Move qpid client cert to /etc/pki/pulp

theforeman · Feb 15, 2019 · 7d07cac · 7d07cac
1 parent efa768d
commit 7d07cac
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 9 deletions.
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -73,7 +73,10 @@
   $katello_product        = 'node-certs'
   $katello_activation_key = undef
 
-  $messaging_client_cert = "${pki_dir}/qpid_client_striped.crt"
+  $pulp_pki_dir = '/etc/pki/pulp'
+
+  $qpid_client_cert = "${pulp_pki_dir}/qpid/client.crt"
+  $qpid_client_ca_cert = "${pulp_pki_dir}/qpid/ca.crt"
 
   $qpid_router_server_cert = "${pki_dir}/qpid_router_server.crt"
   $qpid_router_client_cert = "${pki_dir}/qpid_router_client.crt"

diff --git a/manifests/qpid_client.pp b/manifests/qpid_client.pp
@@ -6,7 +6,8 @@
   $regenerate            = $certs::regenerate,
   $deploy                = $certs::deploy,
 
-  $messaging_client_cert = $certs::messaging_client_cert,
+  $qpid_client_cert      = $certs::qpid_client_cert,
+  $qpid_client_ca_cert   = $certs::qpid_client_ca_cert,
 
   $country               = $certs::country,
   $state                 = $certs::state,
@@ -15,6 +16,8 @@
   $expiration            = $certs::expiration,
   $default_ca            = $certs::default_ca,
   $ca_key_password_file  = $certs::ca_key_password_file,
+
+  $cert_group            = 'apache',
 ) inherits certs {
 
   $qpid_client_cert_name = "${hostname}-qpid-client-cert"
@@ -39,16 +42,31 @@
 
   if $deploy {
 
+    file { $certs::pulp_pki_dir:
+      ensure => directory,
+      owner  => 'root',
+      group  => $cert_group,
+      mode   => '0640',
+    }
+
+    file { "${certs::pulp_pki_dir}/qpid":
+      ensure => directory,
+      owner  => 'root',
+      group  => $cert_group,
+      mode   => '0640',
+    } ~>
     Cert[$qpid_client_cert_name] ~>
-    key_bundle { $messaging_client_cert:
+    key_bundle { $qpid_client_cert:
       key_pair => Cert[$qpid_client_cert_name],
     } ~>
-    file { $messaging_client_cert:
-      owner => 'apache',
-      group => 'apache',
+    file { $qpid_client_cert:
+      owner => 'root',
+      group => $cert_group,
       mode  => '0640',
+    } ~>
+    pubkey { $qpid_client_ca_cert:
+      key_pair => $default_ca,
     }
-
   }
 
 }
diff --git a/spec/classes/certs_qpid_client_spec.rb b/spec/classes/certs_qpid_client_spec.rb
@@ -15,11 +15,11 @@
         end
 
         it do
-          is_expected.to contain_key_bundle('/etc/pki/katello/qpid_client_striped.crt')
+          is_expected.to contain_key_bundle('/etc/pki/pulp/qpid/client.crt')
             .with_key_pair('Cert[foo.example.com-qpid-client-cert]')
         end
 
-        it { is_expected.to contain_file('/etc/pki/katello/qpid_client_striped.crt') }
+        it { is_expected.to contain_file('/etc/pki/pulp/qpid/client.crt') }
       end
     end
   end