RubyGems - puppet - Versions diffs - 2.6.11 → 2.6.12 - Mend

puppet 2.6.11 → 2.6.12

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (67) hide show

data/CHANGELOG +33 -0
data/conf/redhat/puppet.spec +7 -4
data/lib/puppet.rb +1 -1
data/lib/puppet/application/cert.rb +17 -3
data/lib/puppet/application/kick.rb +0 -2
data/lib/puppet/defaults.rb +52 -3
data/lib/puppet/network/handler/ca.rb +16 -106
data/lib/puppet/network/handler/master.rb +0 -3
data/lib/puppet/network/handler/runner.rb +1 -0
data/lib/puppet/ssl/certificate.rb +6 -0
data/lib/puppet/ssl/certificate_authority.rb +86 -11
data/lib/puppet/ssl/certificate_authority/interface.rb +64 -19
data/lib/puppet/ssl/certificate_factory.rb +112 -91
data/lib/puppet/ssl/certificate_request.rb +88 -1
data/lib/puppet/ssl/host.rb +16 -3
data/lib/puppet/type/file.rb +0 -1
data/lib/puppet/util/command_line/puppetca +23 -2
data/lib/puppet/util/monkey_patches.rb +69 -0
data/lib/puppet/util/settings.rb +5 -0
data/spec/integration/defaults_spec.rb +11 -0
data/spec/integration/network/handler_spec.rb +1 -1
data/spec/unit/configurer_spec.rb +2 -2
data/spec/unit/network/handler/ca_spec.rb +86 -0
data/spec/unit/ssl/certificate_authority/interface_spec.rb +92 -53
data/spec/unit/ssl/certificate_authority_spec.rb +133 -23
data/spec/unit/ssl/certificate_factory_spec.rb +90 -70
data/spec/unit/ssl/certificate_request_spec.rb +62 -1
data/spec/unit/ssl/certificate_spec.rb +31 -0
data/spec/unit/ssl/host_spec.rb +44 -2
data/spec/unit/util/settings_spec.rb +10 -0
data/test/language/functions.rb +0 -1
data/test/language/snippets.rb +0 -9
data/test/lib/puppettest/exetest.rb +1 -1
data/test/lib/puppettest/servertest.rb +0 -1
data/test/rails/rails.rb +0 -1
data/test/ral/type/filesources.rb +0 -60
metadata +5 -34
data/lib/puppet/network/client.rb +0 -179
data/lib/puppet/network/client/ca.rb +0 -56
data/lib/puppet/network/client/file.rb +0 -6
data/lib/puppet/network/client/proxy.rb +0 -27
data/lib/puppet/network/client/report.rb +0 -26
data/lib/puppet/network/client/runner.rb +0 -10
data/lib/puppet/network/client/status.rb +0 -4
data/lib/puppet/network/http_server.rb +0 -3
data/lib/puppet/network/http_server/mongrel.rb +0 -150
data/lib/puppet/network/http_server/webrick.rb +0 -155
data/lib/puppet/network/xmlrpc/client.rb +0 -211
data/lib/puppet/sslcertificates.rb +0 -146
data/lib/puppet/sslcertificates/ca.rb +0 -375
data/lib/puppet/sslcertificates/certificate.rb +0 -255
data/lib/puppet/sslcertificates/inventory.rb +0 -38
data/lib/puppet/sslcertificates/monkey_patch.rb +0 -6
data/lib/puppet/sslcertificates/support.rb +0 -146
data/spec/integration/network/client_spec.rb +0 -19
data/spec/unit/network/client_spec.rb +0 -45
data/spec/unit/network/xmlrpc/client_spec.rb +0 -172
data/spec/unit/sslcertificates/ca_spec.rb +0 -110
data/test/certmgr/certmgr.rb +0 -308
data/test/certmgr/inventory.rb +0 -69
data/test/certmgr/support.rb +0 -105
data/test/network/client/ca.rb +0 -69
data/test/network/client/dipper.rb +0 -34
data/test/network/handler/ca.rb +0 -273
data/test/network/server/mongrel_test.rb +0 -99
data/test/network/server/webrick.rb +0 -128
data/test/network/xmlrpc/client.rb +0 -45

@@ -1,69 +0,0 @@
-#!/usr/bin/env ruby
-require File.dirname(__FILE__) + '/../lib/puppettest'
-require 'puppet'
-require 'puppettest/certificates'
-require 'puppet/sslcertificates/inventory.rb'
-require 'mocha'
-class TestCertInventory < Test::Unit::TestCase
-  include PuppetTest::Certificates
-  Inventory = Puppet::SSLCertificates::Inventory
-  def setup
-    super
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-  end
-  def test_format
-    cert = mksignedcert
-    format = nil
-    assert_nothing_raised do
-      format = Inventory.format(cert)
-    end
-      assert(
-        format =~ /^0x0001 \S+ \S+ #{cert.subject}/,
-        "Did not create correct format")
-    end
-  def test_init
-    # First create a couple of certificates
-    ca = mkCA
-    cert1 = mksignedcert(ca, "host1.madstop.com")
-    cert2 = mksignedcert(ca, "host2.madstop.com")
-    init = nil
-    assert_nothing_raised do
-      init = Inventory.init
-    end
-    [cert1, cert2].each do |cert|
-      assert(init.include?(cert.subject.to_s), "Did not catch #{cert.subject}")
-    end
-  end
-  def test_add
-    ca = mkCA
-    cert = mksignedcert(ca, "host.domain.com")
-    assert_nothing_raised do
-      file = mock
-      file.expects(:puts).with do |written|
-        written.include? cert.subject.to_s
-      end
-      Puppet::Util::Settings.any_instance.stubs(:write)
-      Puppet::Util::Settings.any_instance.expects(:write).
-        with(:cert_inventory, 'a').yields(file)
-      Puppet::SSLCertificates::Inventory.add(cert)
-    end
-  end
-end

data/test/certmgr/support.rb DELETED

@@ -1,105 +0,0 @@
-#!/usr/bin/env ruby
-require File.dirname(__FILE__) + '/../lib/puppettest'
-require 'puppettest'
-require 'puppet/sslcertificates/support'
-require 'mocha'
-class TestCertSupport < Test::Unit::TestCase
-  include PuppetTest
-  MissingCertificate = Puppet::SSLCertificates::Support::MissingCertificate
-  class CertUser
-    include Puppet::SSLCertificates::Support
-  end
-  def setup
-    super
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-    @user = CertUser.new
-    @ca = Puppet::SSLCertificates::CA.new
-    @client = Puppet::Network::Client.ca.new(:CA => @ca)
-  end
-  # Yay, metaprogramming
-  def test_keytype
-    [:key, :csr, :cert, :ca_cert].each do |name|
-      assert(Puppet::SSLCertificates::Support.method_defined?(name), "No retrieval method for #{name}")
-      maker = "mk_#{name}"
-      assert(Puppet::SSLCertificates::Support.method_defined?(maker), "No maker method for #{name}")
-    end
-  end
-  def test_keys
-    keys = [:hostprivkey, :hostpubkey].each { |n| Puppet[n] = tempfile }
-    key = nil
-    assert_nothing_raised do
-      key = @user.key
-    end
-    assert_logged(:info, /Creating a new SSL/, "Did not log about new key")
-    keys.each do |file|
-            assert(
-        FileTest.exists?(Puppet[file]),
-        "Did not create #{file} key file")
-    end
-    # Make sure it's a valid key
-    assert_nothing_raised("Created key is invalid") do
-      OpenSSL::PKey::RSA.new(File.read(Puppet[:hostprivkey]))
-    end
-    # now make sure we can read it in
-    other = CertUser.new
-    assert_nothing_raised("Could not read key in") do
-      other.key
-    end
-    assert_equal(@user.key.to_s, other.key.to_s, "Keys are not equal")
-  end
-  def test_csr
-    csr = nil
-    assert_nothing_raised("Could not create csr") do
-      csr = @user.csr
-    end
-    assert(FileTest.exists?(Puppet[:hostcsr]), "did not create csr file")
-    assert_instance_of(OpenSSL::X509::Request, csr)
-  end
-  def test_cacert
-    @user = CertUser.new
-    assert_raise(MissingCertificate, "Did not fail when missing cacert") do
-      @user.ca_cert
-    end
-  end
-  # Fixing #1382.  This test will always fail on Darwin, because its
-  # FS is case-insensitive.
-  unless Facter.value(:operatingsystem) == "Darwin"
-    def test_uppercase_files_are_renamed_and_read
-      # Write a key out to disk in a file containing upper-case.
-      key = OpenSSL::PKey::RSA.new(32)
-      should_path = Puppet[:hostprivkey]
-      dir, file = File.split(should_path)
-      newfile = file.sub(/^([-a-z.0-9]+)\./) { $1.upcase + "."}
-      upper_path = File.join(dir, newfile)
-p upper_path
-      File.open(upper_path, "w") { |f| f.print key.to_s }
-      user = CertUser.new
-      assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk")
-      assert(! FileTest.exist?(upper_path), "Upper case file was not removed")
-      assert(FileTest.exist?(should_path), "File was not renamed to lower-case file")
-      assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk")
-    end
-  end
-end

