beaker-puppet 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7e8e07f8616629904fa0d1a0dafb32f81c9c3c68
|
4
|
+
data.tar.gz: 027a86d8fa7512e09769d3c3baadc70d6a52664b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5350380ad4d9901b7a18b7174e9e7ca04494d46ad5148605a349f72016a1bec17a15a56cf75a47a02fe31c26ea024584cb171792585d64a5bb0ec4863c0ca54b
|
7
|
+
data.tar.gz: a30b47610782db0029b33f8514271ca8af9e07785d3436f4bcd0681e0b162a2440e3700d52110b293557052a78c2fc72b0e494620fd778d72abd708845c0aaaa
|
@@ -14,7 +14,7 @@ module Beaker
|
|
14
14
|
# the file specified by path. The returned mode is an integer
|
15
15
|
# value containing only the file mode, excluding the type, e.g
|
16
16
|
# S_IFDIR 0040000
|
17
|
-
def
|
17
|
+
def beaker_stat(host, path)
|
18
18
|
ruby = ruby_command(host)
|
19
19
|
owner = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getpwuid(File.stat(\"#{path}\").uid).name)'").stdout.chomp
|
20
20
|
group = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getgrgid(File.stat(\"#{path}\").gid).name)'").stdout.chomp
|
@@ -24,7 +24,7 @@ module Beaker
|
|
24
24
|
end
|
25
25
|
|
26
26
|
def assert_ownership_permissions(host, location, expected_user, expected_group, expected_permissions)
|
27
|
-
permissions =
|
27
|
+
permissions = beaker_stat(host, location)
|
28
28
|
assert_equal(expected_user, permissions[0], "Owner #{permissions[0]} does not match expected #{expected_user}")
|
29
29
|
assert_equal(expected_group, permissions[1], "Group #{permissions[1]} does not match expected #{expected_group}")
|
30
30
|
assert_equal(expected_permissions, permissions[2], "Permissions #{permissions[2]} does not match expected #{expected_permissions}")
|
@@ -180,10 +180,15 @@ module Beaker
|
|
180
180
|
end
|
181
181
|
end
|
182
182
|
|
183
|
-
puppetserver_opts = {
|
184
|
-
"
|
185
|
-
|
186
|
-
|
183
|
+
puppetserver_opts = {
|
184
|
+
"jruby-puppet" => {
|
185
|
+
"master-conf-dir" => confdir,
|
186
|
+
"master-var-dir" => vardir,
|
187
|
+
},
|
188
|
+
"certificate-authority" => {
|
189
|
+
"allow-subject-alt-names" => true
|
190
|
+
}
|
191
|
+
}
|
187
192
|
|
188
193
|
puppetserver_conf = File.join("#{host['puppetserver-confdir']}", "puppetserver.conf")
|
189
194
|
modify_tk_config(host, puppetserver_conf, puppetserver_opts)
|
@@ -817,29 +822,37 @@ module Beaker
|
|
817
822
|
# @param [Host, Array<Host>, String, Symbol] host One or more hosts, or a role (String or Symbol)
|
818
823
|
# that identifies one or more hosts to validate certificate signing.
|
819
824
|
# No argument, or an empty array means no validation of success
|
820
|
-
# for specific hosts will be performed.
|
821
|
-
# 'cert --sign --all --allow-dns-alt-names' even for a single host.
|
822
|
-
#
|
825
|
+
# for specific hosts will be performed.
|
823
826
|
# @return nil
|
824
827
|
# @raise [FailTest] if process times out
|
825
828
|
def sign_certificate_for(host = [])
|
826
829
|
hostnames = []
|
827
830
|
hosts = host.is_a?(Array) ? host : [host]
|
831
|
+
puppet_version = on(master, puppet('--version'))
|
828
832
|
hosts.each{ |current_host|
|
829
833
|
if [master, dashboard, database].include? current_host
|
830
|
-
|
831
834
|
on current_host, puppet( 'agent -t' ), :acceptable_exit_codes => [0,1,2]
|
832
|
-
on master, puppet( "cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
|
833
835
|
|
836
|
+
if version_is_less(puppet_version, '5.99')
|
837
|
+
on master, puppet("cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
|
838
|
+
else
|
839
|
+
on master, "puppetserver ca sign --certname #{current_host}"
|
840
|
+
end
|
834
841
|
else
|
835
842
|
hostnames << Regexp.escape( current_host.node_name )
|
836
843
|
end
|
837
844
|
}
|
845
|
+
|
838
846
|
if hostnames.size < 1
|
839
|
-
|
847
|
+
if version_is_less(puppet_version, '5.99')
|
848
|
+
on master, puppet("cert --sign --all --allow-dns-alt-names"),
|
840
849
|
:acceptable_exit_codes => [0,24]
|
850
|
+
else
|
851
|
+
on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
|
852
|
+
end
|
841
853
|
return
|
842
854
|
end
|
855
|
+
|
843
856
|
