beaker-puppet 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 45a8dfa4bb241b997e60986c8896160470a637d8
4
- data.tar.gz: 17f813f9d4d3fcf09a61d4565623b8fd2e08f958
3
+ metadata.gz: 7e8e07f8616629904fa0d1a0dafb32f81c9c3c68
4
+ data.tar.gz: 027a86d8fa7512e09769d3c3baadc70d6a52664b
5
5
  SHA512:
6
- metadata.gz: 61950830eb26571e505889c2d993abdc6394b4e883e5c231acf644b9dba52c6e594bc01b58cfe13605f293fdf1f66bf4a3a6c3c28ffc7ffffc35275c8e55007c
7
- data.tar.gz: 8596699dbe70b8144a11978d461587fbb69dec600e0f52adff7d4a6f9931def1cb5cb4efae77bf0baa34366003cf40cce9de82b182371661e89e581277fcc40d
6
+ metadata.gz: 5350380ad4d9901b7a18b7174e9e7ca04494d46ad5148605a349f72016a1bec17a15a56cf75a47a02fe31c26ea024584cb171792585d64a5bb0ec4863c0ca54b
7
+ data.tar.gz: a30b47610782db0029b33f8514271ca8af9e07785d3436f4bcd0681e0b162a2440e3700d52110b293557052a78c2fc72b0e494620fd778d72abd708845c0aaaa
@@ -14,7 +14,7 @@ module Beaker
14
14
  # the file specified by path. The returned mode is an integer
15
15
  # value containing only the file mode, excluding the type, e.g
16
16
  # S_IFDIR 0040000
17
- def stat(host, path)
17
+ def beaker_stat(host, path)
18
18
  ruby = ruby_command(host)
19
19
  owner = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getpwuid(File.stat(\"#{path}\").uid).name)'").stdout.chomp
20
20
  group = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getgrgid(File.stat(\"#{path}\").gid).name)'").stdout.chomp
@@ -24,7 +24,7 @@ module Beaker
24
24
  end
25
25
 
26
26
  def assert_ownership_permissions(host, location, expected_user, expected_group, expected_permissions)
27
- permissions = stat(host, location)
27
+ permissions = beaker_stat(host, location)
28
28
  assert_equal(expected_user, permissions[0], "Owner #{permissions[0]} does not match expected #{expected_user}")
29
29
  assert_equal(expected_group, permissions[1], "Group #{permissions[1]} does not match expected #{expected_group}")
30
30
  assert_equal(expected_permissions, permissions[2], "Permissions #{permissions[2]} does not match expected #{expected_permissions}")
@@ -180,10 +180,15 @@ module Beaker
180
180
  end
181
181
  end
182
182
 
183
- puppetserver_opts = { "jruby-puppet" => {
184
- "master-conf-dir" => confdir,
185
- "master-var-dir" => vardir,
186
- }}
183
+ puppetserver_opts = {
184
+ "jruby-puppet" => {
185
+ "master-conf-dir" => confdir,
186
+ "master-var-dir" => vardir,
187
+ },
188
+ "certificate-authority" => {
189
+ "allow-subject-alt-names" => true
190
+ }
191
+ }
187
192
 
188
193
  puppetserver_conf = File.join("#{host['puppetserver-confdir']}", "puppetserver.conf")
189
194
  modify_tk_config(host, puppetserver_conf, puppetserver_opts)
@@ -817,29 +822,37 @@ module Beaker
817
822
  # @param [Host, Array<Host>, String, Symbol] host One or more hosts, or a role (String or Symbol)
818
823
  # that identifies one or more hosts to validate certificate signing.
819
824
  # No argument, or an empty array means no validation of success
820
- # for specific hosts will be performed. This will always execute
821
- # 'cert --sign --all --allow-dns-alt-names' even for a single host.
822
- #
825
+ # for specific hosts will be performed.
823
826
  # @return nil
824
827
  # @raise [FailTest] if process times out
825
828
  def sign_certificate_for(host = [])
826
829
  hostnames = []
827
830
  hosts = host.is_a?(Array) ? host : [host]
831
+ puppet_version = on(master, puppet('--version'))
828
832
  hosts.each{ |current_host|
829
833
  if [master, dashboard, database].include? current_host
830
-
831
834
  on current_host, puppet( 'agent -t' ), :acceptable_exit_codes => [0,1,2]
832
- on master, puppet( "cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
833
835
 
