From 0a0340c9b3fe8d4d1c6f8b51bf83ac5fc9c2b61f Mon Sep 17 00:00:00 2001
From: Jeremy Grant <jeremy.grant@wal-mart.com>
Date: Thu, 23 Jun 2016 01:25:32 -0500
Subject: [PATCH 1/3] updated to add support for SLES11/12

---
 README.md                    |   3 +-
 manifests/ca.pp              |  47 ++++++----
 manifests/init.pp            |   4 +-
 manifests/params.pp          |  19 +++-
 manifests/update.pp          |   2 +-
 metadata.json                |   7 ++
 spec/classes/ca_cert_spec.rb | 115 +++++++++++++++++++++++++
 spec/classes/params_spec.rb  |  22 +++++
 spec/classes/update_spec.rb  |  44 ++++++++++
 spec/defines/ca_spec.rb      | 162 +++++++++++++++++++++++++++++++++--
 10 files changed, 395 insertions(+), 30 deletions(-)

diff --git a/README.md b/README.md
index 100efd3..08f5f83 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,7 @@ ca_cert::ca { 'GlobalSign-OrgSSL-Intermediate':
               is also required. Defaults to text.
               **Warning**: certificates delivered via http, https, or ftp won't be
               updated if the upstream source changes.
+              ** SLES 11 Specific Detail**: Cert File must be in `.pem` format
   * `ensure`: Whether or not the CA certificate should be on the system or not. Valid
               values are trusted, present, distrusted, and absent. Trusted is the same
               as present. On Debian systems untrusted is the same as absent. On RedHat
@@ -74,4 +75,4 @@ ca_cert::ca { 'GlobalSign-OrgSSL-Intermediate':
 Supported Platforms
 -------------------
 
-This module has been tested on Ubuntu 14.04, Ubuntu 12.04, and on CentOS 6.
+This module has been tested on Ubuntu 14.04, Ubuntu 12.04, CentOS 6, SLES 11, and SLES 12.
diff --git a/manifests/ca.pp b/manifests/ca.pp
index 05cf530..1c2c81a 100644
--- a/manifests/ca.pp
+++ b/manifests/ca.pp
@@ -34,8 +34,8 @@
   $verify_https_cert = true,
 ) {
 
-  include ca_cert::params
-  include ca_cert::update
+  include ::ca_cert::params
+  include ::ca_cert::update
 
   validate_string($source)
   validate_bool($verify_https_cert)
@@ -44,28 +44,37 @@
     fail('ca_text is required if source is set to text')
   }
 
-  # Since Debian based OSes don't have explicit distrust directories
+  # Since Debian/Suse based OSes don't have explicit distrust directories
   # we need to change untrusted to absent and put a warning in the log.
-  if $::osfamily == 'Debian' and $ensure == 'distrusted' {
+  if $::osfamily =~ /^(Debian|Suse)$/ and $ensure == 'distrusted' {
     warning("Cannot explicitly set CA distrust on ${::operatingsystem}.")
     warning("Ensuring that ${name} CA is absent from the trusted list.")
     $adjusted_ensure = 'absent'
   } else {
     $adjusted_ensure = $ensure
   }
+  # Determine Full Resource Name
+  # Sles 11 Only Supports .pem files
+  # Other supported OS variants default to .crt
+  if $::osfamily == 'Suse' and $::operatingsystemmajrelease == '11' {
+    if $source != 'text' and $source !~ /^.*\.pem$/ {
+      fail("${source} not proper format - SLES 11 CA Files must be in .pem format")
+    }
+  }
+  $resource_name = "${name}.${ca_cert::params::ca_file_extension}"
 
   $ca_cert = $adjusted_ensure ? {
-    'distrusted' => "${ca_cert::params::distrusted_cert_dir}/${name}.crt",
-    default      => "${ca_cert::params::trusted_cert_dir}/${name}.crt",
+    'distrusted' => "${ca_cert::params::distrusted_cert_dir}/${resource_name}",
+    default      => "${ca_cert::params::trusted_cert_dir}/${resource_name}",
   }
 
