summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Smith <tsmith@chef.io>2020-12-09 07:44:16 -0800
committerGitHub <noreply@github.com>2020-12-09 07:44:16 -0800
commit2f7bf4bd73e2d13dd9e0337beed5905f6777c1db (patch)
tree6a867603eaeb5d1a49919727ad74e3b676ed0903
parent2399214cfc4ca0078f7a54adce882a93d9a5d9b0 (diff)
parentb7f0e91c25e487e00a4de90cb2739d548cd2fd4c (diff)
downloadchef-2f7bf4bd73e2d13dd9e0337beed5905f6777c1db.tar.gz
Merge pull request #10711 from MsysTechnologiesllc/dh/win-pfx-certificate-exportable
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r--lib/chef/resource/windows_certificate.rb8
-rw-r--r--spec/unit/resource/windows_certificate_spec.rb12
2 files changed, 19 insertions, 1 deletions
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb
index 2c8c7c72ff..930c5ae6a4 100644
--- a/lib/chef/resource/windows_certificate.rb
+++ b/lib/chef/resource/windows_certificate.rb
@@ -87,6 +87,11 @@ class Chef
description: "Ensure that sensitive resource data is not logged by the #{ChefUtils::Dist::Infra::CLIENT}.",
default: lazy { pfx_password ? true : false }, skip_docs: true
+ property :exportable, [TrueClass, FalseClass],
+ description: "Ensure that imported pfx certificate is exportable. Please provide 'true' if you want the certificate to be exportable.",
+ default: false,
+ introduced: "16.8"
+
action :create do
description "Creates or updates a certificate."
@@ -162,8 +167,9 @@ class Chef
end
def add_pfx_cert
+ exportable = new_resource.exportable ? 1 : 0
store = ::Win32::Certstore.open(new_resource.store_name)
- store.add_pfx(new_resource.source, new_resource.pfx_password)
+ store.add_pfx(new_resource.source, new_resource.pfx_password, exportable)
end
def delete_cert
diff --git a/spec/unit/resource/windows_certificate_spec.rb b/spec/unit/resource/windows_certificate_spec.rb
index 7c0df35571..71ef8a9498 100644
--- a/spec/unit/resource/windows_certificate_spec.rb
+++ b/spec/unit/resource/windows_certificate_spec.rb
@@ -80,4 +80,16 @@ describe Chef::Resource::WindowsCertificate do
resource.store_name "MY"
expect { resource.action :create }.not_to raise_error
end
+
+ it "the exportable property defaults to false" do
+ expect(resource.exportable).to be false
+ end
+
+ it "doesn't raise error if exportable option is passed" do
+ resource.pfx_password "chef$123"
+ resource.source "C:\\certs\\test-cert.pfx"
+ resource.store_name "MY"
+ resource.exportable true
+ expect { resource.action :create }.not_to raise_error
+ end
end