puppet 3.3.2 → 3.4.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CONTRIBUTING.md +22 -0
- data/Gemfile +11 -2
- data/README.md +13 -17
- data/README_DEVELOPER.md +1 -1
- data/Rakefile +1 -1
- data/examples/hiera/README.md +4 -4
- data/ext/debian/puppetmaster.init +1 -0
- data/ext/debian/rules +2 -5
- data/ext/nagios/check_puppet.rb +7 -7
- data/ext/osx/file_mapping.yaml +1 -1
- data/ext/osx/preflight.erb +34 -19
- data/ext/rack/{files/config.ru → config.ru} +0 -0
- data/ext/rack/{files/apache2.conf → example-passenger-vhost.conf} +6 -0
- data/ext/redhat/puppet.spec.erb +20 -2
- data/ext/systemd/{puppetagent.service → puppet.service} +0 -0
- data/lib/hiera_puppet.rb +2 -2
- data/lib/puppet/agent.rb +1 -6
- data/lib/puppet/application.rb +15 -2
- data/lib/puppet/application/agent.rb +2 -7
- data/lib/puppet/application/apply.rb +8 -13
- data/lib/puppet/application/cert.rb +47 -7
- data/lib/puppet/application/device.rb +1 -6
- data/lib/puppet/application/face_base.rb +1 -1
- data/lib/puppet/application/filebucket.rb +1 -1
- data/lib/puppet/application/inspect.rb +3 -12
- data/lib/puppet/application/master.rb +1 -6
- data/lib/puppet/application/queue.rb +1 -6
- data/lib/puppet/application/resource.rb +2 -6
- data/lib/puppet/coercion.rb +11 -0
- data/lib/puppet/configurer.rb +5 -3
- data/lib/puppet/configurer/downloader.rb +3 -1
- data/lib/puppet/configurer/plugin_handler.rb +10 -0
- data/lib/puppet/confine.rb +80 -0
- data/lib/puppet/{provider/confine → confine}/exists.rb +3 -3
- data/lib/puppet/{provider/confine → confine}/false.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/feature.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/true.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/variable.rb +2 -2
- data/lib/puppet/{provider/confine_collection.rb → confine_collection.rb} +4 -4
- data/lib/puppet/{provider/confiner.rb → confiner.rb} +4 -4
- data/lib/puppet/daemon.rb +2 -6
- data/lib/puppet/data_binding.rb +2 -30
- data/lib/puppet/defaults.rb +283 -174
- data/lib/puppet/error.rb +1 -0
- data/lib/puppet/external/nagios.rb +0 -2
- data/lib/puppet/external/nagios/base.rb +4 -3
- data/lib/puppet/external/nagios/grammar.ry +173 -112
- data/lib/puppet/external/nagios/parser.rb +233 -184
- data/lib/puppet/face/file/store.rb +1 -1
- data/lib/puppet/face/module/generate.rb +5 -7
- data/lib/puppet/face/parser.rb +12 -2
- data/lib/puppet/face/plugin.rb +6 -0
- data/lib/puppet/feature/base.rb +16 -0
- data/lib/puppet/feature/external_facts.rb +5 -0
- data/lib/puppet/feature/libuser.rb +1 -1
- data/lib/puppet/feature/msgpack.rb +1 -0
- data/lib/puppet/feature/rails.rb +2 -2
- data/lib/puppet/file_bucket/dipper.rb +8 -6
- data/lib/puppet/file_bucket/file.rb +17 -1
- data/lib/puppet/file_serving/base.rb +21 -10
- data/lib/puppet/file_serving/configuration.rb +5 -7
- data/lib/puppet/file_serving/configuration/parser.rb +1 -1
- data/lib/puppet/file_serving/content.rb +1 -1
- data/lib/puppet/file_serving/fileset.rb +3 -3
- data/lib/puppet/file_serving/metadata.rb +22 -18
- data/lib/puppet/file_serving/mount/file.rb +1 -1
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_system.rb +3 -0
- data/lib/puppet/file_system/file.rb +261 -0
- data/lib/puppet/file_system/file18.rb +5 -0
- data/lib/puppet/file_system/file19.rb +5 -0
- data/lib/puppet/file_system/file19windows.rb +113 -0
- data/lib/puppet/file_system/memory_file.rb +31 -0
- data/lib/puppet/file_system/tempfile.rb +20 -0
- data/lib/puppet/indirector/active_record.rb +1 -0
- data/lib/puppet/indirector/catalog/compiler.rb +28 -0
- data/lib/puppet/indirector/certificate_request/memory.rb +6 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +46 -2
- data/lib/puppet/indirector/direct_file_server.rb +2 -2
- data/lib/puppet/indirector/facts/facter.rb +25 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +60 -74
- data/lib/puppet/indirector/indirection.rb +5 -1
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/key/ca.rb +4 -0
- data/lib/puppet/indirector/key/file.rb +7 -3
- data/lib/puppet/indirector/key/memory.rb +6 -0
