puppet 2.7.5 → 2.7.6

data/spec/unit/ssl/certificate_spec.rb

@@ -89,28 +89,34 @@ describe Puppet::SSL::Certificate do
       @certificate.should respond_to(:content)
     end
 
-    describe "#alternate_names" do
-      before do
-        Puppet[:certdnsnames] = 'foo:bar:baz'
-        @csr            = OpenSSL::X509::Request.new
-        @csr.subject    = OpenSSL::X509::Name.new([['CN', 'quux']])
-        @csr.public_key = OpenSSL::PKey::RSA.generate(Puppet[:keylength]).public_key
-      end
-
+    describe "#subject_alt_names" do
       it "should list all alternate names when the extension is present" do
-        cert = Puppet::SSL::CertificateFactory.new('server', @csr, @csr, 14).result
+        key = Puppet::SSL::Key.new('quux')
+        key.generate
 
-        @certificate = @class.from_s(cert.to_pem)
+        csr = Puppet::SSL::CertificateRequest.new('quux')
+        csr.generate(key, :dns_alt_names => 'foo, bar,baz')
 
-        @certificate.alternate_names.should =~ ['foo', 'bar', 'baz', 'quux']
+        raw_csr = csr.content
+
+        cert = Puppet::SSL::CertificateFactory.build('server', csr, raw_csr, 14)
+        certificate = @class.from_s(cert.to_pem)
+        certificate.subject_alt_names.
+          should =~ ['DNS:foo', 'DNS:bar', 'DNS:baz', 'DNS:quux']
       end
 
       it "should return an empty list of names if the extension is absent" do
-        cert = Puppet::SSL::CertificateFactory.new('client', @csr, @csr, 14).result
+        key = Puppet::SSL::Key.new('quux')
+        key.generate
+
+        csr = Puppet::SSL::CertificateRequest.new('quux')
+        csr.generate(key)
 
-        @certificate = @class.from_s(cert.to_pem)
+        raw_csr = csr.content
 
-        @certificate.alternate_names.should == []
+        cert = Puppet::SSL::CertificateFactory.build('client', csr, raw_csr, 14)
+        certificate = @class.from_s(cert.to_pem)
+        certificate.subject_alt_names.should be_empty
       end
     end
 

data/spec/unit/ssl/host_spec.rb

@@ -2,8 +2,6 @@
 require 'spec_helper'
 
 require 'puppet/ssl/host'
-require 'puppet/sslcertificates'
-require 'puppet/sslcertificates/ca'
 
 # REMIND: Fails on windows because there is no user provider yet
 describe Puppet::SSL::Host, :fails_on_windows => true do
@@ -16,13 +14,14 @@ describe Puppet::SSL::Host, :fails_on_windows => true do
     dir = tmpdir("ssl_host_testing")
     Puppet.settings[:confdir] = dir
     Puppet.settings[:vardir] = dir
+    Puppet.settings.use :main, :ssl
 
     @host = Puppet::SSL::Host.new("myname")
   end
 
   after do
     # Cleaned out any cached localhost instance.
-    Puppet::SSL::Host.instance_variable_set(:@localhost, nil)
+    Puppet::SSL::Host.reset
     Puppet::SSL::Host.ca_location = :none
   end
 
@@ -65,6 +64,12 @@ describe Puppet::SSL::Host, :fails_on_windows => true do
     Puppet::SSL::Host.should respond_to(:localhost)
   end
 
+  it "should allow to reset localhost" do
+    previous_host = Puppet::SSL::Host.localhost
+    Puppet::SSL::Host.reset
+    Puppet::SSL::Host.localhost.should_not == previous_host
+  end
+
   it "should generate the certificate for the localhost instance if no certificate is available" do
     host = stub 'host', :key => nil
     Puppet::SSL::Host.expects(:new).returns host
@@ -75,6 +80,48 @@ describe Puppet::SSL::Host, :fails_on_windows => true do
     Puppet::SSL::Host.localhost.should equal(host)
   end
 
+  it "should create a localhost cert if no cert is available and it is a CA with autosign and it is using DNS alt names" do
+    Puppet[:autosign] = true
+    Puppet[:confdir] = tmpdir('conf')
+    Puppet[:dns_alt_names] = "foo,bar,baz"
+    ca = Puppet::SSL::CertificateAuthority.new
+    Puppet::SSL::CertificateAuthority.stubs(:instance).returns ca
+
+    localhost = Puppet::SSL::Host.localhost
+    cert = localhost.certificate
+
+    cert.should be_a(Puppet::SSL::Certificate)
+    cert.subject_alt_names.should =~ %W[DNS:#{Puppet[:certname]} DNS:foo DNS:bar DNS:baz]
+  end
+
+  context "with dns_alt_names" do
+    before :each do
+      Puppet[:dns_alt_names] = 'one, two'
+
+      @key = stub('key content')
+      key = stub('key', :generate => true, :content => @key)
+      Puppet::SSL::Key.stubs(:new).returns key
+      Puppet::SSL::Key.indirection.stubs(:save).with(key)
+
+      @cr = stub('certificate request')
+      Puppet::SSL::CertificateRequest.stubs(:new).returns @cr
+      Puppet::SSL::CertificateRequest.indirection.stubs(:save).with(@cr)
+    end
+
+    it "should not include subjectAltName if not the local node" do
+      @cr.expects(:generate).with(@key, {})
+
+      Puppet::SSL::Host.new('not-the-' + Puppet[:certname]).generate
+    end
+
+    it "should include subjectAltName if I am a CA" do
+      @cr.expects(:generate).
+        with(@key, { :dns_alt_names => Puppet[:dns_alt_names] })
+
+      Puppet::SSL::Host.localhost
+    end
+  end
+
   it "should always read the key for the localhost instance in from disk" do
     host = stub 'host', :certificate => "eh"
     Puppet::SSL::Host.expects(:new).returns host
@@ -381,7 +428,7 @@ describe Puppet::SSL::Host, :fails_on_windows => true do
 
       key = stub 'key', :public_key => mock("public_key"), :content => "mycontent"
       @host.stubs(:key).returns(key)
-      @request.expects(:generate).with("mycontent")
+      @request.expects(:generate).with("mycontent", {})
       Puppet::SSL::CertificateRequest.indirection.expects(:save).with(@request)
 
       @host.generate_certificate_request.should be_true
@@ -573,7 +620,7 @@ describe Puppet::SSL::Host, :fails_on_windows => true do
       it "should use the CA to sign its certificate request if it does not have a certificate" do
         @host.expects(:certificate).returns nil
 
-        @ca.expects(:sign).with(@host.name)
+        @ca.expects(:sign).with(@host.name, true)
 
         @host.generate
       end
@@ -716,7 +763,6 @@ describe Puppet::SSL::Host, :fails_on_windows => true do
     before do
       Puppet[:vardir] = tmpdir("ssl_test_vardir")
       Puppet[:ssldir] = tmpdir("ssl_test_ssldir")
-      Puppet::SSLCertificates::CA.new.mkrootcert
       # localcacert is where each client stores the CA certificate
       # cacert is where the master stores the CA certificate
       # Since we need to play the role of both for testing we need them to be the same and exist

data/spec/unit/type/file/content_spec.rb

@@ -13,7 +13,7 @@ describe content do
 
   describe "when determining the checksum type" do
     it "should use the type specified in the source checksum if a source is set" do
-      @resource[:source] = "/foo"
+      @resource[:source] = File.expand_path("/foo")
       @resource.parameter(:source).expects(:checksum).returns "{md5lite}eh"
 
       @content = content.new(:resource => @resource)
@@ -301,14 +301,14 @@ describe content do
 
     describe "from local source", :fails_on_windows => true do
       before(:each) do
-        @resource = Puppet::Type.type(:file).new :path => @filename, :backup => false
         @sourcename = tmpfile('source')
+        @resource = Puppet::Type.type(:file).new :path => @filename, :backup => false, :source => @sourcename
+
         @source_content = "source file content"*10000
         @sourcefile = File.open(@sourcename, 'w') {|f| f.write @source_content}
 
         @content = @resource.newattr(:content)
-        @source = @resource.newattr(:source)
-        @source.stubs(:metadata).returns stub_everything('metadata', :source => @sourcename, :ftype => 'file')
+        @source = @resource.parameter :source #newattr(:source)
       end
 
       it "should copy content from the source to the file" do

data/spec/unit/type/file/group_spec.rb

@@ -1,122 +1,60 @@
 #!/usr/bin/env rspec
-require 'spec_helper'
-
-property = Puppet::Type.type(:file).attrclass(:group)
-
-describe property do
-  before do
-    @resource = stub 'resource', :line => "foo", :file => "bar"
-    @resource.stubs(:[]).returns "foo"
-    @resource.stubs(:[]).with(:path).returns "/my/file"
-    @group = property.new :resource => @resource
-  end
-
-  it "should have a method for testing whether a group is valid" do
-    @group.must respond_to(:validgroup?)
-  end
-
-  it "should return the found gid if a group is valid" do
-    @group.expects(:gid).with("foo").returns 500
-    @group.validgroup?("foo").should == 500
-  end
-
-  it "should return false if a group is not valid" do
-    @group.expects(:gid).with("foo").returns nil
-    @group.validgroup?("foo").should be_false
-  end
-
-  describe "when retrieving the current value" do
-    it "should return :absent if the file cannot stat" do
-      @resource.expects(:stat).returns nil
-
-      @group.retrieve.should == :absent
-    end
 
-    it "should get the gid from the stat instance from the file" do
-      stat = stub 'stat', :ftype => "foo"
-      @resource.expects(:stat).returns stat
-      stat.expects(:gid).returns 500
-
-      @group.retrieve.should == 500
-    end
+require 'spec_helper'
 
-    it "should warn and return :silly if the found value is higher than the maximum uid value" do
-      Puppet.settings.expects(:value).with(:maximum_uid).returns 500
+describe Puppet::Type.type(:file).attrclass(:group) do
+  include PuppetSpec::Files
 
-      stat = stub 'stat', :ftype => "foo"
-      @resource.expects(:stat).returns stat
-      stat.expects(:gid).returns 1000
+  let(:path) { tmpfile('mode_spec') }
+  let(:resource) { Puppet::Type.type(:file).new :path => path, :group => 'users' }
+  let(:group) { resource.property(:group) }
 
-      @group.expects(:warning)
-      @group.retrieve.should == :silly
-    end
+  before :each do
+    # If the provider was already loaded without root, it won't have the
+    # feature, so we have to add it here to test.
+    Puppet::Type.type(:file).defaultprovider.has_feature :manages_ownership
   end
 
-  describe "when determining if the file is in sync" do
-    it "should directly compare the group values if the desired group is an integer" do
-      @group.should = [10]
-      @group.must be_safe_insync(10)
-    end
+  describe "#insync?" do
+    before :each do
+      resource[:group] = ['foos', 'bars']
 
-    it "should treat numeric strings as integers" do
-      @group.should = ["10"]
-      @group.must be_safe_insync(10)
+      resource.provider.stubs(:name2gid).with('foos').returns 1001
+      resource.provider.stubs(:name2gid).with('bars').returns 1002
     end
 
-    it "should convert the group name to an integer if the desired group is a string" do
-      @group.expects(:gid).with("foo").returns 10
-      @group.should = %w{foo}
+    it "should fail if an group's id can't be found by name" do
+      resource.provider.stubs(:name2gid).returns nil
 
-      @group.must be_safe_insync(10)
+      expect { group.insync?(5) }.to raise_error(/Could not find group foos/)
     end
 
-    it "should not validate that groups exist when a group is specified as an integer" do
-      @group.expects(:gid).never
-      @group.validgroup?(10)
+    it "should use the id for comparisons, not the name" do
+      group.insync?('foos').should be_false
     end
 
-    it "should fail if it cannot convert a group name to an integer" do
-      @group.expects(:gid).with("foo").returns nil
-      @group.should = %w{foo}
-
-      lambda { @group.safe_insync?(10) }.should raise_error(Puppet::Error)
+    it "should return true if the current group is one of the desired group" do
+      group.insync?(1001).should be_true
     end
 
-    it "should return false if the groups are not equal" do
-      @group.should = [10]
-      @group.should_not be_safe_insync(20)
+    it "should return false if the current group is not one of the desired group" do
+      group.insync?(1003).should be_false
     end
   end
 
-  describe "when changing the group" do
-    before do
-      @group.should = %w{one}
-      @group.stubs(:gid).returns 500
-    end
-
-    it "should chown the file if :links is set to :follow" do
-      @resource.expects(:[]).with(:links).returns :follow
-      File.expects(:chown)
-
-      @group.sync
-    end
-
-    it "should lchown the file if :links is set to :manage" do
-      @resource.expects(:[]).with(:links).returns :manage
-      File.expects(:lchown)
-
-      @group.sync
-    end
+  %w[is_to_s should_to_s].each do |prop_to_s|
+    describe "##{prop_to_s}" do
+      it "should use the name of the user if it can find it" do
+        resource.provider.stubs(:gid2name).with(1001).returns 'foos'
 
-    it "should use the first valid group in its 'should' list" do
-      @group.should = %w{one two three}
-      @group.expects(:validgroup?).with("one").returns nil
-      @group.expects(:validgroup?).with("two").returns 500
-      @group.expects(:validgroup?).with("three").never
+        group.send(prop_to_s, 1001).should == 'foos'
+      end
 
-      File.expects(:chown).with(nil, 500, "/my/file")
+      it "should use the id of the user if it can't" do
+        resource.provider.stubs(:gid2name).with(1001).returns nil
 
-      @group.sync
+        group.send(prop_to_s, 1001).should == 1001
+      end
     end
   end
 end

data/spec/unit/type/file/mode_spec.rb

@@ -0,0 +1,88 @@
+#!/usr/bin/env rspec
+
+require 'spec_helper'
+
+describe Puppet::Type.type(:file).attrclass(:mode) do
+  include PuppetSpec::Files
+
+  let(:path) { tmpfile('mode_spec') }
+  let(:resource) { Puppet::Type.type(:file).new :path => path, :mode => 0644 }
+  let(:mode) { resource.property(:mode) }
+
+  describe "#validate" do
+    it "should accept values specified as integers" do
+      expect { mode.value = 0755 }.not_to raise_error
+    end
+
+    it "should accept values specified as octal numbers in strings" do
+      expect { mode.value = '0755' }.not_to raise_error
+    end
+
+    it "should not accept strings other than octal numbers" do
+      expect do
+        mode.value = 'readable please!'
+      end.to raise_error(Puppet::Error, /File modes can only be octal numbers/)
+    end
+  end
+
+  describe "#munge" do
+    it "should dirmask the value when munging" do
+      Dir.mkdir(path)
+      mode.value = 0644
+
+      mode.value.must == '755'
+    end
+  end
+
+  describe "#dirmask" do
+    before :each do
+      Dir.mkdir(path)
+    end
+
+    # This is sort of a redundant test, but its spec is important.
+    it "should return the value as a string" do
+      mode.dirmask('0644').should be_a(String)
+    end
+
+    it "should accept strings as arguments" do
+      mode.dirmask('0644').should == '755'
+    end
+
+    it "should accept integers are arguments" do
+      mode.dirmask(0644).should == '755'
+    end
+
+    it "should add execute bits corresponding to read bits for directories" do
+      mode.dirmask(0644).should == '755'
+    end
+
+    it "should not add an execute bit when there is no read bit" do
+      mode.dirmask(0600).should == '700'
+    end
+
+    it "should not add execute bits for files that aren't directories" do
+      resource[:path] = tmpfile('other_file')
+      mode.dirmask(0644).should == '644'
+    end
+  end
+
+  describe "#insync?" do
+    it "should return true if the mode is correct" do
+      FileUtils.touch(path)
+
+      mode.must be_insync('644')
+    end
+
+    it "should return false if the mode is incorrect" do
+      FileUtils.touch(path)
+
+      mode.must_not be_insync('755')
+    end
+
+    it "should return true if the file is a link and we are managing links", :unless => Puppet.features.microsoft_windows? do
+      File.symlink('anything', path)
+
+      mode.must be_insync('644')
+    end
+  end
+end

data/spec/unit/type/file/owner_spec.rb

@@ -1,149 +1,58 @@
 #!/usr/bin/env rspec
-require 'spec_helper'
-
-property = Puppet::Type.type(:file).attrclass(:owner)
-
-describe property do
-  before do
-    # FIXME: many of these tests exercise the provider rather than `owner`
-    # and should be moved into provider tests. ~JW
-    @provider = Puppet::Type.type(:file).provider(:posix).new
-    @provider.stubs(:uid).with("one").returns(1)
 
-    @resource = stub 'resource', :line => "foo", :file => "bar"
-    @resource.stubs(:[]).returns "foo"
-    @resource.stubs(:[]).with(:path).returns "/my/file"
-    @resource.stubs(:provider).returns @provider
-
-    @owner = property.new :resource => @resource
-  end
+require 'spec_helper'
 
-  it "should have a method for testing whether an owner is valid" do
-    @provider.must respond_to(:validuser?)
-  end
+describe Puppet::Type.type(:file).attrclass(:owner) do
+  include PuppetSpec::Files
 
-  it "should return the found uid if an owner is valid" do
-    @provider.expects(:uid).with("foo").returns 500
-    @provider.validuser?("foo").should == 500
-  end
+  let(:path) { tmpfile('mode_spec') }
+  let(:resource) { Puppet::Type.type(:file).new :path => path, :owner => 'joeuser' }
+  let(:owner) { resource.property(:owner) }
 
-  it "should return false if an owner is not valid" do
-    @provider.expects(:uid).with("foo").returns nil
-    @provider.validuser?("foo").should be_false
+  before :each do
+    Puppet.features.stubs(:root?).returns(true)
   end
 
-  describe "when retrieving the current value" do
-    it "should return :absent if the file cannot stat" do
-      @resource.expects(:stat).returns nil
-
-      @owner.retrieve.should == :absent
-    end
-
-    it "should get the uid from the stat instance from the file" do
-      stat = stub 'stat', :ftype => "foo"
-      @resource.expects(:stat).returns stat
-      stat.expects(:uid).returns 500
-
-      @owner.retrieve.should == 500
-    end
-
-    it "should warn and return :silly if the found value is higher than the maximum uid value" do
-      Puppet.settings.expects(:value).with(:maximum_uid).returns 500
-
-      stat = stub 'stat', :ftype => "foo"
-      @resource.expects(:stat).returns stat
-      stat.expects(:uid).returns 1000
+  describe "#insync?" do
+    before :each do
+      resource[:owner] = ['foo', 'bar']
 
-      @provider.expects(:warning)
-      @owner.retrieve.should == :silly
+      resource.provider.stubs(:name2uid).with('foo').returns 1001
+      resource.provider.stubs(:name2uid).with('bar').returns 1002
     end
-  end
-
-  describe "when determining if the file is in sync" do
-    describe "and not running as root" do
-      it "should warn once and return true" do
-        Puppet.features.expects(:root?).returns false
-
-        @provider.expects(:warnonce)
 
-        @owner.should = [10]
-        @owner.must be_safe_insync(20)
-      end
-    end
+    it "should fail if an owner's id can't be found by name" do
+      resource.provider.stubs(:name2uid).returns nil
 
-    before do
-      Puppet.features.stubs(:root?).returns true
+      expect { owner.insync?(5) }.to raise_error(/Could not find user foo/)
     end
 
-    it "should be in sync if 'should' is not provided" do
-      @owner.must be_safe_insync(10)
+    it "should use the id for comparisons, not the name" do
+      owner.insync?('foo').should be_false
     end
 
-    it "should directly compare the owner values if the desired owner is an integer" do
-      @owner.should = [10]
-      @owner.must be_safe_insync(10)
+    it "should return true if the current owner is one of the desired owners" do
+      owner.insync?(1001).should be_true
     end
 
-    it "should treat numeric strings as integers" do
-      @owner.should = ["10"]
-      @owner.must be_safe_insync(10)
-    end
-
-    it "should convert the owner name to an integer if the desired owner is a string" do
-      @provider.expects(:uid).with("foo").returns 10
-      @owner.should = %w{foo}
-
-      @owner.must be_safe_insync(10)
-    end
-
-    it "should not validate that users exist when a user is specified as an integer" do
-      @provider.expects(:uid).never
-      @provider.validuser?(10)
-    end
-
-    it "should fail if it cannot convert an owner name to an integer" do
-      @provider.expects(:uid).with("foo").returns nil
-      @owner.should = %w{foo}
-
-      lambda { @owner.safe_insync?(10) }.should raise_error(Puppet::Error)
-    end
-
-    it "should return false if the owners are not equal" do
-      @owner.should = [10]
-      @owner.should_not be_safe_insync(20)
+    it "should return false if the current owner is not one of the desired owners" do
+      owner.insync?(1003).should be_false
     end
   end
 
-  describe "when changing the owner" do
-    before do
-      @owner.should = %w{one}
-      @owner.stubs(:path).returns "path"
-      @owner.stubs(:uid).returns 500
-    end
-
-    it "should chown the file if :links is set to :follow" do
-      @resource.expects(:[]).with(:links).returns :follow
-      File.expects(:chown)
-
-      @owner.sync
-    end
-
-    it "should lchown the file if :links is set to :manage" do
-      @resource.expects(:[]).with(:links).returns :manage
-      File.expects(:lchown)
+  %w[is_to_s should_to_s].each do |prop_to_s|
+    describe "##{prop_to_s}" do
+      it "should use the name of the user if it can find it" do
+        resource.provider.stubs(:uid2name).with(1001).returns 'foo'
 
-      @owner.sync
-    end
-
-    it "should use the first valid owner in its 'should' list" do
-      @owner.should = %w{one two three}
-      @provider.expects(:validuser?).with("one").returns nil
-      @provider.expects(:validuser?).with("two").returns 500
-      @provider.expects(:validuser?).with("three").never
+        owner.send(prop_to_s, 1001).should == 'foo'
+      end
 
-      File.expects(:chown).with(500, nil, "/my/file")
+      it "should use the id of the user if it can't" do
+        resource.provider.stubs(:uid2name).with(1001).returns nil
 
-      @owner.sync
+        owner.send(prop_to_s, 1001).should == 1001
+      end
     end
   end
 end