   case $adjusted_ensure {
-    present, trusted, distrusted: {
-      $sourceArray = split($source, ':')
-      $protocol_type = $sourceArray[0]
+    'present', 'trusted', 'distrusted': {
+      $source_array = split($source, ':')
+      $protocol_type = $source_array[0]
       case $protocol_type {
-        puppet: {
-          file { "${name}.crt":
+        'puppet': {
+          file { $resource_name:
             ensure => present,
             source => $source,
             path   => $ca_cert,
@@ -74,12 +83,12 @@
             notify => Exec['ca_cert_update'],
           }
         }
-        ftp, https, http: {
+        'ftp', 'https', 'http': {
           $verify_https = $verify_https_cert ? {
             true  => '',
             false => '--no-check-certificate',
           }
-          exec { "get_${name}.crt":
+          exec { "get_${resource_name}":
             command =>
               "wget ${verify_https} -O ${ca_cert} ${source} 2> /dev/null",
             path    => ['/usr/bin', '/bin'],
@@ -87,9 +96,9 @@
             notify  => Exec['ca_cert_update'],
           }
         }
-        file: {
-          $source_path = $sourceArray[1]
-          file { "${name}.crt":
+        'file': {
+          $source_path = $source_array[1]
+          file { $resource_name:
             ensure => present,
             source => $source_path,
             path   => $ca_cert,
@@ -98,8 +107,8 @@
             notify => Exec['ca_cert_update'],
           }
         }
-        text: {
-          file { "${name}.crt":
+        'text': {
+          file { $resource_name:
             ensure  => present,
             content => $ca_text,
             path    => $ca_cert,
@@ -113,7 +122,7 @@
         }
       }
     }
-    absent: {
+    'absent': {
       file { $ca_cert:
         ensure => absent,
       }
diff --git a/manifests/init.pp b/manifests/init.pp
index e715006..343da2b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -44,8 +44,8 @@
   $package_ensure      = present,
 ){
 
-  include ca_cert::params
-  include ca_cert::update
+  include ::ca_cert::params
+  include ::ca_cert::update
 
   validate_bool($always_update_certs)
   validate_hash($ca_certs)
diff --git a/manifests/params.pp b/manifests/params.pp
index 2b8a63a..8ecb387 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,16 +1,31 @@
 # Private class
 class ca_cert::params {
   case $::osfamily {
-    'debian': {
+    'Debian': {
       $trusted_cert_dir = '/usr/local/share/ca-certificates'
       $update_cmd       = 'update-ca-certificates'
       $cert_dir_group   = 'staff'
+      $ca_file_extension = 'crt'
     }
-    'redhat': {
+    'RedHat': {
       $trusted_cert_dir    = '/etc/pki/ca-trust/source/anchors'
       $distrusted_cert_dir = '/etc/pki/ca-trust/source/blacklist'
       $update_cmd          = 'update-ca-trust extract'
       $cert_dir_group      = 'root'
+      $ca_file_extension = 'crt'
+    }
+    'Suse': {
+      if $::operatingsystemmajrelease == '11'  {
+        $trusted_cert_dir  = '/etc/ssl/certs'
+        $update_cmd        = 'c_rehash'
+        $ca_file_extension = 'pem'
+      }
+      else {
+        $trusted_cert_dir  = '/etc/pki/trust/anchors'
+        $update_cmd        = 'update-ca-certificates'
+        $ca_file_extension = 'crt'
+      }
+      $cert_dir_group      = 'root'
     }
     default: {
       fail("Unsupported osfamily (${::osfamily})")
diff --git a/manifests/update.pp b/manifests/update.pp
index dd8a63b..c8827bf 100644
--- a/manifests/update.pp
+++ b/manifests/update.pp
@@ -1,6 +1,6 @@
 # Private class
 class ca_cert::update {
-  include ca_cert::params
+  include ::ca_cert::params
 
   if $::osfamily == 'RedHat' {
     exec { 'enable_ca_trust':
diff --git a/metadata.json b/metadata.json
index 37aaeab..300a428 100644
--- a/metadata.json
+++ b/metadata.json
@@ -16,6 +16,13 @@
         "6.0"
       ]
     },
+    {
+      "operatingsystem": "Suse",
+      "operatingsystemrelease": [
+        "11.0",
+        "12.0"
+      ]
+    },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
diff --git a/spec/classes/ca_cert_spec.rb b/spec/classes/ca_cert_spec.rb
index fc2a3b7..a050835 100644
--- a/spec/classes/ca_cert_spec.rb
+++ b/spec/classes/ca_cert_spec.rb
@@ -1,6 +1,12 @@
 require 'spec_helper'
 
 describe 'ca_cert', :type => :class do
+
+  shared_examples 'compiles and includes params class' do
+    it { should compile }
+    it { should contain_class('ca_cert::params') }
+  end
+
   context "on a Debian based OS" do
     let :facts do
       {
@@ -8,6 +14,8 @@
       }
     end
 
