puppet 0.9.2

data/test/server/authstore.rb

@@ -0,0 +1,209 @@
+if __FILE__ == $0
+    if Dir.getwd =~ /test\/server$/
+        Dir.chdir("..")
+    end
+
+    $:.unshift '../lib'
+    $puppetbase = ".."
+
+end
+
+require 'puppet'
+require 'puppet/server/authstore'
+require 'test/unit'
+require 'puppettest.rb'
+
+class TestAuthStore < Test::Unit::TestCase
+	include TestPuppet
+    def mkstore
+        store = nil
+        assert_nothing_raised {
+            store = Puppet::Server::AuthStore.new
+        }
+
+        return store
+    end
+
+    def test_localallow
+        store = mkstore
+
+        assert_nothing_raised {
+            assert(store.allowed?(nil, nil), "Store disallowed local access")
+        }
+
+        assert_raise(Puppet::DevError) {
+            store.allowed?("kirby.madstop.com", nil)
+        }
+
+        assert_raise(Puppet::DevError) {
+            store.allowed?(nil, "192.168.0.1")
+        }
+    end
+
+    def test_hostnames
+        store = mkstore
+
+        %w{
+            kirby.madstop.com
+            luke.madstop.net
+            name-other.madstop.net
+        }.each { |name|
+            assert_nothing_raised("Failed to store simple name %s" % name) {
+                store.allow(name)
+            }
+            assert(store.allowed?(name, "192.168.0.1"), "Name %s not allowed" % name)
+        }
+
+        %w{
+            invalid
+            ^invalid!
+            inval$id
+        
+        }.each { |pat|
+            assert_raise(Puppet::Server::AuthStoreError,
+                "name '%s' was allowed" % pat) {
+                store.allow(pat)
+            }
+        }
+    end
+
+    def test_domains
+        store = mkstore
+
+        assert_nothing_raised("Failed to store domains") {
+            store.allow("*.a.very.long.domain.name.com")
+            store.allow("*.madstop.com")
+            store.allow("*.some-other.net")
+            store.allow("*.much.longer.more-other.net")
+        }
+
+        %w{
+            madstop.com
+            culain.madstop.com
+            kirby.madstop.com
+            funtest.some-other.net
+            ya-test.madstop.com
+            some.much.much.longer.more-other.net
+        }.each { |name|
+            assert(store.allowed?(name, "192.168.0.1"), "Host %s not allowed" % name)
+        }
+
+        assert_raise(Puppet::Server::AuthStoreError) {
+            store.allow("domain.*.com")
+        }
+
+        assert(!store.allowed?("very.long.domain.name.com", "1.2.3.4"),
+            "Long hostname allowed")
+
+        assert_raise(Puppet::Server::AuthStoreError) {
+            store.allow("domain.*.other.com")
+        }
+    end
+
+    def test_simpleips
+        store = mkstore
+
+        %w{
+            192.168.0.5
+            7.0.48.7
+        }.each { |ip|
+            assert_nothing_raised("Failed to store IP address %s" % ip) {
+                store.allow(ip)
+            }
+
+            assert(store.allowed?("hosttest.com", ip), "IP %s not allowed" % ip)
+        }
+
+        assert_raise(Puppet::Server::AuthStoreError) {
+            store.allow("192.168.674.0")
+        }
+
+        assert_raise(Puppet::Server::AuthStoreError) {
+            store.allow("192.168.0")
+        }
+    end
+
+    def test_ipranges
+        store = mkstore
+
+        %w{
+            192.168.0.*
+            192.168.1.0/24
+            192.178.*
+            193.179.0.0/8
+        }.each { |range|
+            assert_nothing_raised("Failed to store IP range %s" % range) {
+                store.allow(range)
+            }
+        }
+
+        %w{
+            192.168.0.1
+            192.168.1.5
+            192.178.0.5
+            193.0.0.1
+        }.each { |ip|
+            assert(store.allowed?("fakename.com", ip), "IP %s is not allowed" % ip)
+        }
+    end
+
+    def test_iprangedenials
+        store = mkstore
+
+        assert_nothing_raised("Failed to store overlapping IP ranges") {
+            store.allow("192.168.0.0/16")
+            store.deny("192.168.0.0/24")
+        }
+
+        assert(store.allowed?("fake.name", "192.168.1.50"), "/16 ip not allowed")
+        assert(! store.allowed?("fake.name", "192.168.0.50"), "/24 ip allowed")
+    end
+
+    def test_subdomaindenails
+        store = mkstore
+
+        assert_nothing_raised("Failed to store overlapping IP ranges") {
+            store.allow("*.madstop.com")
+            store.deny("*.sub.madstop.com")
+        }
+
+        assert(store.allowed?("hostname.madstop.com", "192.168.1.50"),
+            "hostname not allowed")
+        assert(! store.allowed?("name.sub.madstop.com", "192.168.0.50"),
+            "subname name allowed")
+    end
+
+    def test_orderingstuff
+        store = mkstore
+
+        assert_nothing_raised("Failed to store overlapping IP ranges") {
+            store.allow("*.madstop.com")
+            store.deny("192.168.0.0/24")
+        }
+
+        assert(store.allowed?("hostname.madstop.com", "192.168.1.50"),
+            "hostname not allowed")
+        assert(! store.allowed?("hostname.madstop.com", "192.168.0.50"),
+            "Host allowed over IP")
+    end
+
+    def test_globalallow
+        store = mkstore
+
+        assert_nothing_raised("Failed to add global allow") {
+            store.allow("*")
+        }
+
+        [
+            %w{hostname.com 192.168.0.4},
+            %w{localhost 192.168.0.1},
+            %w{localhost 127.0.0.1}
+            
+        ].each { |ary|
+            assert(store.allowed?(*ary), "Failed to allow %s" % [ary.join(",")])
+        }
+    end
+end
+
+# $Id: authstore.rb 742 2005-11-16 17:12:11Z luke $
+

data/test/server/bucket.rb

@@ -0,0 +1,227 @@
+if __FILE__ == $0
+    $:.unshift '../../lib'
+    $:.unshift '..'
+    $puppetbase = "../.."
+    $debug = true
+else
+    $debug = false
+end
+
+require 'puppet'
+require 'test/unit'
+require 'puppettest.rb'
+require 'base64'
+
+class TestBucket < Test::Unit::TestCase
+	include ServerTest
+    # run through all of the files and exercise the filebucket methods
+    def checkfiles(client)
+        files = filelist()
+
+        # iterate across all of the files
+        files.each { |file|
+            spin
+            tempdir = tempfile()
+            Dir.mkdir(tempdir)
+            name = File.basename(file)
+            tmppath = File.join(tempdir,name)
+            @@tmpfiles << tmppath
+
+            # copy the files to our tmp directory so we can modify them...
+            File.open(tmppath,File::WRONLY|File::TRUNC|File::CREAT) { |wf|
+                File.open(file) { |rf|
+                    wf.print(rf.read)
+                }
+            }
+
+            # make sure the copy worked
+            assert(FileTest.exists?(tmppath))
+
+            # backup both the orig file and the tmp file
+            osum = nil
+            tsum = nil
+            nsum = nil
+            spin
+            assert_nothing_raised {
+                osum = client.backup(file)
+            }
+            spin
+            assert_nothing_raised {
+                tsum = client.backup(tmppath)
+            }
+
+            # verify you got the same sum back for both
+            assert(tsum == osum)
+
+            # modify our tmp file
+            File.open(tmppath,File::WRONLY|File::TRUNC) { |wf|
+                wf.print "This is some test text\n"
+            }
+
+            # back it up
+            spin
+            assert_nothing_raised {
+                #STDERR.puts("backing up %s" % tmppath) if $debug
+                nsum = client.backup(tmppath)
+            }
+
+            # and verify the sum changed
+            assert(tsum != nsum)
+
+            # restore the orig
+            spin
+            assert_nothing_raised {
+                nsum = client.restore(tmppath,tsum)
+            }
+
+            # and verify it actually got restored
+            spin
+            contents = File.open(tmppath) { |rf|
+                #STDERR.puts("reading %s" % tmppath) if $debug
+                rf.read
+            }
+            csum = Digest::MD5.hexdigest(contents)
+            assert(tsum == csum)
+        }
+    end
+
+    # a list of files that should be on the system
+    # just something to test moving files around
+    def filelist
+        if defined? @files
+            return @files
+        else
+            @files = []
+        end
+
+        %w{
+            who bash vim sh uname /etc/passwd /etc/syslog.conf /etc/hosts 
+        }.each { |file|
+            # if it's fully qualified, just add it
+            if file =~ /^\//
+                if FileTest.exists?(file)
+                    @files.push file
+                end
+            else
+                # else if it's unqualified, look for it in our path
+                begin
+                    path = %x{which #{file}}
+                rescue => detail
+                    #STDERR.puts "Could not search for binaries: %s" % detail
+                    next
+                end
+
+                if path != ""
+                    @files.push path.chomp
+                end
+            end
+        }
+
+        return @files
+    end
+
+    def setup
+        super
+        @bucket = File.join(Puppet[:puppetconf], "buckettesting")
+
+        @@tmpfiles << @bucket
+    end
+
+    # test operating against the local filebucket object
+    # this calls the direct server methods, which are different than the
+    # Dipper methods
+    def test_localserver
+        files = filelist()
+        server = nil
+        assert_nothing_raised {
+            server = Puppet::Server::FileBucket.new(
+                :Bucket => @bucket
+            )
+        }
+
+        # iterate across them...
