puppet 0.24.9 → 0.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +18680 -1241
- data/CHANGELOG.old +1705 -0
- data/LICENSE +2 -2
- data/README +1 -1
- data/README.queueing +126 -0
- data/README.rst +4 -4
- data/Rakefile +62 -216
- data/bin/filebucket +6 -117
- data/bin/pi +50 -0
- data/bin/puppet +7 -188
- data/bin/puppetdoc +7 -198
- data/bin/ralsh +4 -191
- data/conf/auth.conf +94 -0
- data/conf/gentoo/init.d/puppetmaster +30 -30
- data/conf/osx/PackageInfo.plist +30 -30
- data/conf/osx/createpackage.sh +23 -18
- data/conf/osx/preflight +8 -0
- data/conf/puppet-queue.conf +10 -0
- data/conf/redhat/client.init +52 -41
- data/conf/redhat/logrotate +1 -0
- data/conf/redhat/puppet.spec +74 -36
- data/conf/redhat/rundir-perms.patch +28 -0
- data/conf/redhat/server.init +48 -43
- data/conf/redhat/server.sysconfig +4 -4
- data/conf/solaris/smf/puppetd.xml +53 -53
- data/conf/solaris/smf/puppetmasterd.xml +53 -53
- data/conf/solaris/smf/svc-puppetd +4 -4
- data/conf/solaris/smf/svc-puppetmasterd +3 -3
- data/conf/suse/client.init +4 -4
- data/conf/suse/puppet.spec +14 -14
- data/conf/suse/server.init +17 -17
- data/examples/etc/init.d/sleeper +8 -8
- data/examples/mac_dscl.pp +2 -2
- data/examples/mac_dscl_revert.pp +1 -1
- data/examples/mcx_dock_default.pp +108 -108
- data/examples/mcx_dock_full.pp +108 -108
- data/examples/mcx_nogroup.pp +108 -108
- data/examples/modules/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb +5 -5
- data/examples/modules/sample-module/manifests/init.pp +2 -2
- data/examples/relationships +1 -1
- data/ext/autotest/config +6 -6
- data/ext/bin/sleeper +12 -12
- data/ext/dbfix.sql +21 -21
- data/ext/emacs/puppet-mode.el +42 -41
- data/ext/extlookup.rb +183 -0
- data/ext/ldap/puppet.schema +2 -1
- data/ext/logcheck/puppet +1 -1
- data/ext/module_puppet +7 -7
- data/ext/nagios/check_puppet.rb +83 -83
- data/ext/nagios/naggen +302 -0
- data/ext/puppet-test +61 -18
- data/ext/puppetlisten/puppetlisten.rb +76 -0
- data/ext/puppetlisten/puppetrun.rb +39 -0
- data/ext/puppetstoredconfigclean.rb +29 -29
- data/ext/rack/README +73 -0
- data/ext/rack/files/apache2.conf +38 -0
- data/ext/rack/files/config.ru +18 -0
- data/ext/rack/manifest.pp +59 -0
- data/ext/vim/syntax/puppet.vim +54 -35
- data/install.rb +37 -26
- data/lib/puppet.rb +15 -227
- data/lib/puppet/agent.rb +134 -0
- data/lib/puppet/agent/locker.rb +42 -0
- data/lib/puppet/agent/runner.rb +65 -0
- data/lib/puppet/application.rb +313 -0
- data/lib/puppet/application/filebucket.rb +87 -0
- data/lib/puppet/application/pi.rb +214 -0
- data/lib/puppet/application/puppet.rb +177 -0
- data/lib/puppet/application/puppetca.rb +71 -0
- data/lib/puppet/application/puppetd.rb +256 -0
- data/lib/puppet/application/puppetdoc.rb +222 -0
- data/lib/puppet/application/puppetmasterd.rb +168 -0
- data/lib/puppet/application/puppetqd.rb +96 -0
- data/lib/puppet/application/puppetrun.rb +219 -0
- data/lib/puppet/application/ralsh.rb +168 -0
- data/lib/puppet/configurer.rb +177 -0
- data/lib/puppet/configurer/downloader.rb +79 -0
- data/lib/puppet/configurer/fact_handler.rb +68 -0
- data/lib/puppet/configurer/plugin_handler.rb +26 -0
- data/lib/puppet/daemon.rb +78 -28
- data/lib/puppet/defaults.rb +239 -166
- data/lib/puppet/dsl.rb +7 -7
- data/lib/puppet/external/dot.rb +271 -271
- data/lib/puppet/external/event-loop/better-definers.rb +298 -298
- data/lib/puppet/external/event-loop/event-loop.rb +274 -274
- data/lib/puppet/external/event-loop/signal-system.rb +163 -163
- data/lib/puppet/external/lock.rb +1 -1
- data/lib/puppet/external/nagios.rb +20 -20
- data/lib/puppet/external/nagios/base.rb +3 -3
- data/lib/puppet/external/nagios/grammar.ry +185 -0
- data/lib/puppet/external/nagios/makefile +9 -0
- data/lib/puppet/external/nagios/parser.rb +1 -1
- data/lib/puppet/feature/json.rb +2 -0
- data/lib/puppet/feature/rack.rb +24 -0
- data/lib/puppet/feature/rails.rb +23 -33
- data/lib/puppet/feature/rubygems.rb +6 -0
- data/lib/puppet/feature/stomp.rb +6 -0
- data/lib/puppet/file_serving/{file_base.rb → base.rb} +10 -9
- data/lib/puppet/file_serving/configuration.rb +61 -61
- data/lib/puppet/file_serving/configuration/parser.rb +24 -29
- data/lib/puppet/file_serving/content.rb +26 -11
- data/lib/puppet/file_serving/fileset.rb +54 -19
- data/lib/puppet/file_serving/indirection_hooks.rb +12 -24
- data/lib/puppet/file_serving/metadata.rb +8 -8
- data/lib/puppet/file_serving/mount.rb +9 -151
- data/lib/puppet/file_serving/mount/file.rb +126 -0
- data/lib/puppet/file_serving/mount/modules.rb +25 -0
- data/lib/puppet/file_serving/mount/plugins.rb +27 -0
- data/lib/puppet/file_serving/terminus_helper.rb +9 -4
- data/lib/puppet/indirector.rb +6 -4
- data/lib/puppet/indirector/active_record.rb +28 -0
- data/lib/puppet/indirector/catalog/active_record.rb +36 -0
- data/lib/puppet/indirector/catalog/compiler.rb +50 -24
- data/lib/puppet/indirector/catalog/queue.rb +5 -0
- data/lib/puppet/indirector/catalog/rest.rb +6 -0
- data/lib/puppet/indirector/catalog/yaml.rb +2 -4
- data/lib/puppet/indirector/certificate/ca.rb +9 -0
- data/lib/puppet/indirector/certificate/file.rb +9 -0
- data/lib/puppet/indirector/certificate/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_request/ca.rb +14 -0
- data/lib/puppet/indirector/certificate_request/file.rb +8 -0
- data/lib/puppet/indirector/certificate_request/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +9 -0
- data/lib/puppet/indirector/direct_file_server.rb +4 -8
- data/lib/puppet/indirector/exec.rb +2 -6
- data/lib/puppet/indirector/facts/active_record.rb +36 -0
- data/lib/puppet/indirector/facts/facter.rb +30 -22
- data/lib/puppet/indirector/facts/rest.rb +6 -0
- data/lib/puppet/indirector/file.rb +1 -0
- data/lib/puppet/indirector/file_content/rest.rb +0 -1
- data/lib/puppet/indirector/file_metadata/file.rb +2 -2
- data/lib/puppet/indirector/file_metadata/rest.rb +0 -1
- data/lib/puppet/indirector/file_server.rb +31 -18
- data/lib/puppet/indirector/indirection.rb +46 -33
- data/lib/puppet/indirector/key/ca.rb +12 -0
- data/lib/puppet/indirector/key/file.rb +42 -0
- data/lib/puppet/indirector/node/active_record.rb +13 -0
- data/lib/puppet/indirector/node/ldap.rb +1 -1
- data/lib/puppet/indirector/queue.rb +83 -0
- data/lib/puppet/indirector/report/processor.rb +1 -1
- data/lib/puppet/indirector/report/rest.rb +7 -0
- data/lib/puppet/indirector/request.rb +158 -15
- data/lib/puppet/indirector/rest.rb +74 -36
- data/lib/puppet/indirector/runner/rest.rb +7 -0
- data/lib/puppet/indirector/ssl_file.rb +174 -0
- data/lib/puppet/indirector/terminus.rb +4 -4
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/metatype/manager.rb +3 -3
- data/lib/puppet/module.rb +99 -124
- data/lib/puppet/network/authconfig.rb +57 -42
- data/lib/puppet/network/authstore.rb +58 -10
- data/lib/puppet/network/client.rb +0 -2
- data/lib/puppet/network/client/ca.rb +1 -1
- data/lib/puppet/network/client/dipper.rb +7 -2
- data/lib/puppet/network/format.rb +123 -0
- data/lib/puppet/network/format_handler.rb +156 -0
- data/lib/puppet/network/formats.rb +123 -0
- data/lib/puppet/network/handler/filebucket.rb +1 -1
- data/lib/puppet/network/handler/fileserver.rb +43 -35
- data/lib/puppet/network/handler/master.rb +4 -4
- data/lib/puppet/network/handler/report.rb +1 -1
- data/lib/puppet/network/handler/resource.rb +16 -20
- data/lib/puppet/network/handler/runner.rb +9 -42
- data/lib/puppet/network/http.rb +4 -4
- data/lib/puppet/network/http/api.rb +4 -0
- data/lib/puppet/network/http/api/v1.rb +65 -0
- data/lib/puppet/network/http/handler.rb +163 -56
- data/lib/puppet/network/http/mongrel.rb +19 -15
- data/lib/puppet/network/http/mongrel/rest.rb +35 -17
- data/lib/puppet/network/http/rack.rb +62 -0
- data/lib/puppet/network/http/rack/httphandler.rb +34 -0
- data/lib/puppet/network/http/rack/rest.rb +79 -0
- data/lib/puppet/network/http/rack/xmlrpc.rb +65 -0
- data/lib/puppet/network/http/webrick.rb +89 -16
- data/lib/puppet/network/http/webrick/rest.rb +24 -11
- data/lib/puppet/network/http_pool.rb +28 -29
- data/lib/puppet/network/http_server/mongrel.rb +8 -10
- data/lib/puppet/network/http_server/webrick.rb +1 -3
- data/lib/puppet/network/rest_authconfig.rb +89 -0
- data/lib/puppet/network/rest_authorization.rb +25 -0
- data/lib/puppet/network/rights.rb +230 -27
- data/lib/puppet/network/server.rb +133 -31
- data/lib/puppet/network/xmlrpc/client.rb +5 -5
- data/lib/puppet/network/xmlrpc/webrick_servlet.rb +6 -6
- data/lib/puppet/node.rb +28 -21
- data/lib/puppet/node/environment.rb +48 -0
- data/lib/puppet/node/facts.rb +21 -0
- data/lib/puppet/parameter.rb +291 -219
- data/lib/puppet/parser/ast.rb +1 -0
- data/lib/puppet/parser/ast/astarray.rb +5 -1
- data/lib/puppet/parser/ast/boolean_operator.rb +3 -3
- data/lib/puppet/parser/ast/caseopt.rb +10 -0
- data/lib/puppet/parser/ast/casestatement.rb +12 -27
- data/lib/puppet/parser/ast/collection.rb +31 -0
- data/lib/puppet/parser/ast/collexpr.rb +18 -11
- data/lib/puppet/parser/ast/comparison_operator.rb +1 -1
- data/lib/puppet/parser/ast/definition.rb +6 -2
- data/lib/puppet/parser/ast/function.rb +7 -2
- data/lib/puppet/parser/ast/ifstatement.rb +11 -6
- data/lib/puppet/parser/ast/leaf.rb +106 -3
- data/lib/puppet/parser/ast/match_operator.rb +31 -0
- data/lib/puppet/parser/ast/node.rb +10 -6
- data/lib/puppet/parser/ast/resource_defaults.rb +2 -2
- data/lib/puppet/parser/ast/resource_override.rb +1 -1
- data/lib/puppet/parser/ast/resource_reference.rb +11 -3
