diff --git a/lib/puppet_x/certs/common.rb b/lib/puppet_x/certs/common.rb index 10f508f4..323b4c10 100644 --- a/lib/puppet_x/certs/common.rb +++ b/lib/puppet_x/certs/common.rb @@ -51,16 +51,20 @@ module Common validate do |value| ca_resource = resource.catalog.resource(value.to_s) - if ca_resource && ca_resource.class.to_s != 'Puppet::Type::Ca' - raise ArgumentError, "Expected Ca resource, got #{ca_resource.class} #{ca_resource.inspect}" + if ca_resource + # rspec-puppet presents Puppet::Resource instances + resource_type = ca_resource.is_a?(Puppet::Resource) ? ca_resource.resource_type.to_s : ca_resource.class.to_s + if resource_type != 'Puppet::Type::Ca' + raise ArgumentError, "Expected Ca resource, got #{ca_resource.class} #{ca_resource.inspect}" + end + else + raise ArgumentError, "Ca #{value} not found in catalog" end end end autorequire(:ca) do - if @parameters.has_key?(:ca) - catalog.resource(@parameters[:ca].value.to_s).to_hash[:name] - end + [self[:ca]&.title].compact end autorequire(:file) do @@ -90,32 +94,27 @@ module Common param_resource = resource.catalog.resource(value.to_s) if param_resource - param_resource_type = if param_resource.is_a?(Puppet::Resource) - param_resource.resource_type - else - param_resource.to_resource.resource_type - end - - unless ['Puppet::Type::Ca', 'Puppet::Type::Cert'].include?(param_resource_type.to_s) - raise ArgumentError, "Expected Ca or Cert resource, got #{param_resource_type} #{param_resource.inspect}" + # rspec-puppet presents Puppet::Resource instances + resource_type = param_resource.is_a?(Puppet::Resource) ? param_resource.resource_type : param_resource.class + unless ['Puppet::Type::Ca', 'Puppet::Type::Cert'].include?(resource_type.to_s) + raise ArgumentError, "Expected Ca or Cert resource, got #{resource_type} #{param_resource.inspect}" end + else + raise ArgumentError, "Key_pair #{value} not found in catalog" end end end - define_method(:autorequire_cert) do |type| - if @parameters.has_key?(:key_pair) - key_pair = catalog.resource(@parameters[:key_pair].value.to_s) - key_pair.to_hash[:name] if key_pair && key_pair.type == type - end - end - autorequire(:cert) do - autorequire_cert('Cert') + req = [] + req << self[:key_pair].title if self[:key_pair].type == 'Cert' + req end autorequire(:ca) do - autorequire_cert('Ca') + req = [] + req << self[:key_pair].title if self[:key_pair].type == 'Ca' + req end # Autorequire the nearest ancestor directory found in the catalog. diff --git a/spec/classes/certs_candlepin_spec.rb b/spec/classes/certs_candlepin_spec.rb index 661bc7e4..a1805ec6 100644 --- a/spec/classes/certs_candlepin_spec.rb +++ b/spec/classes/certs_candlepin_spec.rb @@ -8,7 +8,34 @@ end describe 'with default parameters' do - it { should compile.with_all_deps } + it { is_expected.to compile.with_all_deps } + + it { is_expected.to contain_certs__keypair('candlepin-ca') } + it { is_expected.to contain_pubkey('/etc/candlepin/certs/candlepin-ca.crt').that_comes_before('File[/etc/candlepin/certs/candlepin-ca.crt]') } + it { is_expected.to contain_file('/etc/candlepin/certs/candlepin-ca.crt') } + it { is_expected.to contain_privkey('/etc/candlepin/certs/candlepin-ca.key').that_comes_before('File[/etc/candlepin/certs/candlepin-ca.key]') } + it { is_expected.to contain_file('/etc/candlepin/certs/candlepin-ca.key') } + + it { is_expected.to contain_certs__keypair('tomcat') } + it { is_expected.to contain_cert('foo.example.com-tomcat').with_ca('Ca[katello-default-ca]') } + it { is_expected.to contain_privkey('/etc/pki/katello/private/katello-tomcat.key') } + it { is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-tomcat.crt') } + + it { is_expected.to contain_certs__keypair('candlepin') } + it { is_expected.to contain_cert('java-client').with_ca('Ca[katello-default-ca]') } + it { is_expected.to contain_pubkey('/etc/pki/katello/certs/java-client.crt').that_comes_before('File[/etc/pki/katello/certs/java-client.crt]') } + it { is_expected.to contain_file('/etc/pki/katello/certs/java-client.crt') } + it { is_expected.to