+        files.each { |file|
+            spin
+            contents = File.open(file) { |of| of.read }
+
+            md5 = nil
+
+            # add a file to the repository
+            assert_nothing_raised {
+                #STDERR.puts("adding %s" % file) if $debug
+                md5 = server.addfile(Base64.encode64(contents),file)
+            }
+
+            # and get it back again
+            newcontents = nil
+            assert_nothing_raised {
+                #STDERR.puts("getting %s" % file) if $debug
+                newcontents = Base64.decode64(server.getfile(md5))
+            }
+
+            # and then make sure they're still the same
+            assert(
+                contents == newcontents
+            )
+        }
+    end
+
+    # test with a server and a Dipper
+    def test_localboth
+        files = filelist()
+
+        tmpdir = File.join(tmpdir(),"tmpfiledir")
+        @@tmpfiles << tmpdir
+        FileUtils.mkdir_p(tmpdir)
+
+        bucket = nil
+        client = nil
+        threads = []
+        assert_nothing_raised {
+            bucket = Puppet::Server::FileBucket.new(
+                :Bucket => @bucket
+            )
+        }
+
+        #sleep(30)
+        assert_nothing_raised {
+            client = Puppet::Client::Dipper.new(
+                :Bucket => bucket
+            )
+        }
+
+        checkfiles(client)
+
+    end
+
+    # test that things work over the wire
+    def test_webxmlmix
+        files = filelist()
+
+        tmpdir = File.join(tmpdir(),"tmpfiledir")
+        @@tmpfiles << tmpdir
+        FileUtils.mkdir_p(tmpdir)
+
+        Puppet[:autosign] = true
+        client = nil
+        port = Puppet[:masterport]
+
+        pid = mkserver(:CA => {}, :FileBucket => { :Bucket => @bucket})
+
+        assert_nothing_raised {
+            client = Puppet::Client::Dipper.new(
+                :Server => "localhost",
+                :Port => @@port
+            )
+        }
+
+        checkfiles(client)
+
+        unless pid
+            raise "Uh, we don't have a child pid"
+        end
+        system("kill %s" % pid)
+    end
+end
+
+# $Id: bucket.rb 742 2005-11-16 17:12:11Z luke $

data/test/server/ca.rb

@@ -0,0 +1,201 @@
+if __FILE__ == $0
+    $:.unshift '../../lib'
+    $:.unshift '..'
+    $puppetbase = "../.."
+end
+
+require 'puppet'
+require 'puppet/server/ca'
+require 'puppet/sslcertificates'
+require 'openssl'
+require 'test/unit'
+require 'puppettest.rb'
+
+# $Id: ca.rb 747 2005-11-22 03:54:30Z luke $
+
+if ARGV.length > 0 and ARGV[0] == "short"
+    $short = true
+else
+    $short = false
+end
+
+class TestCA < Test::Unit::TestCase
+	include ServerTest
+    def teardown
+        super
+        #print "\n\n" if Puppet[:debug]
+    end
+
+    # Verify that we're autosigning.  We have to autosign a "different" machine,
+    # since we always autosign the CA server's certificate.