- data/lib/puppet/indirector/node/write_only_yaml.rb +2 -2
- data/lib/puppet/indirector/request.rb +17 -11
- data/lib/puppet/indirector/resource/ral.rb +5 -0
- data/lib/puppet/indirector/resource/rest.rb +1 -0
- data/lib/puppet/indirector/resource/store_configs.rb +4 -0
- data/lib/puppet/indirector/rest.rb +2 -1
- data/lib/puppet/indirector/ssl_file.rb +7 -7
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/indirector/yaml.rb +3 -3
- data/lib/puppet/interface/documentation.rb +4 -11
- data/lib/puppet/module.rb +19 -6
- data/lib/puppet/module_tool/applications/builder.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +1 -1
- data/lib/puppet/module_tool/checksums.rb +1 -1
- data/lib/puppet/module_tool/dependency.rb +7 -3
- data/lib/puppet/module_tool/metadata.rb +6 -2
- data/lib/puppet/module_tool/tar.rb +2 -1
- data/lib/puppet/module_tool/tar/gnu.rb +6 -2
- data/lib/puppet/module_tool/tar/mini.rb +2 -0
- data/lib/puppet/module_tool/tar/solaris.rb +2 -5
- data/lib/puppet/network/authconfig.rb +0 -2
- data/lib/puppet/network/authentication.rb +1 -1
- data/lib/puppet/network/authstore.rb +6 -7
- data/lib/puppet/network/format.rb +2 -3
- data/lib/puppet/network/format_handler.rb +16 -11
- data/lib/puppet/network/format_support.rb +14 -0
- data/lib/puppet/network/formats.rb +26 -0
- data/lib/puppet/network/http/connection.rb +8 -41
- data/lib/puppet/network/http/handler.rb +28 -32
- data/lib/puppet/network/http/webrick.rb +15 -22
- data/lib/puppet/network/http_pool.rb +43 -9
- data/lib/puppet/network/rights.rb +0 -0
- data/lib/puppet/node.rb +24 -8
- data/lib/puppet/node/environment.rb +18 -20
- data/lib/puppet/node/facts.rb +23 -6
- data/lib/puppet/parameter.rb +15 -2
- data/lib/puppet/parameter/boolean.rb +5 -0
- data/lib/puppet/parameter/value_collection.rb +6 -4
- data/lib/puppet/parser/ast/resourceparam.rb +2 -1
- data/lib/puppet/parser/compiler.rb +25 -9
- data/lib/puppet/parser/files.rb +1 -1
- data/lib/puppet/parser/functions.rb +12 -21
- data/lib/puppet/parser/functions/collect.rb +6 -35
- data/lib/puppet/parser/functions/contain.rb +26 -0
- data/lib/puppet/parser/functions/create_resources.rb +5 -0
- data/lib/puppet/parser/functions/extlookup.rb +2 -2
- data/lib/puppet/parser/functions/file.rb +1 -1
- data/lib/puppet/parser/functions/{reject.rb → filter.rb} +13 -12
- data/lib/puppet/parser/functions/fqdn_rand.rb +13 -5
- data/lib/puppet/parser/functions/include.rb +18 -1
- data/lib/puppet/parser/functions/map.rb +44 -0
- data/lib/puppet/parser/functions/select.rb +6 -38
- data/lib/puppet/parser/lexer.rb +1 -1
- data/lib/puppet/parser/parser_support.rb +1 -1
- data/lib/puppet/parser/resource.rb +6 -45
- data/lib/puppet/parser/scope.rb +33 -2
- data/lib/puppet/parser/type_loader.rb +4 -60
- data/lib/puppet/pops/binder/bindings_loader.rb +1 -1
- data/lib/puppet/pops/binder/config/binder_config.rb +3 -3
- data/lib/puppet/pops/binder/hiera2/bindings_provider.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/confdir_hiera_scheme.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/module_hiera_scheme.rb +2 -2
- data/lib/puppet/pops/issues.rb +4 -0
- data/lib/puppet/pops/model/ast_transformer.rb +4 -1
- data/lib/puppet/pops/model/model_label_provider.rb +1 -1
- data/lib/puppet/pops/parser/egrammar.ra +5 -24
- data/lib/puppet/pops/parser/eparser.rb +859 -902
- data/lib/puppet/pops/parser/lexer.rb +48 -30
- data/lib/puppet/pops/parser/parser_support.rb +1 -1
- data/lib/puppet/pops/patterns.rb +4 -4
- data/lib/puppet/pops/utils.rb +1 -1
- data/lib/puppet/pops/validation/checker3_1.rb +25 -20
- data/lib/puppet/provider.rb +23 -6
- data/lib/puppet/provider/aixobject.rb +0 -0
- data/lib/puppet/provider/augeas/augeas.rb +21 -5
- data/lib/puppet/provider/confine.rb +5 -79
- data/lib/puppet/provider/cron/crontab.rb +0 -0
- data/lib/puppet/provider/exec.rb +9 -7
- data/lib/puppet/provider/exec/posix.rb +10 -1
- data/lib/puppet/provider/exec/windows.rb +1 -1
- data/lib/puppet/provider/file/posix.rb +1 -0
- data/lib/puppet/provider/file/windows.rb +16 -5
