Add x509 class to manage x509 config

Add a new class magnum::x509 to manage x509 section of magnum config Change-Id: I7774507d112b1cf94e0240d78f67f7c186ef5b30
2022-09-14 00:14:34 +10:00 · 2022-09-14 00:14:34 +10:00 · 4f55ae389d
commit 4f55ae389d
parent ec182eb7c1
3 changed files with 99 additions and 0 deletions
--- a/manifests/x509.pp
+++ b/manifests/x509.pp
@ -0,0 +1,46 @@
+# == Class: magnum::x509
+#
+# Manages the magnum x509 config
+#
+# === Parameters:
+#
+# [*allow_ca*]
+#   (optional) Certificate can get the CA flag in x509 extensions.
+#   Defaults to $::os_service_default
+#
+# [*allowed_extensions*]
+#   (optional) List of allowed x509 extensions.
+#   Defaults to $::os_service_default
+#
+# [*allowed_key_usage*]
+#   (optional) List of allowed x509 key usage.
+#   Defaults to $::os_service_default
+#
+# [*term_of_validity*]
+#   (optional) Number of days for which a certificate is valid.
+#   Defaults to $::os_service_default
+#
+# [*rsa_key_size*]
+#   (optional) Size of generated private key.
+#   Defaults to $::os_service_default
+#
+class magnum::x509 (
+  $allow_ca           = $::os_service_default,
+  $allowed_extensions = $::os_service_default,
+  $allowed_key_usage  = $::os_service_default,
+  $term_of_validity   = $::os_service_default,
+  $rsa_key_size       = $::os_service_default,
+) {
+
+  include magnum::deps
+
+  magnum_config {
+    'x509/allow_ca':           value => $allow_ca;
+    'x509/allowed_extensions': value => join(any2array($allowed_extensions), ',');
+    'x509/allowed_key_usage':  value => join(any2array($allowed_key_usage), ',');
+    'x509/term_of_validity':   value => $term_of_validity;
+    'x509/rsa_key_size':       value => $rsa_key_size;
+  }
+
+}
+
--- a/releasenotes/notes/add-x509-9143664020ffef4c.yaml
+++ b/releasenotes/notes/add-x509-9143664020ffef4c.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    A new ``magnum::x509`` class has been added to manage the [x509] section of
+    magnum config.
--- a/spec/classes/magnum_x509_spec.rb
+++ b/spec/classes/magnum_x509_spec.rb
@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe 'magnum::x509' do
+
+  shared_examples 'magnum::x509' do
+
+    context 'with default parameters' do
+      let :params do
+        {}
+      end
+
+      it { is_expected.to contain_magnum_config('x509/allow_ca').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_magnum_config('x509/allowed_extensions').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_magnum_config('x509/allowed_key_usage').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_magnum_config('x509/term_of_validity').with_value('<SERVICE DEFAULT>') }
+      it { is_expected.to contain_magnum_config('x509/rsa_key_size').with_value('<SERVICE DEFAULT>') }
+    end
+
+    context 'with specific parameters' do
+      let :params do
+        { :allow_ca           => true,
+          :allowed_extensions => ['keyUsage', 'extendedKeyUsage'],
+          :allowed_key_usage  => ['Digital Signature', 'Non Repudiation'],
+          :term_of_validity   => 3650,
+          :rsa_key_size       => 4096,
+        }
+      end
+
+      it { is_expected.to contain_magnum_config('x509/allow_ca').with_value(true) }
+      it { is_expected.to contain_magnum_config('x509/allowed_extensions').with_value('keyUsage,extendedKeyUsage') }
+      it { is_expected.to contain_magnum_config('x509/allowed_key_usage').with_value('Digital Signature,Non Repudiation') }
+      it { is_expected.to contain_magnum_config('x509/term_of_validity').with_value(3650) }
+      it { is_expected.to contain_magnum_config('x509/rsa_key_size').with_value(4096) }
+    end
+  end
+
+  on_supported_os({
+    :supported_os   => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_configures 'magnum::x509'
+    end
+  end
+end