- data/lib/puppet/parser/ast/selector.rb +14 -32
- data/lib/puppet/parser/ast/vardef.rb +1 -1
- data/lib/puppet/parser/collector.rb +67 -15
- data/lib/puppet/parser/compiler.rb +21 -53
- data/lib/puppet/parser/files.rb +92 -0
- data/lib/puppet/parser/functions.rb +3 -3
- data/lib/puppet/parser/functions/defined.rb +3 -3
- data/lib/puppet/parser/functions/fqdn_rand.rb +3 -3
- data/lib/puppet/parser/functions/inline_template.rb +4 -4
- data/lib/puppet/parser/functions/regsubst.rb +37 -35
- data/lib/puppet/parser/functions/require.rb +34 -0
- data/lib/puppet/parser/functions/shellquote.rb +41 -0
- data/lib/puppet/parser/functions/split.rb +29 -0
- data/lib/puppet/parser/functions/sprintf.rb +6 -6
- data/lib/puppet/parser/functions/template.rb +4 -4
- data/lib/puppet/parser/functions/versioncmp.rb +22 -1
- data/lib/puppet/parser/grammar.ra +812 -0
- data/lib/puppet/parser/interpreter.rb +4 -4
- data/lib/puppet/parser/lexer.rb +44 -15
- data/lib/puppet/parser/loaded_code.rb +115 -0
- data/lib/puppet/parser/makefile +8 -0
- data/lib/puppet/parser/parser.rb +1080 -928
- data/lib/puppet/parser/parser_support.rb +118 -96
- data/lib/puppet/parser/resource.rb +56 -126
- data/lib/puppet/parser/resource/param.rb +2 -76
- data/lib/puppet/parser/resource/reference.rb +15 -8
- data/lib/puppet/parser/scope.rb +68 -35
- data/lib/puppet/parser/templatewrapper.rb +8 -8
- data/lib/puppet/parser/yaml_trimmer.rb +11 -0
- data/lib/puppet/property.rb +69 -124
- data/lib/puppet/property/list.rb +3 -3
- data/lib/puppet/provider.rb +5 -5
- data/lib/puppet/provider/augeas/augeas.rb +119 -118
- data/lib/puppet/provider/computer/computer.rb +3 -3
- data/lib/puppet/provider/confine/variable.rb +1 -1
- data/lib/puppet/provider/cron/crontab.rb +8 -7
- data/lib/puppet/provider/group/directoryservice.rb +2 -2
- data/lib/puppet/provider/group/groupadd.rb +1 -1
- data/lib/puppet/provider/group/ldap.rb +3 -3
- data/lib/puppet/provider/group/pw.rb +1 -1
- data/lib/puppet/provider/host/parsed.rb +3 -3
- data/lib/puppet/provider/ldap.rb +1 -3
- data/lib/puppet/provider/macauthorization/macauthorization.rb +62 -55
- data/lib/puppet/provider/mailalias/aliases.rb +9 -1
- data/lib/puppet/provider/maillist/mailman.rb +8 -4
- data/lib/puppet/provider/mcx/mcxcontent.rb +11 -11
- data/lib/puppet/provider/mount/parsed.rb +2 -2
- data/lib/puppet/provider/nameservice.rb +6 -6
- data/lib/puppet/provider/nameservice/directoryservice.rb +83 -87
- data/lib/puppet/provider/package/appdmg.rb +10 -9
- data/lib/puppet/provider/package/apple.rb +1 -3
- data/lib/puppet/provider/package/apt.rb +5 -5
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/aptrpm.rb +1 -1
- data/lib/puppet/provider/package/darwinport.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +2 -2
- data/lib/puppet/provider/package/fink.rb +6 -6
- data/lib/puppet/provider/package/freebsd.rb +1 -1
- data/lib/puppet/provider/package/gem.rb +2 -2
- data/lib/puppet/provider/package/hpux.rb +5 -5
- data/lib/puppet/provider/package/pkgdmg.rb +30 -22
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +5 -5
- data/lib/puppet/provider/package/rug.rb +1 -1
- data/lib/puppet/provider/package/sun.rb +7 -7
- data/lib/puppet/provider/package/up2date.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/package/yumhelper.py +2 -2
- data/lib/puppet/provider/port/parsed.rb +1 -1
- data/lib/puppet/provider/selmodule/semodule.rb +3 -3
- data/lib/puppet/provider/service/base.rb +21 -12
- data/lib/puppet/provider/service/daemontools.rb +86 -49
- data/lib/puppet/provider/service/debian.rb +20 -12
- data/lib/puppet/provider/service/freebsd.rb +5 -5
- data/lib/puppet/provider/service/gentoo.rb +2 -2
- data/lib/puppet/provider/service/init.rb +21 -33
- data/lib/puppet/provider/service/launchd.rb +120 -48
- data/lib/puppet/provider/service/redhat.rb +12 -21
- data/lib/puppet/provider/service/runit.rb +19 -9
- data/lib/puppet/provider/service/smf.rb +49 -34
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +34 -0
- data/lib/puppet/provider/sshkey/parsed.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +12 -29
- data/lib/puppet/provider/user/hpux.rb +3 -3
- data/lib/puppet/provider/user/ldap.rb +2 -2
- data/lib/puppet/provider/zfs/solaris.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +4 -4
- data/lib/puppet/provider/zpool/solaris.rb +3 -3
- data/lib/puppet/rails.rb +9 -9
- data/lib/puppet/rails/benchmark.rb +69 -0
- data/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +5 -5
- data/lib/puppet/rails/database/002_remove_duplicated_index_on_all_tables.rb +2 -2
- data/lib/puppet/rails/database/003_add_environment_to_host.rb +1 -1
- data/lib/puppet/rails/database/schema.rb +8 -8
- data/lib/puppet/rails/fact_value.rb +1 -1
- data/lib/puppet/rails/host.rb +211 -93
- data/lib/puppet/rails/param_name.rb +5 -1
- data/lib/puppet/rails/param_value.rb +29 -2
- data/lib/puppet/rails/puppet_tag.rb +5 -0
- data/lib/puppet/rails/resource.rb +120 -20
- data/lib/puppet/rails/resource_tag.rb +1 -1
- data/lib/puppet/rails/source_file.rb +1 -1
- data/lib/puppet/reference/configuration.rb +14 -14
- data/lib/puppet/reference/function.rb +1 -1
- data/lib/puppet/reference/metaparameter.rb +48 -0
- data/lib/puppet/reference/providers.rb +6 -6
- data/lib/puppet/reference/type.rb +1 -37
- data/lib/puppet/relationship.rb +57 -30
- data/lib/puppet/reports/rrdgraph.rb +4 -4
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +15 -15
- data/lib/puppet/resource.rb +265 -0
- data/lib/puppet/{node → resource}/catalog.rb +188 -112
- data/lib/puppet/{resource_reference.rb → resource/reference.rb} +46 -24
- data/lib/puppet/simple_graph.rb +165 -27
- data/lib/puppet/ssl.rb +7 -0
- data/lib/puppet/ssl/base.rb +62 -0
- data/lib/puppet/ssl/certificate.rb +34 -0
- data/lib/puppet/ssl/certificate_authority.rb +298 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +118 -0
- data/lib/puppet/ssl/certificate_factory.rb +145 -0
- data/lib/puppet/ssl/certificate_request.rb +51 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +86 -0
- data/lib/puppet/ssl/host.rb +271 -0
- data/lib/puppet/ssl/inventory.rb +52 -0
- data/lib/puppet/ssl/key.rb +56 -0
- data/lib/puppet/sslcertificates.rb +6 -6
- data/lib/puppet/sslcertificates/ca.rb +15 -15
- data/lib/puppet/sslcertificates/certificate.rb +4 -4
- data/lib/puppet/sslcertificates/inventory.rb +3 -3
- data/lib/puppet/transaction.rb +113 -139
- data/lib/puppet/transaction/change.rb +6 -6
- data/lib/puppet/transaction/event.rb +1 -1
- data/lib/puppet/transaction/report.rb +7 -1
- data/lib/puppet/transportable.rb +28 -28
- data/lib/puppet/type.rb +263 -688
- data/lib/puppet/type/augeas.rb +3 -2
- data/lib/puppet/type/component.rb +28 -95
- data/lib/puppet/type/computer.rb +10 -10
- data/lib/puppet/type/cron.rb +19 -14
- data/lib/puppet/type/exec.rb +21 -20
- data/lib/puppet/type/file.rb +306 -633
- data/lib/puppet/type/file/checksum.rb +10 -11
- data/lib/puppet/type/file/content.rb +83 -22
- data/lib/puppet/type/file/ensure.rb +15 -9
- data/lib/puppet/type/file/group.rb +7 -1
- data/lib/puppet/type/file/mode.rb +1 -1
- data/lib/puppet/type/file/owner.rb +9 -3
- data/lib/puppet/type/file/selcontext.rb +4 -4
- data/lib/puppet/type/file/source.rb +78 -179
- data/lib/puppet/type/file/target.rb +3 -3
- data/lib/puppet/type/file/type.rb +2 -2
- data/lib/puppet/type/filebucket.rb +33 -54
- data/lib/puppet/type/group.rb +8 -8
- data/lib/puppet/type/host.rb +7 -7
- data/lib/puppet/type/k5login.rb +2 -2
- data/lib/puppet/type/macauthorization.rb +77 -52
- data/lib/puppet/type/mailalias.rb +2 -2
- data/lib/puppet/type/maillist.rb +2 -2
- data/lib/puppet/type/mcx.rb +3 -3
- data/lib/puppet/type/mount.rb +16 -11
- data/lib/puppet/type/notify.rb +4 -4
- data/lib/puppet/type/package.rb +6 -28
- data/lib/puppet/type/port.rb +1 -1
- data/lib/puppet/type/resources.rb +19 -19
- data/lib/puppet/type/schedule.rb +18 -20
- data/lib/puppet/type/selmodule.rb +1 -1
- data/lib/puppet/type/service.rb +11 -7
- data/lib/puppet/type/ssh_authorized_key.rb +26 -9
- data/lib/puppet/type/sshkey.rb +2 -2
- data/lib/puppet/type/tidy.rb +285 -289
- data/lib/puppet/type/user.rb +9 -7
- data/lib/puppet/type/yumrepo.rb +17 -16
- data/lib/puppet/type/zone.rb +8 -7
- data/lib/puppet/util.rb +11 -36
- data/lib/puppet/util/autoload.rb +31 -19
- data/lib/puppet/util/autoload/file_cache.rb +115 -0
- data/lib/puppet/util/backups.rb +86 -0
- data/lib/puppet/util/cacher.rb +135 -0
- data/lib/puppet/util/checksums.rb +11 -1
- data/lib/puppet/util/classgen.rb +1 -1
- data/lib/puppet/util/config_store.rb +2 -2
- data/lib/puppet/util/constant_inflector.rb +1 -1
- data/lib/puppet/util/diff.rb +2 -2
- data/lib/puppet/util/docs.rb +9 -3
- data/lib/puppet/util/execution.rb +1 -1
- data/lib/puppet/util/feature.rb +27 -20
- data/lib/puppet/util/fileparsing.rb +3 -3
- data/lib/puppet/util/filetype.rb +8 -6
- data/lib/puppet/util/graph.rb +5 -5
- data/lib/puppet/util/inifile.rb +5 -5
- data/lib/puppet/util/json.rb +13 -0
- data/lib/puppet/util/ldap/connection.rb +2 -2
- data/lib/puppet/util/log.rb +48 -31
- data/lib/puppet/util/metric.rb +4 -4
- data/lib/puppet/util/monkey_patches.rb +43 -0
- data/lib/puppet/util/nagios_maker.rb +1 -1
- data/lib/puppet/util/package.rb +4 -4
- data/lib/puppet/util/pidlock.rb +59 -59
- data/lib/puppet/util/posix.rb +13 -52
- data/lib/puppet/util/provider_features.rb +3 -3
- data/lib/puppet/util/queue.rb +96 -0
- data/lib/puppet/util/queue/stomp.rb +47 -0
- data/lib/puppet/util/rails/cache_accumulator.rb +65 -0
