.gitignore

@@ -1,4 +1,3 @@
 pkg
-metadata.json
 .rspec_system/
 Gemfile.lock

CHANGELOG.md

@@ -1,31 +1,39 @@
-## puppetlabs-java_ks changelog
+##2014-03-04 - Supported Release 1.2.2
+###Summary
 
-Release notes for the puppetlabs-java_ks module
+This is a supported release.  Only tests and documentation were changed.
+
+####Features
+- Test changes.
+- Documentation changes.
+
+####Bugfixes
+
+####Known Bugs
+* No known bugs
 
----------------------------------------
 
-2014-02-12 Release 1.2.1
-========================
+##2014-02-12 - Release 1.2.1
 
-### Bugfixes
+#### Bugfixes
 - Updating specs
 
-2013-09-18 Release 1.2.0
-========================
+
+##2013-09-18 - Release 1.2.0
 
 ### Summary
 This release adds `puppet://` URI support, a few bugfixes, and lots of tests.
 
-### Features
+#### Features
 - `puppet://` URI support for the `chain`, `certificate`, and `private_key` parameters
 
-### Bugfixes
+#### Bugfixes
 - Validate that keystore passwords are > 6 characters (would silent fail before)
 - Fixed corrupted keystore PKCS12 files in some cases.
 - More acceptance tests, unit tests, and rspec-puppet tests.
 
-1.1.0
-=====
+
+##1.1.0
 
 This minor feature provides a number of new features:
 
@@ -46,7 +54,7 @@ Travis-CI support has also been added to improve testing.
 
 ---------------------------------------
 
-0.0.6
-=====
+##0.0.6
+
 
 Fixes an issue with ibm java handling input from stdin on SLES

Modulefile

@@ -1,5 +1,5 @@
 name 'puppetlabs-java_ks'
-version '1.2.1'
+version '1.2.2'
 
 author 'puppetlabs'
 license 'ASL 2.0'

README.md

@@ -134,6 +134,8 @@ The java_ks module uses the `keytool` and `openssl` commands. It should work on
 
 At the moment, Java 7 isn't fully supported, and `ensure => latest` will fail.
 
+Only validated against IBM Java 6 on AIX. Other versions may be unsupported.
+
 Development
 -----------
 

metadata.json

@@ -0,0 +1,82 @@
+{
+    "name": "puppetlabs-java_ks",
+    "version": "1.2.2",
+    "source": "https://github.com/puppetlabs/puppetlabs-java_ks",
+    "author": "Puppet Labs",
+    "license": "Apache-2.0",
+    "project_page": "https://github.com/puppetlabs/puppetlabs-java_ks",
+    "summary": "Manage arbitrary Java keystore files",
+    "operatingsystem_support": [
+      {
+        "operatingsystem": "RedHat",
+        "operatingsystemrelease": [
+          "5",
+          "6"
+        ]
+      },
+      {
+        "operatingsystem": "CentOS",
+        "operatingsystemrelease": [
+          "5",
+          "6"
+        ]
+      },
+      {
+        "operatingsystem": "OracleLinux",
+        "operatingsystemrelease": [
+          "5",
+          "6"
+        ]
+      },
+      {
+        "operatingsystem": "SLES",
+        "operatingsystemrelease": [
+          "11 SP1"
+        ]
+      },
+      {
+        "operatingsystem": "Debian",
+        "operatingsystemrelease": [
+          "6",
+          "7"
+        ]
+      },
+      {
+        "operatingsystem": "Ubuntu",
+        "operatingsystemrelease": [
+          "10.04",
+          "12.04"
+        ]
+      },
+      {
+        "operatingsystem": "Solaris",
+        "operatingsystemrelease": [
+          "10",
+          "11"
+        ]
+      },
+      {
+        "operatingsystem": "Windows",
+        "operatingsystemrelease": [
+          "Server 2003 R2",
+          "Server 2008 R2",
+          "Server 2012",
+          "Server 2012 R2",
+          "7"
+        ]
+      },
+      {
+        "operatingsystem": "AIX",
+        "operatingsystemrelease": [
+          "5.3",
+          "6.1",
+          "7.1"
+        ]
+      }
+    ],
+    "requirements": [
+      { "name": "pe", "version_requirement": "3.2.x" },
+      { "name": "puppet", "version_requirement": "3.x" }
+    ],
+    "dependencies": []
+}

spec/acceptance/basic_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper_acceptance'
 
