Refs #28924: Drop amqp key and truststore

theforeman · Mar 26, 2020 · 64867f1 · 64867f1
1 parent 167d53c
commit 64867f1
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 30 deletions.
diff --git a/manifests/candlepin.pp b/manifests/candlepin.pp
@@ -10,9 +10,6 @@
   $pki_dir                = $certs::pki_dir,
   $keystore               = $certs::candlepin_keystore,
   $keystore_password_file = $certs::keystore_password_file,
-  $amqp_truststore        = $certs::candlepin_amqp_truststore,
-  $amqp_keystore          = $certs::candlepin_amqp_keystore,
-  $amqp_store_dir         = $certs::candlepin_amqp_store_dir,
   $country                = $certs::country,
   $state                  = $certs::state,
   $city                   = $certs::city,
@@ -121,31 +118,15 @@
       key_file  => $client_key,
       cert_file => $client_cert,
     } ~>
-    file { $amqp_store_dir:
-      ensure => directory,
-      owner  => 'tomcat',
-      group  => $group,
-      mode   => '0750',
-    } ~>
     exec { 'import CA into Candlepin truststore':
       command => "keytool -import -trustcacerts -v -keystore ${keystore} -storepass ${keystore_password} -alias ${alias} -file ${ca_cert} -noprompt",
       unless  => "keytool -list -keystore ${keystore} -storepass ${keystore_password} -alias ${alias}",
     } ~>
-    exec { 'import CA into Candlepin AMQP truststore':
-      command => "keytool -import -v -keystore ${amqp_truststore} -storepass ${keystore_password} -alias ${alias} -file ${ca_cert} -trustcacerts -noprompt",
-      unless  => "keytool -list -keystore ${amqp_truststore} -storepass ${keystore_password} -alias ${alias}",
-    } ~>
     exec { 'import client certificate into Candlepin keystore':
       # Stupid keytool doesn't allow you to import a keypair.  You can only import a cert.  Hence, we have to
       # create the store as an PKCS12 and convert to JKS.  See http://stackoverflow.com/a/8224863
-      command => "openssl pkcs12 -export -name amqp-client -in ${client_cert} -inkey ${client_key} -out /tmp/keystore.p12 -passout file:${password_file} && keytool -importkeystore -destkeystore ${amqp_keystore} -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass ${keystore_password} -srcstorepass ${keystore_password} -noprompt && rm /tmp/keystore.p12",
-      unless  => "keytool -list -keystore ${amqp_keystore} -storepass ${keystore_password} -alias amqp-client",
-    } ~>
-    file { $amqp_keystore:
-      ensure => file,
-      owner  => 'tomcat',
-      group  => $group,
-      mode   => '0640',
+      command => "openssl pkcs12 -export -name artemis-client -in ${client_cert} -inkey ${client_key} -out /tmp/keystore.p12 -passout file:${password_file} && keytool -importkeystore -destkeystore ${keystore} -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias artemis-client -storepass ${keystore_password} -srcstorepass ${keystore_password} -noprompt && rm /tmp/keystore.p12",
+      unless  => "keytool -list -keystore ${keystore} -storepass ${keystore_password} -alias artemis-client | grep $(openssl x509 -noout -fingerprint -in ${client_cert} | cut -d '=' -f 2)",
     }
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -60,9 +60,6 @@
   $candlepin_keystore               = "${candlepin_certs_dir}/keystore"
   $candlepin_ca_cert                = "${candlepin_certs_dir}/candlepin-ca.crt"
   $candlepin_ca_key                 = "${candlepin_certs_dir}/candlepin-ca.key"
-  $candlepin_amqp_store_dir         = "${candlepin_certs_dir}/amqp"
-  $candlepin_amqp_truststore        = "${candlepin_amqp_store_dir}/candlepin.truststore"
-  $candlepin_amqp_keystore          = "${candlepin_amqp_store_dir}/candlepin.jks"
 
   # Settings for uploading packages to Katello
   $katello_user           = undef

diff --git a/spec/acceptance/candlepin_spec.rb b/spec/acceptance/candlepin_spec.rb
@@ -10,11 +10,9 @@
         ensure => present,
       }
 
-      ['/usr/share/tomcat/conf', '/etc/candlepin/certs/amqp'].each |$dir| {
-        exec { "mkdir -p ${dir}":
-          creates => $dir,
-          path    => ['/bin', '/usr/bin'],
-        }
+      exec { "mkdir -p /usr/share/tomcat/conf":
+        creates => "/usr/share/tomcat/conf",
+        path    => ['/bin', '/usr/bin'],
       }
 
       package { 'java-1.8.0-openjdk-headless':
@@ -91,6 +89,7 @@
       its(:stdout) { should match(/^Your keystore contains 2 entries$/) }
       its(:stdout) { should match(/^tomcat, .+, PrivateKeyEntry, $/) }
       its(:stdout) { should match(/^candlepin-ca, .+, trustedCertEntry, $/) }
+<<<<<<< HEAD
     end
 
     describe command("keytool -list -v -keystore /etc/candlepin/certs/keystore -alias tomcat -storepass $(cat #{keystore_password_file})") do
@@ -110,7 +109,7 @@
       its(:exit_status) { should eq 0 }
       its(:stdout) { should match(/^Keystore type: JKS$/i) }
       its(:stdout) { should match(/^Your keystore contains 1 entry$/) }
-      its(:stdout) { should match(/^amqp-client, .+, PrivateKeyEntry, $/) }
+      its(:stdout) { should match(/^artemis-client, .+, PrivateKeyEntry, $/) }
     end
   end