Add a test for customer server certificates in tar file

ekohl · ekohl · commit 413a41c867f6 · 2024-09-12T16:19:22.000+02:00
This asserts that the default CA and server CA are the same in one
scenario and differ in the other.
diff --git a/spec/acceptance/foreman_proxy_content_spec.rb b/spec/acceptance/foreman_proxy_content_spec.rb
@@ -5,11 +5,26 @@
     on default, 'rm -rf /root/ssl-build'
   end
 
-  context 'with default parameters' do
-    before(:context) do
-      apply_manifest('include certs', catch_failures: true)
+  let(:expected_files_in_tar) do
+    [
+      'ssl-build/katello-default-ca.crt',
+      'ssl-build/katello-server-ca.crt',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.crt',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.crt',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.crt',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.crt',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.crt',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.key',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.key',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.key',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.key',
+      'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.key',
+    ]
+  end
 
-      pp = <<-PUPPET
+  context 'with default CA' do
+    before(:context) do
+      manifest = <<~PUPPET
         class { 'certs':
           generate => true,
           deploy   => false,
@@ -21,29 +36,55 @@ class { 'certs::foreman_proxy_content':
         }
       PUPPET
 
-      apply_manifest(pp, catch_failures: true)
+      apply_manifest(manifest, catch_failures: true)
+    end
+
+    describe tar('/root/foreman-proxy.example.com.tar.gz') do
+      it { should exist }
+      its(:contents) { should match_array(expected_files_in_tar) }
+    end
+
+    describe 'default and server ca certs match' do
+      it { expect(file('/root/ssl-build/katello-default-ca.crt').content).to eq(file('/root/ssl-build/katello-server-ca.crt').content) }
     end
+  end
+
+  context 'with server certificates' do
+    before(:context) do
+      certs = {
+        'fixtures/example.partial.solutions.crt' => '/server.crt',
+        'fixtures/example.partial.solutions.key' => '/server.key',
+        'fixtures/example.partial.solutions-chain.pem' => '/server-ca.crt',
+      }
+      certs.each do |source_path, dest_path|
+        scp_to(hosts, source_path, dest_path)
+      end
+
+      manifest = <<~PUPPET
+        class { 'certs':
+          server_cert    => '/server.crt',
+          server_key     => '/server.key',
+          server_ca_cert => '/server-ca.crt',
+          generate       => true,
+          deploy         => false,
+        }
+
+        class { 'certs::foreman_proxy_content':
+          foreman_proxy_fqdn => 'foreman-proxy.example.com',
+          certs_tar          => '/root/foreman-proxy.example.com.tar.gz',
+        }
+      PUPPET
 
-    let(:expected_files_in_tar) do
-      [
-        'ssl-build/katello-default-ca.crt',
-        'ssl-build/katello-server-ca.crt',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.crt',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.crt',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.crt',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.crt',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.crt',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.key',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.key',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.key',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.key',
-        'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.key',
-      ]
+      apply_manifest(manifest, catch_failures: true)
     end
 
     describe tar('/root/foreman-proxy.example.com.tar.gz') do
       it { should exist }
       its(:contents) { should match_array(expected_files_in_tar) }
     end
+
+    describe 'default and server ca certs differ' do
+      it { expect(file('/root/ssl-build/katello-default-ca.crt').content).not_to eq(file('/root/ssl-build/katello-server-ca.crt').content) }
+    end
   end
 end
