Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add user/group/mode parameter to custom types #129

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

add user/group/mode parameter to custom types #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3dbf148
add generic provider to manage file permissions (owner,group,mode)
trefzer Dec 6, 2020
2b9ab50
add possibility to manage permissions for x509_request
trefzer Dec 6, 2020
f44bb34
add possibility to manage permissions for ssl_pkey
trefzer Dec 6, 2020
1fb08f5
add possibility to manage permissions for x509_cert
trefzer Dec 6, 2020
6bd059f
add possibility to manage permissions for dhparam
trefzer Dec 6, 2020
458220a
Update lib/puppet/provider/dhparam/openssl.rb
trefzer Jul 5, 2021
114d852
use File.chown, instead of File.send
trefzer Jul 5, 2021
23c6c63
update REFERENCE.md
trefzer Feb 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
600 changes: 324 additions & 276 deletions REFERENCE.md
View file
Open in desktop

Large diffs are not rendered by default.

8 changes: 7 additions & 1 deletion lib/puppet/provider/dhparam/openssl.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
# frozen_string_literal: true

require 'pathname'
Puppet::Type.type(:dhparam).provide(:openssl) do
require File.join(__dir__, '..', '..', '..', 'puppet/provider/openssl')

Puppet::Type.type(:dhparam).provide(
:openssl,
parent: Puppet::Provider::Openssl,
) do
desc 'Manages dhparam files with OpenSSL'

commands openssl: 'openssl'
Expand All @@ -19,6 +24,7 @@ def create
options.insert(1, '-dsaparam') if resource[:fastmode]

openssl options
set_file_perm(resource[:path], resource[:owner], resource[:group], resource[:mode])
end

def destroy
Expand Down
54 changes: 54 additions & 0 deletions lib/puppet/provider/openssl.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
require 'etc'

# class to use in openssl providers to handle file permission (mode, group and owner)
class Puppet::Provider::Openssl < Puppet::Provider
include Puppet::Util::POSIX

def owner
if File.exist?(@resource[:path])
Etc.getpwuid(File.stat(@resource[:path]).uid).name
else
:absent
end
end

def owner=(should)
File.chown(uid(should), nil, resource[:path])
rescue => detail
raise Puppet::Error, _("Failed to set owner to '%{should}': %{detail}") % { should: should, detail: detail }, detail.backtrace
end

def group
if File.exist?(@resource[:path])
Etc.getgrgid(File.stat(@resource[:path]).gid).name
else
:absent
end
end

def group=(should)
File.chown(nil, gid(should), resource[:path])
rescue => detail
raise Puppet::Error, _("Failed to set group to '%{should}': %{detail}") % { should: should, detail: detail }, detail.backtrace
end

# Return the mode as an octal string, not as an integer.
def mode
if File.exist?(@resource[:path])
'0%o' % (File.stat(@resource[:path]).mode & 0o07777)
else
:absent
end
end

# Set the file mode, converting from a string to an integer.
def mode=(should)
File.chmod(Integer('0' + should), @resource[:path])
end

def set_file_perm(filename, owner = nil, group = nil, mode = nil)
File.chown(uid(owner), nil, resource[:path]) if owner
File.chown(nil, gid(group), resource[:path]) if group
File.chmod(Integer('0' + mode), filename) if mode
end
end
7 changes: 6 additions & 1 deletion lib/puppet/provider/ssl_pkey/openssl.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,11 @@

require 'pathname'
require 'openssl'
Puppet::Type.type(:ssl_pkey).provide(:openssl) do
require File.join(__dir__, '..', '..', '..', 'puppet/provider/openssl')
Puppet::Type.type(:ssl_pkey).provide(
:openssl,
parent: Puppet::Provider::Openssl,
) do
desc 'Manages private keys with OpenSSL'

def self.dirname(resource)
Expand Down Expand Up @@ -42,6 +46,7 @@ def create
File.open(resource[:path], 'w') do |f|
f.write(pem)
end
set_file_perm(resource[:path], resource[:owner], resource[:group], resource[:mode])
end

def destroy
Expand Down
7 changes: 6 additions & 1 deletion lib/puppet/provider/x509_cert/openssl.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
# frozen_string_literal: true

require 'pathname'
Puppet::Type.type(:x509_cert).provide(:openssl) do
require File.join(__dir__, '..', '..', '..', 'puppet/provider/openssl')
Puppet::Type.type(:x509_cert).provide(
:openssl,
parent: Puppet::Provider::Openssl,
) do
desc 'Manages certificates with OpenSSL'

commands openssl: 'openssl'
Expand Down Expand Up @@ -78,6 +82,7 @@ def create
options << ['-passin', "pass:#{resource[:password]}"] if resource[:password]
options << ['-extensions', 'req_ext'] if resource[:req_ext] != :false
openssl options
set_file_perm(resource[:path], resource[:owner], resource[:group], resource[:mode])
end

def destroy
Expand Down
7 changes: 6 additions & 1 deletion lib/puppet/provider/x509_request/openssl.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
# frozen_string_literal: true

require 'pathname'
Puppet::Type.type(:x509_request).provide(:openssl) do
require File.join(__dir__, '..', '..', '..', 'puppet/provider/openssl')
Puppet::Type.type(:x509_request).provide(
:openssl,
parent: Puppet::Provider::Openssl,
) do
desc 'Manages certificate signing requests with OpenSSL'