836
+ if version_is_less(puppet_version, '5.99')
837
+ on master, puppet("cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
838
+ else
839
+ on master, "puppetserver ca sign --certname #{current_host}"
840
+ end
834
841
  else
835
842
  hostnames << Regexp.escape( current_host.node_name )
836
843
  end
837
844
  }
845
+
838
846
  if hostnames.size < 1
839
- on master, puppet("cert --sign --all --allow-dns-alt-names"),
847
+ if version_is_less(puppet_version, '5.99')
848
+ on master, puppet("cert --sign --all --allow-dns-alt-names"),
840
849
  :acceptable_exit_codes => [0,24]
850
+ else
851
+ on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
852
+ end
841
853
  return
842
854
  end
855
+
843
856
  while hostnames.size > 0
844
857
  last_sleep = 0
845
858
  next_sleep = 1
@@ -848,11 +861,21 @@ module Beaker
848
861
  fail_test("Failed to sign cert for #{hostnames}")
849
862
  hostnames.clear
850
863
  end
851
- on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
852
- out = on(master, puppet("cert --list --all")).stdout
853
- if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
854
- hostnames.clear
855
- break
864
+
865
+ if version_is_less(puppet_version, '5.99')
866
+ on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
867
+ out = on(master, puppet("cert --list --all")).stdout
868
+ if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
869
+ hostnames.clear
870
+ break
871
+ end
872
+ else
873
+ on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
874
+ out = on(master, 'puppetserver ca list --all').stdout
875
+ unless out =~ /.*Requested.*/
876
+ hostnames.clear
877
+ break
878
+ end
856
879
  end
857
880
 
858
881
  sleep next_sleep
@@ -1,3 +1,3 @@
1
1
  module BeakerPuppet
2
- VERSION = '1.3.0'
2
+ VERSION = '1.4.0'
3
3
  end
@@ -2,6 +2,7 @@ test_name "Validate Sign Cert" do
2
2
  skip_test 'not testing with puppetserver' unless @options['is_puppetserver']
3
3
  hostname = on(master, 'facter hostname').stdout.strip
4
4
  fqdn = on(master, 'facter fqdn').stdout.strip
5
+ puppet_version = on(master, puppet("--version")).stdout
5
6
 
6
7
  if master.use_service_scripts?
7
8
  step "Ensure puppet is stopped"
@@ -24,7 +25,11 @@ test_name "Validate Sign Cert" do
24
25
  :dns_alt_names => "puppet,#{hostname},#{fqdn}",
25
26
  },
26
27
  }
27
- # server will generate the CA and server certs when it starts
28
+
29
+ # In Puppet 6, we want to be using an intermediate CA
30
+ unless version_is_less(puppet_version, "5.99")
31
+ on master, 'puppetserver ca setup'
32
+ end
28
33
  with_puppet_running_on(master, master_opts) do
29
34
  agents.each do |agent|
30
35
  next if agent == master
@@ -35,7 +40,11 @@ test_name "Validate Sign Cert" do
35
40
 
36
41
  # Sign all waiting agent certs
37
42
  step "Server: sign all agent certs"
38
- on master, puppet("cert --sign --all"), :acceptable_exit_codes => [0,24]
43
+ if version_is_less(puppet_version, "5.99")
44
+ on master, puppet("cert sign --all"), :acceptable_exit_codes => [0, 24]
45
+ else
46
+ on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
47
+ end
39
48
 
40
49
  step "Agents: Run agent --test second time to obtain signed cert"
41
50
  on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2]
@@ -648,7 +648,7 @@ describe ClassMixedWithDSLHelpers do
648
648
  end
649
649
  end
650
650
 
651
- it 'signs certs' do
651
+ it 'signs certs with `puppetserver ca` in Puppet 6' do
652
652
  allow( subject ).to receive( :sleep ).and_return( true )
653
653
 
654
654
  result.stdout = "+ \"#{agent}\""
@@ -657,8 +657,25 @@ describe ClassMixedWithDSLHelpers do
657
657
  arg
658
658
  end
659
659
 
660
- expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).once
661
- expect( subject ).to receive( :on ).with( master, "cert --list --all").once.and_return( result )
660
+ expect( subject ).to receive( :on ).with( master, '--version').once.and_return("6.0.0")
661
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).once
662
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').once.and_return( result )
663
+
664
+ subject.sign_certificate_for( agent )
665
+ end
666
+
667
+ it 'signs certs with `puppet cert` in Puppet 5' do
668
+ allow( subject ).to receive( :sleep ).and_return( true )
669
+
670
+ result.stdout = "+ \"#{agent}\""
671
+
672
+ allow( subject ).to receive( :puppet ) do |arg|
673
+ arg
674
+ end
675
+
676
+ expect( subject ).to receive( :on ).with( master, '--version').once.and_return("5.0.0")
677
+ expect( subject ).to receive( :on ).with( master, 'cert --sign --all --allow-dns-alt-names', :acceptable_exit_codes => [0, 24]).once
678
+ expect( subject ).to receive( :on ).with( master, 'cert --list --all').once.and_return( result )
662
679
 
663
680
  subject.sign_certificate_for( agent )
664
681
  end
@@ -666,15 +683,16 @@ describe ClassMixedWithDSLHelpers do
666
683
  it 'retries 11 times before quitting' do
667
684
  allow( subject ).to receive( :sleep ).and_return( true )
668
685
 
