Merge pull request voxpupuli#20 from opentable/change-to-thumbprint-f…

…or-certificates Change to thumbprint for certificates
insentia · Apr 16, 2014 · eff5c6e · eff5c6e
2 parents 077e959 + 2b6c61e
commit eff5c6e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 23 deletions.
diff --git a/Modulefile b/Modulefile
@@ -1,5 +1,5 @@
 name 'opentable/iis'
-version '0.0.2'
+version '1.0.0'
 author 'opentable'
 license 'MIT'
 summary 'Module that will manage IIS for windows server 2008 and above. It will help maintain application pools, sites and virtual applications'

diff --git a/manifests/manage_binding.pp b/manifests/manage_binding.pp
@@ -1,4 +1,4 @@
-define iis::manage_binding($site_name, $protocol, $port, $host_header = '', $ip_address = '*', $certificate_name = '', $ensure = 'present') {
+define iis::manage_binding($site_name, $protocol, $port, $host_header = '', $ip_address = '*', $certificate_thumbprint = '', $ensure = 'present') {
   include 'iis::param::powershell'
 
   if ! ($protocol in [ 'http', 'https', 'net.tcp', 'net.pipe', 'netmsmq', 'msmq.formatname' ]) {
@@ -23,15 +23,15 @@
     }
 
     if ($protocol == 'https') {
-      validate_re($certificate_name, ['^(.)+$'], 'certificate_name required for https bindings')
+      validate_re($certificate_thumbprint, ['^(.)+$'], 'certificate_thumbprint required for https bindings')
       if ($ip_address == '*' or $ip_address == '0.0.0.0') {
         fail('https bindings require a valid ip_address')
       }
 
       exec { "Attach-Certificate-${title}":
         path      => "${iis::param::powershell::path};${::path}",
-        command   => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; New-Item \\\"IIS:\\SslBindings\\${ip_address}!${port}\\\" -Value (Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.FriendlyName.Equals(\\\"${certificate_name}\\\")} | Select-Object -First 1)\"",
-        onlyif    => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; if((Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.FriendlyName.Equals(\\\"${certificate_name}\\\")} | Select-Object -First 1) -and ((Test-Path \\\"IIS:\\SslBindings\\${ip_address}!${port}\\\") -eq \$false)) { exit 0 } else { exit 1 }\"",
+        command   => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; New-Item \\\"IIS:\\SslBindings\\${ip_address}!${port}\\\" -Value (Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.Thumbprint.Equals(\\\"${certificate_thumbprint}\\\")} | Select-Object -First 1)\"",
+        onlyif    => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; if((Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.Thumbprint.Equals(\\\"${certificate_thumbprint}\\\")} | Select-Object -First 1) -and ((Test-Path \\\"IIS:\\SslBindings\\${ip_address}!${port}\\\") -eq \$false)) { exit 0 } else { exit 1 }\"",
         require   => Exec["CreateBinding-${title}"],
         logoutput => true,
       }

diff --git a/spec/defines/manage_binding_spec.rb b/spec/defines/manage_binding_spec.rb
@@ -82,17 +82,17 @@
         :ip_address => '127.0.0.1',
     } }
 
-    it { expect { should contain_exec('Attach-Certificate-myWebSite-port-443')}.to raise_error(Puppet::Error, /certificate_name required for https bindings/) }
+    it { expect { should contain_exec('Attach-Certificate-myWebSite-port-443')}.to raise_error(Puppet::Error, /certificate_thumbprint required for https bindings/) }
   end
 
   describe 'when protocol is https and ip address *' do
     let(:title) { 'myWebSite-port-443' }
     let(:params) { {
-        :site_name        => 'myWebSite',
-        :certificate_name => 'myCertificate',
-        :protocol         => 'https',
-        :port             => '443',
-        :ip_address       => '*',
+        :site_name              => 'myWebSite',
+        :certificate_thumbprint => 'myCertificate',
+        :protocol               => 'https',
+        :port                   => '443',
+        :ip_address             => '*',
     } }
 
     it { expect { should contain_exec('Attach-Certificate-myWebSite-port-443')}.to raise_error(Puppet::Error, /https bindings require a valid ip_address/) }
@@ -101,11 +101,11 @@
   describe 'when protocol is https and ip address 0.0.0.0' do
     let(:title) { 'myWebSite-port-443' }
     let(:params) { {
-        :site_name        => 'myWebSite',
-        :certificate_name => 'myCertificate',
-        :protocol         => 'https',
-        :port             => '443',
-        :ip_address       => '0.0.0.0',
+        :site_name              => 'myWebSite',
+        :certificate_thumbprint => 'myCertificate',
+        :protocol               => 'https',
+        :port                   => '443',
+        :ip_address             => '0.0.0.0',
     } }
 
     it { expect { should contain_exec('Attach-Certificate-myWebSite-port-443')}.to raise_error(Puppet::Error, /https bindings require a valid ip_address/) }
@@ -114,16 +114,16 @@
   describe 'when protocol is https and all required parameters exist' do
     let(:title) { 'myWebSite-port-443' }
     let(:params) { {
-        :site_name        => 'myWebSite',
-        :certificate_name => 'myCertificate',
-        :protocol         => 'https',
-        :port             => '443',
-        :ip_address       => '127.0.0.1',
+        :site_name              => 'myWebSite',
+        :certificate_thumbprint => 'myCertificate',
+        :protocol               => 'https',
+        :port                   => '443',
+        :ip_address             => '127.0.0.1',
     } }
 
     it { should contain_exec('Attach-Certificate-myWebSite-port-443').with({
-      'command' => "#{powershell} -Command \"Import-Module WebAdministration; New-Item \\\"IIS:\\SslBindings\\127.0.0.1!443\\\" -Value (Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.FriendlyName.Equals(\\\"myCertificate\\\")} | Select-Object -First 1)\"",
-      'onlyif'  => "#{powershell} -Command \"Import-Module WebAdministration; if((Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.FriendlyName.Equals(\\\"myCertificate\\\")} | Select-Object -First 1) -and ((Test-Path \\\"IIS:\\SslBindings\\127.0.0.1!443\\\") -eq \$false)) { exit 0 } else { exit 1 }\"",
+      'command' => "#{powershell} -Command \"Import-Module WebAdministration; New-Item \\\"IIS:\\SslBindings\\127.0.0.1!443\\\" -Value (Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.Thumbprint.Equals(\\\"myCertificate\\\")} | Select-Object -First 1)\"",
+      'onlyif'  => "#{powershell} -Command \"Import-Module WebAdministration; if((Get-ChildItem cert:\\ -Recurse | Where-Object {\$_.Thumbprint.Equals(\\\"myCertificate\\\")} | Select-Object -First 1) -and ((Test-Path \\\"IIS:\\SslBindings\\127.0.0.1!443\\\") -eq \$false)) { exit 0 } else { exit 1 }\"",
     })}
   end