Skip to content

Commit

Permalink
Add tests for a content proxies with a tar file
Browse files Browse the repository at this point in the history
This simulates the case where a tarball is created and then transfered
to another host.
  • Loading branch information
ekohl committed Sep 12, 2024
1 parent 413a41c commit 57eabc3
Showing 1 changed file with 105 additions and 0 deletions.
105 changes: 105 additions & 0 deletions spec/acceptance/certs_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -145,4 +145,109 @@ class { 'certs':
its(:keylength) { should be >= 2048 }
end
end

context 'with tar file' do
context 'with default ca' do
before(:context) do
manifest = <<~PUPPET
class { 'certs':
server_cert => '/server.crt',
server_key => '/server.key',
server_ca_cert => '/server-ca.crt',
generate => true,
deploy => false,
}
class { 'certs::foreman_proxy_content':
foreman_proxy_fqdn => 'foreman-proxy.example.com',
certs_tar => '/root/foreman-proxy.example.com.tar.gz',
}
PUPPET

apply_manifest(manifest, catch_failures: true)

on default, 'rm -rf /root/ssl-build'
end

it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'certs':
tar_file => '/root/foreman-proxy.example.com.tar.gz',
}
PUPPET
end
end

describe 'default and server ca certs match' do
it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) }
end

describe x509_certificate('/etc/pki/katello/certs/katello-default-ca.crt') do
it { should be_certificate }
it { should be_valid }
it { should have_purpose 'SSL server CA' }
its(:issuer) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
its(:subject) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
its(:keylength) { should be >= 4096 }
end
end

context 'with custom certificates' do
before(:context) do
manifest = <<~PUPPET
class { 'certs':
server_cert => '/server.crt',
server_key => '/server.key',
server_ca_cert => '/server-ca.crt',
generate => true,
deploy => false,
}
class { 'certs::foreman_proxy_content':
foreman_proxy_fqdn => 'foreman-proxy.example.com',
certs_tar => '/root/foreman-proxy.example.com.tar.gz',
}
PUPPET

apply_manifest(manifest, catch_failures: true)

on default, 'rm -rf /root/ssl-build'
end

it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'certs':
tar_file => '/root/foreman-proxy.example.com.tar.gz',
}
PUPPET
end
end

describe 'default and server ca certs match' do
it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).not_to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) }

Check failure on line 229 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9

certs with tar file with custom certificates default and server ca certs match is expected not to eq "-----BEGIN CERTIFICATE-----\nMIIHATCCBOmgAwIBAgIUBumIOW68CmOuxmLZ3aGbdEsiT/4wDQYJKoZIhvcNAQEL\nBQAwg...b8ee5/JQ2VDI7Og+4u+3Q4NJcHMIhz/1EX5yIg0/\nels2VggW7sL5pQLvBo5A6VYtg6H1\n-----END CERTIFICATE-----\n" Failure/Error: it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).not_to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) } expected: value != "-----BEGIN CERTIFICATE-----\nMIIHATCCBOmgAwIBAgIUBumIOW68CmOuxmLZ3aGbdEsiT/4wDQYJKoZIhvcNAQEL\nBQAwg...b8ee5/JQ2VDI7Og+4u+3Q4NJcHMIhz/1EX5yIg0/\nels2VggW7sL5pQLvBo5A6VYtg6H1\n-----END CERTIFICATE-----\n" got: "-----BEGIN CERTIFICATE-----\nMIIHATCCBOmgAwIBAgIUBumIOW68CmOuxmLZ3aGbdEsiT/4wDQYJKoZIhvcNAQEL\nBQAwg...b8ee5/JQ2VDI7Og+4u+3Q4NJcHMIhz/1EX5yIg0/\nels2VggW7sL5pQLvBo5A6VYtg6H1\n-----END CERTIFICATE-----\n" (compared using ==)

