From 965961e09da6a1060aae99e7f60512c2cf6ebe4c Mon Sep 17 00:00:00 2001 From: Yury Bushmelev Date: Sat, 30 Nov 2024 15:05:32 +0800 Subject: [PATCH 1/2] Add manage_user & manage_group parameters --- REFERENCE.md | 18 ++++++++++++ manifests/init.pp | 34 ++++++++++++++++------ spec/classes/init_spec.rb | 59 ++++++++++++++++++++++++++++----------- 3 files changed, 85 insertions(+), 26 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index ce9b2f7..22b44c1 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -58,7 +58,9 @@ The following parameters are available in the `caddy` class: * [`version`](#-caddy--version) * [`install_method`](#-caddy--install_method) * [`install_path`](#-caddy--install_path) +* [`manage_user`](#-caddy--manage_user) * [`caddy_user`](#-caddy--caddy_user) +* [`manage_group`](#-caddy--manage_group) * [`caddy_group`](#-caddy--caddy_group) * [`caddy_shell`](#-caddy--caddy_shell) * [`caddy_log_dir`](#-caddy--caddy_log_dir) @@ -100,6 +102,14 @@ Directory where the Caddy binary is stored. Default value: `'/opt/caddy'` +##### `manage_user` + +Data type: `Boolean` + +Whether or not the module should create the user. + +Default value: `true` + ##### `caddy_user` Data type: `String[1]` @@ -108,6 +118,14 @@ The user used by the Caddy process. Default value: `'caddy'` +##### `manage_group` + +Data type: `Boolean` + +Whether or not the module should create the group. + +Default value: `true` + ##### `caddy_group` Data type: `String[1]` diff --git a/manifests/init.pp b/manifests/init.pp index 0089bb5..02ad099 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -24,9 +24,15 @@ # @param install_path # Directory where the Caddy binary is stored. # +# @param manage_user +# Whether or not the module should create the user. +# # @param caddy_user # The user used by the Caddy process. # +# @param manage_group +# Whether or not the module should create the group. +# # @param caddy_group # The group used by the Caddy process. # @@ -79,7 +85,9 @@ String[1] $version = '2.0.0', Optional[Enum['github']] $install_method = undef, Stdlib::Absolutepath $install_path = '/opt/caddy', + Boolean $manage_user = true, String[1] $caddy_user = 'caddy', + Boolean $manage_group = true, String[1] $caddy_group = 'caddy', Stdlib::Absolutepath $caddy_shell = '/sbin/nologin', Stdlib::Absolutepath $caddy_log_dir = '/var/log/caddy', @@ -106,17 +114,25 @@ } } - group { $caddy_group: - ensure => present, - system => true, + if $manage_group { + group { $caddy_group: + ensure => present, + system => true, + } } - user { $caddy_user: - ensure => present, - shell => $caddy_shell, - gid => $caddy_group, - system => true, - home => $caddy_home, + if $manage_user { + user { $caddy_user: + ensure => present, + shell => $caddy_shell, + gid => $caddy_group, + system => true, + home => $caddy_home, + } + + if $manage_group { + Group[$caddy_group] -> User[$caddy_user] + } } contain caddy::install diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index c45dd90..4a1f128 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -4,7 +4,7 @@ describe 'caddy' do on_supported_os.each do |os, facts| - context "on #{os}" do + context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do let(:facts) do facts end @@ -24,24 +24,24 @@ it { is_expected.to contain_class('caddy::service') } it do - expect(subject).to contain_group('caddy').with( + is_expected.to contain_group('caddy').with( 'ensure' => 'present', 'system' => 'true' ) end it do - expect(subject).to contain_user('caddy').with( + is_expected.to contain_user('caddy').with( 'ensure' => 'present', 'shell' => caddy_shell, 'gid' => 'caddy', 'system' => 'true', 'home' => '/var/lib/caddy' - ) + ).that_requires('Group[caddy]') end it do - expect(subject).to contain_file('/opt/caddy').with( + is_expected.to contain_file('/opt/caddy').with( 'ensure' => 'directory', 'owner' => 'caddy', 'group' => 'caddy', @@ -50,7 +50,7 @@ end it do - expect(subject).to contain_file('/var/cache/caddy-latest'). + is_expected.to contain_file('/var/cache/caddy-latest'). with_ensure('file'). with_owner('root'). with_group('root'). @@ -60,7 +60,7 @@ end it do - expect(subject).to contain_file('/opt/caddy/caddy'). + is_expected.to contain_file('/opt/caddy/caddy'). with_ensure('file'). with_owner('root'). with_group('root'). @@ -70,7 +70,7 @@ end it do - expect(subject).to contain_file('/var/lib/caddy').with( + is_expected.to contain_file('/var/lib/caddy').with( 'ensure' => 'directory', 'owner' => 'caddy', 'group' => 'caddy', @@ -79,7 +79,7 @@ end it do - expect(subject).to contain_file('/etc/ssl/caddy').with( + is_expected.to contain_file('/etc/ssl/caddy').with( 'ensure' => 'directory', 'owner' => 'caddy', 'group' => 'caddy', @@ -88,7 +88,7 @@ end it do - expect(subject).to contain_file('/var/log/caddy').with( + is_expected.to contain_file('/var/log/caddy').with( 'ensure' => 'directory', 'owner' => 'caddy', 'group' => 'caddy', @@ -97,7 +97,7 @@ end it do - expect(subject).to contain_file('/etc/caddy').with( + is_expected.to contain_file('/etc/caddy').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'root', @@ -106,7 +106,7 @@ end it do - expect(subject).to contain_file('/etc/caddy/Caddyfile').with( + is_expected.to contain_file('/etc/caddy/Caddyfile').with( 'ensure' => 'file', 'owner' => 'caddy', 'group' => 'caddy', @@ -117,7 +117,7 @@ end it do - expect(subject).to contain_file('/etc/caddy/config').with( + is_expected.to contain_file('/etc/caddy/config').with( 'ensure' => 'directory', 'purge' => 'true', 'recurse' => 'true', @@ -128,13 +128,13 @@ end it do - expect(subject).to contain_systemd__unit_file('caddy.service').with( + is_expected.to contain_systemd__unit_file('caddy.service').with( 'content' => %r{User=caddy} ) end it do - expect(subject).to contain_service('caddy.service').with( + is_expected.to contain_service('caddy.service').with( 'ensure' => true, 'enable' => true ) @@ -150,7 +150,7 @@ end it do - expect(subject).to contain_archive('/var/cache/caddy_2.0.0_linux_amd64.tar.gz').with( + is_expected.to contain_archive('/var/cache/caddy_2.0.0_linux_amd64.tar.gz').with( 'ensure' => 'present', 'extract' => 'true', 'extract_path' => '/var/cache/caddy-2.0.0', @@ -161,7 +161,7 @@ end it do - expect(subject).to contain_file('/opt/caddy/caddy'). + is_expected.to contain_file('/opt/caddy/caddy'). with_ensure('file'). with_owner('root'). with_group('root'). @@ -170,6 +170,31 @@ that_requires('File[/opt/caddy]') end end + + context 'with caddy_user => test_user' do + let(:params) { { caddy_user: 'test_user' } } + + it { is_expected.to contain_user('test_user') } + end + + context 'with caddy_group => test_group' do + let(:params) { { caddy_user: 'test_group' } } + + it { is_expected.to contain_user('test_group') } + end + + context 'with manage_user => false' do + let(:params) { { manage_user: false } } + + it { is_expected.not_to contain_user('caddy') } + end + + context 'with manage_group => false' do + let(:params) { { manage_group: false } } + + it { is_expected.not_to contain_group('caddy') } + it { is_expected.to contain_user('caddy').that_requires(nil) } + end end end end From 4f859fbf1c83e1c5a88d8f675964d124b328acd7 Mon Sep 17 00:00:00 2001 From: Yury Bushmelev Date: Sat, 30 Nov 2024 16:25:06 +0800 Subject: [PATCH 2/2] Allow to manage systemd unit and service separately Options added: * manage_systemd_unit * manage_service * service_name * service_ensure * service_enable --- REFERENCE.md | 45 +++++++++++++++++++++++++++++++++++++ manifests/init.pp | 20 +++++++++++++++++ manifests/service.pp | 47 ++++++++++++++++++++++++--------------- spec/classes/init_spec.rb | 39 +++++++++++++++++++++++++++++--- 4 files changed, 130 insertions(+), 21 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 22b44c1..7119083 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -72,11 +72,16 @@ The following parameters are available in the `caddy` class: * [`caddy_architecture`](#-caddy--caddy_architecture) * [`caddy_account_id`](#-caddy--caddy_account_id) * [`caddy_api_key`](#-caddy--caddy_api_key) +* [`manage_systemd_unit`](#-caddy--manage_systemd_unit) * [`systemd_limit_processes`](#-caddy--systemd_limit_processes) * [`systemd_private_devices`](#-caddy--systemd_private_devices) * [`systemd_capability_bounding_set`](#-caddy--systemd_capability_bounding_set) * [`systemd_ambient_capabilities`](#-caddy--systemd_ambient_capabilities) * [`systemd_no_new_privileges`](#-caddy--systemd_no_new_privileges) +* [`manage_service`](#-caddy--manage_service) +* [`service_name`](#-caddy--service_name) +* [`service_ensure`](#-caddy--service_ensure) +* [`service_enable`](#-caddy--service_enable) ##### `version` @@ -214,6 +219,14 @@ The API key, required for the commercial license. Default value: `undef` +##### `manage_systemd_unit` + +Data type: `Boolean` + +Whether or not the module should create the systemd unit file. + +Default value: `true` + ##### `systemd_limit_processes` Data type: `Integer[0]` @@ -254,6 +267,38 @@ Whether the process and all its children can gain new privileges through execve( Default value: `undef` +##### `manage_service` + +Data type: `Boolean` + +Whether or not the module should manage the service. + +Default value: `true` + +##### `service_name` + +Data type: `String[1]` + +Customise the name of the system service + +Default value: `'caddy'` + +##### `service_ensure` + +Data type: `Stdlib::Ensure::Service` + +Whether the service should be running or stopped + +Default value: `'running'` + +##### `service_enable` + +Data type: `Boolean` + +Whether the service should be enabled or disabled + +Default value: `true` + ## Defined types ### `caddy::vhost` diff --git a/manifests/init.pp b/manifests/init.pp index 02ad099..a91c55f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -66,6 +66,9 @@ # @param caddy_api_key # The API key, required for the commercial license. # +# @param manage_systemd_unit +# Whether or not the module should create the systemd unit file. +# # @param systemd_limit_processes # The number of processes. # @@ -81,6 +84,18 @@ # @param systemd_no_new_privileges # Whether the process and all its children can gain new privileges through execve(). # +# @param manage_service +# Whether or not the module should manage the service. +# +# @param service_name +# Customise the name of the system service +# +# @param service_ensure +# Whether the service should be running or stopped +# +# @param service_enable +# Whether the service should be enabled or disabled +# class caddy ( String[1] $version = '2.0.0', Optional[Enum['github']] $install_method = undef, @@ -99,11 +114,16 @@ String[1] $caddy_architecture = $facts['os']['architecture'], Optional[String[1]] $caddy_account_id = undef, Optional[String[1]] $caddy_api_key = undef, + Boolean $manage_systemd_unit = true, Integer[0] $systemd_limit_processes = 64, Boolean $systemd_private_devices = true, Optional[String[1]] $systemd_capability_bounding_set = undef, String[1] $systemd_ambient_capabilities = 'CAP_NET_BIND_SERVICE', Optional[Boolean] $systemd_no_new_privileges = undef, + Boolean $manage_service = true, + String[1] $service_name = 'caddy', + Stdlib::Ensure::Service $service_ensure = 