puppet 0.9.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +0 -0
- data/COPYING +340 -0
- data/LICENSE +17 -0
- data/README +24 -0
- data/Rakefile +294 -0
- data/TODO +4 -0
- data/bin/cf2puppet +186 -0
- data/bin/puppet +176 -0
- data/bin/puppetca +213 -0
- data/bin/puppetd +246 -0
- data/bin/puppetdoc +184 -0
- data/bin/puppetmasterd +258 -0
- data/examples/code/allatonce +13 -0
- data/examples/code/assignments +11 -0
- data/examples/code/classing +35 -0
- data/examples/code/components +73 -0
- data/examples/code/execs +16 -0
- data/examples/code/failers/badclassnoparam +10 -0
- data/examples/code/failers/badclassparam +10 -0
- data/examples/code/failers/badcompnoparam +9 -0
- data/examples/code/failers/badcompparam +9 -0
- data/examples/code/failers/badtypeparam +3 -0
- data/examples/code/file.bl +11 -0
- data/examples/code/filedefaults +10 -0
- data/examples/code/fileparsing +116 -0
- data/examples/code/filerecursion +15 -0
- data/examples/code/functions +3 -0
- data/examples/code/groups +7 -0
- data/examples/code/head +30 -0
- data/examples/code/importing +8 -0
- data/examples/code/nodes +20 -0
- data/examples/code/one +8 -0
- data/examples/code/relationships +34 -0
- data/examples/code/selectors +28 -0
- data/examples/code/simpletests +11 -0
- data/examples/code/snippets/argumentdefaults +14 -0
- data/examples/code/snippets/casestatement +39 -0
- data/examples/code/snippets/classheirarchy.pp +15 -0
- data/examples/code/snippets/classincludes.pp +17 -0
- data/examples/code/snippets/classpathtest +11 -0
- data/examples/code/snippets/dirchmod +19 -0
- data/examples/code/snippets/failmissingexecpath.pp +13 -0
- data/examples/code/snippets/falsevalues.pp +3 -0
- data/examples/code/snippets/filecreate +11 -0
- data/examples/code/snippets/implicititeration +15 -0
- data/examples/code/snippets/multipleinstances +7 -0
- data/examples/code/snippets/namevartest +9 -0
- data/examples/code/snippets/scopetest +13 -0
- data/examples/code/snippets/selectorvalues.pp +22 -0
- data/examples/code/snippets/simpledefaults +5 -0
- data/examples/code/snippets/simpleselector +38 -0
- data/examples/code/svncommit +13 -0
- data/examples/root/bin/sleeper +69 -0
- data/examples/root/etc/configfile +0 -0
- data/examples/root/etc/debian-passwd +29 -0
- data/examples/root/etc/debian-syslog.conf +71 -0
- data/examples/root/etc/init.d/sleeper +65 -0
- data/examples/root/etc/otherfile +0 -0
- data/examples/root/etc/puppet/fileserver.conf +3 -0
- data/examples/root/etc/puppet/puppetmasterd.conf +10 -0
- data/ext/module:puppet +195 -0
- data/install.rb +270 -0
- data/lib/puppet.rb +249 -0
- data/lib/puppet/base64.rb +19 -0
- data/lib/puppet/client.rb +519 -0
- data/lib/puppet/config.rb +49 -0
- data/lib/puppet/daemon.rb +208 -0
- data/lib/puppet/element.rb +71 -0
- data/lib/puppet/event.rb +259 -0
- data/lib/puppet/log.rb +321 -0
- data/lib/puppet/metric.rb +250 -0
- data/lib/puppet/parsedfile.rb +38 -0
- data/lib/puppet/parser/ast.rb +1560 -0
- data/lib/puppet/parser/interpreter.rb +150 -0
- data/lib/puppet/parser/lexer.rb +226 -0
- data/lib/puppet/parser/parser.rb +1354 -0
- data/lib/puppet/parser/scope.rb +755 -0
- data/lib/puppet/server.rb +170 -0
- data/lib/puppet/server/authstore.rb +227 -0
- data/lib/puppet/server/ca.rb +140 -0
- data/lib/puppet/server/filebucket.rb +147 -0
- data/lib/puppet/server/fileserver.rb +477 -0
- data/lib/puppet/server/logger.rb +43 -0
- data/lib/puppet/server/master.rb +103 -0
- data/lib/puppet/server/servlet.rb +247 -0
- data/lib/puppet/sslcertificates.rb +737 -0
- data/lib/puppet/statechange.rb +150 -0
- data/lib/puppet/storage.rb +95 -0
- data/lib/puppet/transaction.rb +179 -0
- data/lib/puppet/transportable.rb +151 -0
- data/lib/puppet/type.rb +1354 -0
- data/lib/puppet/type/component.rb +141 -0
- data/lib/puppet/type/cron.rb +543 -0
- data/lib/puppet/type/exec.rb +316 -0
- data/lib/puppet/type/group.rb +152 -0
- data/lib/puppet/type/nameservice.rb +3 -0
- data/lib/puppet/type/nameservice/netinfo.rb +173 -0
- data/lib/puppet/type/nameservice/objectadd.rb +146 -0
- data/lib/puppet/type/nameservice/posix.rb +200 -0
- data/lib/puppet/type/package.rb +420 -0
- data/lib/puppet/type/package/apt.rb +70 -0
- data/lib/puppet/type/package/dpkg.rb +108 -0
- data/lib/puppet/type/package/rpm.rb +81 -0
- data/lib/puppet/type/package/sun.rb +117 -0
- data/lib/puppet/type/package/yum.rb +58 -0
- data/lib/puppet/type/pfile.rb +569 -0
- data/lib/puppet/type/pfile/checksum.rb +219 -0
- data/lib/puppet/type/pfile/create.rb +108 -0
- data/lib/puppet/type/pfile/group.rb +129 -0
- data/lib/puppet/type/pfile/mode.rb +131 -0
- data/lib/puppet/type/pfile/source.rb +264 -0
- data/lib/puppet/type/pfile/type.rb +31 -0
- data/lib/puppet/type/pfile/uid.rb +166 -0
- data/lib/puppet/type/pfilebucket.rb +80 -0
- data/lib/puppet/type/pprocess.rb +97 -0
- data/lib/puppet/type/service.rb +347 -0
- data/lib/puppet/type/service/base.rb +17 -0
- data/lib/puppet/type/service/debian.rb +50 -0
- data/lib/puppet/type/service/init.rb +145 -0
- data/lib/puppet/type/service/smf.rb +29 -0
- data/lib/puppet/type/state.rb +182 -0
- data/lib/puppet/type/symlink.rb +183 -0
- data/lib/puppet/type/tidy.rb +183 -0
- data/lib/puppet/type/typegen.rb +149 -0
- data/lib/puppet/type/typegen/filerecord.rb +243 -0
- data/lib/puppet/type/typegen/filetype.rb +316 -0
- data/lib/puppet/type/user.rb +290 -0
- data/lib/puppet/util.rb +138 -0
- data/test/certmgr/certmgr.rb +265 -0
- data/test/client/client.rb +203 -0
- data/test/executables/puppetbin.rb +53 -0
- data/test/executables/puppetca.rb +79 -0
- data/test/executables/puppetd.rb +71 -0
- data/test/executables/puppetmasterd.rb +153 -0
- data/test/executables/puppetmodule.rb +60 -0
- data/test/language/ast.rb +412 -0
- data/test/language/interpreter.rb +71 -0
- data/test/language/scope.rb +412 -0
- data/test/language/snippets.rb +445 -0
- data/test/other/events.rb +111 -0
- data/test/other/log.rb +195 -0
- data/test/other/metrics.rb +92 -0
- data/test/other/overrides.rb +115 -0
- data/test/other/parsedfile.rb +31 -0
- data/test/other/relationships.rb +113 -0
- data/test/other/state.rb +106 -0
- data/test/other/storage.rb +39 -0
- data/test/other/transactions.rb +235 -0
- data/test/parser/lexer.rb +120 -0
- data/test/parser/parser.rb +180 -0
- data/test/puppet/conffiles.rb +104 -0
- data/test/puppet/defaults.rb +100 -0
- data/test/puppet/error.rb +23 -0
- data/test/puppet/utiltest.rb +120 -0
- data/test/puppettest.rb +774 -0
- data/test/server/authstore.rb +209 -0
- data/test/server/bucket.rb +227 -0
- data/test/server/ca.rb +201 -0
- data/test/server/fileserver.rb +710 -0
- data/test/server/logger.rb +175 -0
- data/test/server/master.rb +150 -0
- data/test/server/server.rb +130 -0
- data/test/tagging/tagging.rb +80 -0
- data/test/test +51 -0
- data/test/types/basic.rb +119 -0
- data/test/types/component.rb +272 -0
- data/test/types/cron.rb +261 -0
- data/test/types/exec.rb +273 -0
- data/test/types/file.rb +616 -0
- data/test/types/filebucket.rb +167 -0
- data/test/types/fileignoresource.rb +287 -0
- data/test/types/filesources.rb +587 -0
- data/test/types/filetype.rb +162 -0
- data/test/types/group.rb +271 -0
- data/test/types/package.rb +205 -0
- data/test/types/query.rb +101 -0
- data/test/types/service.rb +100 -0
- data/test/types/symlink.rb +93 -0
- data/test/types/tidy.rb +124 -0
- data/test/types/type.rb +135 -0
- data/test/types/user.rb +371 -0
- metadata +243 -0
@@ -0,0 +1,209 @@
|
|
1
|
+
if __FILE__ == $0
|
2
|
+
if Dir.getwd =~ /test\/server$/
|
3
|
+
Dir.chdir("..")
