puppet 2.6.11 → 2.6.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (67) hide show
  1. data/CHANGELOG +33 -0
  2. data/conf/redhat/puppet.spec +7 -4
  3. data/lib/puppet.rb +1 -1
  4. data/lib/puppet/application/cert.rb +17 -3
  5. data/lib/puppet/application/kick.rb +0 -2
  6. data/lib/puppet/defaults.rb +52 -3
  7. data/lib/puppet/network/handler/ca.rb +16 -106
  8. data/lib/puppet/network/handler/master.rb +0 -3
  9. data/lib/puppet/network/handler/runner.rb +1 -0
  10. data/lib/puppet/ssl/certificate.rb +6 -0
  11. data/lib/puppet/ssl/certificate_authority.rb +86 -11
  12. data/lib/puppet/ssl/certificate_authority/interface.rb +64 -19
  13. data/lib/puppet/ssl/certificate_factory.rb +112 -91
  14. data/lib/puppet/ssl/certificate_request.rb +88 -1
  15. data/lib/puppet/ssl/host.rb +16 -3
  16. data/lib/puppet/type/file.rb +0 -1
  17. data/lib/puppet/util/command_line/puppetca +23 -2
  18. data/lib/puppet/util/monkey_patches.rb +69 -0
  19. data/lib/puppet/util/settings.rb +5 -0
  20. data/spec/integration/defaults_spec.rb +11 -0
  21. data/spec/integration/network/handler_spec.rb +1 -1
  22. data/spec/unit/configurer_spec.rb +2 -2
  23. data/spec/unit/network/handler/ca_spec.rb +86 -0
  24. data/spec/unit/ssl/certificate_authority/interface_spec.rb +92 -53
  25. data/spec/unit/ssl/certificate_authority_spec.rb +133 -23
  26. data/spec/unit/ssl/certificate_factory_spec.rb +90 -70
  27. data/spec/unit/ssl/certificate_request_spec.rb +62 -1
  28. data/spec/unit/ssl/certificate_spec.rb +31 -0
  29. data/spec/unit/ssl/host_spec.rb +44 -2
  30. data/spec/unit/util/settings_spec.rb +10 -0
  31. data/test/language/functions.rb +0 -1
  32. data/test/language/snippets.rb +0 -9
  33. data/test/lib/puppettest/exetest.rb +1 -1
  34. data/test/lib/puppettest/servertest.rb +0 -1
  35. data/test/rails/rails.rb +0 -1
  36. data/test/ral/type/filesources.rb +0 -60
  37. metadata +5 -34
  38. data/lib/puppet/network/client.rb +0 -179
  39. data/lib/puppet/network/client/ca.rb +0 -56
  40. data/lib/puppet/network/client/file.rb +0 -6
  41. data/lib/puppet/network/client/proxy.rb +0 -27
  42. data/lib/puppet/network/client/report.rb +0 -26
  43. data/lib/puppet/network/client/runner.rb +0 -10
  44. data/lib/puppet/network/client/status.rb +0 -4
  45. data/lib/puppet/network/http_server.rb +0 -3
  46. data/lib/puppet/network/http_server/mongrel.rb +0 -150
  47. data/lib/puppet/network/http_server/webrick.rb +0 -155
  48. data/lib/puppet/network/xmlrpc/client.rb +0 -211
  49. data/lib/puppet/sslcertificates.rb +0 -146
  50. data/lib/puppet/sslcertificates/ca.rb +0 -375
  51. data/lib/puppet/sslcertificates/certificate.rb +0 -255
  52. data/lib/puppet/sslcertificates/inventory.rb +0 -38
  53. data/lib/puppet/sslcertificates/monkey_patch.rb +0 -6
  54. data/lib/puppet/sslcertificates/support.rb +0 -146
  55. data/spec/integration/network/client_spec.rb +0 -19
  56. data/spec/unit/network/client_spec.rb +0 -45
  57. data/spec/unit/network/xmlrpc/client_spec.rb +0 -172
  58. data/spec/unit/sslcertificates/ca_spec.rb +0 -110
  59. data/test/certmgr/certmgr.rb +0 -308
  60. data/test/certmgr/inventory.rb +0 -69
  61. data/test/certmgr/support.rb +0 -105
  62. data/test/network/client/ca.rb +0 -69
  63. data/test/network/client/dipper.rb +0 -34
  64. data/test/network/handler/ca.rb +0 -273
  65. data/test/network/server/mongrel_test.rb +0 -99
  66. data/test/network/server/webrick.rb +0 -128
  67. data/test/network/xmlrpc/client.rb +0 -45
@@ -1,45 +0,0 @@
1
- #!/usr/bin/env ruby
2
- #
3
- # Created by Luke Kanies on 2008-3-24.
