From 7414a29720f5a8ff281911f0ca50573337913688 Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni@golov.de>
Date: Thu, 5 May 2022 09:51:41 +0200
Subject: [PATCH] also chain private keys from puppet-certs correctly

the problem is that `ssl_key.pem` in a Katello deployment is a `private_key`
from the `certs` module, and while that *does* define a `file` internally
(https://github.com/theforeman/puppet-certs/blob/5ce5b4b9e8a13a7a630cc607ecfa5e48991a2aa9/lib/puppet/type/private_key.rb#L64)
those are not available for matching of a collector.

https://puppet.com/docs/puppet/6/lang_collectors.html:
> Collectors can search only on attributes that are present in the manifests

(the `file` resource is not in the manifest, the `private_key` is)
---
 .../plugin/remote_execution/mosquitto.pp      |  4 ++++
 ...lugin__remote_execution__mosquitto_spec.rb | 20 ++++++++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/manifests/plugin/remote_execution/mosquitto.pp b/manifests/plugin/remote_execution/mosquitto.pp
index ba506056..5d173aad 100644
--- a/manifests/plugin/remote_execution/mosquitto.pp
+++ b/manifests/plugin/remote_execution/mosquitto.pp
@@ -97,4 +97,8 @@
   File <| title == $ssl_cert |> ~> File["${mosquitto_ssl_dir}/ssl_cert.pem"]
   File <| title == $ssl_key |> ~> File["${mosquitto_ssl_dir}/ssl_key.pem"]
   File <| title == $ssl_ca |> ~> File["${mosquitto_ssl_dir}/ssl_ca.pem"]
+
+  if defined('private_key') {
+    Private_key <| title == $ssl_key |> ~> File["${mosquitto_ssl_dir}/ssl_key.pem"]
+  }
 }
diff --git a/spec/classes/foreman_proxy__plugin__remote_execution__mosquitto_spec.rb b/spec/classes/foreman_proxy__plugin__remote_execution__mosquitto_spec.rb
index 2f37013b..85da3853 100644
--- a/spec/classes/foreman_proxy__plugin__remote_execution__mosquitto_spec.rb
+++ b/spec/classes/foreman_proxy__plugin__remote_execution__mosquitto_spec.rb
@@ -99,9 +99,23 @@
         end
 
         it 'should notify mosquitto certs when source changes' do
-          should contain_file('/etc/foreman-proxy/ssl_cert.pem').with_notify(['File[/etc/mosquitto/ssl/ssl_cert.pem]'])
-          should contain_file('/etc/foreman-proxy/ssl_key.pem').with_notify(['File[/etc/mosquitto/ssl/ssl_key.pem]'])
-          should contain_file('/etc/foreman-proxy/ssl_ca.pem').with_notify(['File[/etc/mosquitto/ssl/ssl_ca.pem]'])
+          should contain_file('/etc/foreman-proxy/ssl_cert.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_cert.pem]')
+          should contain_file('/etc/foreman-proxy/ssl_key.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_key.pem]')
+          should contain_file('/etc/foreman-proxy/ssl_ca.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_ca.pem]')
+        end
+      end
+
+      describe 'with certs deployed by puppet as custom types' do
+        let(:pre_condition) do
+          <<-PUPPET
+          define private_key () { file { $name: ensure => file } }
+
+          private_key { '/etc/foreman-proxy/ssl_key.pem': }
+          PUPPET
+        end
+
+        it 'should notify mosquitto certs when source changes' do
+          should contain_private_key('/etc/foreman-proxy/ssl_key.pem').that_notifies('File[/etc/mosquitto/ssl/ssl_key.pem]')
         end
       end