Merge "Set appropriate ownership/permission to config files"

manifests/containerreconciler.pp

@@ -138,6 +138,16 @@ class swift::containerreconciler(
     purge => $purge_config,
   }
 
+  file { '/etc/swift/container-reconciler.conf':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => $::swift::params::group,
+    mode    => '0640',
+    require => Anchor['swift::config::begin'],
+    before  => Anchor['swift::config::end']
+  }
+  File['/etc/swift/container-reconciler.conf'] -> Swift_container_reconciler_config<||>
+
   # only add memcache servers if 'cache' is included in the pipeline
   if !empty(grep(any2array($pipeline), 'cache')) {
 

manifests/internal_client.pp

@@ -65,6 +65,7 @@ class swift::internal_client (
 ) inherits swift::params {
 
   include swift::deps
+  include swift::params
 
   if $pipeline[-1] != 'proxy-server' {
     fail('proxy-server must be the last element in pipeline')
@@ -74,6 +75,16 @@ class swift::internal_client (
     purge => $purge_config,
   }
 
+  file { '/etc/swift/internal-client.conf':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => $::swift::params::group,
+    mode    => '0640',
+    require => Anchor['swift::config::begin'],
+    before  => Anchor['swift::config::end']
+  }
+  File['/etc/swift/internal-client.conf'] -> Swift_internal_client_config<||>
+
   swift_internal_client_config {
     'DEFAULT/user':                               value => $user;
     'pipeline:main/pipeline':                     value => join($pipeline, ' ');

manifests/keymaster.pp

@@ -92,6 +92,17 @@ class swift::keymaster(
 ) {
 
   include swift::deps
+  include swift::params
+
+  file { '/etc/swift/keymaster.conf':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => $::swift::params::group,
+    mode    => '0640',
+    require => Anchor['swift::config::begin'],
+    before  => Anchor['swift::config::end']
+  }
+  File['/etc/swift/keymaster.conf'] -> Swift_keymaster_config<||>
 
   swift_keymaster_config {
     'kms_keymaster/api_class':             value => $api_class;

manifests/memcache.pp

@@ -85,11 +85,14 @@ class swift::memcache (
   }
 
   file { '/etc/swift/memcache.conf':
-    ensure => file,
-    owner  => $::swift::params::user,
-    group  => $::swift::params::group,
-    mode   => '0640',
+    ensure  => 'file',
+    owner   => 'root',
+    group   => $::swift::params::group,
+    mode    => '0640',
+    require => Anchor['swift::config::begin'],
+    before  => Anchor['swift::config::end']
   }
+  File['/etc/swift/memcache.conf'] -> Swift_memcache_config<||>
 
   swift_memcache_config {
     'memcache/memcache_servers':               value => join(any2array($memcache_servers), ',');

manifests/objectexpirer.pp

@@ -152,6 +152,16 @@ class swift::objectexpirer(
     purge => $purge_config,
   }
 
+  file { '/etc/swift/object-expirer.conf':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => $::swift::params::group,
+    mode    => '0640',
+    require => Anchor['swift::config::begin'],
+    before  => Anchor['swift::config::end']
+  }
+  File['/etc/swift/object-expirer.conf'] -> Swift_object_expirer_config<||>
+
   if $pipeline[-1] != 'proxy-server' {
     fail('proxy-server must be the last element in pipeline')
   }

manifests/proxy.pp

@@ -225,11 +225,21 @@ class swift::proxy(
     purge => $purge_config,
   }
 
+  file { '/etc/swift/proxy-server.conf':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => $::swift::params::group,
+    mode    => '0640',
+    require => Anchor['swift::config::begin'],
+    before  => Anchor['swift::config::end']
+  }
+  File['/etc/swift/proxy-server.conf'] -> Swift_proxy_config<||>
+
   swift_proxy_config {
     'DEFAULT/bind_port':                           value => $port;
     'DEFAULT/bind_ip':                             value => $proxy_local_net_ip;
     'DEFAULT/workers':                             value => $workers;
-    'DEFAULT/user':                                value => 'swift';
+    'DEFAULT/user':                                value => $::swift::params::user;
     'DEFAULT/log_name':                            value => $log_name;
     'DEFAULT/log_facility':                        value => $log_facility;
     'DEFAULT/log_level':                           value => $log_level;

