Move client_certname to [main]

This is needed to ensure all Puppet subcommands can properly use it.

manifests/agent/config.pp

@@ -31,11 +31,6 @@
       'postrun_command': value => $::puppet::postrun_command;
     }
   }
-  if $::puppet::client_certname {
-    puppet::config::agent {
-      'certname':        value => $::puppet::client_certname;
-    }
-  }
 
   $::puppet::agent_additional_settings.each |$key,$value| {
     puppet::config::agent { $key: value => $value }

manifests/config.pp

@@ -17,6 +17,7 @@
   $srv_domain          = $::puppet::srv_domain,
   $use_srv_records     = $::puppet::use_srv_records,
   $additional_settings = $::puppet::additional_settings,
+  $client_certname     = $::puppet::client_certname,
 ) {
   puppet::config::main{
     'vardir': value => $::puppet::vardir;
@@ -63,6 +64,11 @@
   if $syslogfacility and !empty($syslogfacility) {
     puppet::config::main{'syslogfacility': value => $syslogfacility; }
   }
+  if $client_certname {
+    puppet::config::main {
+      'certname': value => $client_certname;
+    }
+  }
 
   $additional_settings.each |$key,$value| {
     puppet::config::main { $key: value => $value }

spec/classes/puppet_agent_spec.rb

@@ -31,8 +31,6 @@
 
       let :facts do
         facts.deep_merge(
-          # rspec-puppet(-facts) doesn't mock this
-          clientcert: 'client.example.com',
           # Cron/systemd timers are based on the IP - make it consistent
           networking: { ip: '192.0.2.100' }
         )
@@ -73,7 +71,6 @@
         it { is_expected.to contain_file(confdir).with_ensure('directory') }
         it { is_expected.to contain_concat("#{confdir}/puppet.conf") }
         it { is_expected.to contain_concat__fragment('puppet.conf_agent').with_content(/^\[agent\]/) }
-        it { is_expected.to contain_puppet__config__agent('certname').with_value(facts[:clientcert]) }
         it { is_expected.to contain_puppet__config__agent('report').with_value('true') }
         it { is_expected.not_to contain_puppet__config__agent('prerun_command') }
         it { is_expected.not_to contain_puppet__config__agent('postrun_command') }
@@ -351,14 +348,6 @@
         it { should_not contain_file('/var/lib/puppet/state/agent_disabled.lock') }
       end
 
-      context 'with client_certname => false' do
-        let :params do
-          super().merge(client_certname: false)
-        end
-
-        it { is_expected.not_to contain_puppet__config__agent('certname') }
-      end
-
       context 'with report => false' do
         let :params do
           super().merge(report: false)

spec/classes/puppet_config_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'deep_merge'
 
 describe 'puppet' do
   on_os_under_test.each do |os, facts|
@@ -132,6 +133,36 @@
         end
       end
 
+      describe 'client_certname' do
+        context 'with client_certname => $::clientcert' do
+          let :facts do
+            # rspec-puppet(-facts) doesn't mock this
+            facts.deep_merge(clientcert: 'client.example.com')
+          end
+          let :params do
+            super().merge(client_certname: facts[:clientcert])
+          end
+
+          it { is_expected.to contain_puppet__config__main('certname').with_value(facts[:clientcert]) }
+        end
+
+        context 'with client_certname => "foobar"' do
+          let :params do
+            super().merge(client_certname: 'foobar')
+          end
+
+          it { is_expected.to contain_puppet__config__main('certname').with_value('foobar') }
+        end
+
+        context 'with client_certname => false' do
+          let :params do
+            super().merge(client_certname: false)
+          end
+
+          it { is_expected.not_to contain_puppet__config__main('certname') }
+        end
+      end
+
       context 'puppetmaster' do
         describe "when puppetmaster => 'mymaster.example.com'" do
           let :params do