diff --git a/manifests/ca.pp b/manifests/ca.pp index 29a46d2f..c1d8a814 100644 --- a/manifests/ca.pp +++ b/manifests/ca.pp @@ -21,47 +21,38 @@ String $ca_key_password = $certs::ca_key_password, Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file, ) { + $default_ca_path = "${certs::ssl_build_dir}/${default_ca_name}.crt" $server_ca_path = "${certs::ssl_build_dir}/${server_ca_name}.crt" - file { $ca_key_password_file: - ensure => file, - content => $ca_key_password, - owner => 'root', - group => 'root', - mode => '0400', - show_diff => false, - } ~> - ca { $default_ca_name: - ensure => present, - common_name => $ca_common_name, - country => $country, - state => $state, - city => $city, - org => $org, - org_unit => $org_unit, - expiration => $ca_expiration, - generate => $generate, - password_file => $ca_key_password_file, - build_dir => $certs::ssl_build_dir, - } - if $generate { - if $certs::server_ca_cert { - file { $server_ca_path: - ensure => file, - source => $certs::server_ca_cert, - owner => 'root', - group => 'root', - mode => '0644', - } - } else { - file { $server_ca_path: - ensure => file, - source => "${certs::ssl_build_dir}/${default_ca_name}.crt", - owner => 'root', - group => 'root', - mode => '0644', - } + file { $ca_key_password_file: + ensure => file, + content => $ca_key_password, + owner => 'root', + group => 'root', + mode => '0400', + show_diff => false, + } ~> + ca { $default_ca_name: + ensure => present, + common_name => $ca_common_name, + country => $country, + state => $state, + city => $city, + org => $org, + org_unit => $org_unit, + expiration => $ca_expiration, + generate => $generate, + password_file => $ca_key_password_file, + build_dir => $certs::ssl_build_dir, + } + + file { $server_ca_path: + ensure => file, + source => pick($certs::server_ca_cert, $default_ca_path), + owner => 'root', + group => 'root', + mode => '0644', } file { "${certs::ssl_build_dir}/KATELLO-TRUSTED-SSL-CERT": @@ -69,12 +60,16 @@ target => $server_ca_path, require => File[$server_ca_path], } + + $default_ca = Ca[$default_ca_name] + } else { + $default_ca = undef } if $deploy { file { $certs::katello_default_ca_cert: ensure => file, - source => "${certs::ssl_build_dir}/${default_ca_name}.crt", + source => $default_ca_path, owner => 'root', group => 'root', mode => '0644', diff --git a/manifests/init.pp b/manifests/init.pp index a0d6015f..372dff1f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -123,5 +123,5 @@ Class['certs::config'] -> Class['certs::ca'] - $default_ca = Ca[$default_ca_name] + $default_ca = $certs::ca::default_ca } diff --git a/spec/acceptance/apache_spec.rb b/spec/acceptance/apache_spec.rb index a57e60e1..3b564441 100644 --- a/spec/acceptance/apache_spec.rb +++ b/spec/acceptance/apache_spec.rb @@ -52,12 +52,6 @@ context 'with server cert' do before(:context) do - ['crt', 'key'].each do |ext| - source_path = "fixtures/example.partial.solutions.#{ext}" - dest_path = "/server.#{ext}" - scp_to(hosts, source_path, dest_path) - end - # Force regen on hosts, "if [ -e /root/ssl-build/#{fact('fqdn')} ] ; then touch /root/ssl-build/#{fact('fqdn')}/#{fact('fqdn')}-apache.update ; fi" end @@ -134,12 +128,6 @@ class { 'certs::apache': context 'with custom certificates fresh' do before(:context) do - ['crt', 'key'].each do |ext| - source_path = "fixtures/example.partial.solutions.#{ext}" - dest_path = "/server.#{ext}" - scp_to(hosts, source_path, dest_path) - end - on hosts, 'rm -rf /root/ssl-build' end diff --git a/spec/acceptance/certs_spec.rb b/spec/acceptance/certs_spec.rb index a2e1533f..a56b126e 100644 --- a/spec/acceptance/certs_spec.rb +++ b/spec/acceptance/certs_spec.rb @@ -126,12 +126,6 @@ class { 'certs': end context 'with server CA cert' do - before(:context) do - source_path = "fixtures/example.partial.solutions-chain.pem" - dest_path = "/server-ca.crt" - scp_to(hosts, source_path, dest_path) - end - it_behaves_like 'an idempotent resource' do let(:manifest) do <<-PUPPET @@ -153,14 +147,6 @@ class { 'certs': end context 'with tar file' do - before(:context) do - ['crt', 'key'].each do |ext| - source_path = "fixtures/example.partial.solutions.#{ext}" - dest_path = "/server.#{ext}" - scp_to(hosts, source_path, dest_path) - end - end - context 'with default ca' do before(:context) do manifest = <<~PUPPET diff --git a/spec/acceptance/foreman_proxy_spec.rb b/spec/acceptance/foreman_proxy_spec.rb index 17d670e1..43d6ae0f 100644 --- a/spec/acceptance/foreman_proxy_spec.rb +++ b/spec/acceptance/foreman_proxy_spec.rb @@ -164,12 +164,6 @@ context 'with custom certificates fresh' do before(:context) do - ['crt', 'key'].each do |ext| - source_path = "fixtures/example.partial.solutions.#{ext}" - dest_path = "/server.#{ext}" - scp_to(hosts, source_path, dest_path) - end - on hosts, 'rm -rf /root/ssl-build' end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index bdf14c44..bbf9f196 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -12,6 +12,10 @@ # refresh check if cache needs refresh on next yum command on host, 'yum clean expire-cache' end + + scp_to(host, 'fixtures/example.partial.solutions.crt', '/server.crt') + scp_to(host, 'fixtures/example.partial.solutions.key', '/server.key') + scp_to(host, 'fixtures/example.partial.solutions-chain.pem', '/server-ca.crt') end Dir["./spec/support/acceptance/**/*.rb"].sort.each { |f| require f } diff --git a/spec/support/acceptance/fixtures.rb b/spec/support/acceptance/fixtures.rb new file mode 100644 index 00000000..e69de29b