+    it_behaves_like 'compiles and includes params class' do
+    end
     it { is_expected.to contain_package('ca-certificates') }
 
     it { is_expected.to contain_file("trusted_certs").with(
@@ -40,6 +48,8 @@
       }
     end
 
+    it_behaves_like 'compiles and includes params class' do
+    end
     it { is_expected.to contain_package('ca-certificates') }
 
     it { is_expected.to contain_file("trusted_certs").with(
@@ -65,6 +75,111 @@
       }
     end
   end
+  context "on a Suse 11 based OS" do
+    let :facts do
+      {
+        :osfamily => 'Suse',
+        :operatingsystemmajrelease => '11',
+      }
+    end
+
+    it_behaves_like 'compiles and includes params class' do
+    end
+    it { is_expected.to contain_package('ca-certificates') }
+
+    it { is_expected.to contain_file("trusted_certs").with(
+        'ensure' => 'directory',
+        'path'   => '/etc/ssl/certs',
+        'group'  => 'root',
+        'purge'  => 'false',
+      )
+    }
+
+    context "with purge_unmanaged_CAs set to true" do
+      let :params do
+        {
+          :purge_unmanaged_CAs => 'true',
+        }
+      end
+      it { is_expected.to contain_file("trusted_certs").with(
+          'ensure' => 'directory',
+          'path'   => '/etc/ssl/certs',
+          'group'  => 'root',
+          'purge'  => 'true',
+        )
+      }
+    end
+  end
+  context "on a Suse 11 based OS" do
+    let :facts do
+      {
+        :osfamily => 'Suse',
+        :operatingsystemmajrelease => '11',
+      }
+    end
+
+    it_behaves_like 'compiles and includes params class' do
+    end
+    it { is_expected.to contain_package('ca-certificates') }
+
+    it { is_expected.to contain_file("trusted_certs").with(
+        'ensure' => 'directory',
+        'path'   => '/etc/ssl/certs',
+        'group'  => 'root',
+        'purge'  => 'false',
+      )
+    }
+
+    context "with purge_unmanaged_CAs set to true" do
+      let :params do
+        {
+          :purge_unmanaged_CAs => 'true',
+        }
+      end
+      it { is_expected.to contain_file("trusted_certs").with(
+          'ensure' => 'directory',
+          'path'   => '/etc/ssl/certs',
+          'group'  => 'root',
+          'purge'  => 'true',
+        )
+      }
+    end
+  end
+  context "on a Suse 12 based OS" do
+    let :facts do
+      {
+        :osfamily => 'Suse',
+        :operatingsystemmajrelease => '12',
+      }
+    end
+
+    it_behaves_like 'compiles and includes params class' do
+    end
+    it { is_expected.to contain_package('ca-certificates') }
+
+    it { is_expected.to contain_file("trusted_certs").with(
+        'ensure' => 'directory',
+        'path'   => '/etc/pki/trust/anchors',
+        'group'  => 'root',
+        'purge'  => 'false',
+      )
+    }
+
+    context "with purge_unmanaged_CAs set to true" do
+      let :params do
+        {
+          :purge_unmanaged_CAs => 'true',
+        }
+      end
+      it { is_expected.to contain_file("trusted_certs").with(
+          'ensure' => 'directory',
+          'path'   => '/etc/pki/trust/anchors',
+          'group'  => 'root',
+          'purge'  => 'true',
+        )
+      }
+    end
+  end
   context "on a Solaris based OS" do
     let :facts do
       {
diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb
index 5fab926..0e47701 100644
--- a/spec/classes/params_spec.rb
+++ b/spec/classes/params_spec.rb
@@ -1,6 +1,12 @@
 require 'spec_helper'
 
 describe 'ca_cert::params', :type => :class do
+
+  shared_examples 'compiles and includes params class' do
+    it { should compile }
+    it { should contain_class('ca_cert::params') }
+  end
+
   [
     'Debian',
     'RedHat',
@@ -12,11 +18,27 @@
     end
     context "with osfamily #{osfamily}" do
 