manifests/proxy/ceilometer.pp

@@ -215,8 +215,8 @@ class swift::proxy::ceilometer(
   }
 
   file { '/etc/swift/ceilometer.conf':
-    ensure  => present,
-    owner   => $::swift::params::user,
+    ensure  => 'file',
+    owner   => 'root',
     group   => $::swift::params::group,
     mode    => '0640',
     require => Anchor['swift::config::begin'],

manifests/storage/drive_audit.pp

@@ -130,6 +130,17 @@ class swift::storage::drive_audit(
     purge => $purge_config,
   }
 
+  file { '/etc/swift/drive-audit.conf':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => $::swift::params::group,
+    mode    => '0640',
+    require => Anchor['swift::config::begin'],
+    before  => Anchor['swift::config::end']
+  }
+  File['/etc/swift/drive-audit.conf'] -> Swift_drive_audit_config<||>
+
+
   swift_drive_audit_config {
     'drive-audit/log_name'    : value => $log_name;
     'drive-audit/log_facility': value => $log_facility;

manifests/storage/server.pp

@@ -407,8 +407,8 @@ define swift::storage::server(
       %>"), ',')
 
   file { $config_file_full_path:
-    ensure => present,
-    owner  => pick($owner, $::swift::params::user),
+    ensure => 'file',
+    owner  => 'root',
     group  => pick($group, $::swift::params::group),
     mode   => '0640',
     tag    => 'swift-config-file',
@@ -553,6 +553,15 @@ define swift::storage::server(
           'container-sharder/log_name'    => {'ensure' => absent},
         }
       }
+
+      file { '/etc/swift/container-sync-realms.conf':
+        ensure => 'file',
+        owner  => 'root',
+        group  => pick($group, $::swift::params::group),
+        mode   => '0640',
+        tag    => 'swift-config-file',
+      }
+      File['/etc/swift/container-sync-realms.conf'] -> Swift_container_sync_realms_config<||>
     }
     'object': {
       $type_opts = {

spec/classes/swift_containerreconciler_spec.rb

@@ -12,6 +12,13 @@ describe 'swift::containerreconciler' do
 
   shared_examples 'swift::container::reconciler' do
     context 'with defaults' do
+      it { is_expected.to contain_file('/etc/swift/container-reconciler.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
+      )}
+
       it 'configures container-reconciler.conf' do
         is_expected.to contain_swift_container_reconciler_config(
           'pipeline:main/pipeline').with_value('catch_errors proxy-logging cache proxy-server')

spec/classes/swift_internal_client_spec.rb

@@ -12,6 +12,13 @@ describe 'swift::internal_client' do
     end
 
     context 'with defaults' do
+      it { is_expected.to contain_file('/etc/swift/internal-client.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
+      )}
+
       it 'should configure default values' do
         should contain_swift_internal_client_config('DEFAULT/user').with_value('swift')
         should contain_swift_internal_client_config('pipeline:main/pipeline').with_value('catch_errors proxy-logging cache proxy-server')

spec/classes/swift_keymaster_spec.rb

@@ -9,6 +9,13 @@ describe 'swift::keymaster' do
     end
 
     context "when using default parameters" do
+      it { is_expected.to contain_file('/etc/swift/keymaster.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
+      )}
+
       it 'configures keymaster options' do
         is_expected.to contain_swift_keymaster_config('kms_keymaster/api_class').with_value('barbican')
         is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('<SERVICE DEFAULT>')

spec/classes/swift_memcache_spec.rb

@@ -4,17 +4,11 @@ describe 'swift::memcache' do
   shared_examples 'swift::memcache' do
 
     describe 'when using default parameters' do
-
-      let :file_defaults do
-        {
-          :owner   => 'swift',
-          :group   => 'swift',
-          :mode    => '0640',
-        }
-      end
-
-      it {is_expected.to contain_file('/etc/swift/memcache.conf').with(
-         {:ensure => 'file'}.merge(file_defaults)
+      it { is_expected.to contain_file('/etc/swift/memcache.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
       )}
 
