beaker-puppet 1.3.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 45a8dfa4bb241b997e60986c8896160470a637d8
-  data.tar.gz: 17f813f9d4d3fcf09a61d4565623b8fd2e08f958
+  metadata.gz: 7e8e07f8616629904fa0d1a0dafb32f81c9c3c68
+  data.tar.gz: 027a86d8fa7512e09769d3c3baadc70d6a52664b
 SHA512:
-  metadata.gz: 61950830eb26571e505889c2d993abdc6394b4e883e5c231acf644b9dba52c6e594bc01b58cfe13605f293fdf1f66bf4a3a6c3c28ffc7ffffc35275c8e55007c
-  data.tar.gz: 8596699dbe70b8144a11978d461587fbb69dec600e0f52adff7d4a6f9931def1cb5cb4efae77bf0baa34366003cf40cce9de82b182371661e89e581277fcc40d
+  metadata.gz: 5350380ad4d9901b7a18b7174e9e7ca04494d46ad5148605a349f72016a1bec17a15a56cf75a47a02fe31c26ea024584cb171792585d64a5bb0ec4863c0ca54b
+  data.tar.gz: a30b47610782db0029b33f8514271ca8af9e07785d3436f4bcd0681e0b162a2440e3700d52110b293557052a78c2fc72b0e494620fd778d72abd708845c0aaaa

data/lib/beaker-puppet/helpers/host_helpers.rb

@@ -14,7 +14,7 @@ module Beaker
         # the file specified by path. The returned mode is an integer
         # value containing only the file mode, excluding the type, e.g
         # S_IFDIR 0040000
-        def stat(host, path)
+        def beaker_stat(host, path)
           ruby = ruby_command(host)
           owner = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getpwuid(File.stat(\"#{path}\").uid).name)'").stdout.chomp
           group = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getgrgid(File.stat(\"#{path}\").gid).name)'").stdout.chomp
@@ -24,7 +24,7 @@ module Beaker
         end
 
         def assert_ownership_permissions(host, location, expected_user, expected_group, expected_permissions)
-          permissions = stat(host, location)
+          permissions = beaker_stat(host, location)
           assert_equal(expected_user, permissions[0], "Owner #{permissions[0]} does not match expected #{expected_user}")
           assert_equal(expected_group, permissions[1], "Group #{permissions[1]} does not match expected #{expected_group}")
           assert_equal(expected_permissions, permissions[2], "Permissions  #{permissions[2]} does not match expected #{expected_permissions}")

data/lib/beaker-puppet/helpers/puppet_helpers.rb

@@ -180,10 +180,15 @@ module Beaker
               end
             end
 
-            puppetserver_opts = { "jruby-puppet" => {
-              "master-conf-dir" => confdir,
-              "master-var-dir" => vardir,
-            }}
+            puppetserver_opts = {
+              "jruby-puppet" => {
+                "master-conf-dir" => confdir,
+                "master-var-dir" => vardir,
+              },
+              "certificate-authority" => {
+                "allow-subject-alt-names" => true
+              }
+            }
 
             puppetserver_conf = File.join("#{host['puppetserver-confdir']}", "puppetserver.conf")
             modify_tk_config(host, puppetserver_conf, puppetserver_opts)
@@ -817,29 +822,37 @@ module Beaker
         # @param [Host, Array<Host>, String, Symbol] host   One or more hosts, or a role (String or Symbol)
         #                            that identifies one or more hosts to validate certificate signing.
         #                            No argument, or an empty array means no validation of success
-        #                            for specific hosts will be performed. This will always execute
-        #                            'cert --sign --all --allow-dns-alt-names' even for a single host.
-        #
+        #                            for specific hosts will be performed.
         # @return nil
         # @raise [FailTest] if process times out
         def sign_certificate_for(host = [])
           hostnames = []
           hosts = host.is_a?(Array) ? host : [host]
+          puppet_version = on(master, puppet('--version'))
           hosts.each{ |current_host|
             if [master, dashboard, database].include? current_host
-
               on current_host, puppet( 'agent -t' ), :acceptable_exit_codes => [0,1,2]
-              on master, puppet( "cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
 