while hostnames.size > 0
|
844
857
|
last_sleep = 0
|
845
858
|
next_sleep = 1
|
@@ -848,11 +861,21 @@ module Beaker
|
|
848
861
|
fail_test("Failed to sign cert for #{hostnames}")
|
849
862
|
hostnames.clear
|
850
863
|
end
|
851
|
-
|
852
|
-
|
853
|
-
|
854
|
-
|
855
|
-
|
864
|
+
|
865
|
+
if version_is_less(puppet_version, '5.99')
|
866
|
+
on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
|
867
|
+
out = on(master, puppet("cert --list --all")).stdout
|
868
|
+
if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
|
869
|
+
hostnames.clear
|
870
|
+
break
|
871
|
+
end
|
872
|
+
else
|
873
|
+
on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
|
874
|
+
out = on(master, 'puppetserver ca list --all').stdout
|
875
|
+
unless out =~ /.*Requested.*/
|
876
|
+
hostnames.clear
|
877
|
+
break
|
878
|
+
end
|
856
879
|
end
|
857
880
|
|
858
881
|
sleep next_sleep
|
@@ -2,6 +2,7 @@ test_name "Validate Sign Cert" do
|
|
2
2
|
skip_test 'not testing with puppetserver' unless @options['is_puppetserver']
|
3
3
|
hostname = on(master, 'facter hostname').stdout.strip
|
4
4
|
fqdn = on(master, 'facter fqdn').stdout.strip
|
5
|
+
puppet_version = on(master, puppet("--version")).stdout
|
5
6
|
|
6
7
|
if master.use_service_scripts?
|
7
8
|
step "Ensure puppet is stopped"
|
@@ -24,7 +25,11 @@ test_name "Validate Sign Cert" do
|
|
24
25
|
:dns_alt_names => "puppet,#{hostname},#{fqdn}",
|
25
26
|
},
|
26
27
|
}
|
27
|
-
|
28
|
+
|
29
|
+
# In Puppet 6, we want to be using an intermediate CA
|
30
|
+
unless version_is_less(puppet_version, "5.99")
|
31
|
+
on master, 'puppetserver ca setup'
|
32
|
+
end
|
28
33
|
with_puppet_running_on(master, master_opts) do
|
29
34
|
agents.each do |agent|
|
30
35
|
next if agent == master
|
@@ -35,7 +40,11 @@ test_name "Validate Sign Cert" do
|
|
35
40
|
|
36
41
|
# Sign all waiting agent certs
|
37
42
|
step "Server: sign all agent certs"
|
38
|
-
|
43
|
+
if version_is_less(puppet_version, "5.99")
|
44
|
+
on master, puppet("cert sign --all"), :acceptable_exit_codes => [0, 24]
|
45
|
+
else
|
46
|
+
on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
|
47
|
+
end
|
39
48
|
|
40
49
|
step "Agents: Run agent --test second time to obtain signed cert"
|
41
50
|
on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2]
|
@@ -648,7 +648,7 @@ describe ClassMixedWithDSLHelpers do
|
|
648
648
|
end
|
649
649
|
end
|
650
650
|
|
651
|
-
it 'signs certs' do
|
651
|
+
it 'signs certs with `puppetserver ca` in Puppet 6' do
|
652
652
|
allow( subject ).to receive( :sleep ).and_return( true )
|
653
653
|
|
654
654
|
result.stdout = "+ \"#{agent}\""
|
@@ -657,8 +657,25 @@ describe ClassMixedWithDSLHelpers do
|
|
657
657
|
arg
|
658
658
|
end
|
659
659
|
|
660
|
-
expect( subject ).to receive( :on ).with( master,
|
661
|
-
expect( subject ).to receive( :on ).with( master,
|
660
|
+
expect( subject ).to receive( :on ).with( master, '--version').once.and_return("6.0.0")
|
661
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).once
|
662
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').once.and_return( result )
|
663
|
+
|
664
|
+
subject.sign_certificate_for( agent )
|
665
|
+
end
|
666
|
+
|
667
|
+
it 'signs certs with `puppet cert` in Puppet 5' do
|
668
|
+
allow( subject ).to receive( :sleep ).and_return( true )
|
669
|
+
|
670
|
+
result.stdout = "+ \"#{agent}\""
|
671
|
+
|
672
|
+
allow( subject ).to receive( :puppet ) do |arg|
|
673
|
+
arg
|
674
|
+
end
|
675
|
+
|
676
|
+
expect( subject ).to receive( :on ).with( master, '--version').once.and_return("5.0.0")
|
677
|
+
expect( subject ).to receive( :on ).with( master, 'cert --sign --all --allow-dns-alt-names', :acceptable_exit_codes => [0, 24]).once
|
678
|
+
expect( subject ).to receive( :on ).with( master, 'cert --list --all').once.and_return( result )
|
662
679
|
|
663
680
|
subject.sign_certificate_for( agent )
|
664
681
|
end
|
@@ -666,15 +683,16 @@ describe ClassMixedWithDSLHelpers do
|
|
666
683
|
it 'retries 11 times before quitting' do
|
667
684
|
allow( subject ).to receive( :sleep ).and_return( true )
