Révision 0b7bcb5d
Align filemode on RedHat to distro default
The RPM acutally ships the configuration and directory with
0600/0700 while this module sets the mode to 0640/0750.
However, this has the drawback that on new nftables RPM versions,
we are setting it back to the modules mode and triggering an nft
validate.
| spec/defines/chain_spec.rb | ||
|---|---|---|
| 12 | 12 |
facts |
| 13 | 13 |
end |
| 14 | 14 |
|
| 15 |
nft_mode = case facts[:os]['family'] |
|
| 16 |
when 'RedHat' |
|
| 17 |
'0600' |
|
| 18 |
else |
|
| 19 |
'0640' |
|
| 20 |
end |
|
| 21 |
|
|
| 15 | 22 |
it { is_expected.to compile }
|
| 16 | 23 |
|
| 17 | 24 |
it { is_expected.to contain_concat('nftables-inet-filter-chain-MYCHAIN').that_notifies('Exec[nft validate]') }
|
| ... | ... | |
| 23 | 30 |
path: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft', |
| 24 | 31 |
owner: 'root', |
| 25 | 32 |
group: 'root', |
| 26 |
mode: '0640',
|
|
| 33 |
mode: nft_mode,
|
|
| 27 | 34 |
ensure_newline: true |
| 28 | 35 |
) |
| 29 | 36 |
} |
| ... | ... | |
| 32 | 39 |
expect(subject).to contain_file('/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft').with(
|
| 33 | 40 |
ensure: 'file', |
| 34 | 41 |
source: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft', |
| 35 |
mode: '0640',
|
|
| 42 |
mode: nft_mode,
|
|
| 36 | 43 |
owner: 'root', |
| 37 | 44 |
group: 'root' |
| 38 | 45 |
) |
| ... | ... | |
| 66 | 73 |
path: '/etc/nftables/puppet-preflight/ip6-foo-chain-MYCHAIN.nft', |
| 67 | 74 |
owner: 'root', |
| 68 | 75 |
group: 'root', |
| 69 |
mode: '0640',
|
|
| 76 |
mode: nft_mode,
|
|
| 70 | 77 |
ensure_newline: true |
| 71 | 78 |
) |
| 72 | 79 |
} |
| ... | ... | |
| 75 | 82 |
expect(subject).to contain_file('/etc/nftables/puppet/ip6-foo-chain-MYCHAIN.nft').with(
|
| 76 | 83 |
ensure: 'file', |
| 77 | 84 |
source: '/etc/nftables/puppet-preflight/ip6-foo-chain-MYCHAIN.nft', |
| 78 |
mode: '0640',
|
|
| 85 |
mode: nft_mode,
|
|
| 79 | 86 |
owner: 'root', |
| 80 | 87 |
group: 'root' |
| 81 | 88 |
) |
Formats disponibles : Unified diff