From fedb020bd1c279a45f14c5f4112331407143dca0 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Thu, 12 Sep 2024 17:48:15 +0200 Subject: [PATCH 1/2] Introduce $default_ca_path variable in certs::ca This is reused a few times and makes it easier to follow what's related. --- manifests/ca.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/ca.pp b/manifests/ca.pp index 29a46d2f..e86423ce 100644 --- a/manifests/ca.pp +++ b/manifests/ca.pp @@ -21,6 +21,7 @@ String $ca_key_password = $certs::ca_key_password, Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file, ) { + $default_ca_path = "${certs::ssl_build_dir}/${default_ca_name}.crt" $server_ca_path = "${certs::ssl_build_dir}/${server_ca_name}.crt" file { $ca_key_password_file: @@ -57,7 +58,7 @@ } else { file { $server_ca_path: ensure => file, - source => "${certs::ssl_build_dir}/${default_ca_name}.crt", + source => $default_ca_path, owner => 'root', group => 'root', mode => '0644', @@ -74,7 +75,7 @@ if $deploy { file { $certs::katello_default_ca_cert: ensure => file, - source => "${certs::ssl_build_dir}/${default_ca_name}.crt", + source => $default_ca_path, owner => 'root', group => 'root', mode => '0644', From 037e9141d68c87534fbbe367c35de461c1366348 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Thu, 12 Sep 2024 17:49:06 +0200 Subject: [PATCH 2/2] Merge if/else branch into a single resource declaration This always defined the same file, just with a different source. That source is either the provided server_ca_cert or the default CA. --- manifests/ca.pp | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/manifests/ca.pp b/manifests/ca.pp index e86423ce..c0724112 100644 --- a/manifests/ca.pp +++ b/manifests/ca.pp @@ -47,22 +47,12 @@ } if $generate { - if $certs::server_ca_cert { - file { $server_ca_path: - ensure => file, - source => $certs::server_ca_cert, - owner => 'root', - group => 'root', - mode => '0644', - } - } else { - file { $server_ca_path: - ensure => file, - source => $default_ca_path, - owner => 'root', - group => 'root', - mode => '0644', - } + file { $server_ca_path: + ensure => file, + source => pick($certs::server_ca_cert, $default_ca_path), + owner => 'root', + group => 'root', + mode => '0644', } file { "${certs::ssl_build_dir}/KATELLO-TRUSTED-SSL-CERT":