voxpupuli · pcfens · Jun 13, 2023 · Jun 12, 2023
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -2,5 +2,6 @@ fixtures:
   repositories:
     stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git"
     remote_file: "https://github.com/lwf/puppet-remote_file.git"
+    puppet_archive: "https://github.com/voxpupuli/puppet-archive.git"
   symlinks:
     ca_cert: "#{source_dir}"
diff --git a/manifests/ca.pp b/manifests/ca.pp
@@ -69,13 +69,13 @@
   # Since Debian/Suse based OSes don't have explicit distrust directories
   # Logic is Similar for Debian/SLES10/SLES11 - but breaking into if/elsif
   # for clarity's sake as we need to change untrusted to absent and warn in the log
-  if $::osfamily == 'Debian' and $ensure == 'distrusted' {
-    warning("Cannot explicitly set CA distrust on ${::operatingsystem}.")
+  if $facts['os']['family'] == 'Debian' and $ensure == 'distrusted' {
+    warning("Cannot explicitly set CA distrust on ${facts['os']['name']}.")
     warning("Ensuring that ${name} CA is absent from the trusted list.")
     $adjusted_ensure = 'absent'
   }
-  elsif ($::osfamily == 'Suse' and $::operatingsystemmajrelease =~ /(10|11)/) and $ensure == 'distrusted' {
-    warning("Cannot explicitly set CA distrust on ${::operatingsystem} ${::operatingsystemmajrelease}.")
+  elsif ($facts['os']['family'] == 'Suse' and $facts['os']['release']['major'] =~ /(10|11)/) and $ensure == 'distrusted' {
+    warning("Cannot explicitly set CA distrust on ${facts['os']['name']} ${facts['os']['release']['major']}.")
     warning("Ensuring that ${name} CA is absent from the trusted list.")
     $adjusted_ensure = 'absent'
   }
@@ -85,7 +85,7 @@
   # Determine Full Resource Name
   # Sles 10/11 Only Supports .pem files
   # Other supported OS variants default to .crt
-  if ($::osfamily == 'Suse') and ($::operatingsystemmajrelease =~ /(10|11)/) {
+  if ($facts['os']['family'] == 'Suse') and ($facts['os']['release']['major'] =~ /(10|11)/) {
     if $source != 'text' and $source !~ /^.*\.pem$/ {
       fail("${source} not proper format - SLES 10/11 CA Files must be in .pem format")
     }

diff --git a/manifests/enable.pp b/manifests/enable.pp
@@ -3,7 +3,7 @@
 
   include ca_cert
 
-  if ($::osfamily == 'RedHat' and versioncmp($::operatingsystemrelease, '7') < 0) {
+  if ($facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['full'], '7') < 0) {
     if $ca_cert::force_enable {
       exec { 'enable_ca_trust':
         command   => 'update-ca-trust force-enable',

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -1,6 +1,6 @@
 # Private class
 class ca_cert::params {
-  case $::osfamily {
+  case $facts['os']['family'] {
     'Debian': {
       $trusted_cert_dir  = '/usr/local/share/ca-certificates'
       $update_cmd        = 'update-ca-certificates'
@@ -9,15 +9,15 @@
       $ca_file_mode      = '0444'
       $ca_file_extension = 'crt'
       $package_name      = 'ca-certificates'
-      case $::operatingsystem {
+      case $facts['os']['name'] {
         'Ubuntu': {
           $cert_dir_mode     = '0755'
         }
         'Debian': {
           $cert_dir_mode     = '2665'
         }
         default: {
-          fail("Unsupported operatingsystem (${::operatingsystem})")
+          fail("Unsupported operatingsystem (${facts['os']['name']})")
         }
       }
     }
@@ -44,13 +44,13 @@
       $package_name        = 'ca-certificates'
     }
     'Suse': {
-      if $::operatingsystemmajrelease =~ /(10|11)/  {
+      if $facts['os']['release']['major'] =~ /(10|11)/  {
         $trusted_cert_dir  = '/etc/ssl/certs'
         $update_cmd        = 'c_rehash'
         $ca_file_extension = 'pem'
         $package_name      = 'openssl-certs'
       }
-      elsif versioncmp($::operatingsystemmajrelease, '12') >= 0 {
+      elsif versioncmp($facts['os']['release']['major'], '12') >= 0 {
         $trusted_cert_dir    = '/etc/pki/trust/anchors'
         $distrusted_cert_dir = '/etc/pki/trust/blacklist'
         $update_cmd          = 'update-ca-certificates'
@@ -73,7 +73,7 @@
       $package_name        = 'ca-certificates'
     }
     'Solaris': {
-      if versioncmp($::operatingsystemmajrelease, '11') >= 0  {
+      if versioncmp($facts['os']['release']['major'], '11') >= 0  {
         $trusted_cert_dir    = '/etc/certs/CA/'
         $update_cmd          = '/usr/sbin/svcadm restart /system/ca-certificates'
         $cert_dir_group      = 'sys'
@@ -84,11 +84,11 @@
         $package_name        = 'ca-certificates'
       }
       else {
-        fail("Unsupported OS Major release (${::operatingsystemmajrelease})")  
+        fail("Unsupported OS Major release (${facts['os']['release']['major']})")
       }
     }
     default: {
-      fail("Unsupported osfamily (${::osfamily})")
+      fail("Unsupported osfamily (${facts['os']['family']})")
     }
   }
 }
diff --git a/spec/acceptance/ca_cert_ca_spec.rb b/spec/acceptance/ca_cert_ca_spec.rb
@@ -1,6 +1,6 @@
 require 'spec_helper_acceptance'
 
