Skip to content

Commit

Permalink
Fix https_ca_cert if a different location for ca_cert is used
Browse files Browse the repository at this point in the history
  • Loading branch information
@laugmanuel @ekohl
laugmanuel authored and ekohl committed Dec 9, 2019
1 parent 9ee5f9e commit ebf5e8b
Show file tree
Hide file tree
Showing 6 changed files with 48 additions and 26 deletions.
2 changes: 1 addition & 1 deletion manifests/apache.pp
View file
Expand Up @@ -81,7 +81,7 @@
ssl_cert => $pulp::https_cert,
ssl_key => $pulp::https_key,
ssl_chain => $pulp::https_chain,
ssl_ca => $pulp::https_ca_cert,
ssl_ca => pick($pulp::https_ca_cert, $pulp::ca_cert),
ssl_certs_dir => '',
ssl_verify_client => 'optional',
ssl_protocol => $pulp::ssl_protocol,
Expand Down
10 changes: 9 additions & 1 deletion manifests/child/apache.pp
View file
Expand Up @@ -20,6 +20,14 @@
$directories = undef
}

if $ssl_ca {
$_ssl_ca = $ssl_ca
} elsif $::pulp::ca_cert {
$_ssl_ca = $::pulp::ca_cert
} else {
$_ssl_ca = $pulp::child::server_ca_cert
}

apache::vhost { 'pulp-node-ssl':
servername => $servername,
docroot => '/var/www/html',
Expand All @@ -31,7 +39,7 @@
ssl => true,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_ca => $ssl_ca,
ssl_ca => $_ssl_ca,
ssl_certs_dir => '',
ssl_verify_client => 'optional',
ssl_options => '+StdEnvVars',
Expand Down
2 changes: 1 addition & 1 deletion manifests/init.pp
View file
Expand Up @@ -553,7 +553,7 @@
class { 'pulp::crane':
cert => $https_cert,
key => $https_key,
ca_cert => $https_ca_cert,
ca_cert => pick($pulp::https_ca_cert, $pulp::ca_cert),
ssl_chain => $https_chain,
port => $crane_port,
data_dir => $crane_data_dir,
Expand Down
2 changes: 1 addition & 1 deletion manifests/params.pp
View file
Expand Up @@ -57,7 +57,7 @@
$ca_key = '/etc/pki/pulp/ca.key'
$https_cert = $ca_cert
$https_key = $ca_key
$https_ca_cert = $ca_cert
$https_ca_cert = undef
$https_chain = undef
$ssl_username = 'SSL_CLIENT_S_DN_CN'
$enable_http = false
Expand Down
56 changes: 35 additions & 21 deletions spec/classes/pulp_apache_spec.rb
View file
Expand Up @@ -50,26 +50,6 @@
end
end

context 'with https_ca_cert on ::pulp class set' do
let :pre_condition do
"class { 'pulp':
https_ca_cert => '/path/to/ca.crt',
}"
end

let :facts do
default_facts
end

it 'should configure apache server with ssl' do
is_expected.to contain_apache__vhost('pulp-https').with({
:ssl_cert => '/etc/pki/pulp/ca.crt',
:ssl_key => '/etc/pki/pulp/ca.key',
:ssl_chain => nil,
:ssl_ca => '/path/to/ca.crt',
})
end
end

context 'with parameters' do
let :facts do
Expand Down Expand Up @@ -474,6 +454,40 @@
end

end
end

describe 'with https_ca_cert on ::pulp class set' do
let :pre_condition do
"class { 'pulp':
https_ca_cert => '/path/to/https_ca.crt',
}"
end

it 'should configure apache server with ssl' do
is_expected.to contain_apache__vhost('pulp-https').with({
:ssl_cert => '/etc/pki/pulp/ca.crt',
:ssl_key => '/etc/pki/pulp/ca.key',
:ssl_chain => nil,
:ssl_ca => '/path/to/https_ca.crt',
})
end
end

describe 'with https_ca_cert unset and ca_cert set on ::pulp class' do
let :pre_condition do
"class { 'pulp':
ca_cert => '/path/to/ca.crt',
}"
end

it 'should configure apache server with ssl' do
is_expected.to contain_apache__vhost('pulp-https').with({
:ssl_cert => '/etc/pki/pulp/ca.crt',
:ssl_key => '/etc/pki/pulp/ca.key',
:ssl_chain => nil,
:ssl_ca => '/path/to/ca.crt',
})
end
end

end
end
2 changes: 1 addition & 1 deletion spec/classes/pulp_child_apache_spec.rb
View file
Expand Up @@ -22,7 +22,7 @@ class {"::pulp::child":
.with_servername('foo.example.com')
.with_ssl_cert('/etc/pki/pulp/ssl_apache.crt')
.with_ssl_key('/etc/pki/pulp/ssl_apache.key')
.with_ssl_ca('/etc/pki/pulp/ca.crt')
.with_ssl_ca(nil)
.with_max_keep_alive(10000)
.with_ssl_username('SSL_CLIENT_S_DN_CN')
end
Expand Down

0 comments on commit ebf5e8b

Please sign in to comment.