Check failure on line 229 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9

certs with tar file with custom certificates default and server ca certs match is expected not to eq "-----BEGIN CERTIFICATE-----\nMIIHATCCBOmgAwIBAgIUBJ8Zeqs/SGc9y6dfjA6ju9GU1OswDQYJKoZIhvcNAQEL\nBQAwg...RfV9qWBEsPvlU2skl2AWLiLhdUK/kBBtlU80cKzn\nLcJ0R0Ux5aJ1w094qmTSANhJzocu\n-----END CERTIFICATE-----\n" Failure/Error: it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).not_to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) } expected: value != "-----BEGIN CERTIFICATE-----\nMIIHATCCBOmgAwIBAgIUBJ8Zeqs/SGc9y6dfjA6ju9GU1OswDQYJKoZIhvcNAQEL\nBQAwg...RfV9qWBEsPvlU2skl2AWLiLhdUK/kBBtlU80cKzn\nLcJ0R0Ux5aJ1w094qmTSANhJzocu\n-----END CERTIFICATE-----\n" got: "-----BEGIN CERTIFICATE-----\nMIIHATCCBOmgAwIBAgIUBJ8Zeqs/SGc9y6dfjA6ju9GU1OswDQYJKoZIhvcNAQEL\nBQAwg...RfV9qWBEsPvlU2skl2AWLiLhdUK/kBBtlU80cKzn\nLcJ0R0Ux5aJ1w094qmTSANhJzocu\n-----END CERTIFICATE-----\n" (compared using ==)

Check failure on line 229 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8

certs with tar file with custom certificates default and server ca certs match is expected not to eq "-----BEGIN CERTIFICATE-----\nMIIHIDCCBQigAwIBAgIUZG2YWz360JERHWTOWVMhySBWAg0wDQYJKoZIhvcNAQEL\nBQAwg...Hm/eGea/O7jV3WtyzpioWfiDJod+XTGHlCpk6tx4qeUpgiDA3/5WqATPQvBg\nc4TJ1A==\n-----END CERTIFICATE-----\n" Failure/Error: it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).not_to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) } expected: value != "-----BEGIN CERTIFICATE-----\nMIIHIDCCBQigAwIBAgIUZG2YWz360JERHWTOWVMhySBWAg0wDQYJKoZIhvcNAQEL\nBQAwg...Hm/eGea/O7jV3WtyzpioWfiDJod+XTGHlCpk6tx4qeUpgiDA3/5WqATPQvBg\nc4TJ1A==\n-----END CERTIFICATE-----\n" got: "-----BEGIN CERTIFICATE-----\nMIIHIDCCBQigAwIBAgIUZG2YWz360JERHWTOWVMhySBWAg0wDQYJKoZIhvcNAQEL\nBQAwg...Hm/eGea/O7jV3WtyzpioWfiDJod+XTGHlCpk6tx4qeUpgiDA3/5WqATPQvBg\nc4TJ1A==\n-----END CERTIFICATE-----\n" (compared using ==)

Check failure on line 229 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8

certs with tar file with custom certificates default and server ca certs match is expected not to eq "-----BEGIN CERTIFICATE-----\nMIIHIDCCBQigAwIBAgIUadvybnR0cB4/fngAWYG/GAbDkSMwDQYJKoZIhvcNAQEL\nBQAwg...ocaedVyVPyvfUUk6xOBrQeqIshBVOYHnhrMJ/Il/r+hgWQw7Bdgx0D08YXnN\nYhBsHA==\n-----END CERTIFICATE-----\n" Failure/Error: it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).not_to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) } expected: value != "-----BEGIN CERTIFICATE-----\nMIIHIDCCBQigAwIBAgIUadvybnR0cB4/fngAWYG/GAbDkSMwDQYJKoZIhvcNAQEL\nBQAwg...ocaedVyVPyvfUUk6xOBrQeqIshBVOYHnhrMJ/Il/r+hgWQw7Bdgx0D08YXnN\nYhBsHA==\n-----END CERTIFICATE-----\n" got: "-----BEGIN CERTIFICATE-----\nMIIHIDCCBQigAwIBAgIUadvybnR0cB4/fngAWYG/GAbDkSMwDQYJKoZIhvcNAQEL\nBQAwg...ocaedVyVPyvfUUk6xOBrQeqIshBVOYHnhrMJ/Il/r+hgWQw7Bdgx0D08YXnN\nYhBsHA==\n-----END CERTIFICATE-----\n" (compared using ==)

