From 28265e655b1afb6415bb44e65f2585bf314c5b52 Mon Sep 17 00:00:00 2001
From: Demian <thde@users.noreply.github.com>
Date: Wed, 19 Jun 2019 13:58:10 +0200
Subject: [PATCH] Fix #239 local_user permission denied (#497)

* fix local user permission denied

* fix offenses

* fix specs
---
 lib/facter/docker.rb          | 12 ++++++++++++
 manifests/registry.pp         |  7 +++++--
 spec/defines/registry_spec.rb |  3 +++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/facter/docker.rb b/lib/facter/docker.rb
index b7cb379b..bdbe15ca 100644
--- a/lib/facter/docker.rb
+++ b/lib/facter/docker.rb
@@ -2,6 +2,7 @@
 
 require 'facter'
 require 'json'
+require 'etc'
 
 Facter.add(:docker_systemroot) do
   confine osfamily: :windows
@@ -31,6 +32,17 @@
   end
 end
 
+Facter.add(:docker_home_dirs) do
+  confine kernel: 'Linux'
+  setcode do
+    home_dirs = {}
+    Etc.passwd do |user|
+      home_dirs[user.name] = user.dir
+    end
+    home_dirs
+  end
+end
+
 docker_command = if Facter.value(:kernel) == 'windows'
                    'powershell -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -c docker'
                  else
diff --git a/manifests/registry.pp b/manifests/registry.pp
index b51052dc..21c40b91 100644
--- a/manifests/registry.pp
+++ b/manifests/registry.pp
@@ -61,6 +61,7 @@
     $exec_provider = undef
     $password_env = "\${password}"
     $exec_user = $local_user
+    $local_user_home = $facts['docker_home_dirs'][$local_user]
   }
 
   if $ensure == 'present' {
@@ -103,11 +104,13 @@
         Undef   => pw_hash($docker_auth, 'SHA-512', $local_user_strip),
         default => $pass_hash
       }
-      $_auth_command = "${auth_cmd} || rm -f \"/root/registry-auth-puppet_receipt_${server_strip}_${local_user}\""
+      $_auth_command = "${auth_cmd} || rm -f \"/${local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}\""
 
-      file { "/root/registry-auth-puppet_receipt_${server_strip}_${local_user}":
+      file { "/${local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}":
         ensure  => $ensure,
         content => $_pass_hash,
+        owner   => $local_user,
+        group   => $local_user,
         notify  => Exec["${title} auth"],
       }
     } else {
diff --git a/spec/defines/registry_spec.rb b/spec/defines/registry_spec.rb
index 420702d9..ffb71705 100644
--- a/spec/defines/registry_spec.rb
+++ b/spec/defines/registry_spec.rb
@@ -10,6 +10,9 @@
       lsbdistcodename: 'jessie',
       kernelrelease: '3.2.0-4-amd64',
       operatingsystemmajrelease: '8',
+      docker_home_dirs: {
+        root: '/root',
+      },
     }
   end
   let(:params) { { 'version' => '17.06', 'pass_hash' => 'test1234', 'receipt' => false } }