From 39f4dd2a7a28caa64510da555001b918ac8f3a60 Mon Sep 17 00:00:00 2001 From: Lukas Plattner Date: Mon, 29 Apr 2024 13:55:53 +0200 Subject: [PATCH 1/6] Set Default file mode to 0600 as config could contain connection strings --- REFERENCE.md | 2 +- manifests/init.pp | 2 +- spec/classes/otelcol_spec.rb | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 0e91581..c9d6d2b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -148,7 +148,7 @@ Data type: `Stdlib::Filemode` mode of config_file -Default value: `'0644'` +Default value: `'0600'` ##### `receivers` diff --git a/manifests/init.pp b/manifests/init.pp index 25fa850..ade69e9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,7 +60,7 @@ String $config_file = "/etc/${package_name}/config.yaml", String $config_file_owner = 'root', String $config_file_group = 'root', - Stdlib::Filemode $config_file_mode = '0644', + Stdlib::Filemode $config_file_mode = '0600', Hash[String, Hash] $receivers = {}, Hash[String, Hash] $processors = {}, Hash[String, Hash] $exporters = {}, diff --git a/spec/classes/otelcol_spec.rb b/spec/classes/otelcol_spec.rb index b435dd7..751694d 100644 --- a/spec/classes/otelcol_spec.rb +++ b/spec/classes/otelcol_spec.rb @@ -17,6 +17,7 @@ is_expected.to contain_concat('otelcol-config').with({ 'path' => '/etc/otelcol/config.yaml', 'format' => 'yaml', + 'mode' => '0600', }) is_expected.to contain_concat__fragment('otelcol-config-header') is_expected.to contain_concat__fragment('otelcol-config-baseconfig') @@ -150,7 +151,7 @@ { config_file_owner: 'root', config_file_group: 'root', - config_file_mode: '0600', + config_file_mode: '0640', } end @@ -160,7 +161,7 @@ is_expected.to contain_concat('otelcol-config').with( 'owner' => 'root', 'group' => 'root', - 'mode' => '0600' + 'mode' => '0640' ) } end From 007add40d93a27751c100b686de45dc6d291c5c6 Mon Sep 17 00:00:00 2001 From: Lukas Plattner Date: Mon, 29 Apr 2024 14:07:19 +0200 Subject: [PATCH 2/6] Also set user correctly to allow access for the service --- REFERENCE.md | 4 ++-- manifests/init.pp | 4 ++-- spec/classes/otelcol_spec.rb | 15 ++++++++++----- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index c9d6d2b..e298bbe 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -132,7 +132,7 @@ Data type: `String` owner of config_file -Default value: `'root'` +Default value: `$service_name` ##### `config_file_group` @@ -140,7 +140,7 @@ Data type: `String` group of config_file -Default value: `'root'` +Default value: `$service_name` ##### `config_file_mode` diff --git a/manifests/init.pp b/manifests/init.pp index ade69e9..c645dbc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -58,8 +58,8 @@ String $environment_file = "/etc/${package_name}/${package_name}.conf", Optional[String] $run_options = undef, String $config_file = "/etc/${package_name}/config.yaml", - String $config_file_owner = 'root', - String $config_file_group = 'root', + String $config_file_owner = $service_name, + String $config_file_group = $service_name, Stdlib::Filemode $config_file_mode = '0600', Hash[String, Hash] $receivers = {}, Hash[String, Hash] $processors = {}, diff --git a/spec/classes/otelcol_spec.rb b/spec/classes/otelcol_spec.rb index 751694d..461f972 100644 --- a/spec/classes/otelcol_spec.rb +++ b/spec/classes/otelcol_spec.rb @@ -18,6 +18,8 @@ 'path' => '/etc/otelcol/config.yaml', 'format' => 'yaml', 'mode' => '0600', + 'owner' => 'otelcol', + 'group' => 'otelcol', }) is_expected.to contain_concat__fragment('otelcol-config-header') is_expected.to contain_concat__fragment('otelcol-config-baseconfig') @@ -41,8 +43,6 @@ let :params do { package_name: 'otelcol-contrib', - config_file_owner: 'otelcol-contrib', - config_file_group: 'otelcol-contrib', } end @@ -58,7 +58,14 @@ } it { # Validate vaild YAML for config - is_expected.to contain_concat('otelcol-config') # .with_content(configcontent.to_yaml) + is_expected.to contain_concat('otelcol-config').with({ + 'path' => '/etc/otelcol-contrib/config.yaml', + 'format' => 'yaml', + 'mode' => '0600', + 'owner' => 'otelcol-contrib', + 'group' => 'otelcol-contrib', + }) + # .with_content(configcontent.to_yaml) # yaml_object = YAML.load(catalogue.resource('file', 'otelcol-config').send(:parameters)[:content]) # expect(yaml_object.length).to be > 0 } @@ -74,8 +81,6 @@ let :params do { package_name: 'otelcol-contrib', - config_file_owner: 'otelcol-contrib', - config_file_group: 'otelcol-contrib', manage_archive: true, } end From 3f78c540edf70bff5e73eaf4b57c2e0104dc11f3 Mon Sep 17 00:00:00 2001 From: Lukas Plattner Date: Mon, 29 Apr 2024 14:21:41 +0200 Subject: [PATCH 3/6] Explicit require Package --- manifests/config.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index c9818a5..63d0e27 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -17,12 +17,13 @@ } concat { 'otelcol-config' : - ensure => present, - path => $otelcol::config_file, - format => 'yaml', - owner => $otelcol::config_file_owner, - group => $otelcol::config_file_group, - mode => $otelcol::config_file_mode, + ensure => present, + path => $otelcol::config_file, + format => 'yaml', + owner => $otelcol::config_file_owner, + group => $otelcol::config_file_group, + mode => $otelcol::config_file_mode, + require => Package['otelcol'], } concat::fragment { 'otelcol-config-header' : target => 'otelcol-config', From bbb11cd83cc6190c4cfe975cbe64e70f0c36172e Mon Sep 17 00:00:00 2001 From: Lukas Plattner Date: Mon, 29 Apr 2024 13:55:53 +0200 Subject: [PATCH 4/6] Set Default file mode to 0600 as config could contain connection strings --- REFERENCE.md | 2 +- manifests/init.pp | 2 +- spec/classes/otelcol_spec.rb | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 0e91581..c9d6d2b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -148,7 +148,7 @@ Data type: `Stdlib::Filemode` mode of config_file -Default value: `'0644'` +Default value: `'0600'` ##### `receivers` diff --git a/manifests/init.pp b/manifests/init.pp index 25fa850..ade69e9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,7 +60,7 @@ String $config_file = "/etc/${package_name}/config.yaml", String $config_file_owner = 'root', String $config_file_group = 'root', - Stdlib::Filemode $config_file_mode = '0644', + Stdlib::Filemode $config_file_mode = '0600', Hash[String, Hash] $receivers = {}, Hash[String, Hash] $processors = {}, Hash[String, Hash] $exporters = {}, diff --git a/spec/classes/otelcol_spec.rb b/spec/classes/otelcol_spec.rb index b435dd7..751694d 100644 --- a/spec/classes/otelcol_spec.rb +++ b/spec/classes/otelcol_spec.rb @@ -17,6 +17,7 @@ is_expected.to contain_concat('otelcol-config').with({ 'path' => '/etc/otelcol/config.yaml', 'format' => 'yaml', + 'mode' => '0600', }) is_expected.to contain_concat__fragment('otelcol-config-header') is_expected.to contain_concat__fragment('otelcol-config-baseconfig') @@ -150,7 +151,7 @@ { config_file_owner: 'root', config_file_group: 'root', - config_file_mode: '0600', + config_file_mode: '0640', } end @@ -160,7 +161,7 @@ is_expected.to contain_concat('otelcol-config').with( 'owner' => 'root', 'group' => 'root', - 'mode' => '0600' + 