From d1e53652ad9545937f3157562382f2df03bb944e Mon Sep 17 00:00:00 2001 From: Gordon Bleux <33967640+UiP9AV6Y@users.noreply.github.com> Date: Thu, 7 Oct 2021 21:13:26 +0200 Subject: [PATCH] make directory mode configurable for X_tmp_path nginx manages the directory permissions on its own, so the default value is undef to avoid conflicts. --- REFERENCE.md | 36 +++++++++++++++++++++-------- manifests/config.pp | 4 ++-- manifests/init.pp | 14 ++++++++++++ spec/classes/nginx_spec.rb | 46 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 89 insertions(+), 11 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 61172c53a..47682f51d 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -82,7 +82,10 @@ The following parameters are available in the `nginx` class: * [`reset_timedout_connection`](#-nginx--reset_timedout_connection) * [`nginx_snippets`](#-nginx--nginx_snippets) * [`nginx_snippets_defaults`](#-nginx--nginx_snippets_defaults) +* [`proxy_temp_mode`](#-nginx--proxy_temp_mode) +* [`proxy_temp_path`](#-nginx--proxy_temp_path) * [`client_body_temp_path`](#-nginx--client_body_temp_path) +* [`client_body_temp_mode`](#-nginx--client_body_temp_mode) * [`confd_only`](#-nginx--confd_only) * [`confd_purge`](#-nginx--confd_purge) * [`conf_dir`](#-nginx--conf_dir) @@ -104,7 +107,6 @@ The following parameters are available in the `nginx` class: * [`nginx_error_log`](#-nginx--nginx_error_log) * [`nginx_error_log_severity`](#-nginx--nginx_error_log_severity) * [`pid`](#-nginx--pid) -* [`proxy_temp_path`](#-nginx--proxy_temp_path) * [`root_group`](#-nginx--root_group) * [`sites_available_owner`](#-nginx--sites_available_owner) * [`sites_available_group`](#-nginx--sites_available_group) @@ -326,11 +328,35 @@ Can be used to define default values for the parameter `nginx_snippets`. Default value: `{}` +##### `proxy_temp_mode` + +Data type: `Optional[Stdlib::Filemode]` + +Permissions for the $proxy_temp_path file resource. + +Default value: `undef` + +##### `proxy_temp_path` + +Data type: `Optional[Stdlib::Absolutepath]` + +Directory for storing temporary files with data received from proxied servers. + +Default value: `undef` + ##### `client_body_temp_path` Data type: `Optional[Stdlib::Absolutepath]` +Directory for storing temporary files holding client request bodies. + +Default value: `undef` + +##### `client_body_temp_mode` +Data type: `Optional[Stdlib::Filemode]` + +Permissions for the $client_body_temp_path file resource. Default value: `undef` @@ -502,14 +528,6 @@ Data type: `Any` Default value: `$nginx::params::pid` -##### `proxy_temp_path` - -Data type: `Optional[Stdlib::Absolutepath]` - - - -Default value: `undef` - ##### `root_group` Data type: `Any` diff --git a/manifests/config.pp b/manifests/config.pp index 1b6e747d6..820d2c3d7 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -206,7 +206,7 @@ file { $client_body_temp_path: ensure => directory, owner => $daemon_user, - mode => '0700', + mode => $nginx::client_body_temp_mode, } } @@ -214,7 +214,7 @@ file { $proxy_temp_path: ensure => directory, owner => $daemon_user, - mode => '0700', + mode => $nginx::proxy_temp_mode, } } diff --git a/manifests/init.pp b/manifests/init.pp index 0a1c93830..a1bf5547a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,9 +44,22 @@ # @param nginx_snippets_defaults # Can be used to define default values for the parameter `nginx_snippets`. # +# @param proxy_temp_mode +# Permissions for the $proxy_temp_path file resource. +# +# @param proxy_temp_path +# Directory for storing temporary files with data received from proxied servers. +# +# @param client_body_temp_path +# Directory for storing temporary files holding client request bodies. +# +# @param client_body_temp_mode +# Permissions for the $client_body_temp_path file resource. +# class nginx ( ### START Nginx Configuration ### Optional[Stdlib::Absolutepath] $client_body_temp_path = undef, + Optional[Stdlib::Filemode] $client_body_temp_mode = undef, Boolean $confd_only = false, Boolean $confd_purge = false, $conf_dir = $nginx::params::conf_dir, @@ -69,6 +82,7 @@ Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', $pid = $nginx::params::pid, Optional[Stdlib::Absolutepath] $proxy_temp_path = undef, + Optional[Stdlib::Filemode] $proxy_temp_mode = undef, $root_group = $nginx::params::root_group, $sites_available_owner = $nginx::params::sites_available_owner, $sites_available_group = $nginx::params::sites_available_group, diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 4c417540f..8f255b3d4 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -1427,6 +1427,52 @@ it { is_expected.to contain_file('/var/log/nginx').with(mode: '0771') } end + context 'when proxy_temp_path is non-default' do + let(:params) { { proxy_temp_path: '/tmp/nginx_proxy' } } + + it do + is_expected.to contain_file('/tmp/nginx_proxy'). + without('mode') + end + end + + context 'when proxy_temp_mode is non-default' do + let(:params) do + { + proxy_temp_path: '/tmp/nginx_proxy', + proxy_temp_mode: '0771', + } + end + + it do + is_expected.to contain_file('/tmp/nginx_proxy'). + with_mode('0771') + end + end + + context 'when client_body_temp_path is non-default' do + let(:params) { { client_body_temp_path: '/tmp/nginx_client' } } + + it do + is_expected.to contain_file('/tmp/nginx_client'). + without('mode') + end + end + + context 'when client_body_temp_mode is non-default' do + let(:params) do + { + client_body_temp_path: '/tmp/nginx_client', + client_body_temp_mode: '0771', + } + end + + it do + is_expected.to contain_file('/tmp/nginx_client'). + with_mode('0771') + end + end + context 'when gzip is non-default (on) test gzip defaults' do let(:params) { { gzip: 'on' } }