Merge pull request #136 from jlambert121/rem_ensure_resource

refactor to remove ensure_resource
voxpupuli · Mar 5, 2015 · 83901d8 · 83901d8
2 parents 530e094 + 2475c08
commit 83901d8
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 39 deletions.
diff --git a/manifests/ca.pp b/manifests/ca.pp
@@ -117,22 +117,20 @@
     group => $group_to_set,
   }
 
-  # directory shared with openvpn::server
-  ensure_resource(file, "/etc/openvpn/${name}", {
-    ensure => directory,
-    mode   => '0750',
-  })
-
   exec { "copy easy-rsa to openvpn config folder ${name}":
     command => "/bin/cp -r ${openvpn::params::easyrsa_source} /etc/openvpn/${name}/easy-rsa",
     creates => "/etc/openvpn/${name}/easy-rsa",
-    notify  => Exec["fix_easyrsa_file_permissions_${name}"],
     require => File["/etc/openvpn/${name}"],
   }
 
-  exec { "fix_easyrsa_file_permissions_${name}":
-    refreshonly => true,
-    command     => "/bin/chmod 750 /etc/openvpn/${name}/easy-rsa/*",
+  file { [
+    "/etc/openvpn/${name}/easy-rsa/clean-all",
+    "/etc/openvpn/${name}/easy-rsa/build-dh",
+    "/etc/openvpn/${name}/easy-rsa/pkitool",
+  ]:
+    ensure  => file,
+    mode    => '0550',
+    require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
 
   file { "/etc/openvpn/${name}/easy-rsa/revoked":
@@ -144,6 +142,7 @@
 
   file { "/etc/openvpn/${name}/easy-rsa/vars":
     ensure  => file,
+    mode    => '0550',
     content => template('openvpn/vars.erb'),
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
@@ -156,6 +155,7 @@
     File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] {
       ensure => link,
       target => "/etc/openvpn/${name}/easy-rsa/openssl-1.0.0.cnf",
+      before => Exec["initca ${name}"],
     }
   }
 
@@ -172,10 +172,7 @@
     cwd      => "/etc/openvpn/${name}/easy-rsa",
     creates  => "/etc/openvpn/${name}/easy-rsa/keys/ca.key",
     provider => 'shell',
-    require  => [
-      Exec["generate dh param ${name}"],
-      File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"]
-    ],
+    require  => Exec["generate dh param ${name}"],
   }
 
   exec { "generate server cert ${name}":
@@ -192,19 +189,20 @@
     require => Exec["copy easy-rsa to openvpn config folder ${name}"],
   }
 
-  file { "/etc/openvpn/${name}/crl.pem":
-    mode    => '0640',
-    group   =>  $group_to_set,
-    require => [Exec["create crl.pem on ${name}"], File["/etc/openvpn/${name}"]],
-  }
-
   exec { "create crl.pem on ${name}":
     command  => ". ./vars && KEY_CN='' KEY_OU='' KEY_NAME='' KEY_ALTNAMES='' openssl ca -gencrl -out /etc/openvpn/${name}/crl.pem -config /etc/openvpn/${name}/easy-rsa/openssl.cnf",
     cwd      => "/etc/openvpn/${name}/easy-rsa",
     creates  => "/etc/openvpn/${name}/crl.pem",
     provider => 'shell',
     require  => Exec["generate server cert ${name}"],
   }
+
+  file { "/etc/openvpn/${name}/crl.pem":
+    mode    => '0640',
+    group   =>  $group_to_set,
+    require => Exec["create crl.pem on ${name}"],
+  }
+
   if $tls_auth {
     exec { "generate tls key for ${name}":
       command  => 'openvpn --genkey --secret keys/ta.key',

diff --git a/manifests/client.pp b/manifests/client.pp
@@ -198,12 +198,11 @@
   Openvpn::Ca[$ca_name] ->
   Openvpn::Client[$name]
 
-  exec {
-    "generate certificate for ${name} in context of ${ca_name}":
-      command  => ". ./vars && ./pkitool ${name}",
-      cwd      => "/etc/openvpn/${ca_name}/easy-rsa",
-      creates  => "/etc/openvpn/${ca_name}/easy-rsa/keys/${name}.crt",
-      provider => 'shell',
+  exec { "generate certificate for ${name} in context of ${ca_name}":
+    command  => ". ./vars && ./pkitool ${name}",
+    cwd      => "/etc/openvpn/${ca_name}/easy-rsa",
+    creates  => "/etc/openvpn/${ca_name}/easy-rsa/keys/${name}.crt",
+    provider => 'shell';
   }
 
   file { [ "/etc/openvpn/${server}/download-configs/${name}",

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -426,16 +426,21 @@
     default => $group
   }
 
+  if $shared_ca {
+    $ca_name = $shared_ca
+  } else {
+    $ca_name = $name
+  }
+
   File {
     group => $group_to_set,
   }
 
-  # directory shared with openvpn::ca
-  ensure_resource(file, "/etc/openvpn/${name}", {
+  file { "/etc/openvpn/${name}":
     ensure => directory,
     mode   => '0750',
     notify => $notify,
-  })
+  }
 
   if !$remote {
     if !$shared_ca {
@@ -446,7 +451,6 @@
       if $organization == undef { fail('organization has to be specified in server mode') }
       if $email == undef { fail('email has to be specified in server mode') }
 
-      $ca_name = $name
       $ca_common_name = $common_name
       ::openvpn::ca { $name:
         country      => $country,
@@ -465,9 +469,10 @@
         tls_auth     => $tls_auth,
       }
     } else {
-      $ca_name = $shared_ca
-      $ca_common_name = getparam(Openvpn::Ca[$ca_name], 'common_name')
-      Openvpn::Ca[$shared_ca] -> Openvpn::Server[$name]
+      if !defined(Openvpn::Ca[$shared_ca]) {
+        fail("Openvpn::ca[${name}] is not defined for shared_ca")
+      }
+      $ca_common_name = getparam(Openvpn::Ca[$shared_ca], 'common_name')
     }
 
     file {
@@ -480,8 +485,6 @@
     }
   } else {
     # VPN Client Mode
-
-    $ca_name = $name
     $ca_common_name = $name
 
     file { "/etc/openvpn/${name}/keys":
@@ -519,7 +522,7 @@
     service { "openvpn@${name}":
       ensure  => running,
       enable  => true,
-      require => [ File["/etc/openvpn/${name}.conf"] ]
+      require => [ File["/etc/openvpn/${name}.conf"], Openvpn::Ca[$ca_name] ]
     }
   }
 

diff --git a/spec/defines/openvpn_ca_spec.rb b/spec/defines/openvpn_ca_spec.rb
@@ -24,9 +24,11 @@
     } }
 
     # Files associated with a server config
-    it { should contain_file('/etc/openvpn/test_server/easy-rsa/revoked').
-         with(:ensure =>'directory', :mode =>'0750', :recurse =>true, :group =>'nogroup') }
-    it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')}
+
+    it { should contain_file('/etc/openvpn/test_server/easy-rsa/clean-all').with(:mode => '0550') }
+    it { should contain_file('/etc/openvpn/test_server/easy-rsa/build-dh').with(:mode => '0550') }
+    it { should contain_file('/etc/openvpn/test_server/easy-rsa/pkitool').with(:mode => '0550') }
+    it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars').with(:mode => '0550') }
     it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').
          with(:recurse =>nil, :group =>'nogroup') }
     it { should contain_file('/etc/openvpn/test_server/easy-rsa/keys/crl.pem').