New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl_dhparam resource does not set the specified mode if the file already exists #8099

Open
anewb opened this Issue Jan 6, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@anewb
Copy link

anewb commented Jan 6, 2019

Description

The openssl_dhparam resource does not honor the specified mode if the file already exists.

Chef Version

Chef Client, version 14.8.12

Platform Version

Ubuntu 18.04.1 LTS

Replication Case

Create a recipe with

openssl_dhparam '/etc/ssl/certs/dhparam.pem' do
end

and let chef-client run once.

Then change recipe to

openssl_dhparam '/etc/ssl/certs/dhparam.pem' do
  mode '0600'
end

Chef-client will not change the mode of the file on a subsequent run. I would expect if the mode is specified, it should be set according to specification.
To achieve this, the file ressource should be executed in every case, not just if there is no valid dhparam.pem file. Should be a trivial fix.

Client Output

* openssl_dhparam[/etc/ssl/certs/dhparam.pem] action create (up to date)

@dheerajd-msys

This comment has been minimized.

Copy link
Contributor

dheerajd-msys commented Jan 8, 2019

@anewb, Thank you for pointing this issue. We have got it reproduced and will be working on to fix it soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment