puppet 3.0.0.rc5 → 3.0.0.rc7

data/spec/unit/provider/zpool/zpool_spec.rb

@@ -160,10 +160,11 @@ describe Puppet::Type.type(:zpool).provider(:zpool) do
       end
 
       describe "when setting the #{field}" do
-        it "should warn the #{field} values were not in sync" do
-          Puppet.expects(:warning).with("NO CHANGES BEING MADE: zpool #{field} does not match, should be 'shouldvalue' currently is 'currentvalue'")
+        it "should fail if readonly #{field} values change" do
           provider.stubs(:current_pool).returns(Hash.new("currentvalue"))
-          provider.send((field.to_s + "=").intern, "shouldvalue")
+          expect {
+            provider.send((field.to_s + "=").intern, "shouldvalue")
+          }.to raise_error(Puppet::Error, /can\'t be changed/)
         end
       end
     end

data/spec/unit/puppet_spec.rb

@@ -2,10 +2,17 @@
 require 'spec_helper'
 require 'puppet'
 require 'puppet_spec/files'
+require 'semver'
 
 describe Puppet do
   include PuppetSpec::Files
 
+  context "#version" do
+    it "should be valid semver" do
+      SemVer.should be_valid Puppet.version
+    end
+  end
+
   Puppet::Util::Log.eachlevel do |level|
     it "should have a method for sending '#{level}' logs" do
       Puppet.should respond_to(level)

data/spec/unit/settings/duration_setting_spec.rb

@@ -0,0 +1,45 @@
+#!/usr/bin/env ruby
+require 'spec_helper'
+
+require 'puppet/settings'
+require 'puppet/settings/duration_setting'
+
+describe Puppet::Settings::DurationSetting do
+  subject { described_class.new(:settings => mock('settings'), :desc => "test") }
+
+  describe "when munging the setting" do
+    it "should return the same value if given an integer" do
+      subject.munge(5).should == 5
+    end
+
+    it "should return an integer if given a decimal string" do
+      subject.munge("12").should == 12
+    end
+
+    it "should fail if given anything but a well-formed string or integer" do
+      [ '', 'foo', '2 d', '2d ', true, Time.now, 8.3, [] ].each do |value|
+        expect { subject.munge(value) }.to raise_error(Puppet::Settings::ValidationError)
+      end
+    end
+
+    it "should parse strings with units of 'y', 'd', 'h', 'm', or 's'" do
+      # Note: the year value won't jive with most methods of calculating
+      # year due to the Julian calandar having 365.25 days in a year
+      {
+        '3y' => 94608000,
+        '3d' => 259200,
+        '3h' => 10800,
+        '3m' => 180,
+        '3s' => 3
+      }.each do |value, converted_value|
+        # subject.munge(value).should == converted_value
+        subject.munge(value).should == converted_value
+      end
+    end
+
+    # This is to support the `filetimeout` setting
+    it "should allow negative values" do
+      subject.munge(-1).should == -1
+    end
+  end
+end

data/spec/unit/settings/terminus_setting_spec.rb

@@ -0,0 +1,28 @@
+#! /usr/bin/env ruby -S rspec
+require 'spec_helper'
+
+describe Puppet::Settings::TerminusSetting do
+  let(:setting) { described_class.new(:settings => mock('settings'), :desc => "test") }
+
+  describe "#munge" do
+    it "converts strings to symbols" do
+      setting.munge("string").should == :string
+    end
+
+    it "converts '' to nil" do
+      setting.munge('').should be_nil
+    end
+
+    it "preserves symbols" do
+      setting.munge(:symbol).should == :symbol
+    end
+
+    it "preserves nil" do
+      setting.munge(nil).should be_nil
+    end
+
+    it "does not allow unknown types through" do
+      expect { setting.munge(["not a terminus type"]) }.to raise_error Puppet::Settings::ValidationError
+    end
+  end
+end