- data/lib/puppet/util/rails/collection_merger.rb +0 -39
- data/lib/puppet/util/rails/reference_serializer.rb +17 -3
- data/lib/puppet/util/rdoc.rb +1 -0
- data/lib/puppet/util/rdoc/code_objects.rb +5 -1
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +5 -5
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +13 -13
- data/lib/puppet/util/rdoc/parser.rb +28 -32
- data/lib/puppet/util/reference.rb +29 -8
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +12 -6
- data/lib/puppet/util/settings.rb +203 -578
- data/lib/puppet/util/settings/boolean_setting.rb +33 -0
- data/lib/puppet/util/settings/file_setting.rb +119 -0
- data/lib/puppet/util/settings/setting.rb +110 -0
- data/lib/puppet/util/subclass_loader.rb +1 -1
- data/lib/puppet/util/suidmanager.rb +2 -2
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/util/warnings.rb +17 -9
- data/man/man8/filebucket.8 +2 -2
- data/man/man8/pi.8 +2 -2
- data/man/man8/puppet.8 +3 -4
- data/man/man8/puppet.conf.8 +63 -63
- data/man/man8/puppetca.8 +2 -2
- data/man/man8/puppetd.8 +2 -2
- data/man/man8/puppetdoc.8 +2 -2
- data/man/man8/puppetmasterd.8 +2 -2
- data/man/man8/puppetrun.8 +2 -2
- data/man/man8/ralsh.8 +3 -3
- data/sbin/puppetca +102 -0
- data/sbin/puppetd +159 -0
- data/sbin/puppetmasterd +66 -0
- data/sbin/puppetqd +53 -0
- data/sbin/puppetrun +130 -0
- data/spec/Rakefile +2 -2
- data/spec/integration/application/puppet.rb +33 -0
- data/spec/integration/bin/puppetmasterd.rb +110 -0
- data/spec/integration/configurer.rb +18 -0
- data/spec/integration/defaults.rb +158 -7
- data/spec/integration/file_serving/content.rb +2 -0
- data/spec/integration/file_serving/fileset.rb +14 -0
- data/spec/integration/file_serving/metadata.rb +2 -0
- data/spec/integration/file_serving/terminus_helper.rb +22 -0
- data/spec/integration/indirector/catalog/compiler.rb +67 -0
- data/spec/integration/indirector/catalog/queue.rb +61 -0
- data/spec/integration/indirector/certificate/rest.rb +69 -0
- data/spec/integration/indirector/certificate_request/rest.rb +89 -0
- data/spec/integration/indirector/certificate_revocation_list/rest.rb +77 -0
- data/spec/integration/indirector/direct_file_server.rb +16 -23
- data/spec/integration/indirector/file_content/file_server.rb +75 -0
- data/spec/integration/indirector/report/rest.rb +95 -0
- data/spec/integration/indirector/rest.rb +207 -147
- data/spec/integration/network/client.rb +19 -0
- data/spec/integration/network/formats.rb +110 -0
- data/spec/integration/network/handler.rb +25 -0
- data/spec/integration/network/server/mongrel.rb +26 -8
- data/spec/integration/network/server/webrick.rb +49 -11
- data/spec/integration/node/environment.rb +58 -0
- data/spec/integration/node/facts.rb +4 -2
- data/spec/integration/parser/compiler.rb +29 -0
- data/spec/integration/parser/functions/require.rb +67 -0
- data/spec/integration/provider/mailalias/aliases.rb +25 -0
- data/spec/integration/{node → resource}/catalog.rb +17 -10
- data/spec/integration/ssl/certificate_authority.rb +135 -0
- data/spec/integration/ssl/certificate_request.rb +59 -0
- data/spec/integration/ssl/certificate_revocation_list.rb +42 -0
- data/spec/integration/ssl/host.rb +90 -0
- data/spec/integration/transaction.rb +66 -0
- data/spec/integration/transaction/report.rb +2 -5
- data/spec/integration/type.rb +22 -0
- data/spec/integration/type/file.rb +458 -0
- data/spec/integration/type/package.rb +1 -1
- data/spec/integration/type/tidy.rb +27 -0
- data/spec/integration/util/autoload.rb +114 -0
- data/spec/integration/util/feature.rb +54 -0
- data/spec/integration/util/file_locking.rb +2 -1
- data/spec/integration/util/settings.rb +27 -0
- data/spec/lib/puppet_spec/files.rb +9 -0
- data/spec/monkey_patches/add_confine_and_runnable_to_rspec_dsl.rb +1 -0
- data/spec/monkey_patches/alias_should_to_must.rb +1 -0
- data/spec/shared_behaviours/file_server_terminus.rb +14 -11
- data/spec/shared_behaviours/file_serving.rb +13 -17
- data/spec/spec_helper.rb +22 -5
- data/spec/unit/agent.rb +259 -0
- data/spec/unit/agent/locker.rb +100 -0
- data/spec/unit/agent/runner.rb +118 -0
- data/spec/unit/application.rb +420 -0
- data/spec/unit/application/filebucket.rb +220 -0
- data/spec/unit/application/pi.rb +84 -0
- data/spec/unit/application/puppet.rb +404 -0
- data/spec/unit/application/puppetca.rb +142 -0
- data/spec/unit/application/puppetd.rb +502 -0
- data/spec/unit/application/puppetdoc.rb +345 -0
- data/spec/unit/application/puppetmasterd.rb +456 -0
- data/spec/unit/application/puppetqd.rb +186 -0
- data/spec/unit/application/puppetrun.rb +279 -0
- data/spec/unit/application/ralsh.rb +237 -0
- data/spec/unit/configurer.rb +232 -0
- data/spec/unit/configurer/downloader.rb +188 -0
- data/spec/unit/configurer/fact_handler.rb +150 -0
- data/spec/unit/configurer/plugin_handler.rb +112 -0
- data/spec/unit/daemon.rb +287 -0
- data/spec/unit/file_serving/{file_base.rb → base.rb} +39 -31
- data/spec/unit/file_serving/configuration.rb +104 -93
- data/spec/unit/file_serving/configuration/parser.rb +64 -18
- data/spec/unit/file_serving/content.rb +65 -26
- data/spec/unit/file_serving/fileset.rb +116 -14
- data/spec/unit/file_serving/indirection_hooks.rb +34 -95
- data/spec/unit/file_serving/metadata.rb +27 -40
- data/spec/unit/file_serving/mount.rb +7 -118
- data/spec/unit/file_serving/mount/file.rb +188 -0
- data/spec/unit/file_serving/mount/modules.rb +63 -0
- data/spec/unit/file_serving/mount/plugins.rb +61 -0
- data/spec/unit/file_serving/terminus_helper.rb +39 -27
- data/spec/unit/indirector.rb +6 -1
- data/spec/unit/indirector/active_record.rb +76 -0
- data/spec/unit/indirector/catalog/active_record.rb +122 -0
- data/spec/unit/indirector/catalog/compiler.rb +222 -118
- data/spec/unit/indirector/catalog/queue.rb +20 -0
- data/spec/unit/indirector/catalog/rest.rb +11 -0
- data/spec/unit/indirector/catalog/yaml.rb +6 -6
- data/spec/unit/indirector/certificate/ca.rb +28 -0
- data/spec/unit/indirector/certificate/file.rb +28 -0
- data/spec/unit/indirector/certificate/rest.rb +23 -0
- data/spec/unit/indirector/certificate_request/ca.rb +19 -0
- data/spec/unit/indirector/certificate_request/file.rb +19 -0
- data/spec/unit/indirector/certificate_request/rest.rb +23 -0
- data/spec/unit/indirector/certificate_revocation_list/ca.rb +21 -0
- data/spec/unit/indirector/certificate_revocation_list/file.rb +20 -0
- data/spec/unit/indirector/certificate_revocation_list/rest.rb +23 -0
- data/spec/unit/indirector/direct_file_server.rb +3 -8
- data/spec/unit/indirector/exec.rb +6 -1
- data/spec/unit/indirector/facts/active_record.rb +104 -0
- data/spec/unit/indirector/facts/facter.rb +53 -12
- data/spec/unit/indirector/facts/rest.rb +11 -0
- data/spec/unit/indirector/file.rb +8 -1
- data/spec/unit/indirector/file_metadata/file.rb +5 -5
- data/spec/unit/indirector/file_server.rb +181 -98
- data/spec/unit/indirector/indirection.rb +102 -38
- data/spec/unit/indirector/key/ca.rb +28 -0
- data/spec/unit/indirector/key/file.rb +104 -0
- data/spec/unit/indirector/node/active_record.rb +34 -0
- data/spec/unit/indirector/node/ldap.rb +1 -1
- data/spec/unit/indirector/node/rest.rb +2 -2
- data/spec/unit/indirector/queue.rb +123 -0
- data/spec/unit/indirector/report/rest.rb +28 -0
- data/spec/unit/indirector/request.rb +221 -0
- data/spec/unit/indirector/rest.rb +343 -334
- data/spec/unit/indirector/runner/rest.rb +11 -0
- data/spec/unit/indirector/ssl_file.rb +280 -0
- data/spec/unit/module.rb +180 -180
- data/spec/unit/network/authconfig.rb +292 -0
- data/spec/unit/network/authstore.rb +94 -0
- data/spec/unit/network/client.rb +2 -2
- data/spec/unit/network/client/dipper.rb +16 -0
- data/spec/unit/network/format.rb +191 -0
- data/spec/unit/network/format_handler.rb +306 -0
- data/spec/unit/network/formats.rb +249 -0
- data/spec/unit/network/handler/fileserver.rb +2 -5
- data/spec/unit/network/http.rb +3 -3
- data/spec/unit/network/http/api/v1.rb +122 -0
- data/spec/unit/network/http/handler.rb +448 -0
- data/spec/unit/network/http/mongrel.rb +46 -32
- data/spec/unit/network/http/mongrel/rest.rb +174 -319
- data/spec/unit/network/http/rack.rb +102 -0
- data/spec/unit/network/http/rack/rest.rb +199 -0
- data/spec/unit/network/http/rack/xmlrpc.rb +157 -0
- data/spec/unit/network/http/webrick.rb +249 -37
- data/spec/unit/network/http/webrick/rest.rb +113 -279
- data/spec/unit/network/http_pool.rb +86 -110
- data/spec/unit/network/rest_authconfig.rb +146 -0
- data/spec/unit/network/rest_authorization.rb +43 -0
- data/spec/unit/network/rights.rb +519 -0
- data/spec/unit/network/server.rb +475 -257
- data/spec/unit/node.rb +43 -10
- data/spec/unit/node/environment.rb +143 -9
- data/spec/unit/node/facts.rb +77 -24
- data/spec/unit/other/selinux.rb +85 -0
- data/spec/unit/other/transbucket.rb +29 -13
- data/spec/unit/other/transobject.rb +35 -15
- data/spec/unit/parameter.rb +378 -5
- data/spec/unit/parser/ast.rb +1 -1
- data/spec/unit/parser/ast/arithmetic_operator.rb +17 -17
- data/spec/unit/parser/ast/astarray.rb +16 -10
- data/spec/unit/parser/ast/boolean_operator.rb +2 -2
- data/spec/unit/parser/ast/casestatement.rb +143 -0
- data/spec/unit/parser/ast/collection.rb +63 -0
- data/spec/unit/parser/ast/collexpr.rb +31 -8
- data/spec/unit/parser/ast/comparison_operator.rb +9 -9
- data/spec/unit/parser/ast/definition.rb +18 -0
- data/spec/unit/parser/ast/function.rb +6 -0
- data/spec/unit/parser/ast/ifstatement.rb +75 -0
- data/spec/unit/parser/ast/leaf.rb +261 -0
- data/spec/unit/parser/ast/match_operator.rb +50 -0
