diff --git a/README.md b/README.md index 1885936..d24e2d1 100644 --- a/README.md +++ b/README.md @@ -80,5 +80,4 @@ ca_cert::ca { 'GlobalSign-OrgSSL-Intermediate': Supported Platforms ------------------- - -This module has been tested on Ubuntu 14.04, Ubuntu 12.04, CentOS 6, SLES 11, SLES 12, OpenSuSE 13.1, OpenSuSE 13.2 and OpenSuSE 42.1 Leap. +This module has been tested on operating systems in [metadata.json](metadata.json) diff --git a/manifests/ca.pp b/manifests/ca.pp index 2fbaa9a..edb544f 100644 --- a/manifests/ca.pp +++ b/manifests/ca.pp @@ -46,30 +46,15 @@ fail('ca_text is required if source is set to text') } - # Since Debian/Suse based OSes don't have explicit distrust directories - # Logic is Similar for Debian/SLES10/SLES11 - but breaking into if/elsif - # for clarity's sake as we need to change untrusted to absent and warn in the log + # Since Debian based OSes don't have explicit distrust directories if $facts['os']['family'] == 'Debian' and $ensure == 'distrusted' { warning("Cannot explicitly set CA distrust on ${facts['os']['name']}.") warning("Ensuring that ${name} CA is absent from the trusted list.") $adjusted_ensure = 'absent' } - elsif ($facts['os']['family'] == 'Suse' and $facts['os']['release']['major'] =~ /(10|11)/) and $ensure == 'distrusted' { - warning("Cannot explicitly set CA distrust on ${facts['os']['name']} ${facts['os']['release']['major']}.") - warning("Ensuring that ${name} CA is absent from the trusted list.") - $adjusted_ensure = 'absent' - } else { $adjusted_ensure = $ensure } - # Determine Full Resource Name - # Sles 10/11 Only Supports .pem files - # Other supported OS variants default to .crt - if ($facts['os']['family'] == 'Suse') and ($facts['os']['release']['major'] =~ /(10|11)/) { - if $source != 'text' and $source !~ /^.*\.pem$/ { - fail("${source} not proper format - SLES 10/11 CA Files must be in .pem format") - } - } # Determine Full Resource Name $resource_name = "${name}.${ca_cert::ca_file_extension}" diff --git a/manifests/params.pp b/manifests/params.pp index b1fe988..bb23f0d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -39,20 +39,11 @@ $package_name = 'ca-certificates' } 'Suse': { - if $facts['os']['release']['major'] =~ /(10|11)/ { - $trusted_cert_dir = '/etc/ssl/certs' - $distrusted_cert_dir = undef - $update_cmd = 'c_rehash' - $ca_file_extension = 'pem' - $package_name = 'openssl-certs' - } - elsif versioncmp($facts['os']['release']['major'], '12') >= 0 { - $trusted_cert_dir = '/etc/pki/trust/anchors' - $distrusted_cert_dir = '/etc/pki/trust/blacklist' - $update_cmd = 'update-ca-certificates' - $ca_file_extension = 'crt' - $package_name = 'ca-certificates' - } + $trusted_cert_dir = '/etc/pki/trust/anchors' + $distrusted_cert_dir = '/etc/pki/trust/blacklist' + $update_cmd = 'update-ca-certificates' + $ca_file_extension = 'crt' + $package_name = 'ca-certificates' $cert_dir_group = 'root' $cert_dir_mode = '0755' $ca_file_group = 'root' diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index fc077c5..580ad40 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -27,7 +27,7 @@ end end - %w[10 11 12].each do |osmajrel| + %w[12].each do |osmajrel| context "On a Suse #{osmajrel} Operating System" do let :facts do { diff --git a/spec/defines/ca_spec.rb b/spec/defines/ca_spec.rb index c6fce4d..efe68fa 100644 --- a/spec/defines/ca_spec.rb +++ b/spec/defines/ca_spec.rb @@ -4,8 +4,6 @@ HTTP_URL = 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'.freeze DEBIAN_CA_FILE = '/usr/local/share/ca-certificates/Globalsign_Org_Intermediate.crt'.freeze REDHAT_CA_FILE = '/etc/pki/ca-trust/source/anchors/Globalsign_Org_Intermediate.crt'.freeze - SUSE_11_HTTP_URL = 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.pem'.freeze - SUSE_11_CA_FILE = '/etc/ssl/certs/Globalsign_Org_Intermediate.pem'.freeze SUSE_12_CA_FILE = '/etc/pki/trust/anchors/Globalsign_Org_Intermediate.crt'.freeze DISTRUSTED_SUSE_12_CA_FILE = '/etc/pki/trust/blacklist/Globalsign_Org_Intermediate.crt'.freeze DISTRUSTED_REDHAT_CA_FILE = '/etc/pki/ca-trust/source/blacklist/Globalsign_Org_Intermediate.crt'.freeze @@ -65,18 +63,6 @@ } end - let :suse_11_facts do - { - os: { - family: 'Suse', - name: 'Suse', - release: { - major: '11', - }, - }, - } - end - let :suse_12_facts do { os: { @@ -256,83 +242,6 @@ end end - context 'On Suse 11 based systems' do - let(:facts) { suse_11_facts } - let(:params) do - { - source: SUSE_11_HTTP_URL, - } - end - - it_behaves_like 'compiles and includes main and params classes' do - end - - describe 'with a remote certificate' do - let :params do - { - source: SUSE_11_HTTP_URL, - } - end - - it { - is_expected.to contain_archive(SUSE_11_CA_FILE).with( - 'ensure' => 'present', - 'source' => SUSE_11_HTTP_URL - ) - } - end - - describe 'with the certificate delivered as a string' do - let :params do - { - source: 'text', - ca_text: GLOBALSIGN_ORG_CA, - } - end - - it { - is_expected.to contain_file('Globalsign_Org_Intermediate.pem').with( - 'ensure' => 'file', - 'content' => GLOBALSIGN_ORG_CA, - 'path' => SUSE_11_CA_FILE - ) - } - end - - describe 'when removing the CA cert' do - let :params do - { - ensure: 'absent', - } - end - - it { - is_expected.to contain_file(SUSE_11_CA_FILE).with( - 'ensure' => 'absent' - ) - } - end - - describe 'when removing the CA cert' do - %w[absent distrusted].each do |suse_ensure| - let :params do - { - ensure: suse_ensure, - source: SUSE_11_HTTP_URL, - } - end - - context "with ensure set to #{suse_ensure}" do - it { - is_expected.to contain_file(SUSE_11_CA_FILE).with( - 'ensure' => 'absent' - ) - } - end - end - end - end - context 'On Suse 12 based systems' do let(:facts) { suse_12_facts } let(:params) do