|
4
|
+
end
|
5
|
+
|
6
|
+
$:.unshift '../lib'
|
7
|
+
$puppetbase = ".."
|
8
|
+
|
9
|
+
end
|
10
|
+
|
11
|
+
require 'puppet'
|
12
|
+
require 'puppet/server/authstore'
|
13
|
+
require 'test/unit'
|
14
|
+
require 'puppettest.rb'
|
15
|
+
|
16
|
+
class TestAuthStore < Test::Unit::TestCase
|
17
|
+
include TestPuppet
|
18
|
+
def mkstore
|
19
|
+
store = nil
|
20
|
+
assert_nothing_raised {
|
21
|
+
store = Puppet::Server::AuthStore.new
|
22
|
+
}
|
23
|
+
|
24
|
+
return store
|
25
|
+
end
|
26
|
+
|
27
|
+
def test_localallow
|
28
|
+
store = mkstore
|
29
|
+
|
30
|
+
assert_nothing_raised {
|
31
|
+
assert(store.allowed?(nil, nil), "Store disallowed local access")
|
32
|
+
}
|
33
|
+
|
34
|
+
assert_raise(Puppet::DevError) {
|
35
|
+
store.allowed?("kirby.madstop.com", nil)
|
36
|
+
}
|
37
|
+
|
38
|
+
assert_raise(Puppet::DevError) {
|
39
|
+
store.allowed?(nil, "192.168.0.1")
|
40
|
+
}
|
41
|
+
end
|
42
|
+
|
43
|
+
def test_hostnames
|
44
|
+
store = mkstore
|
45
|
+
|
46
|
+
%w{
|
47
|
+
kirby.madstop.com
|
48
|
+
luke.madstop.net
|
49
|
+
name-other.madstop.net
|
50
|
+
}.each { |name|
|
51
|
+
assert_nothing_raised("Failed to store simple name %s" % name) {
|
52
|
+
store.allow(name)
|
53
|
+
}
|
54
|
+
assert(store.allowed?(name, "192.168.0.1"), "Name %s not allowed" % name)
|
55
|
+
}
|
56
|
+
|
57
|
+
%w{
|
58
|
+
invalid
|
59
|
+
^invalid!
|
60
|
+
inval$id
|
61
|
+
|
62
|
+
}.each { |pat|
|
63
|
+
assert_raise(Puppet::Server::AuthStoreError,
|
64
|
+
"name '%s' was allowed" % pat) {
|
65
|
+
store.allow(pat)
|
66
|
+
}
|
67
|
+
}
|
68
|
+
end
|
69
|
+
|
70
|
+
def test_domains
|
71
|
+
store = mkstore
|
72
|
+
|
73
|
+
assert_nothing_raised("Failed to store domains") {
|
74
|
+
store.allow("*.a.very.long.domain.name.com")
|
75
|
+
store.allow("*.madstop.com")
|
76
|
+
store.allow("*.some-other.net")
|
77
|
+
store.allow("*.much.longer.more-other.net")
|
78
|
+
}
|
79
|
+
|
80
|
+
%w{
|
81
|
+
madstop.com
|
82
|
+
culain.madstop.com
|
83
|
+
kirby.madstop.com
|
84
|
+
funtest.some-other.net
|
85
|
+
ya-test.madstop.com
|
86
|
+
some.much.much.longer.more-other.net
|
87
|
+
}.each { |name|
|
88
|
+
assert(store.allowed?(name, "192.168.0.1"), "Host %s not allowed" % name)
|
89
|
+
}
|
90
|
+
|
91
|
+
assert_raise(Puppet::Server::AuthStoreError) {
|
92
|
+
store.allow("domain.*.com")
|
93
|
+
}
|
94
|
+
|
95
|
+
assert(!store.allowed?("very.long.domain.name.com", "1.2.3.4"),
|
96
|
+
"Long hostname allowed")
|
97
|
+
|
98
|
+
assert_raise(Puppet::Server::AuthStoreError) {
|
99
|
+
store.allow("domain.*.other.com")
|
100
|
+
}
|
101
|
+
end
|
102
|
+
|
103
|
+
def test_simpleips
|
104
|
+
store = mkstore
|
105
|
+
|
106
|
+
%w{
|
107
|
+
192.168.0.5
|
108
|
+
7.0.48.7
|
109
|
+
}.each { |ip|
|
110
|
+
assert_nothing_raised("Failed to store IP address %s" % ip) {
|
111
|
+
store.allow(ip)
|
112
|
+
}
|
113
|
+
|
114
|
+
assert(store.allowed?("hosttest.com", ip), "IP %s not allowed" % ip)