-describe 'prep nodes' do
-  it 'requires java' do
+describe 'prep nodes', :unless => UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
+  it 'requires java', :unless => ["Solaris","AIX"].include?(fact('osfamily')) do
     pp = <<-EOS
       class { 'java': }
     EOS

spec/acceptance/keystore_spec.rb

@@ -1,23 +1,33 @@
 require 'spec_helper_acceptance'
 
-describe 'managing java keystores' do
+describe 'managing java keystores', :unless => UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
+  case fact('osfamily')
+  when "Solaris"
+    keytool_path = '/usr/java/bin/'
+    resource_path = "['/usr/java/bin/','/opt/puppet/bin/']"
+  when "AIX"
+    keytool_path = '/usr/java6/bin/'
+    resource_path = "['/usr/java6/bin/','/usr/bin/']"
+  else
+    resource_path = "undef"
+  end
   it 'creates a keystore' do
     pp = <<-EOS
-      class { 'java': }
       java_ks { 'puppetca:keystore':
         ensure       => latest,
-        certificate  => '/etc/puppet/ssl/certs/ca.pem',
+        certificate  => '#{default['puppetpath']}/ssl/certs/ca.pem',
         target       => '/etc/keystore.ks',
         password     => 'puppet',
         trustcacerts => true,
+        path         => #{resource_path},
       }
     EOS
 
     apply_manifest(pp, :catch_failures => true)
   end
 
   it 'verifies the keystore' do
-    shell('keytool -list -v -keystore /etc/keystore.ks -storepass puppet') do |r|
+    shell("#{keytool_path}keytool -list -v -keystore /etc/keystore.ks -storepass puppet") do |r|
       expect(r.exit_code).to be_zero
       expect(r.stdout).to match(/Your keystore contains 1 entry/)
       expect(r.stdout).to match(/Alias name: puppetca/)

spec/acceptance/private_key_spec.rb

@@ -2,51 +2,62 @@
 
 hostname = default.node_name
 
-describe 'managing java private keys' do
+describe 'managing java private keys', :unless => UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
+  let(:confdir)    { default['puppetpath']    }
+  let(:modulepath) { default['distmoduledir'] }
+  case fact('osfamily')
+  when "Solaris"
+    keytool_path = '/usr/java/bin/'
+    resource_path = "['/usr/java/bin/','/opt/puppet/bin/']"
+  when "AIX"
+    keytool_path = '/usr/java6/bin/'
+    resource_path = "['/usr/java6/bin/','/usr/bin/']"
+  else
+    resource_path = "undef"
+  end
   it 'creates a private key' do
     pp = <<-EOS
-      class { 'java': }
       java_ks { 'broker.example.com:/etc/private_key.ks':
         ensure       => latest,
-        certificate  => "/etc/puppet/ssl/certs/#{hostname}.pem",
-        private_key  => "/etc/puppet/ssl/private_keys/#{hostname}.pem",
+        certificate  => "#{confdir}/ssl/certs/#{hostname}.pem",
+        private_key  => "#{confdir}/ssl/private_keys/#{hostname}.pem",
         password     => 'puppet',
+        path         => #{resource_path},
       }
     EOS
 
     apply_manifest(pp, :catch_failures => true)
   end
 
   it 'verifies the private key' do
-    shell('keytool -list -v -keystore /etc/private_key.ks -storepass puppet') do |r|
+    shell("#{keytool_path}keytool -list -v -keystore /etc/private_key.ks -storepass puppet") do |r|
       expect(r.exit_code).to be_zero
       expect(r.stdout).to match(/Alias name: broker\.example\.com/)
-      expect(r.stdout).to match(/Entry type: PrivateKeyEntry/)
+      expect(r.stdout).to match(/Entry type: (keyEntry|PrivateKeyEntry)/)
       expect(r.stdout).to match(/CN=Puppet CA/)
     end
   end
 
