diff --git a/deployment_scripts/puppet/modules/lma_logging_analytics/lib/puppet/parser/functions/validate_ssl_certificate.rb b/deployment_scripts/puppet/modules/lma_logging_analytics/lib/puppet/parser/functions/validate_ssl_certificate.rb index a57f8fd..7742ffe 100644 --- a/deployment_scripts/puppet/modules/lma_logging_analytics/lib/puppet/parser/functions/validate_ssl_certificate.rb +++ b/deployment_scripts/puppet/modules/lma_logging_analytics/lib/puppet/parser/functions/validate_ssl_certificate.rb @@ -15,7 +15,7 @@ # Otherwise it returns the number of seconds before the certificate expires # # Parameter: -# - the file path of the SSL certificate +# - the path to the SSL certificate # - the expected CN module Puppet::Parser::Functions @@ -39,8 +39,12 @@ module Puppet::Parser::Functions certend = Time.parse(dates.gsub(/.*notAfter=(.+? GMT).*/, '\1')) now = Time.now.utc + if (cn_found.start_with? "*." and not args[1].end_with? cn_found[1..-1]) or + (not cn_found.start_with? "*." and cn_found != args[1]) + raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected" + end + raise "The certificate file doesn't contain the private key" unless pk == 'RSA key ok' - raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected" unless cn_found == args[1] raise "Dates not found in the certificate" unless dates.match(/not(Before|After)=/) if (now > certend) diff --git a/deployment_scripts/puppet/modules/lma_logging_analytics/spec/functions/validate_ssl_certificate_spec.rb b/deployment_scripts/puppet/modules/lma_logging_analytics/spec/functions/validate_ssl_certificate_spec.rb new file mode 100644 index 0000000..a176bef --- /dev/null +++ b/deployment_scripts/puppet/modules/lma_logging_analytics/spec/functions/validate_ssl_certificate_spec.rb @@ -0,0 +1,280 @@ +# Copyright 2016 Mirantis, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +require 'spec_helper' +require 'tempfile' + +describe 'validate_ssl_certificate' do + + # This certificate was generated manually by using the openssl + # command: + # openssl x509 -req -days -1 [...] + # Here are the tested parameters of the certificate: + # Validity + # Not Before: Aug 11 15:46:49 2016 GMT + # Not After : Aug 10 15:46:49 2016 GMT + # Subject: [...] CN=mirantis.com/emailAddress=example.com + wrong_dates_cert = Tempfile.new('wrong_dates_cert') + wrong_dates_cert_path = wrong_dates_cert.path + wrong_dates_cert.write('-----BEGIN CERTIFICATE----- +MIICjTCCAfYCCQCaalFPmFXKrDANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC +RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G +A1UECgwITWlyYW50aXMxDDAKBgNVBAsMA0RldjEVMBMGA1UEAwwMbWlyYW50aXMu +Y29tMRowGAYJKoZIhvcNAQkBFgtleGFtcGxlLmNvbTAeFw0xNjA4MTExNTQ2NDla +Fw0xNjA4MTAxNTQ2NDlaMIGKMQswCQYDVQQGEwJGUjEUMBIGA1UECAwLUmhvbmUt +QWxwZXMxETAPBgNVBAcMCEdyZW5vYmxlMREwDwYDVQQKDAhNaXJhbnRpczEMMAoG +A1UECwwDRGV2MRUwEwYDVQQDDAxtaXJhbnRpcy5jb20xGjAYBgkqhkiG9w0BCQEW +C2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPJTMOMDLf +o+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfpVot2TsZe9V5PvWeQMcXumaJb +4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfngPXtRgWX+V+jopm2Zl9CaBFiS +z3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQABMA0GCSqGSIb3DQEBCwUAA4GB +AFgXgERO2kAMFiZGpONCfd2O1R9+TKY2g6SOIn+KuJgHg85b53GmbIVzF5H6CuFh +2Tr11CdZALPVxRVe+lTgWhQdSRcv0cDQ4CJ37uAluAOaMSXaDPZnzadhfchGPSKN +VcllH9ERfoFfuDMfyVRhCte0SFs/Vl/U3ZlvAND4KIUN +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXwIBAAKBgQDPJTMOMDLfo+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfp +Vot2TsZe9V5PvWeQMcXumaJb4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfng +PXtRgWX+V+jopm2Zl9CaBFiSz3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQAB +AoGBAIr1bXaLJtWX4J7TTKHVEAbQZILeGbE2bzM2RRrFxtWoBuMemnWRtSS8W57A +A3CCosK8YQda0OvLPbbNdsNoRJ73QhF84jhKI7o1gZi3dsG7HqXgabB45NQv81TY +yb7WZ/F3+hzVRoKxPuTlQdcvBZdloNv/MNJDQi0p/MMcc3XhAkEA70A4q4P+veWw +BLKRLGDhYUl/7GHhTiIxPkbDpBkYmA+/KPRbTdN/711zeDOKJI0BHBKpMh3qHYD4 +m87wQA0GQwJBAN2ll6nTu6a4e8X7jq/+a7bNK1Fxgz2T4ojQVdwjVthEU4ETsq+y ++2YSHS0z2C9DDKkedC3gzCUuryuliU1esIUCQQCywpJVHLeOnXpp2B3+QZjEfw1U +ykF0hrmyZV8yUgn9O+7Bo+pAeSGi8HkhO6kg7DYDCrJentlZGA8pI3KA+PpPAkEA +p9sgYJzZIAnWsrkv9ljXejkm9SbiHWBBzxr36x9YRbB5DOe+CxGhEkvljLYWorRE +gk9t7NCxyfbw8j0LHmz3gQJBAJRfhxYNzafeFeChqvjBVK5NORMtue6stdAROOy2 +DFsBCPEBIAZU8quDCGOeXjabUPfiTRpcORNVfbfF3UXhVY0= +-----END RSA PRIVATE KEY----- +') + wrong_dates_cert.close + + # The certificate has been generated by using the script + # https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh + # Here are the tested parameters of the certificate: + # Validity + # Not Before: Aug 11 15:35:59 2016 GMT + # Not After : Dec 24 15:35:59 2017 GMT + # Subject: [...] CN=site1.fuel.local + site1_cert = Tempfile.new('site1_cert') + site1_cert_path = site1_cert.path + site1_cert.write('-----BEGIN CERTIFICATE----- +MIIEnzCCAocCCQC8qoNz2UdHQzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC +RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G +A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0 +YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz +QGV4YW1wbGUuY29tMB4XDTE2MDgxMTE1MzU1OVoXDTE3MTIyNDE1MzU1OVowezEL +MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu +b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEZ +MBcGA1UEAwwQc2l0ZTEuZnVlbC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANxUXnsMs+duQcxhFg1JtNc1/cvxixqwQBakoFg86EFkvBGaotC5 +RC1nNOX1z9C5ei+gM8OFcjLIsZY2gO3TFC8sZ4kcjEtMwQUcxt0BtZkl4LQamPzw +zYH0Ludaybmr5sz3By2nkXX5lM8juR9/K3WSKgBEi93cpxRZQSdyqoz1CK84wYUC +5EN/MEiS9ibZ6kAPTK3IWdjbmDwhhUqAboEen549teZhsM+RVv9j5qM78bUUJbP2 +z0Sq/QW9QXtwYFTgsWU6H1rXK+jGMAwoKCPY4UYbJojj80wyMTfoi6FiUND4yZDm +yUNkYkQaVxj3seFlx1BsqSGAieSlp1dffnkCAwEAATANBgkqhkiG9w0BAQsFAAOC +AgEAIlwh/bkRiXut2OB2FIgVB2BsD59XsN5ch+iVQ01Cvnn+/ODnSQtA3Zjk8RhE +0jk0mZ6dGDQ7a0seHpVAZFPRi49b5wHvSLrgpm6Gi28rCqhGLFVYFkM+9bfszPNJ +eUl2CP064WuZ1I8CfKtzSORZ8kcIdyvn2ZVp74ijOd5Xe3KLURJ/iMROmzOlwwwS +vDFbxMrADuFhEFkjopfRFjGKlelz/T+p7LWvoWturYKkwuvBuriQyUw4Z+RNKvCw +dPYFffafAb/A0OM7rEArAhLCiVJxHxGm34btyy+IFr/d4IEG6bA3ZAA+OWNVnzbN +MfP5UBP2MdYsth0NK8IJMjP7Fs2sP9t5c6sp5O4Znsuv0AWwJ0v8SysLCdX/Ibqx +zx54IO0woM46wLWdmA9+O5/IFY8LHSQC8u2RLpWbuCAVpu4xgMMy90+ZCKERt5px +u5PvFJYS8atq0wUJ37aPExz6+g5PbRN2CcyIj1nQuHWbR1e9O9WRcdXPPsiReciy +d4GRM4bAa5nck9Y50eCKHvqSgdUpiqM1YIOXHh7ZfnSrVTOa3Na6SMsu301cTTdF +GKX4TEjnTTt8xi9sFCq5+Qecga36qBjTg1+23dV2jG6YzK+AIjNk9L6QlUZW3oEN +IWBlYQ/txckYzLtSWrAqbgxSkxWa4cZU/LnOdvK1G9n0hQc= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA3FReewyz525BzGEWDUm01zX9y/GLGrBAFqSgWDzoQWS8EZqi +0LlELWc05fXP0Ll6L6Azw4VyMsixljaA7dMULyxniRyMS0zBBRzG3QG1mSXgtBqY +/PDNgfQu51rJuavmzPcHLaeRdfmUzyO5H38rdZIqAESL3dynFFlBJ3KqjPUIrzjB +hQLkQ38wSJL2JtnqQA9MrchZ2NuYPCGFSoBugR6fnj215mGwz5FW/2PmozvxtRQl +s/bPRKr9Bb1Be3BgVOCxZTofWtcr6MYwDCgoI9jhRhsmiOPzTDIxN+iLoWJQ0PjJ +kObJQ2RiRBpXGPex4WXHUGypIYCJ5KWnV19+eQIDAQABAoIBACof71hzW0oaKHZc +8Yxk1TB4YCfH7KKTpA0wOH/mVTl7ewGaoRpq8YAExXZaAvuTGqtUY9E0CFtxR5LC +pO/TdX53bOwoCyKycAz8LYE/vGqldUq58xoZKBF6kCUnlH3tQdlaOYMfEI6Pw0W/ +PLuq4rI92c3nTR6D+2XGktBp+fWs4KPkSHtxPmgQH8kiSwT1ZfBUaGFXD0nlSvv4 +zizN6/Z2tslrVc2F/ESpCouREy2J2STj1NVivnRLScreFNf9eLJQxjKlMzJCEr4v +ZInP3BvOR4zC92wStCu3R7RxYh8nvgIM9Xt/WxcWwSAH+HUPYO6tcyaOUGKs2wTW +H2H3QIkCgYEA+p/LWPwkKItvEJJnBjMR2z987+CqgJ76jpQRUcyIrjq17PjWxdI3 +3s1vu8vEB5G9iMFWS14DTbKaoi7enOR+jDA+TMgjbsxRgC2vN15E83CAIMrvJecX +GcyFRkQtaA64PMgiFe6YA4OWAm7+5EIyWnyKxa635LzEp5OJqB7WGNsCgYEA4Q45 +OFK7zKZmWHvmoeFilIDz7SF3kYjk5tD4ap9uhWKXAnzS3rxa+0QDyxRU/0FIAkBB +jnicWdTg3xsxhE6nSFFjk+caFZ6OEWPYw8d/9C+49DtgOGMoAfGHLFY6Fd+HR+70 +DNOHehBZIxh3VkvX+X36T2RNNCvpFWaJ3sZQjDsCgYEAhRS09dttl9nyb+pNqo0T +vkhIH1g9MW85vNwDFlx1d47Va6/227R01mpgGmho/1v0ONnw6LRTLL7aPaSFsOnk +CKzVaBAeQIdd/6JCmDQGiP4EC2W293luWtSvMFCji83FJwFemCbJsZP94+zsjGha +NJJNXgsYuu1Bv3oobo1xQmECgYEAuYpOZj7fERNGYUCUnXUBHslJUIA84UDo5dn2 +U4DpTxI+yRA7kOHcaDZkojI6+M3LHf/3jAunau/0DDuRETD+/MIMxEzM1nIHUhLt +DEsXFCub4c5pv1MQEroa5NSZwpqsHwPDNCfYEywTMLnk+MJCZjAUAwwAEjj5Smlk +1MLOeS0CgYEAi4Oa173JPr+x2rEx9kFzS7mFG5LhKjDO90Pi4meBK6LmFZTFAZ43 +RwKTtqxWLTa95akrbtExe4wH87YYps86PHWESZmAMrvpop5kowlGRE34Jm5OFm7k +C+NI7IhZ5VywJ189A51QVoAa0HmpAEXP9vk2Ez4UTFVI9sBtrrqMpgs= +-----END RSA PRIVATE KEY----- +') + site1_cert.close + + # The certificate has been generated by using the script + # https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh + # Here are the tested parameters of the certificate: + # Validity + # Not Before: Aug 9 09:09:05 2016 GMT + # Not After : Dec 22 09:09:05 2017 GMT + # Subject: [...] CN=*.fuel.local + wildcard_cert = Tempfile.new('cert') + wildcard_cert_path = wildcard_cert.path + wildcard_cert.write('-----BEGIN CERTIFICATE----- +MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC +RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G +A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0 +YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz +QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL +MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu +b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV +MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30 +sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT +4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC +pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up +/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ +QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ +K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f +TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur +nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1 +X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8 +sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ +r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V +3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg +JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ +ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I +0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje +vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI ++YRB3m30sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqU +CYV7AvqT4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOocl +PbjOZytCpz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjIL +CvpzH0up/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPw +Sg3gcfwZQOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABAoIBAG7pngMgmxIU3Hkf +vseJQQ/sPp114d/tgh+Jp1vnJZbvsmat1XBDm91uhH3gQzhVea7e6vN3aXSz0EYb +xQH5emXCZ2q6w6pX1ZOQN2J5YMLLoG16ZfVjqcc0OSQPvJVvxgNThB2NDgdTXYWW +L/pnidph7TFdruvwYgSaO6V/5iIrVCX9lZc4oQF80VTDDDvvHe/jQFlshrNIuGBh +Va19AYUWEek+QiZ849ShG6Y2N/JoR65pu4AMrjLRCo0RMwAJtOTE9vU+QxXblElm +TeaYrsnvmCXVCBHraffEgyvBNFJ9CPpvfVtymcQ7uyF+iCZ9mDQhoOBajHeQE4Fe +O5B77AECgYEA+3/K7TLph7lzwkPdbBvpd8cD8LtqUcRP9XvvLF1ZIfMjZQjeUZGe +/oSTqICouF7SQiT2nIUPuiv8QYhL1K4AE7ZH3Umictf0RPaCA9LYbZhRcFgqzevF +whNp2zbXG7UnYwPS0cFnJe7k1WztaeHkzEC1I/pZCG4ertMkgqqvYaUCgYEAxXas +4/XjX+pqJ/u48cHrOPS+Qugq1ONsIcnM5q5fu9zCq9rfYNUCQqRM1R9uEDV6xmDd +vIitA1CWcHDrtojk33GQoqDMtq+t+Mh1Ni0lLJ19r3lDc2C0OsfqZd7sHxkDCjXL +KKcRdys7q8AFDwHMWQCvXfnbeHcc+jCaLbzJtoECgYEAkqp84gU90SviiRjgqOpC +JdrGvn3dS9/rLWLgIQQzNaxAKOyaEgGVMiKIpcyaGCMcBPzfYHnsqQp7qo/cgSQT +4Wr8z9zgQo8T4Z/MRISSOJ+KZrTUCZCEnGCL7A44Ne1YEdMp/68FA0ck5h4G+ieF +MWRO/rNBdrwZYqS5dwYpDw0CgYEAsypi5NQOYtEHURANVw5kp2Ep4PtXIaLYUjAQ +Qp6lLoe3+sa1N98OFfmN3TKPYxWjOKxbhN1eXkuYtJ1AwnajdDpOycCs/nWYnMsF +zwpXWIvtpnGYye9MmKkb/SKvi+fd4j29AD3WkxIfKk8oR92R1I/SjqpOgJdTK489 +1ZIeVAECgYEAsG0giXYTbURl2TVPgYbBXkqdhxXlhTo2Bw2WpxDzFN3La4xlx7C0 +TsjVnOcAWmCfhgJYX/3M6lV5uqWFr/wXODLmdp94/edigyFn/OTO5VJ1/UMniVCv +MewMZCz4qkB7640zuATjJQXUsX54VdCsaVoYWxHGaBjYoQuW2+XPi1w= +-----END RSA PRIVATE KEY----- +') + wildcard_cert.close + + # It is the wildcard certificate but without the private key + noprivkey_cert = Tempfile.new('noprivkey_cert') + noprivkey_cert_path = noprivkey_cert.path + noprivkey_cert.write('-----BEGIN CERTIFICATE----- +MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC +RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G +A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0 +YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz +QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL +MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu +b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV +MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30 +sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT +4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC +pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up +/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ +QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ +K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f +TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur +nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1 +X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8 +sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ +r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V +3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg +JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ +ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I +0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje +vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA== +-----END CERTIFICATE----- +') + noprivkey_cert.close + + describe 'site1 with valid CN' do + it { + should run.with_params(site1_cert_path, + 'site1.fuel.local') + } + end + + describe 'site1 with an unvalid CN' do + it { + should run.with_params(site1_cert_path, + 'site2.fuel.local').and_raise_error(/Found site1.fuel.local as CN whereas 'site2.fuel.local' was expected/) + } + end + + describe 'wildcard with valid CN' do + it { + should run.with_params(wildcard_cert_path, + 'site1.fuel.local') + } + end + + describe 'wildcard with another valid CN' do + it { + should run.with_params(wildcard_cert_path, + 'site2.fuel.local') + } + end + + describe 'wildcard with a wrong CN' do + it { + should run.with_params(wildcard_cert_path, + 'test1.wrong.cn').and_raise_error(/Found \*.fuel.local as CN whereas 'test1.wrong.cn' was expected/) + } + end + + describe 'with no private key' do + it { + should run.with_params(noprivkey_cert_path, + 'site1.fuel.local').and_raise_error(/private key/) + } + end + + # The wrong_dates certificate is valid from the point of view of the puppet + # function that will simply emits a warning. + describe 'with a wrong date' do + it { + should run.with_params(wrong_dates_cert_path, + 'mirantis.com') + } + end + +end