puppet 2.7.5 → 2.7.6

data/test/certmgr/inventory.rb

@@ -1,69 +0,0 @@
-#!/usr/bin/env ruby
-
-require File.expand_path(File.dirname(__FILE__) + '/../lib/puppettest')
-
-require 'puppet'
-require 'puppettest/certificates'
-require 'puppet/sslcertificates/inventory.rb'
-require 'mocha'
-
-class TestCertInventory < Test::Unit::TestCase
-  include PuppetTest::Certificates
-
-  Inventory = Puppet::SSLCertificates::Inventory
-
-  def setup
-    super
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-  end
-
-  def test_format
-    cert = mksignedcert
-
-    format = nil
-    assert_nothing_raised do
-      format = Inventory.format(cert)
-    end
-
-
-      assert(
-        format =~ /^0x0001 \S+ \S+ #{cert.subject}/,
-
-        "Did not create correct format")
-    end
-
-  def test_init
-    # First create a couple of certificates
-    ca = mkCA
-
-    cert1 = mksignedcert(ca, "host1.madstop.com")
-    cert2 = mksignedcert(ca, "host2.madstop.com")
-
-    init = nil
-    assert_nothing_raised do
-      init = Inventory.init
-    end
-
-    [cert1, cert2].each do |cert|
-      assert(init.include?(cert.subject.to_s), "Did not catch #{cert.subject}")
-    end
-  end
-
-  def test_add
-    ca = mkCA
-    cert = mksignedcert(ca, "host.domain.com")
-
-    assert_nothing_raised do
-      file = mock
-      file.expects(:puts).with do |written|
-        written.include? cert.subject.to_s
-      end
-      Puppet::Util::Settings.any_instance.stubs(:write)
-      Puppet::Util::Settings.any_instance.expects(:write).
-        with(:cert_inventory, 'a').yields(file)
-
-      Puppet::SSLCertificates::Inventory.add(cert)
-    end
-  end
-end
-

data/test/certmgr/support.rb

@@ -1,105 +0,0 @@
-#!/usr/bin/env ruby
-
-require File.expand_path(File.dirname(__FILE__) + '/../lib/puppettest')
-
-require 'puppettest'
-require 'puppet/sslcertificates/support'
-require 'mocha'
-
-class TestCertSupport < Test::Unit::TestCase
-  include PuppetTest
-  MissingCertificate = Puppet::SSLCertificates::Support::MissingCertificate
-
-  class CertUser
-    include Puppet::SSLCertificates::Support
-  end
-
-  def setup
-    super
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-    @user = CertUser.new
-    @ca = Puppet::SSLCertificates::CA.new
-    @client = Puppet::Network::Client.ca.new(:CA => @ca)
-  end
-
-  # Yay, metaprogramming
-  def test_keytype
-    [:key, :csr, :cert, :ca_cert].each do |name|
-      assert(Puppet::SSLCertificates::Support.method_defined?(name), "No retrieval method for #{name}")
-      maker = "mk_#{name}"
-      assert(Puppet::SSLCertificates::Support.method_defined?(maker), "No maker method for #{name}")
-    end
-  end
-
-  def test_keys
-    keys = [:hostprivkey, :hostpubkey].each { |n| Puppet[n] = tempfile }
-
-    key = nil
-    assert_nothing_raised do
-      key = @user.key
-    end
-
-    assert_logged(:info, /Creating a new SSL/, "Did not log about new key")
-    keys.each do |file|
-
-            assert(
-        FileTest.exists?(Puppet[file]),
-        
-        "Did not create #{file} key file")
-    end
-
-    # Make sure it's a valid key
-    assert_nothing_raised("Created key is invalid") do
-      OpenSSL::PKey::RSA.new(File.read(Puppet[:hostprivkey]))
-    end
-
-    # now make sure we can read it in
-    other = CertUser.new
-    assert_nothing_raised("Could not read key in") do
-      other.key
-    end
-
-    assert_equal(@user.key.to_s, other.key.to_s, "Keys are not equal")
-  end
-
-  def test_csr
-    csr = nil
-    assert_nothing_raised("Could not create csr") do
-      csr = @user.csr
-    end
-
-    assert(FileTest.exists?(Puppet[:hostcsr]), "did not create csr file")
-    assert_instance_of(OpenSSL::X509::Request, csr)
-  end
-
-  def test_cacert
-    @user = CertUser.new
-
-    assert_raise(MissingCertificate, "Did not fail when missing cacert") do
-      @user.ca_cert
-    end
-  end
-
-  # Fixing #1382.  This test will always fail on Darwin, because its
-  # FS is case-insensitive.
-  unless Facter.value(:operatingsystem) == "Darwin"
-    def test_uppercase_files_are_renamed_and_read
-      # Write a key out to disk in a file containing upper-case.
-      key = OpenSSL::PKey::RSA.new(32)
-      should_path = Puppet[:hostprivkey]
-
-      dir, file = File.split(should_path)
-      newfile = file.sub(/^([-a-z.0-9]+)\./) { $1.upcase + "."}
-      upper_path = File.join(dir, newfile)
-p upper_path
-      File.open(upper_path, "w") { |f| f.print key.to_s }
-
-      user = CertUser.new
-
-      assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk")
-      assert(! FileTest.exist?(upper_path), "Upper case file was not removed")
-      assert(FileTest.exist?(should_path), "File was not renamed to lower-case file")
-      assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk")
-    end
-  end
-end