data/test/network/client/ca.rb DELETED

@@ -1,69 +0,0 @@
-#!/usr/bin/env ruby
-require File.dirname(__FILE__) + '/../../lib/puppettest'
-require 'mocha'
-require 'puppettest'
-require 'puppet/network/client/ca'
-require 'puppet/sslcertificates/support'
-class TestClientCA < Test::Unit::TestCase
-  include PuppetTest::ServerTest
-  def setup
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-    super
-    @ca = Puppet::Network::Handler.ca.new
-    @client = Puppet::Network::Client.ca.new :CA => @ca
-  end
-  def test_request_cert
-    assert_nothing_raised("Could not request cert") do
-      @client.request_cert
-    end
-    [:hostprivkey, :hostcert, :localcacert].each do |name|
-      assert(FileTest.exists?(Puppet.settings[name]), "Did not create cert #{name}")
-    end
-  end
-  # Make sure the ca defaults to specific ports and names
-  def test_ca_server
-    Puppet.settings.stubs(:value).returns "eh"
-    Puppet.settings.expects(:value).with(:ca_server).returns("myca")
-    Puppet.settings.expects(:value).with(:ca_port).returns(321)
-    Puppet.settings.stubs(:value).with(:http_proxy_host).returns(nil)
-    Puppet.settings.stubs(:value).with(:http_proxy_port).returns(nil)
-    Puppet.settings.stubs(:value).with(:http_keepalive).returns(false)
-    Puppet.settings.stubs(:value).with(:configtimeout).returns(180)
-    # Just throw an error; the important thing is the values, not what happens next.
-    Net::HTTP.stubs(:new).with("myca", 321, nil, nil).raises(ArgumentError)
-    assert_raise(ArgumentError) { Puppet::Network::Client.ca.new }
-  end
-  # #578
-  def test_invalid_certs_are_not_written
-    # Run the get once, which should be valid
-    assert_nothing_raised("Could not get a certificate") do
-      @client.request_cert
-    end
-    # Now remove the cert and keys, so we get a broken cert
-    File.unlink(Puppet[:hostcert])
-    File.unlink(Puppet[:localcacert])
-    File.unlink(Puppet[:hostprivkey])
-    @client = Puppet::Network::Client.ca.new :CA => @ca
-    @ca.expects(:getcert).returns("yay") # not a valid cert
-    # Now make sure it fails, since we'll get the old cert but have new keys
-    assert_raise(Puppet::Network::Client::CA::InvalidCertificate, "Did not fail on invalid cert") do
-      @client.request_cert
-    end
-    # And then make sure the cert isn't written to disk
-    assert(! FileTest.exists?(Puppet[:hostcert]), "Invalid cert got written to disk")
-  end
-end

data/test/network/client/dipper.rb DELETED

@@ -1,34 +0,0 @@
-#!/usr/bin/env ruby
-require File.dirname(__FILE__) + '/../../lib/puppettest'
-require 'puppettest'
-require 'puppet/file_bucket/dipper'
-class TestDipperClient < Test::Unit::TestCase
-  include PuppetTest::ServerTest
-  def setup
-    super
-    @dipper = Puppet::FileBucket::Dipper.new(:Path => tempfile)
-  end
-  # Make sure we can create a new file with 'restore'.
-  def test_restore_to_new_file
-    file = tempfile
-    text = "asdf;lkajseofiqwekj"
-    File.open(file, "w") { |f| f.puts text }
-    md5 = nil
-    assert_nothing_raised("Could not send file") do
-      md5 = @dipper.backup(file)
-    end
-    newfile = tempfile
-    assert_nothing_raised("could not restore to new path") do
-      @dipper.restore(newfile, md5)
-    end
-    assert_equal(File.read(file), File.read(newfile), "did not restore correctly")
-  end
-end

data/test/network/handler/ca.rb DELETED

@@ -1,273 +0,0 @@
-#!/usr/bin/env ruby
-require File.dirname(__FILE__) + '/../../lib/puppettest'
-require 'puppettest'
-require 'puppet/network/handler/ca'
-require 'mocha'
-$short = (ARGV.length > 0 and ARGV[0] == "short")
-class TestCA < Test::Unit::TestCase
-  include PuppetTest::ServerTest
-  def setup
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-    super
-  end
-  # Verify that we're autosigning.  We have to autosign a "different" machine,
-  # since we always autosign the CA server's certificate.
-  def test_autocertgeneration
-    ca = nil
-    # create our ca
-    assert_nothing_raised {
-      ca = Puppet::Network::Handler.ca.new(:autosign => true)
-    }
-    # create a cert with a fake name
-    key = nil
-    csr = nil
-    cert = nil
-    hostname = "test.domain.com"
-    assert_nothing_raised {
-      cert = Puppet::SSLCertificates::Certificate.new(
-        :name => "test.domain.com"
-      )
-    }
-    # make the request
-    assert_nothing_raised {
-      cert.mkcsr
-    }
-    # and get it signed
-    certtext = nil
-    cacerttext = nil
-    assert_nothing_raised {
-      certtext, cacerttext = ca.getcert(cert.csr.to_s)
-    }
-    # they should both be strings
-    assert_instance_of(String, certtext)
-    assert_instance_of(String, cacerttext)
-    # and they should both be valid certs
-    assert_nothing_raised {
-      OpenSSL::X509::Certificate.new(certtext)
-    }
-    assert_nothing_raised {
-      OpenSSL::X509::Certificate.new(cacerttext)
-    }
-    # and pull it again, just to make sure we're getting the same thing
-    newtext = nil
-    assert_nothing_raised {
-      newtext, cacerttext = ca.getcert(
-        cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
-      )
-    }
-    assert_equal(certtext,newtext)
-  end
-  # this time don't use autosign
-  def test_storeAndSign
-    ca = nil
-    caserv = nil
-    # make our CA server
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new(:autosign => false)
-    }
-    # retrieve the actual ca object
-    assert_nothing_raised {
-      ca = caserv.ca
-    }
-    # make our test cert again
-    key = nil
-    csr = nil
-    cert = nil
-    hostname = "test.domain.com"
-    assert_nothing_raised {
-      cert = Puppet::SSLCertificates::Certificate.new(
-        :name => "anothertest.domain.com"
-      )
-    }
-    # and the CSR
-    assert_nothing_raised {
-      cert.mkcsr
-    }
-    # retrieve them
-    certtext = nil
-    assert_nothing_raised {
-      certtext, cacerttext = caserv.getcert(
-        cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
-      )
-    }
-    # verify we got nothing back, since autosign is off
-    assert_equal("", certtext)
-    # now sign it manually, with the CA object
-    x509 = nil
-    assert_nothing_raised {
-      x509, cacert = ca.sign(cert.csr)
-    }
-    # and write it out
-    cert.cert = x509
-    assert_nothing_raised {
-      cert.write
-    }
-    assert(File.exists?(cert.certfile))