Check failure on line 229 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9

certs with tar file with custom certificates default and server ca certs match is expected not to eq "-----BEGIN CERTIFICATE-----\nMIIHCjCCBPKgAwIBAgIUCyCSQL6vQVbGGLDdZvJnKe6iKEcwDQYJKoZIhvcNAQEL\nBQAwg...hzkhMbMfhpOUHnuD0zWKiZd69XCG\n7F+CjzG65tPKZRCf0e2B7TNgP6aaIRnlYXpo46pv\n-----END CERTIFICATE-----\n" Failure/Error: it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).not_to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) } expected: value != "-----BEGIN CERTIFICATE-----\nMIIHCjCCBPKgAwIBAgIUCyCSQL6vQVbGGLDdZvJnKe6iKEcwDQYJKoZIhvcNAQEL\nBQAwg...hzkhMbMfhpOUHnuD0zWKiZd69XCG\n7F+CjzG65tPKZRCf0e2B7TNgP6aaIRnlYXpo46pv\n-----END CERTIFICATE-----\n" got: "-----BEGIN CERTIFICATE-----\nMIIHCjCCBPKgAwIBAgIUCyCSQL6vQVbGGLDdZvJnKe6iKEcwDQYJKoZIhvcNAQEL\nBQAwg...hzkhMbMfhpOUHnuD0zWKiZd69XCG\n7F+CjzG65tPKZRCf0e2B7TNgP6aaIRnlYXpo46pv\n-----END CERTIFICATE-----\n" (compared using ==)

Check failure on line 229 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9

certs with tar file with custom certificates default and server ca certs match is expected not to eq "-----BEGIN CERTIFICATE-----\nMIIHCjCCBPKgAwIBAgIUMwdX6syezS+/xAWU1teBt2hkr+YwDQYJKoZIhvcNAQEL\nBQAwg...Dde32N6WcUBlm9FCIr2xwIxaTCHr\nIXxhqsKoAjIzbdcfhrMIAy7EZ+fa0ZplWdc6eOA+\n-----END CERTIFICATE-----\n" Failure/Error: it { expect(file('/etc/pki/katello/certs/katello-default-ca.crt').content).not_to eq(file('/etc/pki/katello/certs/katello-server-ca.crt').content) } expected: value != "-----BEGIN CERTIFICATE-----\nMIIHCjCCBPKgAwIBAgIUMwdX6syezS+/xAWU1teBt2hkr+YwDQYJKoZIhvcNAQEL\nBQAwg...Dde32N6WcUBlm9FCIr2xwIxaTCHr\nIXxhqsKoAjIzbdcfhrMIAy7EZ+fa0ZplWdc6eOA+\n-----END CERTIFICATE-----\n" got: "-----BEGIN CERTIFICATE-----\nMIIHCjCCBPKgAwIBAgIUMwdX6syezS+/xAWU1teBt2hkr+YwDQYJKoZIhvcNAQEL\nBQAwg...Dde32N6WcUBlm9FCIr2xwIxaTCHr\nIXxhqsKoAjIzbdcfhrMIAy7EZ+fa0ZplWdc6eOA+\n-----END CERTIFICATE-----\n" (compared using ==)
end

describe x509_certificate('/etc/pki/katello/certs/katello-default-ca.crt') do
it { should be_certificate }
it { should be_valid }
it { should have_purpose 'SSL server CA' }
its(:issuer) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
its(:subject) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
its(:keylength) { should be >= 4096 }
end

describe x509_certificate('/etc/pki/katello/certs/katello-server-ca.crt') do
it { should be_certificate }
it { should be_valid }
it { should have_purpose 'SSL server CA' }
# These don't match since we only configure it with the intermediate
# and not the actual root
its(:issuer) { should match_without_whitespace(/CN = Fake LE Root X1/) }