'running', + Boolean $service_enable = true, ) { case $caddy_architecture { 'x86_64', 'amd64': { $arch = 'amd64' } diff --git a/manifests/service.pp b/manifests/service.pp index 8214bdc..94ca5d6 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -6,23 +6,34 @@ class caddy::service { assert_private() - systemd::unit_file { 'caddy.service': - enable => true, - active => true, - content => epp('caddy/etc/systemd/system/caddy.service.epp', - { - install_path => $caddy::install_path, - caddy_user => $caddy::caddy_user, - caddy_group => $caddy::caddy_group, - caddy_log_dir => $caddy::caddy_log_dir, - caddy_ssl_dir => $caddy::caddy_ssl_dir, - caddy_home => $caddy::caddy_home, - systemd_limit_processes => $caddy::systemd_limit_processes, - systemd_private_devices => $caddy::systemd_private_devices, - systemd_capability_bounding_set => $caddy::systemd_capability_bounding_set, - systemd_ambient_capabilities => $caddy::systemd_ambient_capabilities, - systemd_no_new_privileges => $caddy::systemd_no_new_privileges, - } - ), + if $caddy::manage_systemd_unit { + systemd::unit_file { "${caddy::service_name}.service": + content => epp('caddy/etc/systemd/system/caddy.service.epp', + { + install_path => $caddy::install_path, + caddy_user => $caddy::caddy_user, + caddy_group => $caddy::caddy_group, + caddy_log_dir => $caddy::caddy_log_dir, + caddy_ssl_dir => $caddy::caddy_ssl_dir, + caddy_home => $caddy::caddy_home, + systemd_limit_processes => $caddy::systemd_limit_processes, + systemd_private_devices => $caddy::systemd_private_devices, + systemd_capability_bounding_set => $caddy::systemd_capability_bounding_set, + systemd_ambient_capabilities => $caddy::systemd_ambient_capabilities, + systemd_no_new_privileges => $caddy::systemd_no_new_privileges, + } + ), + } + } + + if $caddy::manage_service { + service { $caddy::service_name: + ensure => $caddy::service_ensure, + enable => $caddy::service_enable, + } + + if $caddy::manage_systemd_unit { + Systemd::Unit_file["${caddy::service_name}.service"] ~> Service[$caddy::service_name] + } } } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 4a1f128..7a57a54 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -130,12 +130,12 @@ it do is_expected.to contain_systemd__unit_file('caddy.service').with( 'content' => %r{User=caddy} - ) + ).that_notifies('Service[caddy]') end it do - is_expected.to contain_service('caddy.service').with( - 'ensure' => true, + is_expected.to contain_service('caddy').with( + 'ensure' => 'running', 'enable' => true ) end @@ -195,6 +195,39 @@ it { is_expected.not_to contain_group('caddy') } it { is_expected.to contain_user('caddy').that_requires(nil) } end + + context 'with manage_systemd_unit => false' do + let(:params) { { manage_systemd_unit: false } } + + it { is_expected.not_to contain_systemd__unit_file('caddy.service') } + it { is_expected.to contain_service('caddy').that_subscribes_to(nil) } + end + + context 'with manage_service => false' do + let(:params) { { manage_service: false } } + + it { is_expected.to contain_systemd__unit_file('caddy.service').that_notifies(nil) } + it { is_expected.not_to contain_service('caddy') } + end + + context 'with service_name => custom' do + let(:params) { { service_name: 'custom' } } + + it { is_expected.to contain_systemd__unit_file('custom.service') } + it { is_expected.to contain_service('custom') } + end + + context 'with service_ensure => stopped' do + let(:params) { { service_ensure: 'stopped' } } + + it { is_expected.to contain_service('caddy').with_ensure('stopped') } + end + + context 'with service_enable => false' do + let(:params) { { service_enable: false } } + + it { is_expected.to contain_service('caddy').with_enable(false) } + end end end end