   describe 'from a puppet:// uri' do
     it 'puts a key in a module' do
       pp = <<-EOS
-        class { 'java': }
         file { [
-          '/etc/puppet/modules/keys',
-          '/etc/puppet/modules/keys/files',
+          '#{modulepath}/keys',
+          '#{modulepath}/keys/files',
         ]:
           ensure => directory,
         }
-        file { '/etc/puppet/modules/keys/files/ca.pem':
+        file { '#{modulepath}/keys/files/ca.pem':
           ensure => file,
-          source => '/etc/puppet/ssl/certs/ca.pem',
+          source => '#{confdir}/ssl/certs/ca.pem',
         }
-        file { '/etc/puppet/modules/keys/files/certificate.pem':
+        file { '#{modulepath}/keys/files/certificate.pem':
           ensure => file,
-          source => '/etc/puppet/ssl/certs/#{hostname}.pem',
+          source => '#{confdir}/ssl/certs/#{hostname}.pem',
         }
-        file { '/etc/puppet/modules/keys/files/private_key.pem':
+        file { '#{modulepath}/keys/files/private_key.pem':
           ensure => file,
-          source => '/etc/puppet/ssl/private_keys/#{hostname}.pem',
+          source => '#{confdir}/ssl/private_keys/#{hostname}.pem',
         }
       EOS
 
@@ -55,24 +66,24 @@ class { 'java': }
 
     it 'creates a keystore' do
       pp = <<-EOS
-        class { 'java': }
         java_ks { 'uri.example.com:/etc/uri_key.ks':
           ensure       => latest,
           certificate  => 'puppet:///modules/keys/certificate.pem',
           private_key  => 'puppet:///modules/keys/private_key.pem',
           chain        => 'puppet:///modules/keys/ca.pem',
           password     => 'puppet',
+          path         => #{resource_path},
         }
       EOS
 
       apply_manifest(pp, :catch_failures => true)
     end
 
     it 'verifies the private key' do
-      shell('keytool -list -v -keystore /etc/uri_key.ks -storepass puppet') do |r|
+      shell("#{keytool_path}keytool -list -v -keystore /etc/uri_key.ks -storepass puppet") do |r|
         expect(r.exit_code).to be_zero
         expect(r.stdout).to match(/Alias name: uri\.example\.com/)
-        expect(r.stdout).to match(/Entry type: PrivateKeyEntry/)
+        expect(r.stdout).to match(/Entry type: (keyEntry|PrivateKeyEntry)/)
         expect(r.stdout).to match(/CN=Puppet CA/)
       end
     end

spec/acceptance/truststore_spec.rb

@@ -1,22 +1,32 @@
 require 'spec_helper_acceptance'
 
-describe 'managing java truststores' do
+describe 'managing java truststores', :unless => UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
+  case fact('osfamily')
+  when "Solaris"
+    keytool_path = '/usr/java/bin/'
+    resource_path = "['/usr/java/bin/','/opt/puppet/bin/']"
+  when "AIX"
+    keytool_path = '/usr/java6/bin/'
+    resource_path = "['/usr/java6/bin/','/usr/bin/']"
+  else
+    resource_path = "undef"
+  end
   it 'creates a truststore' do
     pp = <<-EOS
-      class { 'java': }
       java_ks { 'puppetca:truststore':
         ensure       => latest,
-        certificate  => '/etc/puppet/ssl/certs/ca.pem',
+        certificate  => '#{default['puppetpath']}/ssl/certs/ca.pem',
         target       => '/etc/truststore.ts',
         password     => 'puppet',
         trustcacerts => true,
+        path         => #{resource_path},
     }
     EOS
     apply_manifest(pp, :catch_failures => true)
   end
 
   it 'verifies the truststore' do
-    shell('keytool -list -v -keystore /etc/truststore.ts -storepass puppet') do |r|
+    shell("#{keytool_path}keytool -list -v -keystore /etc/truststore.ts -storepass puppet") do |r|
       expect(r.exit_code).to be_zero
       expect(r.stdout).to match(/Your keystore contains 1 entry/)
       expect(r.stdout).to match(/Alias name: puppetca/)

spec/acceptance/unsupported_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper_acceptance'
+
+describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
+  case fact('osfamily')
+  when "Solaris"
+    keytool_path = '/usr/java/bin/'
+    resource_path = "['/usr/java/bin/','/opt/puppet/bin/']"
+  when "AIX"
+    keytool_path = '/usr/java6/bin/'
+    resource_path = "['/usr/java6/bin/','/opt/puppet/bin/']"
+  else
+    resource_path = "undef"
+  end
+  it 'should fail' do
+    pp = <<-EOS
+    java_ks { 'puppetca:keystore':
+      ensure       => latest,
+      certificate  => '#{default['puppetpath']}/ssl/certs/ca.pem',
+      target       => '/etc/keystore.ks',
+      password     => 'puppet',
+      trustcacerts => true,
+      path         => #{resource_path},
+    }
+    EOS
+    expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/unsupported os/)
+  end
+end