contain_privkey('/etc/pki/katello/private/java-client.key').that_comes_before('File[/etc/pki/katello/private/java-client.key]') } + it { is_expected.to contain_file('/etc/pki/katello/private/java-client.key') } + + it { is_expected.to contain_file('/etc/candlepin/certs/keystore') } + it { is_expected.to contain_file('/etc/pki/katello/keystore_password-file') } + it { is_expected.to contain_exec('candlepin-generate-ssl-keystore').that_notifies('File[/etc/candlepin/certs/keystore]') } + + it { is_expected.to contain_file('/etc/candlepin/certs/truststore') } + it { is_expected.to contain_file('/etc/pki/katello/truststore_password-file') } + it { is_expected.to contain_exec('Create Candlepin truststore with CA').that_notifies('File[/etc/candlepin/certs/truststore]') } + it { is_expected.to contain_exec('import client certificate into Candlepin truststore').that_subscribes_to('File[/etc/candlepin/certs/truststore]') } end end end diff --git a/spec/classes/certs_spec.rb b/spec/classes/certs_spec.rb index 13d30315..61f63cbd 100644 --- a/spec/classes/certs_spec.rb +++ b/spec/classes/certs_spec.rb @@ -7,8 +7,74 @@ os_facts end - it { should contain_class('certs::install') } - it { should contain_class('certs::config') } + context 'with default parameters' do + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('certs') } + it { is_expected.to contain_class('certs::params') } + + # Install + it { is_expected.to contain_class('certs::install') } + it { is_expected.to contain_package('katello-certs-tools') } + + # Config + it { is_expected.to contain_class('certs::config').that_requires('Class[certs::install]') } + it { is_expected.to contain_file('/etc/pki/katello').with_mode('0755').with_owner('root').with_group('root') } + it { is_expected.to contain_file('/etc/pki/katello/certs').with_mode('0755').with_owner('root').with_group('root') } + it { is_expected.to contain_file('/etc/pki/katello/private').with_mode('0750').with_owner('root').with_group('root') } + + # CA verification + it { is_expected.to contain_class('certs::ca').that_requires('Class[certs::config]') } + + it { is_expected.to contain_file('/etc/pki/katello/private/katello-default-ca.pwd') } + it do + is_expected.to contain_ca('katello-default-ca') + .with_common_name('foo.example.com') + .with_country('US') + .with_state('North Carolina') + .with_city('Raleigh') + .with_org('Katello') + .with_org_unit('SomeOrgUnit') + .with_expiration('36500') + .with_generate(true) + .with_deploy(true) + .that_requires('File[/etc/pki/katello/private/katello-default-ca.pwd]') + end + + it do + is_expected.to contain_privkey('/etc/pki/katello/private/katello-default-ca.key') + .that_requires(['Ca[katello-default-ca]', 'File[/etc/pki/katello/private/katello-default-ca.pwd]']) + end + + it do + is_expected.to contain_file('/etc/pki/katello/private/katello-default-ca.key') + .that_requires('Ca[katello-default-ca]') + .that_subscribes_to('Privkey[/etc/pki/katello/private/katello-default-ca.key]') + end + + it do + is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-default-ca-stripped.crt') + .that_requires('Ca[katello-default-ca]') + end + + it { is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-default-ca.crt').that_subscribes_to('Ca[katello-default-ca]') } + it do + is_expected.to contain_file('/etc/pki/katello/certs/katello-default-ca.crt') + .that_requires('Ca[katello-default-ca]') + .that_subscribes_to('Pubkey[/etc/pki/katello/certs/katello-default-ca.crt]') + end + + it do + is_expected.to contain_ca('katello-server-ca') + .with_ca('Ca[katello-default-ca]') + .that_requires('Ca[katello-default-ca]') + end + it { is_expected.to contain_file('/root/ssl-build/KATELLO-TRUSTED-SSL-CERT').that_requires('Ca[katello-server-ca]') } + it { is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-server-ca.crt') } + it do + is_expected.to contain_file('/etc/pki/katello/certs/katello-server-ca.crt') + .that_subscribes_to(['Ca[katello-server-ca]', 'Pubkey[/etc/pki/katello/certs/katello-server-ca.crt]']) + end + end end end end