From 3fe774f7a51c1cda3c434c020ad8af9e0a3255e3 Mon Sep 17 00:00:00 2001
From: Joshua Hoblitt <jhoblitt@cpan.org>
Date: Tue, 5 May 2015 17:49:05 -0700
Subject: [PATCH] set user on exec resources in jenkins::plugin define

As $plugin_dir has its ownership management, it should always be safe to run the exec resources in this define as the same user.  This eliminates superfluous file permission change notifications from the log output.  E.g.,

    ==> master: Notice: /Stage[main]/Main/Jenkins::Plugin[mailer]/File[/var/lib/jenkins/plugins/mailer.hpi]/owner: owner changed 'root' to 'jenkins'
---
 manifests/plugin.pp                 |  2 ++
 spec/defines/jenkins_plugin_spec.rb | 32 +++++++++++++++++++++--------
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/manifests/plugin.pp b/manifests/plugin.pp
index 3232f4fc6..c33821892 100644
--- a/manifests/plugin.pp
+++ b/manifests/plugin.pp
@@ -139,6 +139,7 @@
       path    => ['/usr/bin', '/usr/sbin', '/bin'],
       onlyif  => "test -f ${plugin_dir}/${name}.jpi -a ! -f ${plugin_dir}/${name}.jpi.pinned",
       before  => Exec["download-${name}"],
+      user    => $username,
     }
 
     # if $source is specified, it overrides any other URL construction
@@ -152,6 +153,7 @@
       cwd     => $plugin_dir,
       require => [File[$plugin_dir], Package['wget']],
       path    => ['/usr/bin', '/usr/sbin', '/bin'],
+      user    => $username,
     }
 
     file { "${plugin_dir}/${plugin}" :
diff --git a/spec/defines/jenkins_plugin_spec.rb b/spec/defines/jenkins_plugin_spec.rb
index c8d083dcd..22369efb9 100644
--- a/spec/defines/jenkins_plugin_spec.rb
+++ b/spec/defines/jenkins_plugin_spec.rb
@@ -24,20 +24,26 @@
 
 
   describe 'without version' do
-    it { should contain_exec('download-myplug').with(
-      :command      => 'rm -rf myplug myplug.hpi myplug.jpi && wget --no-check-certificate http://updates.jenkins-ci.org/latest/myplug.hpi',
-      :environment  => nil
-    )}
+    it do
+      should contain_exec('download-myplug').with(
+        :command     => 'rm -rf myplug myplug.hpi myplug.jpi && wget --no-check-certificate http://updates.jenkins-ci.org/latest/myplug.hpi',
+        :user        => 'jenkins',
+        :environment => nil
+      )
+    end
     it { should contain_file('/var/lib/jenkins/plugins/myplug.hpi')}
   end
 
   describe 'with version' do
     let(:params) { { :version => '1.2.3' } }
 
-    it { should contain_exec('download-myplug').with(
-      :command      => 'rm -rf myplug myplug.hpi myplug.jpi && wget --no-check-certificate http://updates.jenkins-ci.org/download/plugins/myplug/1.2.3/myplug.hpi',
-      :environment  => nil
-    ) }
+    it do
+      should contain_exec('download-myplug').with(
+        :command     => 'rm -rf myplug myplug.hpi myplug.jpi && wget --no-check-certificate http://updates.jenkins-ci.org/download/plugins/myplug/1.2.3/myplug.hpi',
+        :user        => 'jenkins',
+        :environment => nil
+      )
+    end
     it { should contain_file('/var/lib/jenkins/plugins/myplug.hpi')}
   end
 
@@ -96,7 +102,14 @@
       'include jenkins'
     ]}
 
-    it { should contain_exec('download-myplug').with(:environment => ["http_proxy=proxy.company.com:8080", "https_proxy=proxy.company.com:8080"]) }
+    it do
+      should contain_exec('download-myplug').with(
+        :environment => [
+          "http_proxy=proxy.company.com:8080",
+          "https_proxy=proxy.company.com:8080",
+        ]
+      )
+    end
   end
 
   describe 'with a custom update center' do
@@ -168,6 +181,7 @@
       it 'should download from $source url' do
          should contain_exec('download-myplug').with(
           :command     => 'rm -rf myplug myplug.hpi myplug.jpi && wget --no-check-certificate http://e.org/myplug.hpi',
+          :user        => 'jenkins',
           :cwd         => '/var/lib/jenkins/plugins',
           :environment => nil,
           :path        => ['/usr/bin', '/usr/sbin', '/bin'],