data/spec/unit/settings_spec.rb

@@ -72,35 +72,41 @@ describe Puppet::Settings do
 
 
   describe "when initializing application defaults do" do
+    let(:default_values) do
+      values = {}
+      PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS.keys.each do |key|
+        values[key] = 'default value'
+      end
+      values
+    end
+
     before do
       @settings = Puppet::Settings.new
+      @settings.define_settings(:main, PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS)
     end
 
     it "should fail if someone attempts to initialize app defaults more than once" do
-      @settings.expects(:app_defaults_initialized?).returns(true)
+      @settings.initialize_app_defaults(default_values)
+
       expect {
-        @settings.initialize_app_defaults({})
+        @settings.initialize_app_defaults(default_values)
       }.to raise_error(Puppet::DevError)
     end
 
     it "should fail if the app defaults hash is missing any required values" do
+      incomplete_default_values = default_values.reject { |key, _| key == :confdir }
       expect {
-        @settings.initialize_app_defaults({})
+        @settings.initialize_app_defaults(default_values.reject { |key, _| key == :confdir })
       }.to raise_error(Puppet::Settings::SettingsError)
     end
 
     # ultimately I'd like to stop treating "run_mode" as a normal setting, because it has so many special
     #  case behaviors / uses.  However, until that time... we need to make sure that our private run_mode=
     #  setter method gets properly called during app initialization.
-    it "should call the hacky run mode setter method until we do a better job of separating run_mode" do
-      app_defaults = {}
-      Puppet::Settings::REQUIRED_APP_SETTINGS.each do |key|
-        app_defaults[key] = "foo"
-      end
+    it "sets the preferred run mode when initializing the app defaults" do
+      @settings.initialize_app_defaults(default_values.merge(:run_mode => :master))
 
-      @settings.define_settings(:main, PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS)
-      @settings.expects(:run_mode=).with("foo")
-      @settings.initialize_app_defaults(app_defaults)
+      @settings.preferred_run_mode.should == :master
     end
   end
 
@@ -469,15 +475,6 @@ describe Puppet::Settings do
         @settings[:why_so_serious] = "foo"
       }.should raise_error(ArgumentError, /unknown configuration parameter/)
     end
-
-    it "should raise an error if we try to set a setting that is read-only (which, really, all of our settings probably should be)" do
-      @settings.define_settings(:section, :one => { :default => "test", :desc => "a" })
-      @settings.expects(:read_only_settings).returns([:one])
-
-      lambda{
-        @settings[:one] = "foo"
-      }.should raise_error(ArgumentError, /read-only/)
-    end
   end
 
   describe "when returning values" do
@@ -556,8 +553,9 @@ describe Puppet::Settings do
     end
 
     it "should have a run_mode that defaults to user" do
-      @settings.run_mode.should == :user
+      @settings.preferred_run_mode.should == :user
     end
+
     describe "setbycli" do
       it "should generate a deprecation warning" do
         @settings.handlearg("--one", "blah")
@@ -579,7 +577,7 @@ describe Puppet::Settings do
         :one => { :default => "ONE", :desc => "a" },
         :two => { :default => "TWO", :desc => "b" }
       FileTest.stubs(:exist?).returns true
-      @settings.stubs(:run_mode).returns :mymode
+      @settings.preferred_run_mode = :agent
     end
 
     it "should return default values if no values have been set" do
@@ -602,7 +600,7 @@ describe Puppet::Settings do
     end
 
     it "should return values set in the mode-specific section before values set in the main section" do
-      text = "[main]\none = mainval\n[mymode]\none = modeval\n"
+      text = "[main]\none = mainval\n[agent]\none = modeval\n"
       @settings.stubs(:read_file).returns(text)
       @settings.send(:parse_config_files)
 

data/spec/unit/ssl/base_spec.rb

@@ -3,40 +3,89 @@ require 'spec_helper'
 
 require 'puppet/ssl/certificate'
 