+    it_behaves_like 'compiles and includes params class' do
+    end
       it "should not contain any resources" do
         should have_resource_count(0)
       end
     end
   end
+  context "On a Suse 12 Operating System" do
+    let :facts do
+      {
+        :osfamily => 'Suse',
+        :operatingsystemmajrelease => '12',
+      }
+    end
+
+    it_behaves_like 'compiles and includes params class' do
+    end
+    it "should not contain any resources" do
+      should have_resource_count(0)
+    end
+  end
   context "on an unsupported operating system" do
     let :facts do
       {
diff --git a/spec/classes/update_spec.rb b/spec/classes/update_spec.rb
index 3bdb121..aa1e4ec 100644
--- a/spec/classes/update_spec.rb
+++ b/spec/classes/update_spec.rb
@@ -1,6 +1,12 @@
 require 'spec_helper'
 
 describe 'ca_cert::update', :type => :class do
+
+  shared_examples 'compiles and includes params class' do
+    it { should compile }
+    it { should contain_class('ca_cert::params') }
+  end
+
   context "on a Debian based OS" do
     let :facts do
       {
@@ -8,6 +14,8 @@
       }
     end
 
+    it_behaves_like 'compiles and includes params class' do
+    end
     it { is_expected.not_to contain_exec('enable_ca_trust') }
     it { is_expected.to contain_exec('ca_cert_update').with(
       :command     => 'update-ca-certificates',
@@ -22,6 +30,8 @@
       }
     end
 
+    it_behaves_like 'compiles and includes params class' do
+    end
     it { is_expected.to contain_exec('enable_ca_trust').with(
       :command => 'update-ca-trust enable',
     ) }
@@ -31,4 +41,38 @@
     )}
 
   end
+  context "on a Suse 11 based OS" do
+    let :facts do
+      {
+        :osfamily => 'Suse',
+        :operatingsystemmajrelease => '11',
+      }
+    end
+
+    it_behaves_like 'compiles and includes params class' do
+    end
+    it { is_expected.not_to contain_exec('enable_ca_trust') }
+    it { is_expected.to contain_exec('ca_cert_update').with(
+      :command     => 'c_rehash',
+      :refreshonly => true,
+    )}
+
+  end
+  context "on a Suse 12 based OS" do
+    let :facts do
+      {
+        :osfamily => 'Suse',
+        :operatingsystemmajrelease => '12',
+      }
+    end
+
+    it_behaves_like 'compiles and includes params class' do
+    end
+    it { is_expected.not_to contain_exec('enable_ca_trust') }
+    it { is_expected.to contain_exec('ca_cert_update').with(
+      :command     => 'update-ca-certificates',
+      :refreshonly => true,
+    )}
+
+  end
 end
diff --git a/spec/defines/ca_spec.rb b/spec/defines/ca_spec.rb
index e1562ef..cea3911 100644
--- a/spec/defines/ca_spec.rb
+++ b/spec/defines/ca_spec.rb
@@ -4,6 +4,9 @@
   HTTP_URL  = 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
   DEBIAN_CA_FILE = '/usr/local/share/ca-certificates/Globalsign_Org_Intermediate.crt'
   REDHAT_CA_FILE = '/etc/pki/ca-trust/source/anchors/Globalsign_Org_Intermediate.crt'
+  SUSE_11_HTTP_URL = 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.pem'
+  SUSE_11_CA_FILE = '/etc/ssl/certs/Globalsign_Org_Intermediate.pem'
+  SUSE_12_CA_FILE = '/etc/pki/trust/anchors/Globalsign_Org_Intermediate.crt'
   DISTRUSTED_REDHAT_CA_FILE = '/etc/pki/ca-trust/source/blacklist/Globalsign_Org_Intermediate.crt'
   GLOBALSIGN_ORG_CA = '-----BEGIN CERTIFICATE-----
 MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
@@ -54,6 +57,28 @@
     }
   end
 
+  let :suse_11_facts do
+    {
+      :osfamily => 'Suse',
+      :operatingsystem => 'Suse',
+      :operatingsystemmajrelease => '11',
+    }
+  end
+
+  let :suse_12_facts do
+    {
+      :osfamily => 'Suse',
+      :operatingsystem => 'Suse',
+      :operatingsystemmajrelease => '12',
+    }
+  end
+
+  shared_examples 'compiles and includes main and params classes' do
+    it { should compile }
+    it { is_expected.to contain_class("ca_cert") }
+    it { is_expected.to contain_class("ca_cert::params") }
+  end
+
   describe 'failure conditions' do
     let :facts do debian_facts end
 