data/test/network/client/ca.rb

@@ -1,69 +0,0 @@
-#!/usr/bin/env ruby
-
-require File.expand_path(File.dirname(__FILE__) + '/../../lib/puppettest')
-
-require 'mocha'
-require 'puppettest'
-require 'puppet/network/client/ca'
-require 'puppet/sslcertificates/support'
-
-class TestClientCA < Test::Unit::TestCase
-  include PuppetTest::ServerTest
-
-  def setup
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-    super
-    @ca = Puppet::Network::Handler.ca.new
-    @client = Puppet::Network::Client.ca.new :CA => @ca
-  end
-
-  def test_request_cert
-    assert_nothing_raised("Could not request cert") do
-      @client.request_cert
-    end
-
-    [:hostprivkey, :hostcert, :localcacert].each do |name|
-      assert(FileTest.exists?(Puppet.settings[name]), "Did not create cert #{name}")
-    end
-  end
-
-  # Make sure the ca defaults to specific ports and names
-  def test_ca_server
-    Puppet.settings.stubs(:value).returns "eh"
-    Puppet.settings.expects(:value).with(:ca_server).returns("myca")
-    Puppet.settings.expects(:value).with(:ca_port).returns(321)
-    Puppet.settings.stubs(:value).with(:http_proxy_host).returns(nil)
-    Puppet.settings.stubs(:value).with(:http_proxy_port).returns(nil)
-    Puppet.settings.stubs(:value).with(:http_keepalive).returns(false)
-    Puppet.settings.stubs(:value).with(:configtimeout).returns(180)
-
-    # Just throw an error; the important thing is the values, not what happens next.
-    Net::HTTP.stubs(:new).with("myca", 321, nil, nil).raises(ArgumentError)
-    assert_raise(ArgumentError) { Puppet::Network::Client.ca.new }
-  end
-
-  # #578
-  def test_invalid_certs_are_not_written
-    # Run the get once, which should be valid
-
-    assert_nothing_raised("Could not get a certificate") do
-      @client.request_cert
-    end
-
-    # Now remove the cert and keys, so we get a broken cert
-    File.unlink(Puppet[:hostcert])
-    File.unlink(Puppet[:localcacert])
-    File.unlink(Puppet[:hostprivkey])
-
-    @client = Puppet::Network::Client.ca.new :CA => @ca
-    @ca.expects(:getcert).returns("yay") # not a valid cert
-    # Now make sure it fails, since we'll get the old cert but have new keys
-    assert_raise(Puppet::Network::Client::CA::InvalidCertificate, "Did not fail on invalid cert") do
-      @client.request_cert
-    end
-
-    # And then make sure the cert isn't written to disk
-    assert(! FileTest.exists?(Puppet[:hostcert]), "Invalid cert got written to disk")
-  end
-end
-

data/test/network/client/dipper.rb

@@ -1,34 +0,0 @@
-#!/usr/bin/env ruby
-
-require File.expand_path(File.dirname(__FILE__) + '/../../lib/puppettest')
-
-require 'puppettest'
-require 'puppet/file_bucket/dipper'
-
-class TestDipperClient < Test::Unit::TestCase
-  include PuppetTest::ServerTest
-
-  def setup
-    super
-    @dipper = Puppet::FileBucket::Dipper.new(:Path => tempfile)
-  end
-
-  # Make sure we can create a new file with 'restore'.
-  def test_restore_to_new_file
-    file = tempfile
-    text = "asdf;lkajseofiqwekj"
-    File.open(file, "w") { |f| f.puts text }
-    md5 = nil
-    assert_nothing_raised("Could not send file") do
-      md5 = @dipper.backup(file)
-    end
-
-    newfile = tempfile
-    assert_nothing_raised("could not restore to new path") do
-      @dipper.restore(newfile, md5)
-    end
-
-    assert_equal(File.read(file), File.read(newfile), "did not restore correctly")
-  end
-end
-

data/test/network/handler/ca.rb

@@ -1,273 +0,0 @@
-#!/usr/bin/env ruby
-
-require File.expand_path(File.dirname(__FILE__) + '/../../lib/puppettest')
-
-require 'puppettest'
-require 'puppet/network/handler/ca'
-require 'mocha'
-
-$short = (ARGV.length > 0 and ARGV[0] == "short")
-
-class TestCA < Test::Unit::TestCase
-  include PuppetTest::ServerTest
-
-  def setup
-    Puppet::Util::SUIDManager.stubs(:asuser).yields
-    super
-  end
-
-  # Verify that we're autosigning.  We have to autosign a "different" machine,
-  # since we always autosign the CA server's certificate.
-  def test_autocertgeneration
-    ca = nil
-
-    # create our ca
-    assert_nothing_raised {
-      ca = Puppet::Network::Handler.ca.new(:autosign => true)
-    }
-
-    # create a cert with a fake name
-    key = nil
-    csr = nil
-    cert = nil
-    hostname = "test.domain.com"
-    assert_nothing_raised {
-      cert = Puppet::SSLCertificates::Certificate.new(
-        :name => "test.domain.com"
-      )
-    }
-
-    # make the request
-    assert_nothing_raised {
-      cert.mkcsr
-    }
-
-    # and get it signed
-    certtext = nil
-    cacerttext = nil
-    assert_nothing_raised {
-      certtext, cacerttext = ca.getcert(cert.csr.to_s)
-    }
-
-    # they should both be strings
-    assert_instance_of(String, certtext)
-    assert_instance_of(String, cacerttext)
-
-    # and they should both be valid certs
-    assert_nothing_raised {
-      OpenSSL::X509::Certificate.new(certtext)
-    }
-    assert_nothing_raised {
-      OpenSSL::X509::Certificate.new(cacerttext)
-    }
-
-    # and pull it again, just to make sure we're getting the same thing
-    newtext = nil
-    assert_nothing_raised {
-      newtext, cacerttext = ca.getcert(
-        cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
-      )
-    }
-
-    assert_equal(certtext,newtext)
-  end
-
-  # this time don't use autosign
-  def test_storeAndSign
-    ca = nil
-    caserv = nil
-
-    # make our CA server
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new(:autosign => false)
-    }
-
-    # retrieve the actual ca object
-    assert_nothing_raised {
-      ca = caserv.ca
-    }
-
-    # make our test cert again
-    key = nil
-    csr = nil
-    cert = nil
-    hostname = "test.domain.com"
-    assert_nothing_raised {
-      cert = Puppet::SSLCertificates::Certificate.new(
-        :name => "anothertest.domain.com"
-      )
-    }
-    # and the CSR
-    assert_nothing_raised {
-      cert.mkcsr
-    }
-
-    # retrieve them
-    certtext = nil
-    assert_nothing_raised {
-      certtext, cacerttext = caserv.getcert(
-        cert.csr.to_s, "test.reductivelabs.com", "127.0.0.1"
-      )
-    }
-
-    # verify we got nothing back, since autosign is off
-    assert_equal("", certtext)
-
-    # now sign it manually, with the CA object
-    x509 = nil
-    assert_nothing_raised {
-      x509, cacert = ca.sign(cert.csr)
-    }
-
-    # and write it out
-    cert.cert = x509
-    assert_nothing_raised {
-      cert.write
-    }
-
-    assert(File.exists?(cert.certfile))
-
-    # now get them again, and verify that we actually get them
