Fetch certs in bootstrap_context.rb, not in templates to avoid copypasta.

author: Claire McQuin <claire@getchef.com> 2014-09-05 15:06:29 -0700
committer: Claire McQuin <claire@getchef.com> 2014-09-08 15:21:15 -0700
commit: b6b9b667af1865fdf8aace2bdd771a2553986bbd (patch)
tree: a3050dd3afc48611d44029928c65073c8b1fa231
parent: e4b4ee873cbba03e4d6bed65635df3513a3896aa (diff)
download: chef-b6b9b667af1865fdf8aace2bdd771a2553986bbd.tar.gz
5 files changed, 24 insertions, 27 deletions
diff --git a/lib/chef/knife/bootstrap/archlinux-gems.erb b/lib/chef/knife/bootstrap/archlinux-gems.erb
index abdce8f0b2..eb134b90d5 100644
--- a/lib/chef/knife/bootstrap/archlinux-gems.erb
+++ b/lib/chef/knife/bootstrap/archlinux-gems.erb
@@ -23,13 +23,9 @@ EOP
 chmod 0600 /etc/chef/encrypted_data_bag_secret
 <% end -%>
 
-<% if trusted_certs_dir -%>
+<% unless trusted_certs.empty? -%>
 mkdir -p /etc/chef/trusted_certs
-<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %>
-cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP'
-<%= IO.read(File.expand_path(entry)) %>
-EOP
-<% end %>
+<%= trusted_certs %>
 <% end -%>
 
 <%# Generate Ohai Hints -%>
diff --git a/lib/chef/knife/bootstrap/chef-aix.erb b/lib/chef/knife/bootstrap/chef-aix.erb
index e8b3188e89..3a031ee738 100644
--- a/lib/chef/knife/bootstrap/chef-aix.erb
+++ b/lib/chef/knife/bootstrap/chef-aix.erb
@@ -36,13 +36,9 @@ EOP
 chmod 0600 /etc/chef/encrypted_data_bag_secret
 <% end -%>
 
-<% if trusted_certs_dir -%>
+<% unless trusted_certs.empty? -%>
 mkdir -p /etc/chef/trusted_certs
-<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %>
-cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP'
-<%= IO.read(File.expand_path(entry)) %>
-EOP
-<% end %>
+<%= trusted_certs %>
 <% end -%>
 
 <%# Generate Ohai Hints -%>
diff --git a/lib/chef/knife/bootstrap/chef-full.erb b/lib/chef/knife/bootstrap/chef-full.erb
index a57d327173..6edb485f44 100644
--- a/lib/chef/knife/bootstrap/chef-full.erb
+++ b/lib/chef/knife/bootstrap/chef-full.erb
@@ -50,13 +50,9 @@ EOP
 chmod 0600 /etc/chef/encrypted_data_bag_secret
 <% end -%>
 
-<% if trusted_certs_dir -%>
+<% unless trusted_certs.empty? -%>
 mkdir -p /etc/chef/trusted_certs
-<% Dir.glob(File.join(trusted_certs_dir, "*.{crt,pem}")).each do |entry| %>
-cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP'
-<%= IO.read(File.expand_path(entry)) %>
-EOP
-<% end %>
+<%= trusted_certs %>
 <% end -%>
 
 <%# Generate Ohai Hints -%>
diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb
index 43090f506a..52b9c93807 100644
--- a/lib/chef/knife/core/bootstrap_context.rb
+++ b/lib/chef/knife/core/bootstrap_context.rb
@@ -52,14 +52,8 @@ class Chef
           end
         end
 
-        def trusted_certs_dir
-          # Check that the directory exists and is non empty
-          certs_dir = Chef::Config[:trusted_certs_dir].to_s # may convert nil to ""
-          if Dir.exist?(certs_dir) && !Dir[File.join(certs_dir, "*.{crt,pem}")].empty?
-            certs_dir
-          else
-            nil
-          end
+        def trusted_certs
+          @trusted_certs ||= trusted_certs_content
         end
 
         def config_content
@@ -117,7 +111,7 @@ CONFIG
             client_rb << %Q{encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"\n}
           end
 
-          if trusted_certs_dir
+          unless trusted_certs.empty?
             client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n}
           end
 
@@ -167,6 +161,16 @@ CONFIG
           (@config[:first_boot_attributes] || {}).merge(:run_list => @run_list)
         end
 
+        private
+        def trusted_certs_content
+          content = ""
+          Dir.glob(File.join(@chef_config[:trusted_certs_dir], "*.{crt,pem}")).each do |cert|
+            content << "cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'\n" +
+                       IO.read(File.expand_path(cert)) + "\nEOP\n"
+          end
+          content
+        end
+
       end
     end
   end
diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb
index 3bfbfd2c48..62033cc1dc 100644
--- a/spec/unit/knife/bootstrap_spec.rb
+++ b/spec/unit/knife/bootstrap_spec.rb
@@ -380,6 +380,11 @@ describe Chef::Knife::Bootstrap do
       end
       rendered_template.should include(match_str)
     end
+
+    it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do
+      Dir.should_receive(:glob).with(File.join(trusted_certs_dir, "*.{crt,pem}")).and_return([])
+      rendered_template.should_not match(%r{mkdir -p /etc/chef/trusted_certs})
+    end
   end
 
   describe "when configuring the underlying knife ssh command" do
author	Claire McQuin <claire@getchef.com>	2014-09-05 15:06:29 -0700
committer	Claire McQuin <claire@getchef.com>	2014-09-08 15:21:15 -0700
commit	b6b9b667af1865fdf8aace2bdd771a2553986bbd (patch)
tree	a3050dd3afc48611d44029928c65073c8b1fa231
parent	e4b4ee873cbba03e4d6bed65635df3513a3896aa (diff)
download	chef-b6b9b667af1865fdf8aace2bdd771a2553986bbd.tar.gz