4
- # Copyright (c) 2008. All rights reserved.
5
-
6
- require File.dirname(__FILE__) + '/../../spec_helper'
7
-
8
- require 'puppet/network/client'
9
-
10
- describe Puppet::Network::Client do
11
- before do
12
- Puppet.settings.stubs(:use).returns(true)
13
- Puppet::Network::HttpPool.stubs(:cert_setup)
14
- end
15
-
16
- describe "when keep-alive is enabled" do
17
- before do
18
- Puppet::Network::HttpPool.stubs(:keep_alive?).returns true
19
- end
20
- it "should start the http client up on creation" do
21
- http = mock 'http'
22
- http.stub_everything
23
- http.expects(:start)
24
- Net::HTTP.stubs(:new).returns http
25
-
26
- # Pick a random subclass...
27
- Puppet::Network::Client.runner.new :Server => Puppet[:server]
28
- end
29
- end
30
-
31
- describe "when keep-alive is disabled" do
32
- before do
33
- Puppet::Network::HttpPool.stubs(:keep_alive?).returns false
34
- end
35
- it "should not start the http client up on creation" do
36
- http = mock 'http'
37
- http.stub_everything
38
- http.expects(:start).never
39
- Net::HTTP.stubs(:new).returns http
40
-
41
- # Pick a random subclass...
42
- Puppet::Network::Client.runner.new :Server => Puppet[:server]
43
- end
44
- end
45
- end
@@ -1,172 +0,0 @@
1
- #!/usr/bin/env ruby
2
- require 'puppet/network/client'
3
-
4
- Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") }
5
-
6
- describe Puppet::Network::XMLRPCClient do
7
- describe "when performing the rpc call" do
8
- before do
9
- Puppet::SSL::Host.any_instance.stubs(:certificate_matches_key?).returns true
10
- @client = Puppet::Network::Client.report.xmlrpc_client.new
11
- @client.stubs(:call).returns "foo"
12
- end
13
-
14
- it "should call the specified namespace and method, with the specified arguments" do
15
- @client.expects(:call).with("puppetreports.report", "eh").returns "foo"
16
- @client.report("eh")
17
- end
18
-
19
- it "should return the results from the call" do
20
- @client.expects(:call).returns "foo"
21
- @client.report("eh").should == "foo"
22
- end
23
-
24
- it "should always close the http connection if it is still open after the call" do
25
- http = mock 'http'
26
- @client.stubs(:http).returns http
27
-
28
- http.expects(:started?).returns true
29
- http.expects(:finish)
30
-
31
- @client.report("eh").should == "foo"
32
- end
33
-
34
- it "should always close the http connection if it is still open after a call that raises an exception" do
35
- http = mock 'http'
36
- @client.stubs(:http).returns http
37
-
38
- @client.expects(:call).raises RuntimeError
39
-
40
- http.expects(:started?).returns true
41
- http.expects(:finish)
42
-
43
- lambda { @client.report("eh") }.should raise_error
44
- end
45
-
46
- describe "when returning the http instance" do
47
- it "should use the http pool to create the instance" do
48
- @client.instance_variable_set("@http", nil)
49
- @client.expects(:host).returns "myhost"
50
- @client.expects(:port).returns "myport"
51
- Puppet::Network::HttpPool.expects(:http_instance).with("myhost", "myport", true).returns "http"
52
-
53
- @client.http.should == "http"
54
- end
55
-
56
- it "should reuse existing instances" do
57
- @client.http.should equal(@client.http)
58
- end
59
- end
60
-
61
- describe "when recycling the connection" do
62
- it "should close the existing instance if it's open" do
63
- http = mock 'http'
64
- @client.stubs(:http).returns http
65
-
66
- http.expects(:started?).returns true
67
- http.expects(:finish)
68
-
69
- @client.recycle_connection
70
- end
71
-
72