'mode' => '0640' ) } end From 2c13345ed024f9936b588e93d6ece6892430941b Mon Sep 17 00:00:00 2001 From: Lukas Plattner Date: Mon, 29 Apr 2024 14:07:19 +0200 Subject: [PATCH 5/6] Also set user correctly to allow access for the service --- REFERENCE.md | 4 ++-- manifests/init.pp | 4 ++-- spec/classes/otelcol_spec.rb | 15 ++++++++++----- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index c9d6d2b..e298bbe 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -132,7 +132,7 @@ Data type: `String` owner of config_file -Default value: `'root'` +Default value: `$service_name` ##### `config_file_group` @@ -140,7 +140,7 @@ Data type: `String` group of config_file -Default value: `'root'` +Default value: `$service_name` ##### `config_file_mode` diff --git a/manifests/init.pp b/manifests/init.pp index ade69e9..c645dbc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -58,8 +58,8 @@ String $environment_file = "/etc/${package_name}/${package_name}.conf", Optional[String] $run_options = undef, String $config_file = "/etc/${package_name}/config.yaml", - String $config_file_owner = 'root', - String $config_file_group = 'root', + String $config_file_owner = $service_name, + String $config_file_group = $service_name, Stdlib::Filemode $config_file_mode = '0600', Hash[String, Hash] $receivers = {}, Hash[String, Hash] $processors = {}, diff --git a/spec/classes/otelcol_spec.rb b/spec/classes/otelcol_spec.rb index 751694d..461f972 100644 --- a/spec/classes/otelcol_spec.rb +++ b/spec/classes/otelcol_spec.rb @@ -18,6 +18,8 @@ 'path' => '/etc/otelcol/config.yaml', 'format' => 'yaml', 'mode' => '0600', + 'owner' => 'otelcol', + 'group' => 'otelcol', }) is_expected.to contain_concat__fragment('otelcol-config-header') is_expected.to contain_concat__fragment('otelcol-config-baseconfig') @@ -41,8 +43,6 @@ let :params do { package_name: 'otelcol-contrib', - config_file_owner: 'otelcol-contrib', - config_file_group: 'otelcol-contrib', } end @@ -58,7 +58,14 @@ } it { # Validate vaild YAML for config - is_expected.to contain_concat('otelcol-config') # .with_content(configcontent.to_yaml) + is_expected.to contain_concat('otelcol-config').with({ + 'path' => '/etc/otelcol-contrib/config.yaml', + 'format' => 'yaml', + 'mode' => '0600', + 'owner' => 'otelcol-contrib', + 'group' => 'otelcol-contrib', + }) + # .with_content(configcontent.to_yaml) # yaml_object = YAML.load(catalogue.resource('file', 'otelcol-config').send(:parameters)[:content]) # expect(yaml_object.length).to be > 0 } @@ -74,8 +81,6 @@ let :params do { package_name: 'otelcol-contrib', - config_file_owner: 'otelcol-contrib', - config_file_group: 'otelcol-contrib', manage_archive: true, } end From cacfee0890f40962852a2b8a05a942b014c253b0 Mon Sep 17 00:00:00 2001 From: Lukas Plattner Date: Mon, 29 Apr 2024 14:21:41 +0200 Subject: [PATCH 6/6] Explicit require Package --- manifests/config.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index c9818a5..63d0e27 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -17,12 +17,13 @@ } concat { 'otelcol-config' : - ensure => present, - path => $otelcol::config_file, - format => 'yaml', - owner => $otelcol::config_file_owner, - group => $otelcol::config_file_group, - mode => $otelcol::config_file_mode, + ensure => present, + path => $otelcol::config_file, + format => 'yaml', + owner => $otelcol::config_file_owner, + group => $otelcol::config_file_group, + mode => $otelcol::config_file_mode, + require => Package['otelcol'], } concat::fragment { 'otelcol-config-header' : target => 'otelcol-config',