make directory mode configurable for X_tmp_path

nginx manages the directory permissions on its own, so the default value is undef to avoid conflicts.
voxpupuli · Dec 10, 2021 · ce2c70c · ce2c70c
1 parent f52fb7c
commit ce2c70c
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 23 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -78,7 +78,12 @@ The following parameters are available in the `nginx` class:
 * [`service_config_check`](#service_config_check)
 * [`service_config_check_command`](#service_config_check_command)
 * [`reset_timedout_connection`](#reset_timedout_connection)
+* [`nginx_snippets`](#nginx_snippets)
+* [`nginx_snippets_defaults`](#nginx_snippets_defaults)
+* [`proxy_temp_mode`](#proxy_temp_mode)
+* [`proxy_temp_path`](#proxy_temp_path)
 * [`client_body_temp_path`](#client_body_temp_path)
+* [`client_body_temp_mode`](#client_body_temp_mode)
 * [`confd_only`](#confd_only)
 * [`confd_purge`](#confd_purge)
 * [`conf_dir`](#conf_dir)
@@ -99,9 +104,7 @@ The following parameters are available in the `nginx` class:
 * [`nginx_error_log`](#nginx_error_log)
 * [`nginx_error_log_severity`](#nginx_error_log_severity)
 * [`pid`](#pid)
-* [`proxy_temp_path`](#proxy_temp_path)
 * [`root_group`](#root_group)
-* [`run_dir`](#run_dir)
 * [`sites_available_owner`](#sites_available_owner)
 * [`sites_available_group`](#sites_available_group)
 * [`sites_available_mode`](#sites_available_mode)
@@ -306,13 +309,53 @@ with the non-standard code 444.
 
 Default value: ``undef``
 
+##### <a name="nginx_snippets"></a>`nginx_snippets`
+
+Data type: `Hash`
+
+Specifies a hash from which to generate `nginx::resource::snippet` resources.
+
+Default value: `{}`
+
+##### <a name="nginx_snippets_defaults"></a>`nginx_snippets_defaults`
+
+Data type: `Hash`
+
+Can be used to define default values for the parameter `nginx_snippets`.
+
+Default value: `{}`
+
+##### <a name="proxy_temp_mode"></a>`proxy_temp_mode`
+
+Data type: `Optional[Stdlib::Filemode]`
+
+Permissions for the $proxy_temp_path file resource.
+
+Default value: ``undef``
+
+##### <a name="proxy_temp_path"></a>`proxy_temp_path`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Directory for storing temporary files with data received from proxied servers.
+
+Default value: ``undef``
+
 ##### <a name="client_body_temp_path"></a>`client_body_temp_path`
 
-Data type: `Variant[Stdlib::Absolutepath, Boolean]`
+Data type: `Optional[Stdlib::Absolutepath]`
 
+Directory for storing temporary files holding client request bodies.
 
+Default value: ``undef``
 
-Default value: `$nginx::params::client_body_temp_path`
+##### <a name="client_body_temp_mode"></a>`client_body_temp_mode`
+
+Data type: `Optional[Stdlib::Filemode]`
+
+Permissions for the $client_body_temp_path file resource.
+
+Default value: ``undef``
 
 ##### <a name="confd_only"></a>`confd_only`
 
@@ -474,14 +517,6 @@ Data type: `Any`
 
 Default value: `$nginx::params::pid`
 
-##### <a name="proxy_temp_path"></a>`proxy_temp_path`
-
-Data type: `Variant[Stdlib::Absolutepath, Boolean]`
-
-
-
-Default value: `$nginx::params::proxy_temp_path`
-
 ##### <a name="root_group"></a>`root_group`
 
 Data type: `Any`
@@ -490,14 +525,6 @@ Data type: `Any`
 
 Default value: `$nginx::params::root_group`
 
-##### <a name="run_dir"></a>`run_dir`
-
-Data type: `Any`
-
-
-
-Default value: `$nginx::params::run_dir`
-
 ##### <a name="sites_available_owner"></a>`sites_available_owner`
 
 Data type: `Any`
@@ -1076,6 +1103,7 @@ Default value: `[
     'Host $host',
     'X-Real-IP $remote_addr',
     'X-Forwarded-For $proxy_add_x_forwarded_for',
+    'X-Forwarded-Host $host',
     'X-Forwarded-Proto $scheme',
     'Proxy ""',
   ]`
@@ -2793,7 +2821,7 @@ Default value: `'off'`
 
 ##### <a name="protocol"></a>`protocol`
 
-Data type: `Optional[Enum['imap', 'pop3', 'smtp']]`
+Data type: `Optional[Enum['imap', 'pop3', 'sieve', 'smtp']]`
 
 Mail protocol to use
 

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -205,15 +205,15 @@
     file { $client_body_temp_path:
       ensure => directory,
       owner  => $daemon_user,
-      mode   => '0700',
+      mode   => $nginx::client_body_temp_mode,
     }
   }
 
   if $proxy_temp_path {
     file { $proxy_temp_path:
       ensure => directory,
       owner  => $daemon_user,
-      mode   => '0700',
+      mode   => $nginx::proxy_temp_mode,
     }
   }
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -44,9 +44,22 @@
 # @param nginx_snippets_defaults
 #   Can be used to define default values for the parameter `nginx_snippets`.
 #
+# @param proxy_temp_mode
+#   Permissions for the $proxy_temp_path file resource.
+#
+# @param proxy_temp_path
+#   Directory for storing temporary files with data received from proxied servers.
+#
+# @param client_body_temp_path
+#   Directory for storing temporary files holding client request bodies.
+#
+# @param client_body_temp_mode
+#    Permissions for the $client_body_temp_path file resource.
+#
 class nginx (
   ### START Nginx Configuration ###
   Optional[Stdlib::Absolutepath] $client_body_temp_path      = undef,
+  Optional[Stdlib::Filemode] $client_body_temp_mode          = undef,
   Boolean $confd_only                                        = false,
   Boolean $confd_purge                                       = false,
   $conf_dir                                                  = $nginx::params::conf_dir,
@@ -68,6 +81,7 @@
   Nginx::ErrorLogSeverity $nginx_error_log_severity          = 'error',
   $pid                                                       = $nginx::params::pid,
   Optional[Stdlib::Absolutepath] $proxy_temp_path            = undef,
+  Optional[Stdlib::Filemode] $proxy_temp_mode                = undef,
   $root_group                                                = $nginx::params::root_group,
   $sites_available_owner                                     = $nginx::params::sites_available_owner,
   $sites_available_group                                     = $nginx::params::sites_available_group,

diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb
@@ -1372,6 +1372,52 @@
             it { is_expected.to contain_file('/var/log/nginx').with(mode: '0771') }
           end
 
+          context 'when proxy_temp_path is non-default' do
+            let(:params) { { proxy_temp_path: '/tmp/nginx_proxy' } }
+
+            it do
+              is_expected.to contain_file('/tmp/nginx_proxy').
+                without('mode')
+            end
+          end
+
+          context 'when proxy_temp_mode is non-default' do
+            let(:params) do
+              {
+                proxy_temp_path: '/tmp/nginx_proxy',
+                proxy_temp_mode: '0771',
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/tmp/nginx_proxy').
+                with_mode('0771')
+            end
+          end
+
+          context 'when client_body_temp_path is non-default' do
+            let(:params) { { client_body_temp_path: '/tmp/nginx_client' } }
+
+            it do
+              is_expected.to contain_file('/tmp/nginx_client').
+                without('mode')
+            end
+          end
+
+          context 'when client_body_temp_mode is non-default' do
+            let(:params) do
+              {
+                client_body_temp_path: '/tmp/nginx_client',
+                client_body_temp_mode: '0771',
+              }
+            end
+
+            it do
+              is_expected.to contain_file('/tmp/nginx_client').
+                with_mode('0771')
+            end
+          end
+
           context 'when gzip is non-default (on) test gzip defaults' do
             let(:params) { { gzip: 'on' } }