From f817362fc37732b5a673115be774ccbf9738b483 Mon Sep 17 00:00:00 2001 From: Massimiliano Adamo Date: Thu, 13 Jun 2019 09:41:05 +0200 Subject: [PATCH 1/2] allow setting permissions to hide secrets --- manifests/init.pp | 3 ++- manifests/params.pp | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 4f84cb8..cdab505 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -66,6 +66,7 @@ $datadir_manage = true, $owner = $::hiera::params::owner, $group = $::hiera::params::group, + $mode = $::hiera::params::mode, $eyaml_owner = $::hiera::params::eyaml_owner, $eyaml_group = $::hiera::params::eyaml_group, $provider = $::hiera::params::provider, @@ -144,7 +145,7 @@ File { owner => $owner, group => $group, - mode => '0644', + mode => $mode, } if ($datadir !~ /%\{.*\}/) and ($datadir_manage == true) { diff --git a/manifests/params.pp b/manifests/params.pp index d7ea973..623ec8f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -20,6 +20,7 @@ $package_ensure = 'present' $package_name = 'hiera' $hierarchy = [] + $mode = '0644' # Configure for AIO packaging. if $facts['pe_server_version'] { $master_service = 'pe-puppetserver' From 2c42371cdf44753ffbc6931773de1f87c0753293 Mon Sep 17 00:00:00 2001 From: Massimiliano Adamo Date: Wed, 19 Jun 2019 23:32:09 +0200 Subject: [PATCH 2/2] Add RSPEC test. Squashed commit of the following: commit 808b7b71798275ee8e1b93929a74e16c451aba09 Author: Massimiliano Adamo Date: Wed Jun 19 23:28:05 2019 +0200 use ensure file to test mode on rspec commit 5fa56e09af04946abe89b645c5e0e940b91505c8 Author: Massimiliano Adamo Date: Wed Jun 19 23:24:26 2019 +0200 fix hiera.yaml location commit dd66950c47c2281eb42c2684b209ac12afa8d86a Author: Massimiliano Adamo Date: Wed Jun 19 23:15:46 2019 +0200 further fix commit 0522809e5e472419120aa449bd817678ec237366 Author: Massimiliano Adamo Date: Wed Jun 19 22:59:30 2019 +0200 correcting typos in rspec commit 8972fcc323c174df651eb6aaf24a038885d12c95 Author: Massimiliano Adamo Date: Wed Jun 19 22:45:28 2019 +0200 adding test against file mode commit 2f0a87534b8e219e0da3a29a159c5a808fe37378 Author: Massimiliano Adamo Date: Wed Jun 19 21:45:13 2019 +0200 add test for parameter mode --- spec/acceptance/hiera_spec.rb | 1 + spec/classes/hiera_spec.rb | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/spec/acceptance/hiera_spec.rb b/spec/acceptance/hiera_spec.rb index fa40c6f..d964f54 100644 --- a/spec/acceptance/hiera_spec.rb +++ b/spec/acceptance/hiera_spec.rb @@ -30,6 +30,7 @@ class { 'hiera': eyaml => true, merge_behavior => 'deep', puppet_conf_manage => true, + mode => '0640', hierarchy => [ 'virtual/%{::virtual}', 'nodes/%{::trusted.certname}', diff --git a/spec/classes/hiera_spec.rb b/spec/classes/hiera_spec.rb index 54b9d23..3582c49 100644 --- a/spec/classes/hiera_spec.rb +++ b/spec/classes/hiera_spec.rb @@ -261,12 +261,19 @@ let(:params) do { eyaml: true, + mode: '0640', merge_behavior: 'deeper' } end it { is_expected.to contain_class('hiera::eyaml') } it { is_expected.to contain_class('hiera::deep_merge') } + it 'has file mode 0640' do + is_expected.to contain_file('/dev/null/hiera.yaml').with( + 'ensure' => 'file', + 'mode' => '0640' + ) + end end describe 'check if version exists' do let(:params) do