From abf547dca0e6c431a46bbfd8280fbc85e5e9c871 Mon Sep 17 00:00:00 2001
From: Luis Pigueiras <luis.pigueiras@cern.ch>
Date: Thu, 29 Jun 2017 11:48:31 +0200
Subject: [PATCH] Ensure pipeline yamls are created with correct permissions

Right now when you try to manage the `pipeline.yaml` or
`event_pipeline.yaml` via Puppet, notification-agent can't start
because it can't read the file because it has by default root:root
permissions. This enforces to have root:ceilometer and mode rw-r-----
to allow the daemon read the pipeline files

Change-Id: Ia97821135a2d51377514f2bcf389126254209e76
---
 manifests/agent/notification.pp                    | 6 ++++++
 spec/classes/ceilometer_agent_notification_spec.rb | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/manifests/agent/notification.pp b/manifests/agent/notification.pp
index 35e22194..7f0f40a0 100644
--- a/manifests/agent/notification.pp
+++ b/manifests/agent/notification.pp
@@ -127,6 +127,9 @@ class ceilometer::agent::notification (
       path                    => $::ceilometer::params::event_pipeline,
       content                 => template('ceilometer/event_pipeline.yaml.erb'),
       selinux_ignore_defaults => true,
+      mode                    => '0640',
+      owner                   => 'root',
+      group                   => 'ceilometer',
       tag                     => 'ceilometer-yamls',
     }
   }
@@ -139,6 +142,9 @@ class ceilometer::agent::notification (
       path                    => $::ceilometer::params::pipeline,
       content                 => template('ceilometer/pipeline.yaml.erb'),
       selinux_ignore_defaults => true,
+      mode                    => '0640',
+      owner                   => 'root',
+      group                   => 'ceilometer',
       tag                     => 'ceilometer-yamls',
     }
   }
diff --git a/spec/classes/ceilometer_agent_notification_spec.rb b/spec/classes/ceilometer_agent_notification_spec.rb
index 1c1bbaef..bff9af5d 100644
--- a/spec/classes/ceilometer_agent_notification_spec.rb
+++ b/spec/classes/ceilometer_agent_notification_spec.rb
@@ -119,7 +119,10 @@ describe 'ceilometer::agent::notification' do
       ) }
 
       it { is_expected.to contain_file('event_pipeline').with(
-        'path' => '/etc/ceilometer/event_pipeline.yaml',
+        'path'  => '/etc/ceilometer/event_pipeline.yaml',
+        'owner' => 'root',
+        'group' => 'ceilometer',
+        'mode'  => '0640',
       ) }
 
       it { 'configures event_pipeline with the default notifier'
@@ -179,6 +182,9 @@ describe 'ceilometer::agent::notification' do
 
       it { is_expected.to contain_file('pipeline').with(
         'path' => '/etc/ceilometer/pipeline.yaml',
+        'mode'  => '0640',
+        'owner' => 'root',
+        'group' => 'ceilometer',
       ) }
     end