Skip to content

Commit ec4826d

Browse files
ehelmsehelms
committed
Make deploying client bundle certificate optional
1 parent 0ca7b00 commit ec4826d

File tree

2 files changed

+55
-1
lines changed

2 files changed

+55
-1
lines changed

manifests/foreman_proxy.pp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
String $owner = 'root',
3333
Stdlib::Filemode $private_key_mode = '0440',
3434
Stdlib::Filemode $public_key_mode = '0444',
35+
Enum['present', 'absent'] $client_bundle_ensure = 'present',
3536
) inherits certs {
3637
$proxy_cert_name = "${hostname}-foreman-proxy"
3738
$foreman_proxy_client_cert_name = "${hostname}-foreman-proxy-client"
@@ -152,7 +153,7 @@
152153
}
153154

154155
cert_key_bundle { $foreman_proxy_ssl_client_bundle:
155-
ensure => present,
156+
ensure => $client_bundle_ensure,
156157
certificate => "${certs::ssl_build_dir}/${hostname}/${foreman_proxy_client_cert_name}.crt",
157158
private_key => "${certs::ssl_build_dir}/${hostname}/${foreman_proxy_client_cert_name}.key",
158159
force_pkcs_1 => true,

spec/acceptance/foreman_proxy_spec.rb

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -272,4 +272,57 @@ class { 'certs::foreman_proxy':
272272
it { should_not exist }
273273
end
274274
end
275+
276+
context 'with include_client_bundle absent' do
277+
before(:context) do
278+
on default, 'rm -rf /root/ssl-build /etc/foreman-proxy /etc/pki/katello'
279+
end
280+
281+
it_behaves_like 'an idempotent resource' do
282+
let(:manifest) do
283+
<<-PUPPET
284+
file { '/etc/foreman-proxy':
285+
ensure => directory,
286+
}
287+
288+
group { 'foreman-proxy':
289+
ensure => present,
290+
system => true,
291+
}
292+
293+
class { 'certs::foreman_proxy':
294+
client_bundle_ensure => 'absent',
295+
}
296+
PUPPET
297+
end
298+
end
299+
300+
describe file('/etc/foreman-proxy/ssl_cert.pem') do
301+
it { should exist }
302+
end
303+
304+
describe file('/etc/foreman-proxy/ssl_key.pem') do
305+
it { should exist }
306+
end
307+
308+
describe file('/etc/foreman-proxy/ssl_ca.pem') do
309+
it { should exist }
310+
end
311+
312+
describe file('/etc/foreman-proxy/foreman_ssl_cert.pem') do
313+
it { should exist }
314+
end
315+
316+
describe file('/etc/foreman-proxy/foreman_ssl_key.pem') do
317+
it { should exist }
318+
end
319+
320+
describe file('/etc/foreman-proxy/foreman_ssl_ca.pem') do
321+
it { should exist }
322+
end
323+
324+
describe file("/etc/pki/katello/private/#{fqdn}/#{fqdn}-foreman-proxy-client-bundle.pem") do
325+
it { should_not exist }
326+
end
327+
end
275328
end

0 commit comments

Comments
 (0)