@@ -85,9 +110,8 @@
           :source => HTTP_URL
         }
       end
-      it { is_expected.to contain_class("ca_cert") }
-      it { is_expected.to contain_class("ca_cert::params") }
-
+      it_behaves_like 'compiles and includes main and params classes' do
+      end
       describe 'with a remote certificate' do
         let :params do
           {
@@ -138,8 +162,9 @@
           :source => HTTP_URL
         }
       end
-      it { is_expected.to contain_class("ca_cert") }
-      it { is_expected.to contain_class("ca_cert::params") }
+
+      it_behaves_like 'compiles and includes main and params classes' do
+      end
 
       describe 'with a remote certificate' do
         let :params do
@@ -190,5 +215,132 @@
         )}
       end
     end
+
+    context "On Suse 11 based systems" do
+      let :facts do suse_11_facts end
+      let :params do
+        {
+          :source => SUSE_11_HTTP_URL
+        }
+      end
+
+      it_behaves_like 'compiles and includes main and params classes' do
+      end
+
+      describe 'with a remote certificate' do
+        let :params do
+          {
+            :source => SUSE_11_HTTP_URL,
+          }
+        end
+
+        it { is_expected.to contain_exec("get_Globalsign_Org_Intermediate.pem").with(
+            'creates' => SUSE_11_CA_FILE,
+            'command' => "wget  -O #{SUSE_11_CA_FILE} #{SUSE_11_HTTP_URL} 2> /dev/null",
+          ) }
+        it { is_expected.not_to contain_file(SUSE_11_CA_FILE) }
+      end
+      describe 'with the certificate delivered as a string' do
+        let :params do
+          {
+            :source  => 'text',
+            :ca_text => GLOBALSIGN_ORG_CA,
+          }
+        end
+        it { is_expected.to contain_file('Globalsign_Org_Intermediate.pem').with(
+          'ensure'  => 'present',
+          'content' => GLOBALSIGN_ORG_CA,
+          'path'    => SUSE_11_CA_FILE,
+        ) }
+      end
+      describe "when removing the CA cert" do
+        let :params do
+          {
+            :ensure => 'absent',
+          }
+        end
+        it { is_expected.to contain_file(SUSE_11_CA_FILE).with(
+          'ensure' => 'absent'
+        )}
+      end
+      describe "when removing the CA cert" do
+        ['absent', 'distrusted'].each do |suse_ensure|
+          let :params do
+            {
+              :ensure => suse_ensure,
+              :source => SUSE_11_HTTP_URL,
+            }
+          end
+          context "with ensure set to #{suse_ensure}" do
+            it { is_expected.to contain_file(SUSE_11_CA_FILE).with(
+              'ensure' => 'absent'
+            ) }
+          end
+        end
+      end
+    end
+    context "On Suse 12 based systems" do
+      let :facts do suse_12_facts end
+      let :params do
+        {
+          :source => HTTP_URL
+        }
+      end
+
+      it_behaves_like 'compiles and includes main and params classes' do
+      end
+
+      describe 'with a remote certificate' do
+        let :params do
+          {
+            :source => HTTP_URL,
+          }
+        end
+
+        it { is_expected.to contain_exec("get_Globalsign_Org_Intermediate.crt").with(
+            'creates' => SUSE_12_CA_FILE,
+            'command' => "wget  -O #{SUSE_12_CA_FILE} #{HTTP_URL} 2> /dev/null",
+          ) }
+        it { is_expected.not_to contain_file(SUSE_12_CA_FILE) }
+      end
+      describe 'with the certificate delivered as a string' do
+        let :params do
+          {
+            :source  => 'text',
+            :ca_text => GLOBALSIGN_ORG_CA,
+          }
+        end
+        it { is_expected.to contain_file('Globalsign_Org_Intermediate.crt').with(
+          'ensure'  => 'present',
+          'content' => GLOBALSIGN_ORG_CA,
+          'path'    => SUSE_12_CA_FILE,
+        ) }
+      end
+      describe "when removing the CA cert" do
+        let :params do
+          {
+            :ensure => 'absent',
+          }
+        end
+        it { is_expected.to contain_file(SUSE_12_CA_FILE).with(
+          'ensure' => 'absent'
+        )}
+      end
+      describe "when removing the CA cert" do
+        ['absent', 'distrusted'].each do |suse_ensure|
+          let :params do
+            {
+              :ensure => suse_ensure,
+              :source => HTTP_URL,
+            }
+          end
+          context "with ensure set to #{suse_ensure}" do
+            it { is_expected.to contain_file(SUSE_12_CA_FILE).with(
+              'ensure' => 'absent'
+            ) }
+          end
+        end
+      end
+    end
   end
 end

