(#493) support the same config options as go-security file provider

Also fails when file provider is configured and someone does
request_cert

lib/mcollective/application/choria.rb

@@ -70,6 +70,10 @@ def main
       def request_cert_command
         disconnect
 
+        unless choria.puppet_security?
+          raise(Util::Choria::UserError, "Cannot only request certificates in Puppet security mode")
+        end
+
         if choria.has_client_public_cert?
           raise(Util::Choria::UserError, "Already have a certificate '%s', cannot request a new one" % choria.client_public_cert)
         end
@@ -175,6 +179,7 @@ def show_config_command # rubocop:disable Metrics/MethodLength
           puts "     Valid SSL Setup: %s try running 'mco choria request_cert'" % [Util.colorize(:red, "no")]
         end
 
+        puts "   Security Provider: %s" % [choria.security_provider]
         puts "            Certname: %s" % [choria.certname]
         puts "       SSL Directory: %s (%s)" % [choria.ssl_dir, File.exist?(choria.ssl_dir) ? Util.colorize(:green, "found") : Util.colorize(:red, "absent")]
         puts "  Client Public Cert: %s (%s)" % [choria.client_public_cert, choria.has_client_public_cert? ? Util.colorize(:green, "found") : Util.colorize(:red, "absent")]

lib/mcollective/util/choria.rb

@@ -667,11 +667,28 @@ def ssl_dir
                        end
       end
 
+      # Determines the security provider
+      def security_provider
+        get_option("choria.security.provider", "puppet")
+      end
+
+      # Determines if the file security provider is enabled
+      def file_security?
+        security_provider == "file"
+      end
+
+      # Determines if the puppet security provider is enabled
+      def puppet_security?
+        security_provider == "puppet"
+      end
+
       # The path to a client public certificate
       #
       # @note paths determined by Puppet AIO packages
       # @return [String]
       def client_public_cert
+        return get_option("choria.security.file.certificate", "") if file_security?
+
         File.join(ssl_dir, "certs", "%s.pem" % certname)
       end
 
@@ -687,6 +704,8 @@ def has_client_public_cert?
       # @note paths determined by Puppet AIO packages
       # @return [String]
       def client_private_key
+        return get_option("choria.security.file.key", "") if file_security?
+
         File.join(ssl_dir, "private_keys", "%s.pem" % certname)
       end
 
@@ -701,6 +720,8 @@ def has_client_private_key?
       #
       # @return [String]
       def ca_path
+        return get_option("choria.security.file.ca", "") if file_security?
+
         File.join(ssl_dir, "certs", "ca.pem")
       end
 
@@ -715,6 +736,8 @@ def has_ca?
       #
       # @return [String]
       def csr_path
+        return "" if file_security?
+
         File.join(ssl_dir, "certificate_requests", "%s.pem" % certname)
       end
 
@@ -762,6 +785,8 @@ def facter_cmd
       #
       # @return [void]
       def make_ssl_dirs
+        return if file_security?
+
         FileUtils.mkdir_p(ssl_dir, :mode => 0o0771)
 
         ["certificate_requests", "certs", "public_keys"].each do |dir|

spec/unit/mcollective/util/choria_spec.rb

@@ -6,6 +6,49 @@ module Util
     describe Choria do
       let(:choria) { Choria.new(false) }
 
+      describe "#file_security?" do
+        it "should detect file security settings" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "file"
+          )
+
+          expect(choria.file_security?).to be(true)
+        end
+
+        it "should be false otherwise" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "puppet"
+          )
+
+          expect(choria.file_security?).to be(false)
+
+          Config.instance.expects(:pluginconf).returns({})
+          expect(choria.file_security?).to be(false)
+        end
+      end
+
+      describe "#puppet_security?" do
+        it "shouldd efault to puppet security settings" do
+          expect(choria.puppet_security?).to be(true)
+        end
+
+        it "should detect puppet security settings" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "puppet"
+          )
+
+          expect(choria.puppet_security?).to be(true)
+        end
+
+        it "should be false when not puppet" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "file"
+          )
+
+          expect(choria.puppet_security?).to be(false)
+        end
+      end
+
       describe "#tasks_spool_dir" do
         it "should support windows" do
           Util.stubs(:windows?).returns(true)
@@ -621,6 +664,16 @@ module Util
 
           choria.make_ssl_dirs
         end
+
+        it "should support the file security provider" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "file"
+          )
+
+          FileUtils.expects(:mkdir_p).never
+
+          choria.make_ssl_dirs
+        end
       end
 
       describe "#csr_path" do
@@ -629,13 +682,30 @@ module Util
           choria.expects(:certname).returns("rspec")
           expect(choria.csr_path).to eq("/ssl/certificate_requests/rspec.pem")
         end
+
+        it "should support the file security provider" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "file"
+          )
+
+          expect(choria.csr_path).to eq("")
+        end
       end
 
       describe "#ca_path" do
         it "should get the right path in ssl_dir" do
           choria.expects(:ssl_dir).returns("/ssl")
           expect(choria.ca_path).to eq("/ssl/certs/ca.pem")
         end
+
+        it "should support the file security provider" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "file",
+            "choria.security.file.ca" => "/ssl/ca.pem"
+          )
+
+          expect(choria.ca_path).to eq("/ssl/ca.pem")
+        end
       end
 
       describe "#client_public_cert" do
@@ -644,6 +714,15 @@ module Util
           choria.expects(:certname).returns("rspec")
           expect(choria.client_public_cert).to eq("/ssl/certs/rspec.pem")
         end
+
+        it "should support file security provider" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "file",
+            "choria.security.file.certificate" => "/ssl/rspec.pem"
+          )
+
+          expect(choria.client_public_cert).to eq("/ssl/rspec.pem")
+        end
       end
 
       describe "#client_private_key" do
@@ -652,6 +731,15 @@ module Util
           choria.expects(:certname).returns("rspec")
           expect(choria.client_private_key).to eq("/ssl/private_keys/rspec.pem")
         end
+
+        it "should support the file security provider" do
+          Config.instance.stubs(:pluginconf).returns(
+            "choria.security.provider" => "file",
+            "choria.security.file.key" => "/ssl/rspec-key.pem"
+          )
+
+          expect(choria.client_private_key).to eq("/ssl/rspec-key.pem")
+        end
       end
 
       describe "#certname" do