test(inspec): the cert pillar must be in mapdata reference files

This test the list of added and removed certificates defined in pillar.

test/integration/default/files/_mapdata/amazonlinux-2.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/pki/tls/private
   key_ext: .key
   key_group: root
   key_mode: 600
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/arch-base-latest.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/ssl/private
   key_ext: .key
   key_group: root
   key_mode: 600
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/centos-7.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/pki/tls/private
   key_ext: .key
   key_group: root
   key_mode: 600
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/centos-8.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/pki/tls/private
   key_ext: .key
   key_group: root
   key_mode: 600
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/debian-10.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/ssl/private
   key_ext: .key
   key_group: ssl-cert
   key_mode: 640
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/debian-9.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/ssl/private
   key_ext: .key
   key_group: ssl-cert
   key_mode: 640
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/fedora-32.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/pki/tls/private
   key_ext: .key
   key_group: root
   key_mode: 600
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/fedora-33.yaml

@@ -9,18 +9,40 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/pki/tls/private
   key_ext: .key
   key_group: root
   key_mode: 600
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   pkgs:
   - ca-certificates

test/integration/default/files/_mapdata/gentoo-2-sysd.yaml

@@ -9,17 +9,39 @@ values:
   cert_source_dir: /tmp/kitchen/srv/salt/files/
   cert_tmp_dir: /tmp/certs/
   cert_user: root
+  certlist:
+    cert.and.key.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n1MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n1MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+    cert.and.key.to.remove:
+      cert: "-----BEGIN CERTIFICATE-----\n3MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      key: "-----BEGIN RSA PRIVATE KEY-----\n3MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      remove: true
+    cert.and.key.with.ext.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n4MOCKED CERT AND KEY\n-----END CERTIFICATE----- "
+      cert_ext: ".pem"
+      key: "-----BEGIN RSA PRIVATE KEY-----\n4MOCKED CERT AND KEY\n-----END RSA PRIVATE
+        KEY----- "
+      key_ext: ".priv"
+    cert.from.src.to.add: {}
+    cert.to.add:
+      cert: "-----BEGIN CERTIFICATE-----\n2MOCKED CERT\n-----END CERTIFICATE----- "
   key_dir: /etc/ssl/private
   key_ext: .key
   key_group: root
   key_mode: 600
   key_user: root
+  lookup:
+    cert_source_dir: "/tmp/kitchen/srv/salt/files/"
   map_jinja:
     sources:
     - Y:G@osarch
     - Y:G@os_family
     - Y:G@os
     - Y:G@osfinger
     - C@cert:lookup
+    - C@cert
     - Y:G@id
   remove: false