beaker-puppet 1.3.0 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 45a8dfa4bb241b997e60986c8896160470a637d8
4
- data.tar.gz: 17f813f9d4d3fcf09a61d4565623b8fd2e08f958
3
+ metadata.gz: 7e8e07f8616629904fa0d1a0dafb32f81c9c3c68
4
+ data.tar.gz: 027a86d8fa7512e09769d3c3baadc70d6a52664b
5
5
  SHA512:
6
- metadata.gz: 61950830eb26571e505889c2d993abdc6394b4e883e5c231acf644b9dba52c6e594bc01b58cfe13605f293fdf1f66bf4a3a6c3c28ffc7ffffc35275c8e55007c
7
- data.tar.gz: 8596699dbe70b8144a11978d461587fbb69dec600e0f52adff7d4a6f9931def1cb5cb4efae77bf0baa34366003cf40cce9de82b182371661e89e581277fcc40d
6
+ metadata.gz: 5350380ad4d9901b7a18b7174e9e7ca04494d46ad5148605a349f72016a1bec17a15a56cf75a47a02fe31c26ea024584cb171792585d64a5bb0ec4863c0ca54b
7
+ data.tar.gz: a30b47610782db0029b33f8514271ca8af9e07785d3436f4bcd0681e0b162a2440e3700d52110b293557052a78c2fc72b0e494620fd778d72abd708845c0aaaa
@@ -14,7 +14,7 @@ module Beaker
14
14
  # the file specified by path. The returned mode is an integer
15
15
  # value containing only the file mode, excluding the type, e.g
16
16
  # S_IFDIR 0040000
17
- def stat(host, path)
17
+ def beaker_stat(host, path)
18
18
  ruby = ruby_command(host)
19
19
  owner = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getpwuid(File.stat(\"#{path}\").uid).name)'").stdout.chomp
20
20
  group = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getgrgid(File.stat(\"#{path}\").gid).name)'").stdout.chomp
@@ -24,7 +24,7 @@ module Beaker
24
24
  end
25
25
 
26
26
  def assert_ownership_permissions(host, location, expected_user, expected_group, expected_permissions)
27
- permissions = stat(host, location)
27
+ permissions = beaker_stat(host, location)
28
28
  assert_equal(expected_user, permissions[0], "Owner #{permissions[0]} does not match expected #{expected_user}")
29
29
  assert_equal(expected_group, permissions[1], "Group #{permissions[1]} does not match expected #{expected_group}")
30
30
  assert_equal(expected_permissions, permissions[2], "Permissions #{permissions[2]} does not match expected #{expected_permissions}")
@@ -180,10 +180,15 @@ module Beaker
180
180
  end
181
181
  end
182
182
 
183
- puppetserver_opts = { "jruby-puppet" => {
184
- "master-conf-dir" => confdir,
185
- "master-var-dir" => vardir,
186
- }}
183
+ puppetserver_opts = {
184
+ "jruby-puppet" => {
185
+ "master-conf-dir" => confdir,
186
+ "master-var-dir" => vardir,
187
+ },
188
+ "certificate-authority" => {
189
+ "allow-subject-alt-names" => true
190
+ }
191
+ }
187
192
 
188
193
  puppetserver_conf = File.join("#{host['puppetserver-confdir']}", "puppetserver.conf")
189
194
  modify_tk_config(host, puppetserver_conf, puppetserver_opts)
@@ -817,29 +822,37 @@ module Beaker
817
822
  # @param [Host, Array<Host>, String, Symbol] host One or more hosts, or a role (String or Symbol)
818
823
  # that identifies one or more hosts to validate certificate signing.
819
824
  # No argument, or an empty array means no validation of success
820
- # for specific hosts will be performed. This will always execute
821
- # 'cert --sign --all --allow-dns-alt-names' even for a single host.
822
- #
825
+ # for specific hosts will be performed.
823
826
  # @return nil
824
827
  # @raise [FailTest] if process times out
825
828
  def sign_certificate_for(host = [])
826
829
  hostnames = []
827
830
  hosts = host.is_a?(Array) ? host : [host]
831
+ puppet_version = on(master, puppet('--version'))
828
832
  hosts.each{ |current_host|
829
833
  if [master, dashboard, database].include? current_host
830
-
831
834
  on current_host, puppet( 'agent -t' ), :acceptable_exit_codes => [0,1,2]
832
- on master, puppet( "cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
833
835
 