|
668
685
|
|
669
|
-
result.stdout = " \"#{agent}\""
|
686
|
+
result.stdout = "Requested Certificates: \"#{agent}\""
|
670
687
|
allow( subject ).to receive( :hosts ).and_return( hosts )
|
671
688
|
|
672
689
|
allow( subject ).to receive( :puppet ) do |arg|
|
673
690
|
arg
|
674
691
|
end
|
675
692
|
|
676
|
-
expect( subject ).to receive( :on ).with( master, "
|
677
|
-
expect( subject ).to receive( :on ).with( master,
|
693
|
+
expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
|
694
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).exactly( 11 ).times
|
695
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').exactly( 11 ).times.and_return( result )
|
678
696
|
expect( subject ).to receive( :fail_test ).once
|
679
697
|
|
680
698
|
subject.sign_certificate_for( agent )
|
@@ -690,9 +708,10 @@ describe ClassMixedWithDSLHelpers do
|
|
690
708
|
arg
|
691
709
|
end
|
692
710
|
expect( subject ).to receive( :on ).with( master, "agent -t", :acceptable_exit_codes => [0, 1, 2]).once
|
693
|
-
expect( subject ).to receive( :on ).with( master, "
|
694
|
-
expect( subject ).to receive( :on ).with( master, "
|
695
|
-
expect( subject ).to receive( :on ).with( master, "
|
711
|
+
expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
|
712
|
+
expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --certname master").once
|
713
|
+
expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --all", :acceptable_exit_codes => [0, 24]).once
|
714
|
+
expect( subject ).to receive( :on ).with( master, "puppetserver ca list --all").once.and_return( result )
|
696
715
|
|
697
716
|
subject.sign_certificate_for( [master, agent, custom] )
|
698
717
|
end
|
@@ -794,15 +813,27 @@ describe ClassMixedWithDSLHelpers do
|
|
794
813
|
let(:conf_opts) { {:__commandline_args__ => command_line_args,
|
795
814
|
:is_puppetserver => true}}
|
796
815
|
|
797
|
-
let(:default_puppetserver_opts) {
|
798
|
-
"
|
799
|
-
|
800
|
-
|
801
|
-
|
802
|
-
|
803
|
-
|
804
|
-
|
805
|
-
|
816
|
+
let(:default_puppetserver_opts) {
|
817
|
+
{ "jruby-puppet" => {
|
818
|
+
"master-conf-dir" => default_confdir,
|
819
|
+
"master-var-dir" => default_vardir,
|
820
|
+
},
|
821
|
+
"certificate-authority" => {
|
822
|
+
"allow-subject-alt-names" => true,
|
823
|
+
}
|
824
|
+
}
|
825
|
+
}
|
826
|
+
|
827
|
+
let(:custom_puppetserver_opts) {
|
828
|
+
{ "jruby-puppet" => {
|
829
|
+
"master-conf-dir" => custom_confdir,
|
830
|
+
"master-var-dir" => custom_vardir,
|
831
|
+
},
|
832
|
+
"certificate-authority" => {
|
833
|
+
"allow-subject-alt-names" => true,
|
834
|
+
}
|
835
|
+
}
|
836
|
+
}
|
806
837
|
|
807
838
|
let(:puppetserver_conf) { "/etc/puppetserver/conf.d/puppetserver.conf" }
|
808
839
|
let(:logger) { double }
|
@@ -823,8 +854,8 @@ describe ClassMixedWithDSLHelpers do
|
|
823
854
|
|
824
855
|
before do
|
825
856
|
stub_post_setup
|
826
|
-
allow( subject ).to receive(
|
827
|
-
allow( subject ).to receive(
|
857
|
+
allow( subject ).to receive(:options).and_return({:is_puppetserver => true})
|
858
|
+
allow( subject ).to receive(:modify_tk_config)
|
828
859
|
allow( subject ).to receive(:puppet_config).with(host, 'confdir', anything).and_return(default_confdir)
|
829
860
|
allow( subject ).to receive(:puppet_config).with(host, 'vardir', anything).and_return(default_vardir)
|
830
861
|
allow( subject ).to receive(:puppet_config).with(host, 'config', anything).and_return("#{default_confdir}/puppet.conf")
|
@@ -834,7 +865,7 @@ describe ClassMixedWithDSLHelpers do
|
|
834
865
|
it 'checks the option for the host object' do
|
835
866
|
allow( subject ).to receive( :options) .and_return( {:is_puppetserver => false})
|
836
867
|
host[:is_puppetserver] = true
|
837
|
-
expect(
|
868
|
+
expect(subject).to receive(:modify_tk_config)
|
838
869
|
subject.with_puppet_running_on(host, conf_opts)
|
839
870
|
end
|
840
871
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: beaker-puppet
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-09-
|
11
|
+
date: 2018-09-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|