a4ae09d169
This adds a conditional that extracts certmonger's local CA if the certificate doesn't exist or if it has expired already. This adds the ability for the deployer to fix the undercloud installation with the undercloud install command itself if expiration of the CA cert happens. Change-Id: I61577be2434d7321dd462902d386c6911c2c4f57 Closes-Bug: #1753948
52 lines
1.3 KiB
Ruby
52 lines
1.3 KiB
Ruby
#
|
|
# Copyright (C) 2017 Red Hat Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# Unit tests for tripleo
|
|
#
|
|
|
|
require 'spec_helper'
|
|
|
|
describe 'tripleo::certmonger::ca::local' do
|
|
|
|
shared_examples_for 'tripleo::certmonger::ca::local' do
|
|
|
|
let :pre_condition do
|
|
"include ::certmonger"
|
|
end
|
|
|
|
let :params do
|
|
{
|
|
:ca_pem => '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem',
|
|
}
|
|
end
|
|
|
|
it 'should extract CA cert' do
|
|
is_expected.to contain_exec('extract-and-trust-ca').with(
|
|
:unless => "test -e #{params[:ca_pem]} && openssl x509 -checkend 0 -noout -in #{params[:ca_pem]}",
|
|
)
|
|
end
|
|
end
|
|
|
|
on_supported_os.each do |os, facts|
|
|
context "on #{os}" do
|
|
let(:facts) do
|
|
facts.merge({})
|
|
end
|
|
|
|
it_behaves_like 'tripleo::certmonger::ca::local'
|
|
end
|
|
end
|
|
end
|