theforeman · ekohl · Jan 15, 2021 · Jan 15, 2021 · Jan 15, 2021 · Jan 15, 2021
diff --git a/lib/puppet_x/certs/common.rb b/lib/puppet_x/certs/common.rb
@@ -51,16 +51,20 @@ module Common
 
           validate do |value|
             ca_resource = resource.catalog.resource(value.to_s)
-            if ca_resource && ca_resource.class.to_s != 'Puppet::Type::Ca'
-              raise ArgumentError, "Expected Ca resource, got #{ca_resource.class} #{ca_resource.inspect}"
+            if ca_resource
+              # rspec-puppet presents Puppet::Resource instances
+              resource_type = ca_resource.is_a?(Puppet::Resource) ? ca_resource.resource_type.to_s : ca_resource.class.to_s
+              if resource_type != 'Puppet::Type::Ca'
+                raise ArgumentError, "Expected Ca resource, got #{ca_resource.class} #{ca_resource.inspect}"
+              end
+            else
+              raise ArgumentError, "Ca #{value} not found in catalog"
             end
           end
         end
 
         autorequire(:ca) do
-          if @parameters.has_key?(:ca)
-            catalog.resource(@parameters[:ca].value.to_s).to_hash[:name]
-          end
+          [self[:ca]&.title].compact
         end
 
         autorequire(:file) do
@@ -90,32 +94,27 @@ module Common
             param_resource = resource.catalog.resource(value.to_s)
 
             if param_resource
-              param_resource_type = if param_resource.is_a?(Puppet::Resource)
-                                      param_resource.resource_type
-                                    else
-                                      param_resource.to_resource.resource_type
-                                    end
-
-              unless ['Puppet::Type::Ca', 'Puppet::Type::Cert'].include?(param_resource_type.to_s)
-                raise ArgumentError, "Expected Ca or Cert resource, got #{param_resource_type} #{param_resource.inspect}"
+              # rspec-puppet presents Puppet::Resource instances
+              resource_type = param_resource.is_a?(Puppet::Resource) ? param_resource.resource_type : param_resource.class
+              unless ['Puppet::Type::Ca', 'Puppet::Type::Cert'].include?(resource_type.to_s)
+                raise ArgumentError, "Expected Ca or Cert resource, got #{resource_type} #{param_resource.inspect}"
               end
+            else
+              raise ArgumentError, "Key_pair #{value} not found in catalog"
             end
           end
         end
 
-        define_method(:autorequire_cert) do |type|
-          if @parameters.has_key?(:key_pair)
-            key_pair = catalog.resource(@parameters[:key_pair].value.to_s)
-            key_pair.to_hash[:name] if key_pair && key_pair.type == type
-          end
-        end
-
         autorequire(:cert) do
-          autorequire_cert('Cert')
+          req = []
+          req << self[:key_pair].title if self[:key_pair].type == 'Cert'
+          req
         end
 
         autorequire(:ca) do
-          autorequire_cert('Ca')
+          req = []
+          req << self[:key_pair].title if self[:key_pair].type == 'Ca'
+          req
         end
 
         # Autorequire the nearest ancestor directory found in the catalog.

diff --git a/spec/classes/certs_candlepin_spec.rb b/spec/classes/certs_candlepin_spec.rb
@@ -8,7 +8,34 @@
       end
 
       describe 'with default parameters' do
-        it { should compile.with_all_deps }
+        it { is_expected.to compile.with_all_deps }
+
+        it { is_expected.to contain_certs__keypair('candlepin-ca') }
+        it { is_expected.to contain_pubkey('/etc/candlepin/certs/candlepin-ca.crt').that_comes_before('File[/etc/candlepin/certs/candlepin-ca.crt]') }
+        it { is_expected.to contain_file('/etc/candlepin/certs/candlepin-ca.crt') }
+        it { is_expected.to contain_privkey('/etc/candlepin/certs/candlepin-ca.key').that_comes_before('File[/etc/candlepin/certs/candlepin-ca.key]') }
+        it { is_expected.to contain_file('/etc/candlepin/certs/candlepin-ca.key') }
+
+        it { is_expected.to contain_certs__keypair('tomcat') }
+        it { is_expected.to contain_cert('foo.example.com-tomcat').with_ca('Ca[katello-default-ca]') }
+        it { is_expected.to contain_privkey('/etc/pki/katello/private/katello-tomcat.key') }
+        it { is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-tomcat.crt') }
+
+        it { is_expected.to contain_certs__keypair('candlepin') }
+        it { is_expected.to contain_cert('java-client').with_ca('Ca[katello-default-ca]') }
+        it { is_expected.to contain_pubkey('/etc/pki/katello/certs/java-client.crt').that_comes_before('File[/etc/pki/katello/certs/java-client.crt]') }
+        it { is_expected.to contain_file('/etc/pki/katello/certs/java-client.crt') }
+        it { is_expected.to contain_privkey('/etc/pki/katello/private/java-client.key').that_comes_before('File[/etc/pki/katello/private/java-client.key]') }
+        it { is_expected.to contain_file('/etc/pki/katello/private/java-client.key') }
+
+        it { is_expected.to contain_file('/etc/candlepin/certs/keystore') }
+        it { is_expected.to contain_file('/etc/pki/katello/keystore_password-file') }
+        it { is_expected.to contain_exec('candlepin-generate-ssl-keystore').that_notifies('File[/etc/candlepin/certs/keystore]') }
+
+        it { is_expected.to contain_file('/etc/candlepin/certs/truststore') }
+        it { is_expected.to contain_file('/etc/pki/katello/truststore_password-file') }
+        it { is_expected.to contain_exec('Create Candlepin truststore with CA').that_notifies('File[/etc/candlepin/certs/truststore]') }
+        it { is_expected.to contain_exec('import client certificate into Candlepin truststore').that_subscribes_to('File[/etc/candlepin/certs/truststore]') }
       end
     end
   end