836
+ if version_is_less(puppet_version, '5.99')
837
+ on master, puppet("cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
838
+ else
839
+ on master, "puppetserver ca sign --certname #{current_host}"
840
+ end
834
841
  else
835
842
  hostnames << Regexp.escape( current_host.node_name )
836
843
  end
837
844
  }
845
+
838
846
  if hostnames.size < 1
839
- on master, puppet("cert --sign --all --allow-dns-alt-names"),
847
+ if version_is_less(puppet_version, '5.99')
848
+ on master, puppet("cert --sign --all --allow-dns-alt-names"),
840
849
  :acceptable_exit_codes => [0,24]
850
+ else
851
+ on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
852
+ end
841
853
  return
842
854
  end
855
+
843
856
  while hostnames.size > 0
844
857
  last_sleep = 0
845
858
  next_sleep = 1
@@ -848,11 +861,21 @@ module Beaker
848
861
  fail_test("Failed to sign cert for #{hostnames}")
849
862
  hostnames.clear
850
863
  end
851
- on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
852
- out = on(master, puppet("cert --list --all")).stdout
853
- if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
854
- hostnames.clear
855
- break
864
+
865
+ if version_is_less(puppet_version, '5.99')
866
+ on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
867
+ out = on(master, puppet("cert --list --all")).stdout
868
+ if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
869
+ hostnames.clear
870
+ break
871
+ end
872
+ else
873
+ on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
874
+ out = on(master, 'puppetserver ca list --all').stdout
875
+ unless out =~ /.*Requested.*/
876
+ hostnames.clear
877
+ break
878
+ end
856
879
  end
857
880
 
858
881
  sleep next_sleep
@@ -1,3 +1,3 @@
1
1
  module BeakerPuppet
2
- VERSION = '1.3.0'
2
+ VERSION = '1.4.0'
3
3
  end
@@ -2,6 +2,7 @@ test_name "Validate Sign Cert" do
2
2
  skip_test 'not testing with puppetserver' unless @options['is_puppetserver']
3
3
  hostname = on(master, 'facter hostname').stdout.strip
4
4
  fqdn = on(master, 'facter fqdn').stdout.strip
5
+ puppet_version = on(master, puppet("--version")).stdout
5
6
 
6
7
  if master.use_service_scripts?
7
8
  step "Ensure puppet is stopped"
@@ -24,7 +25,11 @@ test_name "Validate Sign Cert" do
24
25
  :dns_alt_names => "puppet,#{hostname},#{fqdn}",
25
26
  },
26
27
  }
27
- # server will generate the CA and server certs when it starts
28
+
29
+ # In Puppet 6, we want to be using an intermediate CA
30
+ unless version_is_less(puppet_version, "5.99")
31
+ on master, 'puppetserver ca setup'
32
+ end
28
33
  with_puppet_running_on(master, master_opts) do
29
34
  agents.each do |agent|
30
35
  next if agent == master
@@ -35,7 +40,11 @@ test_name "Validate Sign Cert" do
35
40
 
36
41
  # Sign all waiting agent certs
37
42
  step "Server: sign all agent certs"
38
- on master, puppet("cert --sign --all"), :acceptable_exit_codes => [0,24]
43
+ if version_is_less(puppet_version, "5.99")
44
+ on master, puppet("cert sign --all"), :acceptable_exit_codes => [0, 24]
45
+ else
46
+ on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
47
+ end
39
48
 
40
49
  step "Agents: Run agent --test second time to obtain signed cert"
41
50
  on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2]
@@ -648,7 +648,7 @@ describe ClassMixedWithDSLHelpers do
648
648
  end
649
649
  end
650
650
 
651
- it 'signs certs' do
651
+ it 'signs certs with `puppetserver ca` in Puppet 6' do
652
652
  allow( subject ).to receive( :sleep ).and_return( true )
653
653
 
654
654
  result.stdout = "+ \"#{agent}\""
@@ -657,8 +657,25 @@ describe ClassMixedWithDSLHelpers do
657
657
  arg
658
658
  end
659
659
 
660
- expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).once
661
- expect( subject ).to receive( :on ).with( master, "cert --list --all").once.and_return( result )
660
+ expect( subject ).to receive( :on ).with( master, '--version').once.and_return("6.0.0")
661
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).once
662
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').once.and_return( result )
663
+
664
+ subject.sign_certificate_for( agent )
665
+ end
666
+
667
+ it 'signs certs with `puppet cert` in Puppet 5' do
668
+ allow( subject ).to receive( :sleep ).and_return( true )
669
+
670
+ result.stdout = "+ \"#{agent}\""
671
+
672
+ allow( subject ).to receive( :puppet ) do |arg|
673
+ arg
674
+ end
675
+
676
+ expect( subject ).to receive( :on ).with( master, '--version').once.and_return("5.0.0")
677
+ expect( subject ).to receive( :on ).with( master, 'cert --sign --all --allow-dns-alt-names', :acceptable_exit_codes => [0, 24]).once
678
+ expect( subject ).to receive( :on ).with( master, 'cert --list --all').once.and_return( result )
662
679
 
