Enable revokation when easyrsa version 3.0 is used

voxpupuli · Dec 12, 2019 · 99b8b77 · 99b8b77
1 parent c2b95e9
commit 99b8b77
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 3 deletions.
diff --git a/manifests/revoke.pp b/manifests/revoke.pp
@@ -25,10 +25,16 @@
 
   $etc_directory = $openvpn::etc_directory
 
+  $revocation_command = $openvpn::easyrsa_version ? {
+    '3.0' => ". ./vars && ./easyrsa revoke --batch ${name}; echo \"exit $?\" | grep -qE '(error 23|exit (0|2))' && touch revoked/${name}",
+    '2.0' => ". ./vars && ./revoke-full ${name}; echo \"exit $?\" | grep -qE '(error 23|exit (0|2))' && touch revoked/${name}",
+  }
+
   exec { "revoke certificate for ${name} in context of ${server}":
-    command  => ". ./vars && ./revoke-full ${name}; echo \"exit $?\" | grep -qE '(error 23|exit (0|2))' && touch revoked/${name}",
+    command  => $revocation_command,
     cwd      => "${etc_directory}/openvpn/${server}/easy-rsa",
     creates  => "${etc_directory}/openvpn/${server}/easy-rsa/revoked/${name}",
     provider => 'shell',
+    notify   => Exec["renew crl.pem for ${name}"],
   }
 }
diff --git a/spec/defines/openvpn_revoke_spec.rb b/spec/defines/openvpn_revoke_spec.rb
@@ -2,7 +2,7 @@
 
 describe 'openvpn::revoke', type: :define do
   on_supported_os.each do |os, facts|
-    context "on #{os}" do
+    context "on #{os} with default easyrsa version" do
       let(:pre_condition) do
         [
           'openvpn::server { "test_server":
@@ -18,7 +18,9 @@
         ].join
       end
       let(:facts) do
-        facts
+        facts.merge(
+          easyrsa: '2.0'
+        )
       end
       let(:title) { 'test_client' }
       let(:params) { { 'server' => 'test_server' } }
@@ -31,5 +33,36 @@
         )
       }
     end
+    context "on #{os} with easyrsa version 3.0" do
+      let(:pre_condition) do
+        [
+          'openvpn::server { "test_server":
+            country       => "CO",
+            province      => "ST",
+            city          => "Some City",
+            organization  => "example.org",
+            email         => "[email protected]"
+          }',
+          'openvpn::client { "test_client3":
+            server => "test_server"
+          }'
+        ].join
+      end
+      let(:facts) do
+        facts.merge(
+          easyrsa: '3.0'
+        )
+      end
+      let(:title) { 'test_client3' }
+      let(:params) { { 'server' => 'test_server' } }
+
+      it { is_expected.to compile.with_all_deps }
+
+      it {
+        is_expected.to contain_exec('revoke certificate for test_client3 in context of test_server').with(
+          'command' => ". ./vars && ./easyrsa revoke --batch test_client3; echo \"exit $?\" | grep -qE '(error 23|exit (0|2))' && touch revoked/test_client3"
+        )
+      }
+    end
   end
 end