From 083b731a773b3389205975a4951576242376c471 Mon Sep 17 00:00:00 2001 From: Phil Friderici Date: Tue, 22 Aug 2023 12:31:42 +0000 Subject: [PATCH] Move functionality of ca_cert::enable to ca_cert::update --- manifests/ca.pp | 1 - manifests/enable.pp | 23 -------------- manifests/update.pp | 20 +++++++++++- spec/classes/enable_spec.rb | 63 ------------------------------------- spec/classes/init_spec.rb | 3 +- spec/classes/update_spec.rb | 32 ++++++++++++++++++- spec/defines/ca_spec.rb | 1 - 7 files changed, 51 insertions(+), 92 deletions(-) delete mode 100644 manifests/enable.pp delete mode 100644 spec/classes/enable_spec.rb diff --git a/manifests/ca.pp b/manifests/ca.pp index bef5f5d..124bbb6 100644 --- a/manifests/ca.pp +++ b/manifests/ca.pp @@ -52,7 +52,6 @@ String[1] $ca_file_extension = lookup('ca_cert::ca::ca_file_extension'), ) { include ca_cert::update - require ca_cert::enable if ($ensure == 'trusted' or $ensure == 'distrusted') and $source == 'text' and !$ca_text { fail('ca_text is required if source is set to text') diff --git a/manifests/enable.pp b/manifests/enable.pp deleted file mode 100644 index b3d6742..0000000 --- a/manifests/enable.pp +++ /dev/null @@ -1,23 +0,0 @@ -# Private class -class ca_cert::enable { - include ca_cert - - if ($facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['full'], '7') < 0) { - if $ca_cert::force_enable { - exec { 'enable_ca_trust': - command => 'update-ca-trust force-enable', - logoutput => 'on_failure', - path => ['/usr/sbin', '/usr/bin', '/bin'], - onlyif => 'update-ca-trust check | grep DISABLED', - } - } - else { - exec { 'enable_ca_trust': - command => 'update-ca-trust enable', - logoutput => 'on_failure', - path => ['/usr/sbin', '/usr/bin', '/bin'], - onlyif => 'update-ca-trust check | grep DISABLED', - } - } - } -} diff --git a/manifests/update.pp b/manifests/update.pp index 56e539c..0201caa 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -1,7 +1,25 @@ # Private class class ca_cert::update { require ca_cert - require ca_cert::enable + + if ($facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['full'], '7') < 0) { + if $ca_cert::force_enable { + exec { 'enable_ca_trust': + command => 'update-ca-trust force-enable', + logoutput => 'on_failure', + path => ['/usr/sbin', '/usr/bin', '/bin'], + onlyif => 'update-ca-trust check | grep DISABLED', + } + } + else { + exec { 'enable_ca_trust': + command => 'update-ca-trust enable', + logoutput => 'on_failure', + path => ['/usr/sbin', '/usr/bin', '/bin'], + onlyif => 'update-ca-trust check | grep DISABLED', + } + } + } exec { 'ca_cert_update': command => $ca_cert::update_cmd, diff --git a/spec/classes/enable_spec.rb b/spec/classes/enable_spec.rb deleted file mode 100644 index 7837949..0000000 --- a/spec/classes/enable_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -require 'spec_helper' - -describe 'ca_cert::enable', type: :class do - on_supported_os.sort.each do |os, facts| - context "on #{os}" do - let(:facts) { facts } - - it { is_expected.to compile } - it { is_expected.to contain_class('ca_cert') } - - if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7 - it do - is_expected.to contain_exec('enable_ca_trust').only_with( - { - 'command' => 'update-ca-trust enable', - 'logoutput' => 'on_failure', - 'path' => ['/usr/sbin', '/usr/bin', '/bin'], - 'onlyif' => 'update-ca-trust check | grep DISABLED', - }, - ) - end - end - - # only here to reach 100% resource coverage - it { is_expected.to contain_ca_cert__ca('ca1') } - it { is_expected.to contain_ca_cert__ca('ca2') } - it { is_expected.to contain_class('ca_cert::update') } - it { is_expected.to contain_exec('ca_cert_update') } - it { is_expected.to