mcollective-client 2.5.2 → 2.5.3

Sign up to get free protection for your applications and to get access to all the features.
data/lib/mcollective.rb CHANGED
@@ -59,7 +59,7 @@ module MCollective
59
59
 
60
60
  MCollective::Vendor.load_vendored
61
61
 
62
- VERSION="2.5.2"
62
+ VERSION="2.5.3"
63
63
 
64
64
  def self.version
65
65
  VERSION
@@ -0,0 +1,165 @@
1
+ #!/usr/bin/env rspec
2
+
3
+ require 'spec_helper'
4
+ require File.dirname(__FILE__) + '/../../../../../plugins/mcollective/security/aes_security.rb'
5
+
6
+ module MCollective
7
+ module Security
8
+ # Clear the PluginManager so that security plugin tests do not conflict
9
+ PluginManager.clear
10
+ describe Aes_security do
11
+ let(:pluginconf) do
12
+ {"aes.client_cert_dir" => "testing"}
13
+ end
14
+
15
+ let(:config) do
16
+ conf = mock
17
+ conf.stubs(:identity).returns("test")
18
+ conf.stubs(:configured).returns(true)
19
+ conf.stubs(:pluginconf).returns(pluginconf)
20
+ conf
21
+ end
22
+
23
+ let(:plugin) do
24
+ Aes_security.new
25
+ end
26
+
27
+ let(:msg) do
28
+ m = mock
29
+ m.stubs(:payload)
30
+ m
31
+ end
32
+
33
+ before :each do
34
+ stats = mock("stats")
35
+ MCollective::PluginManager << {:type => "global_stats", :class => stats}
36
+ MCollective::Config.stubs("instance").returns(config)
37
+ MCollective::Log.stubs(:debug)
38
+ MCollective::Log.stubs(:warn)
39
+ end
40
+
41
+ describe "#decodemsg" do
42
+ let(:body) do
43
+ {:sslpubkey => "ssl_public_key",
44
+ :callerid => "cert=testing",
45
+ :requestid => 1}
46
+ end
47
+
48
+ before :each do
49
+ pluginconf["aes.learn_pubkeys"] = "1"
50
+ plugin.stubs(:should_process_msg?)
51
+ plugin.stubs(:deserialize).returns(body)
52
+ plugin.stubs(:decrypt)
53
+ plugin.stubs(:deserialize).returns(body)
54
+ plugin.stubs(:update_secure_property)
55
+ end
56
+
57
+ it "should not learn the public key if the key has not been passed" do
58
+ body.delete(:sslpubkey)
59
+ plugin.decodemsg(msg)
60
+ File.expects(:exist?).never
61
+ File.expects(:open).never
62
+ end
63
+
64
+ it "should not learn the public key if keyfile is present on disk" do
65
+ File.expects(:exist?).with("testing/testing.pem").returns(true)
66
+ File.expects(:open).never
67
+ plugin.decodemsg(msg)
68
+ end
69
+
70
+ it "should not learn the key if there is no ca_cert and insecure_learning is false" do
71
+ File.expects(:exist?).returns(false)
72
+ Log.expects(:warn).with() do |msg|
73
+ msg =~ /No CA certificate specified/
74
+ end
75
+ expect {
76
+ plugin.decodemsg(msg)
77
+ }.to raise_error SecurityValidationFailed
78
+ end
79
+
80
+ it "should not learn the key if the cert cannot be verified against the CA" do
81
+ File.expects(:exist?).returns(false)
82
+ pluginconf["aes.ca_cert"] = "ca_cert"
83
+ plugin.expects(:validate_certificate).with("ssl_public_key", "testing").returns(false)
84
+ Log.expects(:warn).with() do |msg|
85
+ msg.should match(/Unable to validate certificate/)
86
+ end
87
+ expect {
88
+ plugin.decodemsg(msg)
89
+ }.to raise_error SecurityValidationFailed
90
+ end
91
+
92
+ it "it should learn the public key if insecure_learning is enabled" do
93
+ pluginconf["aes.insecure_learning"] = "1"
94
+ File.expects(:exist?).returns(false)
95
+ Log.expects(:warn).with() do |msg|
96
+ msg.should match(/Do NOT use this mode in sensitive environments/)
97
+ end
98
+ File.expects(:open)
99
+ plugin.decodemsg(msg)
100
+ end
101
+
102
+ it "should learn the public key if the CA can verify the cert" do
103
+ File.expects(:exist?).returns(false)
104
+ pluginconf["aes.ca_cert"] = "ca_cert"
105
+ File.expects(:read).with("testing/testing.pem").returns("ssl_public_key")
106
+ plugin.expects(:validate_certificate).with("ssl_public_key", "testing").twice.returns(true)
107
+ File.expects(:open)
108
+ plugin.decodemsg(msg)
109
+ end
110
+ end
111
+
112
+ describe "#validate_certificate" do
113
+ let(:cert) do
114
+ mock
115
+ end
116
+
117
+ let(:ca_cert) do
118
+ ca = mock
119
+ ca.stubs(:add_file).returns(true)
120
+ ca
121
+ end
122
+
123
+ let(:callerid) do
124
+ "rspec_caller"
125
+ end
126
+
127
+ it "should fail if the cert is not a X509 certificate" do
128
+ OpenSSL::X509::Certificate.expects(:new).with("ssl_cert").raises(OpenSSL::X509::CertificateError)
129
+ Log.expects(:warn).with() do |msg|
130
+ msg.should match(/Received public key that is not a X509 certficate/)
131
+ end
132
+ plugin.validate_certificate("ssl_cert", callerid).should be_false
133
+ end
134
+
135
+ it "should fail if the name in the cert doesn't match the callerid" do
136
+ OpenSSL::X509::Certificate.expects(:new).with("ssl_cert").returns(cert)
137
+ plugin.stubs(:certname_from_certificate).with(cert).returns("not_rspec_caller")
138
+ Log.expects(:warn).with() do |msg|
139
+ msg.should match(/certname 'rspec_caller' doesn't match certificate 'not_rspec_caller'/)
140
+ end
141
+ plugin.validate_certificate("ssl_cert", callerid).should be_false
142
+ end
143
+
144
+ it "should fail if the cert wasn't signed by the CA" do
145
+ OpenSSL::X509::Certificate.expects(:new).with("ssl_cert").returns(cert)
146
+ plugin.stubs(:certname_from_certificate).with(cert).returns("rspec_caller")
147
+ OpenSSL::X509::Store.stubs(:new).returns(ca_cert)
148
+ ca_cert.stubs(:verify).with(cert).returns(false)
149
+ Log.expects(:warn).with() do |msg|
150
+ msg.should match(/Unable to validate certificate/)
151
+ end
152
+ plugin.validate_certificate("ssl_cert", callerid).should be_false
153
+ end
154
+
155
+ it "should validate the cert" do
156
+ OpenSSL::X509::Certificate.expects(:new).with("ssl_cert").returns(cert)
157
+ plugin.stubs(:certname_from_certificate).with(cert).returns("rspec_caller")
158
+ OpenSSL::X509::Store.stubs(:new).returns(ca_cert)
159
+ ca_cert.stubs(:verify).with(cert).returns(true)
160
+ plugin.validate_certificate("ssl_cert", callerid).should be_true
161
+ end
162
+ end
163
+ end
164
+ end
165
+ end
@@ -205,7 +205,7 @@ module MCollective
205
205
 
