puppet-tripleo/spec/classes/tripleo_certmonger_ca_local_spec.rb
Juan Antonio Osorio Robles 5d6201f9fc Explicitly set certmonger's CA cert's permissions
We were relying on the default permissions that were being set by the
command that extracts the certificate into a PEM file. This wasn't the
right approach, as it could be too restrictive in some setups.

Here, we explicitly tell puppet to set the appropriate permissions
instead.

Given this is a certificate file, and there's no private key involved,
we can set it as world readable (0644). As folks in the system need to
access the file.

Change-Id: I4b2cb1071e3fd5a1277d54b86822e8fef2df0d78
Closes-bug: #1788257
2019-01-17 08:10:38 +02:00

60 lines
1.5 KiB
Ruby

#
# Copyright (C) 2017 Red Hat Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for tripleo
#
require 'spec_helper'
describe 'tripleo::certmonger::ca::local' do
shared_examples_for 'tripleo::certmonger::ca::local' do
let :pre_condition do
"include ::certmonger"
end
let :params do
{
:ca_pem => '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem',
}
end
it 'should extract CA cert' do
is_expected.to contain_exec('extract-and-trust-ca').with(
:unless => "test -e #{params[:ca_pem]} && openssl x509 -checkend 0 -noout -in #{params[:ca_pem]}",
)
end
it 'set the correct permissions for the CA certificate file' do
is_expected.to contain_file(params[:ca_pem]).with(
:ensure => 'present',
:mode => '0644',
:owner => 'root'
)
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({})
end
it_behaves_like 'tripleo::certmonger::ca::local'
end
end
end