add option to pass SSLCertificateFile and SSLCertificateKey to ssl.conf

Author: Ryan Hall

manifests/mod/ssl.pp

@@ -3,6 +3,8 @@
   $ssl_cryptodevice                                         = 'builtin',
   $ssl_options                                              = [ 'StdEnvVars' ],
   $ssl_openssl_conf_cmd                                     = undef,
+  $ssl_cert                                                 = undef,
+  $ssl_key                                                  = undef,
   $ssl_ca                                                   = undef,
   $ssl_cipher                                               = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES',
   Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true,

spec/classes/mod/ssl_spec.rb

@@ -185,6 +185,26 @@
       it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLPassPhraseDialog builtin$}) }
     end
 
+    context 'setting ssl_cert' do
+      let :params do
+        {
+          ssl_cert: '/etc/pki/some/path/localhost.crt',
+        }
+      end
+
+      it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLCertificateFile}) }
+    end
+
+    context 'setting ssl_key' do
+      let :params do
+        {
+          ssl_key: '/etc/pki/some/path/localhost.key',
+        }
+      end
+
+      it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLCertificateKeyFile}) }
+    end
+
     context 'setting ssl_ca to a path' do
       let :params do
         {

templates/mod/ssl.conf.erb

@@ -20,6 +20,12 @@
   <%- end -%>
   SSLCryptoDevice <%= @ssl_cryptodevice %>
   SSLHonorCipherOrder <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %>
+  <%- if @ssl_cert -%>
+  SSLCertificateFile      "<%= @ssl_cert %>"
+  <%- end -%>
+  <%- if @ssl_key -%>
+  SSLCertificateKeyFile   "<%= @ssl_key %>"
+  <%- end -%>
   <%- if @ssl_ca -%>
   SSLCACertificateFile    "<%= @ssl_ca %>"
   <%- end -%>