-case fact('osfamily')
+case fact('os.family')
 when 'Debian'
   trusted_ca_file_remote = '/usr/local/share/ca-certificates/Globalsign_Org_Intermediate.crt'
   absent_ca_file_remote = '/etc/pki/ca-trust/source/blacklist/CACert.crt'
@@ -69,7 +69,7 @@
       it { is_expected.to be_file }
     end
 
-    case fact('osfamily')
+    case fact('os.family')
     when 'Debian'
       describe file(absent_ca_file_remote) do
         it { is_expected.not_to be_file }

diff --git a/spec/classes/ca_cert_spec.rb b/spec/classes/ca_cert_spec.rb
@@ -11,8 +11,10 @@
   context 'on a Debian based OS' do
     let :facts do
       {
-        osfamily: 'Debian',
-        operatingsystem: 'Ubuntu',
+        'os' => {
+          'family' => 'Debian',
+          'name'   => 'Ubuntu',
+        },
       }
     end
 
@@ -49,8 +51,14 @@
   context 'on a RedHat based OS' do
     let :facts do
       {
-        osfamily: 'RedHat',
-        operatingsystemrelease: '7.0',
+        'os' => {
+          'family'  => 'RedHat',
+          'release' => {
+            'major' => '7',
+            'minor' => '0',
+            'full'  => '7.0',
+          },
+        },
       }
     end
 
@@ -89,8 +97,12 @@
     context "on a Suse #{osmajrel} based OS" do
       let :facts do
         {
-          osfamily: 'Suse',
-          operatingsystemmajrelease: osmajrel.to_s,
+          'os' => {
+            'family'  => 'Suse',
+            'release' => {
+              'major' => osmajrel.to_s,
+            },
+          },
         }
       end
 
@@ -129,8 +141,12 @@
   context 'on a Suse 12 based OS' do
     let :facts do
       {
-        osfamily: 'Suse',
-        operatingsystemmajrelease: '12',
+        'os' => {
+          'family'  => 'Suse',
+          'release' => {
+            'major' => '12',
+          },
+        },
       }
     end
 
@@ -167,7 +183,9 @@
   context 'on a Solaris based OS' do
     let :facts do
       {
-        osfamily: 'Solaris',
+        'os' => {
+          'family' => 'Solaris',
+        },
       }
     end
 

diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb
@@ -12,7 +12,9 @@
   ].each do |osfamily|
     let :facts do
       {
-        osfamily: osfamily,
+        'os' => {
+          'family' => osfamily,
+        },
       }
     end
 
@@ -29,8 +31,12 @@
     context "On a Suse #{osmajrel} Operating System" do
       let :facts do
         {
-          osfamily: 'Suse',
-          operatingsystemmajrelease: osmajrel.to_s,
+          'os' => {
+            'family'  => 'Suse',
+            'release' => {
+              'major' => osmajrel.to_s,
+            },
+          },
         }
       end
 
@@ -45,7 +51,9 @@
   context 'on an unsupported operating system' do
     let :facts do
       {
-        osfamily: 'Solaris',
+        'os' => {
+          'family' => 'Solaris',
+        },
       }
     end
 

diff --git a/spec/classes/update_spec.rb b/spec/classes/update_spec.rb
@@ -11,7 +11,7 @@
       it { is_expected.to compile.with_all_deps }
       it { is_expected.to contain_class('ca_cert::params') }
 
-      case facts[:osfamily]
+      case facts[:os]['family']
       when 'Debian'
         it { is_expected.not_to contain_exec('enable_ca_trust') }
         it {
@@ -21,7 +21,7 @@
           )
         }
       when 'RedHat'
-        if facts[:operatingsystemmajrelease] == '7'
+        if facts[:os]['release']['major'] == '7'
           it { is_expected.not_to contain_exec('enable_ca_trust') }
         else
           context 'with force_enable set to true' do
@@ -44,7 +44,7 @@
         }
       when 'Suse'
         it { is_expected.not_to contain_exec('enable_ca_trust') }
-        case facts[:operatingsystemmajrelease]
+        case facts[:os]['release']['major']
         when '10', '11'
           it {
             is_expected.to contain_exec('ca_cert_update').with(

diff --git a/spec/defines/ca_spec.rb b/spec/defines/ca_spec.rb
@@ -47,32 +47,46 @@
 
   let :debian_facts do
     {
-      osfamily: 'Debian',
-      operatingsystem: 'Ubuntu',
+      os: {
+        family: 'Debian',
+        name: 'Ubuntu',
+      },
     }
   end
 
   let :redhat_facts do
     {
-      osfamily: 'RedHat',
-      operatingsystem: 'RedHat',
-      operatingsystemrelease: '7.0',
+      os: {
+        family: 'RedHat',
+        name: 'RedHat',
+        release: {
+          full: '7.0',
+        },
+      },
     }
   end
 
   let :suse_11_facts do
     {
-      osfamily: 'Suse',
-      operatingsystem: 'Suse',
-      operatingsystemmajrelease: '11',
+      os: {
+        family: 'Suse',
+        name: 'Suse',
+        release: {
+          major: '11',
+        },
+      },
     }
   end
 
   let :suse_12_facts do
     {
-      osfamily: 'Suse',
-      operatingsystem: 'Suse',
-      operatingsystemmajrelease: '12',
+      os: {
+        family: 'Suse',
+        name: 'Suse',
+        release: {
+          major: '12',
+        },
+      },
     }
   end