              
45             #pod =attr deny_users
46             #pod
47             #pod An array reference of user names that are denied to run this task.
48             #pod
49             #pod =cut
50              
51             has deny_users => (
52             is => 'ro',
53             isa => ArrayRef[ Str ],
54             required => 1,
55             );
56              
57             #pod =method run
58             #pod
59             #pod This role wraps the C method of your runnable class to check that
60             #pod the user isn't unauthorized.
61             #pod
62             #pod =cut
63              
64             before run => sub {
65             my ( $self, @args ) = @_;
66             my $user = getpwuid( $> );
67             die "Unauthorized user: $user\n"
68             if any { $_ eq $user } @{ $self->deny_users };
69             };
70              
71             1;
72              
73             __END__