Skip to content

Commit

Permalink
Don't run enable_ca_trust on EL7
Browse files Browse the repository at this point in the history
`update-ca-trust` ignores all arguments on EL7 so `update-ca-trust
enable` and even `update-ca-trust check` (from the unless parameter)
actually perform an update.

Fixes #voxpupuliGH-38
  • Loading branch information
alexjfisher committed Mar 19, 2018
1 parent 3d0e5ff commit 9488fa7
Show file tree
Hide file tree
Showing 7 changed files with 55 additions and 88 deletions.
4 changes: 2 additions & 2 deletions .fixtures.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
fixtures:
repositories:
stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git"
remote_file: "git://github.com/lwf/puppet-remote_file.git"
stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git"
remote_file: "https://github.com/lwf/puppet-remote_file.git"
symlinks:
ca_cert: "#{source_dir}"
2 changes: 1 addition & 1 deletion manifests/update.pp
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class ca_cert::update {
include ::ca_cert::params

if $::osfamily == 'RedHat' {
if ($::osfamily == 'RedHat' and versioncmp($::operatingsystemrelease, '7') < 0) {
exec { 'enable_ca_trust':
command => 'update-ca-trust enable',
logoutput => 'on_failure',
Expand Down
23 changes: 10 additions & 13 deletions metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,24 @@
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"5.0",
"6.0",
"7.0"
"5",
"6",
"7"
]
},
{
"operatingsystem": "Suse",
"operatingsystem": "SLES",
"operatingsystemrelease": [
"10.0",
"11.0",
"12.0"
"10",
"11",
"12"
]
},
{
"operatingsystem": "OpenSuSE",
"operatingsystemrelease": [
"13.2",
"42.1"
"13",
"42"
]
},
{
Expand All @@ -41,10 +41,7 @@
]
},
{
"operatingsystem": "Archlinux",
"operatingsystemrelease": [
"4.x"
]
"operatingsystem": "Archlinux"
}
],
"requirements": [
Expand Down
1 change: 1 addition & 0 deletions spec/classes/ca_cert_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
let :facts do
{
:osfamily => 'RedHat',
:operatingsystemrelease => '7.0'
}
end

Expand Down
110 changes: 38 additions & 72 deletions spec/classes/update_spec.rb
Original file line number Diff line number Diff line change
@@ -1,81 +1,47 @@
require 'spec_helper'

describe 'ca_cert::update', :type => :class do

shared_examples 'compiles and includes params class' do
it { should compile }
it { should contain_class('ca_cert::params') }
end

context "on a Debian based OS" do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Ubuntu'
}
end

it_behaves_like 'compiles and includes params class' do
end
it { is_expected.not_to contain_exec('enable_ca_trust') }
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'update-ca-certificates',
:refreshonly => true,
)}

end
context "on a RedHat based OS" do
let :facts do
{
:osfamily => 'RedHat',
}
end

it_behaves_like 'compiles and includes params class' do
end
it { is_expected.to contain_exec('enable_ca_trust').with(
:command => 'update-ca-trust enable',
) }
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'update-ca-trust extract',
:refreshonly => true,
)}

end
['10','11'].each do |osmajrel|
context "on a Suse #{osmajrel} based OS" do
let :facts do
{
:osfamily => 'Suse',
:operatingsystemmajrelease => "#{osmajrel}",
}
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts
end

it_behaves_like 'compiles and includes params class' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ca_cert::params') }

case facts[:osfamily]
when 'Debian'
it { is_expected.not_to contain_exec('enable_ca_trust') }
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'update-ca-certificates',
:refreshonly => true,
)}
when 'RedHat'
if facts[:operatingsystemrelease] == '7.0'
it { is_expected.not_to contain_exec('enable_ca_trust') }
else
it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust enable') }
end
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'update-ca-trust extract',
:refreshonly => true,
)}
when 'Suse'
it { is_expected.not_to contain_exec('enable_ca_trust') }
case facts[:operatingsystemmajrelease]
when '10','11'
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'c_rehash',
:refreshonly => true,
)}
when '12','13','42'
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'update-ca-certificates',
:refreshonly => true,
)}
end
end
it { is_expected.not_to contain_exec('enable_ca_trust') }
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'c_rehash',
:refreshonly => true,
)}

end
end
context "on a Suse 12 based OS" do
let :facts do
{
:osfamily => 'Suse',
:operatingsystemmajrelease => '12',
}
end

it_behaves_like 'compiles and includes params class' do
end
it { is_expected.not_to contain_exec('enable_ca_trust') }
it { is_expected.to contain_exec('ca_cert_update').with(
:command => 'update-ca-certificates',
:refreshonly => true,
)}

end
end
1 change: 1 addition & 0 deletions spec/defines/ca_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
{
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '7.0'
}
end

Expand Down
2 changes: 2 additions & 0 deletions spec/spec_helper.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
require 'puppetlabs_spec_helper/module_spec_helper'
require 'rspec-puppet-facts'
include RspecPuppetFacts

RSpec.configure do |c|
c.before :each do
Expand Down

0 comments on commit 9488fa7

Please sign in to comment.