Merge pull request #127 from alexjfisher/eyaml_keys

Add new eyaml_pkcs7_public/private_key params
voxpupuli · May 2, 2016 · 6c16819 · 6c16819
2 parents 9a3b22c + 66405ef
commit 6c16819
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 39 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -40,45 +40,47 @@
 # Copyright (C) 2016 Vox Pupuli, unless otherwise noted.
 #
 class hiera (
-  $hierarchy            = $::hiera::params::hierarchy,
-  $backends             = ['yaml'],
-  $hiera_yaml           = $::hiera::params::hiera_yaml,
-  $create_symlink       = true,
-  $datadir              = $::hiera::params::datadir,
-  $datadir_manage       = true,
-  $owner                = $::hiera::params::owner,
-  $group                = $::hiera::params::group,
-  $provider             = $::hiera::params::provider,
-  $eyaml                = false,
-  $eyaml_name           = 'hiera-eyaml',
-  $eyaml_version        = undef,
-  $eyaml_source         = undef,
-  $eyaml_datadir        = undef,
-  $eyaml_extension      = undef,
-  $confdir              = $::hiera::params::confdir,
-  $puppet_conf_manage   = true,
-  $logger               = 'console',
-  $cmdpath              = $::hiera::params::cmdpath,
-  $create_keys          = true,
-  $keysdir              = undef,
-  $deep_merge_name      = 'deep_merge',
-  $deep_merge_version   = undef,
-  $deep_merge_source    = undef,
-  $deep_merge_options   = {},
-  $merge_behavior       = undef,
-  $extra_config         = '',
-  $master_service       = $::hiera::params::master_service,
-  $manage_package       = $::hiera::params::manage_package,
-  $package_name         = $::hiera::params::package_name,
-  $package_ensure       = $::hiera::params::package_ensure,
-  $eyaml_gpg_name       = 'hiera-eyaml-gpg',
-  $eyaml_gpg_version    = undef,
-  $eyaml_gpg_source     = undef,
-  $eyaml_gpg            = false,
-  $eyaml_gpg_recipients = undef,
+  $hierarchy               = $::hiera::params::hierarchy,
+  $backends                = ['yaml'],
+  $hiera_yaml              = $::hiera::params::hiera_yaml,
+  $create_symlink          = true,
+  $datadir                 = $::hiera::params::datadir,
+  $datadir_manage          = true,
+  $owner                   = $::hiera::params::owner,
+  $group                   = $::hiera::params::group,
+  $provider                = $::hiera::params::provider,
+  $eyaml                   = false,
+  $eyaml_name              = 'hiera-eyaml',
+  $eyaml_version           = undef,
+  $eyaml_source            = undef,
+  $eyaml_datadir           = undef,
+  $eyaml_extension         = undef,
+  $confdir                 = $::hiera::params::confdir,
+  $puppet_conf_manage      = true,
+  $logger                  = 'console',
+  $cmdpath                 = $::hiera::params::cmdpath,
+  $create_keys             = true,
+  $keysdir                 = undef,
+  $deep_merge_name         = 'deep_merge',
+  $deep_merge_version      = undef,
+  $deep_merge_source       = undef,
+  $deep_merge_options      = {},
+  $merge_behavior          = undef,
+  $extra_config            = '',
+  $master_service          = $::hiera::params::master_service,
+  $manage_package          = $::hiera::params::manage_package,
+  $package_name            = $::hiera::params::package_name,
+  $package_ensure          = $::hiera::params::package_ensure,
+  $eyaml_gpg_name          = 'hiera-eyaml-gpg',
+  $eyaml_gpg_version       = undef,
+  $eyaml_gpg_source        = undef,
+  $eyaml_gpg               = false,
+  $eyaml_gpg_recipients    = undef,
+  $eyaml_pkcs7_private_key = undef,
+  $eyaml_pkcs7_public_key  = undef,
 
   #Deprecated
-  $gem_source         = undef,
+  $gem_source              = undef,
 ) inherits ::hiera::params {
 
   if $keysdir {
@@ -87,6 +89,18 @@
     $_keysdir = "${confdir}/keys"
   }
 
+  if $eyaml_pkcs7_private_key {
+    $_eyaml_pkcs7_private_key = $eyaml_pkcs7_private_key
+  } else {
+    $_eyaml_pkcs7_private_key = "${_keysdir}/private_key.pkcs7.pem"
+  }
+
+  if $eyaml_pkcs7_public_key {
+    $_eyaml_pkcs7_public_key = $eyaml_pkcs7_public_key
+  } else {
+    $_eyaml_pkcs7_public_key = "${_keysdir}/public_key.pkcs7.pem"
+  }
+
   if $eyaml_source {
     $_eyaml_source = $eyaml_source
   } else {

diff --git a/spec/classes/hiera_spec.rb b/spec/classes/hiera_spec.rb
@@ -23,6 +23,61 @@
         it { should contain_class('hiera::deep_merge') }
         it { should contain_package('hiera') }
       end
+      describe 'hiera.yaml template' do
+        context 'when eyaml = false' do
+          it 'should not contain :eyaml: section' do
+            content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+            expect(content).not_to include(':eyaml:')
+          end
+          it do
+            content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+            expect(content).not_to include('pkcs7_private_key')
+          end
+          it do
+            content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+            expect(content).not_to include('pkcs7_public_key')
+          end
+        end
+        context 'when eyaml = true' do
+          let(:params) { { eyaml: true } }
+          it 'should contain an :eyaml: section' do
+            content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+            expect(content).to include(':eyaml:')
+          end
+          context 'when eyaml_pkcs7_private_key not set (default)' do
+            it do
+              content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+              expect(content).to match(%r{:pkcs7_private_key: /etc/puppet/keys/private_key\.pkcs7\.pem})
+            end
+          end
+          context 'when eyaml_pkcs7_private_key set' do
+            let(:params) { {
+              eyaml:                   true,
+              eyaml_pkcs7_private_key: '/path/to/private.key'
+            } }
+            it 'should use the provided private key path' do
+              content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+              expect(content).to match(%r{:pkcs7_private_key: /path/to/private\.key})
+            end
+          end
+          context 'when eyaml_pkcs7_public_key not set (default)' do
+            it do
+              content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+              expect(content).to match(%r{:pkcs7_public_key:  /etc/puppet/keys/public_key\.pkcs7\.pem})
+            end
+          end
+          context 'when eyaml_pkcs7_public_key set' do
+            let(:params) { {
+              eyaml:                  true,
+              eyaml_pkcs7_public_key: '/path/to/public.key'
+            } }
+            it 'should use the provided public key path' do
+              content = catalogue.resource('file', '/etc/puppet/hiera.yaml').send(:parameters)[:content]
+              expect(content).to match(%r{:pkcs7_public_key:  /path/to/public\.key})
+            end
+          end
+        end
+      end
     end
     context 'pe puppet 3' do
       let(:facts) do

diff --git a/templates/hiera.yaml.erb b/templates/hiera.yaml.erb
@@ -21,8 +21,8 @@ end -%>
 <% if @eyaml_extension -%>
   :extension: <%= @eyaml_extension %>
 <% end -%>
-  :pkcs7_private_key: <%= @_keysdir %>/private_key.pkcs7.pem
-  :pkcs7_public_key:  <%= @_keysdir %>/public_key.pkcs7.pem
+  :pkcs7_private_key: <%= @_eyaml_pkcs7_private_key %>
+  :pkcs7_public_key:  <%= @_eyaml_pkcs7_public_key %>
 <% end -%>
 <% if @eyaml_gpg -%>
   :encrypt_method: "gpg"