opuppet/module-concat
4
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

remove default owner/user and group values

Browse source 
The use of $::id to set the default user/owner and group has caused
multiple bugs in the past, is incorrectly used to infer the egid,
introduces a dependency on the `id` fact, and provides no functionally
that can't be accomplished by passing `undef` or not setting the
respective params on the file & exec types.

A possible alternative would be to introduce a dep on the $::gid fact
but that would mean the entire module would depend on a version of
facter than hasn't shipped yet (unworkable) or to add a gid/egid fact
into this module (ugly).
This commit is contained in:
Joshua Hoblitt 2013-10-24 08:48:37 -07:00
parent 1ee9c5b98d
commit aa0180d69a
6 changed files with 29 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
manifests/fragment.pp
View file

@ -32,7 +32,7 @@ define concat::fragment(
$order = 10, $order = 10,
$ensure = 'present', $ensure = 'present',
$mode = '0644', $mode = '0644',
$owner = $::id, $owner = undef,
$group = undef $group = undef
) { ) {
validate_absolute_path($target) validate_absolute_path($target)
@ -51,11 +51,6 @@ define concat::fragment(
$concatdir = $concat::setup::concatdir $concatdir = $concat::setup::concatdir
$fragdir = "${concatdir}/${safe_target_name}" $fragdir = "${concatdir}/${safe_target_name}"
$safe_group = $group ? {
undef => $concat::setup::root_group,
default => $group,
}
# if content is passed, use that, else if source is passed use that # if content is passed, use that, else if source is passed use that
# if neither passed, but $ensure is in symlink form, make a symlink # if neither passed, but $ensure is in symlink form, make a symlink
case $ensure { case $ensure {
@ -73,7 +68,7 @@ define concat::fragment(
ensure => $ensure, ensure => $ensure,
mode => $mode, mode => $mode,
owner => $owner, owner => $owner,
group => $safe_group, group => $group,
source => $source, source => $source,
content => $content, content => $content,
backup => false, backup => false,

21
manifests/init.pp
View file

@ -55,7 +55,7 @@
define concat( define concat(
$ensure = 'present', $ensure = 'present',
$path = $name, $path = $name,
$owner = $::id, $owner = undef,
$group = undef, $group = undef,
$mode = '0644', $mode = '0644',
$warn = false, $warn = false,
@ -87,11 +87,6 @@ define concat(
$concat_name = 'fragments.concat.out' $concat_name = 'fragments.concat.out'
$default_warn_message = '# This file is managed by Puppet. DO NOT EDIT.' $default_warn_message = '# This file is managed by Puppet. DO NOT EDIT.'
$safe_group = $group ? {
undef => $concat::setup::root_group,
default => $group,
}
if $warn == true { if $warn == true {
$use_warn_message = $warn_message ? { $use_warn_message = $warn_message ? {
undef => $default_warn_message, undef => $default_warn_message,
@ -124,7 +119,7 @@ define concat(
File { File {
owner => $owner, owner => $owner,
group => $safe_group, group => $group,
mode => $mode, mode => $mode,
replace => $replace, replace => $replace,
backup => false, backup => false,
@ -166,6 +161,8 @@ define concat(
exec { "concat_${name}": exec { "concat_${name}":
alias => "concat_${fragdir}", alias => "concat_${fragdir}",
command => $command, command => $command,
user => $owner,
group => $group,
notify => File[$name], notify => File[$name],
subscribe => File[$fragdir], subscribe => File[$fragdir],
unless => "${command} -t", unless => "${command} -t",
@ -175,15 +172,7 @@ define concat(
File["${fragdir}/fragments.concat"], File["${fragdir}/fragments.concat"],
], ],
} }
} else {
if $::id == 'root' {
Exec["concat_${name}"] {
user => root,
group => $safe_group,
}
}
}
else {
file { [ file { [
$fragdir, $fragdir,
"${fragdir}/fragments", "${fragdir}/fragments",

12
manifests/setup.pp
View file

@ -14,12 +14,6 @@ class concat::setup {
fail("Use of private class ${name} by ${caller_module_name}") fail("Use of private class ${name} by ${caller_module_name}")
} }
$owner = $::id
$root_group = $owner ? {
root => 0,
default => $owner
}
if $::concat_basedir { if $::concat_basedir {
$concatdir = $::concat_basedir $concatdir = $::concat_basedir
} else { } else {
@ -31,17 +25,13 @@ class concat::setup {
} }
file { "${concatdir}/bin/concatfragments.sh": file { "${concatdir}/bin/concatfragments.sh":
owner => $owner,
group => $root_group,
mode => '0755', mode => '0755',
source => 'puppet:///modules/concat/concatfragments.sh', source => 'puppet:///modules/concat/concatfragments.sh',
} }
file { [ $concatdir, "${concatdir}/bin" ]: file { [ $concatdir, "${concatdir}/bin" ]:
ensure => directory, ensure => directory,
owner => $owner, mode => '0755',
group => $root_group,
mode => '0750',
} }
## Old versions of this module used a different path. ## Old versions of this module used a different path.

