Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove code for EoL suse versions #103

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,5 +80,4 @@ ca_cert::ca { 'GlobalSign-OrgSSL-Intermediate':

Supported Platforms
-------------------

This module has been tested on Ubuntu 14.04, Ubuntu 12.04, CentOS 6, SLES 11, SLES 12, OpenSuSE 13.1, OpenSuSE 13.2 and OpenSuSE 42.1 Leap.
This module has been tested on operating systems in [metadata.json](metadata.json)
17 changes: 1 addition & 16 deletions manifests/ca.pp
Original file line number Diff line number Diff line change
Expand Up @@ -46,30 +46,15 @@
fail('ca_text is required if source is set to text')
}

# Since Debian/Suse based OSes don't have explicit distrust directories
# Logic is Similar for Debian/SLES10/SLES11 - but breaking into if/elsif
# for clarity's sake as we need to change untrusted to absent and warn in the log
# Since Debian based OSes don't have explicit distrust directories
if $facts['os']['family'] == 'Debian' and $ensure == 'distrusted' {
warning("Cannot explicitly set CA distrust on ${facts['os']['name']}.")
warning("Ensuring that ${name} CA is absent from the trusted list.")
$adjusted_ensure = 'absent'
}
elsif ($facts['os']['family'] == 'Suse' and $facts['os']['release']['major'] =~ /(10|11)/) and $ensure == 'distrusted' {
warning("Cannot explicitly set CA distrust on ${facts['os']['name']} ${facts['os']['release']['major']}.")
warning("Ensuring that ${name} CA is absent from the trusted list.")
$adjusted_ensure = 'absent'
}
else {
$adjusted_ensure = $ensure
}
# Determine Full Resource Name
# Sles 10/11 Only Supports .pem files
# Other supported OS variants default to .crt
if ($facts['os']['family'] == 'Suse') and ($facts['os']['release']['major'] =~ /(10|11)/) {
if $source != 'text' and $source !~ /^.*\.pem$/ {
fail("${source} not proper format - SLES 10/11 CA Files must be in .pem format")
}
}

# Determine Full Resource Name
$resource_name = "${name}.${ca_cert::ca_file_extension}"
Expand Down
19 changes: 5 additions & 14 deletions manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,11 @@
$package_name = 'ca-certificates'
}
'Suse': {
if $facts['os']['release']['major'] =~ /(10|11)/ {
$trusted_cert_dir = '/etc/ssl/certs'
$distrusted_cert_dir = undef
$update_cmd = 'c_rehash'
$ca_file_extension = 'pem'
$package_name = 'openssl-certs'
}
elsif versioncmp($facts['os']['release']['major'], '12') >= 0 {
$trusted_cert_dir = '/etc/pki/trust/anchors'
$distrusted_cert_dir = '/etc/pki/trust/blacklist'
$update_cmd = 'update-ca-certificates'
$ca_file_extension = 'crt'
$package_name = 'ca-certificates'
}
$trusted_cert_dir = '/etc/pki/trust/anchors'
$distrusted_cert_dir = '/etc/pki/trust/blacklist'
$update_cmd = 'update-ca-certificates'
$ca_file_extension = 'crt'
$package_name = 'ca-certificates'
$cert_dir_group = 'root'
$cert_dir_mode = '0755'
$ca_file_group = 'root'
Expand Down
2 changes: 1 addition & 1 deletion spec/classes/params_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
end
end

%w[10 11 12].each do |osmajrel|
%w[12].each do |osmajrel|
context "On a Suse #{osmajrel} Operating System" do
let :facts do
{
Expand Down
91 changes: 0 additions & 91 deletions spec/defines/ca_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@
HTTP_URL = 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'.freeze
DEBIAN_CA_FILE = '/usr/local/share/ca-certificates/Globalsign_Org_Intermediate.crt'.freeze
REDHAT_CA_FILE = '/etc/pki/ca-trust/source/anchors/Globalsign_Org_Intermediate.crt'.freeze
SUSE_11_HTTP_URL = 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.pem'.freeze
SUSE_11_CA_FILE = '/etc/ssl/certs/Globalsign_Org_Intermediate.pem'.freeze
SUSE_12_CA_FILE = '/etc/pki/trust/anchors/Globalsign_Org_Intermediate.crt'.freeze
DISTRUSTED_SUSE_12_CA_FILE = '/etc/pki/trust/blacklist/Globalsign_Org_Intermediate.crt'.freeze
DISTRUSTED_REDHAT_CA_FILE = '/etc/pki/ca-trust/source/blacklist/Globalsign_Org_Intermediate.crt'.freeze
Expand Down Expand Up @@ -65,18 +63,6 @@
}
end

let :suse_11_facts do
{
os: {
family: 'Suse',
name: 'Suse',
release: {
major: '11',
},
},
}
end

let :suse_12_facts do
{
os: {
Expand Down Expand Up @@ -256,83 +242,6 @@
end
end

context 'On Suse 11 based systems' do
let(:facts) { suse_11_facts }
let(:params) do
{
source: SUSE_11_HTTP_URL,
}
end

it_behaves_like 'compiles and includes main and params classes' do
end

describe 'with a remote certificate' do
let :params do
{
source: SUSE_11_HTTP_URL,
}
end

it {
is_expected.to contain_archive(SUSE_11_CA_FILE).with(
'ensure' => 'present',
'source' => SUSE_11_HTTP_URL
)
}
end

describe 'with the certificate delivered as a string' do
let :params do
{
source: 'text',
ca_text: GLOBALSIGN_ORG_CA,
}
end

it {
is_expected.to contain_file('Globalsign_Org_Intermediate.pem').with(
'ensure' => 'file',
'content' => GLOBALSIGN_ORG_CA,
'path' => SUSE_11_CA_FILE
)
}
end

describe 'when removing the CA cert' do
let :params do
{
ensure: 'absent',
}
end

it {
is_expected.to contain_file(SUSE_11_CA_FILE).with(
'ensure' => 'absent'
)
}
end

describe 'when removing the CA cert' do
%w[absent distrusted].each do |suse_ensure|
let :params do
{
ensure: suse_ensure,
source: SUSE_11_HTTP_URL,
}
end

context "with ensure set to #{suse_ensure}" do
it {
is_expected.to contain_file(SUSE_11_CA_FILE).with(
'ensure' => 'absent'
)
}
end
end
end
end

context 'On Suse 12 based systems' do
let(:facts) { suse_12_facts }
let(:params) do
Expand Down