diff options
author | Claire McQuin <claire@getchef.com> | 2014-09-05 13:34:10 -0700 |
---|---|---|
committer | Claire McQuin <claire@getchef.com> | 2014-09-08 15:21:14 -0700 |
commit | 6b5245a79d21ebf3a2f7f9f33adc19c72979f5ae (patch) | |
tree | 508f3581fde543828d226a89fe26a2b6858fb456 | |
parent | 3fb87cc744d1e1134476496dedc9125a25add859 (diff) | |
download | chef-6b5245a79d21ebf3a2f7f9f33adc19c72979f5ae.tar.gz |
Transfer trusted certs during bootstrap
-rw-r--r-- | lib/chef/knife/bootstrap/archlinux-gems.erb | 9 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap/chef-aix.erb | 9 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap/chef-full.erb | 9 | ||||
-rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 10 | ||||
-rw-r--r-- | spec/unit/knife/bootstrap_spec.rb | 27 |
5 files changed, 64 insertions, 0 deletions
diff --git a/lib/chef/knife/bootstrap/archlinux-gems.erb b/lib/chef/knife/bootstrap/archlinux-gems.erb index bb84340c05..abdce8f0b2 100644 --- a/lib/chef/knife/bootstrap/archlinux-gems.erb +++ b/lib/chef/knife/bootstrap/archlinux-gems.erb @@ -23,6 +23,15 @@ EOP chmod 0600 /etc/chef/encrypted_data_bag_secret <% end -%> +<% if trusted_certs_dir -%> +mkdir -p /etc/chef/trusted_certs +<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %> +cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP' +<%= IO.read(File.expand_path(entry)) %> +EOP +<% end %> +<% end -%> + <%# Generate Ohai Hints -%> <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> mkdir -p /etc/chef/ohai/hints diff --git a/lib/chef/knife/bootstrap/chef-aix.erb b/lib/chef/knife/bootstrap/chef-aix.erb index 59993b478a..e8b3188e89 100644 --- a/lib/chef/knife/bootstrap/chef-aix.erb +++ b/lib/chef/knife/bootstrap/chef-aix.erb @@ -36,6 +36,15 @@ EOP chmod 0600 /etc/chef/encrypted_data_bag_secret <% end -%> +<% if trusted_certs_dir -%> +mkdir -p /etc/chef/trusted_certs +<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %> +cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP' +<%= IO.read(File.expand_path(entry)) %> +EOP +<% end %> +<% end -%> + <%# Generate Ohai Hints -%> <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> mkdir -p /etc/chef/ohai/hints diff --git a/lib/chef/knife/bootstrap/chef-full.erb b/lib/chef/knife/bootstrap/chef-full.erb index a4e85b9d67..56c216dad0 100644 --- a/lib/chef/knife/bootstrap/chef-full.erb +++ b/lib/chef/knife/bootstrap/chef-full.erb @@ -50,6 +50,15 @@ EOP chmod 0600 /etc/chef/encrypted_data_bag_secret <% end -%> +<% if trusted_certs_dir -%> +mkdir -p /etc/chef/trusted_certs +<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %> +cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP' +<%= IO.read(File.expand_path(entry)) %> +EOP +<% end %> +<% end -%> + <%# Generate Ohai Hints -%> <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> mkdir -p /etc/chef/ohai/hints diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index 12d422a162..9932139df5 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -52,6 +52,16 @@ class Chef end end + def trusted_certs_dir + # Check that the directory exists and is non empty + certs_dir = knife_config[:trusted_certs_dir].to_s # may convert nil to "" + if Dir.exist?(certs_dir) && !Dir[File.join(certs_dir, "*")].empty? + certs_dir + else + nil + end + end + def config_content client_rb = <<-CONFIG log_location STDOUT diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index 78be9632f6..abd3e8abc4 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -355,6 +355,33 @@ describe Chef::Knife::Bootstrap do end end + describe "when transferring trusted certificates" do + let(:trusted_certs_dir) { File.join(CHEF_SPEC_DATA, 'trusted_certs') } + + let(:rendered_template) do + knife.merge_configs + knife.render_template + end + + before do + Chef::Config[:knife][:trusted_certs_dir] = trusted_certs_dir + end + + it "creates /etc/chef/trusted_certs" do + rendered_template.should match(%r{mkdir -p /etc/chef/trusted_certs}) + end + + it "copies the certificates in the directory" do + match_str = "" + Dir[File.join(trusted_certs_dir, '*')].each do |cert| + match_str << "cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'\n" + + "#{IO.read(File.expand_path(cert))}\n" + + "EOP\n" + end + rendered_template.should include(match_str) + end + end + describe "when configuring the underlying knife ssh command" do context "from the command line" do let(:knife_ssh) do |