- data/spec/unit/parser/ast/minus.rb +1 -1
- data/spec/unit/parser/ast/node.rb +20 -0
- data/spec/unit/parser/ast/not.rb +1 -1
- data/spec/unit/parser/ast/resource_override.rb +5 -5
- data/spec/unit/parser/ast/resource_reference.rb +11 -5
- data/spec/unit/parser/ast/selector.rb +156 -0
- data/spec/unit/parser/ast/vardef.rb +11 -11
- data/spec/unit/parser/collector.rb +167 -48
- data/spec/unit/parser/compiler.rb +128 -104
- data/spec/unit/parser/files.rb +190 -0
- data/spec/unit/parser/functions/inline_template.rb +0 -0
- data/spec/unit/parser/functions/regsubst.rb +42 -42
- data/spec/unit/parser/functions/require.rb +36 -0
- data/spec/unit/parser/functions/shellquote.rb +92 -0
- data/spec/unit/parser/functions/split.rb +51 -0
- data/spec/unit/parser/functions/sprintf.rb +11 -11
- data/spec/unit/parser/functions/template.rb +0 -0
- data/spec/unit/parser/functions/versioncmp.rb +2 -2
- data/spec/unit/parser/interpreter.rb +16 -7
- data/spec/unit/parser/lexer.rb +72 -12
- data/spec/unit/parser/loaded_code.rb +198 -0
- data/spec/unit/parser/parser.rb +215 -28
- data/spec/unit/parser/resource.rb +131 -22
- data/spec/unit/parser/scope.rb +207 -12
- data/spec/unit/parser/templatewrapper.rb +8 -3
- data/spec/unit/property.rb +270 -16
- data/spec/unit/property/list.rb +12 -6
- data/spec/unit/provider.rb +31 -0
- data/spec/unit/provider/augeas/augeas.rb +61 -33
- data/spec/unit/provider/macauthorization.rb +29 -29
- data/spec/unit/provider/mcx/mcxcontent.rb +4 -4
- data/spec/unit/provider/mount/parsed.rb +5 -8
- data/spec/unit/provider/naginator.rb +0 -0
- data/spec/unit/provider/package/apt.rb +6 -6
- data/spec/unit/provider/package/pkgdmg.rb +73 -0
- data/spec/unit/provider/selboolean.rb +1 -1
- data/spec/unit/provider/selmodule.rb +2 -2
- data/spec/unit/provider/service/daemontools.rb +40 -15
- data/spec/unit/provider/service/debian.rb +89 -0
- data/spec/unit/provider/service/init.rb +106 -0
- data/spec/unit/provider/service/launchd.rb +71 -13
- data/spec/unit/provider/service/redhat.rb +94 -0
- data/spec/unit/provider/service/runit.rb +14 -2
- data/spec/unit/provider/ssh_authorized_key/parsed.rb +66 -2
- data/spec/unit/provider/user/ldap.rb +1 -1
- data/spec/unit/provider/user/user_role_add.rb +1 -1
- data/spec/unit/provider/zfs/solaris.rb +18 -6
- data/spec/unit/provider/zone/solaris.rb +1 -1
- data/spec/unit/rails.rb +16 -22
- data/spec/unit/rails/host.rb +163 -0
- data/spec/unit/rails/param_value.rb +49 -0
- data/spec/unit/rails/resource.rb +87 -0
- data/spec/unit/relationship.rb +141 -29
- data/spec/unit/resource.rb +504 -0
- data/spec/unit/resource/catalog.rb +1061 -0
- data/spec/unit/resource/reference.rb +111 -0
- data/spec/unit/simple_graph.rb +448 -191
- data/spec/unit/ssl/certificate.rb +124 -0
- data/spec/unit/ssl/certificate_authority.rb +741 -0
- data/spec/unit/ssl/certificate_authority/interface.rb +269 -0
- data/spec/unit/ssl/certificate_factory.rb +107 -0
- data/spec/unit/ssl/certificate_request.rb +193 -0
- data/spec/unit/ssl/certificate_revocation_list.rb +180 -0
- data/spec/unit/ssl/host.rb +704 -0
- data/spec/unit/ssl/inventory.rb +180 -0
- data/spec/unit/ssl/key.rb +198 -0
- data/spec/unit/transaction.rb +65 -2
- data/spec/unit/transaction/change.rb +1 -1
- data/spec/unit/transaction/report.rb +1 -1
- data/spec/unit/type.rb +361 -8
- data/spec/unit/type/augeas.rb +30 -37
- data/spec/unit/type/component.rb +63 -0
- data/spec/unit/type/computer.rb +17 -21
- data/spec/unit/type/exec.rb +27 -2
- data/spec/unit/type/file.rb +704 -83
- data/spec/unit/type/file/content.rb +253 -15
- data/spec/unit/type/file/ensure.rb +65 -2
- data/spec/unit/type/file/group.rb +5 -0
- data/spec/unit/type/file/owner.rb +5 -0
- data/spec/unit/type/file/selinux.rb +12 -16
- data/spec/unit/type/file/source.rb +264 -0
- data/spec/unit/type/filebucket.rb +74 -0
- data/spec/unit/type/group.rb +1 -5
- data/spec/unit/type/macauthorization.rb +59 -26
- data/spec/unit/type/mcx.rb +8 -16
- data/spec/unit/type/mount.rb +8 -16
- data/spec/unit/type/noop_metaparam.rb +0 -2
- data/spec/unit/type/package.rb +13 -23
- data/spec/unit/type/resources.rb +4 -7
- data/spec/unit/type/schedule.rb +1 -7
- data/spec/unit/type/selboolean.rb +4 -6
- data/spec/unit/type/service.rb +23 -33
- data/spec/unit/type/ssh_authorized_key.rb +25 -14
- data/spec/unit/type/tidy.rb +329 -21
- data/spec/unit/type/user.rb +18 -10
- data/spec/unit/type/zfs.rb +6 -6
- data/spec/unit/util/autoload.rb +94 -3
- data/spec/unit/util/autoload/file_cache.rb +183 -0
- data/spec/unit/util/backups.rb +159 -0
- data/spec/unit/util/cache_accumulator.rb +69 -0
- data/spec/unit/util/cacher.rb +185 -0
- data/spec/unit/util/checksums.rb +9 -1
- data/spec/unit/util/feature.rb +72 -0
- data/spec/unit/util/filetype.rb +1 -11
- data/spec/unit/util/json.rb +21 -0
- data/spec/unit/util/log.rb +45 -0
- data/spec/unit/util/package.rb +2 -2
- data/spec/unit/util/queue.rb +88 -0
- data/spec/unit/util/queue/stomp.rb +140 -0
- data/spec/unit/util/reference_serializer.rb +52 -0
- data/spec/unit/util/selinux.rb +5 -3
- data/spec/unit/util/settings.rb +413 -264
- data/spec/unit/util/settings/file_setting.rb +223 -0
- data/spec/unit/util/storage.rb +11 -11
- data/spec/unit/util/warnings.rb +21 -17
- data/test/Rakefile +6 -5
- data/test/certmgr/ca.rb +5 -5
- data/test/certmgr/certmgr.rb +4 -4
- data/test/data/providers/cron/crontab.allthree +2 -2
- data/test/data/providers/cron/crontab.envNcomment +1 -1
- data/test/data/providers/cron/crontab.envNname +1 -1
- data/test/data/providers/cron/crontab.multirecords +1 -1
- data/test/data/providers/cron/crontab_collections.yaml +14 -14
- data/test/data/providers/cron/crontab_multiple_with_env.yaml +6 -6
- data/test/data/providers/cron/crontab_sample_records.yaml +102 -102
- data/test/data/providers/mailalias/aliases/test1 +28 -0
- data/test/data/providers/package/testpackages.yaml +6 -6
- data/test/data/reports/1.yaml +17 -17
- data/test/data/reports/tagmail_passers.conf +2 -2
- data/test/data/snippets/append.pp +5 -5
- data/test/data/snippets/casestatement.pp +9 -2
- data/test/data/snippets/classincludes.pp +1 -1
- data/test/data/snippets/collection_override.pp +8 -0
- data/test/data/snippets/fqparents.pp +2 -2
- data/test/data/snippets/ifexpression.pp +12 -0
- data/test/data/snippets/multilinecomments.pp +5 -1
- data/test/data/snippets/selectorvalues.pp +7 -0
- data/test/data/types/hosts/1 +1 -1
- data/test/data/types/hosts/2 +3 -3
- data/test/data/types/hosts/solaris +2 -2
- data/test/data/types/mount/freebsd.fstab +7 -7
- data/test/data/types/mount/solaris.fstab +10 -10
- data/test/data/types/port/1 +472 -472
- data/test/data/types/port/darwin +4347 -4347
- data/test/language/ast.rb +3 -2
- data/test/language/ast/casestatement.rb +12 -12
- data/test/language/ast/resource.rb +4 -4
- data/test/language/ast/resource_reference.rb +5 -5
- data/test/language/ast/selector.rb +11 -11
- data/test/language/ast/variable.rb +4 -4
- data/test/language/functions.rb +16 -16
- data/test/language/parser.rb +89 -111
- data/test/language/resource.rb +3 -88
- data/test/language/scope.rb +14 -55
- data/test/language/snippets.rb +31 -31
- data/test/lib/puppettest.rb +12 -12
- data/test/lib/puppettest/certificates.rb +2 -2
- data/test/lib/puppettest/exetest.rb +0 -1
- data/test/lib/puppettest/fakes.rb +1 -1
- data/test/lib/puppettest/parsertesting.rb +9 -4
- data/test/lib/puppettest/railstesting.rb +3 -3
- data/test/lib/puppettest/servertest.rb +1 -1
- data/test/lib/puppettest/support/assertions.rb +2 -2
- data/test/lib/puppettest/support/collection.rb +1 -1
- data/test/lib/puppettest/support/resources.rb +7 -7
- data/test/lib/puppettest/support/utils.rb +10 -16
- data/test/lib/puppettest/testcase.rb +2 -1
- data/test/network/authconfig.rb +1 -1
- data/test/network/authorization.rb +1 -1
- data/test/network/authstore.rb +57 -14
- data/test/network/client/ca.rb +1 -0
- data/test/network/client/resource.rb +12 -50
- data/test/network/client_request.rb +1 -1
- data/test/network/handler/bucket.rb +2 -2
- data/test/network/handler/fileserver.rb +17 -21
- data/test/network/handler/master.rb +5 -5
- data/test/network/handler/report.rb +3 -3
- data/test/network/handler/resource.rb +29 -75
- data/test/network/handler/runner.rb +8 -58
- data/test/network/rights.rb +1 -1
- data/test/network/server/mongrel_test.rb +15 -1
- data/test/network/server/webrick.rb +0 -36
- data/test/network/xmlrpc/webrick_servlet.rb +5 -5
- data/test/other/dsl.rb +3 -3
- data/test/other/events.rb +15 -15
- data/test/other/puppet.rb +2 -32
- data/test/other/relationships.rb +21 -148
- data/test/other/report.rb +20 -23
- data/test/other/transactions.rb +110 -298
- data/test/puppet/defaults.rb +1 -1
- data/test/puppet/tc_suidmanager.rb +1 -1
- data/test/rails/railsparameter.rb +4 -4
- data/test/ral/manager/attributes.rb +12 -68
- data/test/ral/manager/instances.rb +3 -19
- data/test/ral/manager/manager.rb +7 -7
- data/test/ral/manager/provider.rb +7 -7
- data/test/ral/manager/type.rb +54 -349
- data/test/ral/providers/cron/crontab.rb +14 -14
- data/test/ral/providers/group.rb +5 -6
- data/test/ral/providers/host/parsed.rb +3 -3
- data/test/ral/providers/mailalias/aliases.rb +4 -4
- data/test/ral/providers/package.rb +3 -3
- data/test/ral/providers/package/aptitude.rb +55 -55
- data/test/ral/providers/package/aptrpm.rb +7 -7
- data/test/ral/providers/parsedfile.rb +10 -14
- data/test/ral/providers/port/parsed.rb +6 -6
- data/test/ral/providers/provider.rb +10 -10
