[PATCH/puppet 1/1] Feature 2827 Option to disable managing internal files
3 views
Skip to first unread message
Jesse Wolfe
Nov 24, 2009, 11:04:47 PM11/24/09
to puppe...@googlegroups.com
Add a flag "manage_internal_file_permissions" which is enabled by
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes...@gmail.com>
---
lib/puppet/defaults.rb | 4 ++++
lib/puppet/util/settings/file_setting.rb | 11 +++++++----
spec/unit/util/settings/file_setting.rb | 25 +++++++++++++++++++++++++
3 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index f128e60..67d4a42 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -86,6 +86,10 @@ module Puppet
:mkusers => [false,
"Whether to create the necessary user and group that puppetd will
run as."],
+ :manage_internal_file_permissions => [true,
+ "Whether Puppet should manage the owner, group, and mode of files
+ it uses internally"
+ ],
:path => {:default => "none",
:desc => "The shell search path. Defaults to whatever is inherited
from the parent process.",
diff --git a/lib/puppet/util/settings/file_setting.rb b/lib/puppet/util/settings/file_setting.rb
index 573628f..2dfbcf4 100644
--- a/lib/puppet/util/settings/file_setting.rb
+++ b/lib/puppet/util/settings/file_setting.rb
@@ -89,11 +89,14 @@ class Puppet::Util::Settings::FileSetting < Puppet::Util::Settings::Setting
return nil if path =~ /^\/dev/
resource = Puppet::Resource.new(:file, path)
- resource[:mode] = self.mode if self.mode
- if Puppet.features.root?
- resource[:owner] = self.owner if self.owner
- resource[:group] = self.group if self.group
+ if Puppet[:manage_internal_file_permissions]
+ resource[:mode] = self.mode if self.mode
+
+ if Puppet.features.root?
+ resource[:owner] = self.owner if self.owner
+ resource[:group] = self.group if self.group
+ end
end
resource[:ensure] = type
diff --git a/spec/unit/util/settings/file_setting.rb b/spec/unit/util/settings/file_setting.rb
index 74d68fb..dfe4d25 100755
--- a/spec/unit/util/settings/file_setting.rb
+++ b/spec/unit/util/settings/file_setting.rb
@@ -169,18 +169,43 @@ describe Puppet::Util::Settings::FileSetting do
@file.to_resource[:mode].should == 0755
end
+ it "should not set the mode on a the file if manage_internal_file_permissions is disabled" do
+ Puppet[:manage_internal_file_permissions] = false
+
+ @file.stubs(:mode).returns(0755)
+
+ @file.to_resource[:mode].should == nil
+ end
+
it "should set the owner if running as root and the owner is provided" do
Puppet.features.expects(:root?).returns true
@file.stubs(:owner).returns "foo"
@file.to_resource[:owner].should == "foo"
end
+ it "should not set the owner if manage_internal_file_permissions is disabled" do
+ Puppet[:manage_internal_file_permissions] = false
+ Puppet.features.stubs(:root?).returns true
+ @file.stubs(:owner).returns "foo"
+
+ @file.to_resource[:owner].should == nil
+ end
+
it "should set the group if running as root and the group is provided" do
Puppet.features.expects(:root?).returns true
@file.stubs(:group).returns "foo"
@file.to_resource[:group].should == "foo"
end
+ it "should not set the group if manage_internal_file_permissions is disabled" do
+ Puppet[:manage_internal_file_permissions] = false
+ Puppet.features.stubs(:root?).returns true
+ @file.stubs(:group).returns "foo"
+
+ @file.to_resource[:group].should == nil
+ end
+
+
it "should not set owner if not running as root" do
Puppet.features.expects(:root?).returns false
@file.stubs(:owner).returns "foo"
--
1.6.3.3
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes...@gmail.com>
---
lib/puppet/defaults.rb | 4 ++++
lib/puppet/util/settings/file_setting.rb | 11 +++++++----
spec/unit/util/settings/file_setting.rb | 25 +++++++++++++++++++++++++
3 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index f128e60..67d4a42 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -86,6 +86,10 @@ module Puppet
:mkusers => [false,
"Whether to create the necessary user and group that puppetd will
run as."],
+ :manage_internal_file_permissions => [true,
+ "Whether Puppet should manage the owner, group, and mode of files
+ it uses internally"
+ ],
:path => {:default => "none",
:desc => "The shell search path. Defaults to whatever is inherited
from the parent process.",
diff --git a/lib/puppet/util/settings/file_setting.rb b/lib/puppet/util/settings/file_setting.rb
index 573628f..2dfbcf4 100644
--- a/lib/puppet/util/settings/file_setting.rb
+++ b/lib/puppet/util/settings/file_setting.rb
@@ -89,11 +89,14 @@ class Puppet::Util::Settings::FileSetting < Puppet::Util::Settings::Setting
return nil if path =~ /^\/dev/
resource = Puppet::Resource.new(:file, path)
- resource[:mode] = self.mode if self.mode
- if Puppet.features.root?
