Fix sles12 support

Changes: * this removes a check for filename extension in ca.pp; so you can use the same cert for suse and redhat * exec can use and array (I checked back until Puppet 3.5 - don't have older docs) - spec test updates included * sles12 should behave like opensuse and use update-ca-certificates
jlambert121 · Oct 24, 2016 · 97855ec · 97855ec
1 parent 2ef7e66
commit 97855ec
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 17 deletions.
diff --git a/manifests/ca.pp b/manifests/ca.pp
@@ -63,10 +63,6 @@
 
   if $source {
 
-    if inline_template('<% if /\.#{@certfile_suffix}$/.match(@source) then %>yes<% else %>no<% end %>') == 'no' {
-      fail("[Trusted_ca::Ca::${name}]: source must a PEM encoded file with the ${certfile_suffix} extension")
-    }
-
     file { "${install_path}/${_name}":
       ensure => 'file',
       source => $source,

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -31,20 +31,13 @@
   $certs_package        = $::trusted_ca::params::certs_package,
 ) inherits trusted_ca::params {
 
-  if is_array($path) {
-    $_path = join($path, ':')
-  }
-  else {
-    $_path = $path
-  }
-
   package { $certs_package:
     ensure  => $certificates_version,
   }
 
   exec { 'update_system_certs':
     command     => $update_command,
-    path        => $_path,
+    path        => $path,
     logoutput   => on_failure,
     refreshonly => true,
   }

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -50,15 +50,21 @@
       $certfile_suffix = 'pem'
       case $::operatingsystem {
         'SLES': {
-          $path = ['/usr/bin']
-          $update_command = 'c_rehash'
-          $install_path = '/etc/ssl/certs'
           case $::operatingsystemmajrelease {
             '11': {
               $certs_package = 'openssl-certs'
+              $path = ['/usr/bin']
+              $update_command = 'c_rehash'
+              $install_path = '/etc/ssl/certs'
             }
-            default: {
+            '12': {
               $certs_package = 'ca-certificates'
+              $path = ['/usr/sbin', '/usr/bin']
+              $update_command = 'update-ca-certificates'
+              $install_path = '/etc/pki/trust/anchors'
+            }
+            default: {
+              fail("${::osfamily} ${::operatingsystemmajrelease} has not been tested with this module.  Please feel free to test and report the results")
             }
           }
         }

diff --git a/spec/classes/trusted_ca_init_spec.rb b/spec/classes/trusted_ca_init_spec.rb
@@ -26,7 +26,7 @@
         context 'update_system_certs' do
           context 'array path' do
             let(:params) { { :path => ['/bin', '/usr/bin'] } }
-            it { should contain_exec('update_system_certs').with(:refreshonly => true, :path => '/bin:/usr/bin') }
+            it { should contain_exec('update_system_certs').with(:refreshonly => true, :path => ['/bin', '/usr/bin']) }
           end
 
           context 'string path' do