-class TestCertificate < Puppet::SSL::Base; end
+class TestCertificate < Puppet::SSL::Base
+    wraps(Puppet::SSL::Certificate)
+end
 
 describe Puppet::SSL::Certificate do
   before :each do
     @base = TestCertificate.new("name")
+    @class = TestCertificate
   end
 
-  describe "when fingerprinting content" do
-    before :each do
-      @cert = stub 'cert', :to_der => "DER"
-      @base.stubs(:content).returns(@cert)
-      OpenSSL::Digest.stubs(:constants).returns ["MD5", "SHA1", "SHA256", "SHA512", "DIGEST"]
-      @digest = stub_everything
-      OpenSSL::Digest.stubs(:const_get).returns @digest
+  describe "when creating new instances" do
+    it "should fail if given an object that is not an instance of the wrapped class" do
+      obj = stub 'obj', :is_a? => false
+      lambda { @class.from_instance(obj) }.should raise_error(ArgumentError)
+    end
+
+    it "should fail if a name is not supplied and can't be determined from the object" do
+      obj = stub 'obj', :is_a? => true
+      lambda { @class.from_instance(obj) }.should raise_error(ArgumentError)
     end
 
-    it "should digest the certificate DER value and return a ':' seperated nibblet string" do
-      @cert.expects(:to_der).returns("DER")
-      @digest.expects(:hexdigest).with("DER").returns "digest"
+    it "should determine the name from the object if it has a subject" do
+      obj = stub 'obj', :is_a? => true, :subject => '/CN=foo'
 
-      @base.fingerprint.should == "DI:GE:ST"
+      inst = stub 'base'
+      inst.expects(:content=).with(obj)
+
+      @class.expects(:new).with('foo').returns inst
+      @class.expects(:name_from_subject).with('/CN=foo').returns('foo')
+
+      @class.from_instance(obj).should == inst
     end
+  end
 
-    it "should raise an error if the digest algorithm is not defined" do
-      OpenSSL::Digest.expects(:constants).returns []
+  describe "when determining a name from a certificate subject" do
+    it "should convert it to a string" do
+      subject = stub 'sub'
+      subject.expects(:to_s).returns('foo')
 
-      lambda { @base.fingerprint }.should raise_error
+      @class.name_from_subject(subject).should == 'foo'
     end
 
-    it "should use the given digest algorithm" do
-      OpenSSL::Digest.stubs(:const_get).with("DIGEST").returns @digest
-      @digest.expects(:hexdigest).with("DER").returns "digest"
+    it "should strip the prefix" do
+      subject = '/CN=foo'
+      @class.name_from_subject(subject).should == 'foo'
+    end
+  end
+
+  describe "#digest_algorithm" do
+    let(:content) { stub 'content' }
+    let(:base) {
+      b = Puppet::SSL::Base.new('base')
+      b.content = content
+      b
+    }
+
+    # Some known signature algorithms taken from RFC 3279, 5758, and browsing
+    # objs_dat.h in openssl
+    {
+      'md5WithRSAEncryption' => 'md5',
+      'sha1WithRSAEncryption' => 'sha1',
+      'md4WithRSAEncryption' => 'md4',
+      'sha256WithRSAEncryption' => 'sha256',
+      'ripemd160WithRSA' => 'ripemd160',
+      'ecdsa-with-SHA1' => 'sha1',
+      'ecdsa-with-SHA224' => 'sha224',
+      'ecdsa-with-SHA256' => 'sha256',
+      'ecdsa-with-SHA384' => 'sha384',
+      'ecdsa-with-SHA512' => 'sha512',
+      'dsa_with_SHA224' => 'sha224',
+      'dsaWithSHA1' => 'sha1',
+    }.each do |signature, digest|
+      it "returns '#{digest}' for signature algorithm '#{signature}'" do
+        content.stubs(:signature_algorithm).returns(signature)
+        base.digest_algorithm.should == digest
+      end
+    end
 
