diff --git a/Gemfile b/Gemfile index 695715d..bcb5a3f 100644 --- a/Gemfile +++ b/Gemfile @@ -10,3 +10,7 @@ gem 'rake', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'puppet-lint', :require => false gem 'puppet-syntax', :require => false +# The patch needed to properly test the nsstools_add_cert() function +# https://github.com/rodjek/rspec-puppet/pull/155 +# https://github.com/rodjek/rspec-puppet/commit/03e94422fb9bbdd950d5a0bec6ead5d76e06616b +gem 'rspec-puppet', '1.0.1', :git => 'https://github.com/rodjek/rspec-puppet.git', :ref => '03e94422fb9bbdd950d5a0bec6ead5d76e06616b', :require => false diff --git a/lib/puppet/parser/functions/nsstools_add_cert.rb b/lib/puppet/parser/functions/nsstools_add_cert.rb new file mode 100644 index 0000000..8a14d8a --- /dev/null +++ b/lib/puppet/parser/functions/nsstools_add_cert.rb @@ -0,0 +1,62 @@ +module Puppet::Parser::Functions + newfunction(:nsstools_add_cert, :doc => <<-EOS +Iterates over a hash of cert nickname/path pairs (key/value) and creates +nsstools::add_cert resources. + +*Example:* + + nsstools_add_cert( + '/etc/dirsrv/slapd-ldap1', + { + 'AlphaSSL CA' => '/tmp/alphassl_intermediate.pem', + 'GlobalSign Root CA' => '/tmp/globalsign_root.pem', + } + ) + +Would effectively define these resources: + + nsstools::add_cert { 'AlphaSSL CA': + certdir => '/etc/dirsrv/slapd-ldap1', + nickname => 'AlphaSSL CA', + cert => '/tmp/alphassl_intermediate.pem', + } + + nsstools::add_cert { 'GlobalSign Root CA': + certdir => '/etc/dirsrv/slapd-ldap1', + nickname => 'GlobalSign Root CA', + cert => '/tmp/globalsign_root.pem', + } + + EOS + ) do |args| + unless args.size == 2 + raise(Puppet::ParseError, ":nsstools_add_cert(): " + + "Wrong number of arguments given #{args.size} for 2") + end + + certdir = args[0] + certs = args[1] + + unless certdir.is_a?(String) + raise(Puppet::ParseError, ":nsstools_add_cert(): " + + "First argument must be a string") + end + + unless certs.is_a?(Hash) + raise(Puppet::ParseError, ":nsstools_add_cert(): " + + "Second argument must be a hash") + end + + # we need to managle the resource name so multiple instances (and/or the + # admin server) can reuse the same certs + certs.each_pair do |nickname, cert| + function_create_resources(['nsstools::add_cert', { + "#{certdir}-#{nickname}" => { + 'certdir' => certdir, + 'nickname' => nickname, + 'cert' => cert, + } + }]) + end + end +end diff --git a/spec/functions/nsstools_add_cert_spec.rb b/spec/functions/nsstools_add_cert_spec.rb new file mode 100644 index 0000000..5018280 --- /dev/null +++ b/spec/functions/nsstools_add_cert_spec.rb @@ -0,0 +1,39 @@ +require 'spec_helper' + +describe 'nsstools_add_cert', :type => :puppet_function do + it 'should fail with < 2 param' do + expect { subject.call([1]) }.to raise_error(/Wrong number of arguments/) + end + + it 'should fail with > 2 param' do + expect { subject.call([1, 2, 3]) }.to raise_error(/Wrong number of arguments/) + end + + it 'should require first arg to be a string' do + expect { subject.call([1, 2]) }.to raise_error(/First argument must be a string/) + end + + it 'should require second arg to be a hash' do + expect { subject.call(['1', 2]) }.to raise_error(/Second argument must be a hash/) + end + + it 'should work with reasonable input' do + should run.with_params( + '/etc/dirsrv/slapd-ldap1', + { + 'AlphaSSL CA' => '/tmp/alphassl_intermediate.pem', + 'GlobalSign Root CA' => '/tmp/globalsign_root.pem', + } + ) + + alpha = catalogue.resource('Nsstools::Add_cert', '/etc/dirsrv/slapd-ldap1-AlphaSSL CA') + alpha[:nickname].should eq 'AlphaSSL CA' + alpha[:certdir].should eq '/etc/dirsrv/slapd-ldap1' + alpha[:cert].should eq '/tmp/alphassl_intermediate.pem' + + global = catalogue.resource('Nsstools::Add_cert', '/etc/dirsrv/slapd-ldap1-GlobalSign Root CA') + global[:nickname].should eq 'GlobalSign Root CA' + global[:certdir].should eq '/etc/dirsrv/slapd-ldap1' + global[:cert].should eq '/tmp/globalsign_root.pem' + end +end