From a7ef7cea6d93c8dfbcbb458d791eb879859e7473 Mon Sep 17 00:00:00 2001
From: Joris Dedieu <joris.dedieu@gmail.com>
Date: Mon, 26 Aug 2024 10:58:28 +0200
Subject: [PATCH] Normalization of cron files decaration

Currently on debian manage_cron_permissions breaks users crontab. 
This patch allow puppet code to override this feature the same way
it's done for other ressources.


---
 manifests/minimize_access.pp | 44 +++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/manifests/minimize_access.pp b/manifests/minimize_access.pp
index 445f353..984dc84 100644
--- a/manifests/minimize_access.pp
+++ b/manifests/minimize_access.pp
@@ -244,29 +244,37 @@ class os_hardening::minimize_access (
     })
 
     # ensure cron.deny and at.deny is absent
-    file { '/etc/cron.deny':
-      ensure => absent,
-    }
+    ensure_resources ('file',
+      { '/etc/cron.deny' => {
+          ensure => absent,
+        }
+    })
 
-    file { '/etc/at.deny':
-      ensure       => absent,
-    }
+    ensure_resources ('file',
+      { '/etc/at.deny' => {
+          ensure => absent,
+        }
+    })
 
     # ensure cron.allow is there
-    file { '/etc/cron.allow':
-      ensure => file,
-      owner  => 'root',
-      group  => 'root',
-      mode   => 'og-rwx',
-    }
+    ensure_resources ('file',
+      { '/etc/cron.allow' => {
+          ensure => file,
+          owner  => 'root',
+          group  => 'root',
+          mode   => 'og-rwx',
+        }
+    })
 
     # ensure at.allow is there
-    file { '/etc/at.allow':
-      ensure => file,
-      owner  => 'root',
-      group  => 'root',
-      mode   => 'og-rwx',
-    }
+    ensure_resources ('file',
+      { '/etc/at.allow' => {
+          ensure => file,
+          owner  => 'root',
+          group  => 'root',
+          mode   => 'og-rwx',
+        }
+    })
   }
 
   # shadow must only be accessible to user root
-- 
2.43.2