- data/test/ral/providers/service/base.rb +32 -32
- data/test/ral/providers/sshkey/parsed.rb +14 -14
- data/test/ral/providers/user.rb +16 -17
- data/test/ral/providers/user/useradd.rb +19 -22
- data/test/ral/type/cron.rb +21 -28
- data/test/ral/type/exec.rb +57 -60
- data/test/ral/type/file.rb +88 -862
- data/test/ral/type/file/target.rb +21 -70
- data/test/ral/type/fileignoresource.rb +37 -44
- data/test/ral/type/filesources.rb +43 -473
- data/test/ral/type/group.rb +6 -7
- data/test/ral/type/host.rb +14 -30
- data/test/ral/type/mailalias.rb +3 -3
- data/test/ral/type/port.rb +5 -5
- data/test/ral/type/resources.rb +37 -37
- data/test/ral/type/service.rb +3 -3
- data/test/ral/type/sshkey.rb +34 -39
- data/test/ral/type/user.rb +15 -14
- data/test/ral/type/yumrepo.rb +18 -17
- data/test/ral/type/zone.rb +4 -6
- data/test/test +9 -9
- data/test/util/fileparsing.rb +10 -10
- data/test/util/inifile.rb +6 -6
- data/test/util/instance_loader.rb +1 -1
- data/test/util/log.rb +2 -2
- data/test/util/metrics.rb +1 -6
- data/test/util/package.rb +1 -1
- data/test/util/pidlock.rb +116 -116
- data/test/util/settings.rb +40 -429
- data/test/util/storage.rb +5 -5
- data/test/util/subclass_loader.rb +0 -7
- data/test/util/utiltest.rb +10 -29
- metadata +1369 -941
- data/bin/puppetca +0 -363
- data/bin/puppetd +0 -439
- data/bin/puppetmasterd +0 -289
- data/bin/puppetrun +0 -369
- data/conf/redhat/lsb-config.patch +0 -51
- data/conf/redhat/no-chuser-0.15.1.patch +0 -38
- data/conf/redhat/no-lockdir.patch +0 -13
- data/examples/mac_netinfo.pp +0 -5
- data/ext/passenger/README +0 -63
- data/ext/passenger/apache2.conf +0 -29
- data/ext/passenger/config.ru +0 -40
- data/lib/puppet/config_stores/rest.rb +0 -60
- data/lib/puppet/executables/client/certhandler.rb +0 -82
- data/lib/puppet/indirector/file_content/modules.rb +0 -11
- data/lib/puppet/indirector/file_metadata/modules.rb +0 -17
- data/lib/puppet/indirector/module_files.rb +0 -82
- data/lib/puppet/indirector/ssl_rsa.rb +0 -5
- data/lib/puppet/indirector/ssl_rsa/file.rb +0 -33
- data/lib/puppet/network/client/master.rb +0 -524
- data/lib/puppet/network/http_server/rack.rb +0 -148
- data/lib/puppet/pgraph.rb +0 -121
- data/lib/puppet/provider/group/netinfo.rb +0 -15
- data/lib/puppet/provider/host/netinfo.rb +0 -19
- data/lib/puppet/provider/mount/netinfo.rb +0 -37
- data/lib/puppet/provider/nameservice/netinfo.rb +0 -224
- data/lib/puppet/provider/user/netinfo.rb +0 -111
- data/lib/puppet/util/fact_store.rb +0 -59
- data/lib/puppet/util/uri_helper.rb +0 -22
- data/spec/integration/file_serving/configuration.rb +0 -43
- data/spec/integration/indirector/module_files.rb +0 -57
- data/spec/unit/executables/client/certhandler.rb +0 -135
- data/spec/unit/indirector/file_content/modules.rb +0 -18
- data/spec/unit/indirector/file_metadata/modules.rb +0 -42
- data/spec/unit/indirector/module_files.rb +0 -259
- data/spec/unit/indirector/ssl_rsa/file.rb +0 -121
- data/spec/unit/network/client/master.rb +0 -442
- data/spec/unit/node/catalog.rb +0 -865
- data/spec/unit/other/pgraph.rb +0 -210
- data/spec/unit/resource_reference.rb +0 -73
- data/spec/unit/util/uri_helper.rb +0 -41
- data/test/data/snippets/ifexpression.rb +0 -6
- data/test/executables/filebucket.rb +0 -51
- data/test/executables/puppetbin.rb +0 -104
- data/test/executables/puppetca.rb +0 -115
- data/test/executables/puppetd.rb +0 -55
- data/test/executables/puppetmasterd.rb +0 -147
- data/test/network/client/client.rb +0 -195
- data/test/network/client/master.rb +0 -490
- data/test/network/daemon.rb +0 -70
- data/test/network/handler/handler.rb +0 -63
- data/test/other/overrides.rb +0 -107
- data/test/puppet/conffiles.rb +0 -107
- data/test/rails/ast.rb +0 -73
- data/test/rails/configuration.rb +0 -71
- data/test/rails/host.rb +0 -154
- data/test/rails/railsresource.rb +0 -251
- data/test/ral/providers/host/netinfo.rb +0 -56
- data/test/ral/providers/mount/netinfo.rb +0 -79
- data/test/ral/type/basic.rb +0 -85
- data/test/ral/type/filebucket.rb +0 -157
- data/test/ral/type/parameter.rb +0 -174
- data/test/ral/type/property.rb +0 -388
- data/test/ral/type/tidy.rb +0 -291
- data/test/util/autoload.rb +0 -145
- data/test/util/features.rb +0 -95
@@ -6,105 +6,21 @@
|
|
6
6
|
require File.dirname(__FILE__) + '/../../spec_helper'
|
7
7
|
require 'puppet/network/http_pool'
|
8
8
|
|
9
|
-
describe Puppet::Network::HttpPool
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
@
|
14
|
-
[:add_file,:purpose=].each { |m| @store.stubs(m) }
|
9
|
+
describe Puppet::Network::HttpPool do
|
10
|
+
after do
|
11
|
+
Puppet::Util::Cacher.expire
|
12
|
+
Puppet::Network::HttpPool.clear_http_instances
|
13
|
+
Puppet::Network::HttpPool.instance_variable_set("@ssl_host", nil)
|
15
14
|
end
|
16
15
|
|
17
16
|
it "should have keep-alive disabled" do
|
18
17
|
Puppet::Network::HttpPool::HTTP_KEEP_ALIVE.should be_false
|
19
18
|
end
|
20
19
|
|
21
|
-
it "should
|
22
|
-
|
23
|
-
|
24
|
-
Puppet::Network::HttpPool.
|
25
|
-
end
|
26
|
-
|
27
|
-
it "should add a certificate store" do
|
28
|
-
Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
|
29
|
-
Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
|
30
|
-
OpenSSL::X509::Store.expects(:new).returns(@store)
|
31
|
-
@http.expects(:cert_store=).with(@store)
|
32
|
-
|
33
|
-
Puppet::Network::HttpPool.cert_setup(@http)
|
34
|
-
end
|
35
|
-
|
36
|
-
it "should add the local CA cert to the certificate store" do
|
37
|
-
Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
|
38
|
-
OpenSSL::X509::Store.expects(:new).returns(@store)
|
39
|
-
Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file")
|
40
|
-
Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file")
|
41
|
-
@store.expects(:add_file).with("/some/file")
|
42
|
-
|
43
|
-
Puppet::Network::HttpPool.stubs(:key).returns(:whatever)
|
44
|
-
|
45
|
-
Puppet::Network::HttpPool.cert_setup(@http)
|
46
|
-
end
|
47
|
-
|
48
|
-
it "should set the purpose of the cert store to OpenSSL::X509::PURPOSE_SSL_CLIENT" do
|
49
|
-
Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
|
50
|
-
Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
|
51
|
-
OpenSSL::X509::Store.expects(:new).returns(@store)
|
52
|
-
|
53
|
-
@store.expects(:purpose=).with(OpenSSL::X509::PURPOSE_SSL_CLIENT)
|
54
|
-
|
55
|
-
Puppet::Network::HttpPool.cert_setup(@http)
|
56
|
-
end
|
57
|
-
|
58
|
-
it "should add the client certificate" do
|
59
|
-
Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
|
60
|
-
Puppet::Network::HttpPool.stubs(:cert).returns(:mycert)
|
61
|
-
Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
|
62
|
-
OpenSSL::X509::Store.expects(:new).returns(@store)
|
63
|
-
|
64
|
-
@http.expects(:cert=).with(:mycert)
|
65
|
-
|
66
|
-
Puppet::Network::HttpPool.cert_setup(@http)
|
67
|
-
end
|
68
|
-
|
69
|
-
it "should add the client key" do
|
70
|
-
Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
|
71
|
-
Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
|
72
|
-
OpenSSL::X509::Store.expects(:new).returns(@store)
|
73
|
-
|
74
|
-
@http.expects(:key=).with(:mykey)
|
75
|
-
|
76
|
-
Puppet::Network::HttpPool.cert_setup(@http)
|
77
|
-
end
|
78
|
-
|
79
|
-
it "should set the verify mode to OpenSSL::SSL::VERIFY_PEER" do
|
80
|
-
Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
|
81
|
-
Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
|
82
|
-
OpenSSL::X509::Store.expects(:new).returns(@store)
|
83
|
-
|
84
|
-
@http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
|
85
|
-
|
86
|
-
Puppet::Network::HttpPool.cert_setup(@http)
|
87
|
-
end
|
88
|
-
|
89
|
-
it "should set the ca file" do
|
90
|
-
Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
|
91
|
-
Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file")
|
92
|
-
OpenSSL::X509::Store.expects(:new).returns(@store)
|
93
|
-
|
94
|
-
@http.expects(:ca_file=).with("/some/file")
|
95
|
-
|
96
|
-
Puppet::Network::HttpPool.stubs(:key).returns(:whatever)
|
97
|
-
|
98
|
-
Puppet::Network::HttpPool.cert_setup(@http)
|
99
|
-
end
|
100
|
-
|
101
|
-
it "should set up certificate information when creating http instances" do
|
102
|
-
Puppet::Network::HttpPool.expects(:cert_setup).with { |i| i.is_a?(Net::HTTP) }
|
103
|
-
Puppet::Network::HttpPool.http_instance("one", "two")
|
104
|
-
end
|
105
|
-
|
106
|
-
after do
|
107
|
-
Puppet::Network::HttpPool.clear_http_instances
|
20
|
+
it "should use the global SSL::Host instance to get its certificate information" do
|
21
|
+
host = mock 'host'
|
22
|
+
Puppet::SSL::Host.expects(:localhost).with().returns host
|
23
|
+
Puppet::Network::HttpPool.ssl_host.should equal(host)
|
108
24
|
end
|
109
25
|
|
110
26
|
describe "when managing http instances" do
|
@@ -115,7 +31,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
|
|
115
31
|
end
|
116
32
|
|
117
33
|
before do
|
118
|
-
# All of
|
34
|
+
# All of the cert stuff is tested elsewhere
|
119
35
|
Puppet::Network::HttpPool.stubs(:cert_setup)
|
120
36
|
end
|
121
37
|
|
@@ -150,7 +66,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
|
|
150
66
|
Puppet::Network::HttpPool.http_instance("me", 54321).open_timeout.should == 120
|
151
67
|
end
|
152
68
|
|
153
|
-
describe "
|
69
|
+
describe "and http keep-alive is enabled" do
|
154
70
|
before do
|
155
71
|
Puppet::Network::HttpPool.stubs(:keep_alive?).returns true
|
156
72
|
end
|
@@ -201,7 +117,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
|
|
201
117
|
end
|
202
118
|
end
|
203
119
|
|
204
|
-
describe "
|
120
|
+
describe "and http keep-alive is disabled" do
|
205
121
|
before do
|
206
122
|
Puppet::Network::HttpPool.stubs(:keep_alive?).returns false
|
207
123
|
end
|
@@ -213,26 +129,86 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
|
|
213
129
|
end
|
214
130
|
end
|
215
131
|
|
216
|
-
|
217
|
-
# won't change certs within a single process.
|
218
|
-
it "should remove its loaded certificate when clearing the cache" do
|
219
|
-
Puppet::Network::HttpPool.instance_variable_set("@cert", :yay)
|
132
|
+
after do
|
220
133
|
Puppet::Network::HttpPool.clear_http_instances
|
221
|
-
# Can't use the accessor, because it will read the cert in
|
222
|
-
Puppet::Network::HttpPool.instance_variable_get("@cert").should be_nil
|
223
134
|
end
|
135
|
+
end
|
224
136
|
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
137
|
+
describe "when adding certificate information to http instances" do
|
138
|
+
before do
|
139
|
+
@http = mock 'http'
|
140
|
+
[:cert_store=, :verify_mode=, :ca_file=, :cert=, :key=].each { |m| @http.stubs(m) }
|
141
|
+
@store = stub 'store'
|
142
|
+
|
143
|
+
@cert = stub 'cert', :content => "real_cert"
|
144
|
+
@key = stub 'key', :content => "real_key"
|
145
|
+
@host = stub 'host', :certificate => @cert, :key => @key, :ssl_store => @store
|
146
|
+
|
147
|
+
Puppet[:confdir] = "/sometthing/else"
|
148
|
+
Puppet.settings.stubs(:value).returns "/some/file"
|
149
|
+
Puppet.settings.stubs(:value).with(:hostcert).returns "/host/cert"
|
150
|
+
Puppet.settings.stubs(:value).with(:localcacert).returns "/local/ca/cert"
|
151
|
+
|
152
|
+
FileTest.stubs(:exist?).with("/host/cert").returns true
|
153
|
+
FileTest.stubs(:exist?).with("/local/ca/cert").returns true
|
154
|
+
|
155
|
+
Puppet::Network::HttpPool.stubs(:ssl_host).returns @host
|
232
156
|
end
|
233
157
|
|
234
158
|
after do
|
235
|
-
Puppet
|
159
|
+
Puppet.settings.clear
|
160
|
+
end
|
161
|
+
|
162
|
+
it "should do nothing if no host certificate is on disk" do
|
163
|
+
FileTest.expects(:exist?).with("/host/cert").returns false
|
164
|
+
@http.expects(:cert=).never
|
165
|
+
Puppet::Network::HttpPool.cert_setup(@http)
|
166
|
+
end
|
167
|
+
|
168
|
+
it "should do nothing if no local certificate is on disk" do
|
169
|
+
FileTest.expects(:exist?).with("/local/ca/cert").returns false
|
170
|
+
@http.expects(:cert=).never
|
171
|
+
Puppet::Network::HttpPool.cert_setup(@http)
|
172
|
+
end
|
173
|
+
|
174
|
+
it "should add a certificate store from the ssl host" do
|
175
|
+
@http.expects(:cert_store=).with(@store)
|
176
|
+
|
177
|
+
Puppet::Network::HttpPool.cert_setup(@http)
|
178
|
+
end
|
179
|
+
|
180
|
+
it "should add the client certificate" do
|
181
|
+
@http.expects(:cert=).with("real_cert")
|
182
|
+
|
183
|
+
Puppet::Network::HttpPool.cert_setup(@http)
|
184
|
+
end
|
185
|
+
|
186
|
+
it "should add the client key" do
|
187
|
+
@http.expects(:key=).with("real_key")
|
188
|
+
|
189
|
+
Puppet::Network::HttpPool.cert_setup(@http)
|
190
|
+
end
|
191
|
+
|
192
|
+
it "should set the verify mode to OpenSSL::SSL::VERIFY_PEER" do
|
193
|
+
@http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
|
194
|
+
|
195
|
+
Puppet::Network::HttpPool.cert_setup(@http)
|
196
|
+
end
|
197
|
+
|
198
|
+
it "should set the ca file" do
|
199
|
+
Puppet.settings.stubs(:value).returns "/some/file"
|
200
|
+
FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns true
|
201
|
+
|
202
|
+
Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file"
|
203
|
+
FileTest.stubs(:exist?).with("/ca/cert/file").returns true
|
204
|
+
@http.expects(:ca_file=).with("/ca/cert/file")
|
205
|
+
|
206
|
+
Puppet::Network::HttpPool.cert_setup(@http)
|
207
|
+
end
|
208
|
+
|
209
|
+
it "should set up certificate information when creating http instances" do
|
210
|
+
Puppet::Network::HttpPool.expects(:cert_setup).with { |i| i.is_a?(Net::HTTP) }
|
211
|
+
Puppet::Network::HttpPool.http_instance("one", "two")
|
236
212
|
end
|
237
213
|
end
|
238
214
|
end
|
@@ -0,0 +1,146 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require File.dirname(__FILE__) + '/../../spec_helper'
|
4
|
+
|
5
|
+
require 'puppet/network/rest_authconfig'
|
6
|
+
|
7
|
+
describe Puppet::Network::RestAuthConfig do
|
8
|
+
|
9
|
+
DEFAULT_ACL = [
|
10
|
+
{ :acl => "~ ^\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
|
11
|
+
# this one will allow all file access, and thus delegate
|
12
|
+
# to fileserver.conf
|
13
|
+
{ :acl => "/file" },
|
14
|
+
{ :acl => "/certificate_revocation_list/ca", :method => :find, :authenticated => true },
|
15
|
+
{ :acl => "/report", :method => :save, :authenticated => true },
|
16
|
+
{ :acl => "/certificate/ca", :method => :find, :authenticated => false },
|
17
|
+
{ :acl => "/certificate/", :method => :find, :authenticated => false },
|
18
|
+
{ :acl => "/certificate_request", :method => [:find, :save], :authenticated => false },
|
19
|
+
]
|
20
|
+
|
21
|
+
before :each do
|
22
|
+
FileTest.stubs(:exists?).returns(true)
|
23
|
+
File.stubs(:stat).returns(stub('stat', :ctime => :now))
|
24
|
+
Time.stubs(:now).returns :now
|
25
|
+
|
26
|
+
@authconfig = Puppet::Network::RestAuthConfig.new("dummy", false)
|
27
|
+
@authconfig.stubs(:read)
|
28
|
+
|
29
|
+
@acl = stub_everything 'rights'
|
30
|
+
@authconfig.rights = @acl
|
31
|
+
|
32
|
+
@request = stub 'request', :indirection_name => "path", :key => "to/resource", :ip => "127.0.0.1",
|
33
|
+
:node => "me", :method => :save, :environment => :env, :authenticated => true
|
34
|
+
end
|
35
|
+
|
36
|
+
it "should use the puppet default rest authorization file" do
|
37
|
+
Puppet.expects(:[]).with(:rest_authconfig).returns("dummy")
|
38
|
+
|
39
|
+
Puppet::Network::RestAuthConfig.new(nil, false)
|
40
|
+
end
|
41
|
+
|
42
|
+
it "should read the config file when needed" do
|
43
|
+
@authconfig.expects(:read)
|
44
|
+
|
45
|
+
@authconfig.allowed?(@request)
|
46
|
+
end
|
47
|
+
|
48
|
+
it "should ask for authorization to the ACL subsystem" do
|
49
|
+
@acl.expects(:fail_on_deny).with("/path/to/resource", :node => "me", :ip => "127.0.0.1", :method => :save, :environment => :env, :authenticated => true)
|
50
|
+
|
51
|
+
@authconfig.allowed?(@request)
|
52
|
+
end
|
53
|
+
|
54
|
+
describe "when defining an acl with mk_acl" do
|
55
|
+
it "should create a new right for each default acl" do
|
56
|
+
@acl.expects(:newright).with(:path)
|
57
|
+
@authconfig.mk_acl(:acl => :path)
|
58
|
+
end
|
59
|
+
|
60
|
+
it "should allow everyone for each default right" do
|
61
|
+
@acl.expects(:allow).with(:path, "*")
|
62
|
+
@authconfig.mk_acl(:acl => :path)
|
63
|
+
end
|
64
|
+
|
65
|
+
it "should restrict the ACL to a method" do
|
66
|
+
@acl.expects(:restrict_method).with(:path, :method)
|
67
|
+
@authconfig.mk_acl(:acl => :path, :method => :method)
|
68
|
+
end
|
69
|
+
|
70
|
+
it "should restrict the ACL to a specific authentication state" do
|
71
|
+
@acl.expects(:restrict_authenticated).with(:path, :authentication)
|
72
|
+
@authconfig.mk_acl(:acl => :path, :authenticated => :authentication)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
describe "when parsing the configuration file" do
|
77
|
+
it "should check for missing ACL after reading the authconfig file" do
|
78
|
+
File.stubs(:open)
|
79
|
+
|
80
|
+
@authconfig.expects(:insert_default_acl)
|
81
|
+
|
82
|
+
@authconfig.parse()
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
DEFAULT_ACL.each do |acl|
|
87
|
+
it "should insert #{acl} if not present" do
|
88
|
+
@authconfig.rights.stubs(:[]).returns(true)
|
89
|
+
@authconfig.rights.stubs(:[]).with(acl[:acl]).returns(nil)
|
90
|
+
|
91
|
+
@authconfig.expects(:mk_acl).with { |h| h[:acl] == acl[:acl] }
|
92
|
+
|
93
|
+
@authconfig.insert_default_acl
|
94
|
+
end
|
95
|
+
|
96
|
+
it "should not insert #{acl} if present" do
|
97
|
+
@authconfig.rights.stubs(:[]).returns(true)
|
98
|
+
@authconfig.rights.stubs(:[]).with(acl).returns(true)
|
99
|
+
|
100
|
+
@authconfig.expects(:mk_acl).never
|
101
|
+
|
102
|
+
@authconfig.insert_default_acl
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
it "should create default ACL entries if no file have been read" do
|
107
|
+
Puppet::Network::RestAuthConfig.any_instance.stubs(:exists?).returns(false)
|
108
|
+
|
109
|
+
Puppet::Network::RestAuthConfig.any_instance.expects(:insert_default_acl)
|
110
|
+
|
111
|
+
Puppet::Network::RestAuthConfig.main
|
112
|
+
end
|
113
|
+
|
114
|
+
describe "when adding default ACLs" do
|
115
|
+
|
116
|
+
DEFAULT_ACL.each do |acl|
|
117
|
+
it "should create a default right for #{acl[:acl]}" do
|
118
|
+
@authconfig.stubs(:mk_acl)
|
119
|
+
@authconfig.expects(:mk_acl).with(acl)
|
120
|
+
@authconfig.insert_default_acl
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
124
|
+
it "should log at info loglevel" do
|
125
|
+
Puppet.expects(:info).at_least_once
|
126
|
+
@authconfig.insert_default_acl
|
127
|
+
end
|
128
|
+
|
129
|
+
it "should create a last catch-all deny all rule" do
|
130
|
+
@authconfig.stubs(:mk_acl)
|
131
|
+
@acl.expects(:newright).with("/")
|
132
|
+
@authconfig.insert_default_acl
|
133
|
+
end
|
134
|
+
|
135
|
+
it "should create a last catch-all deny all rule for any authenticated request state" do
|
136
|
+
@authconfig.stubs(:mk_acl)
|
137
|
+
@acl.stubs(:newright).with("/")
|
138
|
+
|
139
|
+
@acl.expects(:restrict_authenticated).with("/", :any)
|
140
|
+
|
141
|
+
@authconfig.insert_default_acl
|
142
|
+
end
|
143
|
+
|
144
|
+
end
|
145
|
+
|
146
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require File.dirname(__FILE__) + '/../../spec_helper'
|
4
|
+
|
5
|
+
require 'puppet/network/rest_authorization'
|
6
|
+
|
7
|
+
class RestAuthorized
|
8
|
+
include Puppet::Network::RestAuthorization
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
describe Puppet::Network::RestAuthorization do
|
13
|
+
before :each do
|
14
|
+
@auth = RestAuthorized.new
|
15
|
+
@authconig = stub 'authconfig'
|
16
|
+
@auth.stubs(:authconfig).returns(@authconfig)
|
17
|
+
|
18
|
+
@request = stub_everything 'request'
|
19
|
+
@request.stubs(:method).returns(:find)
|
20
|
+
@request.stubs(:node).returns("node")
