puppet 2.7.1 → 2.7.3

data/spec/unit/face/ca_spec.rb

@@ -0,0 +1,355 @@
+#!/usr/bin/env rspec
+require 'spec_helper'
+require 'puppet/face'
+
+describe Puppet::Face[:ca, '0.1.0'] do
+  include PuppetSpec::Files
+
+  before :each do
+    Puppet.run_mode.stubs(:master?).returns(true)
+    Puppet[:ca]     = true
+    Puppet[:ssldir] = tmpdir("face-ca-ssldir")
+
+    Puppet::SSL::Host.ca_location = :only
+    Puppet[:certificate_revocation] = true
+
+    # This is way more intimate than I want to be with the implementation, but
+    # there doesn't seem any other way to test this. --daniel 2011-07-18
+    Puppet::SSL::CertificateAuthority.stubs(:instance).returns(
+        # ...and this actually does the directory creation, etc.
+        Puppet::SSL::CertificateAuthority.new
+    )
+  end
+
+  def make_certs(csr_names, crt_names)
+    Array(csr_names).map do |name|
+      Puppet::SSL::Host.new(name).generate_certificate_request
+    end
+
+    Array(crt_names).map do |name|
+      Puppet::SSL::Host.new(name).generate
+    end
+  end
+
+  context "#verify" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:verify) end
+
+    it "should not explode if there is no certificate" do
+      expect {
+        subject.verify('random-host').should == {
+          :host => 'random-host', :valid => false,
+          :error => 'Could not find a certificate for random-host'
+        }
+      }.should_not raise_error
+    end
+
+    it "should not explode if there is only a CSR" do
+      make_certs('random-host', [])
+      expect {
+        subject.verify('random-host').should == {
+          :host => 'random-host', :valid => false,
+          :error => 'Could not find a certificate for random-host'
+        }
+      }.should_not raise_error
+    end
+
+    it "should verify a signed certificate" do
+      make_certs([], 'random-host')
+      subject.verify('random-host').should == {
+        :host => 'random-host', :valid => true
+      }
+    end
+
+    it "should not verify a revoked certificate" do
+      make_certs([], 'random-host')
+      subject.revoke('random-host')
+
+      expect {
+        subject.verify('random-host').should == {
+          :host => 'random-host', :valid => false,
+          :error => 'certificate revoked'
+        }
+      }.should_not raise_error
+    end
+
+    it "should verify a revoked certificate if CRL use was turned off" do
+      make_certs([], 'random-host')
+      subject.revoke('random-host')
+
+      Puppet[:certificate_revocation] = false
+      subject.verify('random-host').should == {
+        :host => 'random-host', :valid => true
+      }
+    end
+  end
+
+  context "#fingerprint" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:fingerprint) end
+
+    it "should have a 'digest' option" do
+      action.should be_option :digest
+    end
+
+    it "should not explode if there is no certificate" do
+      expect {
+        subject.fingerprint('random-host').should be_nil
+      }.should_not raise_error
+    end
+
+    it "should fingerprint a CSR" do
+      make_certs('random-host', [])
+      expect {
+        subject.fingerprint('random-host').should =~ /^[0-9A-F:]+$/
+      }.should_not raise_error
+    end
+
+    it "should fingerprint a certificate" do
+      make_certs([], 'random-host')
+      subject.fingerprint('random-host').should =~ /^[0-9A-F:]+$/
+    end
+
+    %w{md5 MD5 sha1 ShA1 SHA1 RIPEMD160 sha256 sha512}.each do |digest|
+      it "should fingerprint with #{digest.inspect}" do
+        make_certs([], 'random-host')
+        subject.fingerprint('random-host', :digest => digest).should =~ /^[0-9A-F:]+$/
+      end
+
+      it "should fingerprint with #{digest.to_sym} as a symbol" do
+        make_certs([], 'random-host')
+        subject.fingerprint('random-host', :digest => digest.to_sym).
+          should =~ /^[0-9A-F:]+$/
+      end
+    end
+  end
+
+  context "#print" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:print) end
+
+    it "should not explode if there is no certificate" do
+      expect {
+        subject.print('random-host').should be_nil
+      }.should_not raise_error
+    end
+
+    it "should return nothing if there is only a CSR" do
+      make_certs('random-host', [])
+      expect {
+        subject.print('random-host').should be_nil
+      }.should_not raise_error
+    end
+
+    it "should return the certificate content if there is a cert" do
+      make_certs([], 'random-host')
+      text = subject.print('random-host')
+      text.should be_an_instance_of String
+      text.should =~ /^Certificate:/
+      text.should =~ /Issuer: CN=Puppet CA: /
+      text.should =~ /Subject: CN=random-host$/
+    end
+  end
+
+  context "#sign" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:sign) end
+
+    it "should not explode if there is no CSR" do
+      expect {
+        subject.sign('random-host').
+          should == 'Could not find certificate request for random-host'
+      }.should_not raise_error
+    end
+
+    it "should not explode if there is a signed cert" do
+      make_certs([], 'random-host')
+      expect {
+        subject.sign('random-host').
+          should == 'Could not find certificate request for random-host'
+      }.should_not raise_error
+    end
+
+    it "should sign a CSR if one exists" do
+      make_certs('random-host', [])
+      subject.sign('random-host').should be_an_instance_of Puppet::SSL::Certificate
+
+      list = subject.list(:signed => true)
+      list.length.should == 1
+      list.first.name.should == 'random-host'
+    end
+  end
+
+  context "#generate" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:generate) end
+
+    it "should generate a certificate if requested" do
+      subject.list(:all => true).should == []
+
+      subject.generate('random-host')
+
+      list = subject.list(:signed => true)
