Use bundle certificate for proxy_ca.pem

Signed-off-by: Eric D. Helms <[email protected]>

Author: ehelms

manifests/ca.pp

@@ -70,10 +70,6 @@
         order  => '02',
       }
     }
-
-    file { "${certs::ssl_build_dir}/KATELLO-TRUSTED-SSL-CERT":
-      ensure  => absent,
-    }
   }
 
   if $deploy {

manifests/foreman.pp

@@ -56,11 +56,11 @@
 
     file { $ssl_ca_cert:
       ensure  => file,
-      source  => $server_ca,
+      source  => $certs::ca::ca_bundle_path,
       owner   => 'root',
       group   => $group,
       mode    => '0440',
-      require => File[$server_ca],
+      require => Concat[$certs::ca::ca_bundle_path],
     }
   }
 }

spec/acceptance/certs_spec.rb

@@ -159,7 +159,7 @@ class { 'certs':
 
     describe ca_bundle('/root/ssl-build/ca-bundle.crt') do
       it { should exist }
-      its(:size) { should equal 1 }
+      its(:size) { should equal 2 }
       it { should have_cert('/root/ssl-build/katello-default-ca.crt') }
       it { should have_cert('/root/ssl-build/katello-server-ca.crt') }
     end

spec/acceptance/foreman_proxy_content_spec.rb

@@ -9,6 +9,7 @@
     [
       'ssl-build/katello-default-ca.crt',
       'ssl-build/katello-server-ca.crt',
+      'ssl-build/ca-bundle.crt',
       'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.crt',
       'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.crt',
       'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.crt',

spec/acceptance/foreman_spec.rb

@@ -51,19 +51,10 @@
       it { should be_grouped_into 'foreman' }
     end
 
-    describe x509_certificate('/etc/foreman/proxy_ca.pem') do
-      it { should be_certificate }
-      it { should be_valid }
-      its(:issuer) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fqdn}/) }
-      its(:subject) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fqdn}/) }
-      its(:keylength) { should be >= 4096 }
-    end
-
-    describe file('/etc/foreman/proxy_ca.pem') do
-      it { should be_file }
-      it { should be_mode 440 }
-      it { should be_owned_by 'root' }
-      it { should be_grouped_into 'foreman' }
+    describe ca_bundle('/root/ssl-build/ca-bundle.crt') do
+      it { should exist }
+      its(:size) { should equal 1 }
+      it { should have_cert('/root/ssl-build/katello-default-ca.crt') }
     end
 
     describe x509_certificate("/root/ssl-build/#{fqdn}/#{fqdn}-foreman-client.crt") do