Add support for SSLPassPhraseDialog to be specified for mod_ssl.

Defaults to 'builtin' to match the current behavior.
xbezdick · Dec 29, 2014 · 1bd26e0 · 1bd26e0
1 parent 7157b4d
commit 1bd26e0
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -732,9 +732,10 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t
 
 ```puppet
     class { 'apache::mod::ssl':
-      ssl_compression => false,
-      ssl_options     => [ 'StdEnvVars' ],
-      ssl_protocol    => [ 'all', '-SSLv2', '-SSLv3'],
+      ssl_compression        => false,
+      ssl_options            => [ 'StdEnvVars' ],
+      ssl_pass_phrase_dialog => 'builtin',
+      ssl_protocol           => [ 'all', '-SSLv2', '-SSLv3'],
   }
 ```
 

diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp
@@ -1,10 +1,11 @@
 class apache::mod::ssl (
-  $ssl_compression = false,
-  $ssl_options     = [ 'StdEnvVars' ],
-  $ssl_cipher      = 'HIGH:MEDIUM:!aNULL:!MD5',
-  $ssl_protocol    = [ 'all', '-SSLv2', '-SSLv3' ],
-  $apache_version  = $::apache::apache_version,
-  $package_name    = undef,
+  $ssl_compression        = false,
+  $ssl_options            = [ 'StdEnvVars' ],
+  $ssl_cipher             = 'HIGH:MEDIUM:!aNULL:!MD5',
+  $ssl_protocol           = [ 'all', '-SSLv2', '-SSLv3' ],
+  $ssl_pass_phrase_dialog = 'builtin',
+  $apache_version         = $::apache::apache_version,
+  $package_name           = undef,
 ) {
   $session_cache = $::osfamily ? {
     'debian'  => "\${APACHE_RUN_DIR}/ssl_scache(512000)",

diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb
@@ -78,4 +78,33 @@
     it { is_expected.to contain_class('apache::params') }
     it { is_expected.to contain_apache__mod('ssl') }
   end
+
+  # Template config doesn't vary by distro
+  context "on all distros" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'CentOS',
+        :operatingsystemrelease => '6',
+        :kernel                 => 'Linux',
+        :id                     => 'root',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+      }
+    end
+
+    context 'not setting ssl_pass_phrase_dialog' do
+      it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLPassPhraseDialog builtin$/)}
+    end
+
+    context 'setting ssl_pass_phrase_dialog' do
+      let :params do
+        {
+          :ssl_pass_phrase_dialog => 'exec:/path/to/program',
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLPassPhraseDialog exec:\/path\/to\/program$/)}
+    end
+
+  end
 end
diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb
@@ -7,7 +7,7 @@
   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl    .crl
 
-  SSLPassPhraseDialog  builtin
+  SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %>
   SSLSessionCache "shmcb:<%= @session_cache %>"
   SSLSessionCacheTimeout 300
 <% if @ssl_compression -%>