|
21
|
+
@request.stubs(:ip).returns("ip")
|
22
|
+
end
|
23
|
+
|
24
|
+
describe "when testing request authorization" do
|
25
|
+
it "should delegate to the current rest authconfig" do
|
26
|
+
@authconfig.expects(:allowed?).with(@request).returns(true)
|
27
|
+
|
28
|
+
@auth.check_authorization(@request)
|
29
|
+
end
|
30
|
+
|
31
|
+
it "should raise an AuthorizationError if authconfig raises an AuthorizationError" do
|
32
|
+
@authconfig.expects(:allowed?).with(@request).raises(Puppet::Network::AuthorizationError.new("forbidden"))
|
33
|
+
|
34
|
+
lambda { @auth.check_authorization(@request) }.should raise_error(Puppet::Network::AuthorizationError)
|
35
|
+
end
|
36
|
+
|
37
|
+
it "should not raise an AuthorizationError if request is allowed" do
|
38
|
+
@authconfig.expects(:allowed?).with(@request).returns(true)
|
39
|
+
|
40
|
+
lambda { @auth.check_authorization(@request) }.should_not raise_error(Puppet::Network::AuthorizationError)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,519 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require File.dirname(__FILE__) + '/../../spec_helper'
|
4
|
+
|
5
|
+
require 'puppet/network/rights'
|
6
|
+
|
7
|
+
describe Puppet::Network::Rights do
|
8
|
+
before do
|
9
|
+
@right = Puppet::Network::Rights.new
|
10
|
+
end
|
11
|
+
|
12
|
+
[:allow, :deny, :restrict_method, :restrict_environment, :restrict_authenticated].each do |m|
|
13
|
+
it "should have a #{m} method" do
|
14
|
+
@right.should respond_to(m)
|
15
|
+
end
|
16
|
+
|
17
|
+
describe "when using #{m}" do
|
18
|
+
it "should delegate to the correct acl" do
|
19
|
+
acl = stub 'acl'
|
20
|
+
@right.stubs(:[]).returns(acl)
|
21
|
+
|
22
|
+
acl.expects(m).with("me")
|
23
|
+
|
24
|
+
@right.send(m, 'thisacl', "me")
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
it "should throw an error if type can't be determined" do
|
30
|
+
lambda { @right.newright("name") }.should raise_error
|
31
|
+
end
|
32
|
+
|
33
|
+
describe "when creating new namespace ACLs" do
|
34
|
+
|
35
|
+
it "should throw an error if the ACL already exists" do
|
36
|
+
@right.newright("[name]")
|
37
|
+
|
38
|
+
lambda { @right.newright("[name]") }.should raise_error
|
39
|
+
end
|
40
|
+
|
41
|
+
it "should create a new ACL with the correct name" do
|
42
|
+
@right.newright("[name]")
|
43
|
+
|
44
|
+
@right["name"].key.should == :name
|
45
|
+
end
|
46
|
+
|
47
|
+
it "should create an ACL of type Puppet::Network::AuthStore" do
|
48
|
+
@right.newright("[name]")
|
49
|
+
|
50
|
+
@right["name"].should be_a_kind_of(Puppet::Network::AuthStore)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
describe "when creating new path ACLs" do
|
55
|
+
it "should not throw an error if the ACL already exists" do
|
56
|
+
@right.newright("/name")
|
57
|
+
|
58
|
+
lambda { @right.newright("/name")}.should_not raise_error
|
59
|
+
end
|
60
|
+
|
61
|
+
it "should throw an error if the acl uri path is not absolute" do
|
62
|
+
lambda { @right.newright("name")}.should raise_error
|
63
|
+
end
|
64
|
+
|
65
|
+
it "should create a new ACL with the correct path" do
|
66
|
+
@right.newright("/name")
|
67
|
+
|
68
|
+
@right["/name"].should_not be_nil
|
69
|
+
end
|
70
|
+
|
71
|
+
it "should create an ACL of type Puppet::Network::AuthStore" do
|
72
|
+
@right.newright("/name")
|
73
|
+
|
74
|
+
@right["/name"].should be_a_kind_of(Puppet::Network::AuthStore)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
describe "when creating new regex ACLs" do
|
79
|
+
it "should not throw an error if the ACL already exists" do
|
80
|
+
@right.newright("~ .rb$")
|
81
|
+
|
82
|
+
lambda { @right.newright("~ .rb$")}.should_not raise_error
|
83
|
+
end
|
84
|
+
|
85
|
+
it "should create a new ACL with the correct regex" do
|
86
|
+
@right.newright("~ .rb$")
|
87
|
+
|
88
|
+
@right.include?(".rb$").should_not be_nil
|
89
|
+
end
|
90
|
+
|
91
|
+
it "should be able to lookup the regex" do
|
92
|
+
@right.newright("~ .rb$")
|
93
|
+
|
94
|
+
@right[".rb$"].should_not be_nil
|
95
|
+
end
|
96
|
+
|
97
|
+
it "should be able to lookup the regex by its full name" do
|
98
|
+
@right.newright("~ .rb$")
|
99
|
+
|
100
|
+
@right["~ .rb$"].should_not be_nil
|
101
|
+
end
|
102
|
+
|
103
|
+
it "should create an ACL of type Puppet::Network::AuthStore" do
|
104
|
+
@right.newright("~ .rb$").should be_a_kind_of(Puppet::Network::AuthStore)
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
describe "when checking ACLs existence" do
|
109
|
+
it "should return false if there are no matching rights" do
|
110
|
+
@right.include?("name").should be_false
|
111
|
+
end
|
112
|
+
|
113
|
+
it "should return true if a namespace rights exist" do
|
114
|
+
@right.newright("[name]")
|
115
|
+
|
116
|
+
@right.include?("name").should be_true
|
117
|
+
end
|
118
|
+
|
119
|
+
it "should return false if no matching namespace rights exist" do
|
120
|
+
@right.newright("[name]")
|
121
|
+
|
122
|
+
@right.include?("notname").should be_false
|
123
|
+
end
|
124
|
+
|
125
|
+
it "should return true if a path right exists" do
|
126
|
+
@right.newright("/name")
|
127
|
+
|
128
|
+
@right.include?("/name").should be_true
|
129
|
+
end
|
130
|
+
|
131
|
+
it "should return false if no matching path rights exist" do
|
132
|
+
@right.newright("/name")
|
133
|
+
|
134
|
+
@right.include?("/differentname").should be_false
|
135
|
+
end
|
136
|
+
|
137
|
+
it "should return true if a regex right exists" do
|
138
|
+
@right.newright("~ .rb$")
|
139
|
+
|
140
|
+
@right.include?(".rb$").should be_true
|
141
|
+
end
|
142
|
+
|
143
|
+
it "should return false if no matching path rights exist" do
|
144
|
+
@right.newright("~ .rb$")
|
145
|
+
|
146
|
+
@right.include?(".pp$").should be_false
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
describe "when checking if right is allowed" do
|
151
|
+
before :each do
|
152
|
+
@right.stubs(:right).returns(nil)
|
153
|
+
|
154
|
+
@pathacl = stub 'pathacl', :acl_type => :regex, :"<=>" => 1, :line => 0, :file => 'dummy'
|
155
|
+
Puppet::Network::Rights::Right.stubs(:new).returns(@pathacl)
|
156
|
+
end
|
157
|
+
|
158
|
+
it "should delegate to fail_on_deny" do
|
159
|
+
@right.expects(:fail_on_deny).with("namespace", :node => "host.domain.com", :ip => "127.0.0.1")
|
160
|
+
|
161
|
+
@right.allowed?("namespace", "host.domain.com", "127.0.0.1")
|
162
|
+
end
|
163
|
+
|
164
|
+
it "should return true if fail_on_deny doesn't fail" do
|
165
|
+
@right.stubs(:fail_on_deny)
|
166
|
+
@right.allowed?("namespace", :args).should be_true
|
167
|
+
end
|
168
|
+
|
169
|
+
it "should return false if fail_on_deny raises an AuthorizationError" do
|
170
|
+
@right.stubs(:fail_on_deny).raises(Puppet::Network::AuthorizationError.new("forbidden"))
|
171
|
+
@right.allowed?("namespace", :args1, :args2).should be_false
|
172
|
+
end
|
173
|
+
|
174
|
+
it "should first check namespace rights" do
|
175
|
+
acl = stub 'acl', :acl_type => :name, :key => :namespace
|
176
|
+
Puppet::Network::Rights::Right.stubs(:new).returns(acl)
|
177
|
+
|
178
|
+
@right.newright("[namespace]")
|
179
|
+
acl.expects(:match?).returns(true)
|
180
|
+
acl.expects(:allowed?).with { |node,ip,h| node == "node" and ip == "ip" }.returns(true)
|
181
|
+
|
182
|
+
@right.fail_on_deny("namespace", { :node => "node", :ip => "ip" } )
|
183
|
+
end
|
184
|
+
|
185
|
+
it "should then check for path rights if no namespace match" do
|
186
|
+
acl = stub 'nmacl', :acl_type => :name, :key => :namespace, :"<=>" => -1, :line => 0, :file => 'dummy'
|
187
|
+
acl.stubs(:match?).returns(false)
|
188
|
+
Puppet::Network::Rights::Right.stubs(:new).with("[namespace]").returns(acl)
|
189
|
+
|
190
|
+
@right.newright("[namespace]")
|
191
|
+
@right.newright("/path/to/there", 0, nil)
|
192
|
+
|
193
|
+
@pathacl.stubs(:match?).returns(true)
|
194
|
+
|
195
|
+
acl.expects(:allowed?).never
|
196
|
+
@pathacl.expects(:allowed?).returns(true)
|
197
|
+
|
198
|
+
@right.fail_on_deny("/path/to/there", {})
|
199
|
+
end
|
200
|
+
|
201
|
+
it "should pass the match? return to allowed?" do
|
202
|
+
@right.newright("/path/to/there")
|
203
|
+
|
204
|
+
@pathacl.expects(:match?).returns(:match)
|
205
|
+
@pathacl.expects(:allowed?).with { |node,ip,h| h[:match] == :match }.returns(true)
|
206
|
+
|
207
|
+
@right.fail_on_deny("/path/to/there", {})
|
208
|
+
end
|
209
|
+
|
210
|
+
describe "with namespace acls" do
|
211
|
+
it "should raise an error if this namespace right doesn't exist" do
|
212
|
+
lambda{ @right.fail_on_deny("namespace") }.should raise_error
|
213
|
+
end
|
214
|
+
end
|
215
|
+
|
216
|
+
describe "with path acls" do
|
217
|
+
before :each do
|
218
|
+
@long_acl = stub 'longpathacl', :name => "/path/to/there", :acl_type => :regex, :line => 0, :file => 'dummy'
|
219
|
+
Puppet::Network::Rights::Right.stubs(:new).with("/path/to/there", 0, nil).returns(@long_acl)
|
220
|
+
|
221
|
+
@short_acl = stub 'shortpathacl', :name => "/path/to", :acl_type => :regex, :line => 0, :file => 'dummy'
|
222
|
+
Puppet::Network::Rights::Right.stubs(:new).with("/path/to", 0, nil).returns(@short_acl)
|
223
|
+
|
224
|
+
@long_acl.stubs(:"<=>").with(@short_acl).returns(0)
|
225
|
+
@short_acl.stubs(:"<=>").with(@long_acl).returns(0)
|
226
|
+
end
|
227
|
+
|
228
|
+
it "should select the first match" do
|
229
|
+
@right.newright("/path/to/there", 0)
|
230
|
+
@right.newright("/path/to", 0)
|
231
|
+
|
232
|
+
@long_acl.stubs(:match?).returns(true)
|
233
|
+
@short_acl.stubs(:match?).returns(true)
|
234
|
+
|
235
|
+
@long_acl.expects(:allowed?).returns(true)
|
236
|
+
@short_acl.expects(:allowed?).never
|
237
|
+
|
238
|
+
@right.fail_on_deny("/path/to/there/and/there", {})
|
239
|
+
end
|
240
|
+
|
241
|
+
it "should select the first match that doesn't return :dunno" do
|
242
|
+
@right.newright("/path/to/there", 0, nil)
|
243
|
+
@right.newright("/path/to", 0, nil)
|
244
|
+
|
245
|
+
@long_acl.stubs(:match?).returns(true)
|
246
|
+
@short_acl.stubs(:match?).returns(true)
|
247
|
+
|
248
|
+
@long_acl.expects(:allowed?).returns(:dunno)
|
249
|
+
@short_acl.expects(:allowed?).returns(true)
|
250
|
+
|
251
|
+
@right.fail_on_deny("/path/to/there/and/there", {})