206
206
  before :each do
207
207
  PluginManager.stubs(:[]).with("registration_plugin").returns(registration_agent)
208
- Data.expects(:load_data_sources)
208
+ Data.stubs(:load_data_sources)
209
209
  Util.expects(:subscribe).twice
210
210
  Util.expects(:make_subscriptions).twice
211
211
  end
@@ -217,6 +217,16 @@ module MCollective
217
217
  runner.send(:receiver_thread)
218
218
  end
219
219
 
220
+ it 'should load agents before data plugins' do
221
+ load_order = sequence('load_order')
222
+ Agents.expects(:new).in_sequence(load_order)
223
+ Data.expects(:load_data_sources).in_sequence(load_order)
224
+ runner.expects(:receive).returns(request)
225
+ runner.expects(:agentmsg).with(request)
226
+ runner.instance_variable_set(:@exit_receiver_thread, true)
227
+ runner.send(:receiver_thread)
228
+ end
229
+
220
230
  it 'should discard controller messages with an error message' do
221
231
  runner.expects(:receive).returns(request)
222
232
  request.stubs(:agent).returns("mcollective")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mcollective-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.2
4
+ version: 2.5.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-06-10 00:00:00.000000000 Z
12
+ date: 2014-07-14 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: systemu
@@ -219,6 +219,7 @@ files:
219
219
  - spec/unit/plugins/mcollective/packagers/modulepackage_packager_spec.rb
220
220
  - spec/unit/plugins/mcollective/packagers/ospackage_spec.rb
221
221
  - spec/unit/plugins/mcollective/packagers/rpmpackage_packager_spec.rb
222
+ - spec/unit/plugins/mcollective/security/aes_security_spec.rb
222
223
  - spec/unit/plugins/mcollective/security/psk_spec.rb
223
224
  - spec/unit/plugins/mcollective/validator/array_validator_spec.rb
224
225
  - spec/unit/plugins/mcollective/validator/ipv4address_validator_spec.rb
@@ -363,6 +364,7 @@ test_files:
363
364
  - spec/unit/plugins/mcollective/packagers/modulepackage_packager_spec.rb
364
365
  - spec/unit/plugins/mcollective/packagers/ospackage_spec.rb
365
366
  - spec/unit/plugins/mcollective/packagers/rpmpackage_packager_spec.rb
367
+ - spec/unit/plugins/mcollective/security/aes_security_spec.rb
366
368
  - spec/unit/plugins/mcollective/security/psk_spec.rb
367
369
  - spec/unit/plugins/mcollective/validator/array_validator_spec.rb
368
370
  - spec/unit/plugins/mcollective/validator/ipv4address_validator_spec.rb