From 2ca50984b19e73f42410a5e5a250952f65120467 Mon Sep 17 00:00:00 2001
From: Francesco Di Nucci <d1nuc0m@protonmail.com>
Date: Tue, 18 Feb 2025 10:49:05 +0100
Subject: [PATCH] feat: add owner and group params for clouds.yaml

* Add file_user and file_group parameters for clouds.yaml, to allow
  CLI usage for non root/sudoers users
* Lint clouds.pp with Puppet VSCode

Change-Id: I5cf20e496d36d702f9726b1694a09362fad50bbe
---
 manifests/clouds.pp                           | 18 +++++++++++-----
 ...uds-yaml-owner-group-4e7b2d4e7028cfef.yaml |  5 +++++
 spec/defines/openstacklib_clouds_spec.rb      | 21 +++++++++++++++++++
 3 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100644 releasenotes/notes/clouds-yaml-owner-group-4e7b2d4e7028cfef.yaml

diff --git a/manifests/clouds.pp b/manifests/clouds.pp
index 44493006..7aee9461 100644
--- a/manifests/clouds.pp
+++ b/manifests/clouds.pp
@@ -47,7 +47,15 @@
 #   Example: { 'identity' => '3', 'compute' => '2.latest' }
 #   Defaults to {}
 #
-define openstacklib::clouds(
+# [*file_user*]
+#   (Optional) User that owns the clouds.yaml file.
+#   Defaults to 'root'.
+#
+# [*file_group*]
+#   (Optional) Group that owns the clouds.yaml file.
+#   Defaults to 'root'.
+#
+define openstacklib::clouds (
   String[1] $username,
   String[1] $password,
   Stdlib::HTTPUrl $auth_url,
@@ -59,17 +67,17 @@ define openstacklib::clouds(
   Optional[Enum['public', 'internal', 'admin']] $interface = undef,
   Optional[String[1]] $region_name                         = undef,
   Hash $api_versions                                       = {},
+  String $file_user                                        = 'root',
+  String $file_group                                       = 'root',
 ) {
-
   if !$project_name and !$system_scope {
     fail('One of project_name and system_scope should be set')
   }
 
   file { $path:
-    ensure    => 'present',
     mode      => '0600',
-    owner     => 'root',
-    group     => 'root',
+    owner     => $file_user,
+    group     => $file_group,
     content   => template('openstacklib/clouds.yaml.erb'),
     show_diff => false,
   }
diff --git a/releasenotes/notes/clouds-yaml-owner-group-4e7b2d4e7028cfef.yaml b/releasenotes/notes/clouds-yaml-owner-group-4e7b2d4e7028cfef.yaml
new file mode 100644
index 00000000..ccba9432
--- /dev/null
+++ b/releasenotes/notes/clouds-yaml-owner-group-4e7b2d4e7028cfef.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add ``file_user`` and ``file_group`` parameters to ``openstacklib::clouds``
+    resource to manage ``clouds.yaml`` file owner and group.
\ No newline at end of file
diff --git a/spec/defines/openstacklib_clouds_spec.rb b/spec/defines/openstacklib_clouds_spec.rb
index 2e4da62e..21fe1ee1 100644
--- a/spec/defines/openstacklib_clouds_spec.rb
+++ b/spec/defines/openstacklib_clouds_spec.rb
@@ -24,6 +24,27 @@ describe 'openstacklib::clouds' do
         )
       end
     end
+
+    context 'with file owner/group' do
+      let :params do
+        {
+          :username     => 'admin',
+          :password     => 'secrete',
+          :auth_url     => 'http://127.0.0.1:5000/',
+          :project_name => 'demo',
+          :file_user    => 'foo',
+          :file_group   => 'bar',
+        }
+      end
+
+      it 'creates a clouds.yaml file with correct ownership' do
+        should contain_file('/etc/openstack/clouds.yaml').with(
+          :mode  => '0600',
+          :owner => 'foo',
+          :group => 'bar',
+        )
+      end
+    end
   end
 
   on_supported_os({