-    # now get them again, and verify that we actually get them
-    newtext = nil
-    assert_nothing_raised {
-      newtext, cacerttext  = caserv.getcert(cert.csr.to_s)
-    }
-    assert(newtext)
-    assert_nothing_raised {
-      OpenSSL::X509::Certificate.new(newtext)
-    }
-    # Now verify that we can clean a given host's certs
-    assert_nothing_raised {
-      ca.clean("anothertest.domain.com")
-    }
-    assert(!File.exists?(cert.certfile), "Cert still exists after clean")
-  end
-  # and now test the autosign file
-  def test_autosign
-    autosign = File.join(tmpdir, "autosigntesting")
-    @@tmpfiles << autosign
-    File.open(autosign, "w") { |f|
-      f.puts "hostmatch.domain.com"
-      f.puts "*.other.com"
-    }
-    caserv = nil
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new(:autosign => autosign)
-    }
-    # make sure we know what's going on
-    assert(caserv.autosign?("hostmatch.domain.com"))
-    assert(caserv.autosign?("fakehost.other.com"))
-    assert(!caserv.autosign?("kirby.reductivelabs.com"))
-    assert(!caserv.autosign?("culain.domain.com"))
-  end
-  # verify that things aren't autosigned by default
-  def test_nodefaultautosign
-    caserv = nil
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new
-    }
-    # make sure we know what's going on
-    assert(!caserv.autosign?("hostmatch.domain.com"))
-    assert(!caserv.autosign?("fakehost.other.com"))
-    assert(!caserv.autosign?("kirby.reductivelabs.com"))
-    assert(!caserv.autosign?("culain.domain.com"))
-  end
-  # We want the CA to autosign its own certificate, because otherwise
-  # the puppetmasterd CA does not autostart.
-  def test_caautosign
-    server = nil
-    Puppet.stubs(:master?).returns true
-    assert_nothing_raised {
-            server = Puppet::Network::HTTPServer::WEBrick.new(
-        :Port => @@port,
-        :Handlers => {
-          :CA => {}, # so that certs autogenerate
-          :Status => nil
-        }
-      )
-    }
-  end
-  # Make sure true/false causes the file to be ignored.
-  def test_autosign_true_beats_file
-    caserv = nil
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new
-    }
-    host = "hostname.domain.com"
-    # Create an autosign file
-    file = tempfile
-    Puppet[:autosign] = file
-    File.open(file, "w") { |f|
-      f.puts host
-    }
-    # Start with "false"
-    Puppet[:autosign] = false
-    assert(! caserv.autosign?(host), "Host was incorrectly autosigned")
-    # Then set it to true
-    Puppet[:autosign] = true
-    assert(caserv.autosign?(host), "Host was not autosigned")
-    # And try a different host
-    assert(caserv.autosign?("other.yay.com"), "Host was not autosigned")
-    # And lastly the file
-    Puppet[:autosign] = file
-    assert(caserv.autosign?(host), "Host was not autosigned")
-    # And try a different host
-    assert(! caserv.autosign?("other.yay.com"), "Host was autosigned")
-  end
-  # Make sure that a CSR created with keys that don't match the existing
-  # cert throws an exception on the server.
-  def test_mismatched_public_keys_throws_exception
-    ca = Puppet::Network::Handler.ca.new
-    # First initialize the server
-    client = Puppet::Network::Client.ca.new :CA => ca
-    client.request_cert
-    File.unlink(Puppet[:hostcsr])
-    # Now use a different cert name
-    Puppet[:certname] = "my.host.com"
-    client = Puppet::Network::Client.ca.new :CA => ca
-    firstcsr = client.csr
-    File.unlink(Puppet[:hostcsr]) if FileTest.exists?(Puppet[:hostcsr])
-    assert_nothing_raised("Could not get cert") do
-      ca.getcert(firstcsr.to_s)
-    end
-    # Now get rid of the public key, forcing a new csr
-    File.unlink(Puppet[:hostprivkey])
-    client = Puppet::Network::Client.ca.new :CA => ca
-    second_csr = client.csr
-    assert(firstcsr.to_s != second_csr.to_s, "CSR did not change")
-    assert_raise(Puppet::Error, "CA allowed mismatched keys") do
-      ca.getcert(second_csr.to_s)
-    end
-  end
-end