poise-tls-remote-file 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 38cf3154da122119b61d5f2437d8282c2dfca5f9
-  data.tar.gz: ecef48fcb18f994b701ef2fdeb30e3757b03ebe9
+  metadata.gz: 2be95b7dbc16895507b6db4ca1f1a24d697b9bf9
+  data.tar.gz: ede12925c5f02d55b61b10342af141cda463b7ee
 SHA512:
-  metadata.gz: 4bb1f9cd9463ed5da446118327441b729306db6c5e9d419a3f32c6fe40fbae608f39092c6a3667e2e512ddc6089de4b0aa774a0d3ee58a4a8634d7b6fa5ca23f
-  data.tar.gz: 25544301acbf243536f005511746339d756ff945a824b720f10899778fe9c535229dd2fcd26184f2320de6dcab7544eb2355d82fd2f003a75b13584203022655
+  metadata.gz: 0c6e309db92644bb012a8bb3e54aa1d2accd077a2c1ceef13c1ed96717fbb2f9f54f9becd44411c5742ca0a98300afbc117c6bd7d75e0e6fdc20d14ea478c5bf
+  data.tar.gz: b176751d01fe72994a582a6b408a3de0c95bd0a3d53873a4dfaddf835b685e930a29307da14e1a76c0a404ca192d25a996ebdbf56927e9cb318df02bbe210636

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Poise-TLS-Remote-File Changelog
 
+## v1.0.1
+
+* Fix for using HTTP URLs with a `ca` property set.
+
 ## v1.0.0
 
 * Initial release!

data/README.md

@@ -8,7 +8,7 @@
 [![License](https://img.shields.io/badge/license-Apache_2-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 
 A [Chef](https://www.chef.io/) cookbook to download files over HTTPS using TLS
-client certificate authentication.
+client certificate authentication or with custom CA certificates.
 