|
115
|
+
}
|
116
|
+
|
117
|
+
assert_raise(Puppet::Server::AuthStoreError) {
|
118
|
+
store.allow("192.168.674.0")
|
119
|
+
}
|
120
|
+
|
121
|
+
assert_raise(Puppet::Server::AuthStoreError) {
|
122
|
+
store.allow("192.168.0")
|
123
|
+
}
|
124
|
+
end
|
125
|
+
|
126
|
+
def test_ipranges
|
127
|
+
store = mkstore
|
128
|
+
|
129
|
+
%w{
|
130
|
+
192.168.0.*
|
131
|
+
192.168.1.0/24
|
132
|
+
192.178.*
|
133
|
+
193.179.0.0/8
|
134
|
+
}.each { |range|
|
135
|
+
assert_nothing_raised("Failed to store IP range %s" % range) {
|
136
|
+
store.allow(range)
|
137
|
+
}
|
138
|
+
}
|
139
|
+
|
140
|
+
%w{
|
141
|
+
192.168.0.1
|
142
|
+
192.168.1.5
|
143
|
+
192.178.0.5
|
144
|
+
193.0.0.1
|
145
|
+
}.each { |ip|
|
146
|
+
assert(store.allowed?("fakename.com", ip), "IP %s is not allowed" % ip)
|
147
|
+
}
|
148
|
+
end
|
149
|
+
|
150
|
+
def test_iprangedenials
|
151
|
+
store = mkstore
|
152
|
+
|
153
|
+
assert_nothing_raised("Failed to store overlapping IP ranges") {
|
154
|
+
store.allow("192.168.0.0/16")
|
155
|
+
store.deny("192.168.0.0/24")
|
156
|
+
}
|
157
|
+
|
158
|
+
assert(store.allowed?("fake.name", "192.168.1.50"), "/16 ip not allowed")
|
159
|
+
assert(! store.allowed?("fake.name", "192.168.0.50"), "/24 ip allowed")
|
160
|
+
end
|
161
|
+
|
162
|
+
def test_subdomaindenails
|
163
|
+
store = mkstore
|
164
|
+
|
165
|
+
assert_nothing_raised("Failed to store overlapping IP ranges") {
|
166
|
+
store.allow("*.madstop.com")
|
167
|
+
store.deny("*.sub.madstop.com")
|
168
|
+
}
|
169
|
+
|
170
|
+
assert(store.allowed?("hostname.madstop.com", "192.168.1.50"),
|
171
|
+
"hostname not allowed")
|
172
|
+
assert(! store.allowed?("name.sub.madstop.com", "192.168.0.50"),
|
173
|
+
"subname name allowed")
|
174
|
+
end
|
175
|
+
|
176
|
+
def test_orderingstuff
|
177
|
+
store = mkstore
|
178
|
+
|
179
|
+
assert_nothing_raised("Failed to store overlapping IP ranges") {
|
180
|
+
store.allow("*.madstop.com")
|
181
|
+
store.deny("192.168.0.0/24")
|
182
|
+
}
|
183
|
+
|
184
|
+
assert(store.allowed?("hostname.madstop.com", "192.168.1.50"),
|
185
|
+
"hostname not allowed")
|
186
|
+
assert(! store.allowed?("hostname.madstop.com", "192.168.0.50"),
|
187
|
+
"Host allowed over IP")
|
188
|
+
end
|
189
|
+
|
190
|
+
def test_globalallow
|
191
|
+
store = mkstore
|
192
|
+
|
193
|
+
assert_nothing_raised("Failed to add global allow") {
|
194
|
+
store.allow("*")
|
195
|
+
}
|
196
|
+
|
197
|
+
[
|
198
|
+
%w{hostname.com 192.168.0.4},
|
199
|
+
%w{localhost 192.168.0.1},
|
200
|
+
%w{localhost 127.0.0.1}
|
201
|
+
|
202
|
+
].each { |ary|
|
203
|
+
assert(store.allowed?(*ary), "Failed to allow %s" % [ary.join(",")])
|
204
|
+
}
|
205
|
+
end
|
206
|
+
end
|
207
|
+
|
208
|
+
# $Id: authstore.rb 742 2005-11-16 17:12:11Z luke $
|
209
|
+
|
@@ -0,0 +1,227 @@
|
|
1
|
+
if __FILE__ == $0
|
2
|
+
$:.unshift '../../lib'
|
3
|
+
$:.unshift '..'
