diff options
author | Tim Smith <tsmith84@gmail.com> | 2020-08-19 12:56:35 -0700 |
---|---|---|
committer | Tim Smith <tsmith84@gmail.com> | 2020-08-19 13:39:02 -0700 |
commit | 78ccdeaff047c1c8537a3dd686ba1f777858c1c5 (patch) | |
tree | 022589771d08844b1e0b3c7dffb82d18eccd152a /kitchen-tests/cookbooks | |
parent | 0f3f63d6f427368eb2d0193c4e363d8a6f7d6f9a (diff) | |
download | chef-78ccdeaff047c1c8537a3dd686ba1f777858c1c5.tar.gz |
Add new chef_client_trusted_certificate resource
This is a pretty simple resource for something that users can certainly do on their own right now, but most people don't even realize is an option. Giving it a dedicated resource exposes the functionality better and just makes it that much easier to write a simple cross platform cookbook that involves configuring the client.
I'm not a huge fan of having to provide the certificate as a string, but I didn't want to add yet another place where we allow string values, or URI. They all have slightly different APIs and we need to just do it via a mixin or something. This can certainly move that direction in the future, but for this solves a real problem today.
Signed-off-by: Tim Smith <tsmith@chef.io>
Diffstat (limited to 'kitchen-tests/cookbooks')
4 files changed, 33 insertions, 0 deletions
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb new file mode 100644 index 0000000000..486d5f36c6 --- /dev/null +++ b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb @@ -0,0 +1,30 @@ +chef_client_trusted_certificate "self-signed.badssl.com" do + certificate <<~CERT + -----BEGIN CERTIFICATE----- + MIIDeTCCAmGgAwIBAgIJAPziuikCTox4MA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV + BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp + c2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0x + OTEwMDkyMzQxNTJaFw0yMTEwMDgyMzQxNTJaMGIxCzAJBgNVBAYTAlVTMRMwEQYD + VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQK + DAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2 + PmzAS2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMW + hyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3A + xPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqve + ww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SY + QCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0T + BAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZI + hvcNAQELBQADggEBAGlwCdbPxflZfYOaukZGCaxYK6gpincX4Lla4Ui2WdeQxE95 + w7fChXvP3YkE3UYUE7mupZ0eg4ZILr/A0e7JQDsgIu/SRTUE0domCKgPZ8v99k3A + vka4LpLK51jHJJK7EFgo3ca2nldd97GM0MU41xHFk8qaK1tWJkfrrfcGwDJ4GQPI + iLlm6i0yHq1Qg1RypAXJy5dTlRXlCLd8ufWhhiwW0W75Va5AEnJuqpQrKwl3KQVe + wGj67WWRgLfSr+4QG1mNvCZb2CkjZWmxkGPuoP40/y7Yu5OFqxP5tAjj4YixCYTW + EVA0pmzIzgBg+JIe3PdRy27T0asgQW/F4TY61Yk= + -----END CERTIFICATE----- + CERT +end + +# see if we can fetch from our new trusted domain +remote_file ::File.join(Chef::Config[:file_cache_path], "index.html") do + source "https://self-signed.badssl.com/index.html" +end
\ No newline at end of file diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb b/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb index 012a9a7507..8fae36662c 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb @@ -50,6 +50,7 @@ ssh_known_hosts_entry "github.com" include_recipe "chef-client::delete_validation" include_recipe "chef-client::config" +include_recipe "::_chef_client_trusted_certificate" include_recipe "openssh" diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb b/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb index 6ac2607caa..9c7416cfd9 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb @@ -41,6 +41,7 @@ ssh_known_hosts_entry "github.com" include_recipe "chef-client::delete_validation" include_recipe "chef-client::config" +include_recipe "::_chef_client_trusted_certificate" include_recipe "git" diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb index aa53ca6365..3e069a43b0 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb @@ -47,6 +47,7 @@ end include_recipe "chef-client::delete_validation" include_recipe "chef-client::config" +include_recipe "::_chef_client_trusted_certificate" include_recipe "git" |