Merge pull request #98 from StatensPensjonskasse/remove-update-class

Remove ca_cert::update class
voxpupuli · May 14, 2024 · 110ab5e · 110ab5e
2 parents d947d87 + 3c5a6cc
commit 110ab5e
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 238 deletions.
diff --git a/manifests/ca.pp b/manifests/ca.pp
@@ -48,8 +48,8 @@
   Optional[String] $ca_file_group = undef,
   Optional[String] $ca_file_mode = undef,
 ) {
+  include ca_cert
   include ca_cert::params
-  include ca_cert::update
 
   if $ca_file_group == undef {
     $file_group = $ca_cert::params::ca_file_group
@@ -113,7 +113,7 @@
             owner  => 'root',
             group  => $file_group,
             mode   => $file_mode,
-            notify => Class['ca_cert::update'],
+            notify => Exec['ca_cert_update'],
           }
         }
         'ftp', 'https', 'http': {
@@ -123,7 +123,7 @@
             checksum       => $checksum,
             checksum_type  => $checksum_type,
             allow_insecure => !$verify_https_cert,
-            notify         => Class['ca_cert::update'],
+            notify         => Exec['ca_cert_update'],
           }
         }
         'file': {
@@ -135,7 +135,7 @@
             owner  => 'root',
             group  => $file_group,
             mode   => $file_mode,
-            notify => Class['ca_cert::update'],
+            notify => Exec['ca_cert_update'],
           }
         }
         'text': {
@@ -146,7 +146,7 @@
             owner   => 'root',
             group   => $file_group,
             mode    => $file_mode,
-            notify  => Class['ca_cert::update'],
+            notify  => Exec['ca_cert_update'],
           }
         }
         default: {
@@ -157,7 +157,7 @@
     'absent': {
       file { $ca_cert:
         ensure => absent,
-        notify => Class['ca_cert::update'],
+        notify => Exec['ca_cert_update'],
       }
     }
     default: {

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -47,15 +47,6 @@
   String  $package_ensure      = 'installed',
   String  $package_name        = $ca_cert::params::package_name,
 ) inherits ca_cert::params {
-  include ca_cert::params
-  include ca_cert::update
-
-  if $always_update_certs == true {
-    Exec <| title=='ca_cert_update' |> {
-      refreshonly => false,
-    }
-  }
-
   $trusted_cert_dir = $ca_cert::params::trusted_cert_dir
   $cert_dir_group   = $ca_cert::params::cert_dir_group
   $cert_dir_mode    = $ca_cert::params::cert_dir_mode
@@ -82,5 +73,12 @@
   if !empty($ca_certs) {
     create_resources('ca_cert::ca', $ca_certs)
   }
+
+  exec { 'ca_cert_update':
+    command     => $ca_cert::params::update_cmd,
+    logoutput   => 'on_failure',
+    refreshonly => !$always_update_certs,
+    path        => ['/usr/sbin', '/usr/bin', '/bin'],
+  }
 }
 # lint:endignore:variable_is_lowercase
diff --git a/manifests/update.pp b/manifests/update.pp
diff --git a/spec/classes/ca_cert_spec.rb b/spec/classes/ca_cert_spec.rb
@@ -1,184 +1,105 @@
 require 'spec_helper'
 
 describe 'ca_cert', type: :class do
-  shared_examples 'compiles and includes params class' do
-    it { is_expected.to compile }
-    it { is_expected.to contain_class('ca_cert::params') }
-    it { is_expected.to contain_ca_cert__ca('ca1') }
-    it { is_expected.to contain_ca_cert__ca('ca2') }
-  end
-
-  context 'on a Debian based OS' do
-    let :facts do
-      {
-        'os' => {
-          'family' => 'Debian',
-          'name'   => 'Ubuntu',
-        },
-      }
+  on_supported_os.each do |os, facts|
+    case facts[:os]['family']
+    when 'Debian'
+      trusted_cert_dir = '/usr/local/share/ca-certificates'
+      cert_dir_group   = 'staff'
+      cert_dir_mode = '2665' if facts[:os]['name'] == 'Debian'
+    when 'RedHat'
+      trusted_cert_dir = '/etc/pki/ca-trust/source/anchors'
+      update_cmd       = 'update-ca-trust extract'
+    when 'Archlinux'
+      trusted_cert_dir = '/etc/ca-certificates/trust-source/anchors/'
+      update_cmd       = 'trust extract-compat'
+    when 'Suse'
+      trusted_cert_dir = '/etc/pki/trust/anchors'
+      update_cmd       = 'update-ca-certificates'
     end
 
-    it_behaves_like 'compiles and includes params class' do
-    end
-    it { is_expected.to contain_package('ca-certificates') }
-
-    it {
-      is_expected.to contain_file('trusted_certs').with(
-        'ensure' => 'directory',
-        'path'   => '/usr/local/share/ca-certificates',
-        'group'  => 'staff',
-        'purge'  => 'false'
-      )
-    }
-
-    context 'with purge_unmanaged_CAs set to true' do
-      let :params do
-        {
-          purge_unmanaged_CAs: true,
-        }
-      end
+    cert_dir_group = 'root' if cert_dir_group.nil?
+    cert_dir_mode  = '0755' if cert_dir_mode.nil?
+    update_cmd     = 'update-ca-certificates' if update_cmd.nil?
+    package_name   = 'ca-certificates' if package_name.nil?
 
