Skip to content

Manager certificate permissions if manage_certificates true #599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Manager certificate permissions if manage_certificates true #599

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions manifests/config.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,4 +133,60 @@
}
}
}

if $foreman_proxy::manage_certificates {
file { "${foreman_proxy::config_dir}/ssl_ca.pem":
ensure => file,
source => $foreman_proxy::ssl_ca,
owner => 'root',
group => $foreman_proxy::group,
mode => '0440',
}

file { "${foreman_proxy::config_dir}/ssl_cert.pem":
ensure => file,
source => $foreman_proxy::ssl_cert,
owner => 'root',
group => $foreman_proxy::group,
mode => '0440',
}

file { "${foreman_proxy::config_dir}/ssl_key.pem":
ensure => file,
source => $foreman_proxy::ssl_key,
owner => 'root',
group => $foreman_proxy::group,
mode => '0440',
}

if $foreman_proxy::foreman_ssl_ca {
file { "${foreman_proxy::config_dir}/foreman_ssl_ca.pem":
ensure => file,
source => $foreman_proxy::foreman_ssl_ca,
owner => 'root',
group => $foreman_proxy::group,
mode => '0440',
}
}

if $foreman_proxy::foreman_ssl_cert {
file { "${foreman_proxy::config_dir}/foreman_ssl_cert.pem":
ensure => file,
source => $foreman_proxy::foreman_ssl_cert,
owner => 'root',
group => $foreman_proxy::group,
mode => '0440',
}
}

if $foreman_proxy::foreman_ssl_key {
file { "${foreman_proxy::config_dir}/foreman_ssl_key.pem":
ensure => file,
source => $foreman_proxy::foreman_ssl_key,
owner => 'root',
group => $foreman_proxy::group,
mode => '0440',
}
}
}
}
4 changes: 4 additions & 0 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,6 +282,9 @@
# $manage_service:: control the service, whether it should be started / enabled or not. useful, if the
# service should be managed by a cluster software e.g. corosync / pacemaker
#
# $manage_certificates:: control the location, ownership and permissions of the certificates
#
#
class foreman_proxy (
String $version = 'present',
Enum['latest', 'present', 'installed', 'absent'] $ensure_packages_version = 'installed',
Expand Down Expand Up @@ -420,6 +423,7 @@
String $oauth_consumer_key = $foreman_proxy::params::oauth_consumer_key,
String $oauth_consumer_secret = $foreman_proxy::params::oauth_consumer_secret,
Optional[Stdlib::HTTPUrl] $registration_url = undef,
Boolean $manage_certificates = false,
) inherits foreman_proxy::params {
if $bind_host =~ String {
warning('foreman_proxy::bind_host should be changed to an array, support for string only is deprecated')
Expand Down
70 changes: 70 additions & 0 deletions spec/classes/foreman_proxy__spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1047,6 +1047,76 @@

it { should contain_user("#{proxy_user_name}").with_shell('/dne/foo') }
end

describe 'manage_certificates' do
let(:params) do
super().merge(
manage_certificates: true,
)
end

context 'when ssl_ca, ssl_cert and ssl_key are defined' do
it { should compile.with_all_deps }

it do

Check failure on line 1061 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-11-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_ca.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1061 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-12-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_ca.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1061 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-11-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_ca.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1061 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-12-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_ca.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"
should contain_file("#{etc_dir}/foreman-proxy/ssl_ca.pem")
.with_owner('root')
.with_group('foreman-proxy')
.with_mode('0440')
end
it do

Check failure on line 1067 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-11-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_cert.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1067 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-12-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_cert.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1067 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-11-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_cert.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1067 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-12-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_cert.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_cert.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"
should contain_file("#{etc_dir}/foreman-proxy/ssl_cert.pem")
.with_owner('root')
.with_group('foreman-proxy')
.with_mode('0440')
end
it do

Check failure on line 1073 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-11-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_key.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1073 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-12-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_key.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1073 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-11-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_key.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1073 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-12-amd64 manage_certificates when ssl_ca, ssl_cert and ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/ssl_key.pem")
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/ssl_key.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"
should contain_file("#{etc_dir}/foreman-proxy/ssl_key.pem")
.with_owner('root')
.with_group('foreman-proxy')
.with_mode('0440')
end

it { should_not contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_ca.pem") }
it { should_not contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_cert.pem") }
it { should_not contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_key.pem") }
end
end

context 'when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined' do
let(:params) do
super().merge(
manage_certificates: true,
foreman_ssl_ca: '/root/certificates/ca.pem',
foreman_ssl_cert: '/root/certificates/cert.pem',
foreman_ssl_key: '/root/certificates/key.pem',
)
end

it { should compile.with_all_deps }

it do

Check failure on line 1098 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-11-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with source => "/root/certificates/ca.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_ca.pem")
          .with_source('/root/certificates/ca.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1098 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-12-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with source => "/root/certificates/ca.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_ca.pem")
          .with_source('/root/certificates/ca.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1098 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-11-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with source => "/root/certificates/ca.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_ca.pem")
          .with_source('/root/certificates/ca.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1098 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-12-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with source => "/root/certificates/ca.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_ca.pem")
          .with_source('/root/certificates/ca.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_ca.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"
should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_ca.pem")
.with_source('/root/certificates/ca.pem')
.with_owner('root')
.with_group('foreman-proxy')
.with_mode('0440')
end
it do

Check failure on line 1105 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-11-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_cert.pem] with source => "/root/certificates/cert.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_cert.pem")
          .with_source('/root/certificates/cert.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_cert.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1105 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-11-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_cert.pem] with source => "/root/certificates/cert.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_cert.pem")
          .with_source('/root/certificates/cert.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_cert.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"
should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_cert.pem")
.with_source('/root/certificates/cert.pem')
.with_owner('root')
.with_group('foreman-proxy')
.with_mode('0440')
end
it do

Check failure on line 1112 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman_proxy on freebsd-11-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_key.pem] with source => "/root/certificates/key.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_key.pem")
          .with_source('/root/certificates/key.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_key.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"

Check failure on line 1112 in spec/classes/foreman_proxy__spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman_proxy on freebsd-11-amd64 when foreman_ssl_ca, foreman_ssl_cert and foreman_ssl_key are defined is expected to contain File[/usr/local/etc/foreman-proxy/foreman_ssl_key.pem] with source => "/root/certificates/key.pem", owner => "root", group => "foreman-proxy" and mode => "0440"

Failure/Error:
  should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_key.pem")
          .with_source('/root/certificates/key.pem')
          .with_owner('root')
          .with_group('foreman-proxy')
          .with_mode('0440')

  expected that the catalogue would contain File[/usr/local/etc/foreman-proxy/foreman_ssl_key.pem] with group set to "foreman-proxy" but it is set to "foreman_proxy"
should contain_file("#{etc_dir}/foreman-proxy/foreman_ssl_key.pem")
.with_source('/root/certificates/key.pem')
.with_owner('root')
.with_group('foreman-proxy')
.with_mode('0440')
end
end
end
end
end
Loading