Skip to content

Commit

Permalink
Add a test for customer server certificates in tar file
Browse files Browse the repository at this point in the history
This asserts that the default CA and server CA are the same in one
scenario and differ in the other.
  • Loading branch information
ekohl committed Sep 12, 2024
1 parent 2b9f043 commit 729502a
Showing 1 changed file with 61 additions and 20 deletions.
81 changes: 61 additions & 20 deletions spec/acceptance/foreman_proxy_content_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,26 @@
on default, 'rm -rf /root/ssl-build'
end

context 'with default parameters' do
before(:context) do
apply_manifest('include certs', catch_failures: true)
let(:expected_files_in_tar) do
[
'ssl-build/katello-default-ca.crt',
'ssl-build/katello-server-ca.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.key',
]
end

pp = <<-PUPPET
context 'with default CA' do
before(:context) do
manifest = <<~PUPPET
class { 'certs':
generate => true,
deploy => false,
Expand All @@ -21,29 +36,55 @@ class { 'certs::foreman_proxy_content':
}
PUPPET

apply_manifest(pp, catch_failures: true)
apply_manifest(manifest, catch_failures: true)
end

describe tar('/root/foreman-proxy.example.com.tar.gz') do
it { should exist }
its(:contents) { should match_array(expected_files_in_tar) }
end

describe 'default and server ca certs match' do
it { expect(file('/root/ssl-build/katello-default-ca.crt').content).to eq(file('/root/ssl-build/katello-server-ca.crt').content) }
end
end

context 'with server certificates' do
before(:context) do
certs = {
'fixtures/example.partial.solutions.crt' => '/server.crt',
'fixtures/example.partial.solutions.key' => '/server.key',
'fixtures/example.partial.solutions-chain.pem' => '/server-ca.crt',
}
certs.each do |source_path, dest_path|
scp_to(hosts, source_path, dest_path)
end

manifest = <<~PUPPET
class { 'certs':
server_cert => '/server.crt',
server_key => '/server.key',
server_ca_cert => '/server-ca.crt',
generate => true,
deploy => false,
}
class { 'certs::foreman_proxy_content':
foreman_proxy_fqdn => 'foreman-proxy.example.com',
certs_tar => '/root/foreman-proxy.example.com.tar.gz',
}
PUPPET

let(:expected_files_in_tar) do
[
'ssl-build/katello-default-ca.crt',
'ssl-build/katello-server-ca.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.crt',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.key',
'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.key',
]
apply_manifest(manifest, catch_failures: true)
end

describe tar('/root/foreman-proxy.example.com.tar.gz') do
it { should exist }
its(:contents) { should match_array(expected_files_in_tar) }
end

describe 'default and server ca certs differ' do
it { expect(file('/root/ssl-build/katello-default-ca.crt').content).not_to eq(file('/root/ssl-build/katello-server-ca.crt').content) }
end
end
end

0 comments on commit 729502a

Please sign in to comment.