-      it {
-        is_expected.to contain_file('trusted_certs').with(
-          'ensure' => 'directory',
-          'path'   => '/usr/local/share/ca-certificates',
-          'group'  => 'staff',
-          'purge'  => 'true'
-        )
-      }
-    end
-  end
+    context "on #{os}" do
+      let(:facts) { facts }
 
-  context 'on a RedHat based OS' do
-    let :facts do
-      {
-        'os' => {
-          'family'  => 'RedHat',
-          'release' => {
-            'major' => '7',
-            'minor' => '0',
-            'full'  => '7.0',
-          },
-        },
-      }
-    end
+      it { is_expected.to compile }
+      it { is_expected.to contain_class('ca_cert::params') }
 
-    it_behaves_like 'compiles and includes params class' do
-    end
-    it { is_expected.to contain_package('ca-certificates') }
-
-    it {
-      is_expected.to contain_file('trusted_certs').with(
-        'ensure' => 'directory',
-        'path'   => '/etc/pki/ca-trust/source/anchors',
-        'group'  => 'root',
-        'purge'  => 'false'
-      )
-    }
-
-    context 'with purge_unmanaged_CAs set to true' do
-      let :params do
-        {
-          purge_unmanaged_CAs: true,
-        }
+      it do
+        is_expected.to contain_file('trusted_certs').only_with(
+          {
+            'ensure'  => 'directory',
+            'path'    => trusted_cert_dir,
+            'owner'   => 'root',
+            'group'   => cert_dir_group,
+            'mode'    => cert_dir_mode,
+            'purge'   => false,
+            'recurse' => false,
+            'notify'  => 'Exec[ca_cert_update]',
+          }
+        )
       end
 
-      it {
-        is_expected.to contain_file('trusted_certs').with(
-          'ensure' => 'directory',
-          'path'   => '/etc/pki/ca-trust/source/anchors',
-          'group'  => 'root',
-          'purge'  => 'true'
+      it do
+        is_expected.to contain_package(package_name).only_with(
+          {
+            'ensure' => 'installed',
+            'before' => ['Ca_cert::Ca[ca1]', 'Ca_cert::Ca[ca2]'],
+          }
         )
-      }
-    end
-  end
+      end
 
-  %w[10 11].each do |osmajrel|
-    context "on a Suse #{osmajrel} based OS" do
-      let :facts do
-        {
-          'os' => {
-            'family'  => 'Suse',
-            'release' => {
-              'major' => osmajrel.to_s,
-            },
-          },
-        }
+      it do
+        is_expected.to contain_exec('ca_cert_update').only_with(
+          {
+            'command'     => update_cmd,
+            'logoutput'   => 'on_failure',
+            'refreshonly' => true,
+            'path'        => ['/usr/sbin', '/usr/bin', '/bin'],
+          }
+        )
       end
 
-      it_behaves_like 'compiles and includes params class' do
+      it { is_expected.to contain_ca_cert__ca('ca1') } # from ./spec/fixtures/hiera
+      it { is_expected.to contain_ca_cert__ca('ca2') } # from ./spec/fixtures/hiera
+      it { is_expected.to contain_file('ca1.crt').with_source('puppet:///modules/ca_cert/ca1.pem') }
+      it { is_expected.to contain_file('ca2.crt').with_source('puppet:///modules/ca_cert/ca2.pem') }
+
+      context 'with always_update_certs set to true' do
+        let(:params) { { always_update_certs: true } }
+
+        it { is_expected.to contain_exec('ca_cert_update').with_refreshonly(false) }
       end
-      it { is_expected.to contain_package('openssl-certs') }
-
-      it {
-        is_expected.to contain_file('trusted_certs').with(
-          'ensure' => 'directory',
-          'path'   => '/etc/ssl/certs',
-          'group'  => 'root',
-          'purge'  => 'false'
-        )
-      }
 
       context 'with purge_unmanaged_CAs set to true' do
-        let :params do
-          {
-            purge_unmanaged_CAs: true,
-          }
-        end
-
-        it {
-          is_expected.to contain_file('trusted_certs').with(
-            'ensure' => 'directory',
-            'path'   => '/etc/ssl/certs',
-            'group'  => 'root',
-            'purge'  => 'true'
-          )
-        }
+        let(:params) { { purge_unmanaged_CAs: true } }
+
+        it { is_expected.to contain_file('trusted_certs').with_purge(true) }
+        it { is_expected.to contain_file('trusted_certs').with_recurse(true) }
       end
-    end
-  end
 
-  context 'on a Suse 12 based OS' do
-    let :facts do
-      {
-        'os' => {
-          'family'  => 'Suse',
-          'release' => {
-            'major' => '12',
-          },
-        },
-      }
-    end
+      context 'with install_package set to false' do
+        let(:params) { { install_package: false } }
 
-    it_behaves_like 'compiles and includes params class' do
-    end
-    it { is_expected.to contain_package('ca-certificates') }
-
-    it {
-      is_expected.to contain_file('trusted_certs').with(
-        'ensure' => 'directory',
-        'path'   => '/etc/pki/trust/anchors',
-        'group'  => 'root',
-        'purge'  => 'false'
-      )
-    }
-
-    context 'with purge_unmanaged_CAs set to true' do
-      let :params do
-        {
-          purge_unmanaged_CAs: true,
-        }
+        it { is_expected.not_to contain_package(package_name) }
+        it { is_expected.to have_package_resource_count(0) }
       end
 
-      it {
-        is_expected.to contain_file('trusted_certs').with(
-          'ensure' => 'directory',
-          'path'   => '/etc/pki/trust/anchors',
-          'group'  => 'root',
-          'purge'  => 'true'
-        )
-      }
+      context 'with package_ensure set to absent' do
+        let(:params) { { package_ensure: 'absent' } }
+
+        it { is_expected.to contain_package(package_name).with_ensure('absent') }
+      end
+
+      context 'with package_name set to testing' do
+        let(:params) { { package_name: 'testing' } }
+
+        it { is_expected.to contain_package('testing') }
+      end
     end
   end