From 10484ac8a2ed6d0964191e02de844c4402a81721 Mon Sep 17 00:00:00 2001 From: Ryan Hall Date: Wed, 30 May 2018 12:12:13 -0400 Subject: [PATCH 1/2] update to add enable vs force-enable switch class param for rhel 6 and earlier versions --- README.md | 2 ++ manifests/update.pp | 27 ++++++++++++++++++++------- spec/classes/update_spec.rb | 18 ++++++++++++++++-- 3 files changed, 38 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 1885936..c3f8488 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ Optional parameters: module to manage other installed CA certificates. (defaults to true) * `ca_certs`: A hash of certificates you would like added. These may also be defined by declaring `ca_cert::ca` once for each certificate. + * `force_enable`: For RHEL 6 and earlier. When set to true, creates backups of the legacy config, removes it, + and creates symlinks to the new config. ### ca_cert::ca diff --git a/manifests/update.pp b/manifests/update.pp index 1566020..9568020 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -1,14 +1,27 @@ # Private class -class ca_cert::update { +class ca_cert::update ( + Boolean $force_enable = false, +) { include ::ca_cert::params if ($::osfamily == 'RedHat' and versioncmp($::operatingsystemrelease, '7') < 0) { - exec { 'enable_ca_trust': - command => 'update-ca-trust enable', - logoutput => 'on_failure', - path => ['/usr/sbin', '/usr/bin', '/bin'], - onlyif => 'update-ca-trust check | grep DISABLED', - before => Exec['ca_cert_update'], + if $force_enable { + exec { 'enable_ca_trust': + command => 'update-ca-trust force-enable', + logoutput => 'on_failure', + path => ['/usr/sbin', '/usr/bin', '/bin'], + onlyif => 'update-ca-trust check | grep DISABLED', + before => Exec['ca_cert_update'], + } + } + else { + exec { 'enable_ca_trust': + command => 'update-ca-trust enable', + logoutput => 'on_failure', + path => ['/usr/sbin', '/usr/bin', '/bin'], + onlyif => 'update-ca-trust check | grep DISABLED', + before => Exec['ca_cert_update'], + } } } diff --git a/spec/classes/update_spec.rb b/spec/classes/update_spec.rb index 06e681f..e272d63 100644 --- a/spec/classes/update_spec.rb +++ b/spec/classes/update_spec.rb @@ -21,8 +21,22 @@ if facts[:operatingsystemrelease] == '7.0' it { is_expected.not_to contain_exec('enable_ca_trust') } else - it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust enable') } - end + context "with force_enable set to true" do + let :params do + { + :force_enable => true + } + end + it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust force-enable') } + end + context "with force_enable set to false" do + let :params do + { + :force_enable => false + } + end + it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust enable') } + end it { is_expected.to contain_exec('ca_cert_update').with( :command => 'update-ca-trust extract', :refreshonly => true, From f1996a11cfe1156a1d4c44344267638984826452 Mon Sep 17 00:00:00 2001 From: Ryan Hall Date: Wed, 30 May 2018 13:25:29 -0400 Subject: [PATCH 2/2] add missing end on update_spec for travis ci --- spec/classes/update_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/classes/update_spec.rb b/spec/classes/update_spec.rb index e272d63..19c0300 100644 --- a/spec/classes/update_spec.rb +++ b/spec/classes/update_spec.rb @@ -37,6 +37,7 @@ end it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust enable') } end + end it { is_expected.to contain_exec('ca_cert_update').with( :command => 'update-ca-trust extract', :refreshonly => true,