make directory mode configurable for X_tmp_path

nginx manages the directory permissions on its own, so the default value is undef to avoid conflicts.
voxpupuli · Oct 7, 2021 · bf5e198 · bf5e198
1 parent fa6254d
commit bf5e198
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 10 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -79,6 +79,7 @@ The following parameters are available in the `nginx` class:
 * [`service_config_check_command`](#service_config_check_command)
 * [`reset_timedout_connection`](#reset_timedout_connection)
 * [`client_body_temp_path`](#client_body_temp_path)
+* [`client_body_temp_mode`](#client_body_temp_mode)
 * [`confd_only`](#confd_only)
 * [`confd_purge`](#confd_purge)
 * [`conf_dir`](#conf_dir)
@@ -100,6 +101,7 @@ The following parameters are available in the `nginx` class:
 * [`nginx_error_log_severity`](#nginx_error_log_severity)
 * [`pid`](#pid)
 * [`proxy_temp_path`](#proxy_temp_path)
+* [`proxy_temp_mode`](#proxy_temp_mode)
 * [`root_group`](#root_group)
 * [`run_dir`](#run_dir)
 * [`sites_available_owner`](#sites_available_owner)
@@ -314,6 +316,14 @@ Data type: `Variant[Stdlib::Absolutepath, Boolean]`
 
 Default value: `$nginx::params::client_body_temp_path`
 
+##### <a name="client_body_temp_mode"></a>`client_body_temp_mode`
+
+Data type: `Optional[Stdlib::Filemode]`
+
+
+
+Default value: ``undef``
+
 ##### <a name="confd_only"></a>`confd_only`
 
 Data type: `Boolean`
@@ -482,6 +492,14 @@ Data type: `Variant[Stdlib::Absolutepath, Boolean]`
 
 Default value: `$nginx::params::proxy_temp_path`
 
+##### <a name="proxy_temp_mode"></a>`proxy_temp_mode`
+
+Data type: `Optional[Stdlib::Filemode]`
+
+
+
+Default value: ``undef``
+
 ##### <a name="root_group"></a>`root_group`
 
 Data type: `Any`

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -211,15 +211,15 @@
     file { $client_body_temp_path:
       ensure => directory,
       owner  => $daemon_user,
-      mode   => '0700',
+      mode   => $nginx::client_body_temp_mode,
     }
   }
 
   if $proxy_temp_path {
     file { $proxy_temp_path:
       ensure => directory,
       owner  => $daemon_user,
-      mode   => '0700',
+      mode   => $nginx::proxy_temp_mode,
     }
   }
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -41,6 +41,7 @@
 class nginx (
   ### START Nginx Configuration ###
   Variant[Stdlib::Absolutepath, Boolean] $client_body_temp_path = $nginx::params::client_body_temp_path,
+  Optional[Stdlib::Filemode] $client_body_temp_mode          = undef,
   Boolean $confd_only                                        = false,
   Boolean $confd_purge                                       = false,
   $conf_dir                                                  = $nginx::params::conf_dir,
@@ -62,6 +63,7 @@
   Nginx::ErrorLogSeverity $nginx_error_log_severity          = 'error',
   $pid                                                       = $nginx::params::pid,
   Variant[Stdlib::Absolutepath, Boolean] $proxy_temp_path    = $nginx::params::proxy_temp_path,
+  Optional[Stdlib::Filemode] $proxy_temp_mode                = undef,
   $root_group                                                = $nginx::params::root_group,
   $run_dir                                                   = $nginx::params::run_dir,
   $sites_available_owner                                     = $nginx::params::sites_available_owner,

diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb
@@ -324,14 +324,12 @@
             when 'Debian'
               is_expected.to contain_file('/run/nginx/client_body_temp').with(
                 ensure: 'directory',
-                group: 'root',
-                mode: '0700'
+                group: 'root'
               )
             else
               is_expected.to contain_file('/var/nginx/client_body_temp').with(
                 ensure: 'directory',
-                group: 'root',
-                mode: '0700'
+                group: 'root'
               )
             end
           end
@@ -340,14 +338,12 @@
             when 'Debian'
               is_expected.to contain_file('/run/nginx/proxy_temp').with(
                 ensure: 'directory',
-                group: 'root',
-                mode: '0700'
+                group: 'root'
               )
             else
               is_expected.to contain_file('/var/nginx/proxy_temp').with(
                 ensure: 'directory',
-                group: 'root',
-                mode: '0700'
+                group: 'root'
               )
             end
           end
@@ -1515,6 +1511,48 @@
               )
             end
           end
+
+          context 'when proxy_temp_mode is non-default' do
+            let(:params) { { proxy_temp_mode: '0771' } }
+            let(:run_dir) do
+              case facts[:os]['family']
+              when 'Debian'
+                '/run/nginx'
+              when 'OpenBSD'
+                '/var/www'
+              when 'AIX'
+                '/opt/freeware/share/nginx/html'
+              else
+                '/var/nginx'
+              end
+            end
+
+            it do
+              is_expected.to contain_file("#{run_dir}/proxy_temp").
+                with_mode('0771')
+            end
+          end
+
+          context 'when client_body_temp_mode is non-default' do
+            let(:params) { { client_body_temp_mode: '0771' } }
+            let(:run_dir) do
+              case facts[:os]['family']
+              when 'Debian'
+                '/run/nginx'
+              when 'OpenBSD'
+                '/var/www'
+              when 'AIX'
+                '/opt/freeware/share/nginx/html'
+              else
+                '/var/nginx'
+              end
+            end
+
+            it do
+              is_expected.to contain_file("#{run_dir}/client_body_temp").
+                with_mode('0771')
+            end
+          end
         end
       end
     end