diff --git a/spec/classes/certs_spec.rb b/spec/classes/certs_spec.rb
@@ -7,8 +7,74 @@
         os_facts
       end
 
-      it { should contain_class('certs::install') }
-      it { should contain_class('certs::config') }
+      context 'with default parameters' do
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_class('certs') }
+        it { is_expected.to contain_class('certs::params') }
+
+        # Install
+        it { is_expected.to contain_class('certs::install') }
+        it { is_expected.to contain_package('katello-certs-tools') }
+
+        # Config
+        it { is_expected.to contain_class('certs::config').that_requires('Class[certs::install]') }
+        it { is_expected.to contain_file('/etc/pki/katello').with_mode('0755').with_owner('root').with_group('root') }
+        it { is_expected.to contain_file('/etc/pki/katello/certs').with_mode('0755').with_owner('root').with_group('root') }
+        it { is_expected.to contain_file('/etc/pki/katello/private').with_mode('0750').with_owner('root').with_group('root') }
+
+        # CA verification
+        it { is_expected.to contain_class('certs::ca').that_requires('Class[certs::config]') }
+
+        it { is_expected.to contain_file('/etc/pki/katello/private/katello-default-ca.pwd') }
+        it do
+          is_expected.to contain_ca('katello-default-ca')
+            .with_common_name('foo.example.com')
+            .with_country('US')
+            .with_state('North Carolina')
+            .with_city('Raleigh')
+            .with_org('Katello')
+            .with_org_unit('SomeOrgUnit')
+            .with_expiration('36500')
+            .with_generate(true)
+            .with_deploy(true)
+            .that_requires('File[/etc/pki/katello/private/katello-default-ca.pwd]')
+        end
+
+        it do
+          is_expected.to contain_privkey('/etc/pki/katello/private/katello-default-ca.key')
+            .that_requires(['Ca[katello-default-ca]', 'File[/etc/pki/katello/private/katello-default-ca.pwd]'])
+        end
+
+        it do
+          is_expected.to contain_file('/etc/pki/katello/private/katello-default-ca.key')
+            .that_requires('Ca[katello-default-ca]')
+            .that_subscribes_to('Privkey[/etc/pki/katello/private/katello-default-ca.key]')
+        end
+
+        it do
+          is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-default-ca-stripped.crt')
+            .that_requires('Ca[katello-default-ca]')
+        end
+
+        it { is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-default-ca.crt').that_subscribes_to('Ca[katello-default-ca]') }
+        it do
+          is_expected.to contain_file('/etc/pki/katello/certs/katello-default-ca.crt')
+            .that_requires('Ca[katello-default-ca]')
+            .that_subscribes_to('Pubkey[/etc/pki/katello/certs/katello-default-ca.crt]')
+        end
+
+        it do
+          is_expected.to contain_ca('katello-server-ca')
+            .with_ca('Ca[katello-default-ca]')
+            .that_requires('Ca[katello-default-ca]')
+        end
+        it { is_expected.to contain_file('/root/ssl-build/KATELLO-TRUSTED-SSL-CERT').that_requires('Ca[katello-server-ca]') }
+        it { is_expected.to contain_pubkey('/etc/pki/katello/certs/katello-server-ca.crt') }
+        it do
+          is_expected.to contain_file('/etc/pki/katello/certs/katello-server-ca.crt')
+            .that_subscribes_to(['Ca[katello-server-ca]', 'Pubkey[/etc/pki/katello/certs/katello-server-ca.crt]'])
+        end
+      end
     end
   end
 end