Fixes #30292: Set ownership on SSL key

Author: ehelms

manifests/config.pp

@@ -137,4 +137,12 @@
       }
     }
   }
+
+  if !$foreman_proxy::manage_puppet_group and $foreman_proxy::ssl {
+    file { $foreman_proxy::ssl_key:
+      group  => $foreman_proxy::user,
+      mode   => '0640',
+      before => Service['foreman-proxy'],
+    }
+  }
 }

manifests/params.pp

@@ -17,6 +17,7 @@
       $etc   = '/etc'
       $shell = '/bin/false'
       $user  = pick($foreman_proxy::globals::user, 'foreman-proxy')
+      $group = pick($foreman_proxy::globals::group, 'foreman-proxy')
 
       $dhcp_config = '/etc/dhcp/dhcpd.conf'
       $dhcp_leases = '/var/lib/dhcpd/dhcpd.leases'

spec/classes/foreman_proxy__spec.rb

@@ -385,6 +385,15 @@
         end
       end
 
+      context 'when not managing puppet group' do
+        it "should manage ssl_key" do
+          should contain_file("/etc/puppetlabs/puppet/ssl/private_keys/#{facts['networking']['fqdn']}")
+            .with_mode('0640')
+            .with_group('foreman-proxy')
+            .with_before('Service["foreman-proxy"]')
+        end
+      end
+
       context 'with custom foreman_ssl params' do
         let :params do
           super().merge(