Fixes #29803 - Move --certs* to hooks/

[wbclark]

No description provided.

[ehelms]

Given this and a few other PRs depend on the logic, I implemented the module_present? concept --theforeman/kafo#262

[ekohl]

Does it make sense to gather an array on all of this? We now have all_cert_names but really we can gather them all. Explicitly gathering the paths would make mark_for_update redundant. Because I wanted to know how it looked, I took a stab at it:

require 'fileutils'

if module_enabled?('certs')
  if param('foreman_proxy_certs', 'foreman_proxy_fqdn')
    hostname = param('foreman_proxy_certs', 'foreman_proxy_fqdn').value
  else
    hostname = param('certs', 'node_fqdn').value
  end

  SSL_BUILD_DIR = param('certs', 'ssl_build_dir').value
  HOST_BUILD_DIR = File.join(SSL_BUILD_DIR, hostname)

  certs_to_update = []

  if app_value('certs_update_server')
    certs_to_update << File.join(HOST_BUILD_DIR, "#{hostname}-apache")
    certs_to_update << File.join(HOST_BUILD_DIR, "#{hostname}-foreman-proxy")
  end
   
  if app_value('certs_update_all') || app_value('certs_update_default_ca') || app_value('certs_reset')
    certs_to_update += Dir.glob(File.join(HOST_BUILD_DIR, '*.noarch.rpm')).map do |rpm|
      rpm.sub(/-1\.0-\d+\.noarch\.rpm/, '')
    end
  end

  if app_value('certs_update_server_ca') || app_value('certs_reset')
    certs_to_update << File.join(SSL_BUILD_DIR, 'katello-server-ca')
  end

  certs_to_update.uniq.each do |path|
    if app_value(:noop)
      puts "Marking certificate #{path} for update (noop)"
    else
      puts "Marking certificate #{path} for update"
      FileUtils.touch("#{path}.update")
    end
  end
end

I think it looks and better shows the intention of this hook. Note I left out resetting the params since I believe that should be in a different hook (https://github.com/theforeman/foreman-installer/pull/514/files#r476563297).

[ekohl]

Note that katello_certs/hooks/pre/20-certs_update.rb is a symlink to the current certs update. That will need an update too.

[ehelms]

Given this hook has worked by all accounts, it would be nice if this could be a move and then a refactor rather than combining the two. That will make tracking down issues easier.

[wbclark]

@ekohl I fixed the symlinks and tests are now green. I also moved resetting certs answers to pre_commit. do you have any other feedback on this one?

btw, I also opened #579 to run katello-certs-check whenever non-default certs answers are provided.

[ekohl]

I always forget these and what they're exactly supposed to do. It would be great to have some integration tests to make sure the functionality actually does what it's supposed to.

[wbclark]

I'm working on theforeman/forklift#1208 as a first step towards integration testing of installer PRs.

Could we go ahead and merge this, and add tests in a future PR?

[ehelms]

Yes, tests can come after. Please file a Redmine issue to not lose track of the need.

[ekohl]

I agree they can come later, but I'm wonder how much we actually verified this continues to work. With the rest of the code I'm decently familiar with how it should work but I'm not that familiar with foreman-proxy-certs-generate.

[ehelms]

Tested locally with an install test