-    newtext = nil
-    assert_nothing_raised {
-      newtext, cacerttext  = caserv.getcert(cert.csr.to_s)
-    }
-
-    assert(newtext)
-    assert_nothing_raised {
-      OpenSSL::X509::Certificate.new(newtext)
-    }
-
-    # Now verify that we can clean a given host's certs
-    assert_nothing_raised {
-      ca.clean("anothertest.domain.com")
-    }
-
-    assert(!File.exists?(cert.certfile), "Cert still exists after clean")
-  end
-
-  # and now test the autosign file
-  def test_autosign
-    autosign = File.join(tmpdir, "autosigntesting")
-    @@tmpfiles << autosign
-    File.open(autosign, "w") { |f|
-      f.puts "hostmatch.domain.com"
-      f.puts "*.other.com"
-    }
-
-    caserv = nil
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new(:autosign => autosign)
-    }
-
-    # make sure we know what's going on
-    assert(caserv.autosign?("hostmatch.domain.com"))
-    assert(caserv.autosign?("fakehost.other.com"))
-    assert(!caserv.autosign?("kirby.reductivelabs.com"))
-    assert(!caserv.autosign?("culain.domain.com"))
-  end
-
-  # verify that things aren't autosigned by default
-  def test_nodefaultautosign
-    caserv = nil
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new
-    }
-
-    # make sure we know what's going on
-    assert(!caserv.autosign?("hostmatch.domain.com"))
-    assert(!caserv.autosign?("fakehost.other.com"))
-    assert(!caserv.autosign?("kirby.reductivelabs.com"))
-    assert(!caserv.autosign?("culain.domain.com"))
-  end
-
-  # We want the CA to autosign its own certificate, because otherwise
-  # the puppetmasterd CA does not autostart.
-  def test_caautosign
-    server = nil
-    Puppet.stubs(:master?).returns true
-    assert_nothing_raised {
-
-            server = Puppet::Network::HTTPServer::WEBrick.new(
-                
-        :Port => @@port,
-        
-        :Handlers => {
-          :CA => {}, # so that certs autogenerate
-          :Status => nil
-        }
-      )
-    }
-  end
-
-  # Make sure true/false causes the file to be ignored.
-  def test_autosign_true_beats_file
-    caserv = nil
-    assert_nothing_raised {
-      caserv = Puppet::Network::Handler.ca.new
-    }
-
-    host = "hostname.domain.com"
-
-    # Create an autosign file
-    file = tempfile
-    Puppet[:autosign] = file
-
-    File.open(file, "w") { |f|
-      f.puts host
-    }
-
-    # Start with "false"
-    Puppet[:autosign] = false
-
-    assert(! caserv.autosign?(host), "Host was incorrectly autosigned")
-
-    # Then set it to true
-    Puppet[:autosign] = true
-    assert(caserv.autosign?(host), "Host was not autosigned")
-    # And try a different host
-    assert(caserv.autosign?("other.yay.com"), "Host was not autosigned")
-
-    # And lastly the file
-    Puppet[:autosign] = file
-    assert(caserv.autosign?(host), "Host was not autosigned")
-
-    # And try a different host
-    assert(! caserv.autosign?("other.yay.com"), "Host was autosigned")
-  end
-
-  # Make sure that a CSR created with keys that don't match the existing
-  # cert throws an exception on the server.
-  def test_mismatched_public_keys_throws_exception
-    ca = Puppet::Network::Handler.ca.new
-
-    # First initialize the server
-    client = Puppet::Network::Client.ca.new :CA => ca
-    client.request_cert
-    File.unlink(Puppet[:hostcsr])
-
-    # Now use a different cert name
-    Puppet[:certname] = "my.host.com"
-    client = Puppet::Network::Client.ca.new :CA => ca
-    firstcsr = client.csr
-    File.unlink(Puppet[:hostcsr]) if FileTest.exists?(Puppet[:hostcsr])
-
-    assert_nothing_raised("Could not get cert") do
-      ca.getcert(firstcsr.to_s)
-    end
-
-    # Now get rid of the public key, forcing a new csr
-    File.unlink(Puppet[:hostprivkey])
-
-    client = Puppet::Network::Client.ca.new :CA => ca
-
-    second_csr = client.csr
-
-    assert(firstcsr.to_s != second_csr.to_s, "CSR did not change")
-
-    assert_raise(Puppet::Error, "CA allowed mismatched keys") do
-      ca.getcert(second_csr.to_s)
-    end
-  end
-end
-