- resource[:owner] = self.owner if self.owner
- resource[:group] = self.group if self.group
+ if Puppet[:manage_internal_file_permissions]
+ resource[:mode] = self.mode if self.mode
+
+ if Puppet.features.root?
+ resource[:owner] = self.owner if self.owner
+ resource[:group] = self.group if self.group
+ end
end
resource[:ensure] = type
diff --git a/spec/unit/util/settings/file_setting.rb b/spec/unit/util/settings/file_setting.rb
index 74d68fb..dfe4d25 100755
--- a/spec/unit/util/settings/file_setting.rb
+++ b/spec/unit/util/settings/file_setting.rb
@@ -169,18 +169,43 @@ describe Puppet::Util::Settings::FileSetting do
@file.to_resource[:mode].should == 0755
end
+ it "should not set the mode on a the file if manage_internal_file_permissions is disabled" do
+ Puppet[:manage_internal_file_permissions] = false
+
+ @file.stubs(:mode).returns(0755)
+
+ @file.to_resource[:mode].should == nil
+ end
+
it "should set the owner if running as root and the owner is provided" do
Puppet.features.expects(:root?).returns true
@file.stubs(:owner).returns "foo"
@file.to_resource[:owner].should == "foo"
end
+ it "should not set the owner if manage_internal_file_permissions is disabled" do
+ Puppet[:manage_internal_file_permissions] = false
+ Puppet.features.stubs(:root?).returns true
+ @file.stubs(:owner).returns "foo"
+
+ @file.to_resource[:owner].should == nil
+ end
+
it "should set the group if running as root and the group is provided" do
Puppet.features.expects(:root?).returns true
@file.stubs(:group).returns "foo"
@file.to_resource[:group].should == "foo"
end
+ it "should not set the group if manage_internal_file_permissions is disabled" do
+ Puppet[:manage_internal_file_permissions] = false
+ Puppet.features.stubs(:root?).returns true
+ @file.stubs(:group).returns "foo"
+
+ @file.to_resource[:group].should == nil
+ end
+
+
it "should not set owner if not running as root" do
Puppet.features.expects(:root?).returns false
@file.stubs(:owner).returns "foo"
--
1.6.3.3
Markus Roberts
Nov 25, 2009, 1:30:19 AM11/25/09
to puppet-dev
+1
--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppe...@googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
Nigel Kersten
Nov 25, 2009, 10:19:55 AM11/25/09
to puppe...@googlegroups.com
On Tue, Nov 24, 2009 at 10:30 PM, Markus Roberts
<mar...@reductivelabs.com> wrote:
> +1
>
> On Tue, Nov 24, 2009 at 8:04 PM, Jesse Wolfe <jes...@gmail.com> wrote:
>>
>> Add a flag "manage_internal_file_permissions" which is enabled by
>> default. Disabling this flag prevents Puppet from managing the owner,
>> group, or mode of files created from Puppet::Util::Settings::FileSetting
>>
>> I think this is a wide enough net to follow Luke's suggestion of
>> "disable management of everything", and it certainly satisfies the
>> requests I'm aware of, but if I've missed anything, let me know.
++ This is much appreciated.
<mar...@reductivelabs.com> wrote:
> +1
>
> On Tue, Nov 24, 2009 at 8:04 PM, Jesse Wolfe <jes...@gmail.com> wrote:
>>
>> Add a flag "manage_internal_file_permissions" which is enabled by
>> default. Disabling this flag prevents Puppet from managing the owner,
>> group, or mode of files created from Puppet::Util::Settings::FileSetting
>>
>> I think this is a wide enough net to follow Luke's suggestion of
>> "disable management of everything", and it certainly satisfies the
>> requests I'm aware of, but if I've missed anything, let me know.
nigel
Luke Kanies
Nov 25, 2009, 2:23:03 PM11/25/09
to puppe...@googlegroups.com
+1
would be perverse to withhold provisional assent.' I suppose that
apples might start to rise tomorrow, but the possibility does not
merit equal time in physics classrooms. -- Stephen Jay Gould
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
> --
>
> You received this message because you are subscribed to the Google
> Groups "Puppet Developers" group.
> To post to this group, send email to puppe...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-dev+...@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en
> .
>
>
--
In science, 'fact' can only mean 'confirmed to such a degree that it
>
> You received this message because you are subscribed to the Google
> Groups "Puppet Developers" group.
> To post to this group, send email to puppe...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-dev+...@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en
> .
>
>
--
would be perverse to withhold provisional assent.' I suppose that
apples might start to rise tomorrow, but the possibility does not
merit equal time in physics classrooms. -- Stephen Jay Gould
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
Reply all
Reply to author
Forward
0 new messages