663
680
  subject.sign_certificate_for( agent )
664
681
  end
@@ -666,15 +683,16 @@ describe ClassMixedWithDSLHelpers do
666
683
  it 'retries 11 times before quitting' do
667
684
  allow( subject ).to receive( :sleep ).and_return( true )
668
685
 
669
- result.stdout = " \"#{agent}\""
686
+ result.stdout = "Requested Certificates: \"#{agent}\""
670
687
  allow( subject ).to receive( :hosts ).and_return( hosts )
671
688
 
672
689
  allow( subject ).to receive( :puppet ) do |arg|
673
690
  arg
674
691
  end
675
692
 
676
- expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).exactly( 11 ).times
677
- expect( subject ).to receive( :on ).with( master, "cert --list --all").exactly( 11 ).times.and_return( result )
693
+ expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
694
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).exactly( 11 ).times
695
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').exactly( 11 ).times.and_return( result )
678
696
  expect( subject ).to receive( :fail_test ).once
679
697
 
680
698
  subject.sign_certificate_for( agent )
@@ -690,9 +708,10 @@ describe ClassMixedWithDSLHelpers do
690
708
  arg
691
709
  end
692
710
  expect( subject ).to receive( :on ).with( master, "agent -t", :acceptable_exit_codes => [0, 1, 2]).once
693
- expect( subject ).to receive( :on ).with( master, "cert --allow-dns-alt-names sign master", :acceptable_exit_codes => [0, 24]).once
694
- expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).once
695
- expect( subject ).to receive( :on ).with( master, "cert --list --all").once.and_return( result )
711
+ expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
712
+ expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --certname master").once
713
+ expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --all", :acceptable_exit_codes => [0, 24]).once
714
+ expect( subject ).to receive( :on ).with( master, "puppetserver ca list --all").once.and_return( result )
696
715
 
697
716
  subject.sign_certificate_for( [master, agent, custom] )
698
717
  end
@@ -794,15 +813,27 @@ describe ClassMixedWithDSLHelpers do
794
813
  let(:conf_opts) { {:__commandline_args__ => command_line_args,
795
814
  :is_puppetserver => true}}
796
815
 
797
- let(:default_puppetserver_opts) {{ "jruby-puppet" => {
798
- "master-conf-dir" => default_confdir,
799
- "master-var-dir" => default_vardir,
800
- }}}
801
-
802
- let(:custom_puppetserver_opts) {{ "jruby-puppet" => {
803
- "master-conf-dir" => custom_confdir,
804
- "master-var-dir" => custom_vardir,
805
- }}}
816
+ let(:default_puppetserver_opts) {
817
+ { "jruby-puppet" => {
818
+ "master-conf-dir" => default_confdir,
819
+ "master-var-dir" => default_vardir,
820
+ },
821
+ "certificate-authority" => {
822
+ "allow-subject-alt-names" => true,
823
+ }
824
+ }
825
+ }
826
+
827
+ let(:custom_puppetserver_opts) {
828
+ { "jruby-puppet" => {
829
+ "master-conf-dir" => custom_confdir,
830
+ "master-var-dir" => custom_vardir,
831
+ },
832
+ "certificate-authority" => {
833
+ "allow-subject-alt-names" => true,
834
+ }
835
+ }
836
+ }
806
837
 
807
838
  let(:puppetserver_conf) { "/etc/puppetserver/conf.d/puppetserver.conf" }
808
839
  let(:logger) { double }
@@ -823,8 +854,8 @@ describe ClassMixedWithDSLHelpers do
823
854
 
824
855
  before do
825
856
  stub_post_setup
826
- allow( subject ).to receive( :options) .and_return( {:is_puppetserver => true})
827
- allow( subject ).to receive( :modify_tk_config)
857
+ allow( subject ).to receive(:options).and_return({:is_puppetserver => true})
858
+ allow( subject ).to receive(:modify_tk_config)
828
859
  allow( subject ).to receive(:puppet_config).with(host, 'confdir', anything).and_return(default_confdir)
829
860
  allow( subject ).to receive(:puppet_config).with(host, 'vardir', anything).and_return(default_vardir)
830
861
  allow( subject ).to receive(:puppet_config).with(host, 'config', anything).and_return("#{default_confdir}/puppet.conf")
@@ -834,7 +865,7 @@ describe ClassMixedWithDSLHelpers do
834
865
  it 'checks the option for the host object' do
835
866
  allow( subject ).to receive( :options) .and_return( {:is_puppetserver => false})
836
867
  host[:is_puppetserver] = true
837
- expect( subject ).to receive( :modify_tk_config)
868
+ expect(subject).to receive(:modify_tk_config)
838
869
  subject.with_puppet_running_on(host, conf_opts)
839
870
  end
840
871
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: beaker-puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-09-11 00:00:00.000000000 Z
11
+ date: 2018-09-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec