summaryrefslogtreecommitdiff
path: root/kitchen-tests/cookbooks
diff options
context:
space:
mode:
authorTim Smith <tsmith84@gmail.com>2020-08-19 12:56:35 -0700
committerTim Smith <tsmith84@gmail.com>2020-08-19 13:39:02 -0700
commit78ccdeaff047c1c8537a3dd686ba1f777858c1c5 (patch)
tree022589771d08844b1e0b3c7dffb82d18eccd152a /kitchen-tests/cookbooks
parent0f3f63d6f427368eb2d0193c4e363d8a6f7d6f9a (diff)
downloadchef-78ccdeaff047c1c8537a3dd686ba1f777858c1c5.tar.gz
Add new chef_client_trusted_certificate resource
This is a pretty simple resource for something that users can certainly do on their own right now, but most people don't even realize is an option. Giving it a dedicated resource exposes the functionality better and just makes it that much easier to write a simple cross platform cookbook that involves configuring the client. I'm not a huge fan of having to provide the certificate as a string, but I didn't want to add yet another place where we allow string values, or URI. They all have slightly different APIs and we need to just do it via a mixin or something. This can certainly move that direction in the future, but for this solves a real problem today. Signed-off-by: Tim Smith <tsmith@chef.io>
Diffstat (limited to 'kitchen-tests/cookbooks')
-rw-r--r--kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb30
-rw-r--r--kitchen-tests/cookbooks/end_to_end/recipes/linux.rb1
-rw-r--r--kitchen-tests/cookbooks/end_to_end/recipes/macos.rb1
-rw-r--r--kitchen-tests/cookbooks/end_to_end/recipes/windows.rb1
4 files changed, 33 insertions, 0 deletions
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb
new file mode 100644
index 0000000000..486d5f36c6
--- /dev/null
+++ b/kitchen-tests/cookbooks/end_to_end/recipes/_chef_client_trusted_certificate.rb
@@ -0,0 +1,30 @@
+chef_client_trusted_certificate "self-signed.badssl.com" do
+ certificate <<~CERT
+ -----BEGIN CERTIFICATE-----
+ MIIDeTCCAmGgAwIBAgIJAPziuikCTox4MA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
+ BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+ c2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0x
+ OTEwMDkyMzQxNTJaFw0yMTEwMDgyMzQxNTJaMGIxCzAJBgNVBAYTAlVTMRMwEQYD
+ VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQK
+ DAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB
+ BQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2
+ PmzAS2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMW
+ hyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3A
+ xPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqve
+ ww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SY
+ QCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0T
+ BAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZI
+ hvcNAQELBQADggEBAGlwCdbPxflZfYOaukZGCaxYK6gpincX4Lla4Ui2WdeQxE95
+ w7fChXvP3YkE3UYUE7mupZ0eg4ZILr/A0e7JQDsgIu/SRTUE0domCKgPZ8v99k3A
+ vka4LpLK51jHJJK7EFgo3ca2nldd97GM0MU41xHFk8qaK1tWJkfrrfcGwDJ4GQPI
+ iLlm6i0yHq1Qg1RypAXJy5dTlRXlCLd8ufWhhiwW0W75Va5AEnJuqpQrKwl3KQVe
+ wGj67WWRgLfSr+4QG1mNvCZb2CkjZWmxkGPuoP40/y7Yu5OFqxP5tAjj4YixCYTW
+ EVA0pmzIzgBg+JIe3PdRy27T0asgQW/F4TY61Yk=
+ -----END CERTIFICATE-----
+ CERT
+end
+
+# see if we can fetch from our new trusted domain
+remote_file ::File.join(Chef::Config[:file_cache_path], "index.html") do
+ source "https://self-signed.badssl.com/index.html"
+end \ No newline at end of file
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb b/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb
index 012a9a7507..8fae36662c 100644
--- a/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb
+++ b/kitchen-tests/cookbooks/end_to_end/recipes/linux.rb
@@ -50,6 +50,7 @@ ssh_known_hosts_entry "github.com"
include_recipe "chef-client::delete_validation"
include_recipe "chef-client::config"
+include_recipe "::_chef_client_trusted_certificate"
include_recipe "openssh"
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb b/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb
index 6ac2607caa..9c7416cfd9 100644
--- a/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb
+++ b/kitchen-tests/cookbooks/end_to_end/recipes/macos.rb
@@ -41,6 +41,7 @@ ssh_known_hosts_entry "github.com"
include_recipe "chef-client::delete_validation"
include_recipe "chef-client::config"
+include_recipe "::_chef_client_trusted_certificate"
include_recipe "git"
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb
index aa53ca6365..3e069a43b0 100644
--- a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb
+++ b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb
@@ -47,6 +47,7 @@ end
include_recipe "chef-client::delete_validation"
include_recipe "chef-client::config"
+include_recipe "::_chef_client_trusted_certificate"
include_recipe "git"