-      @base.fingerprint(:digest).should == "DI:GE:ST"
+    it "raises an error on an unknown signature algorithm" do
+      content.stubs(:signature_algorithm).returns("nonsense")
+      expect {
+        base.digest_algorithm
+      }.to raise_error(Puppet::Error, "Unknown signature algorithm 'nonsense'")
     end
   end
 end

data/spec/unit/ssl/certificate_authority/interface_spec.rb

@@ -44,11 +44,6 @@ describe Puppet::SSL::CertificateAuthority::Interface do
       interface = @class.new(:generate, :to => :all, :digest => :digest)
       interface.digest.should == :digest
     end
-
-    it "should set the digest to SHA256 if none given" do
-      interface = @class.new(:generate, :to => :all)
-      interface.digest.should == :SHA256
-    end
   end
 
   describe "when setting the method" do
@@ -87,24 +82,6 @@ describe Puppet::SSL::CertificateAuthority::Interface do
       @ca = Object.new
     end
 
-    it "should raise InterfaceErrors" do
-      @applier = @class.new(:revoke, :to => :all)
-
-      @ca.expects(:list).raises Puppet::SSL::CertificateAuthority::Interface::InterfaceError
-
-      lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError)
-    end
-
-    it "should log non-Interface failures" do
-      @applier = @class.new(:revoke, :to => :all)
-
-      @ca.expects(:list).raises ArgumentError
-
-      Puppet.expects(:err)
-
-      lambda { @applier.apply(@ca) }.should raise_error
-    end
-
     describe "with an empty array specified and the method is not list" do
       it "should fail" do
         @applier = @class.new(:sign, :to => [])
@@ -205,9 +182,12 @@ describe Puppet::SSL::CertificateAuthority::Interface do
         Puppet::SSL::Certificate.indirection.stubs(:find).returns @cert
         Puppet::SSL::CertificateRequest.indirection.stubs(:find).returns @csr
 
+        @digest = mock("digest")
+        @digest.stubs(:to_s).returns("(fingerprint)")
         @ca.expects(:waiting?).returns %w{host1 host2 host3}
         @ca.expects(:list).returns %w{host4 host5 host6}
-        @ca.stubs(:fingerprint).returns "fingerprint"
+        @csr.stubs(:digest).returns @digest
+        @cert.stubs(:digest).returns @digest
         @ca.stubs(:verify)
       end
 
@@ -331,10 +311,19 @@ describe Puppet::SSL::CertificateAuthority::Interface do
     end
 
     describe ":fingerprint" do
+      before(:each) do
+        @cert = Puppet::SSL::Certificate.new 'foo'
+        @csr = Puppet::SSL::CertificateRequest.new 'bar'
+        Puppet::SSL::Certificate.indirection.stubs(:find)
+        Puppet::SSL::CertificateRequest.indirection.stubs(:find)
+        Puppet::SSL::Certificate.indirection.stubs(:find).with('host1').returns(@cert)
+        Puppet::SSL::CertificateRequest.indirection.stubs(:find).with('host2').returns(@csr)
+      end
+
       it "should fingerprint with the set digest algorithm" do
-        @applier = @class.new(:fingerprint, :to => %w{host1}, :digest => :digest)
+        @applier = @class.new(:fingerprint, :to => %w{host1}, :digest => :shaonemillion)
+        @cert.expects(:digest).with(:shaonemillion).returns("fingerprint1")
 
-        @ca.expects(:fingerprint).with("host1", :digest).returns "fingerprint1"
         @applier.expects(:puts).with "host1 fingerprint1"
 
         @applier.apply(@ca)
@@ -347,10 +336,10 @@ describe Puppet::SSL::CertificateAuthority::Interface do
 
           @applier = @class.new(:fingerprint, :to => :all)
 
-          @ca.expects(:fingerprint).with("host1", :SHA256).returns "fingerprint1"
+          @cert.expects(:digest).returns("fingerprint1")
           @applier.expects(:puts).with "host1 fingerprint1"
 
-          @ca.expects(:fingerprint).with("host2", :SHA256).returns "fingerprint2"
+          @csr.expects(:digest).returns("fingerprint2")
           @applier.expects(:puts).with "host2 fingerprint2"
 
           @applier.apply(@ca)
@@ -361,10 +350,10 @@ describe Puppet::SSL::CertificateAuthority::Interface do
         it "should print each named certificate if found" do
           @applier = @class.new(:fingerprint, :to => %w{host1 host2})
 
-          @ca.expects(:fingerprint).with("host1", :SHA256).returns "fingerprint1"
+          @cert.expects(:digest).returns("fingerprint1")
           @applier.expects(:puts).with "host1 fingerprint1"
 
-          @ca.expects(:fingerprint).with("host2", :SHA256).returns "fingerprint2"
+          @csr.expects(:digest).returns("fingerprint2")
           @applier.expects(:puts).with "host2 fingerprint2"
 
           @applier.apply(@ca)

data/spec/unit/ssl/certificate_authority_spec.rb

@@ -243,8 +243,9 @@ describe Puppet::SSL::CertificateAuthority do
       # Stub out the factory
       Puppet::SSL::CertificateFactory.stubs(:build).returns "my real cert"
 
-      @request_content = stub "request content stub", :subject => OpenSSL::X509::Name.new([['CN', @name]])
+      @request_content = stub "request content stub", :subject => OpenSSL::X509::Name.new([['CN', @name]]), :public_key => stub('public_key')
       @request = stub 'request', :name => @name, :request_extensions => [], :subject_alt_names => [], :content => @request_content
+      @request_content.stubs(:verify).returns(true)
 
       # And the inventory
       @inventory = stub 'inventory', :add => nil
@@ -331,7 +332,7 @@ describe Puppet::SSL::CertificateAuthority do
 
         expect do
           @ca.sign(@name, false, @request)
-        end.should_not raise_error(Puppet::SSL::CertificateAuthority::CertificateSigningError)
+        end.not_to raise_error(Puppet::SSL::CertificateAuthority::CertificateSigningError)
       end
 
       it "should save the resulting certificate" do

data/spec/unit/ssl/certificate_factory_spec.rb

@@ -55,16 +55,25 @@ describe Puppet::SSL::CertificateFactory do
       cert.not_before.should be_within(30).of(Time.now - 24*60*60)
     end
 
-    it "should set the default TTL of the certificate" do
-      ttl  = Puppet::SSL::CertificateFactory.ttl
+    it "should set the default TTL of the certificate to the `ca_ttl` setting" do
+      Puppet[:ca_ttl] = 12
+      now = Time.now.utc
+      Time.expects(:now).at_least_once.returns(now)
       cert = subject.build(:server, csr, issuer, serial)
-      cert.not_after.should be_within(30).of(Time.now + ttl)
+      cert.not_after.to_i.should == now.to_i + 12
+    end
+
+    it "should not allow a non-integer TTL" do
+      [ 'foo', 1.2, Time.now, true ].each do |ttl|
+        expect { subject.build(:server, csr, issuer, serial, ttl) }.to raise_error(ArgumentError)
+      end
     end
 
     it "should respect a custom TTL for the CA" do
-      Puppet[:ca_ttl] = 12
-      cert = subject.build(:server, csr, issuer, serial)
-      cert.not_after.should be_within(30).of(Time.now + 12)
+      now = Time.now.utc
+      Time.expects(:now).at_least_once.returns(now)
+      cert = subject.build(:server, csr, issuer, serial, 12)
+      cert.not_after.to_i.should == now.to_i + 12
     end
 
     it "should build extensions for the certificate" do