diff options
| author | neha-p6 <neha.pansare@progress.com> | 2023-05-03 18:10:30 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-03 18:10:30 +0530 |
| commit | 860cb87d15539af61dfaf6b1585d42fa5ea5b332 (patch) | |
| tree | 23ddc6de36c265b6445f4b5a791b8be61415d495 | |
| parent | c8e43aba2745c3cd1c51185813067db74a36be3e (diff) | |
| download | chef-860cb87d15539af61dfaf6b1585d42fa5ea5b332.tar.gz | |
Automate manual certificate setup step used in kitchen tests (#13714)
Signed-off-by: Neha Pansare <neha.pansare@progress.com>
| -rw-r--r-- | cspell.json | 1 | ||||
| -rw-r--r-- | kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb | 37 |
2 files changed, 15 insertions, 23 deletions
diff --git a/cspell.json b/cspell.json index 7285e8d28a..d833183917 100644 --- a/cspell.json +++ b/cspell.json @@ -1209,6 +1209,7 @@ "shiftwidth", "shortname", "Shouldnotexist", + "showcerts", "SHOWDEFAULT", "showhold", "SHOWMAXIMIZED", diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb index 617f480a44..75790665fd 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb @@ -1,27 +1,18 @@ +# First grab the cert. While this wouldn't ordinarily be secure, this isn't +# trying to secure something, we simply want to make sure that if we +# have said a certificate is trusted, it will be trusted. So lets grab it, trust +# it, and then try to use it. + +# First, grab it +out = Mixlib::ShellOut.new( + %w{openssl s_client -servername self-signed.badssl.com -showcerts -connect self-signed.badssl.com:443} +).run_command.stdout + +cert = Mixlib::ShellOut.new(%w{openssl x509}, input: out).run_command.stdout + +# Second trust it chef_client_trusted_certificate "self-signed.badssl.com" do - certificate <<~CERT ------BEGIN CERTIFICATE----- -MIIDeTCCAmGgAwIBAgIJAK31pnMwlr+TMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp -c2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0y -MzAzMjgyMjExMjlaFw0yNTAzMjcyMjExMjlaMGIxCzAJBgNVBAYTAlVTMRMwEQYD -VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQK -DAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2 -PmzAS2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMW -hyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3A -xPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqve -ww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SY -QCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0T -BAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZI -hvcNAQELBQADggEBAB0wBgQ+U7ULnZd0JOxTUDUPtnUYQhKLx02yhCBuvSBfM+t0 -NYBk00hgzrzdJrr2mpn35y7hfKBzYztaADPqiE/n52D1D/aYbUv+VFJYPYJbsokT -0ECaNk0uiW5cPm/ylW+oAA+o15ninMQUJJn/93ZhlkNj8ISP2awHXN9dSUfXBAbh -jA+0SBJ7szXha0sElaPEFkieLhETR+CzSt311U8h1sGVMdkGqamwuj/TqlHhW8Np -8F1Nk4DGHmJVoYDzHr+dgdpSUMfrvfWyegr1IOYZQBSxNnVjWvsS8EK5i1/EAqIt -tSaKKu926MPPIQT/EX9tB8epAtTbyqgBABmAU6Y= ------END CERTIFICATE----- - CERT + certificate cert end # see if we can fetch from our new trusted domain |