|
4
|
+
$puppetbase = "../.."
|
5
|
+
$debug = true
|
6
|
+
else
|
7
|
+
$debug = false
|
8
|
+
end
|
9
|
+
|
10
|
+
require 'puppet'
|
11
|
+
require 'test/unit'
|
12
|
+
require 'puppettest.rb'
|
13
|
+
require 'base64'
|
14
|
+
|
15
|
+
class TestBucket < Test::Unit::TestCase
|
16
|
+
include ServerTest
|
17
|
+
# run through all of the files and exercise the filebucket methods
|
18
|
+
def checkfiles(client)
|
19
|
+
files = filelist()
|
20
|
+
|
21
|
+
# iterate across all of the files
|
22
|
+
files.each { |file|
|
23
|
+
spin
|
24
|
+
tempdir = tempfile()
|
25
|
+
Dir.mkdir(tempdir)
|
26
|
+
name = File.basename(file)
|
27
|
+
tmppath = File.join(tempdir,name)
|
28
|
+
@@tmpfiles << tmppath
|
29
|
+
|
30
|
+
# copy the files to our tmp directory so we can modify them...
|
31
|
+
File.open(tmppath,File::WRONLY|File::TRUNC|File::CREAT) { |wf|
|
32
|
+
File.open(file) { |rf|
|
33
|
+
wf.print(rf.read)
|
34
|
+
}
|
35
|
+
}
|
36
|
+
|
37
|
+
# make sure the copy worked
|
38
|
+
assert(FileTest.exists?(tmppath))
|
39
|
+
|
40
|
+
# backup both the orig file and the tmp file
|
41
|
+
osum = nil
|
42
|
+
tsum = nil
|
43
|
+
nsum = nil
|
44
|
+
spin
|
45
|
+
assert_nothing_raised {
|
46
|
+
osum = client.backup(file)
|
47
|
+
}
|
48
|
+
spin
|
49
|
+
assert_nothing_raised {
|
50
|
+
tsum = client.backup(tmppath)
|
51
|
+
}
|
52
|
+
|
53
|
+
# verify you got the same sum back for both
|
54
|
+
assert(tsum == osum)
|
55
|
+
|
56
|
+
# modify our tmp file
|
57
|
+
File.open(tmppath,File::WRONLY|File::TRUNC) { |wf|
|
58
|
+
wf.print "This is some test text\n"
|
59
|
+
}
|
60
|
+
|
61
|
+
# back it up
|
62
|
+
spin
|
63
|
+
assert_nothing_raised {
|
64
|
+
#STDERR.puts("backing up %s" % tmppath) if $debug
|
65
|
+
nsum = client.backup(tmppath)
|
66
|
+
}
|
67
|
+
|
68
|
+
# and verify the sum changed
|
69
|
+
assert(tsum != nsum)
|
70
|
+
|
71
|
+
# restore the orig
|
72
|
+
spin
|
73
|
+
assert_nothing_raised {
|
74
|
+
nsum = client.restore(tmppath,tsum)
|
75
|
+
}
|
76
|
+
|
77
|
+
# and verify it actually got restored
|
78
|
+
spin
|
79
|
+
contents = File.open(tmppath) { |rf|
|
80
|
+
#STDERR.puts("reading %s" % tmppath) if $debug
|
81
|
+
rf.read
|
82
|
+
}
|
83
|
+
csum = Digest::MD5.hexdigest(contents)
|
84
|
+
assert(tsum == csum)
|
85
|
+
}
|
86
|
+
end
|
87
|
+
|
88
|
+
# a list of files that should be on the system
|
89
|
+
# just something to test moving files around
|
90
|
+
def filelist
|
91
|
+
if defined? @files
|
92
|
+
return @files
|
93
|
+
else
|
94
|
+
@files = []
|
95
|
+
end
|
96
|
+
|
97
|
+
%w{
|
98
|
+
who bash vim sh uname /etc/passwd /etc/syslog.conf /etc/hosts
|
99
|
+
}.each { |file|
|
100
|
+
# if it's fully qualified, just add it
|
101
|
+
if file =~ /^\//
|
102
|
+
if FileTest.exists?(file)
|
103
|
+
@files.push file
|
104
|
+
end
|
105
|
+
else
|
106
|
+
# else if it's unqualified, look for it in our path
|
107
|
+
begin
|
108
|
+
path = %x{which #{file}}
|
109
|
+
rescue => detail
|
110
|
+
#STDERR.puts "Could not search for binaries: %s" % detail
|
111
|
+
next
|
112
|
+
end
|
113
|
+
|
114
|
+
if path != ""
|
115
|
+
@files.push path.chomp
