fix: permissions on pdns.conf

pdemonaco · pdemonaco · commit 0c13c42acb93 · 2025-03-09T22:09:59.000-04:00
On rocky9 the default configuration does not allow the authoritative
server to actually read its own configuration file. This ensures it is
readable.

Also fixes some bugs in the spec.
diff --git a/manifests/authoritative.pp b/manifests/authoritative.pp
@@ -1,5 +1,9 @@
 # powerdns::authoritative
+#
+# @param group
+#   Name of the group associated with the pdns authoritative service - needed to ensure the config file can be read.
 class powerdns::authoritative (
+  String $group = 'pdns',
 ) inherits powerdns {
   # install the powerdns package
   package { $powerdns::authoritative_package_name:
@@ -10,6 +14,14 @@
 
   include "powerdns::backends::${powerdns::backend}"
 
+  file { $powerdns::authoritative_config:
+    ensure => 'file',
+    owner  => 'root',
+    group  => $group,
+    mode   => '0640',
+    before => Service['pdns'],
+  }
+
   service { 'pdns':
     ensure  => running,
     name    => $powerdns::authoritative_service_name,
diff --git a/spec/classes/powerdns_init_spec.rb b/spec/classes/powerdns_init_spec.rb
@@ -133,19 +133,19 @@
                 }
               end
             when '9'
-              it { is_expected.to contain_yumrepo('CRB') }
+              it { is_expected.to contain_yumrepo('crb') }
               if facts[:operatingsystem] == 'Rocky'
                 it {
                   is_expected.to contain_yumrepo('crb').with(
                     'mirrorlist' => 'http://mirrorlist.rockylinux.org/mirrorlist?arch=$basearch&repo=CRB-$releasever',
-                    'descr' => 'Rocky Linux $releasever - CRB',
+                    'descr' => "#{facts[:operatingsystem]} Linux $releasever - CRB",
                   )
                 }
               else
                 it {
-                  is_expected.to contain_yumrepo('crvb').with(
+                  is_expected.to contain_yumrepo('crb').with(
                     'mirrorlist' => 'http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=CRB&infra=$infra',
-                    'descr' => 'CentOS Linux $releasever - CRB',
+                    'descr' => "#{facts[:operatingsystem]} Linux $releasever - CRB",
                   )
                 }
               end
@@ -178,6 +178,14 @@
           it { is_expected.to contain_service('pdns').with('enable' => 'true') }
           it { is_expected.to contain_service('pdns').with('name' => authoritative_service_name) }
           it { is_expected.to contain_service('pdns').that_requires("Package[#{authoritative_package_name}]") }
+          it 'creates the pdns.conf file' do
+            is_expected.to contain_file(authoritative_config).with(
+              ensure: 'file',
+              owner: 'root',
+              group: 'pdns',
+              mode: '0640',
+            ).that_comes_before('Service[pdns]')
+          end
         end
 
         context 'powerdns class with epel' do
