From 92f8402ee37d86ccacdbb018fa7f49b36283bd24 Mon Sep 17 00:00:00 2001
From: Wojciech Dec <wdec@cisco.com>
Date: Wed, 11 Apr 2018 17:54:38 +0200
Subject: [PATCH] Add SSL and PEM support

Signed-off-by: Wojciech Dec <wdec@cisco.com>
---
 CHANGELOG.md              |  4 +++-
 README.md                 |  9 +++++++++
 manifests/init.pp         | 13 +++++++++++++
 manifests/params.pp       |  2 ++
 spec/classes/init_spec.rb | 23 +++++++++++++++++++++++
 templates/monitrc.erb     |  7 +++++++
 6 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 496db8b..d487610 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,10 @@
-## 2016-11-07 - Release 1.1.2
+## 2018-09-11 - Release 1.1.2
 ### Summary
+Based on release 1.1.2 (2016-11-07) of the original module.
 This release adds support to Ubuntu Xenial and improves compatibility with Puppet Server.
 
 #### Features
+- Adds support for PEM and SSL certificate configuration
 - Added support to Ubuntu 16.04.
 
 ### Bugfixes
diff --git a/README.md b/README.md
index 92d82eb..b50f069 100644
--- a/README.md
+++ b/README.md
@@ -157,6 +157,15 @@ Specifies the user to access the Monit Dashboard. Valid options: string. Default
 
 Specifies the password to access the Monit Dashboard. Valid options: string. Default value: 'monit'
 
+##### `httpd_ssl'
+
+Specifies SSL encryption for access the Monit Dashboard. Valid options: 'true' or 'false'. Default value: 'false'
+
+##### `httpd_pemfile'
+
+Specifies the use of the local PEM module for authentication of access the Monit Dashboard. Valid options: string
+Default value: undef.
+
 ##### `logfile`
 
 Specifies the logfile directive value. Valid options: string. Default value: '/var/log/monit.log'
diff --git a/manifests/init.pp b/manifests/init.pp
index 8fbf995..aaab863 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -7,6 +7,8 @@
   $httpd_address             = $monit::params::httpd_address,
   $httpd_user                = $monit::params::httpd_user,
   $httpd_password            = $monit::params::httpd_password,
+  $httpd_ssl                 = $monit::params::httpd_ssl,
+  $httpd_pemfile             = $monit::params::httpd_pemfile,
   $manage_firewall           = $monit::params::manage_firewall,
   $package_ensure            = $monit::params::package_ensure,
   $package_name              = $monit::params::package_name,
@@ -64,6 +66,12 @@
   } else {
     $config_dir_purge_bool = $config_dir_purge
   }
+
+  if is_string($httpd_ssl) == true {
+    $httpd_ssl_bool = str2bool($httpd_ssl)
+  } else {
+    $httpd_ssl_bool = $httpd_ssl
+  }
   # </stringified variable handling>
 
   # <variable validations>
@@ -73,6 +81,7 @@
   validate_string($httpd_address)
   validate_string($httpd_user)
   validate_string($httpd_password)
+  validate_bool($httpd_ssl_bool)
   validate_bool($manage_firewall_bool)
   validate_string($package_ensure)
   validate_string($package_name)
@@ -100,6 +109,10 @@
     validate_string($mmonit_address)
   }
 
+  if $httpd_pemfile != undef {
+    validate_absolute_path($httpd_pemfile)
+  }
+
   validate_string($mmonit_port)
   validate_string($mmonit_user)
   validate_string($mmonit_password)
diff --git a/manifests/params.pp b/manifests/params.pp
index 1b348a9..0804bf1 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -9,6 +9,8 @@
   $httpd_address             = 'localhost'
   $httpd_user                = 'admin'
   $httpd_password            = 'monit'
+  $httpd_ssl                 = false
+  $httpd_pemfile             = undef
   $manage_firewall           = false
   $package_ensure            = 'present'
   $package_name              = 'monit'
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index f78f2c0..49179aa 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -261,6 +261,29 @@
       it { should contain_file('monit_config').with_content(/#{content}/) }
     end
 
+    context 'when httpd ssl with pem is enabled' do
+      let(:params) do
+        {
+            :httpd          => true,
+            :httpd_ssl      => true,
+            :httpd_pemfile  => 'somePEMfile',
+            :httpd_port     => 2420,
+            :httpd_address  => 'otherhost',
+            :httpd_user     => 'tester',
+            :httpd_password => '',
+        }
+      end
+      content = <<-END.gsub(/^\s+\|/, '')
+        |set httpd port 2420 and
+        |   use address otherhost
+        |   allow 0.0.0.0/0.0.0.0
+        |   ssl enable
+        |   pemfile somePEMfile
+        |   allow tester read-only
+      END
+      it { should contain_file('monit_config').with_content(/#{content}/) }
+    end
+
     context 'when manage_firewall and http are set to valid bool <true>' do
       # kernel fact is needed for ::firewall
       let(:pre_condition) { ['include ::firewall'] }
diff --git a/templates/monitrc.erb b/templates/monitrc.erb
index d270f52..b42c294 100644
--- a/templates/monitrc.erb
+++ b/templates/monitrc.erb
@@ -29,6 +29,13 @@ set eventqueue
 set httpd port <%= @httpd_port %> and
    use address <%= @httpd_address %>
    allow 0.0.0.0/0.0.0.0
+   <%- if @httpd_ssl_bool and @httpd_pemfile -%>
+   ssl enable
+   pemfile <%= @httpd_pemfile %>
+      <%- if !@httpd_user.empty? && @httpd_password.empty? -%>
+   allow <%= @httpd_user %> read-only
+      <%- end -%>
+   <%- end -%>
    <%- if !@httpd_user.empty? && !@httpd_password.empty? -%>
    allow <%= @httpd_user %>:<%= @httpd_password %>
    <%- end -%>