- it "should force creation of a new instance" do
73
- Puppet::Network::HttpPool.expects(:http_instance).returns "second_http"
74
-
75
- @client.recycle_connection
76
-
77
- @client.http.should == "second_http"
78
- end
79
- end
80
-
81
- describe "and an exception is raised" do
82
- it "should raise XMLRPCClientError if XMLRPC::FaultException is raised" do
83
- error = XMLRPC::FaultException.new("foo", "bar")
84
-
85
- @client.expects(:call).raises(error)
86
-
87
- lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
88
- end
89
-
90
- it "should raise XMLRPCClientError if Errno::ECONNREFUSED is raised" do
91
- @client.expects(:call).raises(Errno::ECONNREFUSED)
92
-
93
- lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
94
- end
95
-
96
- it "should log and raise XMLRPCClientError if Timeout::Error is raised" do
97
- Puppet.expects(:err)
98
- @client.expects(:call).raises(Timeout::Error)
99
-
100
- lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
101
- end
102
-
103
- it "should log and raise XMLRPCClientError if SocketError is raised" do
104
- Puppet.expects(:err)
105
- @client.expects(:call).raises(SocketError)
106
-
107
- lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
108
- end
109
-
110
- it "should log, recycle the connection, and retry if Errno::EPIPE is raised" do
111
- @client.expects(:call).times(2).raises(Errno::EPIPE).then.returns "eh"
112
-
113
- Puppet.expects(:info)
114
- @client.expects(:recycle_connection)
115
-
116
- @client.report("eh")
117
- end
118
-
119
- it "should log, recycle the connection, and retry if EOFError is raised" do
120
- @client.expects(:call).times(2).raises(EOFError).then.returns "eh"
121
-
122
- Puppet.expects(:info)
123
- @client.expects(:recycle_connection)
124
-
125
- @client.report("eh")
126
- end
127
-
128
- it "should log and retry if an exception containing 'Wrong size' is raised" do
129
- error = RuntimeError.new("Wrong size. Was 15, should be 30")
130
- @client.expects(:call).times(2).raises(error).then.returns "eh"
131
-
132
- Puppet.expects(:warning)
133
-
134
- @client.report("eh")
135
- end
136
-
137
- it "should raise XMLRPCClientError if OpenSSL::SSL::SSLError is raised" do
138
- @client.expects(:call).raises(OpenSSL::SSL::SSLError)
139
-
140
- lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
141
- end
142
-
143
- it "should log and raise XMLRPCClientError if OpenSSL::SSL::SSLError is raised with certificate issues" do
144
- error = OpenSSL::SSL::SSLError.new("hostname was not match")
145
- @client.expects(:call).raises(error)
146
-
147
- Puppet.expects(:warning)
148
-
149
- lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
150
- end
151
-
152
- it "should log, recycle the connection, and retry if OpenSSL::SSL::SSLError is raised containing 'bad write retry'" do
153
- error = OpenSSL::SSL::SSLError.new("bad write retry")
154
- @client.expects(:call).times(2).raises(error).then.returns "eh"
155
-
156
- @client.expects(:recycle_connection)
157
-
158
- Puppet.expects(:warning)
159
-
160
- @client.report("eh")
161
- end
162
-
163
- it "should log and raise XMLRPCClientError if any other exception is raised" do
164
- @client.expects(:call).raises(RuntimeError)
165
-
166
- Puppet.expects(:err)
167
-
168
- lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
169
- end
170
- end
171
- end
172
- end
@@ -1,110 +0,0 @@
1
- #!/usr/bin/env ruby
2
- require File.dirname(__FILE__) + '/../../spec_helper'
3
-
4
- require 'puppet'
5
- require 'puppet/sslcertificates'
6
- require 'puppet/sslcertificates/ca'
7
-
8
- describe Puppet::SSLCertificates::CA do
9
- before :all do
10
- @hosts = %w{host.domain.com Other.Testing.Com}
11
- end
12
-
13
- before :each do
14
- Puppet::Util::SUIDManager.stubs(:asuser).yields
15
- file = Tempfile.new("ca_testing")
16
- @dir = file.path
17
- file.delete
18
-
19
- Puppet.settings[:confdir] = @dir
20
- Puppet.settings[:vardir] = @dir
21
-
22
- @ca = Puppet::SSLCertificates::CA.new
23
- end
24
-
25
- after :each do
26
- system("rm -rf #{@dir}")
27
- end
28
-
29
- describe 'when cleaning' do
30
- it 'should remove associated files' do
31
- dirs = [:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir]
32
-
33
- @hosts.each do |host|
34
- files = []
35
- dirs.each do |dir|
36
- dir = Puppet[dir]
37
-
38
- # Case insensitivity is handled through downcasing
39
- file = File.join(dir, host.downcase + '.pem')
40
-
41
- File.open(file, "w") do |f|
42
- f.puts "testing"
43
- end
44
-
45
- files << file
46
- end
47
-
48
- lambda { @ca.clean(host) }.should_not raise_error
49
-
50
- files.reject {|f| ! File.exists?(f)}.should be_empty
51
- end
52
- end
53
- end
54
-
55
- describe 'when mapping hosts to files' do
56
- it 'should correctly return the certfile' do
57
- @hosts.each do |host|
58
- value = nil
59
- lambda { value = @ca.host2certfile host }.should_not raise_error
60
-
61
- File.join(Puppet[:signeddir], host.downcase + '.pem').should == value
62
- end
63
- end
64
-
65
- it 'should correctly return the csrfile' do
66
- @hosts.each do |host|
67
- value = nil
68
- lambda { value = @ca.host2csrfile host }.should_not raise_error
69
-
70
- File.join(Puppet[:csrdir], host.downcase + '.pem').should == value
71
- end
72
- end
73
- end
74
-
75
- describe 'when listing' do
76
- it 'should find all csr' do
77
- list = []
78
-
79
- # Make some fake CSRs
80
- @hosts.each do |host|
81
- file = File.join(Puppet[:csrdir], host.downcase + '.pem')
82
- File.open(file, 'w') { |f| f.puts "yay" }
83
- list << host.downcase
84
- end
85
-
86
- @ca.list.sort.should == list.sort
87
- end
88
- end
89
-
90
- describe 'when creating a root certificate' do
91
- before :each do
92
- lambda { @ca.mkrootcert }.should_not raise_exception
93
- end
94
-
95
- it 'should store the public key' do
96
- File.exists?(Puppet[:capub]).should be_true
97
- end
98
-
99
- it 'should prepend "Puppet CA: " to the fqdn as the ca_name by default' do
100
- host_mock_fact = mock()
101
- host_mock_fact.expects(:value).returns('myhost')
102
- domain_mock_fact = mock()
103
- domain_mock_fact.expects(:value).returns('puppetlabs.lan')
104
- Facter.stubs(:[]).with('hostname').returns(host_mock_fact)
105
- Facter.stubs(:[]).with('domain').returns(domain_mock_fact)
106
-
107
- @ca.mkrootcert.name.should == 'Puppet CA: myhost.puppetlabs.lan'
108
- end
109
- end
110
- end
@@ -1,308 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require File.dirname(__FILE__) + '/../lib/puppettest'
4
-
5
- require 'puppet'
6
- require 'puppet/sslcertificates.rb'
7
- require 'puppettest'
8
- require 'puppettest/certificates'
9
- require 'mocha'
10
-
11
- class TestCertMgr < Test::Unit::TestCase
12
- include PuppetTest::Certificates
13
- def setup
14
- super
15
- #@dir = File.join(Puppet[:certdir], "testing")
16
- @dir = File.join(@configpath, "certest")
17
- system("mkdir -p #{@dir}")
18
-
19
- Puppet::Util::SUIDManager.stubs(:asuser).yields
20
- end
21
-
22
- def testCreateSelfSignedCertificate
23
- cert = nil
24
- name = "testing"
25
- newcert = proc {
26
-
27