       it { is_expected.to contain_swift_memcache_config(

spec/classes/swift_objectexpirer_spec.rb

@@ -12,6 +12,13 @@ describe 'swift::objectexpirer' do
 
   shared_examples 'swift::objectexpirer' do
     context 'with defaults' do
+      it { is_expected.to contain_file('/etc/swift/object-expirer.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
+      )}
+
       it 'configures object-expirer.conf' do
         is_expected.to contain_swift_object_expirer_config(
           'pipeline:main/pipeline').with_value('catch_errors proxy-logging cache proxy-server')

spec/classes/swift_proxy_ceilometer_spec.rb

@@ -34,8 +34,8 @@ describe 'swift::proxy::ceilometer' do
       )}
 
       it { is_expected.to contain_file('/etc/swift/ceilometer.conf').with(
-        :ensure => 'present',
-        :owner  => 'swift',
+        :ensure => 'file',
+        :owner  => 'root',
         :group  => 'swift',
         :mode   => '0640',
       )}

spec/classes/swift_proxy_spec.rb

@@ -46,6 +46,13 @@ describe 'swift::proxy' do
           :tag       => ['swift-service', 'swift-proxy-service'],
         )}
 
+        it { is_expected.to contain_file('/etc/swift/proxy-server.conf').with(
+          :ensure => 'file',
+          :owner  => 'root',
+          :group  => 'swift',
+          :mode   => '0640',
+        )}
+
         it { should contain_service('swift-proxy-server').that_subscribes_to('Anchor[swift::service::begin]') }
         it { should contain_service('swift-proxy-server').that_notifies('Anchor[swift::service::end]') }
         it { should contain_swift_proxy_config('DEFAULT/bind_port').with_value('8080') }

spec/classes/swift_storage_driver_audit_spec.rb

@@ -4,6 +4,13 @@ describe 'swift::storage::drive_audit' do
   shared_examples 'swift::storage::drive_audit' do
 
     context 'with defaults' do
+      it { is_expected.to contain_file('/etc/swift/drive-audit.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
+      )}
+
       it 'should configure default values' do
         should contain_swift_drive_audit_config('drive-audit/log_name').with_value('drive-audit')
         should contain_swift_drive_audit_config('drive-audit/log_facility').with_value('LOG_LOCAL2')
@@ -52,6 +59,13 @@ describe 'swift::storage::drive_audit' do
         }
       end
 
+      it { is_expected.to contain_file('/etc/swift/drive-audit.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
+      )}
+
       it 'should configure the given values' do
         should contain_swift_drive_audit_config('drive-audit/user').with_value('alt_swift')
         should contain_swift_drive_audit_config('drive-audit/device_dir').with_value('/opt/swift')

spec/defines/swift_storage_server_spec.rb

@@ -58,8 +58,8 @@ describe 'swift::storage::server' do
       )}
 
       it { is_expected.to contain_file('/etc/swift/account-server.conf').with(
-        :ensure => 'present',
-        :owner  => 'swift',
+        :ensure => 'file',
+        :owner  => 'root',
         :group  => 'swift',
         :mode   => '0640',
         :tag    => 'swift-config-file'
@@ -241,8 +241,15 @@ describe 'swift::storage::server' do
       )}
 
       it { is_expected.to contain_file('/etc/swift/container-server.conf').with(
-        :ensure => 'present',
-        :owner  => 'swift',
+        :ensure => 'file',
+        :owner  => 'root',
+        :group  => 'swift',
+        :mode   => '0640',
+        :tag    => 'swift-config-file'
+      )}
+      it { is_expected.to contain_file('/etc/swift/container-sync-realms.conf').with(
+        :ensure => 'file',
+        :owner  => 'root',
         :group  => 'swift',
         :mode   => '0640',
         :tag    => 'swift-config-file'
@@ -435,8 +442,8 @@ describe 'swift::storage::server' do
       )}
 
       it { is_expected.to contain_file('/etc/swift/object-server.conf').with(
-        :ensure => 'present',
-        :owner  => 'swift',
+        :ensure => 'file',
+        :owner  => 'root',
         :group  => 'swift',
         :mode   => '0640',
         :tag    => 'swift-config-file'