From 729502a3add1c2219053aed1742c0bca2b5fbbca Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Thu, 12 Sep 2024 15:45:56 +0200 Subject: [PATCH] Add a test for customer server certificates in tar file This asserts that the default CA and server CA are the same in one scenario and differ in the other. --- spec/acceptance/foreman_proxy_content_spec.rb | 81 ++++++++++++++----- 1 file changed, 61 insertions(+), 20 deletions(-) diff --git a/spec/acceptance/foreman_proxy_content_spec.rb b/spec/acceptance/foreman_proxy_content_spec.rb index 037f7afc..6ddfb192 100644 --- a/spec/acceptance/foreman_proxy_content_spec.rb +++ b/spec/acceptance/foreman_proxy_content_spec.rb @@ -5,11 +5,26 @@ on default, 'rm -rf /root/ssl-build' end - context 'with default parameters' do - before(:context) do - apply_manifest('include certs', catch_failures: true) + let(:expected_files_in_tar) do + [ + 'ssl-build/katello-default-ca.crt', + 'ssl-build/katello-server-ca.crt', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.crt', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.crt', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.crt', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.crt', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.crt', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.key', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.key', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.key', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.key', + 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.key', + ] + end - pp = <<-PUPPET + context 'with default CA' do + before(:context) do + manifest = <<~PUPPET class { 'certs': generate => true, deploy => false, @@ -21,29 +36,55 @@ class { 'certs::foreman_proxy_content': } PUPPET - apply_manifest(pp, catch_failures: true) + apply_manifest(manifest, catch_failures: true) + end + + describe tar('/root/foreman-proxy.example.com.tar.gz') do + it { should exist } + its(:contents) { should match_array(expected_files_in_tar) } + end + + describe 'default and server ca certs match' do + it { expect(file('/root/ssl-build/katello-default-ca.crt').content).to eq(file('/root/ssl-build/katello-server-ca.crt').content) } end + end + + context 'with server certificates' do + before(:context) do + certs = { + 'fixtures/example.partial.solutions.crt' => '/server.crt', + 'fixtures/example.partial.solutions.key' => '/server.key', + 'fixtures/example.partial.solutions-chain.pem' => '/server-ca.crt', + } + certs.each do |source_path, dest_path| + scp_to(hosts, source_path, dest_path) + end + + manifest = <<~PUPPET + class { 'certs': + server_cert => '/server.crt', + server_key => '/server.key', + server_ca_cert => '/server-ca.crt', + generate => true, + deploy => false, + } + + class { 'certs::foreman_proxy_content': + foreman_proxy_fqdn => 'foreman-proxy.example.com', + certs_tar => '/root/foreman-proxy.example.com.tar.gz', + } + PUPPET - let(:expected_files_in_tar) do - [ - 'ssl-build/katello-default-ca.crt', - 'ssl-build/katello-server-ca.crt', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.crt', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.crt', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.crt', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.crt', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.crt', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-apache.key', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-client.key', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy-client.key', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-foreman-proxy.key', - 'ssl-build/foreman-proxy.example.com/foreman-proxy.example.com-puppet-client.key', - ] + apply_manifest(manifest, catch_failures: true) end describe tar('/root/foreman-proxy.example.com.tar.gz') do it { should exist } its(:contents) { should match_array(expected_files_in_tar) } end + + describe 'default and server ca certs differ' do + it { expect(file('/root/ssl-build/katello-default-ca.crt').content).not_to eq(file('/root/ssl-build/katello-server-ca.crt').content) } + end end end