diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-04 13:23:33 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-06-08 16:57:15 +0300 |
commit | 2bb37b6189693d7588730eeb080f85009c3b6d6c (patch) | |
tree | 634b798f27cee19fc33aa9b0afaed6fed6f58775 /spec/classes | |
parent | 0a75929adeea9ea7a53ad5a45c9bb1f1b6962b9b (diff) |
Add resource to fetch CRL
This will fetch the CRL file from the specified file or URL. Furtherly
it will set up a cron job to refresh the crl file once a week and notify
the needed services.
bp tls-via-certmonger
Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
Diffstat (limited to 'spec/classes')
-rw-r--r-- | spec/classes/tripleo_certmonger_ca_crl_spec.rb | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/spec/classes/tripleo_certmonger_ca_crl_spec.rb b/spec/classes/tripleo_certmonger_ca_crl_spec.rb new file mode 100644 index 0000000..1e605ce --- /dev/null +++ b/spec/classes/tripleo_certmonger_ca_crl_spec.rb @@ -0,0 +1,104 @@ +# +# Copyright (C) 2017 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for tripleo +# + +require 'spec_helper' + +describe 'tripleo::certmonger::ca::crl' do + + shared_examples_for 'tripleo::certmonger::ca::crl' do + + context 'with default parameters (no crl_source)' do + it 'should ensure no CRL nor cron job are present' do + is_expected.to contain_file('tripleo-ca-crl').with( + :ensure => 'absent' + ) + is_expected.to contain_cron('tripleo-refresh-crl-file').with( + :ensure => 'absent' + ) + end + end + + context 'with defined CRL source' do + let :params do + { + :crl_dest => '/etc/pki/CA/crl/overcloud-crl.pem', + :crl_preprocessed => '/etc/pki/CA/crl/overcloud-crl.bin', + :crl_source => 'file://tmp/some/crl.bin', + } + end + + let :process_cmd do + "openssl crl -in #{params[:crl_preprocessed]} -inform DER -outform PEM -out #{params[:crl_dest]}" + end + + let :cron_cmd do + "curl -L -o #{params[:crl_preprocessed]} #{params[:crl_source]} && #{process_cmd}" + end + + it 'should create and process CRL file' do + is_expected.to contain_file('tripleo-ca-crl').with( + :ensure => 'present', + :source => params[:crl_source] + ) + is_expected.to contain_exec('tripleo-ca-crl-process-command').with( + :command => process_cmd + ) + is_expected.to contain_cron('tripleo-refresh-crl-file').with( + :ensure => 'present', + :command => cron_cmd + ) + end + end + + context 'with defined CRL source and no processing' do + let :params do + { + :crl_dest => '/etc/pki/CA/crl/overcloud-crl.pem', + :crl_source => 'file://tmp/some/crl.pem', + :process => false + } + end + + let :cron_cmd do + "curl -L -o #{params[:crl_dest]} #{params[:crl_source]}" + end + + it 'should create and process CRL file' do + is_expected.to contain_file('tripleo-ca-crl').with( + :ensure => 'present', + :source => params[:crl_source] + ) + is_expected.to_not contain_exec('tripleo-ca-crl-process-command') + is_expected.to contain_cron('tripleo-refresh-crl-file').with( + :ensure => 'present', + :command => cron_cmd + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({}) + end + + it_behaves_like 'tripleo::certmonger::ca::crl' + end + end +end |