Merge pull request #248 from microsoft/feature/keychainfix

QOL Improvment: Remove dependency on attribute and use property instead for keychain password in certificate resource
This commit is contained in:
Jacob Zaval 2022-03-04 17:33:23 -08:00
Родитель d1902a32ba
Коммит 61e209129c
4 изменённых файлов: 23 добавлений и 13 удалений

Просмотреть файл

@ -1,14 +1,20 @@
# Changelog
## [4.3.0] - 2022-02-18
## [4.3.0] - 2022-03-04
### Fixed
- Reversed order of arguments for certificate installation to address [Bug 244](https://github.com/microsoft/macos-cookbook/issues/244).
### Added
- New test suites and recipe change to account for `.cer` files.
- New certificate resource property: `kc_passwd` which allows setting of keychain password.
- Check for certificate existence within the keychain before installing a new one to ensure idempotency.
- Made password properties sensitive.
- Updated certificate resource documentation.
- New test suites and recipe change to account for `.cer` files.
### Changed
- Removed dependency on using the `default['macos']['admin_password']` attribute for setting the keychain password when using the certificate resource.
## [4.2.3] - 2022-02-03

Просмотреть файл

@ -3,7 +3,7 @@ certificate
Use the **certificate** resource to manage certificates for keychains.
Under the hood, the [**certificate**](https://github.com/Microsoft/macos-cookbook/blob/master/resources/certificate.rb) resource executes the `security`
command in the `security_cmd` library.
command in the [**security_cmd**](https://github.com/Microsoft/macos-cookbook/blob/master/libraries/security_cmd.rb) library.
Syntax
------
@ -16,6 +16,7 @@ certificate 'cert name' do
certfile String # certificate in .p12(PFX) or .cer(SSl certificate file) format
cert_passwd String # password for PFX format certificate file
keychain String # keychain to install certificate to
kc_passwd String # keychain password
apps Array # list of apps that may access the imported key
end
```
@ -48,6 +49,7 @@ certificate 'cert name' do
certfile '/User/edward/Documents/cert.p12'
cert_passwd 'teach'
keychain '/User/edward/Library/Keychains/florida.keychain'
kc_passwd 'test'
end
```

Просмотреть файл

@ -1,26 +1,26 @@
unified_mode true
provides :certificate
default_action :install
property :certfile, String
property :cert_password, String
property :keychain, String
property :cert_password, String, sensitive: true
property :keychain, String, required: true
property :kc_passwd, String, required: true, sensitive: true
property :apps, Array
action_class do
def keychain
new_resource.property_is_set?(:keychain) ? new_resource.keychain : ''
end
end
action :install do
cert = SecurityCommand.new(new_resource.certfile, keychain)
cert = SecurityCommand.new(new_resource.certfile, new_resource.keychain)
execute 'unlock keychain' do
command Array(cert.unlock_keychain(node['macos']['admin_password']))
command Array(cert.unlock_keychain(new_resource.kc_passwd))
end
cert_shasum = shell_out("shasum #{new_resource.certfile}").stdout.upcase.gsub(/\s.+/, '')
find_cert_output = shell_out("/usr/bin/security find-certificate -a -Z #{new_resource.keychain}").stdout
execute 'install-certificate' do
command Array(cert.install_certificate(new_resource.cert_password, new_resource.apps))
not_if { find_cert_output.include? cert_shasum }
end
end

Просмотреть файл

@ -27,6 +27,7 @@ end
certificate 'install a .cer format certificate file' do
certfile foobar_cer_path
keychain '/Users/vagrant/Library/Keychains/login.keychain'
kc_passwd node['macos']['admin_password']
apps ['/Applications/Numbers.app']
action :install
end
@ -35,6 +36,7 @@ certificate 'install a PFX format certificate file' do
certfile '/Users/vagrant/Test.p12'
cert_password 'test'
keychain '/Users/vagrant/Library/Keychains/test.keychain'
kc_passwd 'test'
apps ['/Applications/Safari.app']
action :install
end