diff options
author | Claire McQuin <claire@getchef.com> | 2014-09-05 15:06:29 -0700 |
---|---|---|
committer | Claire McQuin <claire@getchef.com> | 2014-09-08 15:21:15 -0700 |
commit | b6b9b667af1865fdf8aace2bdd771a2553986bbd (patch) | |
tree | a3050dd3afc48611d44029928c65073c8b1fa231 | |
parent | e4b4ee873cbba03e4d6bed65635df3513a3896aa (diff) | |
download | chef-b6b9b667af1865fdf8aace2bdd771a2553986bbd.tar.gz |
Fetch certs in bootstrap_context.rb, not in templates to avoid copypasta.
-rw-r--r-- | lib/chef/knife/bootstrap/archlinux-gems.erb | 8 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap/chef-aix.erb | 8 | ||||
-rw-r--r-- | lib/chef/knife/bootstrap/chef-full.erb | 8 | ||||
-rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 22 | ||||
-rw-r--r-- | spec/unit/knife/bootstrap_spec.rb | 5 |
5 files changed, 24 insertions, 27 deletions
diff --git a/lib/chef/knife/bootstrap/archlinux-gems.erb b/lib/chef/knife/bootstrap/archlinux-gems.erb index abdce8f0b2..eb134b90d5 100644 --- a/lib/chef/knife/bootstrap/archlinux-gems.erb +++ b/lib/chef/knife/bootstrap/archlinux-gems.erb @@ -23,13 +23,9 @@ EOP chmod 0600 /etc/chef/encrypted_data_bag_secret <% end -%> -<% if trusted_certs_dir -%> +<% unless trusted_certs.empty? -%> mkdir -p /etc/chef/trusted_certs -<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %> -cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP' -<%= IO.read(File.expand_path(entry)) %> -EOP -<% end %> +<%= trusted_certs %> <% end -%> <%# Generate Ohai Hints -%> diff --git a/lib/chef/knife/bootstrap/chef-aix.erb b/lib/chef/knife/bootstrap/chef-aix.erb index e8b3188e89..3a031ee738 100644 --- a/lib/chef/knife/bootstrap/chef-aix.erb +++ b/lib/chef/knife/bootstrap/chef-aix.erb @@ -36,13 +36,9 @@ EOP chmod 0600 /etc/chef/encrypted_data_bag_secret <% end -%> -<% if trusted_certs_dir -%> +<% unless trusted_certs.empty? -%> mkdir -p /etc/chef/trusted_certs -<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %> -cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP' -<%= IO.read(File.expand_path(entry)) %> -EOP -<% end %> +<%= trusted_certs %> <% end -%> <%# Generate Ohai Hints -%> diff --git a/lib/chef/knife/bootstrap/chef-full.erb b/lib/chef/knife/bootstrap/chef-full.erb index a57d327173..6edb485f44 100644 --- a/lib/chef/knife/bootstrap/chef-full.erb +++ b/lib/chef/knife/bootstrap/chef-full.erb @@ -50,13 +50,9 @@ EOP chmod 0600 /etc/chef/encrypted_data_bag_secret <% end -%> -<% if trusted_certs_dir -%> +<% unless trusted_certs.empty? -%> mkdir -p /etc/chef/trusted_certs -<% Dir.glob(File.join(trusted_certs_dir, "*.{crt,pem}")).each do |entry| %> -cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP' -<%= IO.read(File.expand_path(entry)) %> -EOP -<% end %> +<%= trusted_certs %> <% end -%> <%# Generate Ohai Hints -%> diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index 43090f506a..52b9c93807 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -52,14 +52,8 @@ class Chef end end - def trusted_certs_dir - # Check that the directory exists and is non empty - certs_dir = Chef::Config[:trusted_certs_dir].to_s # may convert nil to "" - if Dir.exist?(certs_dir) && !Dir[File.join(certs_dir, "*.{crt,pem}")].empty? - certs_dir - else - nil - end + def trusted_certs + @trusted_certs ||= trusted_certs_content end def config_content @@ -117,7 +111,7 @@ CONFIG client_rb << %Q{encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"\n} end - if trusted_certs_dir + unless trusted_certs.empty? client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n} end @@ -167,6 +161,16 @@ CONFIG (@config[:first_boot_attributes] || {}).merge(:run_list => @run_list) end + private + def trusted_certs_content + content = "" + Dir.glob(File.join(@chef_config[:trusted_certs_dir], "*.{crt,pem}")).each do |cert| + content << "cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'\n" + + IO.read(File.expand_path(cert)) + "\nEOP\n" + end + content + end + end end end diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index 3bfbfd2c48..62033cc1dc 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -380,6 +380,11 @@ describe Chef::Knife::Bootstrap do end rendered_template.should include(match_str) end + + it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do + Dir.should_receive(:glob).with(File.join(trusted_certs_dir, "*.{crt,pem}")).and_return([]) + rendered_template.should_not match(%r{mkdir -p /etc/chef/trusted_certs}) + end end describe "when configuring the underlying knife ssh command" do |