 ## Quick Start
 
@@ -21,6 +21,29 @@ tls_remote_file '/path/to/file' do
 end
 ```
 
+To specify a CA certificate for the download:
+
+```ruby
+tls_remote_file '/path/to/file' do
+  ca '/etc/ssl/mycompany.crt'
+end
+```
+
+Certificates and keys can also be specified in-line as strings or retrieved
+from other APIs like Chef data bags:
+
+```ruby
+tls_remote_file '/path/to/file' do
+  client_cert data_bag_item('client_keys', node.chef_environment)['key']
+  ca <<-EOH
+-----BEGIN CERTIFICATE-----
+MIIFEjCCAvoCAQIwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
+...
+-----END CERTIFICATE-----
+EOH
+end
+```
+
 ## Attributes
 
 * `node['poise-tls-remote-file']['client_cert']` – Default client_cert for all

data/lib/poise_tls_remote_file/resources/poise_tls_remote_file.rb

@@ -129,7 +129,8 @@ module PoiseTlsRemoteFile
                     super(*inner_args).tap do |client|
                       client.http_client.cert = client_cert if client_cert
                       client.http_client.key = client_key if client_key
-                      ca.each {|cert| client.http_client.cert_store.add_cert(cert) if cert }
+                      # cert_store is nil if this is not an HTTPS URL.
+                      ca.each {|cert| client.http_client.cert_store.add_cert(cert) if cert } if client.http_client.cert_store
                     end
                   end
                 })

data/lib/poise_tls_remote_file/version.rb

@@ -16,5 +16,5 @@
 
 
 module PoiseTlsRemoteFile
-  VERSION = '1.0.0'
+  VERSION = '1.0.1'
 end

data/poise-tls-remote-file.gemspec

@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
   spec.version = PoiseTlsRemoteFile::VERSION
   spec.authors = ['Noah Kantrowitz']
   spec.email = %w{noah@coderanger.net}
-  spec.description = 'A Chef cookbook for managing something.'
+  spec.description = 'A Chef cookbook cookbook to download files over HTTPS using TLS client certificate authentication.'
   spec.summary = spec.description
   spec.homepage = 'https://github.com/poise/poise-tls-remote-file'
   spec.license = 'Apache 2.0'

data/test/cookbook/recipes/default.rb

@@ -68,6 +68,19 @@ http {
       root /test;
     }
   }
+
+  server {
+    listen 444;
+    ssl on;
+    server_name localhost;
+
+    ssl_certificate /test/server.crt;
+    ssl_certificate_key  /test/server.key;
+
+    location / {
+      root /test;
+    }
+  }
 }
 EOH
 end
@@ -90,7 +103,24 @@ tls_remote_file '/output2' do
   ca '/test/ca.crt'
 end
 
+# Test with no client key, just normal HTTPS as fallback.
+tls_remote_file '/output3' do
+  source 'https://localhost:444/target'
+  ca '/test/ca.crt'
+end
+
+# And even more fallback, just plain HTTP.
+tls_remote_file '/output4' do
+  source 'http://localhost/target'
+end
+
+# HTTP even with a CA cert.
+tls_remote_file '/output5' do
+  source 'http://localhost/target'
+  ca '/test/ca.crt'
+end
+
 # Make sure I didn't break normal remote_file.
-remote_file '/output3' do
+remote_file '/output6' do
   source 'http://localhost/target'
 end

data/test/gemfiles/master.gemfile

@@ -17,8 +17,9 @@
 eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
 
 gem 'chef', github: 'chef/chef'
-gem 'ohai', github: 'chef/ohai'
 gem 'halite', github: 'poise/halite'
+gem 'ohai', github: 'chef/ohai'
 gem 'poise', github: 'poise/poise'
 gem 'poise-boiler', github: 'poise/poise-boiler'
+gem 'poise-profiler', github: 'poise/poise-profiler'
 gem 'poise-service', github: 'poise/poise-service'

data/test/integration/default/serverspec/default_spec.rb

@@ -28,3 +28,15 @@ end
 describe file('/output3') do
   its(:content) { is_expected.to eq "Hello world\n" }
 end
+
+describe file('/output4') do
+  its(:content) { is_expected.to eq "Hello world\n" }
+end
+
+describe file('/output5') do
+  its(:content) { is_expected.to eq "Hello world\n" }
+end
+
+describe file('/output6') do
+  its(:content) { is_expected.to eq "Hello world\n" }
+end

data/test/spec/resources/poise_tls_remote_file_spec.rb

@@ -327,4 +327,30 @@ EOH
       run_chef
     end
   end # /context with node["poise-tls-remote-file"]["ca"]
+
+  context 'with no additional properties' do
+    it { expect { run_chef }.to_not raise_error }
+  end # /context with no additional properties
+
+  context 'with an HTTP URL' do
+    before do
+      allow(stub_http).to receive(:cert_store).and_return(nil)
+    end
+    recipe do
+      tls_remote_file node['test_tempfile'] do
+        source 'http://example.com/'
+      end
+    end
+    it { expect { run_chef }.to_not raise_error }
+
+    context 'with a CA cert' do
+      recipe do
+        tls_remote_file node['test_tempfile'] do
+          source 'http://example.com/'
+          ca '/test/ca.crt'
+        end
+      end
+      it { expect { run_chef }.to_not raise_error }
+    end # /context with a CA cert
+  end # /context with an HTTP URL
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: poise-tls-remote-file
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Noah Kantrowitz
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-14 00:00:00.000000000 Z
+date: 2017-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -72,7 +72,8 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-description: A Chef cookbook for managing something.
+description: A Chef cookbook cookbook to download files over HTTPS using TLS client
+  certificate authentication.
 email:
 - noah@coderanger.net
 executables: []
@@ -153,7 +154,8 @@ rubyforge_project:
 rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
-summary: A Chef cookbook for managing something.
+summary: A Chef cookbook cookbook to download files over HTTPS using TLS client certificate
+  authentication.
 test_files:
 - test/cookbook/files/ca.crt
 - test/cookbook/files/ca.key