also chain private keys from puppet-certs correctly

evgeni · evgeni · commit 9319a59647b0 · 2022-05-05T10:59:21.000+02:00
the problem is that `ssl_key.pem` in a Katello deployment is a `private_key` from the `certs` module, and while that *does* define a `file` internally (https://github.com/theforeman/puppet-certs/blob/5ce5b4b9e8a13a7a630cc607ecfa5e48991a2aa9/lib/puppet/type/private_key.rb#L64) those are not available for matching of a collector. https://puppet.com/docs/puppet/6/lang_collectors.html: > Collectors can search only on attributes that are present in the manifests (the `file` resource is not in the manifest, the `private_key` is)
diff --git a/manifests/plugin/remote_execution/mosquitto.pp b/manifests/plugin/remote_execution/mosquitto.pp
@@ -97,4 +97,8 @@
   File <| title == $ssl_cert |> ~> File["${mosquitto_ssl_dir}/ssl_cert.pem"]
   File <| title == $ssl_key |> ~> File["${mosquitto_ssl_dir}/ssl_key.pem"]
   File <| title == $ssl_ca |> ~> File["${mosquitto_ssl_dir}/ssl_ca.pem"]
+
+  if defined('private_key') {
+    Private_key <| title == $ssl_key |> ~> File["${mosquitto_ssl_dir}/ssl_key.pem"]
+  }
 }
diff --git a/spec/classes/foreman_proxy__plugin__remote_execution__mosquitto_spec.rb b/spec/classes/foreman_proxy__plugin__remote_execution__mosquitto_spec.rb
@@ -99,9 +99,23 @@
         end
 
         it 'should notify mosquitto certs when source changes' do
-          should contain_file('/etc/foreman-proxy/ssl_cert.pem').with_notify(['File[/etc/mosquitto/ssl/ssl_cert.pem]'])
-          should contain_file('/etc/foreman-proxy/ssl_key.pem').with_notify(['File[/etc/mosquitto/ssl/ssl_key.pem]'])
-          should contain_file('/etc/foreman-proxy/ssl_ca.pem').with_notify(['File[/etc/mosquitto/ssl/ssl_ca.pem]'])
+          should contain_file('/etc/foreman-proxy/ssl_cert.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_cert.pem]')
+          should contain_file('/etc/foreman-proxy/ssl_key.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_key.pem]')
+          should contain_file('/etc/foreman-proxy/ssl_ca.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_ca.pem]')
+        end
+      end
+
+      describe 'with certs deployed by puppet as custom types' do
+        let(:pre_condition) do
+          <<-PUPPET
+          define private_key () { file { $name: ensure => file } }
+
+          private_key { '/etc/foreman-proxy/ssl_key.pem': }
+          PUPPET
+        end
+
+        it 'should notify mosquitto certs when source changes' do
+          should contain_private_key('/etc/foreman-proxy/ssl_key.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_key.pem]')
         end
       end
 

Original file line number	Diff line number	Diff line change
`@@ -97,4 +97,8 @@`
`97`	`97`	`File <\| title == $ssl_cert \|> ~> File["${mosquitto_ssl_dir}/ssl_cert.pem"]`
`98`	`98`	`File <\| title == $ssl_key \|> ~> File["${mosquitto_ssl_dir}/ssl_key.pem"]`
`99`	`99`	`File <\| title == $ssl_ca \|> ~> File["${mosquitto_ssl_dir}/ssl_ca.pem"]`
	`100`	`+`
	`101`	`+ if defined('private_key') {`
	`102`	`+ Private_key <\| title == $ssl_key \|> ~> File["${mosquitto_ssl_dir}/ssl_key.pem"]`
	`103`	`+ }`
`100`	`104`	`}`