+              if version_is_less(puppet_version, '5.99')
+                on master, puppet("cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
+              else
+                on master, "puppetserver ca sign --certname #{current_host}"
+              end
             else
               hostnames << Regexp.escape( current_host.node_name )
             end
           }
+
           if hostnames.size < 1
-            on master, puppet("cert --sign --all --allow-dns-alt-names"),
+            if version_is_less(puppet_version, '5.99')
+              on master, puppet("cert --sign --all --allow-dns-alt-names"),
                :acceptable_exit_codes => [0,24]
+            else
+              on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
+            end
             return
           end
+
           while hostnames.size > 0
             last_sleep = 0
             next_sleep = 1
@@ -848,11 +861,21 @@ module Beaker
                 fail_test("Failed to sign cert for #{hostnames}")
                 hostnames.clear
               end
-              on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
-              out = on(master, puppet("cert --list --all")).stdout
-              if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
-                hostnames.clear
-                break
+
+              if version_is_less(puppet_version, '5.99')
+                on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
+                out = on(master, puppet("cert --list --all")).stdout
+                if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
+                  hostnames.clear
+                  break
+                end
+              else
+                on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
+                out = on(master, 'puppetserver ca list --all').stdout
+                unless out =~ /.*Requested.*/
+                  hostnames.clear
+                  break
+                end
               end
 
               sleep next_sleep

data/lib/beaker-puppet/version.rb

@@ -1,3 +1,3 @@
 module BeakerPuppet
-  VERSION = '1.3.0'
+  VERSION = '1.4.0'
 end

data/setup/common/040_ValidateSignCert.rb

@@ -2,6 +2,7 @@ test_name "Validate Sign Cert" do
   skip_test 'not testing with puppetserver' unless @options['is_puppetserver']
   hostname = on(master, 'facter hostname').stdout.strip
   fqdn = on(master, 'facter fqdn').stdout.strip
+  puppet_version = on(master, puppet("--version")).stdout
 
   if master.use_service_scripts?
     step "Ensure puppet is stopped"
@@ -24,7 +25,11 @@ test_name "Validate Sign Cert" do
         :dns_alt_names => "puppet,#{hostname},#{fqdn}",
       },
     }
-    # server will generate the CA and server certs when it starts
+
+    # In Puppet 6, we want to be using an intermediate CA
+    unless version_is_less(puppet_version, "5.99")
+      on master, 'puppetserver ca setup'
+    end
     with_puppet_running_on(master, master_opts) do
       agents.each do |agent|
         next if agent == master
@@ -35,7 +40,11 @@ test_name "Validate Sign Cert" do
 
       # Sign all waiting agent certs
       step "Server: sign all agent certs"
-      on master, puppet("cert --sign --all"), :acceptable_exit_codes => [0,24]
+      if version_is_less(puppet_version, "5.99")
+        on master, puppet("cert sign --all"), :acceptable_exit_codes => [0, 24]
+      else
+        on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
+      end
 
       step "Agents: Run agent --test second time to obtain signed cert"
       on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2]

data/spec/beaker-puppet/helpers/puppet_helpers_spec.rb

@@ -648,7 +648,7 @@ describe ClassMixedWithDSLHelpers do
       end
     end
 
-    it 'signs certs' do
+    it 'signs certs with `puppetserver ca` in Puppet 6' do
       allow( subject ).to receive( :sleep ).and_return( true )
 
       result.stdout = "+ \"#{agent}\""
@@ -657,8 +657,25 @@ describe ClassMixedWithDSLHelpers do
         arg
       end
 
-      expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).once
-      expect( subject ).to receive( :on ).with( master, "cert --list --all").once.and_return( result )
+      expect( subject ).to receive( :on ).with( master, '--version').once.and_return("6.0.0")
+      expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).once
+      expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').once.and_return( result )
+
+      subject.sign_certificate_for( agent )
+    end
+
+    it 'signs certs with `puppet cert` in Puppet 5' do
+      allow( subject ).to receive( :sleep ).and_return( true )
+
+      result.stdout = "+ \"#{agent}\""
+
+      allow( subject ).to receive( :puppet ) do |arg|
+        arg
+      end
+
+      expect( subject ).to receive( :on ).with( master, '--version').once.and_return("5.0.0")
+      expect( subject ).to receive( :on ).with( master, 'cert --sign --all --allow-dns-alt-names', :acceptable_exit_codes => [0, 24]).once
+      expect( subject ).to receive( :on ).with( master, 'cert --list --all').once.and_return( result )
 
       subject.sign_certificate_for( agent )
     end
@@ -666,15 +683,16 @@ describe ClassMixedWithDSLHelpers do
     it 'retries 11 times before quitting' do
       allow( subject ).to receive( :sleep ).and_return( true )
 
