puppet 0.24.9 → 0.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +18680 -1241
- data/CHANGELOG.old +1705 -0
- data/LICENSE +2 -2
- data/README +1 -1
- data/README.queueing +126 -0
- data/README.rst +4 -4
- data/Rakefile +62 -216
- data/bin/filebucket +6 -117
- data/bin/pi +50 -0
- data/bin/puppet +7 -188
- data/bin/puppetdoc +7 -198
- data/bin/ralsh +4 -191
- data/conf/auth.conf +94 -0
- data/conf/gentoo/init.d/puppetmaster +30 -30
- data/conf/osx/PackageInfo.plist +30 -30
- data/conf/osx/createpackage.sh +23 -18
- data/conf/osx/preflight +8 -0
- data/conf/puppet-queue.conf +10 -0
- data/conf/redhat/client.init +52 -41
- data/conf/redhat/logrotate +1 -0
- data/conf/redhat/puppet.spec +74 -36
- data/conf/redhat/rundir-perms.patch +28 -0
- data/conf/redhat/server.init +48 -43
- data/conf/redhat/server.sysconfig +4 -4
- data/conf/solaris/smf/puppetd.xml +53 -53
- data/conf/solaris/smf/puppetmasterd.xml +53 -53
- data/conf/solaris/smf/svc-puppetd +4 -4
- data/conf/solaris/smf/svc-puppetmasterd +3 -3
- data/conf/suse/client.init +4 -4
- data/conf/suse/puppet.spec +14 -14
- data/conf/suse/server.init +17 -17
- data/examples/etc/init.d/sleeper +8 -8
- data/examples/mac_dscl.pp +2 -2
- data/examples/mac_dscl_revert.pp +1 -1
- data/examples/mcx_dock_default.pp +108 -108
- data/examples/mcx_dock_full.pp +108 -108
- data/examples/mcx_nogroup.pp +108 -108
- data/examples/modules/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb +5 -5
- data/examples/modules/sample-module/manifests/init.pp +2 -2
- data/examples/relationships +1 -1
- data/ext/autotest/config +6 -6
- data/ext/bin/sleeper +12 -12
- data/ext/dbfix.sql +21 -21
- data/ext/emacs/puppet-mode.el +42 -41
- data/ext/extlookup.rb +183 -0
- data/ext/ldap/puppet.schema +2 -1
- data/ext/logcheck/puppet +1 -1
- data/ext/module_puppet +7 -7
- data/ext/nagios/check_puppet.rb +83 -83
- data/ext/nagios/naggen +302 -0
- data/ext/puppet-test +61 -18
- data/ext/puppetlisten/puppetlisten.rb +76 -0
- data/ext/puppetlisten/puppetrun.rb +39 -0
- data/ext/puppetstoredconfigclean.rb +29 -29
- data/ext/rack/README +73 -0
- data/ext/rack/files/apache2.conf +38 -0
- data/ext/rack/files/config.ru +18 -0
- data/ext/rack/manifest.pp +59 -0
- data/ext/vim/syntax/puppet.vim +54 -35
- data/install.rb +37 -26
- data/lib/puppet.rb +15 -227
- data/lib/puppet/agent.rb +134 -0
- data/lib/puppet/agent/locker.rb +42 -0
- data/lib/puppet/agent/runner.rb +65 -0
- data/lib/puppet/application.rb +313 -0
- data/lib/puppet/application/filebucket.rb +87 -0
- data/lib/puppet/application/pi.rb +214 -0
- data/lib/puppet/application/puppet.rb +177 -0
- data/lib/puppet/application/puppetca.rb +71 -0
- data/lib/puppet/application/puppetd.rb +256 -0
- data/lib/puppet/application/puppetdoc.rb +222 -0
- data/lib/puppet/application/puppetmasterd.rb +168 -0
- data/lib/puppet/application/puppetqd.rb +96 -0
- data/lib/puppet/application/puppetrun.rb +219 -0
- data/lib/puppet/application/ralsh.rb +168 -0
- data/lib/puppet/configurer.rb +177 -0
- data/lib/puppet/configurer/downloader.rb +79 -0
- data/lib/puppet/configurer/fact_handler.rb +68 -0
- data/lib/puppet/configurer/plugin_handler.rb +26 -0
- data/lib/puppet/daemon.rb +78 -28
- data/lib/puppet/defaults.rb +239 -166
- data/lib/puppet/dsl.rb +7 -7
- data/lib/puppet/external/dot.rb +271 -271
- data/lib/puppet/external/event-loop/better-definers.rb +298 -298
- data/lib/puppet/external/event-loop/event-loop.rb +274 -274
- data/lib/puppet/external/event-loop/signal-system.rb +163 -163
- data/lib/puppet/external/lock.rb +1 -1
- data/lib/puppet/external/nagios.rb +20 -20
- data/lib/puppet/external/nagios/base.rb +3 -3
- data/lib/puppet/external/nagios/grammar.ry +185 -0
- data/lib/puppet/external/nagios/makefile +9 -0
- data/lib/puppet/external/nagios/parser.rb +1 -1
- data/lib/puppet/feature/json.rb +2 -0
- data/lib/puppet/feature/rack.rb +24 -0
- data/lib/puppet/feature/rails.rb +23 -33
- data/lib/puppet/feature/rubygems.rb +6 -0
- data/lib/puppet/feature/stomp.rb +6 -0
- data/lib/puppet/file_serving/{file_base.rb → base.rb} +10 -9
- data/lib/puppet/file_serving/configuration.rb +61 -61
- data/lib/puppet/file_serving/configuration/parser.rb +24 -29
- data/lib/puppet/file_serving/content.rb +26 -11
- data/lib/puppet/file_serving/fileset.rb +54 -19
- data/lib/puppet/file_serving/indirection_hooks.rb +12 -24
- data/lib/puppet/file_serving/metadata.rb +8 -8
- data/lib/puppet/file_serving/mount.rb +9 -151
- data/lib/puppet/file_serving/mount/file.rb +126 -0
- data/lib/puppet/file_serving/mount/modules.rb +25 -0
- data/lib/puppet/file_serving/mount/plugins.rb +27 -0
- data/lib/puppet/file_serving/terminus_helper.rb +9 -4
- data/lib/puppet/indirector.rb +6 -4
- data/lib/puppet/indirector/active_record.rb +28 -0
- data/lib/puppet/indirector/catalog/active_record.rb +36 -0
- data/lib/puppet/indirector/catalog/compiler.rb +50 -24
- data/lib/puppet/indirector/catalog/queue.rb +5 -0
- data/lib/puppet/indirector/catalog/rest.rb +6 -0
- data/lib/puppet/indirector/catalog/yaml.rb +2 -4
- data/lib/puppet/indirector/certificate/ca.rb +9 -0
- data/lib/puppet/indirector/certificate/file.rb +9 -0
- data/lib/puppet/indirector/certificate/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_request/ca.rb +14 -0
- data/lib/puppet/indirector/certificate_request/file.rb +8 -0
- data/lib/puppet/indirector/certificate_request/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +9 -0
- data/lib/puppet/indirector/direct_file_server.rb +4 -8
- data/lib/puppet/indirector/exec.rb +2 -6
- data/lib/puppet/indirector/facts/active_record.rb +36 -0
- data/lib/puppet/indirector/facts/facter.rb +30 -22
- data/lib/puppet/indirector/facts/rest.rb +6 -0
- data/lib/puppet/indirector/file.rb +1 -0
- data/lib/puppet/indirector/file_content/rest.rb +0 -1
- data/lib/puppet/indirector/file_metadata/file.rb +2 -2
- data/lib/puppet/indirector/file_metadata/rest.rb +0 -1
- data/lib/puppet/indirector/file_server.rb +31 -18
- data/lib/puppet/indirector/indirection.rb +46 -33
- data/lib/puppet/indirector/key/ca.rb +12 -0
- data/lib/puppet/indirector/key/file.rb +42 -0
- data/lib/puppet/indirector/node/active_record.rb +13 -0
- data/lib/puppet/indirector/node/ldap.rb +1 -1
- data/lib/puppet/indirector/queue.rb +83 -0
- data/lib/puppet/indirector/report/processor.rb +1 -1
- data/lib/puppet/indirector/report/rest.rb +7 -0
- data/lib/puppet/indirector/request.rb +158 -15
- data/lib/puppet/indirector/rest.rb +74 -36
- data/lib/puppet/indirector/runner/rest.rb +7 -0
- data/lib/puppet/indirector/ssl_file.rb +174 -0
- data/lib/puppet/indirector/terminus.rb +4 -4
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/metatype/manager.rb +3 -3
- data/lib/puppet/module.rb +99 -124
- data/lib/puppet/network/authconfig.rb +57 -42
- data/lib/puppet/network/authstore.rb +58 -10
- data/lib/puppet/network/client.rb +0 -2
- data/lib/puppet/network/client/ca.rb +1 -1
- data/lib/puppet/network/client/dipper.rb +7 -2
- data/lib/puppet/network/format.rb +123 -0
- data/lib/puppet/network/format_handler.rb +156 -0
- data/lib/puppet/network/formats.rb +123 -0
- data/lib/puppet/network/handler/filebucket.rb +1 -1
- data/lib/puppet/network/handler/fileserver.rb +43 -35
- data/lib/puppet/network/handler/master.rb +4 -4
- data/lib/puppet/network/handler/report.rb +1 -1
- data/lib/puppet/network/handler/resource.rb +16 -20
- data/lib/puppet/network/handler/runner.rb +9 -42
- data/lib/puppet/network/http.rb +4 -4
- data/lib/puppet/network/http/api.rb +4 -0
- data/lib/puppet/network/http/api/v1.rb +65 -0
- data/lib/puppet/network/http/handler.rb +163 -56
- data/lib/puppet/network/http/mongrel.rb +19 -15
- data/lib/puppet/network/http/mongrel/rest.rb +35 -17
- data/lib/puppet/network/http/rack.rb +62 -0
- data/lib/puppet/network/http/rack/httphandler.rb +34 -0
- data/lib/puppet/network/http/rack/rest.rb +79 -0
- data/lib/puppet/network/http/rack/xmlrpc.rb +65 -0
- data/lib/puppet/network/http/webrick.rb +89 -16
- data/lib/puppet/network/http/webrick/rest.rb +24 -11
- data/lib/puppet/network/http_pool.rb +28 -29
- data/lib/puppet/network/http_server/mongrel.rb +8 -10
- data/lib/puppet/network/http_server/webrick.rb +1 -3
- data/lib/puppet/network/rest_authconfig.rb +89 -0
- data/lib/puppet/network/rest_authorization.rb +25 -0
- data/lib/puppet/network/rights.rb +230 -27
- data/lib/puppet/network/server.rb +133 -31
- data/lib/puppet/network/xmlrpc/client.rb +5 -5
- data/lib/puppet/network/xmlrpc/webrick_servlet.rb +6 -6
- data/lib/puppet/node.rb +28 -21
- data/lib/puppet/node/environment.rb +48 -0
- data/lib/puppet/node/facts.rb +21 -0
- data/lib/puppet/parameter.rb +291 -219
- data/lib/puppet/parser/ast.rb +1 -0
- data/lib/puppet/parser/ast/astarray.rb +5 -1
- data/lib/puppet/parser/ast/boolean_operator.rb +3 -3
- data/lib/puppet/parser/ast/caseopt.rb +10 -0
- data/lib/puppet/parser/ast/casestatement.rb +12 -27
- data/lib/puppet/parser/ast/collection.rb +31 -0
- data/lib/puppet/parser/ast/collexpr.rb +18 -11
- data/lib/puppet/parser/ast/comparison_operator.rb +1 -1
- data/lib/puppet/parser/ast/definition.rb +6 -2
- data/lib/puppet/parser/ast/function.rb +7 -2
- data/lib/puppet/parser/ast/ifstatement.rb +11 -6
- data/lib/puppet/parser/ast/leaf.rb +106 -3
- data/lib/puppet/parser/ast/match_operator.rb +31 -0
- data/lib/puppet/parser/ast/node.rb +10 -6
- data/lib/puppet/parser/ast/resource_defaults.rb +2 -2
- data/lib/puppet/parser/ast/resource_override.rb +1 -1
- data/lib/puppet/parser/ast/resource_reference.rb +11 -3
- data/lib/puppet/parser/ast/selector.rb +14 -32
- data/lib/puppet/parser/ast/vardef.rb +1 -1
- data/lib/puppet/parser/collector.rb +67 -15
- data/lib/puppet/parser/compiler.rb +21 -53
- data/lib/puppet/parser/files.rb +92 -0
- data/lib/puppet/parser/functions.rb +3 -3
- data/lib/puppet/parser/functions/defined.rb +3 -3
- data/lib/puppet/parser/functions/fqdn_rand.rb +3 -3
- data/lib/puppet/parser/functions/inline_template.rb +4 -4
- data/lib/puppet/parser/functions/regsubst.rb +37 -35
- data/lib/puppet/parser/functions/require.rb +34 -0
- data/lib/puppet/parser/functions/shellquote.rb +41 -0
- data/lib/puppet/parser/functions/split.rb +29 -0
- data/lib/puppet/parser/functions/sprintf.rb +6 -6
- data/lib/puppet/parser/functions/template.rb +4 -4
- data/lib/puppet/parser/functions/versioncmp.rb +22 -1
- data/lib/puppet/parser/grammar.ra +812 -0
- data/lib/puppet/parser/interpreter.rb +4 -4
- data/lib/puppet/parser/lexer.rb +44 -15
- data/lib/puppet/parser/loaded_code.rb +115 -0
- data/lib/puppet/parser/makefile +8 -0
- data/lib/puppet/parser/parser.rb +1080 -928
- data/lib/puppet/parser/parser_support.rb +118 -96
- data/lib/puppet/parser/resource.rb +56 -126
- data/lib/puppet/parser/resource/param.rb +2 -76
- data/lib/puppet/parser/resource/reference.rb +15 -8
- data/lib/puppet/parser/scope.rb +68 -35
- data/lib/puppet/parser/templatewrapper.rb +8 -8
- data/lib/puppet/parser/yaml_trimmer.rb +11 -0
- data/lib/puppet/property.rb +69 -124
- data/lib/puppet/property/list.rb +3 -3
- data/lib/puppet/provider.rb +5 -5
- data/lib/puppet/provider/augeas/augeas.rb +119 -118
- data/lib/puppet/provider/computer/computer.rb +3 -3
- data/lib/puppet/provider/confine/variable.rb +1 -1
- data/lib/puppet/provider/cron/crontab.rb +8 -7
- data/lib/puppet/provider/group/directoryservice.rb +2 -2
- data/lib/puppet/provider/group/groupadd.rb +1 -1
- data/lib/puppet/provider/group/ldap.rb +3 -3
- data/lib/puppet/provider/group/pw.rb +1 -1
- data/lib/puppet/provider/host/parsed.rb +3 -3
- data/lib/puppet/provider/ldap.rb +1 -3
- data/lib/puppet/provider/macauthorization/macauthorization.rb +62 -55
- data/lib/puppet/provider/mailalias/aliases.rb +9 -1
- data/lib/puppet/provider/maillist/mailman.rb +8 -4
- data/lib/puppet/provider/mcx/mcxcontent.rb +11 -11
- data/lib/puppet/provider/mount/parsed.rb +2 -2
- data/lib/puppet/provider/nameservice.rb +6 -6
- data/lib/puppet/provider/nameservice/directoryservice.rb +83 -87
- data/lib/puppet/provider/package/appdmg.rb +10 -9
- data/lib/puppet/provider/package/apple.rb +1 -3
- data/lib/puppet/provider/package/apt.rb +5 -5
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/aptrpm.rb +1 -1
- data/lib/puppet/provider/package/darwinport.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +2 -2
- data/lib/puppet/provider/package/fink.rb +6 -6
- data/lib/puppet/provider/package/freebsd.rb +1 -1
- data/lib/puppet/provider/package/gem.rb +2 -2
- data/lib/puppet/provider/package/hpux.rb +5 -5
- data/lib/puppet/provider/package/pkgdmg.rb +30 -22
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +5 -5
- data/lib/puppet/provider/package/rug.rb +1 -1
- data/lib/puppet/provider/package/sun.rb +7 -7
- data/lib/puppet/provider/package/up2date.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/package/yumhelper.py +2 -2
- data/lib/puppet/provider/port/parsed.rb +1 -1
- data/lib/puppet/provider/selmodule/semodule.rb +3 -3
- data/lib/puppet/provider/service/base.rb +21 -12
- data/lib/puppet/provider/service/daemontools.rb +86 -49
- data/lib/puppet/provider/service/debian.rb +20 -12
- data/lib/puppet/provider/service/freebsd.rb +5 -5
- data/lib/puppet/provider/service/gentoo.rb +2 -2
- data/lib/puppet/provider/service/init.rb +21 -33
- data/lib/puppet/provider/service/launchd.rb +120 -48
- data/lib/puppet/provider/service/redhat.rb +12 -21
- data/lib/puppet/provider/service/runit.rb +19 -9
- data/lib/puppet/provider/service/smf.rb +49 -34
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +34 -0
- data/lib/puppet/provider/sshkey/parsed.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +12 -29
- data/lib/puppet/provider/user/hpux.rb +3 -3
- data/lib/puppet/provider/user/ldap.rb +2 -2
- data/lib/puppet/provider/zfs/solaris.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +4 -4
- data/lib/puppet/provider/zpool/solaris.rb +3 -3
- data/lib/puppet/rails.rb +9 -9
- data/lib/puppet/rails/benchmark.rb +69 -0
- data/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +5 -5
- data/lib/puppet/rails/database/002_remove_duplicated_index_on_all_tables.rb +2 -2
- data/lib/puppet/rails/database/003_add_environment_to_host.rb +1 -1
- data/lib/puppet/rails/database/schema.rb +8 -8
- data/lib/puppet/rails/fact_value.rb +1 -1
- data/lib/puppet/rails/host.rb +211 -93
- data/lib/puppet/rails/param_name.rb +5 -1
- data/lib/puppet/rails/param_value.rb +29 -2
- data/lib/puppet/rails/puppet_tag.rb +5 -0
- data/lib/puppet/rails/resource.rb +120 -20
- data/lib/puppet/rails/resource_tag.rb +1 -1
- data/lib/puppet/rails/source_file.rb +1 -1
- data/lib/puppet/reference/configuration.rb +14 -14
- data/lib/puppet/reference/function.rb +1 -1
- data/lib/puppet/reference/metaparameter.rb +48 -0
- data/lib/puppet/reference/providers.rb +6 -6
- data/lib/puppet/reference/type.rb +1 -37
- data/lib/puppet/relationship.rb +57 -30
- data/lib/puppet/reports/rrdgraph.rb +4 -4
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +15 -15
- data/lib/puppet/resource.rb +265 -0
- data/lib/puppet/{node → resource}/catalog.rb +188 -112
- data/lib/puppet/{resource_reference.rb → resource/reference.rb} +46 -24
- data/lib/puppet/simple_graph.rb +165 -27
- data/lib/puppet/ssl.rb +7 -0
- data/lib/puppet/ssl/base.rb +62 -0
- data/lib/puppet/ssl/certificate.rb +34 -0
- data/lib/puppet/ssl/certificate_authority.rb +298 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +118 -0
- data/lib/puppet/ssl/certificate_factory.rb +145 -0
- data/lib/puppet/ssl/certificate_request.rb +51 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +86 -0
- data/lib/puppet/ssl/host.rb +271 -0
- data/lib/puppet/ssl/inventory.rb +52 -0
- data/lib/puppet/ssl/key.rb +56 -0
- data/lib/puppet/sslcertificates.rb +6 -6
- data/lib/puppet/sslcertificates/ca.rb +15 -15
- data/lib/puppet/sslcertificates/certificate.rb +4 -4
- data/lib/puppet/sslcertificates/inventory.rb +3 -3
- data/lib/puppet/transaction.rb +113 -139
- data/lib/puppet/transaction/change.rb +6 -6
- data/lib/puppet/transaction/event.rb +1 -1
- data/lib/puppet/transaction/report.rb +7 -1
- data/lib/puppet/transportable.rb +28 -28
- data/lib/puppet/type.rb +263 -688
- data/lib/puppet/type/augeas.rb +3 -2
- data/lib/puppet/type/component.rb +28 -95
- data/lib/puppet/type/computer.rb +10 -10
- data/lib/puppet/type/cron.rb +19 -14
- data/lib/puppet/type/exec.rb +21 -20
- data/lib/puppet/type/file.rb +306 -633
- data/lib/puppet/type/file/checksum.rb +10 -11
- data/lib/puppet/type/file/content.rb +83 -22
- data/lib/puppet/type/file/ensure.rb +15 -9
- data/lib/puppet/type/file/group.rb +7 -1
- data/lib/puppet/type/file/mode.rb +1 -1
- data/lib/puppet/type/file/owner.rb +9 -3
- data/lib/puppet/type/file/selcontext.rb +4 -4
- data/lib/puppet/type/file/source.rb +78 -179
- data/lib/puppet/type/file/target.rb +3 -3
- data/lib/puppet/type/file/type.rb +2 -2
- data/lib/puppet/type/filebucket.rb +33 -54
- data/lib/puppet/type/group.rb +8 -8
- data/lib/puppet/type/host.rb +7 -7
- data/lib/puppet/type/k5login.rb +2 -2
- data/lib/puppet/type/macauthorization.rb +77 -52
- data/lib/puppet/type/mailalias.rb +2 -2
- data/lib/puppet/type/maillist.rb +2 -2
- data/lib/puppet/type/mcx.rb +3 -3
- data/lib/puppet/type/mount.rb +16 -11
- data/lib/puppet/type/notify.rb +4 -4
- data/lib/puppet/type/package.rb +6 -28
- data/lib/puppet/type/port.rb +1 -1
- data/lib/puppet/type/resources.rb +19 -19
- data/lib/puppet/type/schedule.rb +18 -20
- data/lib/puppet/type/selmodule.rb +1 -1
- data/lib/puppet/type/service.rb +11 -7
- data/lib/puppet/type/ssh_authorized_key.rb +26 -9
- data/lib/puppet/type/sshkey.rb +2 -2
- data/lib/puppet/type/tidy.rb +285 -289
- data/lib/puppet/type/user.rb +9 -7
- data/lib/puppet/type/yumrepo.rb +17 -16
- data/lib/puppet/type/zone.rb +8 -7
- data/lib/puppet/util.rb +11 -36
- data/lib/puppet/util/autoload.rb +31 -19
- data/lib/puppet/util/autoload/file_cache.rb +115 -0
- data/lib/puppet/util/backups.rb +86 -0
- data/lib/puppet/util/cacher.rb +135 -0
- data/lib/puppet/util/checksums.rb +11 -1
- data/lib/puppet/util/classgen.rb +1 -1
- data/lib/puppet/util/config_store.rb +2 -2
- data/lib/puppet/util/constant_inflector.rb +1 -1
- data/lib/puppet/util/diff.rb +2 -2
- data/lib/puppet/util/docs.rb +9 -3
- data/lib/puppet/util/execution.rb +1 -1
- data/lib/puppet/util/feature.rb +27 -20
- data/lib/puppet/util/fileparsing.rb +3 -3
- data/lib/puppet/util/filetype.rb +8 -6
- data/lib/puppet/util/graph.rb +5 -5
- data/lib/puppet/util/inifile.rb +5 -5
- data/lib/puppet/util/json.rb +13 -0
- data/lib/puppet/util/ldap/connection.rb +2 -2
- data/lib/puppet/util/log.rb +48 -31
- data/lib/puppet/util/metric.rb +4 -4
- data/lib/puppet/util/monkey_patches.rb +43 -0
- data/lib/puppet/util/nagios_maker.rb +1 -1
- data/lib/puppet/util/package.rb +4 -4
- data/lib/puppet/util/pidlock.rb +59 -59
- data/lib/puppet/util/posix.rb +13 -52
- data/lib/puppet/util/provider_features.rb +3 -3
- data/lib/puppet/util/queue.rb +96 -0
- data/lib/puppet/util/queue/stomp.rb +47 -0
- data/lib/puppet/util/rails/cache_accumulator.rb +65 -0
- data/lib/puppet/util/rails/collection_merger.rb +0 -39
- data/lib/puppet/util/rails/reference_serializer.rb +17 -3
- data/lib/puppet/util/rdoc.rb +1 -0
- data/lib/puppet/util/rdoc/code_objects.rb +5 -1
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +5 -5
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +13 -13
- data/lib/puppet/util/rdoc/parser.rb +28 -32
- data/lib/puppet/util/reference.rb +29 -8
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +12 -6
- data/lib/puppet/util/settings.rb +203 -578
- data/lib/puppet/util/settings/boolean_setting.rb +33 -0
- data/lib/puppet/util/settings/file_setting.rb +119 -0
- data/lib/puppet/util/settings/setting.rb +110 -0
- data/lib/puppet/util/subclass_loader.rb +1 -1
- data/lib/puppet/util/suidmanager.rb +2 -2
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/util/warnings.rb +17 -9
- data/man/man8/filebucket.8 +2 -2
- data/man/man8/pi.8 +2 -2
- data/man/man8/puppet.8 +3 -4
- data/man/man8/puppet.conf.8 +63 -63
- data/man/man8/puppetca.8 +2 -2
- data/man/man8/puppetd.8 +2 -2
- data/man/man8/puppetdoc.8 +2 -2
- data/man/man8/puppetmasterd.8 +2 -2
- data/man/man8/puppetrun.8 +2 -2
- data/man/man8/ralsh.8 +3 -3
- data/sbin/puppetca +102 -0
- data/sbin/puppetd +159 -0
- data/sbin/puppetmasterd +66 -0
- data/sbin/puppetqd +53 -0
- data/sbin/puppetrun +130 -0
- data/spec/Rakefile +2 -2
- data/spec/integration/application/puppet.rb +33 -0
- data/spec/integration/bin/puppetmasterd.rb +110 -0
- data/spec/integration/configurer.rb +18 -0
- data/spec/integration/defaults.rb +158 -7
- data/spec/integration/file_serving/content.rb +2 -0
- data/spec/integration/file_serving/fileset.rb +14 -0
- data/spec/integration/file_serving/metadata.rb +2 -0
- data/spec/integration/file_serving/terminus_helper.rb +22 -0
- data/spec/integration/indirector/catalog/compiler.rb +67 -0
- data/spec/integration/indirector/catalog/queue.rb +61 -0
- data/spec/integration/indirector/certificate/rest.rb +69 -0
- data/spec/integration/indirector/certificate_request/rest.rb +89 -0
- data/spec/integration/indirector/certificate_revocation_list/rest.rb +77 -0
- data/spec/integration/indirector/direct_file_server.rb +16 -23
- data/spec/integration/indirector/file_content/file_server.rb +75 -0
- data/spec/integration/indirector/report/rest.rb +95 -0
- data/spec/integration/indirector/rest.rb +207 -147
- data/spec/integration/network/client.rb +19 -0
- data/spec/integration/network/formats.rb +110 -0
- data/spec/integration/network/handler.rb +25 -0
- data/spec/integration/network/server/mongrel.rb +26 -8
- data/spec/integration/network/server/webrick.rb +49 -11
- data/spec/integration/node/environment.rb +58 -0
- data/spec/integration/node/facts.rb +4 -2
- data/spec/integration/parser/compiler.rb +29 -0
- data/spec/integration/parser/functions/require.rb +67 -0
- data/spec/integration/provider/mailalias/aliases.rb +25 -0
- data/spec/integration/{node → resource}/catalog.rb +17 -10
- data/spec/integration/ssl/certificate_authority.rb +135 -0
- data/spec/integration/ssl/certificate_request.rb +59 -0
- data/spec/integration/ssl/certificate_revocation_list.rb +42 -0
- data/spec/integration/ssl/host.rb +90 -0
- data/spec/integration/transaction.rb +66 -0
- data/spec/integration/transaction/report.rb +2 -5
- data/spec/integration/type.rb +22 -0
- data/spec/integration/type/file.rb +458 -0
- data/spec/integration/type/package.rb +1 -1
- data/spec/integration/type/tidy.rb +27 -0
- data/spec/integration/util/autoload.rb +114 -0
- data/spec/integration/util/feature.rb +54 -0
- data/spec/integration/util/file_locking.rb +2 -1
- data/spec/integration/util/settings.rb +27 -0
- data/spec/lib/puppet_spec/files.rb +9 -0
- data/spec/monkey_patches/add_confine_and_runnable_to_rspec_dsl.rb +1 -0
- data/spec/monkey_patches/alias_should_to_must.rb +1 -0
- data/spec/shared_behaviours/file_server_terminus.rb +14 -11
- data/spec/shared_behaviours/file_serving.rb +13 -17
- data/spec/spec_helper.rb +22 -5
- data/spec/unit/agent.rb +259 -0
- data/spec/unit/agent/locker.rb +100 -0
- data/spec/unit/agent/runner.rb +118 -0
- data/spec/unit/application.rb +420 -0
- data/spec/unit/application/filebucket.rb +220 -0
- data/spec/unit/application/pi.rb +84 -0
- data/spec/unit/application/puppet.rb +404 -0
- data/spec/unit/application/puppetca.rb +142 -0
- data/spec/unit/application/puppetd.rb +502 -0
- data/spec/unit/application/puppetdoc.rb +345 -0
- data/spec/unit/application/puppetmasterd.rb +456 -0
- data/spec/unit/application/puppetqd.rb +186 -0
- data/spec/unit/application/puppetrun.rb +279 -0
- data/spec/unit/application/ralsh.rb +237 -0
- data/spec/unit/configurer.rb +232 -0
- data/spec/unit/configurer/downloader.rb +188 -0
- data/spec/unit/configurer/fact_handler.rb +150 -0
- data/spec/unit/configurer/plugin_handler.rb +112 -0
- data/spec/unit/daemon.rb +287 -0
- data/spec/unit/file_serving/{file_base.rb → base.rb} +39 -31
- data/spec/unit/file_serving/configuration.rb +104 -93
- data/spec/unit/file_serving/configuration/parser.rb +64 -18
- data/spec/unit/file_serving/content.rb +65 -26
- data/spec/unit/file_serving/fileset.rb +116 -14
- data/spec/unit/file_serving/indirection_hooks.rb +34 -95
- data/spec/unit/file_serving/metadata.rb +27 -40
- data/spec/unit/file_serving/mount.rb +7 -118
- data/spec/unit/file_serving/mount/file.rb +188 -0
- data/spec/unit/file_serving/mount/modules.rb +63 -0
- data/spec/unit/file_serving/mount/plugins.rb +61 -0
- data/spec/unit/file_serving/terminus_helper.rb +39 -27
- data/spec/unit/indirector.rb +6 -1
- data/spec/unit/indirector/active_record.rb +76 -0
- data/spec/unit/indirector/catalog/active_record.rb +122 -0
- data/spec/unit/indirector/catalog/compiler.rb +222 -118
- data/spec/unit/indirector/catalog/queue.rb +20 -0
- data/spec/unit/indirector/catalog/rest.rb +11 -0
- data/spec/unit/indirector/catalog/yaml.rb +6 -6
- data/spec/unit/indirector/certificate/ca.rb +28 -0
- data/spec/unit/indirector/certificate/file.rb +28 -0
- data/spec/unit/indirector/certificate/rest.rb +23 -0
- data/spec/unit/indirector/certificate_request/ca.rb +19 -0
- data/spec/unit/indirector/certificate_request/file.rb +19 -0
- data/spec/unit/indirector/certificate_request/rest.rb +23 -0
- data/spec/unit/indirector/certificate_revocation_list/ca.rb +21 -0
- data/spec/unit/indirector/certificate_revocation_list/file.rb +20 -0
- data/spec/unit/indirector/certificate_revocation_list/rest.rb +23 -0
- data/spec/unit/indirector/direct_file_server.rb +3 -8
- data/spec/unit/indirector/exec.rb +6 -1
- data/spec/unit/indirector/facts/active_record.rb +104 -0
- data/spec/unit/indirector/facts/facter.rb +53 -12
- data/spec/unit/indirector/facts/rest.rb +11 -0
- data/spec/unit/indirector/file.rb +8 -1
- data/spec/unit/indirector/file_metadata/file.rb +5 -5
- data/spec/unit/indirector/file_server.rb +181 -98
- data/spec/unit/indirector/indirection.rb +102 -38
- data/spec/unit/indirector/key/ca.rb +28 -0
- data/spec/unit/indirector/key/file.rb +104 -0
- data/spec/unit/indirector/node/active_record.rb +34 -0
- data/spec/unit/indirector/node/ldap.rb +1 -1
- data/spec/unit/indirector/node/rest.rb +2 -2
- data/spec/unit/indirector/queue.rb +123 -0
- data/spec/unit/indirector/report/rest.rb +28 -0
- data/spec/unit/indirector/request.rb +221 -0
- data/spec/unit/indirector/rest.rb +343 -334
- data/spec/unit/indirector/runner/rest.rb +11 -0
- data/spec/unit/indirector/ssl_file.rb +280 -0
- data/spec/unit/module.rb +180 -180
- data/spec/unit/network/authconfig.rb +292 -0
- data/spec/unit/network/authstore.rb +94 -0
- data/spec/unit/network/client.rb +2 -2
- data/spec/unit/network/client/dipper.rb +16 -0
- data/spec/unit/network/format.rb +191 -0
- data/spec/unit/network/format_handler.rb +306 -0
- data/spec/unit/network/formats.rb +249 -0
- data/spec/unit/network/handler/fileserver.rb +2 -5
- data/spec/unit/network/http.rb +3 -3
- data/spec/unit/network/http/api/v1.rb +122 -0
- data/spec/unit/network/http/handler.rb +448 -0
- data/spec/unit/network/http/mongrel.rb +46 -32
- data/spec/unit/network/http/mongrel/rest.rb +174 -319
- data/spec/unit/network/http/rack.rb +102 -0
- data/spec/unit/network/http/rack/rest.rb +199 -0
- data/spec/unit/network/http/rack/xmlrpc.rb +157 -0
- data/spec/unit/network/http/webrick.rb +249 -37
- data/spec/unit/network/http/webrick/rest.rb +113 -279
- data/spec/unit/network/http_pool.rb +86 -110
- data/spec/unit/network/rest_authconfig.rb +146 -0
- data/spec/unit/network/rest_authorization.rb +43 -0
- data/spec/unit/network/rights.rb +519 -0
- data/spec/unit/network/server.rb +475 -257
- data/spec/unit/node.rb +43 -10
- data/spec/unit/node/environment.rb +143 -9
- data/spec/unit/node/facts.rb +77 -24
- data/spec/unit/other/selinux.rb +85 -0
- data/spec/unit/other/transbucket.rb +29 -13
- data/spec/unit/other/transobject.rb +35 -15
- data/spec/unit/parameter.rb +378 -5
- data/spec/unit/parser/ast.rb +1 -1
- data/spec/unit/parser/ast/arithmetic_operator.rb +17 -17
- data/spec/unit/parser/ast/astarray.rb +16 -10
- data/spec/unit/parser/ast/boolean_operator.rb +2 -2
- data/spec/unit/parser/ast/casestatement.rb +143 -0
- data/spec/unit/parser/ast/collection.rb +63 -0
- data/spec/unit/parser/ast/collexpr.rb +31 -8
- data/spec/unit/parser/ast/comparison_operator.rb +9 -9
- data/spec/unit/parser/ast/definition.rb +18 -0
- data/spec/unit/parser/ast/function.rb +6 -0
- data/spec/unit/parser/ast/ifstatement.rb +75 -0
- data/spec/unit/parser/ast/leaf.rb +261 -0
- data/spec/unit/parser/ast/match_operator.rb +50 -0
- data/spec/unit/parser/ast/minus.rb +1 -1
- data/spec/unit/parser/ast/node.rb +20 -0
- data/spec/unit/parser/ast/not.rb +1 -1
- data/spec/unit/parser/ast/resource_override.rb +5 -5
- data/spec/unit/parser/ast/resource_reference.rb +11 -5
- data/spec/unit/parser/ast/selector.rb +156 -0
- data/spec/unit/parser/ast/vardef.rb +11 -11
- data/spec/unit/parser/collector.rb +167 -48
- data/spec/unit/parser/compiler.rb +128 -104
- data/spec/unit/parser/files.rb +190 -0
- data/spec/unit/parser/functions/inline_template.rb +0 -0
- data/spec/unit/parser/functions/regsubst.rb +42 -42
- data/spec/unit/parser/functions/require.rb +36 -0
- data/spec/unit/parser/functions/shellquote.rb +92 -0
- data/spec/unit/parser/functions/split.rb +51 -0
- data/spec/unit/parser/functions/sprintf.rb +11 -11
- data/spec/unit/parser/functions/template.rb +0 -0
- data/spec/unit/parser/functions/versioncmp.rb +2 -2
- data/spec/unit/parser/interpreter.rb +16 -7
- data/spec/unit/parser/lexer.rb +72 -12
- data/spec/unit/parser/loaded_code.rb +198 -0
- data/spec/unit/parser/parser.rb +215 -28
- data/spec/unit/parser/resource.rb +131 -22
- data/spec/unit/parser/scope.rb +207 -12
- data/spec/unit/parser/templatewrapper.rb +8 -3
- data/spec/unit/property.rb +270 -16
- data/spec/unit/property/list.rb +12 -6
- data/spec/unit/provider.rb +31 -0
- data/spec/unit/provider/augeas/augeas.rb +61 -33
- data/spec/unit/provider/macauthorization.rb +29 -29
- data/spec/unit/provider/mcx/mcxcontent.rb +4 -4
- data/spec/unit/provider/mount/parsed.rb +5 -8
- data/spec/unit/provider/naginator.rb +0 -0
- data/spec/unit/provider/package/apt.rb +6 -6
- data/spec/unit/provider/package/pkgdmg.rb +73 -0
- data/spec/unit/provider/selboolean.rb +1 -1
- data/spec/unit/provider/selmodule.rb +2 -2
- data/spec/unit/provider/service/daemontools.rb +40 -15
- data/spec/unit/provider/service/debian.rb +89 -0
- data/spec/unit/provider/service/init.rb +106 -0
- data/spec/unit/provider/service/launchd.rb +71 -13
- data/spec/unit/provider/service/redhat.rb +94 -0
- data/spec/unit/provider/service/runit.rb +14 -2
- data/spec/unit/provider/ssh_authorized_key/parsed.rb +66 -2
- data/spec/unit/provider/user/ldap.rb +1 -1
- data/spec/unit/provider/user/user_role_add.rb +1 -1
- data/spec/unit/provider/zfs/solaris.rb +18 -6
- data/spec/unit/provider/zone/solaris.rb +1 -1
- data/spec/unit/rails.rb +16 -22
- data/spec/unit/rails/host.rb +163 -0
- data/spec/unit/rails/param_value.rb +49 -0
- data/spec/unit/rails/resource.rb +87 -0
- data/spec/unit/relationship.rb +141 -29
- data/spec/unit/resource.rb +504 -0
- data/spec/unit/resource/catalog.rb +1061 -0
- data/spec/unit/resource/reference.rb +111 -0
- data/spec/unit/simple_graph.rb +448 -191
- data/spec/unit/ssl/certificate.rb +124 -0
- data/spec/unit/ssl/certificate_authority.rb +741 -0
- data/spec/unit/ssl/certificate_authority/interface.rb +269 -0
- data/spec/unit/ssl/certificate_factory.rb +107 -0
- data/spec/unit/ssl/certificate_request.rb +193 -0
- data/spec/unit/ssl/certificate_revocation_list.rb +180 -0
- data/spec/unit/ssl/host.rb +704 -0
- data/spec/unit/ssl/inventory.rb +180 -0
- data/spec/unit/ssl/key.rb +198 -0
- data/spec/unit/transaction.rb +65 -2
- data/spec/unit/transaction/change.rb +1 -1
- data/spec/unit/transaction/report.rb +1 -1
- data/spec/unit/type.rb +361 -8
- data/spec/unit/type/augeas.rb +30 -37
- data/spec/unit/type/component.rb +63 -0
- data/spec/unit/type/computer.rb +17 -21
- data/spec/unit/type/exec.rb +27 -2
- data/spec/unit/type/file.rb +704 -83
- data/spec/unit/type/file/content.rb +253 -15
- data/spec/unit/type/file/ensure.rb +65 -2
- data/spec/unit/type/file/group.rb +5 -0
- data/spec/unit/type/file/owner.rb +5 -0
- data/spec/unit/type/file/selinux.rb +12 -16
- data/spec/unit/type/file/source.rb +264 -0
- data/spec/unit/type/filebucket.rb +74 -0
- data/spec/unit/type/group.rb +1 -5
- data/spec/unit/type/macauthorization.rb +59 -26
- data/spec/unit/type/mcx.rb +8 -16
- data/spec/unit/type/mount.rb +8 -16
- data/spec/unit/type/noop_metaparam.rb +0 -2
- data/spec/unit/type/package.rb +13 -23
- data/spec/unit/type/resources.rb +4 -7
- data/spec/unit/type/schedule.rb +1 -7
- data/spec/unit/type/selboolean.rb +4 -6
- data/spec/unit/type/service.rb +23 -33
- data/spec/unit/type/ssh_authorized_key.rb +25 -14
- data/spec/unit/type/tidy.rb +329 -21
- data/spec/unit/type/user.rb +18 -10
- data/spec/unit/type/zfs.rb +6 -6
- data/spec/unit/util/autoload.rb +94 -3
- data/spec/unit/util/autoload/file_cache.rb +183 -0
- data/spec/unit/util/backups.rb +159 -0
- data/spec/unit/util/cache_accumulator.rb +69 -0
- data/spec/unit/util/cacher.rb +185 -0
- data/spec/unit/util/checksums.rb +9 -1
- data/spec/unit/util/feature.rb +72 -0
- data/spec/unit/util/filetype.rb +1 -11
- data/spec/unit/util/json.rb +21 -0
- data/spec/unit/util/log.rb +45 -0
- data/spec/unit/util/package.rb +2 -2
- data/spec/unit/util/queue.rb +88 -0
- data/spec/unit/util/queue/stomp.rb +140 -0
- data/spec/unit/util/reference_serializer.rb +52 -0
- data/spec/unit/util/selinux.rb +5 -3
- data/spec/unit/util/settings.rb +413 -264
- data/spec/unit/util/settings/file_setting.rb +223 -0
- data/spec/unit/util/storage.rb +11 -11
- data/spec/unit/util/warnings.rb +21 -17
- data/test/Rakefile +6 -5
- data/test/certmgr/ca.rb +5 -5
- data/test/certmgr/certmgr.rb +4 -4
- data/test/data/providers/cron/crontab.allthree +2 -2
- data/test/data/providers/cron/crontab.envNcomment +1 -1
- data/test/data/providers/cron/crontab.envNname +1 -1
- data/test/data/providers/cron/crontab.multirecords +1 -1
- data/test/data/providers/cron/crontab_collections.yaml +14 -14
- data/test/data/providers/cron/crontab_multiple_with_env.yaml +6 -6
- data/test/data/providers/cron/crontab_sample_records.yaml +102 -102
- data/test/data/providers/mailalias/aliases/test1 +28 -0
- data/test/data/providers/package/testpackages.yaml +6 -6
- data/test/data/reports/1.yaml +17 -17
- data/test/data/reports/tagmail_passers.conf +2 -2
- data/test/data/snippets/append.pp +5 -5
- data/test/data/snippets/casestatement.pp +9 -2
- data/test/data/snippets/classincludes.pp +1 -1
- data/test/data/snippets/collection_override.pp +8 -0
- data/test/data/snippets/fqparents.pp +2 -2
- data/test/data/snippets/ifexpression.pp +12 -0
- data/test/data/snippets/multilinecomments.pp +5 -1
- data/test/data/snippets/selectorvalues.pp +7 -0
- data/test/data/types/hosts/1 +1 -1
- data/test/data/types/hosts/2 +3 -3
- data/test/data/types/hosts/solaris +2 -2
- data/test/data/types/mount/freebsd.fstab +7 -7
- data/test/data/types/mount/solaris.fstab +10 -10
- data/test/data/types/port/1 +472 -472
- data/test/data/types/port/darwin +4347 -4347
- data/test/language/ast.rb +3 -2
- data/test/language/ast/casestatement.rb +12 -12
- data/test/language/ast/resource.rb +4 -4
- data/test/language/ast/resource_reference.rb +5 -5
- data/test/language/ast/selector.rb +11 -11
- data/test/language/ast/variable.rb +4 -4
- data/test/language/functions.rb +16 -16
- data/test/language/parser.rb +89 -111
- data/test/language/resource.rb +3 -88
- data/test/language/scope.rb +14 -55
- data/test/language/snippets.rb +31 -31
- data/test/lib/puppettest.rb +12 -12
- data/test/lib/puppettest/certificates.rb +2 -2
- data/test/lib/puppettest/exetest.rb +0 -1
- data/test/lib/puppettest/fakes.rb +1 -1
- data/test/lib/puppettest/parsertesting.rb +9 -4
- data/test/lib/puppettest/railstesting.rb +3 -3
- data/test/lib/puppettest/servertest.rb +1 -1
- data/test/lib/puppettest/support/assertions.rb +2 -2
- data/test/lib/puppettest/support/collection.rb +1 -1
- data/test/lib/puppettest/support/resources.rb +7 -7
- data/test/lib/puppettest/support/utils.rb +10 -16
- data/test/lib/puppettest/testcase.rb +2 -1
- data/test/network/authconfig.rb +1 -1
- data/test/network/authorization.rb +1 -1
- data/test/network/authstore.rb +57 -14
- data/test/network/client/ca.rb +1 -0
- data/test/network/client/resource.rb +12 -50
- data/test/network/client_request.rb +1 -1
- data/test/network/handler/bucket.rb +2 -2
- data/test/network/handler/fileserver.rb +17 -21
- data/test/network/handler/master.rb +5 -5
- data/test/network/handler/report.rb +3 -3
- data/test/network/handler/resource.rb +29 -75
- data/test/network/handler/runner.rb +8 -58
- data/test/network/rights.rb +1 -1
- data/test/network/server/mongrel_test.rb +15 -1
- data/test/network/server/webrick.rb +0 -36
- data/test/network/xmlrpc/webrick_servlet.rb +5 -5
- data/test/other/dsl.rb +3 -3
- data/test/other/events.rb +15 -15
- data/test/other/puppet.rb +2 -32
- data/test/other/relationships.rb +21 -148
- data/test/other/report.rb +20 -23
- data/test/other/transactions.rb +110 -298
- data/test/puppet/defaults.rb +1 -1
- data/test/puppet/tc_suidmanager.rb +1 -1
- data/test/rails/railsparameter.rb +4 -4
- data/test/ral/manager/attributes.rb +12 -68
- data/test/ral/manager/instances.rb +3 -19
- data/test/ral/manager/manager.rb +7 -7
- data/test/ral/manager/provider.rb +7 -7
- data/test/ral/manager/type.rb +54 -349
- data/test/ral/providers/cron/crontab.rb +14 -14
- data/test/ral/providers/group.rb +5 -6
- data/test/ral/providers/host/parsed.rb +3 -3
- data/test/ral/providers/mailalias/aliases.rb +4 -4
- data/test/ral/providers/package.rb +3 -3
- data/test/ral/providers/package/aptitude.rb +55 -55
- data/test/ral/providers/package/aptrpm.rb +7 -7
- data/test/ral/providers/parsedfile.rb +10 -14
- data/test/ral/providers/port/parsed.rb +6 -6
- data/test/ral/providers/provider.rb +10 -10
- data/test/ral/providers/service/base.rb +32 -32
- data/test/ral/providers/sshkey/parsed.rb +14 -14
- data/test/ral/providers/user.rb +16 -17
- data/test/ral/providers/user/useradd.rb +19 -22
- data/test/ral/type/cron.rb +21 -28
- data/test/ral/type/exec.rb +57 -60
- data/test/ral/type/file.rb +88 -862
- data/test/ral/type/file/target.rb +21 -70
- data/test/ral/type/fileignoresource.rb +37 -44
- data/test/ral/type/filesources.rb +43 -473
- data/test/ral/type/group.rb +6 -7
- data/test/ral/type/host.rb +14 -30
- data/test/ral/type/mailalias.rb +3 -3
- data/test/ral/type/port.rb +5 -5
- data/test/ral/type/resources.rb +37 -37
- data/test/ral/type/service.rb +3 -3
- data/test/ral/type/sshkey.rb +34 -39
- data/test/ral/type/user.rb +15 -14
- data/test/ral/type/yumrepo.rb +18 -17
- data/test/ral/type/zone.rb +4 -6
- data/test/test +9 -9
- data/test/util/fileparsing.rb +10 -10
- data/test/util/inifile.rb +6 -6
- data/test/util/instance_loader.rb +1 -1
- data/test/util/log.rb +2 -2
- data/test/util/metrics.rb +1 -6
- data/test/util/package.rb +1 -1
- data/test/util/pidlock.rb +116 -116
- data/test/util/settings.rb +40 -429
- data/test/util/storage.rb +5 -5
- data/test/util/subclass_loader.rb +0 -7
- data/test/util/utiltest.rb +10 -29
- metadata +1369 -941
- data/bin/puppetca +0 -363
- data/bin/puppetd +0 -439
- data/bin/puppetmasterd +0 -289
- data/bin/puppetrun +0 -369
- data/conf/redhat/lsb-config.patch +0 -51
- data/conf/redhat/no-chuser-0.15.1.patch +0 -38
- data/conf/redhat/no-lockdir.patch +0 -13
- data/examples/mac_netinfo.pp +0 -5
- data/ext/passenger/README +0 -63
- data/ext/passenger/apache2.conf +0 -29
- data/ext/passenger/config.ru +0 -40
- data/lib/puppet/config_stores/rest.rb +0 -60
- data/lib/puppet/executables/client/certhandler.rb +0 -82
- data/lib/puppet/indirector/file_content/modules.rb +0 -11
- data/lib/puppet/indirector/file_metadata/modules.rb +0 -17
- data/lib/puppet/indirector/module_files.rb +0 -82
- data/lib/puppet/indirector/ssl_rsa.rb +0 -5
- data/lib/puppet/indirector/ssl_rsa/file.rb +0 -33
- data/lib/puppet/network/client/master.rb +0 -524
- data/lib/puppet/network/http_server/rack.rb +0 -148
- data/lib/puppet/pgraph.rb +0 -121
- data/lib/puppet/provider/group/netinfo.rb +0 -15
- data/lib/puppet/provider/host/netinfo.rb +0 -19
- data/lib/puppet/provider/mount/netinfo.rb +0 -37
- data/lib/puppet/provider/nameservice/netinfo.rb +0 -224
- data/lib/puppet/provider/user/netinfo.rb +0 -111
- data/lib/puppet/util/fact_store.rb +0 -59
- data/lib/puppet/util/uri_helper.rb +0 -22
- data/spec/integration/file_serving/configuration.rb +0 -43
- data/spec/integration/indirector/module_files.rb +0 -57
- data/spec/unit/executables/client/certhandler.rb +0 -135
- data/spec/unit/indirector/file_content/modules.rb +0 -18
- data/spec/unit/indirector/file_metadata/modules.rb +0 -42
- data/spec/unit/indirector/module_files.rb +0 -259
- data/spec/unit/indirector/ssl_rsa/file.rb +0 -121
- data/spec/unit/network/client/master.rb +0 -442
- data/spec/unit/node/catalog.rb +0 -865
- data/spec/unit/other/pgraph.rb +0 -210
- data/spec/unit/resource_reference.rb +0 -73
- data/spec/unit/util/uri_helper.rb +0 -41
- data/test/data/snippets/ifexpression.rb +0 -6
- data/test/executables/filebucket.rb +0 -51
- data/test/executables/puppetbin.rb +0 -104
- data/test/executables/puppetca.rb +0 -115
- data/test/executables/puppetd.rb +0 -55
- data/test/executables/puppetmasterd.rb +0 -147
- data/test/network/client/client.rb +0 -195
- data/test/network/client/master.rb +0 -490
- data/test/network/daemon.rb +0 -70
- data/test/network/handler/handler.rb +0 -63
- data/test/other/overrides.rb +0 -107
- data/test/puppet/conffiles.rb +0 -107
- data/test/rails/ast.rb +0 -73
- data/test/rails/configuration.rb +0 -71
- data/test/rails/host.rb +0 -154
- data/test/rails/railsresource.rb +0 -251
- data/test/ral/providers/host/netinfo.rb +0 -56
- data/test/ral/providers/mount/netinfo.rb +0 -79
- data/test/ral/type/basic.rb +0 -85
- data/test/ral/type/filebucket.rb +0 -157
- data/test/ral/type/parameter.rb +0 -174
- data/test/ral/type/property.rb +0 -388
- data/test/ral/type/tidy.rb +0 -291
- data/test/util/autoload.rb +0 -145
- data/test/util/features.rb +0 -95
@@ -0,0 +1,180 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require File.dirname(__FILE__) + '/../../spec_helper'
|
4
|
+
|
5
|
+
require 'puppet/ssl/certificate_revocation_list'
|
6
|
+
|
7
|
+
describe Puppet::SSL::CertificateRevocationList do
|
8
|
+
before do
|
9
|
+
@cert = stub 'cert', :subject => "mysubject"
|
10
|
+
@key = stub 'key', :private? => true
|
11
|
+
|
12
|
+
@class = Puppet::SSL::CertificateRevocationList
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should only support the text format" do
|
16
|
+
@class.supported_formats.should == [:s]
|
17
|
+
end
|
18
|
+
|
19
|
+
describe "when converting from a string" do
|
20
|
+
it "should create a CRL instance with its name set to 'foo' and its content set to the extracted CRL" do
|
21
|
+
crl = stub 'crl'
|
22
|
+
OpenSSL::X509::CRL.expects(:new).returns(crl)
|
23
|
+
|
24
|
+
mycrl = stub 'sslcrl'
|
25
|
+
mycrl.expects(:content=).with(crl)
|
26
|
+
|
27
|
+
@class.expects(:new).with("foo").returns mycrl
|
28
|
+
|
29
|
+
@class.from_s("my crl").should == mycrl
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
describe "when an instance" do
|
34
|
+
before do
|
35
|
+
@class.any_instance.stubs(:read_or_generate)
|
36
|
+
|
37
|
+
@crl = @class.new("whatever")
|
38
|
+
end
|
39
|
+
|
40
|
+
it "should always use 'crl' for its name" do
|
41
|
+
@crl.name.should == "crl"
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should have a content attribute" do
|
45
|
+
@crl.should respond_to(:content)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
describe "when initializing" do
|
50
|
+
it "should fail if :cacrl is set to false" do
|
51
|
+
Puppet.settings.expects(:value).with(:cacrl).returns false
|
52
|
+
lambda { @class.new("crl") }.should raise_error(Puppet::Error)
|
53
|
+
end
|
54
|
+
|
55
|
+
it "should fail if :cacrl is set to the string 'false'" do
|
56
|
+
Puppet.settings.expects(:value).with(:cacrl).returns "false"
|
57
|
+
lambda { @class.new("crl") }.should raise_error(Puppet::Error)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
describe "when generating the crl" do
|
62
|
+
before do
|
63
|
+
@real_crl = mock 'crl'
|
64
|
+
@real_crl.stub_everything
|
65
|
+
|
66
|
+
OpenSSL::X509::CRL.stubs(:new).returns(@real_crl)
|
67
|
+
|
68
|
+
@class.any_instance.stubs(:read_or_generate)
|
69
|
+
|
70
|
+
@crl = @class.new("crl")
|
71
|
+
end
|
72
|
+
|
73
|
+
it "should set its issuer to the subject of the passed certificate" do
|
74
|
+
@real_crl.expects(:issuer=).with(@cert.subject)
|
75
|
+
|
76
|
+
@crl.generate(@cert, @key)
|
77
|
+
end
|
78
|
+
|
79
|
+
it "should set its version to 1" do
|
80
|
+
@real_crl.expects(:version=).with(1)
|
81
|
+
|
82
|
+
@crl.generate(@cert, @key)
|
83
|
+
end
|
84
|
+
|
85
|
+
it "should create an instance of OpenSSL::X509::CRL" do
|
86
|
+
OpenSSL::X509::CRL.expects(:new).returns(@real_crl)
|
87
|
+
|
88
|
+
@crl.generate(@cert, @key)
|
89
|
+
end
|
90
|
+
|
91
|
+
# The next three tests aren't good, but at least they
|
92
|
+
# specify the behaviour.
|
93
|
+
it "should add an extension for the CRL number" do
|
94
|
+
@real_crl.expects(:extensions=)
|
95
|
+
@crl.generate(@cert, @key)
|
96
|
+
end
|
97
|
+
|
98
|
+
it "should set the last update time" do
|
99
|
+
@real_crl.expects(:last_update=)
|
100
|
+
@crl.generate(@cert, @key)
|
101
|
+
end
|
102
|
+
|
103
|
+
it "should set the next update time" do
|
104
|
+
@real_crl.expects(:next_update=)
|
105
|
+
@crl.generate(@cert, @key)
|
106
|
+
end
|
107
|
+
|
108
|
+
it "should sign the CRL" do
|
109
|
+
@real_crl.expects(:sign).with { |key, digest| key == @key }
|
110
|
+
@crl.generate(@cert, @key)
|
111
|
+
end
|
112
|
+
|
113
|
+
it "should set the content to the generated crl" do
|
114
|
+
@crl.generate(@cert, @key)
|
115
|
+
@crl.content.should equal(@real_crl)
|
116
|
+
end
|
117
|
+
|
118
|
+
it "should return the generated crl" do
|
119
|
+
@crl.generate(@cert, @key).should equal(@real_crl)
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
# This test suite isn't exactly complete, because the
|
124
|
+
# SSL stuff is very complicated. It just hits the high points.
|
125
|
+
describe "when revoking a certificate" do
|
126
|
+
before do
|
127
|
+
@class.wrapped_class.any_instance.stubs(:issuer=)
|
128
|
+
@class.wrapped_class.any_instance.stubs(:sign)
|
129
|
+
|
130
|
+
@crl = @class.new("crl")
|
131
|
+
@crl.generate(@cert, @key)
|
132
|
+
@crl.content.stubs(:sign)
|
133
|
+
|
134
|
+
@crl.stubs :save
|
135
|
+
|
136
|
+
@key = mock 'key'
|
137
|
+
end
|
138
|
+
|
139
|
+
it "should require a serial number and the CA's private key" do
|
140
|
+
lambda { @crl.revoke }.should raise_error(ArgumentError)
|
141
|
+
end
|
142
|
+
|
143
|
+
it "should default to OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE as the revocation reason" do
|
144
|
+
# This makes it a bit more of an integration test than we'd normally like, but that's life
|
145
|
+
# with openssl.
|
146
|
+
reason = OpenSSL::ASN1::Enumerated(OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
|
147
|
+
OpenSSL::ASN1.expects(:Enumerated).with(OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE).returns reason
|
148
|
+
|
149
|
+
@crl.revoke(1, @key)
|
150
|
+
end
|
151
|
+
|
152
|
+
it "should mark the CRL as updated" do
|
153
|
+
time = Time.now
|
154
|
+
Time.stubs(:now).returns time
|
155
|
+
|
156
|
+
@crl.content.expects(:last_update=).with(time)
|
157
|
+
|
158
|
+
@crl.revoke(1, @key)
|
159
|
+
end
|
160
|
+
|
161
|
+
it "should mark the CRL valid for five years" do
|
162
|
+
time = Time.now
|
163
|
+
Time.stubs(:now).returns time
|
164
|
+
|
165
|
+
@crl.content.expects(:next_update=).with(time + (5 * 365*24*60*60))
|
166
|
+
|
167
|
+
@crl.revoke(1, @key)
|
168
|
+
end
|
169
|
+
|
170
|
+
it "should sign the CRL with the CA's private key and a digest instance" do
|
171
|
+
@crl.content.expects(:sign).with { |key, digest| key == @key and digest.is_a?(OpenSSL::Digest::SHA1) }
|
172
|
+
@crl.revoke(1, @key)
|
173
|
+
end
|
174
|
+
|
175
|
+
it "should save the CRL" do
|
176
|
+
@crl.expects :save
|
177
|
+
@crl.revoke(1, @key)
|
178
|
+
end
|
179
|
+
end
|
180
|
+
end
|
@@ -0,0 +1,704 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require File.dirname(__FILE__) + '/../../spec_helper'
|
4
|
+
|
5
|
+
require 'puppet/ssl/host'
|
6
|
+
|
7
|
+
describe Puppet::SSL::Host do
|
8
|
+
before do
|
9
|
+
@class = Puppet::SSL::Host
|
10
|
+
@host = @class.new("myname")
|
11
|
+
end
|
12
|
+
|
13
|
+
after do
|
14
|
+
# Cleaned out any cached localhost instance.
|
15
|
+
Puppet::Util::Cacher.expire
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should use any provided name as its name" do
|
19
|
+
@host.name.should == "myname"
|
20
|
+
end
|
21
|
+
|
22
|
+
it "should retrieve its public key from its private key" do
|
23
|
+
realkey = mock 'realkey'
|
24
|
+
key = stub 'key', :content => realkey
|
25
|
+
Puppet::SSL::Key.stubs(:find).returns(key)
|
26
|
+
pubkey = mock 'public_key'
|
27
|
+
realkey.expects(:public_key).returns pubkey
|
28
|
+
|
29
|
+
@host.public_key.should equal(pubkey)
|
30
|
+
end
|
31
|
+
|
32
|
+
it "should default to being a non-ca host" do
|
33
|
+
@host.ca?.should be_false
|
34
|
+
end
|
35
|
+
|
36
|
+
it "should be a ca host if its name matches the CA_NAME" do
|
37
|
+
Puppet::SSL::Host.stubs(:ca_name).returns "yayca"
|
38
|
+
Puppet::SSL::Host.new("yayca").should be_ca
|
39
|
+
end
|
40
|
+
|
41
|
+
it "should have a method for determining the CA location" do
|
42
|
+
Puppet::SSL::Host.should respond_to(:ca_location)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "should have a method for specifying the CA location" do
|
46
|
+
Puppet::SSL::Host.should respond_to(:ca_location=)
|
47
|
+
end
|
48
|
+
|
49
|
+
it "should have a method for retrieving the default ssl host" do
|
50
|
+
Puppet::SSL::Host.should respond_to(:ca_location=)
|
51
|
+
end
|
52
|
+
|
53
|
+
it "should have a method for producing an instance to manage the local host's keys" do
|
54
|
+
Puppet::SSL::Host.should respond_to(:localhost)
|
55
|
+
end
|
56
|
+
|
57
|
+
it "should generate the certificate for the localhost instance if no certificate is available" do
|
58
|
+
host = stub 'host', :key => nil
|
59
|
+
Puppet::SSL::Host.expects(:new).returns host
|
60
|
+
|
61
|
+
host.expects(:certificate).returns nil
|
62
|
+
host.expects(:generate)
|
63
|
+
|
64
|
+
Puppet::SSL::Host.localhost.should equal(host)
|
65
|
+
end
|
66
|
+
|
67
|
+
it "should always read the key for the localhost instance in from disk" do
|
68
|
+
host = stub 'host', :certificate => "eh"
|
69
|
+
Puppet::SSL::Host.expects(:new).returns host
|
70
|
+
|
71
|
+
host.expects(:key)
|
72
|
+
|
73
|
+
Puppet::SSL::Host.localhost
|
74
|
+
end
|
75
|
+
|
76
|
+
it "should cache the localhost instance" do
|
77
|
+
host = stub 'host', :certificate => "eh", :key => 'foo'
|
78
|
+
Puppet::SSL::Host.expects(:new).once.returns host
|
79
|
+
|
80
|
+
Puppet::SSL::Host.localhost.should == Puppet::SSL::Host.localhost
|
81
|
+
end
|
82
|
+
|
83
|
+
it "should be able to expire the cached instance" do
|
84
|
+
one = stub 'host1', :certificate => "eh", :key => 'foo'
|
85
|
+
two = stub 'host2', :certificate => "eh", :key => 'foo'
|
86
|
+
Puppet::SSL::Host.expects(:new).times(2).returns(one).then.returns(two)
|
87
|
+
|
88
|
+
Puppet::SSL::Host.localhost.should equal(one)
|
89
|
+
Puppet::Util::Cacher.expire
|
90
|
+
Puppet::SSL::Host.localhost.should equal(two)
|
91
|
+
end
|
92
|
+
|
93
|
+
it "should be able to verify its certificate matches its key" do
|
94
|
+
Puppet::SSL::Host.new("foo").should respond_to(:certificate_matches_key?)
|
95
|
+
end
|
96
|
+
|
97
|
+
it "should consider the certificate invalid if it cannot find a key" do
|
98
|
+
host = Puppet::SSL::Host.new("foo")
|
99
|
+
host.expects(:key).returns nil
|
100
|
+
|
101
|
+
host.should_not be_certificate_matches_key
|
102
|
+
end
|
103
|
+
|
104
|
+
it "should consider the certificate invalid if it cannot find a certificate" do
|
105
|
+
host = Puppet::SSL::Host.new("foo")
|
106
|
+
host.expects(:key).returns mock("key")
|
107
|
+
host.expects(:certificate).returns nil
|
108
|
+
|
109
|
+
host.should_not be_certificate_matches_key
|
110
|
+
end
|
111
|
+
|
112
|
+
it "should consider the certificate invalid if the SSL certificate's key verification fails" do
|
113
|
+
host = Puppet::SSL::Host.new("foo")
|
114
|
+
|
115
|
+
key = mock 'key', :content => "private_key"
|
116
|
+
sslcert = mock 'sslcert'
|
117
|
+
certificate = mock 'cert', :content => sslcert
|
118
|
+
|
119
|
+
host.stubs(:key).returns key
|
120
|
+
host.stubs(:certificate).returns certificate
|
121
|
+
|
122
|
+
sslcert.expects(:check_private_key).with("private_key").returns false
|
123
|
+
|
124
|
+
host.should_not be_certificate_matches_key
|
125
|
+
end
|
126
|
+
|
127
|
+
it "should consider the certificate valid if the SSL certificate's key verification succeeds" do
|
128
|
+
host = Puppet::SSL::Host.new("foo")
|
129
|
+
|
130
|
+
key = mock 'key', :content => "private_key"
|
131
|
+
sslcert = mock 'sslcert'
|
132
|
+
certificate = mock 'cert', :content => sslcert
|
133
|
+
|
134
|
+
host.stubs(:key).returns key
|
135
|
+
host.stubs(:certificate).returns certificate
|
136
|
+
|
137
|
+
sslcert.expects(:check_private_key).with("private_key").returns true
|
138
|
+
|
139
|
+
host.should be_certificate_matches_key
|
140
|
+
end
|
141
|
+
|
142
|
+
describe "when specifying the CA location" do
|
143
|
+
before do
|
144
|
+
[Puppet::SSL::Key, Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest, Puppet::SSL::CertificateRevocationList].each do |klass|
|
145
|
+
klass.stubs(:terminus_class=)
|
146
|
+
klass.stubs(:cache_class=)
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
it "should support the location ':local'" do
|
151
|
+
lambda { Puppet::SSL::Host.ca_location = :local }.should_not raise_error
|
152
|
+
end
|
153
|
+
|
154
|
+
it "should support the location ':remote'" do
|
155
|
+
lambda { Puppet::SSL::Host.ca_location = :remote }.should_not raise_error
|
156
|
+
end
|
157
|
+
|
158
|
+
it "should support the location ':none'" do
|
159
|
+
lambda { Puppet::SSL::Host.ca_location = :none }.should_not raise_error
|
160
|
+
end
|
161
|
+
|
162
|
+
it "should support the location ':only'" do
|
163
|
+
lambda { Puppet::SSL::Host.ca_location = :only }.should_not raise_error
|
164
|
+
end
|
165
|
+
|
166
|
+
it "should not support other modes" do
|
167
|
+
lambda { Puppet::SSL::Host.ca_location = :whatever }.should raise_error(ArgumentError)
|
168
|
+
end
|
169
|
+
|
170
|
+
describe "as 'local'" do
|
171
|
+
it "should set the cache class for Certificate, CertificateRevocationList, and CertificateRequest as :file" do
|
172
|
+
Puppet::SSL::Certificate.expects(:cache_class=).with :file
|
173
|
+
Puppet::SSL::CertificateRequest.expects(:cache_class=).with :file
|
174
|
+
Puppet::SSL::CertificateRevocationList.expects(:cache_class=).with :file
|
175
|
+
|
176
|
+
Puppet::SSL::Host.ca_location = :local
|
177
|
+
end
|
178
|
+
|
179
|
+
it "should set the terminus class for Key as :file" do
|
180
|
+
Puppet::SSL::Key.expects(:terminus_class=).with :file
|
181
|
+
|
182
|
+
Puppet::SSL::Host.ca_location = :local
|
183
|
+
end
|
184
|
+
|
185
|
+
it "should set the terminus class for Certificate, CertificateRevocationList, and CertificateRequest as :ca" do
|
186
|
+
Puppet::SSL::Certificate.expects(:terminus_class=).with :ca
|
187
|
+
Puppet::SSL::CertificateRequest.expects(:terminus_class=).with :ca
|
188
|
+
Puppet::SSL::CertificateRevocationList.expects(:terminus_class=).with :ca
|
189
|
+
|
190
|
+
Puppet::SSL::Host.ca_location = :local
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
194
|
+
describe "as 'remote'" do
|
195
|
+
it "should set the cache class for Certificate, CertificateRevocationList, and CertificateRequest as :file" do
|
196
|
+
Puppet::SSL::Certificate.expects(:cache_class=).with :file
|
197
|
+
Puppet::SSL::CertificateRequest.expects(:cache_class=).with :file
|
198
|
+
Puppet::SSL::CertificateRevocationList.expects(:cache_class=).with :file
|
199
|
+
|
200
|
+
Puppet::SSL::Host.ca_location = :remote
|
201
|
+
end
|
202
|
+
|
203
|
+
it "should set the terminus class for Key as :file" do
|
204
|
+
Puppet::SSL::Key.expects(:terminus_class=).with :file
|
205
|
+
|
206
|
+
Puppet::SSL::Host.ca_location = :remote
|
207
|
+
end
|
208
|
+
|
209
|
+
it "should set the terminus class for Certificate, CertificateRevocationList, and CertificateRequest as :rest" do
|
210
|
+
Puppet::SSL::Certificate.expects(:terminus_class=).with :rest
|
211
|
+
Puppet::SSL::CertificateRequest.expects(:terminus_class=).with :rest
|
212
|
+
Puppet::SSL::CertificateRevocationList.expects(:terminus_class=).with :rest
|
213
|
+
|
214
|
+
Puppet::SSL::Host.ca_location = :remote
|
215
|
+
end
|
216
|
+
end
|
217
|
+
|
218
|
+
describe "as 'only'" do
|
219
|
+
it "should set the terminus class for Key, Certificate, CertificateRevocationList, and CertificateRequest as :ca" do
|
220
|
+
Puppet::SSL::Key.expects(:terminus_class=).with :ca
|
221
|
+
Puppet::SSL::Certificate.expects(:terminus_class=).with :ca
|
222
|
+
Puppet::SSL::CertificateRequest.expects(:terminus_class=).with :ca
|
223
|
+
Puppet::SSL::CertificateRevocationList.expects(:terminus_class=).with :ca
|
224
|
+
|
225
|
+
Puppet::SSL::Host.ca_location = :only
|
226
|
+
end
|
227
|
+
|
228
|
+
it "should reset the cache class for Certificate, CertificateRevocationList, and CertificateRequest to nil" do
|
229
|
+
Puppet::SSL::Certificate.expects(:cache_class=).with nil
|
230
|
+
Puppet::SSL::CertificateRequest.expects(:cache_class=).with nil
|
231
|
+
Puppet::SSL::CertificateRevocationList.expects(:cache_class=).with nil
|
232
|
+
|
233
|
+
Puppet::SSL::Host.ca_location = :only
|
234
|
+
end
|
235
|
+
end
|
236
|
+
|
237
|
+
describe "as 'none'" do
|
238
|
+
it "should set the terminus class for Key, Certificate, CertificateRevocationList, and CertificateRequest as :file" do
|
239
|
+
Puppet::SSL::Key.expects(:terminus_class=).with :file
|
240
|
+
Puppet::SSL::Certificate.expects(:terminus_class=).with :file
|
241
|
+
Puppet::SSL::CertificateRequest.expects(:terminus_class=).with :file
|
242
|
+
Puppet::SSL::CertificateRevocationList.expects(:terminus_class=).with :file
|
243
|
+
|
244
|
+
Puppet::SSL::Host.ca_location = :none
|
245
|
+
end
|
246
|
+
end
|
247
|
+
end
|
248
|
+
|
249
|
+
it "should have a class method for destroying all files related to a given host" do
|
250
|
+
Puppet::SSL::Host.should respond_to(:destroy)
|
251
|
+
end
|
252
|
+
|
253
|
+
describe "when destroying a host's SSL files" do
|
254
|
+
before do
|
255
|
+
Puppet::SSL::Key.stubs(:destroy).returns false
|
256
|
+
Puppet::SSL::Certificate.stubs(:destroy).returns false
|
257
|
+
Puppet::SSL::CertificateRequest.stubs(:destroy).returns false
|
258
|
+
end
|
259
|
+
|
260
|
+
it "should destroy its certificate, certificate request, and key" do
|
261
|
+
Puppet::SSL::Key.expects(:destroy).with("myhost")
|
262
|
+
Puppet::SSL::Certificate.expects(:destroy).with("myhost")
|
263
|
+
Puppet::SSL::CertificateRequest.expects(:destroy).with("myhost")
|
264
|
+
|
265
|
+
Puppet::SSL::Host.destroy("myhost")
|
266
|
+
end
|
267
|
+
|
268
|
+
it "should return true if any of the classes returned true" do
|
269
|
+
Puppet::SSL::Certificate.expects(:destroy).with("myhost").returns true
|
270
|
+
|
271
|
+
Puppet::SSL::Host.destroy("myhost").should be_true
|
272
|
+
end
|
273
|
+
|
274
|
+
it "should return false if none of the classes returned true" do
|
275
|
+
Puppet::SSL::Host.destroy("myhost").should be_false
|
276
|
+
end
|
277
|
+
end
|
278
|
+
|
279
|
+
describe "when initializing" do
|
280
|
+
it "should default its name to the :certname setting" do
|
281
|
+
Puppet.settings.expects(:value).with(:certname).returns "myname"
|
282
|
+
|
283
|
+
Puppet::SSL::Host.new.name.should == "myname"
|
284
|
+
end
|
285
|
+
|
286
|
+
it "should downcase a passed in name" do
|
287
|
+
Puppet::SSL::Host.new("Host.Domain.Com").name.should == "host.domain.com"
|
288
|
+
end
|
289
|
+
|
290
|
+
it "should downcase the certname if it's used" do
|
291
|
+
Puppet.settings.expects(:value).with(:certname).returns "Host.Domain.Com"
|
292
|
+
Puppet::SSL::Host.new().name.should == "host.domain.com"
|
293
|
+
end
|
294
|
+
|
295
|
+
it "should indicate that it is a CA host if its name matches the ca_name constant" do
|
296
|
+
Puppet::SSL::Host.stubs(:ca_name).returns "myca"
|
297
|
+
Puppet::SSL::Host.new("myca").should be_ca
|
298
|
+
end
|
299
|
+
end
|
300
|
+
|
301
|
+
describe "when managing its private key" do
|
302
|
+
before do
|
303
|
+
@realkey = "mykey"
|
304
|
+
@key = stub 'key', :content => @realkey
|
305
|
+
end
|
306
|
+
|
307
|
+
it "should return nil if the key is not set and cannot be found" do
|
308
|
+
Puppet::SSL::Key.expects(:find).with("myname").returns(nil)
|
309
|
+
@host.key.should be_nil
|
310
|
+
end
|
311
|
+
|
312
|
+
it "should find the key in the Key class and return the Puppet instance" do
|
313
|
+
Puppet::SSL::Key.expects(:find).with("myname").returns(@key)
|
314
|
+
@host.key.should equal(@key)
|
315
|
+
end
|
316
|
+
|
317
|
+
it "should be able to generate and save a new key" do
|
318
|
+
Puppet::SSL::Key.expects(:new).with("myname").returns(@key)
|
319
|
+
|
320
|
+
@key.expects(:generate)
|
321
|
+
@key.expects(:save)
|
322
|
+
|
323
|
+
@host.generate_key.should be_true
|
324
|
+
@host.key.should equal(@key)
|
325
|
+
end
|
326
|
+
|
327
|
+
it "should not retain keys that could not be saved" do
|
328
|
+
Puppet::SSL::Key.expects(:new).with("myname").returns(@key)
|
329
|
+
|
330
|
+
@key.stubs(:generate)
|
331
|
+
@key.expects(:save).raises "eh"
|
332
|
+
|
333
|
+
lambda { @host.generate_key }.should raise_error
|
334
|
+
@host.key.should be_nil
|
335
|
+
end
|
336
|
+
|
337
|
+
it "should return any previously found key without requerying" do
|
338
|
+
Puppet::SSL::Key.expects(:find).with("myname").returns(@key).once
|
339
|
+
@host.key.should equal(@key)
|
340
|
+
@host.key.should equal(@key)
|
341
|
+
end
|
342
|
+
end
|
343
|
+
|
344
|
+
describe "when managing its certificate request" do
|
345
|
+
before do
|
346
|
+
@realrequest = "real request"
|
347
|
+
@request = stub 'request', :content => @realrequest
|
348
|
+
end
|
349
|
+
|
350
|
+
it "should return nil if the key is not set and cannot be found" do
|
351
|
+
Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns(nil)
|
352
|
+
@host.certificate_request.should be_nil
|
353
|
+
end
|
354
|
+
|
355
|
+
it "should find the request in the Key class and return it and return the Puppet SSL request" do
|
356
|
+
Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns @request
|
357
|
+
|
358
|
+
@host.certificate_request.should equal(@request)
|
359
|
+
end
|
360
|
+
|
361
|
+
it "should generate a new key when generating the cert request if no key exists" do
|
362
|
+
Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns @request
|
363
|
+
|
364
|
+
key = stub 'key', :public_key => mock("public_key"), :content => "mycontent"
|
365
|
+
|
366
|
+
@host.expects(:key).times(2).returns(nil).then.returns(key)
|
367
|
+
@host.expects(:generate_key).returns(key)
|
368
|
+
|
369
|
+
@request.stubs(:generate)
|
370
|
+
@request.stubs(:save)
|
371
|
+
|
372
|
+
@host.generate_certificate_request
|
373
|
+
end
|
374
|
+
|
375
|
+
it "should be able to generate and save a new request using the private key" do
|
376
|
+
Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns @request
|
377
|
+
|
378
|
+
key = stub 'key', :public_key => mock("public_key"), :content => "mycontent"
|
379
|
+
@host.stubs(:key).returns(key)
|
380
|
+
@request.expects(:generate).with("mycontent")
|
381
|
+
@request.expects(:save)
|
382
|
+
|
383
|
+
@host.generate_certificate_request.should be_true
|
384
|
+
@host.certificate_request.should equal(@request)
|
385
|
+
end
|
386
|
+
|
387
|
+
it "should return any previously found request without requerying" do
|
388
|
+
Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns(@request).once
|
389
|
+
|
390
|
+
@host.certificate_request.should equal(@request)
|
391
|
+
@host.certificate_request.should equal(@request)
|
392
|
+
end
|
393
|
+
|
394
|
+
it "should not keep its certificate request in memory if the request cannot be saved" do
|
395
|
+
Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns @request
|
396
|
+
|
397
|
+
key = stub 'key', :public_key => mock("public_key"), :content => "mycontent"
|
398
|
+
@host.stubs(:key).returns(key)
|
399
|
+
@request.stubs(:generate)
|
400
|
+
@request.expects(:save).raises "eh"
|
401
|
+
|
402
|
+
lambda { @host.generate_certificate_request }.should raise_error
|
403
|
+
|
404
|
+
@host.certificate_request.should be_nil
|
405
|
+
end
|
406
|
+
end
|
407
|
+
|
408
|
+
describe "when managing its certificate" do
|
409
|
+
before do
|
410
|
+
@realcert = mock 'certificate'
|
411
|
+
@cert = stub 'cert', :content => @realcert
|
412
|
+
|
413
|
+
@host.stubs(:key).returns mock("key")
|
414
|
+
@host.stubs(:certificate_matches_key?).returns true
|
415
|
+
end
|
416
|
+
|
417
|
+
it "should find the CA certificate if it does not have a certificate" do
|
418
|
+
Puppet::SSL::Certificate.expects(:find).with("ca").returns mock("cacert")
|
419
|
+
Puppet::SSL::Certificate.stubs(:find).with("myname").returns @cert
|
420
|
+
|
421
|
+
@host.certificate
|
422
|
+
end
|
423
|
+
|
424
|
+
it "should not find the CA certificate if it is the CA host" do
|
425
|
+
@host.expects(:ca?).returns true
|
426
|
+
Puppet::SSL::Certificate.stubs(:find)
|
427
|
+
Puppet::SSL::Certificate.expects(:find).with("ca").never
|
428
|
+
|
429
|
+
@host.certificate
|
430
|
+
end
|
431
|
+
|
432
|
+
it "should return nil if it cannot find a CA certificate" do
|
433
|
+
Puppet::SSL::Certificate.expects(:find).with("ca").returns nil
|
434
|
+
Puppet::SSL::Certificate.expects(:find).with("myname").never
|
435
|
+
|
436
|
+
@host.certificate.should be_nil
|
437
|
+
end
|
438
|
+
|
439
|
+
it "should find the key if it does not have one" do
|
440
|
+
Puppet::SSL::Certificate.stubs(:find)
|
441
|
+
@host.expects(:key).returns mock("key")
|
442
|
+
|
443
|
+
@host.certificate
|
444
|
+
end
|
445
|
+
|
446
|
+
it "should generate the key if one cannot be found" do
|
447
|
+
Puppet::SSL::Certificate.stubs(:find)
|
448
|
+
|
449
|
+
@host.expects(:key).returns nil
|
450
|
+
@host.expects(:generate_key)
|
451
|
+
|
452
|
+
@host.certificate
|
453
|
+
end
|
454
|
+
|
455
|
+
it "should find the certificate in the Certificate class and return the Puppet certificate instance" do
|
456
|
+
Puppet::SSL::Certificate.expects(:find).with("ca").returns mock("cacert")
|
457
|
+
Puppet::SSL::Certificate.expects(:find).with("myname").returns @cert
|
458
|
+
|
459
|
+
@host.certificate.should equal(@cert)
|
460
|
+
end
|
461
|
+
|
462
|
+
it "should fail if the found certificate does not match the private key" do
|
463
|
+
@host.expects(:certificate_matches_key?).returns false
|
464
|
+
|
465
|
+
Puppet::SSL::Certificate.stubs(:find).returns @cert
|
466
|
+
|
467
|
+
lambda { @host.certificate }.should raise_error(Puppet::Error)
|
468
|
+
end
|
469
|
+
|
470
|
+
it "should return any previously found certificate" do
|
471
|
+
Puppet::SSL::Certificate.expects(:find).with("ca").returns mock("cacert")
|
472
|
+
Puppet::SSL::Certificate.expects(:find).with("myname").returns(@cert).once
|
473
|
+
|
474
|
+
@host.certificate.should equal(@cert)
|
475
|
+
@host.certificate.should equal(@cert)
|
476
|
+
end
|
477
|
+
end
|
478
|
+
|
479
|
+
it "should have a method for listing certificate hosts" do
|
480
|
+
Puppet::SSL::Host.should respond_to(:search)
|
481
|
+
end
|
482
|
+
|
483
|
+
describe "when listing certificate hosts" do
|
484
|
+
it "should default to listing all clients with any file types" do
|
485
|
+
Puppet::SSL::Key.expects(:search).returns []
|
486
|
+
Puppet::SSL::Certificate.expects(:search).returns []
|
487
|
+
Puppet::SSL::CertificateRequest.expects(:search).returns []
|
488
|
+
Puppet::SSL::Host.search
|
489
|
+
end
|
490
|
+
|
491
|
+
it "should be able to list only clients with a key" do
|
492
|
+
Puppet::SSL::Key.expects(:search).returns []
|
493
|
+
Puppet::SSL::Certificate.expects(:search).never
|
494
|
+
Puppet::SSL::CertificateRequest.expects(:search).never
|
495
|
+
Puppet::SSL::Host.search :for => Puppet::SSL::Key
|
496
|
+
end
|
497
|
+
|
498
|
+
it "should be able to list only clients with a certificate" do
|
499
|
+
Puppet::SSL::Key.expects(:search).never
|
500
|
+
Puppet::SSL::Certificate.expects(:search).returns []
|
501
|
+
Puppet::SSL::CertificateRequest.expects(:search).never
|
502
|
+
Puppet::SSL::Host.search :for => Puppet::SSL::Certificate
|
503
|
+
end
|
504
|
+
|
505
|
+
it "should be able to list only clients with a certificate request" do
|
506
|
+
Puppet::SSL::Key.expects(:search).never
|
507
|
+
Puppet::SSL::Certificate.expects(:search).never
|
508
|
+
Puppet::SSL::CertificateRequest.expects(:search).returns []
|
509
|
+
Puppet::SSL::Host.search :for => Puppet::SSL::CertificateRequest
|
510
|
+
end
|
511
|
+
|
512
|
+
it "should return a Host instance created with the name of each found instance" do
|
513
|
+
key = stub 'key', :name => "key"
|
514
|
+
cert = stub 'cert', :name => "cert"
|
515
|
+
csr = stub 'csr', :name => "csr"
|
516
|
+
|
517
|
+
Puppet::SSL::Key.expects(:search).returns [key]
|
518
|
+
Puppet::SSL::Certificate.expects(:search).returns [cert]
|
519
|
+
Puppet::SSL::CertificateRequest.expects(:search).returns [csr]
|
520
|
+
|
521
|
+
returned = []
|
522
|
+
%w{key cert csr}.each do |name|
|
523
|
+
result = mock(name)
|
524
|
+
returned << result
|
525
|
+
Puppet::SSL::Host.expects(:new).with(name).returns result
|
526
|
+
end
|
527
|
+
|
528
|
+
result = Puppet::SSL::Host.search
|
529
|
+
returned.each do |r|
|
530
|
+
result.should be_include(r)
|
531
|
+
end
|
532
|
+
end
|
533
|
+
end
|
534
|
+
|
535
|
+
it "should have a method for generating all necessary files" do
|
536
|
+
Puppet::SSL::Host.new("me").should respond_to(:generate)
|
537
|
+
end
|
538
|
+
|
539
|
+
describe "when generating files" do
|
540
|
+
before do
|
541
|
+
@host = Puppet::SSL::Host.new("me")
|
542
|
+
@host.stubs(:generate_key)
|
543
|
+
@host.stubs(:generate_certificate_request)
|
544
|
+
end
|
545
|
+
|
546
|
+
it "should generate a key if one is not present" do
|
547
|
+
@host.stubs(:key).returns nil
|
548
|
+
@host.expects(:generate_key)
|
549
|
+
|
550
|
+
@host.generate
|
551
|
+
end
|
552
|
+
|
553
|
+
it "should generate a certificate request if one is not present" do
|
554
|
+
@host.expects(:certificate_request).returns nil
|
555
|
+
@host.expects(:generate_certificate_request)
|
556
|
+
|
557
|
+
@host.generate
|
558
|
+
end
|
559
|
+
|
560
|
+
describe "and it can create a certificate authority" do
|
561
|
+
before do
|
562
|
+
@ca = mock 'ca'
|
563
|
+
Puppet::SSL::CertificateAuthority.stubs(:instance).returns @ca
|
564
|
+
end
|
565
|
+
|
566
|
+
it "should use the CA to sign its certificate request if it does not have a certificate" do
|
567
|
+
@host.expects(:certificate).returns nil
|
568
|
+
|
569
|
+
@ca.expects(:sign).with(@host.name)
|
570
|
+
|
571
|
+
@host.generate
|
572
|
+
end
|
573
|
+
end
|
574
|
+
|
575
|
+
describe "and it cannot create a certificate authority" do
|
576
|
+
before do
|
577
|
+
Puppet::SSL::CertificateAuthority.stubs(:instance).returns nil
|
578
|
+
end
|
579
|
+
|
580
|
+
it "should seek its certificate" do
|
581
|
+
@host.expects(:certificate)
|
582
|
+
|
583
|
+
@host.generate
|
584
|
+
end
|
585
|
+
end
|
586
|
+
end
|
587
|
+
|
588
|
+
it "should have a method for creating an SSL store" do
|
589
|
+
Puppet::SSL::Host.new("me").should respond_to(:ssl_store)
|
590
|
+
end
|
591
|
+
|
592
|
+
it "should always return the same store" do
|
593
|
+
host = Puppet::SSL::Host.new("foo")
|
594
|
+
store = mock 'store'
|
595
|
+
store.stub_everything
|
596
|
+
OpenSSL::X509::Store.expects(:new).returns store
|
597
|
+
host.ssl_store.should equal(host.ssl_store)
|
598
|
+
end
|
599
|
+
|
600
|
+
describe "when creating an SSL store" do
|
601
|
+
before do
|
602
|
+
@host = Puppet::SSL::Host.new("me")
|
603
|
+
@store = mock 'store'
|
604
|
+
@store.stub_everything
|
605
|
+
OpenSSL::X509::Store.stubs(:new).returns @store
|
606
|
+
|
607
|
+
Puppet.settings.stubs(:value).returns "ssl_host_testing"
|
608
|
+
end
|
609
|
+
|
610
|
+
it "should accept a purpose" do
|
611
|
+
@store.expects(:purpose=).with "my special purpose"
|
612
|
+
@host.ssl_store("my special purpose")
|
613
|
+
end
|
614
|
+
|
615
|
+
it "should default to OpenSSL::X509::PURPOSE_ANY as the purpose" do
|
616
|
+
@store.expects(:purpose=).with OpenSSL::X509::PURPOSE_ANY
|
617
|
+
@host.ssl_store
|
618
|
+
end
|
619
|
+
|
620
|
+
it "should add the local CA cert file" do
|
621
|
+
Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file"
|
622
|
+
@store.expects(:add_file).with "/ca/cert/file"
|
623
|
+
@host.ssl_store
|
624
|
+
end
|
625
|
+
|
626
|
+
describe "and a CRL is available" do
|
627
|
+
before do
|
628
|
+
@crl = stub 'crl', :content => "real_crl"
|
629
|
+
Puppet::SSL::CertificateRevocationList.stubs(:find).returns @crl
|
630
|
+
end
|
631
|
+
|
632
|
+
it "should add the CRL" do
|
633
|
+
@store.expects(:add_crl).with "real_crl"
|
634
|
+
@host.ssl_store
|
635
|
+
end
|
636
|
+
|
637
|
+
it "should set the flags to OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK" do
|
638
|
+
@store.expects(:flags=).with OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK
|
639
|
+
@host.ssl_store
|
640
|
+
end
|
641
|
+
end
|
642
|
+
end
|
643
|
+
|
644
|
+
describe "when waiting for a cert" do
|
645
|
+
before do
|
646
|
+
@host = Puppet::SSL::Host.new("me")
|
647
|
+
end
|
648
|
+
|
649
|
+
it "should generate its certificate request and attempt to read the certificate again if no certificate is found" do
|
650
|
+
@host.expects(:certificate).times(2).returns(nil).then.returns "foo"
|
651
|
+
@host.expects(:generate)
|
652
|
+
@host.wait_for_cert(1)
|
653
|
+
end
|
654
|
+
|
655
|
+
it "should catch and log errors during CSR saving" do
|
656
|
+
@host.expects(:certificate).times(2).returns(nil).then.returns "foo"
|
657
|
+
@host.expects(:generate).times(2).raises(RuntimeError).then.returns nil
|
658
|
+
@host.stubs(:sleep)
|
659
|
+
@host.wait_for_cert(1)
|
660
|
+
end
|
661
|
+
|
662
|
+
it "should sleep and retry after failures saving the CSR if waitforcert is enabled" do
|
663
|
+
@host.expects(:certificate).times(2).returns(nil).then.returns "foo"
|
664
|
+
@host.expects(:generate).times(2).raises(RuntimeError).then.returns nil
|
665
|
+
@host.expects(:sleep).with(1)
|
666
|
+
@host.wait_for_cert(1)
|
667
|
+
end
|
668
|
+
|
669
|
+
it "should exit after failures saving the CSR of waitforcert is disabled" do
|
670
|
+
@host.expects(:certificate).returns(nil)
|
671
|
+
@host.expects(:generate).raises(RuntimeError)
|
672
|
+
@host.expects(:puts)
|
673
|
+
@host.expects(:exit).with(1).raises(SystemExit)
|
674
|
+
lambda { @host.wait_for_cert(0) }.should raise_error(SystemExit)
|
675
|
+
end
|
676
|
+
|
677
|
+
it "should exit if the wait time is 0 and it can neither find nor retrieve a certificate" do
|
678
|
+
@host.stubs(:certificate).returns nil
|
679
|
+
@host.expects(:generate)
|
680
|
+
@host.expects(:puts)
|
681
|
+
@host.expects(:exit).with(1).raises(SystemExit)
|
682
|
+
lambda { @host.wait_for_cert(0) }.should raise_error(SystemExit)
|
683
|
+
end
|
684
|
+
|
685
|
+
it "should sleep for the specified amount of time if no certificate is found after generating its certificate request" do
|
686
|
+
@host.expects(:certificate).times(3).returns(nil).then.returns(nil).then.returns "foo"
|
687
|
+
@host.expects(:generate)
|
688
|
+
|
689
|
+
@host.expects(:sleep).with(1)
|
690
|
+
|
691
|
+
@host.wait_for_cert(1)
|
692
|
+
end
|
693
|
+
|
694
|
+
it "should catch and log exceptions during certificate retrieval" do
|
695
|
+
@host.expects(:certificate).times(3).returns(nil).then.raises(RuntimeError).then.returns("foo")
|
696
|
+
@host.stubs(:generate)
|
697
|
+
@host.stubs(:sleep)
|
698
|
+
|
699
|
+
Puppet.expects(:err)
|
700
|
+
|
701
|
+
@host.wait_for_cert(1)
|
702
|
+
end
|
703
|
+
end
|
704
|
+
end
|