openstack/puppet-tripleo
Code Issues Proposed changes
puppet-tripleo/spec/classes/tripleo_certmonger_ca_crl_spec.rb
Juan Antonio Osorio Robles 5d60472d78 Use exec for CA CRL instead of file resource 
This is because the file resource doesn't properly handle query
parameters in URLs. So we are forced to use an exec resource here. It's
fine if we always trigger the CRL downloading, as that's a file that
gets udpated often.

Also ensure we get proper escaped source/destination for the download.

Co-Authored-By: Cédric Jeanneret <cjeanner@redhat.com>
Change-Id: I15ad3ab0cd129a8e1b9261341c0510265bda8016
Closes-Bug: #1787878
2018-08-21 11:33:52 +00:00

117 lines
3.6 KiB
Ruby
Raw Blame History

#
# Copyright (C) 2017 Red Hat Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for tripleo
#
require 'spec_helper'
describe 'tripleo::certmonger::ca::crl' do
shared_examples_for 'tripleo::certmonger::ca::crl' do
context 'with default parameters (no crl_source)' do
it 'should ensure no CRL nor cron job are present' do
is_expected.not_to contain_exec('tripleo-ca-crl')
is_expected.to contain_cron('tripleo-refresh-crl-file').with(
:ensure => 'absent'
)
end
end
context 'with defined CRL source' do
let :params do
{
:crl_dest => '/etc/pki/CA/crl/overcloud-crl.pem',
:crl_preprocessed => '/etc/pki/CA/crl/overcloud-crl.bin',
:crl_source => 'file://tmp/some/crl.bin',
}
end
let :process_cmd do
"openssl crl -in #{params[:crl_preprocessed]} -inform DER -outform PEM -out #{params[:crl_dest]}"
end
let :cron_cmd do
"curl -g -s -L -o #{params[:crl_preprocessed]} #{params[:crl_source]} && #{process_cmd}"
end
it 'should create and process CRL file' do
is_expected.to contain_exec('tripleo-ca-crl').with(
:command => "curl -Ls --connect-timeout 120 -o #{params[:crl_preprocessed]} #{params[:crl_source]}",
:tries => 5,
:try_sleep => 5
)
is_expected.to contain_file('tripleo-ca-crl-file').with(
:group => 'root',
:mode => '0644',
:owner => 'root',
:path => "#{params[:crl_preprocessed]}"
)
is_expected.to contain_exec('tripleo-ca-crl-process-command').with(
:command => process_cmd
)
is_expected.to contain_cron('tripleo-refresh-crl-file').with(
:ensure => 'present',
:command => cron_cmd
)
end
end
context 'with defined CRL source and no processing' do
let :params do
{
:crl_dest => '/etc/pki/CA/crl/overcloud-crl.pem',
:crl_source => 'file://tmp/some/crl.pem',
:process => false
}
end
let :cron_cmd do
"curl -g -s -L -o #{params[:crl_dest]} #{params[:crl_source]}"
end
it 'should create and process CRL file' do
is_expected.to contain_exec('tripleo-ca-crl').with(
:command => "curl -Ls --connect-timeout 120 -o #{params[:crl_dest]} #{params[:crl_source]}",
:tries => 5,
:try_sleep => 5
)
is_expected.to contain_file('tripleo-ca-crl-file').with(
:group => 'root',
:mode => '0644',
:owner => 'root',
:path => "#{params[:crl_dest]}"
)
is_expected.to_not contain_exec('tripleo-ca-crl-process-command')
is_expected.to contain_cron('tripleo-refresh-crl-file').with(
:ensure => 'present',
:command => cron_cmd
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({})
end
it_behaves_like 'tripleo::certmonger::ca::crl'
end
end
end
View Git Blame Copy Permalink