Move functionality of ca_cert::enable to ca_cert::update

manifests/ca.pp

@@ -52,7 +52,6 @@
   String[1] $ca_file_extension       = lookup('ca_cert::ca::ca_file_extension'),
 ) {
   include ca_cert::update
-  require ca_cert::enable
 
   if ($ensure == 'trusted' or $ensure == 'distrusted') and $source == 'text' and !$ca_text {
     fail('ca_text is required if source is set to text')

manifests/update.pp

@@ -1,7 +1,25 @@
 # Private class
 class ca_cert::update {
   require ca_cert
-  require ca_cert::enable
+
+  if ($facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['full'], '7') < 0) {
+    if $ca_cert::force_enable {
+      exec { 'enable_ca_trust':
+        command   => 'update-ca-trust force-enable',
+        logoutput => 'on_failure',
+        path      => ['/usr/sbin', '/usr/bin', '/bin'],
+        onlyif    => 'update-ca-trust check | grep DISABLED',
+      }
+    }
+    else {
+      exec { 'enable_ca_trust':
+        command   => 'update-ca-trust enable',
+        logoutput => 'on_failure',
+        path      => ['/usr/sbin', '/usr/bin', '/bin'],
+        onlyif    => 'update-ca-trust check | grep DISABLED',
+      }
+    }
+  }
 
   exec { 'ca_cert_update':
     command     => $ca_cert::update_cmd,

spec/classes/init_spec.rb

@@ -38,7 +38,6 @@
 
       it { is_expected.to compile }
       it { is_expected.to contain_class('ca_cert::update') }
-      it { is_expected.to contain_class('ca_cert::enable') } # only here to reach 100% resource coverage, sourced by ca_cert::update
 
       it do
         is_expected.to contain_file('trusted_certs').only_with(
@@ -127,7 +126,7 @@
       context 'with force_enable set to valid true' do
         let(:params) { { force_enable: true } }
 
-        it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust force-enable') } # from ca_cert::enable
+        it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust force-enable') } # from ca_cert::update
       end
 
       context 'with ca_certs set to valid hash' do

spec/classes/update_spec.rb

@@ -27,7 +27,6 @@
 
       it { is_expected.to compile }
       it { is_expected.to contain_class('ca_cert') }
-      it { is_expected.to contain_class('ca_cert::enable') }
 
       # only here to reach 100% resource coverage
       it { is_expected.to contain_ca_cert__ca('ca1') }
@@ -50,6 +49,19 @@
       end
       # /only here to reach 100% resource coverage
 
+      if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7
+        it do
+          is_expected.to contain_exec('enable_ca_trust').only_with(
+            {
+              'command'   => 'update-ca-trust enable',
+              'logoutput' => 'on_failure',
+              'path'      => ['/usr/sbin', '/usr/bin', '/bin'],
+              'onlyif'    => 'update-ca-trust check | grep DISABLED',
+            },
+          )
+        end
+      end
+
       it do
         is_expected.to contain_exec('ca_cert_update').only_with(
           {
@@ -61,5 +73,23 @@
         )
       end
     end
+
+    context "on #{os} when ca_cert::force_enable is true" do
+      let(:facts) { facts }
+      let(:pre_condition) { 'class { ca_cert: force_enable => true }' }
+
+      if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7
+        it do
+          is_expected.to contain_exec('enable_ca_trust').only_with(
+            {
+              'command'   => 'update-ca-trust force-enable',
+              'logoutput' => 'on_failure',
+              'path'      => ['/usr/sbin', '/usr/bin', '/bin'],
+              'onlyif'    => 'update-ca-trust check | grep DISABLED',
+            },
+          )
+        end
+      end
+    end
   end
 end

spec/defines/ca_spec.rb

@@ -52,7 +52,6 @@
 
         it { is_expected.to compile }
         it { is_expected.to contain_class('ca_cert::update') }
-        it { is_expected.to contain_class('ca_cert::enable') }
 
         # only here to reach 100% resource coverage
         it { is_expected.to contain_ca_cert__ca('ca1') }