diff --git a/manifests/pki/cacert.pp b/manifests/pki/cacert.pp new file mode 100644 index 00000000..834b1d28 --- /dev/null +++ b/manifests/pki/cacert.pp @@ -0,0 +1,16 @@ +# == class: vswitch::pki::cacert +# +# Initialize CA authority +# +class vswitch::pki::cacert { + include vswitch::params + + exec { 'ovs-pki-init-ca-authority': + command => 'ovs-pki init --force', + creates => '/var/lib/openvswitch/pki/switchca', + path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'], + } + + Package<| title == $::vswitch::params::ovs_package_name |> + -> Exec['ovs-pki-init-ca-authority'] +} diff --git a/manifests/pki/cert.pp b/manifests/pki/cert.pp new file mode 100644 index 00000000..77fdafe7 --- /dev/null +++ b/manifests/pki/cert.pp @@ -0,0 +1,28 @@ +# == define: vswitch::pki::cert +# +# Generate certificate +# +# == Parameters: +# +# [*cert_dir*] +# (Optional) The directory in which the cert files are generated. +# Defaults to '/etc/openvswitch' +# +define vswitch::pki::cert( + $cert_dir = '/etc/openvswitch', +) { + include vswitch::params + + exec { "ovs-req-and-sign-cert-${name}": + command => "ovs-pki req+sign ${name}", + cwd => $cert_dir, + creates => "${cert_dir}/${name}-cert.pem", + path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'], + } + + Package<| title == $::vswitch::params::ovs_package_name |> + -> Exec["ovs-req-and-sign-cert-${name}"] + + Exec<| title == 'ovs-pki-init-ca-authority' |> + -> Exec["ovs-req-and-sign-cert-${name}"] +} diff --git a/releasenotes/notes/ovs-certs-260e0a49737f1887.yaml b/releasenotes/notes/ovs-certs-260e0a49737f1887.yaml new file mode 100644 index 00000000..69ca9b00 --- /dev/null +++ b/releasenotes/notes/ovs-certs-260e0a49737f1887.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Now this module supports managing a public key infrastructure used by + Open vSwitch. diff --git a/spec/classes/vswitch_pki_cacert_spec.rb b/spec/classes/vswitch_pki_cacert_spec.rb new file mode 100644 index 00000000..fac0d374 --- /dev/null +++ b/spec/classes/vswitch_pki_cacert_spec.rb @@ -0,0 +1,27 @@ +require 'spec_helper' + +describe 'vswitch::pki::cacert' do + + shared_examples_for 'vswitch::pki::cacert' do + it 'shoud initialize ca authority' do + is_expected.to contain_exec('ovs-pki-init-ca-authority').with( + :command => 'ovs-pki init --force', + :creates => '/var/lib/openvswitch/pki/switchca', + :path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'], + ) + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like "vswitch::pki::cacert" + end + end + +end diff --git a/spec/defines/vswitch_pki_cert_spec.rb b/spec/defines/vswitch_pki_cert_spec.rb new file mode 100644 index 00000000..948b70d6 --- /dev/null +++ b/spec/defines/vswitch_pki_cert_spec.rb @@ -0,0 +1,30 @@ +require 'spec_helper' + +describe 'vswitch::pki::cert' do + + let(:title) {'foo'} + + shared_examples_for 'vswitch::pki::cert' do + it 'shoud generate a certificate' do + is_expected.to contain_exec('ovs-req-and-sign-cert-foo').with( + :command => 'ovs-pki req+sign foo', + :cwd => '/etc/openvswitch', + :creates => '/etc/openvswitch/foo-cert.pem', + :path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'], + ) + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like "vswitch::pki::cert" + end + end + +end