Fixes #38567 - Support setting the DHCP key algorithm

ekohl · ekohl · commit cb98f409f778 · 2025-07-14T10:55:53.000+02:00
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -165,6 +165,8 @@
 #
 # $dhcp_key_secret::            DHCP password
 #
+# $dhcp_key_algorithm::         DHCP key algorithm
+#
 # $dhcp_omapi_port::            DHCP server OMAPI port
 #
 # $dhcp_node_type::             DHCP node type
@@ -365,6 +367,7 @@
   Stdlib::Absolutepath $dhcp_leases = $foreman_proxy::params::dhcp_leases,
   Optional[String] $dhcp_key_name = undef,
   Optional[String] $dhcp_key_secret = undef,
+  Optional[String] $dhcp_key_algorithm = undef,
   Stdlib::Port $dhcp_omapi_port = 7911,
   Optional[String] $dhcp_peer_address = undef,
   Enum['standalone', 'primary', 'secondary'] $dhcp_node_type = 'standalone',
diff --git a/manifests/proxydhcp.pp b/manifests/proxydhcp.pp
@@ -63,15 +63,16 @@
   }
 
   class { 'dhcp':
-    dnsdomain     => $foreman_proxy::dhcp_option_domain,
-    nameservers   => $nameservers,
-    interfaces    => [$foreman_proxy::dhcp_interface] + $foreman_proxy::dhcp_additional_interfaces,
-    pxeserver     => $ip,
-    pxefilename   => $foreman_proxy::dhcp_pxefilename,
-    ipxe_filename => $_dhcp_ipxefilename,
-    omapi_name    => $foreman_proxy::dhcp_key_name,
-    omapi_key     => $foreman_proxy::dhcp_key_secret,
-    conf_dir_mode => $conf_dir_mode,
+    dnsdomain       => $foreman_proxy::dhcp_option_domain,
+    nameservers     => $nameservers,
+    interfaces      => [$foreman_proxy::dhcp_interface] + $foreman_proxy::dhcp_additional_interfaces,
+    pxeserver       => $ip,
+    pxefilename     => $foreman_proxy::dhcp_pxefilename,
+    ipxe_filename   => $_dhcp_ipxefilename,
+    omapi_name      => $foreman_proxy::dhcp_key_name,
+    omapi_key       => $foreman_proxy::dhcp_key_secret,
+    omapi_algorithm => $foreman_proxy::dhcp_key_algorithm,
+    conf_dir_mode   => $conf_dir_mode,
   }
 
   dhcp::pool { $facts['networking']['domain']:
diff --git a/spec/classes/foreman_proxy__proxydhcp__spec.rb b/spec/classes/foreman_proxy__proxydhcp__spec.rb
@@ -19,6 +19,15 @@
         }
       end
 
+      let(:etc_dir) do
+        case facts[:os]['family']
+        when 'FreeBSD', 'DragonFly'
+          '/usr/local/etc'
+        else
+          '/etc'
+        end
+      end
+
       context "on physical interface" do
         let :facts do
           override_facts(super(), networking: {
@@ -145,6 +154,46 @@
               .with_address('192.0.2.10')
           end
         end
+
+        context 'with TSIG' do
+          let(:params) do
+            super().merge(
+              dhcp_key_name: 'my_key',
+              dhcp_key_secret: 'dontlook',
+            )
+          end
+
+          it { should compile.with_all_deps }
+          it do
+            is_expected.to contain_file("#{etc_dir}/foreman-proxy/settings.d/dhcp_isc.yml")
+              .with_content(/^:key_name: my_key$/)
+              .with_content(/^:key_secret: dontlook$/)
+              .without_content(/^:key_algorithm:/)
+          end
+          it do
+            is_expected.to contain_class('dhcp')
+              .with_omapi_name('my_key')
+              .with_omapi_key('dontlook')
+          end
+
+          context 'with key algorithm specified' do
+            let(:params) { super().merge(dhcp_key_algorithm: 'HMAC-SHA512') }
+
+            it { should compile.with_all_deps }
+            it do
+              is_expected.to contain_file("#{etc_dir}/foreman-proxy/settings.d/dhcp_isc.yml")
+                .with_content(/^:key_name: my_key$/)
+                .with_content(/^:key_secret: dontlook$/)
+                .with_content(/^:key_algorithm: HMAC-SHA512/)
+            end
+            it do
+              is_expected.to contain_class('dhcp')
+                .with_omapi_name('my_key')
+                .with_omapi_key('dontlook')
+                .with_omapi_algorithm('HMAC-SHA512')
+            end
+          end
+        end
       end
 
       context "on vlan interface" do
diff --git a/templates/dhcp_isc.yml.erb b/templates/dhcp_isc.yml.erb
@@ -20,9 +20,15 @@
      [nil, :undefined, :undef, ''].include?(scope.lookupvar("foreman_proxy::dhcp_key_secret")) -%>
 :key_name: <%= scope.lookupvar("foreman_proxy::dhcp_key_name") %>
 :key_secret: <%= scope.lookupvar("foreman_proxy::dhcp_key_secret") %>
+<% unless [nil, :undefined, :undef, ''].include?(scope.lookupvar("foreman_proxy::dhcp_key_algorithm")) -%>
+:key_algorithm: <%= scope.lookupvar("foreman_proxy::dhcp_key_algorithm") %>
+<% else -%>
+#:key_algorithm: HMAC-MD5
+<% end -%>
 <% else -%>
 #:key_name: secret_key_name
 #:key_secret: secret_key
+#:key_algorithm: HMAC-MD5
 <% end -%>
 
 :omapi_port: <%= scope.lookupvar("foreman_proxy::dhcp_omapi_port") %>

Original file line number	Diff line number	Diff line change
`@@ -165,6 +165,8 @@`
`165`	`165`	`#`
`166`	`166`	`# $dhcp_key_secret:: DHCP password`
`167`	`167`	`#`
	`168`	`+# $dhcp_key_algorithm:: DHCP key algorithm`
	`169`	`+#`
`168`	`170`	`# $dhcp_omapi_port:: DHCP server OMAPI port`
`169`	`171`	`#`
`170`	`172`	`# $dhcp_node_type:: DHCP node type`
`@@ -365,6 +367,7 @@`
`365`	`367`	`Stdlib::Absolutepath $dhcp_leases = $foreman_proxy::params::dhcp_leases,`
`366`	`368`	`Optional[String] $dhcp_key_name = undef,`
`367`	`369`	`Optional[String] $dhcp_key_secret = undef,`
	`370`	`+ Optional[String] $dhcp_key_algorithm = undef,`
`368`	`371`	`Stdlib::Port $dhcp_omapi_port = 7911,`
`369`	`372`	`Optional[String] $dhcp_peer_address = undef,`
`370`	`373`	`Enum['standalone', 'primary', 'secondary'] $dhcp_node_type = 'standalone',`