+      list.length.should == 1
+      list.first.name.should == 'random-host'
+    end
+
+    it "should not explode if a CSR with that name already exists" do
+      make_certs('random-host', [])
+      expect {
+        subject.generate('random-host').should =~ /already has a certificate request/
+      }.should_not raise_error
+    end
+
+    it "should not explode if the certificate with that name already exists" do
+      make_certs([], 'random-host')
+      expect {
+        subject.generate('random-host').should =~ /already has a certificate/
+      }.should_not raise_error
+    end
+  end
+
+  context "#revoke" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:revoke) end
+
+    it "should not explode when asked to revoke something that doesn't exist" do
+      expect { subject.revoke('nonesuch') }.should_not raise_error
+    end
+
+    it "should let the user know what went wrong" do
+      subject.revoke('nonesuch').should == 'Nothing was revoked'
+    end
+
+    it "should revoke a certificate" do
+      make_certs([], 'random-host')
+      found = subject.list(:all => true, :subject => 'random-host')
+      subject.get_action(:list).when_rendering(:console).call(found).
+        should =~ /^\+ random-host/
+
+      subject.revoke('random-host')
+
+      found = subject.list(:all => true, :subject => 'random-host')
+      subject.get_action(:list).when_rendering(:console).call(found).
+        should =~ /^- random-host  \([:0-9A-F]+\) \(certificate revoked\)/
+    end
+  end
+
+  context "#destroy" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:destroy) end
+
+    it "should not explode when asked to delete something that doesn't exist" do
+      expect { subject.destroy('nonesuch') }.should_not raise_error
+    end
+
+    it "should let the user know if nothing was deleted" do
+      subject.destroy('nonesuch').should == "Nothing was deleted"
+    end
+
+    it "should destroy a CSR, if we have one" do
+      make_certs('random-host', [])
+      subject.list(:pending => true, :subject => 'random-host').should_not == []
+
+      subject.destroy('random-host')
+
+      subject.list(:pending => true, :subject => 'random-host').should == []
+    end
+
+    it "should destroy a certificate, if we have one" do
+      make_certs([], 'random-host')
+      subject.list(:signed => true, :subject => 'random-host').should_not == []
+
+      subject.destroy('random-host')
+
+      subject.list(:signed => true, :subject => 'random-host').should == []
+    end
+
+    it "should tell the user something was deleted" do
+      make_certs([], 'random-host')
+      subject.list(:signed => true, :subject => 'random-host').should_not == []
+      subject.destroy('random-host').
+        should == "Deleted for random-host: Puppet::SSL::Certificate, Puppet::SSL::Key"
+    end
+  end
+
+  context "#list" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:list) end
+
+    context "options" do
+      subject { Puppet::Face[:ca, '0.1.0'].get_action(:list) }
+      it { should be_option :pending }
+      it { should be_option :signed  }
+      it { should be_option :all     }
+      it { should be_option :subject }
+    end
+
+    context "with no hosts in CA" do
+      [:pending, :signed, :all].each do |type|
+        it "should return nothing for #{type}" do
+          subject.list(type => true).should == []
+        end
+
+        it "should not fail when a matcher is passed" do
+          expect {
+            subject.list(type => true, :subject => '.').should == []
+          }.should_not raise_error
+        end
+      end
+    end
+
+    context "with some hosts" do
+      csr_names = (1..3).map {|n| "csr-#{n}" }
+      crt_names = (1..3).map {|n| "crt-#{n}" }
+      all_names = csr_names + crt_names
+
+      {
+        {}                                    => csr_names,
+        { :pending => true                  } => csr_names,
+
+        { :signed  => true                  } => crt_names,
+
+        { :all     => true                  } => all_names,
+        { :pending => true, :signed => true } => all_names,
+      }.each do |input, expect|
+        it "should map #{input.inspect} to #{expect.inspect}" do
+          make_certs(csr_names, crt_names)
+          subject.list(input).map(&:name).should =~ expect
+        end
+
+        ['', '.', '2', 'none'].each do |pattern|
+          filtered = expect.select {|x| Regexp.new(pattern).match(x) }
+
+          it "should filter all hosts matching #{pattern.inspect} to #{filtered.inspect}" do
+            make_certs(csr_names, crt_names)
+            subject.list(input.merge :subject => pattern).map(&:name).should =~ filtered
+          end
+        end
+      end
+
+      context "when_rendering :console" do
+        { [["csr1.local"], []] => '^  csr1.local ',
+          [[], ["crt1.local"]] => '^\+ crt1.local ',
+          [["csr2"], ["crt2"]] => ['^  csr2 ', '^\+ crt2 ']
+        }.each do |input, pattern|
+          it "should render #{input.inspect} to match #{pattern.inspect}" do
+            make_certs(*input)
+            text = action.when_rendering(:console).call(subject.list(:all => true))
+            Array(pattern).each do |item|
+              text.should =~ Regexp.new(item)
+            end
+          end
+        end
+      end
+    end
+  end
+
+  actions = %w{destroy list revoke generate sign print verify fingerprint}
+  actions.each do |action|
+    it { should be_action action }
+    it "should fail #{action} when not a CA" do
+      Puppet[:ca] = false
+      expect {
+        case subject.method(action).arity
+        when -1 then subject.send(action)
+        when -2 then subject.send(action, 'dummy')
+        else
+          raise "#{action} has arity #{subject.method(action).arity}"
+        end
+      }.should raise_error(/Not a CA/)
+    end
+  end
+end