From da109d90242569609a2b163ef2ceba779ef80093 Mon Sep 17 00:00:00 2001
From: Jeremy Grant <jeremy.grant@wal-mart.com>
Date: Thu, 23 Jun 2016 13:34:15 -0500
Subject: [PATCH 2/3] Updated to correct SLES CA package bundle name

---
 manifests/init.pp            | 7 ++++---
 manifests/params.pp          | 3 +++
 spec/classes/ca_cert_spec.rb | 6 +++---
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 343da2b..b73e814 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -42,7 +42,8 @@
   $install_package     = true,
   $ca_certs            = {},
   $package_ensure      = present,
-){
+  $package_name        = $ca_cert::params::package_name,
+) inherits ca_cert::params {
 
   include ::ca_cert::params
   include ::ca_cert::update
@@ -71,10 +72,10 @@
 
   if $install_package == true {
     if $package_ensure == present or $package_ensure == installed {
-      ensure_packages(['ca-certificates'])
+      ensure_packages([$package_name])
     }
     else {
-      package { 'ca-certificates':
+      package { $package_name:
         ensure => $package_ensure,
       }
     }
diff --git a/manifests/params.pp b/manifests/params.pp
index 8ecb387..7123e42 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -6,6 +6,7 @@
       $update_cmd       = 'update-ca-certificates'
       $cert_dir_group   = 'staff'
       $ca_file_extension = 'crt'
+      $package_name      = 'ca-certificates'
     }
     'RedHat': {
       $trusted_cert_dir    = '/etc/pki/ca-trust/source/anchors'
@@ -13,6 +14,7 @@
       $update_cmd          = 'update-ca-trust extract'
       $cert_dir_group      = 'root'
       $ca_file_extension = 'crt'
+      $package_name      = 'ca-certificates'
     }
     'Suse': {
       if $::operatingsystemmajrelease == '11'  {
@@ -26,6 +28,7 @@
         $ca_file_extension = 'crt'
       }
       $cert_dir_group      = 'root'
+      $package_name        = 'openssl-certs'
     }
     default: {
       fail("Unsupported osfamily (${::osfamily})")
diff --git a/spec/classes/ca_cert_spec.rb b/spec/classes/ca_cert_spec.rb
index a050835..7090940 100644
--- a/spec/classes/ca_cert_spec.rb
+++ b/spec/classes/ca_cert_spec.rb
@@ -85,7 +85,7 @@
 
     it_behaves_like 'compiles and includes params class' do
     end
-    it { is_expected.to contain_package('ca-certificates') }
+    it { is_expected.to contain_package('openssl-certs') }
 
     it { is_expected.to contain_file("trusted_certs").with(
         'ensure' => 'directory',
@@ -120,7 +120,7 @@
 
     it_behaves_like 'compiles and includes params class' do
     end
-    it { is_expected.to contain_package('ca-certificates') }
+    it { is_expected.to contain_package('openssl-certs') }
 
     it { is_expected.to contain_file("trusted_certs").with(
         'ensure' => 'directory',
@@ -155,7 +155,7 @@
 
     it_behaves_like 'compiles and includes params class' do
     end
-    it { is_expected.to contain_package('ca-certificates') }
+    it { is_expected.to contain_package('openssl-certs') }
 
     it { is_expected.to contain_file("trusted_certs").with(
         'ensure' => 'directory',

From bf899db008fdeef99cbe0354c398e19aab6fa8b1 Mon Sep 17 00:00:00 2001
From: Jeremy Grant <jeremy.grant@outlook.com>
Date: Wed, 23 Nov 2016 09:31:54 -0600
Subject: [PATCH 3/3] added support for SLES10 CA cert management

---
 manifests/ca.pp              | 18 +++-----
 manifests/params.pp          |  2 +-
 metadata.json                |  1 +
 spec/classes/ca_cert_spec.rb | 79 +++++++++++-------------------------
 spec/classes/params_spec.rb  | 26 +++++++-----
 spec/classes/update_spec.rb  | 30 +++++++-------
 6 files changed, 62 insertions(+), 94 deletions(-)

diff --git a/manifests/ca.pp b/manifests/ca.pp
index 1ce6c45..e9c5b42 100644
--- a/manifests/ca.pp
+++ b/manifests/ca.pp
@@ -45,14 +45,14 @@
   }
 