commands openssl: 'openssl'
Expand Down Expand Up @@ -53,6 +57,7 @@ def create
cmd_args.push('-nodes') unless resource[:encrypted]

openssl(*cmd_args)
set_file_perm(resource[:path], resource[:owner], resource[:group], resource[:mode])
end

def destroy
Expand Down
27 changes: 27 additions & 0 deletions lib/puppet/type/dhparam.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,31 @@
autorequire(:file) do
Pathname.new(self[:path]).parent.to_s
end

newproperty(:owner) do
desc 'owner of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid user name' % value
end
end
end

newproperty(:group) do
desc 'group of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid group name' % value
end
end
end

newproperty(:mode) do
desc 'mode of the file'
validate do |value|
unless value =~ %r{^0\d\d\d$}
raise ArgumentError, '%s is not a valid file mode' % value
end
end
end
end
27 changes: 27 additions & 0 deletions lib/puppet/type/ssl_pkey.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,31 @@
autorequire(:file) do
Pathname.new(self[:path]).parent.to_s
end

newproperty(:owner) do
desc 'owner of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid user name' % value
end
end
end

newproperty(:group) do
desc 'group of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid group name' % value
end
end
end

newproperty(:mode) do
desc 'mode of the file'
validate do |value|
unless value =~ %r{^0\d\d\d$}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you test against stdlib's filemode type which has testing instead of this regex which does not really cover valid modes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you give me any further hints what you mean ? I also have no idea how to use Stlib::Filemode type for this property. As far as I can see, if Stdlib::Filemode is used, we need some more logic to adapt for the setter/getter to work.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think you can use type aliases in types (yes, that's confusing; naming is hard).

raise ArgumentError, '%s is not a valid file mode' % value
end
end
end
end
27 changes: 27 additions & 0 deletions lib/puppet/type/x509_cert.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,33 @@
defaultto :rsa
end

newproperty(:owner) do
desc 'owner of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid user name' % value
end
end
end

newproperty(:group) do
desc 'group of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid group name' % value
end
end
end

newproperty(:mode) do
desc 'mode of the file'
validate do |value|
unless value =~ %r{^0\d\d\d$}
raise ArgumentError, '%s is not a valid file mode' % value
end
end
end

autorequire(:file) do
self[:template]
end
Expand Down
27 changes: 27 additions & 0 deletions lib/puppet/type/x509_request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,33 @@
defaultto true
end

newproperty(:owner) do
desc 'owner of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid user name' % value
end
end
end

newproperty(:group) do
desc 'group of the file'
validate do |value|
unless value =~ %r{^\w+}
raise ArgumentError, '%s is not a valid group name' % value
end
end
end

newproperty(:mode) do
desc 'mode of the file'
validate do |value|
unless value =~ %r{^0\d\d\d$}
raise ArgumentError, '%s is not a valid file mode' % value
end
end
end

autorequire(:x509_cert) do
path = Pathname.new(self[:private_key])
"#{path.dirname}/#{path.basename(path.extname)}"
Expand Down
16 changes: 16 additions & 0 deletions spec/unit/puppet/type/dhparam_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,20 @@
resource[:size] = 1.5
end.to raise_error(Puppet::Error, %r{Size must be a positive integer: 1.5})
end

it 'accepts mode' do
resource[:mode] = '0700'
expect(resource[:mode]).to eq('0700')
end

it 'accepts owner' do
resource[:owner] = 'someone'
expect(resource[:owner]).to eq('someone')
end

it 'accepts group' do
resource[:group] = 'party'
expect(resource[:group]).to eq('party')
end

end
16 changes: 16 additions & 0 deletions spec/unit/puppet/type/ssl_pkey_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,20 @@
resource[:password] = 'foox2$bar'
expect(resource[:password]).to eq('foox2$bar')
end

it 'accepts mode' do
resource[:mode] = '0700'
expect(resource[:mode]).to eq('0700')
end

it 'accepts owner' do
resource[:owner] = 'someone'
expect(resource[:owner]).to eq('someone')
end

it 'accepts group' do
resource[:group] = 'party'
expect(resource[:group]).to eq('party')
end

end
16 changes: 16 additions & 0 deletions spec/unit/puppet/type/x509_cert_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,4 +79,20 @@
resource[:authentication] = :foo
end.to raise_error(Puppet::Error, %r{Invalid value :foo})
end

it 'accepts mode' do
resource[:mode] = '0700'
expect(resource[:mode]).to eq('0700')
end

it 'accepts owner' do
resource[:owner] = 'someone'
expect(resource[:owner]).to eq('someone')
end

it 'accepts group' do
resource[:group] = 'party'
expect(resource[:group]).to eq('party')
end

end
15 changes: 15 additions & 0 deletions spec/unit/puppet/type/x509_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,4 +68,19 @@
resource[:authentication] = :foo
end.to raise_error(Puppet::Error, %r{Invalid value :foo})
end

it 'accepts mode' do
resource[:mode] = '0700'
expect(resource[:mode]).to eq('0700')
end

it 'accepts owner' do
resource[:owner] = 'someone'
expect(resource[:owner]).to eq('someone')
end

it 'accepts group' do
resource[:group] = 'party'
expect(resource[:group]).to eq('party')
end
end