data/spec/unit/face/certificate_spec.rb

@@ -10,14 +10,26 @@ describe Puppet::Face[:certificate, '0.0.1'] do
   end
 
   it "should set the ca location when invoked" do
-    Puppet::SSL::Host.expects(:ca_location=).with(:foo)
+    Puppet::SSL::Host.expects(:ca_location=).with(:local)
     Puppet::SSL::Host.indirection.expects(:save)
-    subject.sign "hello, friend", :ca_location => :foo
+    subject.sign "hello, friend", :ca_location => :local
   end
 
   it "(#7059) should set the ca location when an inherited action is invoked" do
-    Puppet::SSL::Host.expects(:ca_location=).with(:foo)
+    Puppet::SSL::Host.expects(:ca_location=).with(:local)
     subject.indirection.expects(:find)
-    subject.find "hello, friend", :ca_location => :foo
+    subject.find "hello, friend", :ca_location => :local
+  end
+
+  it "should validate the option as required" do
+    expect do
+      subject.find 'hello, friend'
+    end.to raise_exception ArgumentError, /required/i
+  end
+
+  it "should validate the option as a supported value" do
+    expect do
+      subject.find 'hello, friend', :ca_location => :foo
+    end.to raise_exception ArgumentError, /valid values/i
   end
 end

data/spec/unit/face/node_spec.rb

@@ -3,5 +3,265 @@ require 'spec_helper'
 require 'puppet/face'
 