   # Since Debian/Suse based OSes don't have explicit distrust directories
-  # Logic is Similar for Debian/SLES11 - but breaking into if/elsif
+  # Logic is Similar for Debian/SLES10/SLES11 - but breaking into if/elsif
   # for clarity's sake as we need to change untrusted to absent and warn in the log
   if $::osfamily == 'Debian' and $ensure == 'distrusted' {
     warning("Cannot explicitly set CA distrust on ${::operatingsystem}.")
     warning("Ensuring that ${name} CA is absent from the trusted list.")
     $adjusted_ensure = 'absent'
   }
-  elsif ($::osfamily == 'Suse' and $::operatingsystemmajrelease == '11') and $ensure == 'distrusted' {
+  elsif ($::osfamily == 'Suse' and $::operatingsystemmajrelease =~ /(10|11)/) and $ensure == 'distrusted' {
     warning("Cannot explicitly set CA distrust on ${::operatingsystem} ${::operatingsystemmajrelease}.")
     warning("Ensuring that ${name} CA is absent from the trusted list.")
     $adjusted_ensure = 'absent'
@@ -61,19 +61,11 @@
     $adjusted_ensure = $ensure
   }
   # Determine Full Resource Name
-  # Sles 11 Only Supports .pem files
+  # Sles 10/11 Only Supports .pem files
   # Other supported OS variants default to .crt
-  if $::osfamily == 'Suse' and $::operatingsystemmajrelease == '11' {
+  if ($::osfamily == 'Suse') and ($::operatingsystemmajrelease =~ /(10|11)/) {
     if $source != 'text' and $source !~ /^.*\.pem$/ {
-      fail("${source} not proper format - SLES 11 CA Files must be in .pem format")
-    }
-  }
-
-  # Sles 11 Only Supports .pem files
-  # Other supported OS variants default to .crt
-  if $::osfamily == 'Suse' and $::operatingsystemmajrelease == '11' {
-    if $source != 'text' and $source !~ /^.*\.pem$/ {
-      fail("${source} not proper format - SLES 11 CA Files must be in .pem format")
+      fail("${source} not proper format - SLES 10/11 CA Files must be in .pem format")
     }
   }
 
diff --git a/manifests/params.pp b/manifests/params.pp
index eca3291..fac18b5 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -25,7 +25,7 @@
       $package_name        = 'ca-certificates'
     }
     'Suse': {
-      if $::operatingsystemmajrelease == '11'  {
+      if $::operatingsystemmajrelease =~ /(10|11)/  {
         $trusted_cert_dir  = '/etc/ssl/certs'
         $update_cmd        = 'c_rehash'
         $ca_file_extension = 'pem'
diff --git a/metadata.json b/metadata.json
index 1c0b558..883a563 100644
--- a/metadata.json
+++ b/metadata.json
@@ -19,6 +19,7 @@
     {
       "operatingsystem": "Suse",
       "operatingsystemrelease": [
+        "10.0",
         "11.0",
         "12.0"
       ]
diff --git a/spec/classes/ca_cert_spec.rb b/spec/classes/ca_cert_spec.rb
index 5aad7c6..20bb3a0 100644
--- a/spec/classes/ca_cert_spec.rb
+++ b/spec/classes/ca_cert_spec.rb
@@ -75,76 +75,45 @@
       }
     end
   end
-  context "on a Suse 11 based OS" do
-    let :facts do
-      {
-        :osfamily => 'Suse',
-        :operatingsystemmajrelease => '11',
-      }
-    end
-
-    it_behaves_like 'compiles and includes params class' do
-    end
-    it { is_expected.to contain_package('openssl-certs') }
-
-    it { is_expected.to contain_file("trusted_certs").with(
-        'ensure' => 'directory',
-        'path'   => '/etc/ssl/certs',
-        'group'  => 'root',
-        'purge'  => 'false',
-      )
-    }
 