26
spec/unit/classes/concat_setup_spec.rb
View file

@ -2,16 +2,13 @@ require 'spec_helper'
describe 'concat::setup', :type => :class do describe 'concat::setup', :type => :class do
shared_examples 'setup' do |id, concatdir| shared_examples 'setup' do |concatdir|
id = 'root' if id.nil?
concatdir = '/foo' if concatdir.nil? concatdir = '/foo' if concatdir.nil?
let(:facts) {{ :id => id, :concat_basedir => concatdir }} let(:facts) {{ :concat_basedir => concatdir }}
it do it do
should contain_file("#{concatdir}/bin/concatfragments.sh").with({ should contain_file("#{concatdir}/bin/concatfragments.sh").with({
:owner => id,
:group => id == 'root' ? 0 : id,
:mode => '0755', :mode => '0755',
:source => 'puppet:///modules/concat/concatfragments.sh', :source => 'puppet:///modules/concat/concatfragments.sh',
:backup => false, :backup => false,
@ -22,9 +19,7 @@ describe 'concat::setup', :type => :class do
it do it do
should contain_file(file).with({ should contain_file(file).with({
:ensure => 'directory', :ensure => 'directory',
:owner => id, :mode => '0755',
:group => id == 'root' ? 0 : id,
:mode => '0750',
:backup => false, :backup => false,
}) })
end end
@ -45,23 +40,12 @@ describe 'concat::setup', :type => :class do
"$caller_module_name = 'concat'" "$caller_module_name = 'concat'"
end end
context 'id =>' do
context 'root' do
it_behaves_like 'setup', 'root'
end
context 'apenny' do
it_behaves_like 'setup', 'apenny'
end
end
context 'concat_basedir =>' do context 'concat_basedir =>' do
context '/foo' do context '/foo' do
it_behaves_like 'setup', 'root', '/foo' it_behaves_like 'setup', '/foo'
end end
context 'undef' do context 'undef' do
let(:facts) {{ :id => 'root' }}
it 'should fail' do it 'should fail' do
expect { should }.to raise_error(Puppet::Error, /#{Regexp.escape('$concat_basedir not defined. Try running again with pluginsync=true on the [master] and/or [main] section of your node\'s \'/etc/puppet/puppet.conf\'.')}/) expect { should }.to raise_error(Puppet::Error, /#{Regexp.escape('$concat_basedir not defined. Try running again with pluginsync=true on the [master] and/or [main] section of your node\'s \'/etc/puppet/puppet.conf\'.')}/)
end end
@ -71,7 +55,7 @@ describe 'concat::setup', :type => :class do
end # facts end # facts
context 'called from another module namespace' do context 'called from another module namespace' do
let(:facts) {{ :id => 'root', :concat_basedir => '/foo' }} let(:facts) {{ :concat_basedir => '/foo' }}
it 'should fail' do it 'should fail' do
expect { should }.to raise_error(Puppet::Error, /Use of private class concat::setup/) expect { should }.to raise_error(Puppet::Error, /Use of private class concat::setup/)
end end

