add possibility to manage permissions for dhparam

Author: trefzer

lib/puppet/provider/dhparam/openssl.rb

@@ -1,7 +1,12 @@
 # frozen_string_literal: true
 
 require 'pathname'
-Puppet::Type.type(:dhparam).provide(:openssl) do
+require File.join(File.dirname(__FILE__), '..', '..', '..', 'puppet/provider/openssl')
+
+Puppet::Type.type(:dhparam).provide(
+  :openssl,
+  parent: Puppet::Provider::Openssl,
+) do
   desc 'Manages dhparam files with OpenSSL'
 
   commands openssl: 'openssl'
@@ -19,6 +24,7 @@ def create
     options.insert(1, '-dsaparam') if resource[:fastmode]
 
     openssl options
+    set_file_perm(resource[:path], resource[:owner], resource[:group], resource[:mode])
   end
 
   def destroy

lib/puppet/type/dhparam.rb

@@ -35,4 +35,31 @@
   autorequire(:file) do
     Pathname.new(self[:path]).parent.to_s
   end
+
+  newproperty(:owner) do
+    desc 'owner of the file'
+    validate do |value|
+      unless value =~ %r{^\w+}
+        raise ArgumentError, '%s is not a valid user name' % value
+      end
+    end
+  end
+
+  newproperty(:group) do
+    desc 'group of the file'
+    validate do |value|
+      unless value =~ %r{^\w+}
+        raise ArgumentError, '%s is not a valid group name' % value
+      end
+    end
+  end
+
+  newproperty(:mode) do
+    desc 'mode of the file'
+    validate do |value|
+      unless value =~ %r{^0\d\d\d$}
+        raise ArgumentError, '%s is not a valid file mode' % value
+      end
+    end
+  end
 end

spec/unit/puppet/type/dhparam_spec.rb

@@ -38,4 +38,20 @@
       resource[:size] = 1.5
     end.to raise_error(Puppet::Error, %r{Size must be a positive integer: 1.5})
   end
+
+  it 'accepts mode' do
+    resource[:mode] = '0700'
+    expect(resource[:mode]).to eq('0700')
+  end
+
+  it 'accepts owner' do
+    resource[:owner] = 'someone'
+    expect(resource[:owner]).to eq('someone')
+  end
+
+  it 'accepts group' do
+    resource[:group] = 'party'
+    expect(resource[:group]).to eq('party')
+  end
+
 end