policy.drush.inc

  1. 8.0.x examples/policy.drush.inc
  2. 6.x examples/policy.drush.inc
  3. 7.x examples/policy.drush.inc
  4. 4.x examples/policy.drush.inc
  5. 5.x examples/policy.drush.inc
  6. master examples/policy.drush.inc

Example policy commandfile. Modify as desired.

Validates commands as they are issued and returns an error or changes options when policy is violated.

You can copy this file to any of the following 1. A .drush folder in your HOME folder. 2. Anywhere in a folder tree below an active module on your site. 3. /usr/share/drush/commands (configurable) 4. In an arbitrary folder specified with the --include option. 5. Drupal's /drush or sites/all/drush folder, or in the /drush folder in the directory above the Drupal root (note: sql-sync validation won't work in any of these locations).

Functions

File

examples/policy.drush.inc
View source
  1. <?php
  2. /**
  3. * @file
  4. * Example policy commandfile. Modify as desired.
  5. *
  6. * Validates commands as they are issued and returns an error
  7. * or changes options when policy is violated.
  8. *
  9. * You can copy this file to any of the following
  10. * 1. A .drush folder in your HOME folder.
  11. * 2. Anywhere in a folder tree below an active module on your site.
  12. * 3. /usr/share/drush/commands (configurable)
  13. * 4. In an arbitrary folder specified with the --include option.
  14. * 5. Drupal's /drush or sites/all/drush folder, or in the /drush
  15. * folder in the directory above the Drupal root (note: sql-sync
  16. * validation won't work in any of these locations).
  17. */
  18. /**
  19. * Implements drush_hook_COMMAND_validate().
  20. *
  21. * Prevent catastrophic braino. Note that this file has to be local to the
  22. * machine that intitiates sql-sync command.
  23. */
  24. function drush_policy_sql_sync_validate($source = NULL, $destination = NULL) {
  25. if ($destination == '@prod') {
  26. return drush_set_error('POLICY_DENY', dt('Per examples/policy.drush.inc, you may never overwrite the production database.'));
  27. }
  28. }
  29. /**
  30. * Implements drush_hook_COMMAND_validate().
  31. *
  32. * We can also limit rsync operations to production sites.
  33. */
  34. function drush_policy_core_rsync_validate($source = NULL, $destination = NULL) {
  35. if (preg_match("/^@prod/", $destination)) {
  36. return drush_set_error('POLICY_DENY', dt('Per examples/policy.drush.inc, you may never rsync to the production site.'));
  37. }
  38. }
  39. /**
  40. * Implements hook_drush_sitealias_alter
  41. *
  42. * Alter alias record data in code.
  43. */
  44. function policy_drush_sitealias_alter(&$alias_record) {
  45. // A duplicate of the old implementation of the 'parent' element.
  46. // Keep this if you want to keep using 'parent', but do not want
  47. // to be nagged (or worse, break when it is removed).
  48. if (isset($alias_record['parent'])) {
  49. // Fetch and merge in each parent
  50. foreach (explode(',', $alias_record['parent']) as $parent) {
  51. $parent_record = drush_sitealias_get_record($parent);
  52. unset($parent_record['#name']);
  53. unset($parent_record['#file']);
  54. unset($parent_record['#hidden']);
  55. $array_based_keys = array_merge(drush_get_special_keys(), array('path-aliases'));
  56. foreach ($array_based_keys as $array_based_key) {
  57. if (isset($alias_record[$array_based_key]) && isset($parent_record[$array_based_key])) {
  58. $alias_record[$array_based_key] = array_merge($parent_record[$array_based_key], $alias_record[$array_based_key]);
  59. }
  60. }
  61. $alias_record = array_merge($parent_record, $alias_record);
  62. }
  63. unset($alias_record['parent']);
  64. }
  65. }
  66. /**
  67. * Implements hook_drush_help_alter().
  68. *
  69. * When a hook extends a command with additional options, it must
  70. * implement help alter and declare the option(s). Doing so will add
  71. * the option to the help text for the modified command, and will also
  72. * allow the new option to be specified on the command line. Without
  73. * this, Drush will fail with an error when a user attempts to use
  74. * the option.
  75. */
  76. function policy_drush_help_alter($command) {
  77. if ($command['command'] == 'updatedb') {
  78. $command['options']['token'] = 'Per site policy, you must specify a token in the --token option for all commands.';
  79. }
  80. }
  81. /**
  82. * Implements drush_hook_COMMAND_validate().
  83. *
  84. * To test this example without copying, execute
  85. * `drush --include=./examples updatedb` from within your drush directory.
  86. *
  87. * Unauthorized users may view pending updates but not execute them.
  88. */
  89. function drush_policy_updatedb_validate() {
  90. // Check for a token in the request. In this case, we require --token=secret.
  91. if (!drush_get_option('token') == 'secret') {
  92. drush_log(dt('Per site policy, you must add a secret --token complete this command. See examples/policy.drush.inc. If you are running a version of drush prior to 4.3 and are not sure why you are seeing this message, please see http://drupal.org/node/1024824.'), 'warning');
  93. drush_set_context('DRUSH_AFFIRMATIVE', FALSE);
  94. drush_set_context('DRUSH_NEGATIVE', TRUE);
  95. }
  96. }
  97. /**
  98. * Implements drush_hook_COMMAND_validate().
  99. *
  100. * Only sudo tells me to make a sandwich: http://xkcd.com/149/
  101. */
  102. function drush_policy_make_me_a_sandwich_validate() {
  103. if (drush_is_windows()) {
  104. // $name = drush_get_username();
  105. // TODO: implement check for elevated process using w32api
  106. // as sudo is not available for Windows
  107. // @see http://php.net/manual/en/book.w32api.php
  108. // @see http://social.msdn.microsoft.com/Forums/en/clr/thread/0957c58c-b30b-4972-a319-015df11b427d
  109. }
  110. else {
  111. $name = posix_getpwuid(posix_geteuid());
  112. if ($name['name'] !== 'root') {
  113. return drush_set_error('POLICY_MAKE_IT_YOUSELF', dt('What? Make your own sandwich.'));
  114. }
  115. }
  116. }