|
252
|
+
end
|
253
|
+
|
254
|
+
it "should not select an ACL that doesn't match" do
|
255
|
+
@right.newright("/path/to/there", 0)
|
256
|
+
@right.newright("/path/to", 0)
|
257
|
+
|
258
|
+
@long_acl.stubs(:match?).returns(false)
|
259
|
+
@short_acl.stubs(:match?).returns(true)
|
260
|
+
|
261
|
+
@long_acl.expects(:allowed?).never
|
262
|
+
@short_acl.expects(:allowed?).returns(true)
|
263
|
+
|
264
|
+
@right.fail_on_deny("/path/to/there/and/there", {})
|
265
|
+
end
|
266
|
+
|
267
|
+
it "should not raise an AuthorizationError if allowed" do
|
268
|
+
@right.newright("/path/to/there", 0)
|
269
|
+
|
270
|
+
@long_acl.stubs(:match?).returns(true)
|
271
|
+
@long_acl.stubs(:allowed?).returns(true)
|
272
|
+
|
273
|
+
lambda { @right.fail_on_deny("/path/to/there/and/there", {}) }.should_not raise_error(Puppet::Network::AuthorizationError)
|
274
|
+
end
|
275
|
+
|
276
|
+
it "should raise an AuthorizationError if the match is denied" do
|
277
|
+
@right.newright("/path/to/there", 0, nil)
|
278
|
+
|
279
|
+
@long_acl.stubs(:match?).returns(true)
|
280
|
+
@long_acl.stubs(:allowed?).returns(false)
|
281
|
+
|
282
|
+
lambda{ @right.fail_on_deny("/path/to/there", {}) }.should raise_error(Puppet::Network::AuthorizationError)
|
283
|
+
end
|
284
|
+
|
285
|
+
it "should raise an AuthorizationError if no path match" do
|
286
|
+
lambda { @right.fail_on_deny("/nomatch", {}) }.should raise_error(Puppet::Network::AuthorizationError)
|
287
|
+
end
|
288
|
+
end
|
289
|
+
|
290
|
+
describe "with regex acls" do
|
291
|
+
before :each do
|
292
|
+
@regex_acl1 = stub 'regex_acl1', :name => "/files/(.*)/myfile", :acl_type => :regex, :line => 0, :file => 'dummy'
|
293
|
+
Puppet::Network::Rights::Right.stubs(:new).with("~ /files/(.*)/myfile", 0, nil).returns(@regex_acl1)
|
294
|
+
|
295
|
+
@regex_acl2 = stub 'regex_acl2', :name => "/files/(.*)/myfile/", :acl_type => :regex, :line => 0, :file => 'dummy'
|
296
|
+
Puppet::Network::Rights::Right.stubs(:new).with("~ /files/(.*)/myfile/", 0, nil).returns(@regex_acl2)
|
297
|
+
|
298
|
+
@regex_acl1.stubs(:"<=>").with(@regex_acl2).returns(0)
|
299
|
+
@regex_acl2.stubs(:"<=>").with(@regex_acl1).returns(0)
|
300
|
+
end
|
301
|
+
|
302
|
+
it "should select the first match" do
|
303
|
+
@right.newright("~ /files/(.*)/myfile", 0)
|
304
|
+
@right.newright("~ /files/(.*)/myfile/", 0)
|
305
|
+
|
306
|
+
@regex_acl1.stubs(:match?).returns(true)
|
307
|
+
@regex_acl2.stubs(:match?).returns(true)
|
308
|
+
|
309
|
+
@regex_acl1.expects(:allowed?).returns(true)
|
310
|
+
@regex_acl2.expects(:allowed?).never
|
311
|
+
|
312
|
+
@right.fail_on_deny("/files/repository/myfile/other", {})
|
313
|
+
end
|
314
|
+
|
315
|
+
it "should select the first match that doesn't return :dunno" do
|
316
|
+
@right.newright("~ /files/(.*)/myfile", 0)
|
317
|
+
@right.newright("~ /files/(.*)/myfile/", 0)
|
318
|
+
|
319
|
+
@regex_acl1.stubs(:match?).returns(true)
|
320
|
+
@regex_acl2.stubs(:match?).returns(true)
|
321
|
+
|
322
|
+
@regex_acl1.expects(:allowed?).returns(:dunno)
|
323
|
+
@regex_acl2.expects(:allowed?).returns(true)
|
324
|
+
|
325
|
+
@right.fail_on_deny("/files/repository/myfile/other", {})
|
326
|
+
end
|
327
|
+
|
328
|
+
it "should not select an ACL that doesn't match" do
|
329
|
+
@right.newright("~ /files/(.*)/myfile", 0)
|
330
|
+
@right.newright("~ /files/(.*)/myfile/", 0)
|
331
|
+
|
332
|
+
@regex_acl1.stubs(:match?).returns(false)
|
333
|
+
@regex_acl2.stubs(:match?).returns(true)
|
334
|
+
|
335
|
+
@regex_acl1.expects(:allowed?).never
|
336
|
+
@regex_acl2.expects(:allowed?).returns(true)
|
337
|
+
|
338
|
+
@right.fail_on_deny("/files/repository/myfile/other", {})
|
339
|
+
end
|
340
|
+
|
341
|
+
it "should not raise an AuthorizationError if allowed" do
|
342
|
+
@right.newright("~ /files/(.*)/myfile", 0)
|
343
|
+
|
344
|
+
@regex_acl1.stubs(:match?).returns(true)
|
345
|
+
@regex_acl1.stubs(:allowed?).returns(true)
|
346
|
+
|
347
|
+
lambda { @right.fail_on_deny("/files/repository/myfile/other", {}) }.should_not raise_error(Puppet::Network::AuthorizationError)
|
348
|
+
end
|
349
|
+
|
350
|
+
it "should raise an error if no regex acl match" do
|
351
|
+
lambda{ @right.fail_on_deny("/path", {}) }.should raise_error(Puppet::Network::AuthorizationError)
|
352
|
+
end
|
353
|
+
|
354
|
+
it "should raise an AuthorizedError on deny" do
|
355
|
+
lambda { @right.fail_on_deny("/path", {}) }.should raise_error(Puppet::Network::AuthorizationError)
|
356
|
+
end
|
357
|
+
|
358
|
+
end
|
359
|
+
end
|
360
|
+
|
361
|
+
describe Puppet::Network::Rights::Right do
|
362
|
+
before :each do
|
363
|
+
@acl = Puppet::Network::Rights::Right.new("/path",0, nil)
|
364
|
+
end
|
365
|
+
|
366
|
+
describe "with path" do
|
367
|
+
it "should say it's a regex ACL" do
|
368
|
+
@acl.acl_type.should == :regex
|
369
|
+
end
|
370
|
+
|
371
|
+
it "should match up to its path length" do
|
372
|
+
@acl.match?("/path/that/works").should_not be_nil
|
373
|
+
end
|
374
|
+
|
375
|
+
it "should match up to its path length" do
|
376
|
+
@acl.match?("/paththatalsoworks").should_not be_nil
|
377
|
+
end
|
378
|
+
|
379
|
+
it "should return nil if no match" do
|
380
|
+
@acl.match?("/notpath").should be_nil
|
381
|
+
end
|
382
|
+
end
|
383
|
+
|
384
|
+
describe "with regex" do
|
385
|
+
before :each do
|
386
|
+
@acl = Puppet::Network::Rights::Right.new("~ .rb$",0, nil)
|
387
|
+
end
|
388
|
+
|
389
|
+
it "should say it's a regex ACL" do
|
390
|
+
@acl.acl_type.should == :regex
|
391
|
+
end
|
392
|
+
|
393
|
+
it "should match as a regex" do
|
394
|
+
@acl.match?("this shoud work.rb").should_not be_nil
|
395
|
+
end
|
396
|
+
|
397
|
+
it "should return nil if no match" do
|
398
|
+
@acl.match?("do not match").should be_nil
|
399
|
+
end
|
400
|
+
end
|
401
|
+
|
402
|
+
it "should allow all rest methods by default" do
|
403
|
+
@acl.methods.should == Puppet::Network::Rights::Right::ALL
|
404
|
+
end
|
405
|
+
|
406
|
+
it "should allow only authenticated request by default" do
|
407
|
+
@acl.authentication.should be_true
|
408
|
+
end
|
409
|
+
|
410
|
+
it "should allow modification of the methods filters" do
|
411
|
+
@acl.restrict_method(:save)
|
412
|
+
|
413
|
+
@acl.methods.should == [:save]
|
414
|
+
end
|
415
|
+
|
416
|
+
it "should stack methods filters" do
|
417
|
+
@acl.restrict_method(:save)
|
418
|
+
@acl.restrict_method(:destroy)
|
419
|
+
|
420
|
+
@acl.methods.should == [:save, :destroy]
|
421
|
+
end
|
422
|
+
|
423
|
+
it "should raise an error if the method is already filtered" do
|
424
|
+
@acl.restrict_method(:save)
|
425
|
+
|
426
|
+
lambda { @acl.restrict_method(:save) }.should raise_error
|
427
|
+
end
|
428
|
+
|
429
|
+
it "should allow setting an environment filters" do
|
430
|
+
Puppet::Node::Environment.stubs(:new).with(:environment).returns(:env)
|
431
|
+
|
432
|
+
@acl.restrict_environment(:environment)
|
433
|
+
|
434
|
+
@acl.environment.should == [:env]
|
435
|
+
end
|
436
|
+
|
437
|
+
["on", "yes", "true", true].each do |auth|
|
438
|
+
it "should allow filtering on authenticated requests with '#{auth}'" do
|
439
|
+
@acl.restrict_authenticated(auth)
|
440
|
+
|
441
|
+
@acl.authentication.should be_true
|
442
|
+
end
|
443
|
+
end
|
444
|
+
|
445
|
+
["off", "no", "false", false].each do |auth|
|
446
|
+
it "should allow filtering on unauthenticated requests with '#{auth}'" do
|
447
|
+
@acl.restrict_authenticated(auth)
|
448
|
+
|
449
|
+
@acl.authentication.should be_false
|
450
|
+
end
|
451
|
+
end
|
452
|
+
|
453
|
+
["all", "any", :all, :any].each do |auth|
|
454
|
+
it "should not use request authenticated state filtering with '#{auth}'" do
|
455
|
+
@acl.restrict_authenticated(auth)
|
456
|
+
|
457
|
+
@acl.authentication.should be_nil
|
458
|
+
end
|
459
|
+
end
|
460
|
+
|
461
|
+
describe "when checking right authorization" do
|
462
|
+
it "should return :dunno if this right is not restricted to the given method" do
|
463
|
+
@acl.restrict_method(:destroy)
|
464
|
+
|
465
|
+
@acl.allowed?("me","127.0.0.1", { :method => :save } ).should == :dunno
|
466
|
+
end
|
467
|
+
|
468
|
+
it "should return allow/deny if this right is restricted to the given method" do
|
469
|
+
@acl.restrict_method(:save)
|
470
|
+
@acl.allow("127.0.0.1")
|
471
|
+
|
472
|
+
@acl.allowed?("me","127.0.0.1", { :method => :save }).should be_true
|
473
|
+
end
|
474
|
+
|
475
|
+
it "should return :dunno if this right is not restricted to the given environment" do
|
476
|
+
Puppet::Node::Environment.stubs(:new).returns(:production)
|
477
|
+
|
478
|
+
@acl.restrict_environment(:production)
|
479
|
+
|
480
|
+
@acl.allowed?("me","127.0.0.1", { :method => :save, :environment => :development }).should == :dunno
|
481
|
+
end
|
482
|
+
|
483
|
+
it "should return :dunno if this right is not restricted to the given request authentication state" do
|
484
|
+
@acl.restrict_authenticated(true)
|
485
|
+
|
486
|
+
@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => false }).should == :dunno
|
487
|
+
end
|
488
|
+
|
489
|
+
it "should return allow/deny if this right is restricted to the given request authentication state" do
|
490
|
+
@acl.restrict_authenticated(false)
|
491
|
+
@acl.allow("127.0.0.1")
|
492
|
+
|
493
|
+
@acl.allowed?("me","127.0.0.1", { :authenticated => false }).should be_true
|
494
|
+
end
|
495
|
+
|
496
|
+
it "should interpolate allow/deny patterns with the given match" do
|
497
|
+
@acl.expects(:interpolate).with(:match)
|
498
|
+
|
499
|
+
@acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
|
500
|
+
end
|
501
|
+
|
502
|
+
it "should reset interpolation after the match" do
|
503
|
+
@acl.expects(:reset_interpolation)
|
504
|
+
|
505
|
+
@acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
|
506
|
+
end
|
507
|
+
|
508
|
+
# mocha doesn't allow testing super...
|
509
|
+
# it "should delegate to the AuthStore for the result" do
|
510
|
+
# @acl.method(:save)
|
511
|
+
#
|
512
|
+
# @acl.expects(:allowed?).with("me","127.0.0.1")
|
513
|
+
#
|
514
|
+
# @acl.allowed?("me","127.0.0.1", :save)
|
515
|
+
# end
|
516
|
+
end
|
517
|
+
end
|
518
|
+
|
519
|
+
end
|