yet another attempt to work around exec umask issues

Contargo · Feb 28, 2014 · ab70ece · ab70ece
1 parent 75e9d57
commit ab70ece
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 12 deletions.
diff --git a/manifests/add_cert_and_key.pp b/manifests/add_cert_and_key.pp
@@ -38,16 +38,28 @@
   # downcase and change spaces into _s
   $pkcs12_name = downcase(regsubst("${nickname}.p12", '[\s]', '_', 'GM'))
 
-  # the exec type in older versions of puppet don't support the umask param so
-  # we have to inline it in the command string
-  exec {"generate_pkcs12_${title}":
-    command   => "umask 7077 && /usr/bin/openssl pkcs12 -export -in ${cert} -inkey ${key} -password 'file:${certdir}/nss-password.txt' -out '${certdir}/${pkcs12_name}' -name '${nickname}'",
-    creates   => "${certdir}/${pkcs12_name}",
-    subscribe => File["${certdir}/nss-password.txt"],
-    require   => [
-      Nsstools::Create[$certdir],
-      Class['nsstools'],
-    ],
+  # the exec type in older versions of puppet don't support the umask param
+  if versioncmp($::puppetversion, '3.4.0') >= 0 {
+    exec {"generate_pkcs12_${title}":
+      command   => "/usr/bin/openssl pkcs12 -export -in ${cert} -inkey ${key} -password 'file:${certdir}/nss-password.txt' -out '${certdir}/${pkcs12_name}' -name '${nickname}'",
+      creates   => "${certdir}/${pkcs12_name}",
+      subscribe => File["${certdir}/nss-password.txt"],
+      umask     => '7077',
+      require   => [
+        Nsstools::Create[$certdir],
+        Class['nsstools'],
+      ],
+    }
+  } else {
+    exec {"generate_pkcs12_${title}":
+      command   => "/usr/bin/openssl pkcs12 -export -in ${cert} -inkey ${key} -password 'file:${certdir}/nss-password.txt' -out '${certdir}/${pkcs12_name}' -name '${nickname}'",
+      creates   => "${certdir}/${pkcs12_name}",
+      subscribe => File["${certdir}/nss-password.txt"],
+      require   => [
+        Nsstools::Create[$certdir],
+        Class['nsstools'],
+      ],
+    }
   }
 
   exec { "add_pkcs12_${title}":

diff --git a/spec/defines/nsstools_add_cert_and_key_spec.rb b/spec/defines/nsstools_add_cert_and_key_spec.rb
@@ -16,7 +16,7 @@
     context 'generate_pkcs12' do
       it do
         should contain_exec('generate_pkcs12_Server-Cert').with(
-          :command   => "umask 7077 && /usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
+          :command   => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
           :require   => [
             'Nsstools::Create[/dne]',
             'Class[Nsstools]'
@@ -58,7 +58,7 @@
     context 'generate_pkcs12' do
       it do
         should contain_exec('generate_pkcs12_foo').with(
-          :command   => "umask 7077 && /usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
+          :command   => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/nss-password.txt' -out '/dne/server-cert.p12' -name 'Server-Cert'",
           :require   => [
             'Nsstools::Create[/dne]',
             'Class[Nsstools]'