Merge pull request #360 from kenyon/manage-eyaml-config

bastelfreak · web-flow · commit fd0e76cfe021 · 2025-08-28T09:13:20.000+02:00
Manage systemwide eyaml config file
diff --git a/manifests/eyaml.pp b/manifests/eyaml.pp
@@ -77,5 +77,28 @@
       mode    => '0644',
       require => Exec['createkeys'],
     }
+
+    file { '/etc/eyaml':
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0755',
+    }
+
+    file { '/etc/eyaml/config.yaml':
+      ensure  => file,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      # https://github.com/voxpupuli/puppet-lint-strict_indent-check/issues/20
+      # lint:ignore:strict_indent
+      content => @("CONF"),
+        ---
+        # This file is managed by puppet.
+        pkcs7_private_key: ${privkey}
+        pkcs7_public_key: ${pubkey}
+        | CONF
+      # lint:endignore
+    }
   }
 }
diff --git a/spec/classes/hiera_spec.rb b/spec/classes/hiera_spec.rb
@@ -84,6 +84,16 @@
           it { is_expected.to contain_exec('createkeys').that_requires('Hiera::Install[eyaml]') }
           it { is_expected.to contain_file('/dev/null/keys/private_key.pkcs7.pem').with_ensure('file').with_mode('0600').that_requires('Exec[createkeys]') }
           it { is_expected.to contain_file('/dev/null/keys/public_key.pkcs7.pem').with_ensure('file').with_mode('0644').that_requires('Exec[createkeys]') }
+
+          it do
+            is_expected.to contain_file('/etc/eyaml/config.yaml').
+              with_ensure('file').
+              with_owner('root').
+              with_group('root').
+              with_mode('0644').
+              with_content(%r{pkcs7_private_key: /dev/null/keys/private_key.pkcs7.pem}).
+              with_content(%r{pkcs7_public_key: /dev/null/keys/public_key.pkcs7.pem})
+          end
         end
 
         describe 'other_backends' do
