Add owner, group and mode parameters for file

This allows a user to set the owner, group and mode for the file that gets created. By default this sets it in a more secure fashion but not making it world readable. Signed-off-by: Lance Albertson <lance@osuosl.org>
sous-chefs · Sep 28, 2020 · d8d2e91 · d8d2e91
1 parent ec90954
commit d8d2e91
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ This file is used to list changes made in each version of the htpasswd cookbook.
 - Support for 'plaintext' type [\#32](https://github.com/sous-chefs/htpasswd/pull/32)
 - Adoption by Sous-Chefs [\#40](https://github.com/sous-chefs/htpasswd/pull/40)
 - Add delete and overwrite test-kitchen suites
+- Add owner, group and mode parameters for file
 
 ### Changed
 

diff --git a/README.md b/README.md
@@ -41,6 +41,9 @@ This cookbook requires Chef Infra >= 14.
 - :password: Password for the user
 - :type: Password algorithm to use. Valid options are: "md5", "bcrypt", "sha1", "plaintext", or "crypt". Default is
   "md5"
+- :owner: User which owns the file. Default is `root`.
+- :group: Group which owns the file. Default is `root`.
+- :mode: File mode for the file. Default is `0640`.
 
 ### Example
 

diff --git a/libraries/helpers.rb b/libraries/helpers.rb
@@ -3,6 +3,14 @@ module Cookbook
     module Helpers
       private
 
+      def fix_perms(new_resource)
+        file new_resource.name do
+          owner new_resource.owner
+          group new_resource.group
+          mode new_resource.mode
+        end
+      end
+
       def htpasswd_user_exists?(new_resource)
         !user_entry(new_resource).nil?
       end

diff --git a/resources/default.rb b/resources/default.rb
@@ -7,6 +7,9 @@
 property :type, String,
          equal_to: %w(md5 bcrypt sha1 plaintext crypt),
          default: 'md5'
+property :owner, String, default: 'root'
+property :group, String, default: 'root'
+property :mode, String, default: '0640'
 
 action :add do
   unless htpasswd_user_set?(@new_resource)
@@ -20,12 +23,14 @@
       end
     end
   end
+  fix_perms(new_resource)
 end
 
 action :overwrite do
   converge_by("Overwrite file #{@new_resource.name} with user #{@new_resource.user}") do
     htpasswd_create(@new_resource)
   end
+  fix_perms(new_resource)
 end
 
 action :delete do
@@ -34,4 +39,5 @@
       htpasswd_delete(@new_resource)
     end
   end
+  fix_perms(new_resource)
 end