always exec the concatfragments script as root when running as root
This is to allow the concatfragments script to be installed into a path that may not be accessible by a non-root user.
This commit is contained in:
Joshua Hoblitt
parent
99250ed5f8
commit
200e4ee205
3 changed files with 64 additions and 27 deletions
|
|
@ -162,14 +162,15 @@ define concat(
|
||||||
backup => $backup,
|
backup => $backup,
|
||||||
}
|
}
|
||||||
|
|
||||||
# remove extra whitespace from string interopolation to make testing easier
|
# remove extra whitespace from string interpolation to make testing easier
|
||||||
$command = strip(regsubst("${script_command} -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${newlineflag}", '\s+', ' ', 'G'))
|
$command = strip(regsubst("${script_command} -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${newlineflag}", '\s+', ' ', 'G'))
|
||||||
|
|
||||||
|
# if puppet is running as root, this exec should also run as root to allow
|
||||||
|
# the concatfragments.sh script to potentially be installed in path that
|
||||||
|
# may not be accessible by a target non-root owner.
|
||||||
exec { "concat_${name}":
|
exec { "concat_${name}":
|
||||||
alias => "concat_${fragdir}",
|
alias => "concat_${fragdir}",
|
||||||
command => $command,
|
command => $command,
|
||||||
user => $owner,
|
|
||||||
group => $group,
|
|
||||||
notify => File[$name],
|
notify => File[$name],
|
||||||
subscribe => File[$fragdir],
|
subscribe => File[$fragdir],
|
||||||
unless => "${command} -t",
|
unless => "${command} -t",
|
||||||
|
|
|
||||||
|
|
@ -1,27 +1,8 @@
|
||||||
require 'spec_helper_system'
|
require 'spec_helper_system'
|
||||||
|
|
||||||
describe 'basic concat test' do
|
describe 'basic concat test' do
|
||||||
context 'should run successfully' do
|
|
||||||
pp="
|
|
||||||
concat { '/tmp/file':
|
|
||||||
owner => root,
|
|
||||||
group => root,
|
|
||||||
mode => '0644',
|
|
||||||
}
|
|
||||||
|
|
||||||
concat::fragment { '1':
|
|
||||||
target => '/tmp/file',
|
|
||||||
content => '1',
|
|
||||||
order => '01',
|
|
||||||
}
|
|
||||||
|
|
||||||
concat::fragment { '2':
|
|
||||||
target => '/tmp/file',
|
|
||||||
content => '2',
|
|
||||||
order => '02',
|
|
||||||
}
|
|
||||||
"
|
|
||||||
|
|
||||||
|
shared_examples 'concat' do |pp|
|
||||||
context puppet_apply(pp) do
|
context puppet_apply(pp) do
|
||||||
its(:stderr) { should be_empty }
|
its(:stderr) { should be_empty }
|
||||||
its(:exit_code) { should_not == 1 }
|
its(:exit_code) { should_not == 1 }
|
||||||
|
|
@ -50,6 +31,58 @@ describe 'basic concat test' do
|
||||||
describe file('/var/lib/puppet/concat/_tmp_file/fragments.concat') do
|
describe file('/var/lib/puppet/concat/_tmp_file/fragments.concat') do
|
||||||
it { should be_file }
|
it { should be_file }
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'owner/group root' do
|
||||||
|
pp="
|
||||||
|
concat { '/tmp/file':
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0644',
|
||||||
|
}
|
||||||
|
|
||||||
|
concat::fragment { '1':
|
||||||
|
target => '/tmp/file',
|
||||||
|
content => '1',
|
||||||
|
order => '01',
|
||||||
|
}
|
||||||
|
|
||||||
|
concat::fragment { '2':
|
||||||
|
target => '/tmp/file',
|
||||||
|
content => '2',
|
||||||
|
order => '02',
|
||||||
|
}
|
||||||
|
"
|
||||||
|
|
||||||
|
it_behaves_like 'concat', pp
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'owner/group non-root' do
|
||||||
|
before(:all) do
|
||||||
|
shell "groupadd -g 42 bob"
|
||||||
|
shell "useradd -u 42 -g 42 bob"
|
||||||
|
end
|
||||||
|
|
||||||
|
pp="
|
||||||
|
concat { '/tmp/file':
|
||||||
|
owner => 'bob',
|
||||||
|
group => 'bob',
|
||||||
|
mode => '0644',
|
||||||
|
}
|
||||||
|
|
||||||
|
concat::fragment { '1':
|
||||||
|
target => '/tmp/file',
|
||||||
|
content => '1',
|
||||||
|
order => '01',
|
||||||
|
}
|
||||||
|
|
||||||
|
concat::fragment { '2':
|
||||||
|
target => '/tmp/file',
|
||||||
|
content => '2',
|
||||||
|
order => '02',
|
||||||
|
}
|
||||||
|
"
|
||||||
|
|
||||||
|
it_behaves_like 'concat', pp
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,9 @@ require 'spec_helper'
|
||||||
|
|
||||||
describe 'concat', :type => :define do
|
describe 'concat', :type => :define do
|
||||||
|
|
||||||
shared_examples 'concat' do |title, params|
|
shared_examples 'concat' do |title, params, id|
|
||||||
params = {} if params.nil?
|
params = {} if params.nil?
|
||||||
|
id = 'root' if id.nil?
|
||||||
|
|
||||||
# default param values
|
# default param values
|
||||||
p = {
|
p = {
|
||||||
|
|
@ -37,7 +38,7 @@ describe 'concat', :type => :define do
|
||||||
|
|
||||||
let(:title) { title }
|
let(:title) { title }
|
||||||
let(:params) { params }
|
let(:params) { params }
|
||||||
let(:facts) {{ :concat_basedir => concatdir }}
|
let(:facts) {{ :concat_basedir => concatdir, :id => id }}
|
||||||
|
|
||||||
if p[:ensure] == 'present'
|
if p[:ensure] == 'present'
|
||||||
it do
|
it do
|
||||||
|
|
@ -95,8 +96,6 @@ describe 'concat', :type => :define do
|
||||||
should contain_exec("concat_#{title}").with({
|
should contain_exec("concat_#{title}").with({
|
||||||
:alias => "concat_#{fragdir}",
|
:alias => "concat_#{fragdir}",
|
||||||
:command => cmd,
|
:command => cmd,
|
||||||
:user => p[:owner],
|
|
||||||
:group => p[:group],
|
|
||||||
:unless => "#{cmd} -t",
|
:unless => "#{cmd} -t",
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
@ -162,6 +161,10 @@ describe 'concat', :type => :define do
|
||||||
end
|
end
|
||||||
end # title =>
|
end # title =>
|
||||||
|
|
||||||
|
context 'as non-root user' do
|
||||||
|
it_behaves_like 'concat', '/etc/foo.bar', {}, 'bob'
|
||||||
|
end
|
||||||
|
|
||||||
context 'ensure =>' do
|
context 'ensure =>' do
|
||||||
['present', 'absent'].each do |ens|
|
['present', 'absent'].each do |ens|
|
||||||
context ens do
|
context ens do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue