puppet 2.7.5 → 2.7.6

data/spec/unit/network/xmlrpc/client_spec.rb

@@ -1,172 +0,0 @@
-#!/usr/bin/env rspec
-require 'puppet/network/client'
-
-require 'spec_helper'
-
-describe Puppet::Network::XMLRPCClient do
-  describe "when performing the rpc call" do
-    before do
-      Puppet::SSL::Host.any_instance.stubs(:certificate_matches_key?).returns true
-      @client = Puppet::Network::Client.report.xmlrpc_client.new
-      @client.stubs(:call).returns "foo"
-    end
-
-    it "should call the specified namespace and method, with the specified arguments" do
-      @client.expects(:call).with("puppetreports.report", "eh").returns "foo"
-      @client.report("eh")
-    end
-
-    it "should return the results from the call" do
-      @client.expects(:call).returns "foo"
-      @client.report("eh").should == "foo"
-    end
-
-    it "should always close the http connection if it is still open after the call" do
-      http = mock 'http'
-      @client.stubs(:http).returns http
-
-      http.expects(:started?).returns true
-      http.expects(:finish)
-
-      @client.report("eh").should == "foo"
-    end
-
-    it "should always close the http connection if it is still open after a call that raises an exception" do
-      http = mock 'http'
-      @client.stubs(:http).returns http
-
-      @client.expects(:call).raises RuntimeError
-
-      http.expects(:started?).returns true
-      http.expects(:finish)
-
-      lambda { @client.report("eh") }.should raise_error
-    end
-
-    describe "when returning the http instance" do
-      it "should use the http pool to create the instance" do
-        @client.instance_variable_set("@http", nil)
-        @client.expects(:host).returns "myhost"
-        @client.expects(:port).returns "myport"
-        Puppet::Network::HttpPool.expects(:http_instance).with("myhost", "myport", true).returns "http"
-
-        @client.http.should == "http"
-      end
-
-      it "should reuse existing instances" do
-        @client.http.should equal(@client.http)
-      end
-    end
-
-    describe "when recycling the connection" do
-      it "should close the existing instance if it's open" do
-        http = mock 'http'
-        @client.stubs(:http).returns http
-
-        http.expects(:started?).returns true
-        http.expects(:finish)
-
-        @client.recycle_connection
-      end
-
-      it "should force creation of a new instance" do
-        Puppet::Network::HttpPool.expects(:http_instance).returns "second_http"
-
-        @client.recycle_connection
-
-        @client.http.should == "second_http"
-      end
-    end
-
-    describe "and an exception is raised" do
-      it "should raise XMLRPCClientError if XMLRPC::FaultException is raised" do
-        error = XMLRPC::FaultException.new("foo", "bar")
-
-        @client.expects(:call).raises(error)
-
-        lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
-      end
-
-      it "should raise XMLRPCClientError if Errno::ECONNREFUSED is raised" do
-        @client.expects(:call).raises(Errno::ECONNREFUSED)
-
-        lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
-      end
-
-      it "should log and raise XMLRPCClientError if Timeout::Error is raised" do
-        Puppet.expects(:err)
-        @client.expects(:call).raises(Timeout::Error)
-
-        lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
-      end
-
-      it "should log and raise XMLRPCClientError if SocketError is raised" do
-        Puppet.expects(:err)
-        @client.expects(:call).raises(SocketError)
-
-        lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
-      end
-
-      it "should log, recycle the connection, and retry if Errno::EPIPE is raised" do
-        @client.expects(:call).times(2).raises(Errno::EPIPE).then.returns "eh"
-
-        Puppet.expects(:info)
-        @client.expects(:recycle_connection)
-
-        @client.report("eh")
-      end
-
-      it "should log, recycle the connection, and retry if EOFError is raised" do
-        @client.expects(:call).times(2).raises(EOFError).then.returns "eh"
-
-        Puppet.expects(:info)
-        @client.expects(:recycle_connection)
-
-        @client.report("eh")
-      end
-
-      it "should log and retry if an exception containing 'Wrong size' is raised" do
-        error = RuntimeError.new("Wrong size. Was 15, should be 30")
-        @client.expects(:call).times(2).raises(error).then.returns "eh"
-
-        Puppet.expects(:warning)
-
-        @client.report("eh")
-      end
-
-      it "should raise XMLRPCClientError if OpenSSL::SSL::SSLError is raised" do
-        @client.expects(:call).raises(OpenSSL::SSL::SSLError)
-
-        lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
-      end
-
-      it "should log and raise XMLRPCClientError if OpenSSL::SSL::SSLError is raised with certificate issues" do
-        error = OpenSSL::SSL::SSLError.new("hostname was not match")
-        @client.expects(:call).raises(error)
-
-        Puppet.expects(:warning)
-
-        lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
-      end
-
-      it "should log, recycle the connection, and retry if OpenSSL::SSL::SSLError is raised containing 'bad write retry'" do
-        error = OpenSSL::SSL::SSLError.new("bad write retry")
-        @client.expects(:call).times(2).raises(error).then.returns "eh"
-
-        @client.expects(:recycle_connection)
-
-        Puppet.expects(:warning)
-
-        @client.report("eh")
-      end
-
-      it "should log and raise XMLRPCClientError if any other exception is raised" do
-        @client.expects(:call).raises(RuntimeError)
-
-        Puppet.expects(:err)
-
-        lambda { @client.report("eh") }.should raise_error(Puppet::Network::XMLRPCClientError)
-      end
-    end
-  end
-end

data/spec/unit/sslcertificates/ca_spec.rb

@@ -1,106 +0,0 @@
-#!/usr/bin/env rspec
-require 'spec_helper'
-
-require 'puppet'
-require 'puppet/sslcertificates'
-require 'puppet/sslcertificates/ca'
-
-describe Puppet::SSLCertificates::CA, :unless => Puppet.features.microsoft_windows? do
-  include PuppetSpec::Files
-
-  before :all do
-    @hosts = %w{host.domain.com Other.Testing.Com}
-  end
-
-  before :each do
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-    dir = tmpdir("ca_testing")
-
-    Puppet.settings[:confdir] = dir
-    Puppet.settings[:vardir]  = dir
-
-    @ca = Puppet::SSLCertificates::CA.new
-  end
-
-  describe 'when cleaning' do
-    it 'should remove associated files' do
-      dirs = [:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir]
-
-      @hosts.each do |host|
-        files = []
-        dirs.each do |dir|
-          dir = Puppet[dir]
-
-          # Case insensitivity is handled through downcasing
-          file = File.join(dir, host.downcase + '.pem')
-
-          File.open(file, "w") do |f|
-            f.puts "testing"
-          end
-
-          files << file
-        end
-
-        lambda { @ca.clean(host) }.should_not raise_error
-
-        files.reject {|f| ! File.exists?(f)}.should be_empty
-      end
-    end
-  end
-
-  describe 'when mapping hosts to files' do
-    it 'should correctly return the certfile' do
-      @hosts.each do |host|
-        value = nil
-        lambda { value = @ca.host2certfile host }.should_not raise_error
-
-        File.join(Puppet[:signeddir], host.downcase + '.pem').should == value
-      end
-    end
-
-    it 'should correctly return the csrfile' do
-      @hosts.each do |host|
-        value = nil
-        lambda { value = @ca.host2csrfile host }.should_not raise_error
-
-        File.join(Puppet[:csrdir], host.downcase + '.pem').should == value
-      end
-    end
-  end
-
-  describe 'when listing' do
-    it 'should find all csr' do
-      list = []
-
-      # Make some fake CSRs
-      @hosts.each do |host|
-        file = File.join(Puppet[:csrdir], host.downcase + '.pem')
-        File.open(file, 'w') { |f| f.puts "yay" }
-        list << host.downcase
-      end
-
-      @ca.list.sort.should == list.sort
-    end
-  end
-
-  describe 'when creating a root certificate' do
-    before :each do
-      lambda { @ca.mkrootcert }.should_not raise_exception
-    end
-
-    it 'should store the public key' do
-      File.exists?(Puppet[:capub]).should be_true
-    end
-
-    it 'should prepend "Puppet CA: " to the fqdn as the ca_name by default' do
-      host_mock_fact = mock()
-      host_mock_fact.expects(:value).returns('myhost')
-      domain_mock_fact = mock()
-      domain_mock_fact.expects(:value).returns('puppetlabs.lan')
-      Facter.stubs(:[]).with('hostname').returns(host_mock_fact)
-      Facter.stubs(:[]).with('domain').returns(domain_mock_fact)
-
-      @ca.mkrootcert.name.should == 'Puppet CA: myhost.puppetlabs.lan'
-    end
-  end
-end

data/test/certmgr/certmgr.rb

@@ -1,308 +0,0 @@
-#!/usr/bin/env ruby
-
-require File.expand_path(File.dirname(__FILE__) + '/../lib/puppettest')
-
-require 'puppet'
-require 'puppet/sslcertificates.rb'
-require 'puppettest'
-require 'puppettest/certificates'
-require 'mocha'
-
-class TestCertMgr < Test::Unit::TestCase
-  include PuppetTest::Certificates
-  def setup
-    super
-    #@dir = File.join(Puppet[:certdir], "testing")
-    @dir = File.join(@configpath, "certest")
-    system("mkdir -p #{@dir}")
-
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-  end
-
-  def testCreateSelfSignedCertificate
-    cert = nil
-    name = "testing"
-    newcert = proc {
-
-            Puppet::SSLCertificates::Certificate.new(
-                
-        :name => name,
-        
-        :selfsign => true
-      )
-    }
-    assert_nothing_raised {
-      cert = newcert.call
-    }
-    assert_nothing_raised {
-      cert.mkselfsigned
-    }
-
-    assert_raise(Puppet::Error) {
-      cert.mkselfsigned
-    }
-
-    assert_nothing_raised {
-      cert.write
-    }
-
-    assert(FileTest.exists?(cert.certfile))
-
-    assert_nothing_raised {
-      cert.delete
-    }
-
-    assert_nothing_raised {
-      cert = newcert.call
-    }
-    assert_nothing_raised {
-      cert.mkselfsigned
-    }
-
-    assert_nothing_raised {
-      cert.delete
-    }
-
-  end
-
-  def disabled_testCreateEncryptedSelfSignedCertificate
-    cert = nil
-    name = "testing"
-    keyfile = mkPassFile
-    assert_nothing_raised {
-
-            cert = Puppet::SSLCertificates::Certificate.new(
-                
-        :name => name,
-        :selfsign => true,
-        
-        :capass => keyfile
-      )
-    }
-    assert_nothing_raised {
-      cert.mkselfsigned
-    }
-    assert_nothing_raised {
-      cert.mkhash
-    }
-
-    assert_raise(Puppet::Error) {
-      cert.mkselfsigned
-    }
-
-    assert(FileTest.exists?(cert.certfile))
-    assert(FileTest.exists?(cert.hash))
-
-    assert_nothing_raised {
-      cert.delete
-    }
-
-    assert_nothing_raised {
-      cert.mkselfsigned
-    }
-
-    assert_nothing_raised {
-      cert.delete
-    }
-
-  end
-
-  def testCreateCA
-    ca = nil
-    assert_nothing_raised {
-      ca = Puppet::SSLCertificates::CA.new
-    }
-
-    # make the CA again and verify it doesn't fail because everything
-    # still exists
-    assert_nothing_raised {
-      ca = Puppet::SSLCertificates::CA.new
-    }
-
-  end
-
-  def testSignCert
-    ca = mkCA()
-
-    cert = nil
-    assert_nothing_raised {
-
-            cert = Puppet::SSLCertificates::Certificate.new(
-                
-        :name => "signedcertest",
-        :property => "TN",
-        :city => "Nashville",
-        :country => "US",
-        :email => "luke@madstop.com",
-        :org => "Puppet",
-        :ou => "Development",
-        
-        :encrypt => mkPassFile()
-      )
-
-    }
-
-    assert_nothing_raised {
-      cert.mkcsr
-    }
-
-    signedcert = nil
-    cacert = nil
-
-    assert_nothing_raised {
-      signedcert, cacert = ca.sign(cert.csr)
-    }
-
-    assert_instance_of(OpenSSL::X509::Certificate, signedcert)
-    assert_instance_of(OpenSSL::X509::Certificate, cacert)
-
-    assert_nothing_raised {
-      cert.cert = signedcert
-      cert.cacert = cacert
-      cert.write
-    }
-    #system("find #{Puppet[:ssldir]}")
-    #system("cp -R #{Puppet[:ssldir]} /tmp/ssltesting")
-
-    output = nil
-    assert_nothing_raised {
-      output = %x{openssl verify -CAfile #{Puppet[:cacert]} -purpose sslserver #{cert.certfile}}
-      #output = %x{openssl verify -CApath #{Puppet[:certdir]} -purpose sslserver #{cert.certfile}}
-    }
-
-    assert_equal($CHILD_STATUS,0)
-    assert_equal(File.join(Puppet[:certdir], "signedcertest.pem: OK\n"), output)
-  end
-
-
-  def test_interactiveca
-    ca = nil
-
-    assert_nothing_raised {
-      ca = Puppet::SSLCertificates::CA.new
-    }
-
-    # basic initialization
-    hostname = "test.hostname.com"
-    cert = mkcert(hostname)
-
-    # create the csr
-    csr = nil
-    assert_nothing_raised {
-      csr = cert.mkcsr
-    }
-
-    assert_nothing_raised {
-      ca.storeclientcsr(csr)
-    }
-
-    # store it
-    pulledcsr = nil
-    assert_nothing_raised {
-      pulledcsr = ca.getclientcsr(hostname)
-    }
-
-    assert_equal(csr.to_pem, pulledcsr.to_pem)
-
-    signedcert = nil
-    assert_nothing_raised {
-      signedcert, cacert = ca.sign(csr)
-    }
-
-    assert_instance_of(OpenSSL::X509::Certificate, signedcert)
-    newsignedcert = nil
-    assert_nothing_raised {
-      newsignedcert, cacert = ca.getclientcert(hostname)
-    }
-
-    assert(newsignedcert)
-
-    assert_equal(signedcert.to_pem, newsignedcert.to_pem)
-  end
-
-  def test_cafailures
-    ca = mkCA()
-    cert = cacert = nil
-    assert_nothing_raised {
-      cert, cacert = ca.getclientcert("nohost")
-    }
-    assert_nil(cert)
-  end
-
-  def test_crl
-    ca = mkCA()
-    h1 = mksignedcert(ca, "host1.example.com")
-    h2 = mksignedcert(ca, "host2.example.com")
-
-    assert(ca.cert.verify(ca.cert.public_key))
-    assert(h1.verify(ca.cert.public_key))
-    assert(h2.verify(ca.cert.public_key))
-
-    crl = ca.crl
-    assert_not_nil(crl)
-
-    store = mkStore(ca)
-    assert( store.verify(ca.cert))
-    assert( store.verify(h1, [ca.cert]))
-    assert( store.verify(h2, [ca.cert]))
-
-    ca.revoke(h1.serial)
-
-    oldcert = File.read(Puppet.settings[:cacert])
-    oldserial = File.read(Puppet.settings[:serial])
-
-    # Recreate the CA from disk
-    ca = mkCA()
-    newcert = File.read(Puppet.settings[:cacert])
-    newserial = File.read(Puppet.settings[:serial])
-    assert_equal(oldcert, newcert, "The certs are not equal after making a new CA.")
-    assert_equal(oldserial, newserial, "The serials are not equal after making a new CA.")
-    store = mkStore(ca)
-    assert( store.verify(ca.cert), "Could not verify CA certs after reloading certs.")
-    assert(!store.verify(h1, [ca.cert]), "Incorrectly verified revoked cert.")
-    assert( store.verify(h2, [ca.cert]), "Could not verify certs with reloaded CA.")
-
-    ca.revoke(h2.serial)
-    assert_equal(1, ca.crl.extensions.size)
-
-    # Recreate the CA from disk
-    ca = mkCA()
-    store = mkStore(ca)
-    assert( store.verify(ca.cert))
-    assert(!store.verify(h1, [ca.cert]), "first revoked cert passed")
-    assert(!store.verify(h2, [ca.cert]), "second revoked cert passed")
-  end
-
-  def test_ttl
-    cert = mksignedcert
-    assert_equal(5 * 365 * 24 * 60 * 60,  cert.not_after - cert.not_before)
-
-    Puppet[:ca_ttl] = 7 * 24 * 60 * 60
-    cert = mksignedcert
-    assert_equal(7 * 24 * 60 * 60,  cert.not_after - cert.not_before)
-
-    Puppet[:ca_ttl] = "2y"
-    cert = mksignedcert
-    assert_equal(2 * 365 * 24 * 60 * 60,  cert.not_after - cert.not_before)
-
-    Puppet[:ca_ttl] = "2y"
-    cert = mksignedcert
-    assert_equal(2 * 365 * 24 * 60 * 60,  cert.not_after - cert.not_before)
-
-    Puppet[:ca_ttl] = "1h"
-    cert = mksignedcert
-    assert_equal(60 * 60,  cert.not_after - cert.not_before)
-
-    Puppet[:ca_ttl] = "900s"
-    cert = mksignedcert
-    assert_equal(900,  cert.not_after - cert.not_before)
-
-    # This needs to be last, to make sure that setting ca_days
-    # overrides setting ca_ttl
-    Puppet[:ca_days] = 3
-    cert = mksignedcert
-    assert_equal(3 * 24 * 60 * 60,  cert.not_after - cert.not_before)
-
-  end
-end
-