+    def test_autocertgeneration
+        ca = nil
+
+        # create our ca
+        assert_nothing_raised {
+            ca = Puppet::Server::CA.new(:autosign => true)
+        }
+
+        # create a cert with a fake name
+        key = nil
+        csr = nil
+        cert = nil
+        hostname = "test.domain.com"
+        assert_nothing_raised {
+            cert = Puppet::SSLCertificates::Certificate.new(
+                :name => "test.domain.com"
+            )
+        }
+
+        # make the request
+        assert_nothing_raised {
+            cert.mkcsr
+        }
+
+        # and get it signed
+        certtext = nil
+        cacerttext = nil
+        assert_nothing_raised {
+            certtext, cacerttext = ca.getcert(cert.csr.to_s)
+        }
+
+        # they should both be strings
+        assert_instance_of(String, certtext)
+        assert_instance_of(String, cacerttext)
+
+        # and they should both be valid certs
+        assert_nothing_raised {
+            OpenSSL::X509::Certificate.new(certtext)
+        }
+        assert_nothing_raised {
+            OpenSSL::X509::Certificate.new(cacerttext)
+        }
+
+        # and pull it again, just to make sure we're getting the same thing
+        newtext = nil
+        assert_nothing_raised {
+            newtext, cacerttext = ca.getcert(
+                cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
+            )
+        }
+
+        assert_equal(certtext,newtext)
+    end
+
+    # this time don't use autosign
+    def test_storeAndSign
+        ca = nil
+        caserv = nil
+
+        # make our CA server
+        assert_nothing_raised {
+            caserv = Puppet::Server::CA.new(:autosign => false)
+        }
+
+        # retrieve the actual ca object
+        assert_nothing_raised {
+            ca = caserv.ca
+        }
+
+        # make our test cert again
+        key = nil
+        csr = nil
+        cert = nil
+        hostname = "test.domain.com"
+        assert_nothing_raised {
+            cert = Puppet::SSLCertificates::Certificate.new(
+                :name => "anothertest.domain.com"
+            )
+        }
+        # and the CSR
+        assert_nothing_raised {
+            cert.mkcsr
+        }
+
+        # retrieve them
+        certtext = nil
+        assert_nothing_raised {
+            certtext, cacerttext = caserv.getcert(
+                cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
+            )
+        }
+
+        # verify we got nothing back, since autosign is off
+        assert_equal("", certtext)
+
+        # now sign it manually, with the CA object
+        x509 = nil
+        assert_nothing_raised {
+            x509, cacert = ca.sign(cert.csr)
+        }
+
+        # and write it out
+        cert.cert = x509
+        assert_nothing_raised {
+            cert.write
+        }
+
+        assert(File.exists?(cert.certfile))
+
+        # now get them again, and verify that we actually get them
+        newtext = nil
+        assert_nothing_raised {
+            newtext, cacerttext  = caserv.getcert(cert.csr.to_s)
+        }
+
+        assert(newtext)
+        assert_nothing_raised {
+            OpenSSL::X509::Certificate.new(newtext)
+        }
+    end
+
+    # and now test the autosign file
+    def test_autosign
+        autosign = File.join(tmpdir, "autosigntesting")
+        @@tmpfiles << autosign
+        File.open(autosign, "w") { |f|
+            f.puts "hostmatch.domain.com"
+            f.puts "*.other.com"
+        }
+
+        caserv = nil
+        assert_nothing_raised {
+            caserv = Puppet::Server::CA.new(:autosign => autosign)
+        }
+
+        # make sure we know what's going on
+        assert(caserv.autosign?("hostmatch.domain.com"))
+        assert(caserv.autosign?("fakehost.other.com"))
+        assert(!caserv.autosign?("kirby.reductivelabs.com"))
+        assert(!caserv.autosign?("culain.domain.com"))
+    end
+
+    # verify that things aren't autosigned by default
+    def test_nodefaultautosign
+        caserv = nil
+        assert_nothing_raised {
+            caserv = Puppet::Server::CA.new()
+        }
+
+        # make sure we know what's going on
+        assert(!caserv.autosign?("hostmatch.domain.com"))
+        assert(!caserv.autosign?("fakehost.other.com"))
+        assert(!caserv.autosign?("kirby.reductivelabs.com"))
+        assert(!caserv.autosign?("culain.domain.com"))
+    end
+
+    # We want the CA to autosign its own certificate, because otherwise
+    # the puppetmasterd CA does not autostart.
+    def test_caautosign
+        server = nil
+        assert_nothing_raised {
+            server = Puppet::Server.new(
+                :Port => @@port,
+                :Handlers => {
+                    :CA => {}, # so that certs autogenerate
+                    :Status => nil
+                }
+            )
+        }
+    end
+end