Check failure on line 247 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" issuer is expected to match without whitespace /CN = Fake LE Root X1/ Failure/Error: its(:issuer) { should match_without_whitespace(/CN = Fake LE Root X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=centos9-64-puppet8.example.com Expected: CN = Fake LE Root X1

Check failure on line 247 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" issuer is expected to match without whitespace /CN = Fake LE Root X1/ Failure/Error: its(:issuer) { should match_without_whitespace(/CN = Fake LE Root X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=centos9-64-puppet7.example.com Expected: CN = Fake LE Root X1

Check failure on line 247 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" issuer is expected to match without whitespace /CN = Fake LE Root X1/ Failure/Error: its(:issuer) { should match_without_whitespace(/CN = Fake LE Root X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux8-64-puppet8.example.com Expected: CN = Fake LE Root X1

Check failure on line 247 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" issuer is expected to match without whitespace /CN = Fake LE Root X1/ Failure/Error: its(:issuer) { should match_without_whitespace(/CN = Fake LE Root X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux8-64-puppet7.example.com Expected: CN = Fake LE Root X1

Check failure on line 247 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" issuer is expected to match without whitespace /CN = Fake LE Root X1/ Failure/Error: its(:issuer) { should match_without_whitespace(/CN = Fake LE Root X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux9-64-puppet8.example.com Expected: CN = Fake LE Root X1

Check failure on line 247 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" issuer is expected to match without whitespace /CN = Fake LE Root X1/ Failure/Error: its(:issuer) { should match_without_whitespace(/CN = Fake LE Root X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux9-64-puppet7.example.com Expected: CN = Fake LE Root X1
its(:subject) { should match_without_whitespace(/CN = Fake LE Intermediate X1/) }

Check failure on line 248 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" subject is expected to match without whitespace /CN = Fake LE Intermediate X1/ Failure/Error: its(:subject) { should match_without_whitespace(/CN = Fake LE Intermediate X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=centos9-64-puppet8.example.com Expected: CN = Fake LE Intermediate X1

Check failure on line 248 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" subject is expected to match without whitespace /CN = Fake LE Intermediate X1/ Failure/Error: its(:subject) { should match_without_whitespace(/CN = Fake LE Intermediate X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=centos9-64-puppet7.example.com Expected: CN = Fake LE Intermediate X1

Check failure on line 248 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" subject is expected to match without whitespace /CN = Fake LE Intermediate X1/ Failure/Error: its(:subject) { should match_without_whitespace(/CN = Fake LE Intermediate X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux8-64-puppet8.example.com Expected: CN = Fake LE Intermediate X1

Check failure on line 248 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" subject is expected to match without whitespace /CN = Fake LE Intermediate X1/ Failure/Error: its(:subject) { should match_without_whitespace(/CN = Fake LE Intermediate X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux8-64-puppet7.example.com Expected: CN = Fake LE Intermediate X1

Check failure on line 248 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" subject is expected to match without whitespace /CN = Fake LE Intermediate X1/ Failure/Error: its(:subject) { should match_without_whitespace(/CN = Fake LE Intermediate X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux9-64-puppet8.example.com Expected: CN = Fake LE Intermediate X1

Check failure on line 248 in spec/acceptance/certs_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9

certs with tar file with custom certificates X509 certificate "/etc/pki/katello/certs/katello-server-ca.crt" subject is expected to match without whitespace /CN = Fake LE Intermediate X1/ Failure/Error: its(:subject) { should match_without_whitespace(/CN = Fake LE Intermediate X1/) } Actual: C=US,ST=NorthCarolina,L=Raleigh,O=Katello,OU=SomeOrgUnit,CN=almalinux9-64-puppet7.example.com Expected: CN = Fake LE Intermediate X1
its(:keylength) { should be >= 2048 }
end
end
end
end

0 comments on commit 57eabc3

Please sign in to comment.