|
116
|
+
end
|
117
|
+
end
|
118
|
+
}
|
119
|
+
|
120
|
+
return @files
|
121
|
+
end
|
122
|
+
|
123
|
+
def setup
|
124
|
+
super
|
125
|
+
@bucket = File.join(Puppet[:puppetconf], "buckettesting")
|
126
|
+
|
127
|
+
@@tmpfiles << @bucket
|
128
|
+
end
|
129
|
+
|
130
|
+
# test operating against the local filebucket object
|
131
|
+
# this calls the direct server methods, which are different than the
|
132
|
+
# Dipper methods
|
133
|
+
def test_localserver
|
134
|
+
files = filelist()
|
135
|
+
server = nil
|
136
|
+
assert_nothing_raised {
|
137
|
+
server = Puppet::Server::FileBucket.new(
|
138
|
+
:Bucket => @bucket
|
139
|
+
)
|
140
|
+
}
|
141
|
+
|
142
|
+
# iterate across them...
|
143
|
+
files.each { |file|
|
144
|
+
spin
|
145
|
+
contents = File.open(file) { |of| of.read }
|
146
|
+
|
147
|
+
md5 = nil
|
148
|
+
|
149
|
+
# add a file to the repository
|
150
|
+
assert_nothing_raised {
|
151
|
+
#STDERR.puts("adding %s" % file) if $debug
|
152
|
+
md5 = server.addfile(Base64.encode64(contents),file)
|
153
|
+
}
|
154
|
+
|
155
|
+
# and get it back again
|
156
|
+
newcontents = nil
|
157
|
+
assert_nothing_raised {
|
158
|
+
#STDERR.puts("getting %s" % file) if $debug
|
159
|
+
newcontents = Base64.decode64(server.getfile(md5))
|
160
|
+
}
|
161
|
+
|
162
|
+
# and then make sure they're still the same
|
163
|
+
assert(
|
164
|
+
contents == newcontents
|
165
|
+
)
|
166
|
+
}
|
167
|
+
end
|
168
|
+
|
169
|
+
# test with a server and a Dipper
|
170
|
+
def test_localboth
|
171
|
+
files = filelist()
|
172
|
+
|
173
|
+
tmpdir = File.join(tmpdir(),"tmpfiledir")
|
174
|
+
@@tmpfiles << tmpdir
|
175
|
+
FileUtils.mkdir_p(tmpdir)
|
176
|
+
|
177
|
+
bucket = nil
|
178
|
+
client = nil
|
179
|
+
threads = []
|
180
|
+
assert_nothing_raised {
|
181
|
+
bucket = Puppet::Server::FileBucket.new(
|
182
|
+
:Bucket => @bucket
|
183
|
+
)
|
184
|
+
}
|
185
|
+
|
186
|
+
#sleep(30)
|
187
|
+
assert_nothing_raised {
|
188
|
+
client = Puppet::Client::Dipper.new(
|
189
|
+
:Bucket => bucket
|
190
|
+
)
|
191
|
+
}
|
192
|
+
|
193
|
+
checkfiles(client)
|
194
|
+
|
195
|
+
end
|
196
|
+
|
197
|
+
# test that things work over the wire
|
198
|
+
def test_webxmlmix
|
199
|
+
files = filelist()
|
200
|
+
|
201
|
+
tmpdir = File.join(tmpdir(),"tmpfiledir")
|
202
|
+
@@tmpfiles << tmpdir
|
203
|
+
FileUtils.mkdir_p(tmpdir)
|
204
|
+
|
205
|
+
Puppet[:autosign] = true
|
206
|
+
client = nil
|
207
|
+
port = Puppet[:masterport]
|
208
|
+
|
209
|
+
pid = mkserver(:CA => {}, :FileBucket => { :Bucket => @bucket})
|
210
|
+
|
211
|
+
assert_nothing_raised {
|
212
|
+
client = Puppet::Client::Dipper.new(
|
213
|
+
:Server => "localhost",
|
214
|
+
:Port => @@port
|
215
|
+
)
|
216
|
+
}
|
217
|
+
|
218
|
+
checkfiles(client)
|
219
|
+
|
220
|
+
unless pid
|
221
|
+
raise "Uh, we don't have a child pid"
|
222
|
+
end
|
223
|
+
system("kill %s" % pid)
|
224
|
+
end
|
225
|
+
end
|
226
|
+
|
227
|
+
# $Id: bucket.rb 742 2005-11-16 17:12:11Z luke $
|
data/test/server/ca.rb
ADDED
@@ -0,0 +1,201 @@
|
|
1
|
+
if __FILE__ == $0
|
2
|
+
$:.unshift '../../lib'
|
3
|
+
$:.unshift '..'