- Puppet::SSLCertificates::Certificate.new(
28
-
29
- :name => name,
30
-
31
- :selfsign => true
32
- )
33
- }
34
- assert_nothing_raised {
35
- cert = newcert.call
36
- }
37
- assert_nothing_raised {
38
- cert.mkselfsigned
39
- }
40
-
41
- assert_raise(Puppet::Error) {
42
- cert.mkselfsigned
43
- }
44
-
45
- assert_nothing_raised {
46
- cert.write
47
- }
48
-
49
- assert(FileTest.exists?(cert.certfile))
50
-
51
- assert_nothing_raised {
52
- cert.delete
53
- }
54
-
55
- assert_nothing_raised {
56
- cert = newcert.call
57
- }
58
- assert_nothing_raised {
59
- cert.mkselfsigned
60
- }
61
-
62
- assert_nothing_raised {
63
- cert.delete
64
- }
65
-
66
- end
67
-
68
- def disabled_testCreateEncryptedSelfSignedCertificate
69
- cert = nil
70
- name = "testing"
71
- keyfile = mkPassFile
72
- assert_nothing_raised {
73
-
74
- cert = Puppet::SSLCertificates::Certificate.new(
75
-
76
- :name => name,
77
- :selfsign => true,
78
-
79
- :capass => keyfile
80
- )
81
- }
82
- assert_nothing_raised {
83
- cert.mkselfsigned
84
- }
85
- assert_nothing_raised {
86
- cert.mkhash
87
- }
88
-
89
- assert_raise(Puppet::Error) {
90
- cert.mkselfsigned
91
- }
92
-
93
- assert(FileTest.exists?(cert.certfile))
94
- assert(FileTest.exists?(cert.hash))
95
-
96
- assert_nothing_raised {
97
- cert.delete
98
- }
99
-
100
- assert_nothing_raised {
101
- cert.mkselfsigned
102
- }
103
-
104
- assert_nothing_raised {
105
- cert.delete
106
- }
107
-
108
- end
109
-
110
- def testCreateCA
111
- ca = nil
112
- assert_nothing_raised {
113
- ca = Puppet::SSLCertificates::CA.new
114
- }
115
-
116
- # make the CA again and verify it doesn't fail because everything
117
- # still exists
118
- assert_nothing_raised {
119
- ca = Puppet::SSLCertificates::CA.new
120
- }
121
-
122
- end
123
-
124
- def testSignCert
125
- ca = mkCA()
126
-
127
- cert = nil
128
- assert_nothing_raised {
129
-
130
- cert = Puppet::SSLCertificates::Certificate.new(
131
-
132
- :name => "signedcertest",
133
- :property => "TN",
134
- :city => "Nashville",
135
- :country => "US",
136
- :email => "luke@madstop.com",
137
- :org => "Puppet",
138
- :ou => "Development",
139
-
140
- :encrypt => mkPassFile()
141
- )
142
-
143
- }
144
-
145
- assert_nothing_raised {
146
- cert.mkcsr
147
- }
148
-
149
- signedcert = nil
150
- cacert = nil
151
-
152
- assert_nothing_raised {
153
- signedcert, cacert = ca.sign(cert.csr)
154
- }
155
-
156
- assert_instance_of(OpenSSL::X509::Certificate, signedcert)
157
- assert_instance_of(OpenSSL::X509::Certificate, cacert)
158
-
159
- assert_nothing_raised {
160
- cert.cert = signedcert
161
- cert.cacert = cacert
162
- cert.write
163
- }
164
- #system("find #{Puppet[:ssldir]}")
165
- #system("cp -R #{Puppet[:ssldir]} /tmp/ssltesting")
166
-
167
- output = nil
168
- assert_nothing_raised {
169
- output = %x{openssl verify -CAfile #{Puppet[:cacert]} -purpose sslserver #{cert.certfile}}
170
- #output = %x{openssl verify -CApath #{Puppet[:certdir]} -purpose sslserver #{cert.certfile}}
171
- }
172
-
173
- assert_equal($CHILD_STATUS,0)
174
- assert_equal(File.join(Puppet[:certdir], "signedcertest.pem: OK\n"), output)
175
- end
176
-
177
-
178
- def test_interactiveca
179
- ca = nil
180
-
181
- assert_nothing_raised {
182
- ca = Puppet::SSLCertificates::CA.new
183
- }
184
-
185
- # basic initialization
186
- hostname = "test.hostname.com"
187
- cert = mkcert(hostname)
188
-
189
- # create the csr
190
- csr = nil
191
- assert_nothing_raised {
192
- csr = cert.mkcsr
193
- }
194
-
195
- assert_nothing_raised {