669
- result.stdout = " \"#{agent}\""
686
+ result.stdout = "Requested Certificates: \"#{agent}\""
670
687
  allow( subject ).to receive( :hosts ).and_return( hosts )
671
688
 
672
689
  allow( subject ).to receive( :puppet ) do |arg|
673
690
  arg
674
691
  end
675
692
 
676
- expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).exactly( 11 ).times
677
- expect( subject ).to receive( :on ).with( master, "cert --list --all").exactly( 11 ).times.and_return( result )
693
+ expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
694
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).exactly( 11 ).times
695
+ expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').exactly( 11 ).times.and_return( result )
678
696
  expect( subject ).to receive( :fail_test ).once
679
697
 
680
698
  subject.sign_certificate_for( agent )
@@ -690,9 +708,10 @@ describe ClassMixedWithDSLHelpers do
690
708
  arg
691
709
  end
692
710
  expect( subject ).to receive( :on ).with( master, "agent -t", :acceptable_exit_codes => [0, 1, 2]).once
693
- expect( subject ).to receive( :on ).with( master, "cert --allow-dns-alt-names sign master", :acceptable_exit_codes => [0, 24]).once
694
- expect( subject ).to receive( :on ).with( master, "cert --sign --all --allow-dns-alt-names", :acceptable_exit_codes => [0,24]).once
695
- expect( subject ).to receive( :on ).with( master, "cert --list --all").once.and_return( result )
711
+ expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
712
+ expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --certname master").once
713
+ expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --all", :acceptable_exit_codes => [0, 24]).once
714
+ expect( subject ).to receive( :on ).with( master, "puppetserver ca list --all").once.and_return( result )
696
715
 
697
716
  subject.sign_certificate_for( [master, agent, custom] )
698
717
  end
@@ -794,15 +813,27 @@ describe ClassMixedWithDSLHelpers do
794
813
  let(:conf_opts) { {:__commandline_args__ => command_line_args,
795
814
  :is_puppetserver => true}}
796
815
 
797
- let(:default_puppetserver_opts) {{ "jruby-puppet" => {
798
- "master-conf-dir" => default_confdir,
799
- "master-var-dir" => default_vardir,
800
- }}}
801
-
802
- let(:custom_puppetserver_opts) {{ "jruby-puppet" => {
803
- "master-conf-dir" => custom_confdir,
804
- "master-var-dir" => custom_vardir,
805
- }}}
816
+ let(:default_puppetserver_opts) {
817
+ { "jruby-puppet" => {
818
+ "master-conf-dir" => default_confdir,
819
+ "master-var-dir" => default_vardir,
820
+ },
821
+ "certificate-authority" => {
822
+ "allow-subject-alt-names" => true,
823
+ }
824
+ }
825
+ }
826
+
827
+ let(:custom_puppetserver_opts) {
828
+ { "jruby-puppet" => {
829
+ "master-conf-dir" => custom_confdir,
830
+ "master-var-dir" => custom_vardir,
831
+ },
832
+ "certificate-authority" => {
833
+ "allow-subject-alt-names" => true,
834
+ }
835
+ }
836
+ }
806
837
 
807
838
  let(:puppetserver_conf) { "/etc/puppetserver/conf.d/puppetserver.conf" }
808
839
  let(:logger) { double }
@@ -823,8 +854,8 @@ describe ClassMixedWithDSLHelpers do
823
854
 
824
855
  before do
825
856
  stub_post_setup
826
- allow( subject ).to receive( :options) .and_return( {:is_puppetserver => true})
827
- allow( subject ).to receive( :modify_tk_config)
857
+ allow( subject ).to receive(:options).and_return({:is_puppetserver => true})
858
+ allow( subject ).to receive(:modify_tk_config)
828
859
  allow( subject ).to receive(:puppet_config).with(host, 'confdir', anything).and_return(default_confdir)
829
860
  allow( subject ).to receive(:puppet_config).with(host, 'vardir', anything).and_return(default_vardir)
830
861
  allow( subject ).to receive(:puppet_config).with(host, 'config', anything).and_return("#{default_confdir}/puppet.conf")
@@ -834,7 +865,7 @@ describe ClassMixedWithDSLHelpers do
834
865
  it 'checks the option for the host object' do
835
866
  allow( subject ).to receive( :options) .and_return( {:is_puppetserver => false})
836
867
  host[:is_puppetserver] = true
837
- expect( subject ).to receive( :modify_tk_config)
868
+ expect(subject).to receive(:modify_tk_config)
838
869
  subject.with_puppet_running_on(host, conf_opts)
839
870
  end
840
871
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: beaker-puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-09-11 00:00:00.000000000 Z
11
+ date: 2018-09-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec