puppet 0.9.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +0 -0
- data/COPYING +340 -0
- data/LICENSE +17 -0
- data/README +24 -0
- data/Rakefile +294 -0
- data/TODO +4 -0
- data/bin/cf2puppet +186 -0
- data/bin/puppet +176 -0
- data/bin/puppetca +213 -0
- data/bin/puppetd +246 -0
- data/bin/puppetdoc +184 -0
- data/bin/puppetmasterd +258 -0
- data/examples/code/allatonce +13 -0
- data/examples/code/assignments +11 -0
- data/examples/code/classing +35 -0
- data/examples/code/components +73 -0
- data/examples/code/execs +16 -0
- data/examples/code/failers/badclassnoparam +10 -0
- data/examples/code/failers/badclassparam +10 -0
- data/examples/code/failers/badcompnoparam +9 -0
- data/examples/code/failers/badcompparam +9 -0
- data/examples/code/failers/badtypeparam +3 -0
- data/examples/code/file.bl +11 -0
- data/examples/code/filedefaults +10 -0
- data/examples/code/fileparsing +116 -0
- data/examples/code/filerecursion +15 -0
- data/examples/code/functions +3 -0
- data/examples/code/groups +7 -0
- data/examples/code/head +30 -0
- data/examples/code/importing +8 -0
- data/examples/code/nodes +20 -0
- data/examples/code/one +8 -0
- data/examples/code/relationships +34 -0
- data/examples/code/selectors +28 -0
- data/examples/code/simpletests +11 -0
- data/examples/code/snippets/argumentdefaults +14 -0
- data/examples/code/snippets/casestatement +39 -0
- data/examples/code/snippets/classheirarchy.pp +15 -0
- data/examples/code/snippets/classincludes.pp +17 -0
- data/examples/code/snippets/classpathtest +11 -0
- data/examples/code/snippets/dirchmod +19 -0
- data/examples/code/snippets/failmissingexecpath.pp +13 -0
- data/examples/code/snippets/falsevalues.pp +3 -0
- data/examples/code/snippets/filecreate +11 -0
- data/examples/code/snippets/implicititeration +15 -0
- data/examples/code/snippets/multipleinstances +7 -0
- data/examples/code/snippets/namevartest +9 -0
- data/examples/code/snippets/scopetest +13 -0
- data/examples/code/snippets/selectorvalues.pp +22 -0
- data/examples/code/snippets/simpledefaults +5 -0
- data/examples/code/snippets/simpleselector +38 -0
- data/examples/code/svncommit +13 -0
- data/examples/root/bin/sleeper +69 -0
- data/examples/root/etc/configfile +0 -0
- data/examples/root/etc/debian-passwd +29 -0
- data/examples/root/etc/debian-syslog.conf +71 -0
- data/examples/root/etc/init.d/sleeper +65 -0
- data/examples/root/etc/otherfile +0 -0
- data/examples/root/etc/puppet/fileserver.conf +3 -0
- data/examples/root/etc/puppet/puppetmasterd.conf +10 -0
- data/ext/module:puppet +195 -0
- data/install.rb +270 -0
- data/lib/puppet.rb +249 -0
- data/lib/puppet/base64.rb +19 -0
- data/lib/puppet/client.rb +519 -0
- data/lib/puppet/config.rb +49 -0
- data/lib/puppet/daemon.rb +208 -0
- data/lib/puppet/element.rb +71 -0
- data/lib/puppet/event.rb +259 -0
- data/lib/puppet/log.rb +321 -0
- data/lib/puppet/metric.rb +250 -0
- data/lib/puppet/parsedfile.rb +38 -0
- data/lib/puppet/parser/ast.rb +1560 -0
- data/lib/puppet/parser/interpreter.rb +150 -0
- data/lib/puppet/parser/lexer.rb +226 -0
- data/lib/puppet/parser/parser.rb +1354 -0
- data/lib/puppet/parser/scope.rb +755 -0
- data/lib/puppet/server.rb +170 -0
- data/lib/puppet/server/authstore.rb +227 -0
- data/lib/puppet/server/ca.rb +140 -0
- data/lib/puppet/server/filebucket.rb +147 -0
- data/lib/puppet/server/fileserver.rb +477 -0
- data/lib/puppet/server/logger.rb +43 -0
- data/lib/puppet/server/master.rb +103 -0
- data/lib/puppet/server/servlet.rb +247 -0
- data/lib/puppet/sslcertificates.rb +737 -0
- data/lib/puppet/statechange.rb +150 -0
- data/lib/puppet/storage.rb +95 -0
- data/lib/puppet/transaction.rb +179 -0
- data/lib/puppet/transportable.rb +151 -0
- data/lib/puppet/type.rb +1354 -0
- data/lib/puppet/type/component.rb +141 -0
- data/lib/puppet/type/cron.rb +543 -0
- data/lib/puppet/type/exec.rb +316 -0
- data/lib/puppet/type/group.rb +152 -0
- data/lib/puppet/type/nameservice.rb +3 -0
- data/lib/puppet/type/nameservice/netinfo.rb +173 -0
- data/lib/puppet/type/nameservice/objectadd.rb +146 -0
- data/lib/puppet/type/nameservice/posix.rb +200 -0
- data/lib/puppet/type/package.rb +420 -0
- data/lib/puppet/type/package/apt.rb +70 -0
- data/lib/puppet/type/package/dpkg.rb +108 -0
- data/lib/puppet/type/package/rpm.rb +81 -0
- data/lib/puppet/type/package/sun.rb +117 -0
- data/lib/puppet/type/package/yum.rb +58 -0
- data/lib/puppet/type/pfile.rb +569 -0
- data/lib/puppet/type/pfile/checksum.rb +219 -0
- data/lib/puppet/type/pfile/create.rb +108 -0
- data/lib/puppet/type/pfile/group.rb +129 -0
- data/lib/puppet/type/pfile/mode.rb +131 -0
- data/lib/puppet/type/pfile/source.rb +264 -0
- data/lib/puppet/type/pfile/type.rb +31 -0
- data/lib/puppet/type/pfile/uid.rb +166 -0
- data/lib/puppet/type/pfilebucket.rb +80 -0
- data/lib/puppet/type/pprocess.rb +97 -0
- data/lib/puppet/type/service.rb +347 -0
- data/lib/puppet/type/service/base.rb +17 -0
- data/lib/puppet/type/service/debian.rb +50 -0
- data/lib/puppet/type/service/init.rb +145 -0
- data/lib/puppet/type/service/smf.rb +29 -0
- data/lib/puppet/type/state.rb +182 -0
- data/lib/puppet/type/symlink.rb +183 -0
- data/lib/puppet/type/tidy.rb +183 -0
- data/lib/puppet/type/typegen.rb +149 -0
- data/lib/puppet/type/typegen/filerecord.rb +243 -0
- data/lib/puppet/type/typegen/filetype.rb +316 -0
- data/lib/puppet/type/user.rb +290 -0
- data/lib/puppet/util.rb +138 -0
- data/test/certmgr/certmgr.rb +265 -0
- data/test/client/client.rb +203 -0
- data/test/executables/puppetbin.rb +53 -0
- data/test/executables/puppetca.rb +79 -0
- data/test/executables/puppetd.rb +71 -0
- data/test/executables/puppetmasterd.rb +153 -0
- data/test/executables/puppetmodule.rb +60 -0
- data/test/language/ast.rb +412 -0
- data/test/language/interpreter.rb +71 -0
- data/test/language/scope.rb +412 -0
- data/test/language/snippets.rb +445 -0
- data/test/other/events.rb +111 -0
- data/test/other/log.rb +195 -0
- data/test/other/metrics.rb +92 -0
- data/test/other/overrides.rb +115 -0
- data/test/other/parsedfile.rb +31 -0
- data/test/other/relationships.rb +113 -0
- data/test/other/state.rb +106 -0
- data/test/other/storage.rb +39 -0
- data/test/other/transactions.rb +235 -0
- data/test/parser/lexer.rb +120 -0
- data/test/parser/parser.rb +180 -0
- data/test/puppet/conffiles.rb +104 -0
- data/test/puppet/defaults.rb +100 -0
- data/test/puppet/error.rb +23 -0
- data/test/puppet/utiltest.rb +120 -0
- data/test/puppettest.rb +774 -0
- data/test/server/authstore.rb +209 -0
- data/test/server/bucket.rb +227 -0
- data/test/server/ca.rb +201 -0
- data/test/server/fileserver.rb +710 -0
- data/test/server/logger.rb +175 -0
- data/test/server/master.rb +150 -0
- data/test/server/server.rb +130 -0
- data/test/tagging/tagging.rb +80 -0
- data/test/test +51 -0
- data/test/types/basic.rb +119 -0
- data/test/types/component.rb +272 -0
- data/test/types/cron.rb +261 -0
- data/test/types/exec.rb +273 -0
- data/test/types/file.rb +616 -0
- data/test/types/filebucket.rb +167 -0
- data/test/types/fileignoresource.rb +287 -0
- data/test/types/filesources.rb +587 -0
- data/test/types/filetype.rb +162 -0
- data/test/types/group.rb +271 -0
- data/test/types/package.rb +205 -0
- data/test/types/query.rb +101 -0
- data/test/types/service.rb +100 -0
- data/test/types/symlink.rb +93 -0
- data/test/types/tidy.rb +124 -0
- data/test/types/type.rb +135 -0
- data/test/types/user.rb +371 -0
- metadata +243 -0
data/lib/puppet/util.rb
ADDED
@@ -0,0 +1,138 @@
|
|
1
|
+
# A module to collect utility functions.
|
2
|
+
|
3
|
+
module Puppet
|
4
|
+
module Util
|
5
|
+
# Execute a block as a given user or group
|
6
|
+
def self.asuser(user = nil, group = nil)
|
7
|
+
require 'etc'
|
8
|
+
|
9
|
+
uid = nil
|
10
|
+
gid = nil
|
11
|
+
olduid = nil
|
12
|
+
oldgid = nil
|
13
|
+
|
14
|
+
begin
|
15
|
+
# the groupid, if we got passed a group
|
16
|
+
# The gid has to be changed first, because, well, otherwise we won't
|
17
|
+
# be able to
|
18
|
+
if group
|
19
|
+
if group.is_a?(Integer)
|
20
|
+
gid = group
|
21
|
+
else
|
22
|
+
unless obj = Puppet::Type::Group[group]
|
23
|
+
obj = Puppet::Type::Group.create(
|
24
|
+
:name => group,
|
25
|
+
:check => [:gid]
|
26
|
+
)
|
27
|
+
end
|
28
|
+
obj.retrieve
|
29
|
+
gid = obj.is(:gid)
|
30
|
+
unless gid.is_a?(Integer)
|
31
|
+
raise Puppet::Error, "Could not find group %s" % group
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
if Process.gid != gid
|
36
|
+
oldgid = Process.gid
|
37
|
+
begin
|
38
|
+
Process.egid = gid
|
39
|
+
rescue => detail
|
40
|
+
raise Puppet::Error, "Could not change GID: %s" % detail
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
if user
|
46
|
+
# Retrieve the user id
|
47
|
+
if user.is_a?(Integer)
|
48
|
+
uid = user
|
49
|
+
else
|
50
|
+
unless obj = Puppet::Type::User[user]
|
51
|
+
obj = Puppet::Type::User.create(
|
52
|
+
:name => user,
|
53
|
+
:check => [:uid, :gid]
|
54
|
+
)
|
55
|
+
end
|
56
|
+
obj.retrieve
|
57
|
+
uid = obj.is(:uid)
|
58
|
+
unless uid.is_a?(Integer)
|
59
|
+
raise Puppet::Error, "Could not find user %s" % user
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
# Now change the uid
|
64
|
+
if Process.uid != uid
|
65
|
+
olduid = Process.uid
|
66
|
+
begin
|
67
|
+
Process.euid = uid
|
68
|
+
rescue => detail
|
69
|
+
raise Puppet::Error, "Could not change UID: %s" % detail
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
retval = yield
|
75
|
+
ensure
|
76
|
+
if olduid
|
77
|
+
Process.euid = olduid
|
78
|
+
end
|
79
|
+
|
80
|
+
if oldgid
|
81
|
+
Process.egid = oldgid
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
return retval
|
86
|
+
end
|
87
|
+
|
88
|
+
# Create instance methods for each of the log levels. This allows
|
89
|
+
# the messages to be a little richer. Most classes will be calling this
|
90
|
+
# method.
|
91
|
+
def self.logmethods(klass, useself = true)
|
92
|
+
Puppet::Log.eachlevel { |level|
|
93
|
+
klass.send(:define_method, level, proc { |args|
|
94
|
+
if args.is_a?(Array)
|
95
|
+
args = args.join(" ")
|
96
|
+
end
|
97
|
+
if useself
|
98
|
+
Puppet::Log.create(
|
99
|
+
:level => level,
|
100
|
+
:message => args
|
101
|
+
)
|
102
|
+
else
|
103
|
+
Puppet::Log.create(
|
104
|
+
:level => level,
|
105
|
+
:source => self,
|
106
|
+
:message => args
|
107
|
+
)
|
108
|
+
end
|
109
|
+
})
|
110
|
+
}
|
111
|
+
end
|
112
|
+
|
113
|
+
# XXX this should all be done using puppet objects, not using
|
114
|
+
# normal mkdir
|
115
|
+
def self.recmkdir(dir,mode = 0755)
|
116
|
+
if FileTest.exist?(dir)
|
117
|
+
return false
|
118
|
+
else
|
119
|
+
tmp = dir.sub(/^\//,'')
|
120
|
+
path = [File::SEPARATOR]
|
121
|
+
tmp.split(File::SEPARATOR).each { |dir|
|
122
|
+
path.push dir
|
123
|
+
if ! FileTest.exist?(File.join(path))
|
124
|
+
Dir.mkdir(File.join(path), mode)
|
125
|
+
elsif FileTest.directory?(File.join(path))
|
126
|
+
next
|
127
|
+
else FileTest.exist?(File.join(path))
|
128
|
+
raise "Cannot create %s: basedir %s is a file" %
|
129
|
+
[dir, File.join(path)]
|
130
|
+
end
|
131
|
+
}
|
132
|
+
return true
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
# $Id: util.rb 743 2005-11-16 21:39:31Z luke $
|
@@ -0,0 +1,265 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
if __FILE__ == $0
|
4
|
+
$:.unshift '../../lib'
|
5
|
+
$:.unshift '..'
|
6
|
+
$puppetbase = "../.."
|
7
|
+
end
|
8
|
+
|
9
|
+
require 'puppet'
|
10
|
+
require 'puppet/sslcertificates.rb'
|
11
|
+
require 'test/unit'
|
12
|
+
require 'puppettest'
|
13
|
+
|
14
|
+
# so, what kind of things do we want to test?
|
15
|
+
|
16
|
+
# we don't need to test function, since we're confident in the
|
17
|
+
# library tests. We do, however, need to test how things are actually
|
18
|
+
# working in the language.
|
19
|
+
|
20
|
+
# so really, we want to do things like test that our ast is correct
|
21
|
+
# and test whether we've got things in the right scopes
|
22
|
+
|
23
|
+
class TestCertMgr < Test::Unit::TestCase
|
24
|
+
include TestPuppet
|
25
|
+
def setup
|
26
|
+
super
|
27
|
+
#@dir = File.join(Puppet[:certdir], "testing")
|
28
|
+
@dir = File.join(@configpath, "certest")
|
29
|
+
Puppet.notice @dir
|
30
|
+
system("mkdir -p %s" % @dir)
|
31
|
+
end
|
32
|
+
|
33
|
+
def mkPassFile()
|
34
|
+
keyfile = File.join(@dir, "tmpkeyfile")
|
35
|
+
@@tmpfiles << keyfile
|
36
|
+
unless FileTest.exists?(@dir)
|
37
|
+
system("mkdir -p %s" % @dir)
|
38
|
+
end
|
39
|
+
File.open(keyfile, "w", 0600) { |f|
|
40
|
+
f.print "as;dklj23rlkjzdflij23wr"
|
41
|
+
}
|
42
|
+
|
43
|
+
return keyfile
|
44
|
+
end
|
45
|
+
|
46
|
+
def mkCA
|
47
|
+
ca = nil
|
48
|
+
assert_nothing_raised {
|
49
|
+
ca = Puppet::SSLCertificates::CA.new()
|
50
|
+
}
|
51
|
+
|
52
|
+
return ca
|
53
|
+
end
|
54
|
+
|
55
|
+
def testCreateSelfSignedCertificate
|
56
|
+
cert = nil
|
57
|
+
name = "testing"
|
58
|
+
newcert = proc {
|
59
|
+
Puppet::SSLCertificates::Certificate.new(
|
60
|
+
:name => name,
|
61
|
+
:selfsign => true
|
62
|
+
)
|
63
|
+
}
|
64
|
+
assert_nothing_raised {
|
65
|
+
cert = newcert.call()
|
66
|
+
}
|
67
|
+
assert_nothing_raised {
|
68
|
+
cert.mkselfsigned
|
69
|
+
}
|
70
|
+
|
71
|
+
assert_raise(Puppet::Error) {
|
72
|
+
cert.mkselfsigned
|
73
|
+
}
|
74
|
+
|
75
|
+
assert_nothing_raised {
|
76
|
+
cert.write
|
77
|
+
}
|
78
|
+
|
79
|
+
assert(FileTest.exists?(cert.certfile))
|
80
|
+
|
81
|
+
assert_nothing_raised {
|
82
|
+
cert.delete
|
83
|
+
}
|
84
|
+
|
85
|
+
assert_nothing_raised {
|
86
|
+
cert = newcert.call()
|
87
|
+
}
|
88
|
+
assert_nothing_raised {
|
89
|
+
cert.mkselfsigned
|
90
|
+
}
|
91
|
+
|
92
|
+
assert_nothing_raised {
|
93
|
+
cert.delete
|
94
|
+
}
|
95
|
+
|
96
|
+
end
|
97
|
+
|
98
|
+
def disabled_testCreateEncryptedSelfSignedCertificate
|
99
|
+
cert = nil
|
100
|
+
name = "testing"
|
101
|
+
keyfile = mkPassFile
|
102
|
+
assert_nothing_raised {
|
103
|
+
cert = Puppet::SSLCertificates::Certificate.new(
|
104
|
+
:name => name,
|
105
|
+
:selfsign => true,
|
106
|
+
:capass => keyfile
|
107
|
+
)
|
108
|
+
}
|
109
|
+
assert_nothing_raised {
|
110
|
+
cert.mkselfsigned
|
111
|
+
}
|
112
|
+
assert_nothing_raised {
|
113
|
+
cert.mkhash
|
114
|
+
}
|
115
|
+
|
116
|
+
assert_raise(Puppet::Error) {
|
117
|
+
cert.mkselfsigned
|
118
|
+
}
|
119
|
+
|
120
|
+
assert(FileTest.exists?(cert.certfile))
|
121
|
+
assert(FileTest.exists?(cert.hash))
|
122
|
+
|
123
|
+
assert_nothing_raised {
|
124
|
+
cert.delete
|
125
|
+
}
|
126
|
+
|
127
|
+
assert_nothing_raised {
|
128
|
+
cert.mkselfsigned
|
129
|
+
}
|
130
|
+
|
131
|
+
assert_nothing_raised {
|
132
|
+
cert.delete
|
133
|
+
}
|
134
|
+
|
135
|
+
end
|
136
|
+
|
137
|
+
def testCreateCA
|
138
|
+
ca = nil
|
139
|
+
assert_nothing_raised {
|
140
|
+
ca = Puppet::SSLCertificates::CA.new()
|
141
|
+
}
|
142
|
+
|
143
|
+
# make the CA again and verify it doesn't fail because everything
|
144
|
+
# still exists
|
145
|
+
assert_nothing_raised {
|
146
|
+
ca = Puppet::SSLCertificates::CA.new()
|
147
|
+
}
|
148
|
+
|
149
|
+
end
|
150
|
+
|
151
|
+
def testSignCert
|
152
|
+
ca = mkCA()
|
153
|
+
|
154
|
+
cert = nil
|
155
|
+
assert_nothing_raised {
|
156
|
+
cert = Puppet::SSLCertificates::Certificate.new(
|
157
|
+
:name => "signedcertest",
|
158
|
+
:state => "TN",
|
159
|
+
:city => "Nashville",
|
160
|
+
:country => "US",
|
161
|
+
:email => "luke@madstop.com",
|
162
|
+
:org => "Reductive",
|
163
|
+
:ou => "Development",
|
164
|
+
:encrypt => mkPassFile()
|
165
|
+
)
|
166
|
+
|
167
|
+
}
|
168
|
+
|
169
|
+
assert_nothing_raised {
|
170
|
+
cert.mkcsr
|
171
|
+
}
|
172
|
+
|
173
|
+
signedcert = nil
|
174
|
+
cacert = nil
|
175
|
+
|
176
|
+
assert_nothing_raised {
|
177
|
+
signedcert, cacert = ca.sign(cert.csr)
|
178
|
+
}
|
179
|
+
|
180
|
+
assert_instance_of(OpenSSL::X509::Certificate, signedcert)
|
181
|
+
assert_instance_of(OpenSSL::X509::Certificate, cacert)
|
182
|
+
|
183
|
+
assert_nothing_raised {
|
184
|
+
cert.cert = signedcert
|
185
|
+
cert.cacert = cacert
|
186
|
+
cert.write
|
187
|
+
}
|
188
|
+
#system("find %s" % Puppet[:ssldir])
|
189
|
+
#system("cp -R %s /tmp/ssltesting" % Puppet[:ssldir])
|
190
|
+
|
191
|
+
output = nil
|
192
|
+
assert_nothing_raised {
|
193
|
+
output = %x{openssl verify -CAfile #{Puppet[:cacert]} -purpose sslserver #{cert.certfile}}
|
194
|
+
#output = %x{openssl verify -CApath #{Puppet[:certdir]} -purpose sslserver #{cert.certfile}}
|
195
|
+
}
|
196
|
+
|
197
|
+
assert_equal($?,0)
|
198
|
+
assert_equal(File.join(Puppet[:certdir], "signedcertest.pem: OK\n"), output)
|
199
|
+
end
|
200
|
+
|
201
|
+
def mkcert(hostname)
|
202
|
+
cert = nil
|
203
|
+
assert_nothing_raised {
|
204
|
+
cert = Puppet::SSLCertificates::Certificate.new(:name => hostname)
|
205
|
+
cert.mkcsr
|
206
|
+
}
|
207
|
+
|
208
|
+
return cert
|
209
|
+
end
|
210
|
+
|
211
|
+
|
212
|
+
def test_interactiveca
|
213
|
+
ca = nil
|
214
|
+
|
215
|
+
assert_nothing_raised {
|
216
|
+
ca = Puppet::SSLCertificates::CA.new
|
217
|
+
}
|
218
|
+
|
219
|
+
# basic initialization
|
220
|
+
hostname = "test.hostname.com"
|
221
|
+
cert = mkcert(hostname)
|
222
|
+
|
223
|
+
# create the csr
|
224
|
+
csr = nil
|
225
|
+
assert_nothing_raised {
|
226
|
+
csr = cert.mkcsr
|
227
|
+
}
|
228
|
+
|
229
|
+
assert_nothing_raised {
|
230
|
+
ca.storeclientcsr(csr)
|
231
|
+
}
|
232
|
+
|
233
|
+
# store it
|
234
|
+
pulledcsr = nil
|
235
|
+
assert_nothing_raised {
|
236
|
+
pulledcsr = ca.getclientcsr(hostname)
|
237
|
+
}
|
238
|
+
|
239
|
+
assert_equal(csr.to_pem, pulledcsr.to_pem)
|
240
|
+
|
241
|
+
signedcert = nil
|
242
|
+
assert_nothing_raised {
|
243
|
+
signedcert, cacert = ca.sign(csr)
|
244
|
+
}
|
245
|
+
|
246
|
+
assert_instance_of(OpenSSL::X509::Certificate, signedcert)
|
247
|
+
newsignedcert = nil
|
248
|
+
assert_nothing_raised {
|
249
|
+
newsignedcert, cacert = ca.getclientcert(hostname)
|
250
|
+
}
|
251
|
+
|
252
|
+
assert(newsignedcert)
|
253
|
+
|
254
|
+
assert_equal(signedcert.to_pem, newsignedcert.to_pem)
|
255
|
+
end
|
256
|
+
|
257
|
+
def test_cafailures
|
258
|
+
ca = mkCA()
|
259
|
+
cert = cacert = nil
|
260
|
+
assert_nothing_raised {
|
261
|
+
cert, cacert = ca.getclientcert("nohost")
|
262
|
+
}
|
263
|
+
assert_nil(cert)
|
264
|
+
end
|
265
|
+
end
|
@@ -0,0 +1,203 @@
|
|
1
|
+
if __FILE__ == $0
|
2
|
+
$:.unshift '..'
|
3
|
+
$:.unshift '../../lib'
|
4
|
+
$puppetbase = "../.."
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'puppet'
|
8
|
+
require 'puppet/client'
|
9
|
+
require 'puppet/server'
|
10
|
+
require 'test/unit'
|
11
|
+
require 'puppettest.rb'
|
12
|
+
|
13
|
+
# $Id: client.rb 724 2005-10-22 22:27:20Z luke $
|
14
|
+
|
15
|
+
class TestClient < Test::Unit::TestCase
|
16
|
+
include ServerTest
|
17
|
+
# a single run through of connect, auth, etc.
|
18
|
+
def test_sslInitWithAutosigningLocalServer
|
19
|
+
# autosign everything, for simplicity
|
20
|
+
Puppet[:autosign] = true
|
21
|
+
|
22
|
+
# create a server to which to connect
|
23
|
+
mkserver()
|
24
|
+
|
25
|
+
# create our client
|
26
|
+
client = nil
|
27
|
+
assert_nothing_raised {
|
28
|
+
client = Puppet::Client::MasterClient.new(
|
29
|
+
:Server => "localhost",
|
30
|
+
:Port => @@port
|
31
|
+
)
|
32
|
+
}
|
33
|
+
|
34
|
+
# get our certs
|
35
|
+
assert_nothing_raised {
|
36
|
+
client.initcerts
|
37
|
+
}
|
38
|
+
|
39
|
+
# make sure all of our cert files exist
|
40
|
+
certfile = File.join(Puppet[:certdir], [client.fqdn, "pem"].join("."))
|
41
|
+
keyfile = File.join(Puppet[:privatekeydir], [client.fqdn, "pem"].join("."))
|
42
|
+
publickeyfile = File.join(Puppet[:publickeydir], [client.fqdn, "pem"].join("."))
|
43
|
+
|
44
|
+
assert(File.exists?(keyfile))
|
45
|
+
assert(File.exists?(certfile))
|
46
|
+
assert(File.exists?(publickeyfile))
|
47
|
+
|
48
|
+
# verify we can retrieve the configuration
|
49
|
+
assert_nothing_raised("Client could not retrieve configuration") {
|
50
|
+
client.getconfig
|
51
|
+
}
|
52
|
+
|
53
|
+
# and apply it
|
54
|
+
assert_nothing_raised("Client could not apply configuration") {
|
55
|
+
client.apply
|
56
|
+
}
|
57
|
+
|
58
|
+
# and verify that it did what it was supposed to
|
59
|
+
assert(FileTest.exists?(@createdfile),
|
60
|
+
"Applied file does not exist")
|
61
|
+
end
|
62
|
+
|
63
|
+
|
64
|
+
# here we create two servers; we
|
65
|
+
def test_failureWithUntrustedCerts
|
66
|
+
Puppet[:autosign] = true
|
67
|
+
|
68
|
+
# create a pair of clients with no certs
|
69
|
+
nonemaster = nil
|
70
|
+
assert_nothing_raised {
|
71
|
+
nonemaster = Puppet::Client::MasterClient.new(
|
72
|
+
:Server => "localhost",
|
73
|
+
:Port => @@port
|
74
|
+
)
|
75
|
+
}
|
76
|
+
|
77
|
+
nonebucket = nil
|
78
|
+
assert_nothing_raised {
|
79
|
+
nonebucket = Puppet::Client::Dipper.new(
|
80
|
+
:Server => "localhost",
|
81
|
+
:Port => @@port
|
82
|
+
)
|
83
|
+
}
|
84
|
+
|
85
|
+
# create a ca so we can create a set of certs
|
86
|
+
ca = nil
|
87
|
+
assert_nothing_raised {
|
88
|
+
ca = Puppet::Client::CAClient.new(:CA => true, :Local => true)
|
89
|
+
ca.requestcert
|
90
|
+
}
|
91
|
+
|
92
|
+
# initialize our clients with this set of certs
|
93
|
+
certmaster = nil
|
94
|
+
assert_nothing_raised {
|
95
|
+
certmaster = Puppet::Client::MasterClient.new(
|
96
|
+
:Server => "localhost",
|
97
|
+
:Port => @@port
|
98
|
+
)
|
99
|
+
}
|
100
|
+
|
101
|
+
certbucket = nil
|
102
|
+
assert_nothing_raised {
|
103
|
+
certbucket = Puppet::Client::Dipper.new(
|
104
|
+
:Server => "localhost",
|
105
|
+
:Port => @@port
|
106
|
+
)
|
107
|
+
}
|
