add possibility to manage permissions for x509_request

Author: trefzer

lib/puppet/provider/x509_request/openssl.rb

@@ -1,7 +1,11 @@
 # frozen_string_literal: true
 
 require 'pathname'
-Puppet::Type.type(:x509_request).provide(:openssl) do
+require File.join(File.dirname(__FILE__), '..', '..', '..', 'puppet/provider/openssl')
+Puppet::Type.type(:x509_request).provide(
+  :openssl,
+  parent: Puppet::Provider::Openssl,
+) do
   desc 'Manages certificate signing requests with OpenSSL'
 
   commands openssl: 'openssl'
@@ -45,6 +49,8 @@ def create
     # openssl(options) doesn't work because it's impossible to pass an env
     # https://github.com/puppetlabs/puppet/issues/9493
     execute([command('openssl')] + options, { failonfail: true, combine: true, custom_environment: env })
+
+    set_file_perm(resource[:path], resource[:owner], resource[:group], resource[:mode])
   end
 
   def destroy

lib/puppet/type/x509_request.rb

@@ -54,6 +54,33 @@
     defaultto true
   end
 
+  newproperty(:owner) do
+    desc 'owner of the file'
+    validate do |value|
+      unless value =~ %r{^\w+}
+        raise ArgumentError, '%s is not a valid user name' % value
+      end
+    end
+  end
+
+  newproperty(:group) do
+    desc 'group of the file'
+    validate do |value|
+      unless value =~ %r{^\w+}
+        raise ArgumentError, '%s is not a valid group name' % value
+      end
+    end
+  end
+
+  newproperty(:mode) do
+    desc 'mode of the file'
+    validate do |value|
+      unless value =~ %r{^0\d\d\d$}
+        raise ArgumentError, '%s is not a valid file mode' % value
+      end
+    end
+  end
+
   autorequire(:x509_cert) do
     path = Pathname.new(self[:private_key])
     "#{path.dirname}/#{path.basename(path.extname)}"

spec/unit/puppet/type/x509_request_spec.rb

@@ -53,4 +53,19 @@
       resource[:force] = :foo
     end.to raise_error(Puppet::Error, %r{Invalid value :foo})
   end
+
+  it 'accepts mode' do
+    resource[:mode] = '0700'
+    expect(resource[:mode]).to eq('0700')
+  end
+
+  it 'accepts owner' do
+    resource[:owner] = 'someone'
+    expect(resource[:owner]).to eq('someone')
+  end
+
+  it 'accepts group' do
+    resource[:group] = 'party'
+    expect(resource[:group]).to eq('party')
+  end
 end