Skip to content

Commit

Permalink
module: allow to configure module user/group
Browse files Browse the repository at this point in the history
Motivation: for security reasons they shouldn't belong to the Wildfly user. Also,
when installing Wildfly via RPM the current implementation fails on `mkdir -p`,
as the `modules` directory belongs to root.

I didn't want to change file ownership handling throughout the whole module. So
this fix allows those who depend on RPMs and those who want to not grant the web
server write access to it's binaries the possibility to achieve that goal.
  • Loading branch information
Thomas-Gelf committed Oct 11, 2019
1 parent 4c118ff commit e10346c
Showing 1 changed file with 6 additions and 14 deletions.
20 changes: 6 additions & 14 deletions manifests/config/module.pp
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@
String $template = 'wildfly/module.xml',
Optional[Boolean] $system = true,
Optional[Array] $dependencies = [],
Optional[String] $custom_file = undef) {
Optional[String] $custom_file = undef,
Optional[String] $user = $::wildfly::user,
Optional[String] $group = $::wildfly::group) {

require wildfly::install

Expand All @@ -22,8 +24,8 @@
}

File {
owner => $wildfly::user,
group => $wildfly::group
owner => $user,
group => $group,
}

$dir_path = "${wildfly::dirname}/modules/${module_dir}/${namespace_path}/main"
Expand All @@ -32,14 +34,12 @@
path => ['/bin','/usr/bin', '/sbin'],
command => "mkdir -p ${dir_path}",
unless => "test -d ${dir_path}",
user => $wildfly::user,
user => $user,
before => [File[$dir_path]],
}

file { $dir_path:
ensure => directory,
owner => $wildfly::user,
group => $wildfly::group,
}

if $source == '.' {
Expand All @@ -54,8 +54,6 @@
/^(file:|puppet:)/: {
file { "${dir_path}/${file_name}":
ensure => file,
owner => $::wildfly::user,
group => $::wildfly::group,
mode => '0655',
source => $source
}
Expand All @@ -71,8 +69,6 @@

file { "${dir_path}/${file_name}":
ensure => file,
owner => $::wildfly::user,
group => $::wildfly::group,
mode => '0655',
require => Exec["download module from ${source}"],
}
Expand All @@ -82,8 +78,6 @@
if $custom_file {
file { "${dir_path}/module.xml":
ensure => file,
owner => $wildfly::user,
group => $wildfly::group,
content => file($custom_file),
}
} else {
Expand All @@ -95,8 +89,6 @@

file { "${dir_path}/module.xml":
ensure => file,
owner => $wildfly::user,
group => $wildfly::group,
content => epp($template, $params),
}
}
Expand Down

0 comments on commit e10346c

Please sign in to comment.