contain_file('trusted_certs') } - if facts[:os]['family'] == 'Suse' && facts[:os]['release']['major'] =~ %r{(10|11)} || facts[:os]['family'] == 'Solaris' - it { is_expected.to contain_file('ca1.pem') } - it { is_expected.to contain_file('ca2.pem') } - else - it { is_expected.to contain_file('ca1.crt') } - it { is_expected.to contain_file('ca2.crt') } - end - if facts[:os]['family'] == 'Suse' && facts[:os]['release']['major'] =~ %r{(10|11)} - it { is_expected.to contain_package('openssl-certs') } - else - it { is_expected.to contain_package('ca-certificates') } - end - # /only here to reach 100% resource coverage - end - - context "on #{os} when ca_cert::force_enable is true" do - let(:facts) { facts } - let(:pre_condition) { 'class { ca_cert: force_enable => true }' } - - if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7 - it do - is_expected.to contain_exec('enable_ca_trust').only_with( - { - 'command' => 'update-ca-trust force-enable', - 'logoutput' => 'on_failure', - 'path' => ['/usr/sbin', '/usr/bin', '/bin'], - 'onlyif' => 'update-ca-trust check | grep DISABLED', - }, - ) - end - end - end - end -end diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 5302e9d..52a280b 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -38,7 +38,6 @@ it { is_expected.to compile } it { is_expected.to contain_class('ca_cert::update') } - it { is_expected.to contain_class('ca_cert::enable') } # only here to reach 100% resource coverage, sourced by ca_cert::update it do is_expected.to contain_file('trusted_certs').only_with( @@ -127,7 +126,7 @@ context 'with force_enable set to valid true' do let(:params) { { force_enable: true } } - it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust force-enable') } # from ca_cert::enable + it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust force-enable') } # from ca_cert::update end context 'with ca_certs set to valid hash' do diff --git a/spec/classes/update_spec.rb b/spec/classes/update_spec.rb index 452e82e..d8d3646 100644 --- a/spec/classes/update_spec.rb +++ b/spec/classes/update_spec.rb @@ -27,7 +27,6 @@ it { is_expected.to compile } it { is_expected.to contain_class('ca_cert') } - it { is_expected.to contain_class('ca_cert::enable') } # only here to reach 100% resource coverage it { is_expected.to contain_ca_cert__ca('ca1') } @@ -50,6 +49,19 @@ end # /only here to reach 100% resource coverage + if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7 + it do + is_expected.to contain_exec('enable_ca_trust').only_with( + { + 'command' => 'update-ca-trust enable', + 'logoutput' => 'on_failure', + 'path' => ['/usr/sbin', '/usr/bin', '/bin'], + 'onlyif' => 'update-ca-trust check | grep DISABLED', + }, + ) + end + end + it do is_expected.to contain_exec('ca_cert_update').only_with( { @@ -61,5 +73,23 @@ ) end end + + context "on #{os} when ca_cert::force_enable is true" do + let(:facts) { facts } + let(:pre_condition) { 'class { ca_cert: force_enable => true }' } + + if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7 + it do + is_expected.to contain_exec('enable_ca_trust').only_with( + { + 'command' => 'update-ca-trust force-enable', + 'logoutput' => 'on_failure', + 'path' => ['/usr/sbin', '/usr/bin', '/bin'], + 'onlyif' => 'update-ca-trust check | grep DISABLED', + }, + ) + end + end + end end end diff --git a/spec/defines/ca_spec.rb b/spec/defines/ca_spec.rb index ade40ee..5c5e233 100644 --- a/spec/defines/ca_spec.rb +++ b/spec/defines/ca_spec.rb @@ -52,7 +52,6 @@ it { is_expected.to compile } it { is_expected.to contain_class('ca_cert::update') } - it { is_expected.to contain_class('ca_cert::enable') } # only here to reach 100% resource coverage it { is_expected.to contain_ca_cert__ca('ca1') }