-      result.stdout = " \"#{agent}\""
+      result.stdout = "Requested Certificates: \"#{agent}\""
       allow( subject ).to receive( :hosts ).and_return( hosts )
 
       allow( subject ).to receive( :puppet ) do |arg|
         arg
       end
 
-      expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).exactly( 11 ).times
-      expect( subject ).to receive( :on ).with( master, "cert --list --all").exactly( 11 ).times.and_return( result )
+      expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
+      expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).exactly( 11 ).times
+      expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').exactly( 11 ).times.and_return( result )
       expect( subject ).to receive( :fail_test ).once
 
       subject.sign_certificate_for( agent )
@@ -690,9 +708,10 @@ describe ClassMixedWithDSLHelpers do
         arg
       end
       expect( subject ).to receive( :on ).with( master, "agent -t", :acceptable_exit_codes => [0, 1, 2]).once
-      expect( subject ).to receive( :on ).with( master, "cert --allow-dns-alt-names sign master", :acceptable_exit_codes => [0, 24]).once
-      expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).once
-      expect( subject ).to receive( :on ).with( master, "cert --list --all").once.and_return( result )
+      expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
+      expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --certname master").once
+      expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --all", :acceptable_exit_codes => [0, 24]).once
+      expect( subject ).to receive( :on ).with( master, "puppetserver ca list --all").once.and_return( result )
 
       subject.sign_certificate_for( [master, agent, custom] )
     end
@@ -794,15 +813,27 @@ describe ClassMixedWithDSLHelpers do
       let(:conf_opts) { {:__commandline_args__ => command_line_args,
                          :is_puppetserver => true}}
 
-      let(:default_puppetserver_opts) {{ "jruby-puppet" => {
-        "master-conf-dir" => default_confdir,
-        "master-var-dir" => default_vardir,
-      }}}
-
-      let(:custom_puppetserver_opts) {{ "jruby-puppet" => {
-        "master-conf-dir" => custom_confdir,
-        "master-var-dir" => custom_vardir,
-      }}}
+      let(:default_puppetserver_opts) {
+        { "jruby-puppet" => {
+            "master-conf-dir" => default_confdir,
+            "master-var-dir" => default_vardir,
+          },
+          "certificate-authority" => {
+            "allow-subject-alt-names" => true,
+          }
+        }
+      }
+
+      let(:custom_puppetserver_opts) {
+        { "jruby-puppet" => {
+            "master-conf-dir" => custom_confdir,
+            "master-var-dir" => custom_vardir,
+          },
+          "certificate-authority" => {
+            "allow-subject-alt-names" => true,
+          }
+        }
+      }
 
       let(:puppetserver_conf) { "/etc/puppetserver/conf.d/puppetserver.conf" }
       let(:logger) { double }
@@ -823,8 +854,8 @@ describe ClassMixedWithDSLHelpers do
 
       before do
         stub_post_setup
-        allow( subject ).to receive( :options) .and_return( {:is_puppetserver => true})
-        allow( subject ).to receive( :modify_tk_config)
+        allow( subject ).to receive(:options).and_return({:is_puppetserver => true})
+        allow( subject ).to receive(:modify_tk_config)
         allow( subject ).to receive(:puppet_config).with(host, 'confdir', anything).and_return(default_confdir)
         allow( subject ).to receive(:puppet_config).with(host, 'vardir', anything).and_return(default_vardir)
         allow( subject ).to receive(:puppet_config).with(host, 'config', anything).and_return("#{default_confdir}/puppet.conf")
@@ -834,7 +865,7 @@ describe ClassMixedWithDSLHelpers do
         it 'checks the option for the host object' do
           allow( subject ).to receive( :options) .and_return( {:is_puppetserver => false})
           host[:is_puppetserver] = true
-          expect( subject ).to receive( :modify_tk_config)
+          expect(subject).to receive(:modify_tk_config)
           subject.with_puppet_running_on(host, conf_opts)
         end
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: beaker-puppet
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-11 00:00:00.000000000 Z
+date: 2018-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec