diff options
author | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-01-16 20:02:14 +0530 |
---|---|---|
committer | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-01-24 02:34:00 +0530 |
commit | a7afc5d53b3d279ce7d8a0ad5bd31b0974a24f1f (patch) | |
tree | 45104daf18134aa0b6f072825caeac5d4943e766 | |
parent | 2d9aaaa000e3973435e715d5ff45309a0674b50d (diff) | |
download | chef-a7afc5d53b3d279ce7d8a0ad5bd31b0974a24f1f.tar.gz |
Maintaining idempotency in windows_certificate resource
- Minor fixes in :create action
- DRYed up `verify_cert` action and reusing the same while :create
- Chefstyle maintained
Signed-off-by: Nimesh-Msys <nimesh.patni@msystechnologies.com>
-rw-r--r-- | lib/chef/resource/windows_certificate.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb index 2057855b2c..132664e9f2 100644 --- a/lib/chef/resource/windows_certificate.rb +++ b/lib/chef/resource/windows_certificate.rb @@ -58,7 +58,21 @@ class Chef action :create do description "Creates or updates a certificate." - add_cert(OpenSSL::X509::Certificate.new(raw_source)) + + cert_obj = OpenSSL::X509::Certificate.new(raw_source) # A certificate object in memory + thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint + + # Check whether a certificate with this thumbprint + # is already present in certificate store + exists = verify_cert(thumbprint) + + if (!!exists == exists) && exists + Chef::Log.info("Certificate is already present") + else + converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do + add_cert(cert_obj) + end + end end # acl_add is a modify-if-exists operation : not idempotent @@ -94,6 +108,8 @@ class Chef converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do delete_cert end + else + Chef::Log.info("Certificate not found") end end @@ -134,9 +150,9 @@ class Chef store.get(new_resource.source) end - def verify_cert + def verify_cert(thumbprint = new_resource.source) store = ::Win32::Certstore.open(new_resource.store_name) - store.valid?(new_resource.source) + store.valid?(thumbprint) end def show_or_store_cert(cert_obj) |