|
4
|
+
$puppetbase = "../.."
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'puppet'
|
8
|
+
require 'puppet/server/ca'
|
9
|
+
require 'puppet/sslcertificates'
|
10
|
+
require 'openssl'
|
11
|
+
require 'test/unit'
|
12
|
+
require 'puppettest.rb'
|
13
|
+
|
14
|
+
# $Id: ca.rb 747 2005-11-22 03:54:30Z luke $
|
15
|
+
|
16
|
+
if ARGV.length > 0 and ARGV[0] == "short"
|
17
|
+
$short = true
|
18
|
+
else
|
19
|
+
$short = false
|
20
|
+
end
|
21
|
+
|
22
|
+
class TestCA < Test::Unit::TestCase
|
23
|
+
include ServerTest
|
24
|
+
def teardown
|
25
|
+
super
|
26
|
+
#print "\n\n" if Puppet[:debug]
|
27
|
+
end
|
28
|
+
|
29
|
+
# Verify that we're autosigning. We have to autosign a "different" machine,
|
30
|
+
# since we always autosign the CA server's certificate.
|
31
|
+
def test_autocertgeneration
|
32
|
+
ca = nil
|
33
|
+
|
34
|
+
# create our ca
|
35
|
+
assert_nothing_raised {
|
36
|
+
ca = Puppet::Server::CA.new(:autosign => true)
|
37
|
+
}
|
38
|
+
|
39
|
+
# create a cert with a fake name
|
40
|
+
key = nil
|
41
|
+
csr = nil
|
42
|
+
cert = nil
|
43
|
+
hostname = "test.domain.com"
|
44
|
+
assert_nothing_raised {
|
45
|
+
cert = Puppet::SSLCertificates::Certificate.new(
|
46
|
+
:name => "test.domain.com"
|
47
|
+
)
|
48
|
+
}
|
49
|
+
|
50
|
+
# make the request
|
51
|
+
assert_nothing_raised {
|
52
|
+
cert.mkcsr
|
53
|
+
}
|
54
|
+
|
55
|
+
# and get it signed
|
56
|
+
certtext = nil
|
57
|
+
cacerttext = nil
|
58
|
+
assert_nothing_raised {
|
59
|
+
certtext, cacerttext = ca.getcert(cert.csr.to_s)
|
60
|
+
}
|
61
|
+
|
62
|
+
# they should both be strings
|
63
|
+
assert_instance_of(String, certtext)
|
64
|
+
assert_instance_of(String, cacerttext)
|
65
|
+
|
66
|
+
# and they should both be valid certs
|
67
|
+
assert_nothing_raised {
|
68
|
+
OpenSSL::X509::Certificate.new(certtext)
|
69
|
+
}
|
70
|
+
assert_nothing_raised {
|
71
|
+
OpenSSL::X509::Certificate.new(cacerttext)
|
72
|
+
}
|
73
|
+
|
74
|
+
# and pull it again, just to make sure we're getting the same thing
|
75
|
+
newtext = nil
|
76
|
+
assert_nothing_raised {
|
77
|
+
newtext, cacerttext = ca.getcert(
|
78
|
+
cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
|
79
|
+
)
|
80
|
+
}
|
81
|
+
|
82
|
+
assert_equal(certtext,newtext)
|
83
|
+
end
|
84
|
+
|
85
|
+
# this time don't use autosign
|
86
|
+
def test_storeAndSign
|
87
|
+
ca = nil
|
88
|
+
caserv = nil
|
89
|
+
|
90
|
+
# make our CA server
|
91
|
+
assert_nothing_raised {
|
92
|
+
caserv = Puppet::Server::CA.new(:autosign => false)
|
93
|
+
}
|
94
|
+
|
95
|
+
# retrieve the actual ca object
|
96
|
+
assert_nothing_raised {
|
97
|
+
ca = caserv.ca
|
98
|
+
}
|
99
|
+
|
100
|
+
# make our test cert again
|
101
|
+
key = nil
|
102
|
+
csr = nil
|
103
|
+
cert = nil
|
104
|
+
hostname = "test.domain.com"
|
105
|
+
assert_nothing_raised {
|
106
|
+
cert = Puppet::SSLCertificates::Certificate.new(
|
107
|
+