-    context "with purge_unmanaged_CAs set to true" do
-      let :params do
+  ['10','11'].each do |osmajrel|
+    context "on a Suse #{osmajrel} based OS" do
+      let :facts do
         {
-          :purge_unmanaged_CAs => 'true',
+          :osfamily => 'Suse',
+          :operatingsystemmajrelease => "#{osmajrel}",
         }
       end
+
+      it_behaves_like 'compiles and includes params class' do
+      end
+      it { is_expected.to contain_package('openssl-certs') }
+
       it { is_expected.to contain_file("trusted_certs").with(
           'ensure' => 'directory',
           'path'   => '/etc/ssl/certs',
           'group'  => 'root',
-          'purge'  => 'true',
+          'purge'  => 'false',
         )
       }
-    end
-  end
-  context "on a Suse 11 based OS" do
-    let :facts do
-      {
-        :osfamily => 'Suse',
-        :operatingsystemmajrelease => '11',
-      }
-    end
-
-    it_behaves_like 'compiles and includes params class' do
-    end
-    it { is_expected.to contain_package('openssl-certs') }
-
-    it { is_expected.to contain_file("trusted_certs").with(
-        'ensure' => 'directory',
-        'path'   => '/etc/ssl/certs',
-        'group'  => 'root',
-        'purge'  => 'false',
-      )
-    }
 
-    context "with purge_unmanaged_CAs set to true" do
-      let :params do
-        {
-          :purge_unmanaged_CAs => 'true',
+      context "with purge_unmanaged_CAs set to true" do
+        let :params do
+          {
+            :purge_unmanaged_CAs => 'true',
+          }
+        end
+        it { is_expected.to contain_file("trusted_certs").with(
+            'ensure' => 'directory',
+            'path'   => '/etc/ssl/certs',
+            'group'  => 'root',
+            'purge'  => 'true',
+          )
         }
       end
-      it { is_expected.to contain_file("trusted_certs").with(
-          'ensure' => 'directory',
-          'path'   => '/etc/ssl/certs',
-          'group'  => 'root',
-          'purge'  => 'true',
-        )
-      }
     end
   end
+
   context "on a Suse 12 based OS" do
     let :facts do
       {
diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb
index 0e47701..dead2fe 100644
--- a/spec/classes/params_spec.rb
+++ b/spec/classes/params_spec.rb
@@ -25,20 +25,24 @@
       end
     end
   end
-  context "On a Suse 12 Operating System" do
-    let :facts do
-      {
-        :osfamily => 'Suse',
-        :operatingsystemmajrelease => '12',
-      }
-    end
 
-    it_behaves_like 'compiles and includes params class' do
-    end
-    it "should not contain any resources" do
-      should have_resource_count(0)
+  ['10','11','12'].each do |osmajrel|
+    context "On a Suse #{osmajrel} Operating System" do
+      let :facts do
+        {
+          :osfamily => 'Suse',
+          :operatingsystemmajrelease => "#{osmajrel}",
+        }
+      end
+
+      it_behaves_like 'compiles and includes params class' do
+      end
+      it "should not contain any resources" do
+        should have_resource_count(0)
+      end
     end
   end
+
   context "on an unsupported operating system" do
     let :facts do
       {
diff --git a/spec/classes/update_spec.rb b/spec/classes/update_spec.rb
index aa1e4ec..49b5c79 100644
--- a/spec/classes/update_spec.rb
+++ b/spec/classes/update_spec.rb
@@ -41,22 +41,24 @@
     )}
 
   end
-  context "on a Suse 11 based OS" do
-    let :facts do
-      {
-        :osfamily => 'Suse',
-        :operatingsystemmajrelease => '11',
-      }
-    end
+  ['10','11'].each do |osmajrel|
+    context "on a Suse #{osmajrel} based OS" do
+      let :facts do
+        {
+          :osfamily => 'Suse',
+          :operatingsystemmajrelease => "#{osmajrel}",
+        }
+      end
 
-    it_behaves_like 'compiles and includes params class' do
-    end
-    it { is_expected.not_to contain_exec('enable_ca_trust') }
-    it { is_expected.to contain_exec('ca_cert_update').with(
-      :command     => 'c_rehash',
-      :refreshonly => true,
-    )}
+      it_behaves_like 'compiles and includes params class' do
+      end
+      it { is_expected.not_to contain_exec('enable_ca_trust') }
+      it { is_expected.to contain_exec('ca_cert_update').with(
+        :command     => 'c_rehash',
+        :refreshonly => true,
+      )}
 
+    end
   end
   context "on a Suse 12 based OS" do
     let :facts do