From ee1b60e4a9bbfa6835a6f36f93b9eae303dfcc11 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Mon, 10 Feb 2014 15:38:03 -0700 Subject: [PATCH] change nssdb::add_cert_and_key type to treat it's title as the default nickname Previously, the title was being used as the default certdir param value. --- README.md | 5 +- manifests/add_cert_and_key.pp | 24 ++--- spec/defines/nssdb_add_cert_and_key_spec.rb | 111 ++++++++++++++------ tests/create.pp | 1 - 4 files changed, 90 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 2a2eb45..87c699a 100644 --- a/README.md +++ b/README.md @@ -14,22 +14,19 @@ nssdb::create { '/etc/dirsrv/slapd-ldap1': manage_certdir => false, } -nssdb::add_cert_and_key{ '/etc/dirsrv/slapd-ldap1': +nssdb::add_cert_and_key{ 'Server-Cert': certdir => '/etc/dirsrv/slapd-ldap1', - nickname => 'Server-Cert', cert => '/tmp/foo.pem', key => '/tmp/foo.key', } nssdb::add_cert { 'AlphaSSL CA': certdir => '/etc/dirsrv/slapd-ldap1', - nickname => 'AlphaSSL CA', cert => '/tmp/alphassl_intermediate.pem', } nssdb::add_cert { 'GlobalSign Root CA': certdir => '/etc/dirsrv/slapd-ldap1', - nickname => 'GlobalSign Root CA', cert => '/tmp/globalsign_root.pem', } ``` diff --git a/manifests/add_cert_and_key.pp b/manifests/add_cert_and_key.pp index 9e9a93d..4279d5a 100644 --- a/manifests/add_cert_and_key.pp +++ b/manifests/add_cert_and_key.pp @@ -1,32 +1,32 @@ # Loads a certificate and key into an NSS database. # # Parameters: -# $nickname - required - the nickname for the NSS certificate -# $cert - required - path to certificate in PEM format -# $key - required - path to unencrypted key in PEM format -# $certdir - optional - defaults to $title +# $certdir - required - defaults to $title +# $cert - required - path to certificate in PEM format +# $key - required - path to unencrypted key in PEM format +# $nickname - optional - the nickname for the NSS certificate # # Actions: # loads certificate and key into the NSS database. # # Requires: -# $nickname +# $certdir # $cert # $key # # Sample Usage: # -# nssdb::add_cert_and_key{"qpidd": -# nickname=> 'Server-Cert', -# cert => '/tmp/server.crt', -# key => '/tmp/server.key', -# } +# nssdb::add_cert_and_key{ 'Server-Cert': +# certdir => '/dne', +# cert => '/tmp/server.crt', +# key => '/tmp/server.key', +# } # define nssdb::add_cert_and_key ( - $nickname, + $certdir, $cert, $key, - $certdir = $title + $nickname = $title ) { include nssdb diff --git a/spec/defines/nssdb_add_cert_and_key_spec.rb b/spec/defines/nssdb_add_cert_and_key_spec.rb index 3d33a63..4208f00 100644 --- a/spec/defines/nssdb_add_cert_and_key_spec.rb +++ b/spec/defines/nssdb_add_cert_and_key_spec.rb @@ -1,43 +1,86 @@ require 'spec_helper' describe 'nssdb::add_cert_and_key', :type => :define do - let(:title) { '/dne' } - let(:params) do - { - :nickname => 'Server-Cert', - :cert => '/tmp/server.cert', - :key => '/tmp/server.key', - } - end + context 'default params' do + let(:title) { 'Server-Cert' } + let(:params) do + { + :certdir => '/dne', + :cert => '/tmp/server.cert', + :key => '/tmp/server.key', + } + end + + context 'generate_pkcs12' do + it do + should contain_exec('generate_pkcs12_Server-Cert').with( + :command => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/password.conf' -out '/dne/server-cert.p12' -name 'Server-Cert'", + :require => [ + 'Nssdb::Create[/dne]', + 'Class[Nssdb]' + ], + :creates => '/dne/server-cert.p12', + :subscribe => 'File[/dne/password.conf]' + ) + end + end - context 'generate_pkcs12' do - it do - should contain_exec('generate_pkcs12_/dne').with( - :command => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/password.conf' -out '/dne/server-cert.p12' -name 'Server-Cert'", - :require => [ - 'Nssdb::Create[/dne]', - 'Class[Nssdb]' - ], - :creates => '/dne/server-cert.p12', - :subscribe => 'File[/dne/password.conf]' - ) + context 'add_pkcs12' do + it do + should contain_exec('add_pkcs12_Server-Cert').with( + :path => ['/usr/bin'], + :command => "pk12util -d /dne -i /dne/server-cert.p12 -w /dne/password.conf -k /dne/password.conf", + :unless => "certutil -d /dne -L -n 'Server-Cert'", + :logoutput => true, + :require => [ + 'Exec[generate_pkcs12_Server-Cert]', + 'Nssdb::Create[/dne]', + 'Class[Nssdb]' + ] + ) + end end - end + end # default params - context 'add_pkcs12' do - it do - should contain_exec('add_pkcs12_/dne').with( - :path => ['/usr/bin'], - :command => "pk12util -d /dne -i /dne/server-cert.p12 -w /dne/password.conf -k /dne/password.conf", - :unless => "certutil -d /dne -L -n 'Server-Cert'", - :logoutput => true, - :require => [ - 'Exec[generate_pkcs12_/dne]', - 'Nssdb::Create[/dne]', - 'Class[Nssdb]' - ] - ) + context 'all params' do + let(:title) { 'foo' } + let(:params) do + { + :nickname => 'Server-Cert', + :certdir => '/dne', + :cert => '/tmp/server.cert', + :key => '/tmp/server.key', + } end - end + context 'generate_pkcs12' do + it do + should contain_exec('generate_pkcs12_foo').with( + :command => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/password.conf' -out '/dne/server-cert.p12' -name 'Server-Cert'", + :require => [ + 'Nssdb::Create[/dne]', + 'Class[Nssdb]' + ], + :creates => '/dne/server-cert.p12', + :subscribe => 'File[/dne/password.conf]' + ) + end + end + + context 'add_pkcs12' do + it do + should contain_exec('add_pkcs12_foo').with( + :path => ['/usr/bin'], + :command => "pk12util -d /dne -i /dne/server-cert.p12 -w /dne/password.conf -k /dne/password.conf", + :unless => "certutil -d /dne -L -n 'Server-Cert'", + :logoutput => true, + :require => [ + 'Exec[generate_pkcs12_foo]', + 'Nssdb::Create[/dne]', + 'Class[Nssdb]' + ] + ) + end + end + end # all params end diff --git a/tests/create.pp b/tests/create.pp index 27e8013..29abbf1 100644 --- a/tests/create.pp +++ b/tests/create.pp @@ -12,7 +12,6 @@ certdir => '/tmp/nssdb', cert => '/tmp/cert.pem', key => '/tmp/key.pem', - nickname => 'test', } # You can confirm that things are loaded properly with: