@@ -145,4 +145,109 @@ class { 'certs':
145145 its ( :keylength ) { should be >= 2048 }
146146 end
147147 end
148+
149+ context 'with tar file' do
150+ context 'with default ca' do
151+ before ( :context ) do
152+ manifest = <<~PUPPET
153+ class { 'certs':
154+ server_cert => '/server.crt',
155+ server_key => '/server.key',
156+ server_ca_cert => '/server-ca.crt',
157+ generate => true,
158+ deploy => false,
159+ }
160+
161+ class { 'certs::foreman_proxy_content':
162+ foreman_proxy_fqdn => 'foreman-proxy.example.com',
163+ certs_tar => '/root/foreman-proxy.example.com.tar.gz',
164+ }
165+ PUPPET
166+
167+ apply_manifest ( manifest , catch_failures : true )
168+
169+ on default , 'rm -rf /root/ssl-build'
170+ end
171+
172+ it_behaves_like 'an idempotent resource' do
173+ let ( :manifest ) do
174+ <<-PUPPET
175+ class { 'certs':
176+ tar_file => '/root/foreman-proxy.example.com.tar.gz',
177+ }
178+ PUPPET
179+ end
180+ end
181+
182+ describe 'default and server ca certs match' do
183+ it { expect ( file ( '/etc/pki/katello/certs/katello-default-ca.crt' ) . content ) . to eq ( file ( '/etc/pki/katello/certs/katello-server-ca.crt' ) . content ) }
184+ end
185+
186+ describe x509_certificate ( '/etc/pki/katello/certs/katello-default-ca.crt' ) do
187+ it { should be_certificate }
188+ it { should be_valid }
189+ it { should have_purpose 'SSL server CA' }
190+ its ( :issuer ) { should match_without_whitespace ( /C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{ fact ( 'fqdn' ) } ) }
191+ its ( :subject ) { should match_without_whitespace ( /C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{ fact ( 'fqdn' ) } ) }
192+ its ( :keylength ) { should be >= 4096 }
193+ end
194+ end
195+
196+ context 'with custom certificates' do
197+ before ( :context ) do
198+ manifest = <<~PUPPET
199+ class { 'certs':
200+ server_cert => '/server.crt',
201+ server_key => '/server.key',
202+ server_ca_cert => '/server-ca.crt',
203+ generate => true,
204+ deploy => false,
205+ }
206+
207+ class { 'certs::foreman_proxy_content':
208+ foreman_proxy_fqdn => 'foreman-proxy.example.com',
209+ certs_tar => '/root/foreman-proxy.example.com.tar.gz',
210+ }
211+ PUPPET
212+
213+ apply_manifest ( manifest , catch_failures : true )
214+
215+ on default , 'rm -rf /root/ssl-build'
216+ end
217+
218+ it_behaves_like 'an idempotent resource' do
219+ let ( :manifest ) do
220+ <<-PUPPET
221+ class { 'certs':
222+ tar_file => '/root/foreman-proxy.example.com.tar.gz',
223+ }
224+ PUPPET
225+ end
226+ end
227+
228+ describe 'default and server ca certs match' do
229+ it { expect ( file ( '/etc/pki/katello/certs/katello-default-ca.crt' ) . content ) . not_to eq ( file ( '/etc/pki/katello/certs/katello-server-ca.crt' ) . content ) }
230+ end
231+
232+ describe x509_certificate ( '/etc/pki/katello/certs/katello-default-ca.crt' ) do
233+ it { should be_certificate }
234+ it { should be_valid }
235+ it { should have_purpose 'SSL server CA' }
236+ its ( :issuer ) { should match_without_whitespace ( /C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{ fact ( 'fqdn' ) } ) }
237+ its ( :subject ) { should match_without_whitespace ( /C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{ fact ( 'fqdn' ) } ) }
238+ its ( :keylength ) { should be >= 4096 }
239+ end
240+
241+ describe x509_certificate ( '/etc/pki/katello/certs/katello-server-ca.crt' ) do
242+ it { should be_certificate }
243+ it { should be_valid }
244+ it { should have_purpose 'SSL server CA' }
245+ # These don't match since we only configure it with the intermediate
246+ # and not the actual root
247+ its ( :issuer ) { should match_without_whitespace ( /CN = Fake LE Root X1/ ) }
248+ its ( :subject ) { should match_without_whitespace ( /CN = Fake LE Intermediate X1/ ) }
249+ its ( :keylength ) { should be >= 2048 }
250+ end
251+ end
252+ end
148253end
0 commit comments