:name => "anothertest.domain.com"
|
108
|
+
)
|
109
|
+
}
|
110
|
+
# and the CSR
|
111
|
+
assert_nothing_raised {
|
112
|
+
cert.mkcsr
|
113
|
+
}
|
114
|
+
|
115
|
+
# retrieve them
|
116
|
+
certtext = nil
|
117
|
+
assert_nothing_raised {
|
118
|
+
certtext, cacerttext = caserv.getcert(
|
119
|
+
cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
|
120
|
+
)
|
121
|
+
}
|
122
|
+
|
123
|
+
# verify we got nothing back, since autosign is off
|
124
|
+
assert_equal("", certtext)
|
125
|
+
|
126
|
+
# now sign it manually, with the CA object
|
127
|
+
x509 = nil
|
128
|
+
assert_nothing_raised {
|
129
|
+
x509, cacert = ca.sign(cert.csr)
|
130
|
+
}
|
131
|
+
|
132
|
+
# and write it out
|
133
|
+
cert.cert = x509
|
134
|
+
assert_nothing_raised {
|
135
|
+
cert.write
|
136
|
+
}
|
137
|
+
|
138
|
+
assert(File.exists?(cert.certfile))
|
139
|
+
|
140
|
+
# now get them again, and verify that we actually get them
|
141
|
+
newtext = nil
|
142
|
+
assert_nothing_raised {
|
143
|
+
newtext, cacerttext = caserv.getcert(cert.csr.to_s)
|
144
|
+
}
|
145
|
+
|
146
|
+
assert(newtext)
|
147
|
+
assert_nothing_raised {
|
148
|
+
OpenSSL::X509::Certificate.new(newtext)
|
149
|
+
}
|
150
|
+
end
|
151
|
+
|
152
|
+
# and now test the autosign file
|
153
|
+
def test_autosign
|
154
|
+
autosign = File.join(tmpdir, "autosigntesting")
|
155
|
+
@@tmpfiles << autosign
|
156
|
+
File.open(autosign, "w") { |f|
|
157
|
+
f.puts "hostmatch.domain.com"
|
158
|
+
f.puts "*.other.com"
|
159
|
+
}
|
160
|
+
|
161
|
+
caserv = nil
|
162
|
+
assert_nothing_raised {
|
163
|
+
caserv = Puppet::Server::CA.new(:autosign => autosign)
|
164
|
+
}
|
165
|
+
|
166
|
+
# make sure we know what's going on
|
167
|
+
assert(caserv.autosign?("hostmatch.domain.com"))
|
168
|
+
assert(caserv.autosign?("fakehost.other.com"))
|
169
|
+
assert(!caserv.autosign?("kirby.reductivelabs.com"))
|
170
|
+
assert(!caserv.autosign?("culain.domain.com"))
|
171
|
+
end
|
172
|
+
|
173
|
+
# verify that things aren't autosigned by default
|
174
|
+
def test_nodefaultautosign
|
175
|
+
caserv = nil
|
176
|
+
assert_nothing_raised {
|
177
|
+
caserv = Puppet::Server::CA.new()
|
178
|
+
}
|
179
|
+
|
180
|
+
# make sure we know what's going on
|
181
|
+
assert(!caserv.autosign?("hostmatch.domain.com"))
|
182
|
+
assert(!caserv.autosign?("fakehost.other.com"))
|
183
|
+
assert(!caserv.autosign?("kirby.reductivelabs.com"))
|
184
|
+
assert(!caserv.autosign?("culain.domain.com"))
|
185
|
+
end
|
186
|
+
|
187
|
+
# We want the CA to autosign its own certificate, because otherwise
|
188
|
+
# the puppetmasterd CA does not autostart.
|
189
|
+
def test_caautosign
|
190
|
+
server = nil
|
191
|
+
assert_nothing_raised {
|
192
|
+
server = Puppet::Server.new(
|
193
|
+
:Port => @@port,
|
194
|
+
:Handlers => {
|
195
|
+
:CA => {}, # so that certs autogenerate
|
196
|
+
:Status => nil
|
197
|
+
}
|
198
|
+
)
|
199
|
+
}
|
200
|
+
end
|
201
|
+
end
|