add parameter ssl_key,ssl_cert, ssl_cacert to api feature

Lennart Betz · Lennart Betz · commit fc6b71da774f · 2016-09-26T22:29:03.000+02:00
diff --git a/manifests/feature/api.pp b/manifests/feature/api.pp
@@ -12,7 +12,7 @@
 #   'puppet' copies the key, cert and CAcert from the Puppet ssl directory to the pki directory
 #   /etc/icinga2/pki on Linux and C:/ProgramData/icinga2/etc/icinga2/pki on Windows.
 #   'none' does nothing and you either have to manage the files yourself as file resources
-#   or use the ssl_key, ssl_cert, ssl_ca parameters. Defaults to puppet.
+#   or use the ssl_key, ssl_cert, ssl_cacert parameters. Defaults to puppet.
 #
 # [*ssl_key_path*]
 #   Location of the private key. Default depends on platform:
@@ -26,22 +26,22 @@
 #   C:/ProgramData/icinga2/etc/icinga2/pki/NodeName.crt on Windows
 #   The Value of NodeName comes from the corresponding constant.
 #
-# [*ssl_ca_path*]
+# [*ssl_cacert_path*]
 #   Location of the CA certificate. Default is:
 #   /etc/icinga2/pki/ca.crt on Linux
 #   C:/ProgramData/icinga2/etc/icinga2/pki/ca.crt on Windows
 #
-# [*ssl_key*] NOT IMPLEMENTED
-#   The private key in a base64 encoded string to store in pki directory, file is named to the constants 'NodeName'
-#   with the suffix '.key'. For use 'pki' must set to 'none'. Defaults to undef.
+# [*ssl_key*]
+#   The private key in a base64 encoded string to store in pki directory, file is stored to
+#   path spicified in ssl_key_path. To affect this parameter pki has to set to 'none'.
 #
-# [*ssl_cert*] NOT IMPLEMENTED
-#   The certificate in a base64 encoded string to store in pki directory, file is named to the constants 'NodeName'
-#   with the suffix '.crt'. For use 'pki' must set to 'none'. Defaults to undef.
+# [*ssl_cert*]
+#   The certificate in a base64 encoded string to store in pki directory, file is  stored to
+#   path spicified in ssl_cert_path. To affect this parameter pki has to set to 'none'.
 #
-# [*ssl_ca*] NOT IMPLEMENTED
-#   The CA root certificate in a base64 encoded string to store in pki directory, file is named to 'ca.crt'.
-#   For use 'pki' must set to 'none'. Defaults to undef.
+# [*ssl_cacert*]
+#   The CA root certificate in a base64 encoded string to store in pki directory, file is stored
+#   to path spicified in ssl_cacert_path. To affect this parameter pki has to set to 'none'.
 #
 # [*accept_config*]
 #   Accept zone configuration. Defaults to false.
@@ -71,7 +71,7 @@
 # [*_ssl_cert_path*]
 #   Validated path to certificate file.
 #
-# [*_ssl_ca_path*]
+# [*_ssl_casert_path*]
 #   Validated path to root CA certificate file.
 #
 # === Examples
@@ -105,7 +105,7 @@
 #
 #   class { 'icinga2::feature::api':
 #     pki         => 'none',
-#     ssl_ca_cert => '-----BEGIN CERTIFICATE----- ...',
+#     ssl_cacert  => '-----BEGIN CERTIFICATE----- ...',
 #     ssl_key     => '-----BEGIN RSA PRIVATE KEY----- ...',
 #     ssl_cert    => '-----BEGIN CERTIFICATE----- ...',
 #   }
@@ -119,12 +119,15 @@
   $pki             = 'puppet',
   $ssl_key_path    = undef,
   $ssl_cert_path   = undef,
-  $ssl_ca_path     = undef,
+  $ssl_cacert_path = undef,
   $accept_config   = false,
   $accept_commands = false,
   $ticket_salt     = 'TicketSalt',
   $endpoints       = { 'NodeName' => {} },
   $zones           = { 'ZoneName' => { endpoints => [ 'NodeName' ] } },
+  $ssl_key         = undef,
+  $ssl_cert        = undef,
+  $ssl_cacert      = undef,
 ) {
 
   include ::icinga2::params
@@ -162,42 +165,83 @@
     $_ssl_cert_path = $ssl_cert_path }
   else {
     $_ssl_cert_path = "${pki_dir}/${node_name}.crt" }
-  if $ssl_ca_path {
-    validate_absolute_path($ssl_ca_path)
-    $_ssl_ca_path = $ssl_ca_path }
+  if $ssl_cacert_path {
+    validate_absolute_path($ssl_cacert_path)
+    $_ssl_cacert_path = $ssl_cacert_path }
   else {
-    $_ssl_ca_path = "${pki_dir}/ca.crt" }
+    $_ssl_cacert_path = "${pki_dir}/ca.crt" }
 