34
spec/unit/defines/concat_fragment_spec.rb
View file

@ -5,15 +5,13 @@ describe 'concat::fragment', :type => :define do
shared_examples 'fragment' do |title, params| shared_examples 'fragment' do |title, params|
params = {} if params.nil? params = {} if params.nil?
id = 'root'
p = { p = {
:content => nil, :content => nil,
:source => nil, :source => nil,
:order => 10, :order => 10,
:ensure => 'present', :ensure => 'present',
:mode => '0644', :mode => '0644',
:owner => id, :owner => nil,
:group => nil, :group => nil,
:backup => 'puppet', :backup => 'puppet',
}.merge(params) }.merge(params)
@ -22,19 +20,9 @@ describe 'concat::fragment', :type => :define do
safe_target_name = p[:target].gsub(/[\/\n]/, '_') safe_target_name = p[:target].gsub(/[\/\n]/, '_')
concatdir = '/var/lib/puppet/concat' concatdir = '/var/lib/puppet/concat'
fragdir = "#{concatdir}/#{safe_target_name}" fragdir = "#{concatdir}/#{safe_target_name}"
if p[:group].nil?
safe_group = id == 'root' ? 0 : id
else
safe_group = p[:group]
end
let(:title) { title } let(:title) { title }
let(:facts) do let(:facts) {{ :concat_basedir => concatdir }}
{
:concat_basedir => concatdir,
:id => id,
}
end
let(:params) { params } let(:params) { params }
let(:pre_condition) do let(:pre_condition) do
"concat{ '#{p[:target]}': }" "concat{ '#{p[:target]}': }"
@ -47,7 +35,7 @@ describe 'concat::fragment', :type => :define do
:ensure => p[:ensure], :ensure => p[:ensure],
:mode => p[:mode], :mode => p[:mode],
:owner => p[:owner], :owner => p[:owner],
:group => safe_group, :group => p[:group],
:source => p[:source], :source => p[:source],
:content => p[:content], :content => p[:content],
:alias => "concat_fragment_#{title}", :alias => "concat_fragment_#{title}",
@ -66,7 +54,7 @@ describe 'concat::fragment', :type => :define do
['./etc/motd', 'etc/motd', false].each do |target| ['./etc/motd', 'etc/motd', false].each do |target|
context target do context target do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :target => target }} let(:params) {{ :target => target }}
it 'should fail' do it 'should fail' do
@ -88,7 +76,7 @@ describe 'concat::fragment', :type => :define do
context 'invalid' do context 'invalid' do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :ensure => 'invalid', :target => '/etc/motd' }} let(:params) {{ :ensure => 'invalid', :target => '/etc/motd' }}
it 'should fail' do it 'should fail' do
@ -109,7 +97,7 @@ describe 'concat::fragment', :type => :define do
context 'false' do context 'false' do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :content => false, :target => '/etc/motd' }} let(:params) {{ :content => false, :target => '/etc/motd' }}
it 'should fail' do it 'should fail' do
@ -130,7 +118,7 @@ describe 'concat::fragment', :type => :define do
context 'false' do context 'false' do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :source => false, :target => '/etc/motd' }} let(:params) {{ :source => false, :target => '/etc/motd' }}
it 'should fail' do it 'should fail' do
@ -151,7 +139,7 @@ describe 'concat::fragment', :type => :define do
context 'false' do context 'false' do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :order => false, :target => '/etc/motd' }} let(:params) {{ :order => false, :target => '/etc/motd' }}
it 'should fail' do it 'should fail' do
@ -170,7 +158,7 @@ describe 'concat::fragment', :type => :define do
context 'false' do context 'false' do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :mode => false, :target => '/etc/motd' }} let(:params) {{ :mode => false, :target => '/etc/motd' }}
it 'should fail' do it 'should fail' do
@ -189,7 +177,7 @@ describe 'concat::fragment', :type => :define do
context 'false' do context 'false' do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :owner => false, :target => '/etc/motd' }} let(:params) {{ :owner => false, :target => '/etc/motd' }}
it 'should fail' do it 'should fail' do
@ -208,7 +196,7 @@ describe 'concat::fragment', :type => :define do
context 'false' do context 'false' do
let(:title) { 'motd_header' } let(:title) { 'motd_header' }
let(:facts) {{ :concat_basedir => '/tmp', :id => 'root' }} let(:facts) {{ :concat_basedir => '/tmp' }}
let(:params) {{ :group => false, :target => '/etc/motd' }} let(:params) {{ :group => false, :target => '/etc/motd' }}
it 'should fail' do it 'should fail' do

22
spec/unit/defines/concat_spec.rb
View file

@ -5,14 +5,12 @@ describe 'concat', :type => :define do
shared_examples 'concat' do |title, params| shared_examples 'concat' do |title, params|
params = {} if params.nil? params = {} if params.nil?
id = 'root'
# default param values # default param values
p = { p = {
:ensure => 'present', :ensure => 'present',
:path => title, :path => title,
:owner => id, :owner => nil,
:group => '0', :group => nil,
:mode => '0644', :mode => '0644',
:warn => false, :warn => false,
:warn_message => nil, :warn_message => nil,
@ -39,12 +37,7 @@ describe 'concat', :type => :define do
let(:title) { title } let(:title) { title }
let(:params) { params } let(:params) { params }
let(:facts) do let(:facts) {{ :concat_basedir => concatdir }}
{
:concat_basedir => concatdir,
:id => id,
}
end
if p[:ensure] == 'present' if p[:ensure] == 'present'
it do it do
@ -102,15 +95,10 @@ describe 'concat', :type => :define do
should contain_exec("concat_#{title}").with({ should contain_exec("concat_#{title}").with({
:alias => "concat_#{fragdir}", :alias => "concat_#{fragdir}",
:command => cmd, :command => cmd,
:user => p[:owner],
:group => p[:group],
:unless => "#{cmd} -t", :unless => "#{cmd} -t",
}) })
if id == 'root'
should contain_exec("concat_#{title}").with({
:user => 'root',
:group => p[:group],
})
end
end end
else else
[ [