From e10346cfdeec9f73836f68010b7b8ae9ee43fbf0 Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Fri, 11 Oct 2019 11:22:31 +0200
Subject: [PATCH] module: allow to configure module user/group

Motivation: for security reasons they shouldn't belong to the Wildfly user. Also,
when installing Wildfly via RPM the current implementation fails on `mkdir -p`,
as the `modules` directory belongs to root.

I didn't want to change file ownership handling throughout the whole module. So
this fix allows those who depend on RPMs and those who want to not grant the web
server write access to it's binaries the possibility to achieve that goal.
---
 manifests/config/module.pp | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/manifests/config/module.pp b/manifests/config/module.pp
index 5e8ee4fc..67af7dfd 100644
--- a/manifests/config/module.pp
+++ b/manifests/config/module.pp
@@ -11,7 +11,9 @@
   String $template = 'wildfly/module.xml',
   Optional[Boolean] $system = true,
   Optional[Array] $dependencies = [],
-  Optional[String] $custom_file = undef) {
+  Optional[String] $custom_file = undef,
+  Optional[String] $user = $::wildfly::user,
+  Optional[String] $group = $::wildfly::group) {
 
   require wildfly::install
 
@@ -22,8 +24,8 @@
   }
 
   File {
-    owner => $wildfly::user,
-    group => $wildfly::group
+    owner => $user,
+    group => $group,
   }
 
   $dir_path = "${wildfly::dirname}/modules/${module_dir}/${namespace_path}/main"
@@ -32,14 +34,12 @@
     path    => ['/bin','/usr/bin', '/sbin'],
     command => "mkdir -p ${dir_path}",
     unless  => "test -d ${dir_path}",
-    user    => $wildfly::user,
+    user    => $user,
     before  => [File[$dir_path]],
   }
 
   file { $dir_path:
     ensure => directory,
-    owner  => $wildfly::user,
-    group  => $wildfly::group,
   }
 
   if $source == '.' {
@@ -54,8 +54,6 @@
     /^(file:|puppet:)/: {
       file { "${dir_path}/${file_name}":
         ensure => file,
-        owner  => $::wildfly::user,
-        group  => $::wildfly::group,
         mode   => '0655',
         source => $source
       }
@@ -71,8 +69,6 @@
 
       file { "${dir_path}/${file_name}":
         ensure  => file,
-        owner   => $::wildfly::user,
-        group   => $::wildfly::group,
         mode    => '0655',
         require => Exec["download module from ${source}"],
       }
@@ -82,8 +78,6 @@
   if $custom_file {
     file { "${dir_path}/module.xml":
       ensure  => file,
-      owner   => $wildfly::user,
-      group   => $wildfly::group,
       content => file($custom_file),
     }
   } else {
@@ -95,8 +89,6 @@
 
     file { "${dir_path}/module.xml":
       ensure  => file,
-      owner   => $wildfly::user,
-      group   => $wildfly::group,
       content => epp($template, $params),
     }
   }