196
- ca.storeclientcsr(csr)
197
- }
198
-
199
- # store it
200
- pulledcsr = nil
201
- assert_nothing_raised {
202
- pulledcsr = ca.getclientcsr(hostname)
203
- }
204
-
205
- assert_equal(csr.to_pem, pulledcsr.to_pem)
206
-
207
- signedcert = nil
208
- assert_nothing_raised {
209
- signedcert, cacert = ca.sign(csr)
210
- }
211
-
212
- assert_instance_of(OpenSSL::X509::Certificate, signedcert)
213
- newsignedcert = nil
214
- assert_nothing_raised {
215
- newsignedcert, cacert = ca.getclientcert(hostname)
216
- }
217
-
218
- assert(newsignedcert)
219
-
220
- assert_equal(signedcert.to_pem, newsignedcert.to_pem)
221
- end
222
-
223
- def test_cafailures
224
- ca = mkCA()
225
- cert = cacert = nil
226
- assert_nothing_raised {
227
- cert, cacert = ca.getclientcert("nohost")
228
- }
229
- assert_nil(cert)
230
- end
231
-
232
- def test_crl
233
- ca = mkCA()
234
- h1 = mksignedcert(ca, "host1.example.com")
235
- h2 = mksignedcert(ca, "host2.example.com")
236
-
237
- assert(ca.cert.verify(ca.cert.public_key))
238
- assert(h1.verify(ca.cert.public_key))
239
- assert(h2.verify(ca.cert.public_key))
240
-
241
- crl = ca.crl
242
- assert_not_nil(crl)
243
-
244
- store = mkStore(ca)
245
- assert( store.verify(ca.cert))
246
- assert( store.verify(h1, [ca.cert]))
247
- assert( store.verify(h2, [ca.cert]))
248
-
249
- ca.revoke(h1.serial)
250
-
251
- oldcert = File.read(Puppet.settings[:cacert])
252
- oldserial = File.read(Puppet.settings[:serial])
253
-
254
- # Recreate the CA from disk
255
- ca = mkCA()
256
- newcert = File.read(Puppet.settings[:cacert])
257
- newserial = File.read(Puppet.settings[:serial])
258
- assert_equal(oldcert, newcert, "The certs are not equal after making a new CA.")
259
- assert_equal(oldserial, newserial, "The serials are not equal after making a new CA.")
260
- store = mkStore(ca)
261
- assert( store.verify(ca.cert), "Could not verify CA certs after reloading certs.")
262
- assert(!store.verify(h1, [ca.cert]), "Incorrectly verified revoked cert.")
263
- assert( store.verify(h2, [ca.cert]), "Could not verify certs with reloaded CA.")
264
-
265
- ca.revoke(h2.serial)
266
- assert_equal(1, ca.crl.extensions.size)
267
-
268
- # Recreate the CA from disk
269
- ca = mkCA()
270
- store = mkStore(ca)
271
- assert( store.verify(ca.cert))
272
- assert(!store.verify(h1, [ca.cert]), "first revoked cert passed")
273
- assert(!store.verify(h2, [ca.cert]), "second revoked cert passed")
274
- end
275
-
276
- def test_ttl
277
- cert = mksignedcert
278
- assert_equal(5 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before)
279
-
280
- Puppet[:ca_ttl] = 7 * 24 * 60 * 60
281
- cert = mksignedcert
282
- assert_equal(7 * 24 * 60 * 60, cert.not_after - cert.not_before)
283
-
284
- Puppet[:ca_ttl] = "2y"
285
- cert = mksignedcert
286
- assert_equal(2 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before)
287
-
288
- Puppet[:ca_ttl] = "2y"
289
- cert = mksignedcert
290
- assert_equal(2 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before)
291
-
292
- Puppet[:ca_ttl] = "1h"
293
- cert = mksignedcert
294
- assert_equal(60 * 60, cert.not_after - cert.not_before)
295
-
296
- Puppet[:ca_ttl] = "900s"
297
- cert = mksignedcert
298
- assert_equal(900, cert.not_after - cert.not_before)
299
-
300
- # This needs to be last, to make sure that setting ca_days
301
- # overrides setting ca_ttl
302
- Puppet[:ca_days] = 3
303
- cert = mksignedcert
304
- assert_equal(3 * 24 * 60 * 60, cert.not_after - cert.not_before)
305
-
306
- end
307
- end
308
-