Allow overriding hostprivkey (#962)

Update manifests/init.pp

Co-authored-by: Tim Meusel <[email protected]>

Author: reverson

manifests/config.pp

@@ -18,6 +18,7 @@
   $use_srv_records       = $puppet::use_srv_records,
   $additional_settings   = $puppet::additional_settings,
   $client_certname       = $puppet::client_certname,
+  $hostprivkey           = $puppet::hostprivkey,
   # lint:endignore
 ) {
   puppet::config::main {
@@ -26,7 +27,7 @@
     'rundir': value => $puppet::rundir;
     'ssldir': value => $puppet::ssldir;
     'privatekeydir': value => '$ssldir/private_keys { group = service }';
-    'hostprivkey': value => '$privatekeydir/$certname.pem { mode = 640 }';
+    'hostprivkey': value => $hostprivkey;
     'show_diff': value => $puppet::show_diff;
     'codedir': value => $puppet::codedir;
   }

manifests/init.pp

@@ -96,6 +96,8 @@
 # $certificate_revocation::                 Whether certificate revocation checking should be
 #                                           enabled, and what level of checking should be performed
 #
+# $hostprivkey::                            Override the hostprivkey setting in puppet.conf
+#
 # $dns_alt_names::                          Use additional DNS names when generating a
 #                                           certificate.  Defaults to an empty Array.
 #
@@ -629,6 +631,7 @@
   Optional[Variant[Boolean, Enum['chain', 'leaf']]] $certificate_revocation = $puppet::params::certificate_revocation,
   Optional[String] $prerun_command = $puppet::params::prerun_command,
   Optional[String] $postrun_command = $puppet::params::postrun_command,
+  String[1] $hostprivkey = $puppet::params::hostprivkey,
   Array[String] $dns_alt_names = $puppet::params::dns_alt_names,
   Boolean $use_srv_records = $puppet::params::use_srv_records,
   Optional[String] $srv_domain = $puppet::params::srv_domain,

manifests/params.pp

@@ -31,6 +31,7 @@
   $prerun_command      = undef
   $postrun_command     = undef
   $server_compile_mode = undef
+  $hostprivkey         = '$privatekeydir/$certname.pem { mode = 640 }'
   $dns_alt_names       = []
   $use_srv_records     = false
   $agent_default_schedules = false

spec/classes/puppet_config_spec.rb

@@ -163,6 +163,14 @@
         end
       end
 
+      describe 'with custom hostprivkey set' do
+        let :params do
+          super().merge(hostprivkey: '$privatekeydir/$certname.pem { mode = 660 }')
+        end
+
+        it { is_expected.to contain_puppet__config__main('hostprivkey').with_value('$privatekeydir/$certname.pem { mode = 660 }') }
+      end
+
       describe 'with additional settings' do
         let :params do
           super().merge(additional_settings: { disable_warnings: 'deprecations' })