 describe Puppet::Face[:node, '0.0.1'] do
-  it "REVISIT: really should have some tests"
+  describe '#cleanup' do
+    it "should clean everything" do
+      {
+        "cert"         => ['hostname'],
+        "cached_facts" => ['hostname'],
+        "cached_node"  => ['hostname'],
+        "reports"      => ['hostname'],
+
+        # Support for cleaning storeconfigs has been temporarily suspended.
+        # "storeconfigs" => ['hostname', :unexport]
+      }.each { |k, v| subject.expects("clean_#{k}".to_sym).with(*v) }
+      subject.cleanup('hostname', :unexport)
+    end
+  end
+
+  describe 'when running #clean' do
+    before :each do
+      Puppet::Node::Facts.indirection.stubs(:terminus_class=)
+      Puppet::Node::Facts.indirection.stubs(:cache_class=)
+      Puppet::Node.stubs(:terminus_class=)
+      Puppet::Node.stubs(:cache_class=)
+    end
+
+    it 'should invoke #cleanup' do
+      subject.expects(:cleanup).with('hostname', nil)
+      subject.clean('hostname')
+    end
+  end
+
+  describe "clean action" do
+    before :each do
+      Puppet::Node::Facts.indirection.stubs(:terminus_class=)
+      Puppet::Node::Facts.indirection.stubs(:cache_class=)
+      Puppet::Node.stubs(:terminus_class=)
+      Puppet::Node.stubs(:cache_class=)
+      subject.stubs(:cleanup)
+    end
+
+    it "should have a clean action" do
+      subject.should be_action :clean
+    end
+
+    it "should not accept a call with no arguments" do
+      expect { subject.clean() }.should raise_error
+    end
+
+    it "should accept a node name" do
+      expect { subject.clean('hostname') }.should_not raise_error
+    end
+
+    it "should accept more than one node name" do
+      expect do
+        subject.clean('hostname', 'hostname2', {})
+      end.should_not raise_error
+
+      expect do
+        subject.clean('hostname', 'hostname2', 'hostname3', { :unexport => true })
+      end.should_not raise_error
+    end
+
+    it "should accept the option --unexport" do
+      expect { subject.help('hostname', :unexport => true) }.
+        should_not raise_error ArgumentError
+    end
+
+    context "clean action" do
+      subject { Puppet::Face[:node, :current] }
+      before :each do
+        Puppet::Util::Log.stubs(:newdestination)
+        Puppet::Util::Log.stubs(:level=)
+      end
+
+      describe "during setup" do
+        it "should set facts terminus and cache class to yaml" do
+          Puppet::Node::Facts.indirection.expects(:terminus_class=).with(:yaml)
+          Puppet::Node::Facts.indirection.expects(:cache_class=).with(:yaml)
+
+          subject.clean('hostname')
+        end
+
+        it "should run in master mode" do
+          subject.clean('hostname')
+          $puppet_application_mode.name.should == :master
+        end
+
+        it "should set node cache as yaml" do
+          Puppet::Node.indirection.expects(:terminus_class=).with(:yaml)
+          Puppet::Node.indirection.expects(:cache_class=).with(:yaml)
+
+          subject.clean('hostname')
+        end
+
+        it "should manage the certs if the host is a CA" do
+          Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(true)
+          Puppet::SSL::Host.expects(:ca_location=).with(:local)
+          subject.clean('hostname')
+        end
+
+        it "should not manage the certs if the host is not a CA" do
+          Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(false)
+          Puppet::SSL::Host.expects(:ca_location=).with(:none)
+          subject.clean('hostname')
+        end
+      end
+
+      describe "when cleaning certificate" do
+        before :each do
+          Puppet::SSL::Host.stubs(:destroy)
+          @ca = mock()
+          Puppet::SSL::CertificateAuthority.stubs(:instance).returns(@ca)
+        end
+
+        it "should send the :destroy order to the ca if we are a CA" do
+          Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(true)
+          @ca.expects(:revoke).with(@host)
+          @ca.expects(:destroy).with(@host)
+          subject.clean_cert(@host)
+        end
+
+        it "should not destroy the certs if we are not a CA" do
+          Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(false)
+          @ca.expects(:revoke).never
+          @ca.expects(:destroy).never
+          subject.clean_cert(@host)
+        end
+      end
+
+      describe "when cleaning cached facts" do
+        it "should destroy facts" do
+          @host = 'node'
+          Puppet::Node::Facts.indirection.expects(:destroy).with(@host)
+
+          subject.clean_cached_facts(@host)
+        end
+      end
+
+      describe "when cleaning cached node" do
+        it "should destroy the cached node" do
+          Puppet::Node::Yaml.any_instance.expects(:destroy)
+          subject.clean_cached_node(@host)
+        end
+      end
+
+      describe "when cleaning archived reports" do
+        it "should tell the reports to remove themselves" do
+          Puppet::Transaction::Report.indirection.stubs(:destroy).with(@host)
+
+          subject.clean_reports(@host)
+        end
+      end
+
+      # describe "when cleaning storeconfigs entries for host", :if => Puppet.features.rails? do