108
|
+
|
109
|
+
# clean up the existing certs, so the server creates a new CA
|
110
|
+
system("rm -rf %s" % Puppet[:ssldir])
|
111
|
+
|
112
|
+
# start our server
|
113
|
+
mkserver
|
114
|
+
|
115
|
+
# now verify that our client cannot do non-cert operations
|
116
|
+
# because its certs are signed by a different CA
|
117
|
+
assert_raise(Puppet::NetworkClientError,
|
118
|
+
"Client was allowed to call getconfig with no certs") {
|
119
|
+
nonemaster.getconfig
|
120
|
+
}
|
121
|
+
assert_raise(Puppet::NetworkClientError,
|
122
|
+
"Client was allowed to call getconfig with untrusted certs") {
|
123
|
+
certmaster.getconfig
|
124
|
+
}
|
125
|
+
|
126
|
+
assert_raise(Puppet::NetworkClientError,
|
127
|
+
"Client was allowed to call backup with no certs") {
|
128
|
+
nonebucket.backup("/etc/passwd")
|
129
|
+
}
|
130
|
+
assert_raise(Puppet::NetworkClientError,
|
131
|
+
"Client was allowed to call backup with untrusted certs") {
|
132
|
+
certbucket.backup("/etc/passwd")
|
133
|
+
}
|
134
|
+
end
|
135
|
+
|
136
|
+
# disabled because the server needs to have its certs in place
|
137
|
+
# in order to start at all
|
138
|
+
# i don't think this test makes much sense anyway
|
139
|
+
def disabled_test_sslInitWithNonsigningLocalServer
|
140
|
+
Puppet[:autosign] = false
|
141
|
+
Puppet[:ssldir] = "/tmp/puppetclientcertests"
|
142
|
+
@@tmpfiles.push Puppet[:ssldir]
|
143
|
+
|
144
|
+
file = File.join($puppetbase, "examples", "code", "head")
|
145
|
+
|
146
|
+
server = nil
|
147
|
+
port = 8086
|
148
|
+
assert_nothing_raised {
|
149
|
+
server = Puppet::Server.new(
|
150
|
+
:Port => port,
|
151
|
+
:Handlers => {
|
152
|
+
:CA => {}, # so that certs autogenerate
|
153
|
+
:Master => {
|
154
|
+
:File => file,
|
155
|
+
},
|
156
|
+
}
|
157
|
+
)
|
158
|
+
}
|
159
|
+
|
160
|
+
spid = fork {
|
161
|
+
trap(:INT) { server.shutdown }
|
162
|
+
server.start
|
163
|
+
}
|
164
|
+
|
165
|
+
@@tmppids << spid
|
166
|
+
client = nil
|
167
|
+
assert_nothing_raised {
|
168
|
+
client = Puppet::Client.new(:Server => "localhost", :Port => port)
|
169
|
+
}
|
170
|
+
certfile = File.join(Puppet[:certdir], [client.fqdn, "pem"].join("."))
|
171
|
+
cafile = File.join(Puppet[:certdir], ["ca", "pem"].join("."))
|
172
|
+
assert_nil(client.initcerts)
|
173
|
+
assert(! File.exists?(certfile))
|
174
|
+
|
175
|
+
ca = nil
|
176
|
+
assert_nothing_raised {
|
177
|
+
ca = Puppet::SSLCertificates::CA.new()
|
178
|
+
}
|
179
|
+
|
180
|
+
|
181
|
+
csr = nil
|
182
|
+
assert_nothing_raised {
|
183
|
+
csr = ca.getclientcsr(client.fqdn)
|
184
|
+
}
|
185
|
+
|
186
|
+
assert(csr)
|
187
|
+
|
188
|
+
cert = nil
|
189
|
+
assert_nothing_raised {
|
190
|
+
cert, cacert = ca.sign(csr)
|
191
|
+
File.open(certfile, "w") { |f| f.print cert.to_pem }
|
192
|
+
File.open(cafile, "w") { |f| f.print cacert.to_pem }
|
193
|
+
}
|
194
|
+
|
195
|
+
# this time it should get the cert correctly
|
196
|
+
assert_nothing_raised {
|
197
|
+
client.initcerts
|
198
|
+
}
|
199
|
+
|
200
|
+
# this isn't a very good test, since i just wrote the file out
|
201
|
+
assert(File.exists?(certfile))
|
202
|
+
end
|
203
|
+
end
|