diff options
author | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-01-16 20:02:14 +0530 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2019-01-24 10:59:00 -0800 |
commit | 0428639746cc6a3b069fd600200feae6dfabaf53 (patch) | |
tree | 4ef90f56746acc5525035c1747fc8d45fc0764a5 | |
parent | 898f8dc977cfc9a3e80ea8687a0986a0ead53cec (diff) | |
download | chef-0428639746cc6a3b069fd600200feae6dfabaf53.tar.gz |
Maintaining idempotency in windows_certificate resource
- Minor fixes in :create action
- DRYed up `verify_cert` action and reusing the same while :create
- Chefstyle maintained
Signed-off-by: Nimesh-Msys <nimesh.patni@msystechnologies.com>
-rw-r--r-- | lib/chef/resource/windows_certificate.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb index cf0b46dd6b..40b20658e5 100644 --- a/lib/chef/resource/windows_certificate.rb +++ b/lib/chef/resource/windows_certificate.rb @@ -59,7 +59,21 @@ class Chef action :create do description "Creates or updates a certificate." - add_cert(OpenSSL::X509::Certificate.new(raw_source)) + + cert_obj = OpenSSL::X509::Certificate.new(raw_source) # A certificate object in memory + thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint + + # Check whether a certificate with this thumbprint + # is already present in certificate store + exists = verify_cert(thumbprint) + + if (!!exists == exists) && exists + Chef::Log.info("Certificate is already present") + else + converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do + add_cert(cert_obj) + end + end end # acl_add is a modify-if-exists operation : not idempotent @@ -95,6 +109,8 @@ class Chef converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do delete_cert end + else + Chef::Log.info("Certificate not found") end end @@ -135,9 +151,9 @@ class Chef store.get(new_resource.source) end - def verify_cert + def verify_cert(thumbprint = new_resource.source) store = ::Win32::Certstore.open(new_resource.store_name) - store.valid?(new_resource.source) + store.valid?(thumbprint) end def show_or_store_cert(cert_obj) |