+      #   before :each do
+      #     # Stub this so we don't need access to the DB
+      #     require 'puppet/rails/host'
+      #
+      #     Puppet.stubs(:[]).with(:storeconfigs).returns(true)
+      #
+      #     Puppet::Rails.stubs(:connect)
+      #     @rails_node = stub_everything 'rails_node'
+      #     Puppet::Rails::Host.stubs(:find_by_name).returns(@rails_node)
+      #   end
+      #
+      #   it "should connect to the database" do
+      #     Puppet::Rails.expects(:connect)
+      #     subject.clean_storeconfigs(@host, false)
+      #   end
+      #
+      #   it "should find the right host entry" do
+      #     Puppet::Rails::Host.expects(:find_by_name).with(@host).returns(@rails_node)
+      #     subject.clean_storeconfigs(@host, false)
+      #   end
+      #
+      #   describe "without unexport" do
+      #     it "should remove the host and it's content" do
+      #       @rails_node.expects(:destroy)
+      #       subject.clean_storeconfigs(@host, false)
+      #     end
+      #   end
+      #
+      #   describe "with unexport" do
+      #     before :each do
+      #       @rails_node.stubs(:id).returns(1234)
+      #
+      #       @type = stub_everything 'type'
+      #       @type.stubs(:validattr?).with(:ensure).returns(true)
+      #
+      #       @ensure_name = stub_everything 'ensure_name', :id => 23453
+      #       Puppet::Rails::ParamName.stubs(:find_or_create_by_name).returns(@ensure_name)
+      #
+      #       @param_values = stub_everything 'param_values'
+      #       @resource = stub_everything 'resource', :param_values => @param_values, :restype => "File"
+      #       Puppet::Rails::Resource.stubs(:find).returns([@resource])
+      #     end
+      #
+      #     it "should find all resources" do
+      #       Puppet::Rails::Resource.expects(:find).with(:all, {:include => {:param_values => :param_name}, :conditions => ["exported=? AND host_id=?", true, 1234]}).returns([])
+      #
+      #       subject.clean_storeconfigs(@host, true)
+      #     end
+      #
+      #     describe "with an exported native type" do
+      #       before :each do
+      #         Puppet::Type.stubs(:type).returns(@type)
+      #         @type.expects(:validattr?).with(:ensure).returns(true)
+      #       end
+      #
+      #       it "should test a native type for ensure as an attribute" do
+      #         subject.clean_storeconfigs(@host, true)
+      #       end
+      #
+      #       it "should delete the old ensure parameter" do
+      #         ensure_param = stub 'ensure_param', :id => 12345, :line => 12
+      #         @param_values.stubs(:find).returns(ensure_param)
+      #         Puppet::Rails::ParamValue.expects(:delete).with(12345);
+      #         subject.clean_storeconfigs(@host, true)
+      #       end
+      #
+      #       it "should add an ensure => absent parameter" do
+      #         @param_values.expects(:create).with(:value => "absent",
+      #                                             :line => 0,
+      #                                             :param_name => @ensure_name)
+      #         subject.clean_storeconfigs(@host, true)
+      #       end
+      #     end
+      #
+      #     describe "with an exported definition" do
+      #       it "should try to lookup a definition and test it for the ensure argument" do
+      #         Puppet::Type.stubs(:type).returns(nil)
+      #         definition = stub_everything 'definition', :arguments => { 'ensure' => 'present' }
+      #         Puppet::Resource::TypeCollection.any_instance.expects(:find_definition).with('', "File").returns(definition)
+      #         subject.clean_storeconfigs(@host, true)
+      #       end
+      #     end
+      #
+      #     it "should not unexport the resource of an unknown type" do
+      #       Puppet::Type.stubs(:type).returns(nil)
+      #       Puppet::Resource::TypeCollection.any_instance.expects(:find_definition).with('', "File").returns(nil)
+      #       Puppet::Rails::ParamName.expects(:find_or_create_by_name).never
+      #       subject.clean_storeconfigs(@host)
+      #     end
+      #
+      #     it "should not unexport the resource of a not ensurable native type" do
+      #       Puppet::Type.stubs(:type).returns(@type)
+      #       @type.expects(:validattr?).with(:ensure).returns(false)
+      #       Puppet::Resource::TypeCollection.any_instance.expects(:find_definition).with('', "File").returns(nil)
+      #       Puppet::Rails::ParamName.expects(:find_or_create_by_name).never
+      #       subject.clean_storeconfigs(@host, true)
+      #     end
+      #
+      #     it "should not unexport the resource of a not ensurable definition" do
+      #       Puppet::Type.stubs(:type).returns(nil)
+      #       definition = stub_everything 'definition', :arguments => { 'foobar' => 'someValue' }
+      #       Puppet::Resource::TypeCollection.any_instance.expects(:find_definition).with('', "File").returns(definition)
+      #       Puppet::Rails::ParamName.expects(:find_or_create_by_name).never
+      #       subject.clean_storeconfigs(@host, true)
+      #     end
+      #   end
+      # end
+    end
+  end
 end