   # handle the certificate's stuff
-  if $pki == 'puppet' {
-    file { $_ssl_key_path:
-      ensure => file,
-      mode   => $::kernel ? {
-        'windows' => undef,
-        default   => '0600',
-      },
-      source => $::settings::hostprivkey,
-      tag    => 'icinga2::config::file',
-    }
-
-    file { $_ssl_cert_path:
-      ensure => file,
-      source => $::settings::hostcert,
-      tag    => 'icinga2::config::file',
-    }
-
-    file { $_ssl_ca_path:
-      ensure => file,
-      source => $::settings::localcacert,
-      tag    => 'icinga2::config::file',
-    }
-  }
+  case $pki {
+    'puppet': {
+      file { $_ssl_key_path:
+        ensure => file,
+        mode   => $::kernel ? {
+          'windows' => undef,
+          default   => '0600',
+        },
+        source => $::settings::hostprivkey,
+        tag    => 'icinga2::config::file',
+      }
+
+      file { $_ssl_cert_path:
+        ensure => file,
+        source => $::settings::hostcert,
+        tag    => 'icinga2::config::file',
+      }
+
+      file { $_ssl_cacert_path:
+        ensure => file,
+        source => $::settings::localcacert,
+        tag    => 'icinga2::config::file',
+      }
+    } # puppet
+
+    'none': {
+      if $ssl_key {
+        file { $_ssl_key_path:
+          ensure => file,
+          mode   => $::kernel ? {
+            'windows' => undef,
+            default   => '0600',
+          },
+          content  => $::osfamily ? {
+            'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'),
+            default   => $ssl_key,
+          },
+          tag     => 'icinga2::config::file',
+        }
+      }
+
+      if $ssl_cert {
+        file { $_ssl_cert_path:
+          ensure  => file,
+          content  => $::osfamily ? {
+            'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'),
+            default   => $ssl_cert,
+          },
+          tag     => 'icinga2::config::file',
+        }
+      }
+
+      if $ssl_cacert {
+        file { $_ssl_cacert_path:
+          ensure  => file,
+          content  => $::osfamily ? {
+            'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'),
+            default   => $ssl_cacert,
+          },
+          tag     => 'icinga2::config::file',
+        }
+      }
+    } # none
+  } # pki
 
   # compose attributes
   $attrs = {
     cert_path       => $_ssl_cert_path,
     key_path        => $_ssl_key_path,
-    ca_path         => $_ssl_ca_path,
+    ca_path         => $_ssl_cacert_path,
     accept_commands => $accept_commands,
     accept_config   => $accept_config,
     ticket_salt     => $ticket_salt,
diff --git a/manifests/object.pp b/manifests/object.pp
@@ -64,18 +64,23 @@
   validate_absolute_path($target)
   validate_string($order)
 
-  ensure_resource('concat', $target, {
-    ensure => present,
-    owner  => $user,
-    group  => $group,
-    tag    => 'icinga2::config::file',
-    warn   => true,
-  })
+  if !defined(Concat[$target]) {
+    concat { $target:
+      ensure => present,
+      owner  => $user,
+      group  => $group,
+      tag    => 'icinga2::config::file',
+      warn   => true,
+    }
+  }
 
   if $ensure != 'absent' {
     concat::fragment { "icinga2::object::${object_type}::${object_name}":
       target  => $target,
-      content => template('icinga2/object.conf.erb'),
+      content  => $::osfamily ? {
+        'windows' => regsubst(template('icinga2/object.conf.erb'), '\n', "\r\n", 'EMG'),
+        default   => template('icinga2/object.conf.erb'),
+      },
       order   => $order,
     }
   }
diff --git a/spec/classes/api_spec.rb b/spec/classes/api_spec.rb