- data/lib/puppet/provider/group/aix.rb +0 -0
- data/lib/puppet/provider/group/windows_adsi.rb +33 -1
- data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
- data/lib/puppet/provider/mailalias/aliases.rb +0 -0
- data/lib/puppet/provider/maillist/mailman.rb +0 -0
- data/lib/puppet/provider/mount/parsed.rb +0 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
- data/lib/puppet/provider/package/appdmg.rb +1 -1
- data/lib/puppet/provider/package/apple.rb +1 -1
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/aptitude.rb +0 -0
- data/lib/puppet/provider/package/blastwave.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -1
- data/lib/puppet/provider/package/fink.rb +1 -1
- data/lib/puppet/provider/package/freebsd.rb +0 -0
- data/lib/puppet/provider/package/gem.rb +0 -0
- data/lib/puppet/provider/package/macports.rb +0 -0
- data/lib/puppet/provider/package/msi.rb +4 -10
- data/lib/puppet/provider/package/nim.rb +8 -8
- data/lib/puppet/provider/package/openbsd.rb +1 -1
- data/lib/puppet/provider/package/opkg.rb +0 -0
- data/lib/puppet/provider/package/pacman.rb +2 -2
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgutil.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +0 -0
- data/lib/puppet/provider/package/rpm.rb +39 -3
- data/lib/puppet/provider/package/sun.rb +3 -3
- data/lib/puppet/provider/package/sunfreeware.rb +0 -0
- data/lib/puppet/provider/package/windows.rb +12 -19
- data/lib/puppet/provider/package/windows/package.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/parsedfile.rb +0 -0
- data/lib/puppet/provider/port/parsed.rb +0 -0
- data/lib/puppet/provider/service/base.rb +0 -0
- data/lib/puppet/provider/service/bsd.rb +3 -3
- data/lib/puppet/provider/service/daemontools.rb +8 -8
- data/lib/puppet/provider/service/debian.rb +0 -0
- data/lib/puppet/provider/service/freebsd.rb +3 -3
- data/lib/puppet/provider/service/init.rb +5 -4
- data/lib/puppet/provider/service/launchd.rb +35 -24
- data/lib/puppet/provider/service/openbsd.rb +23 -0
- data/lib/puppet/provider/service/redhat.rb +0 -0
- data/lib/puppet/provider/service/runit.rb +3 -3
- data/lib/puppet/provider/service/smf.rb +0 -0
- data/lib/puppet/provider/service/src.rb +0 -0
- data/lib/puppet/provider/service/systemd.rb +0 -0
- data/lib/puppet/provider/service/upstart.rb +3 -3
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
- data/lib/puppet/provider/sshkey/parsed.rb +0 -0
- data/lib/puppet/provider/user/aix.rb +0 -0
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +1 -1
- data/lib/puppet/rails/benchmark.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -2
- data/lib/puppet/reference/indirection.rb +12 -14
- data/lib/puppet/relationship.rb +7 -4
- data/lib/puppet/reports.rb +2 -2
- data/lib/puppet/reports/rrdgraph.rb +1 -1
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +2 -2
- data/lib/puppet/resource.rb +66 -8
- data/lib/puppet/resource/catalog.rb +18 -25
- data/lib/puppet/resource/status.rb +10 -4
- data/lib/puppet/run.rb +6 -2
- data/lib/puppet/settings.rb +39 -119
- data/lib/puppet/settings/base_setting.rb +8 -9
- data/lib/puppet/settings/directory_setting.rb +8 -0
- data/lib/puppet/settings/file_setting.rb +35 -1
- data/lib/puppet/settings/priority_setting.rb +42 -0
- data/lib/puppet/ssl.rb +4 -0
- data/lib/puppet/ssl/certificate.rb +18 -0
- data/lib/puppet/ssl/certificate_authority.rb +101 -72
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +44 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +21 -17
- data/lib/puppet/ssl/certificate_factory.rb +38 -12
- data/lib/puppet/ssl/certificate_request.rb +201 -47
- data/lib/puppet/ssl/certificate_request_attributes.rb +34 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +2 -2
- data/lib/puppet/ssl/host.rb +21 -10
- data/lib/puppet/ssl/inventory.rb +6 -10
- data/lib/puppet/ssl/key.rb +1 -1
- data/lib/puppet/ssl/oids.rb +78 -0
- data/lib/puppet/ssl/validator.rb +41 -97
- data/lib/puppet/ssl/validator/default_validator.rb +153 -0
- data/lib/puppet/ssl/validator/no_validator.rb +17 -0
- data/lib/puppet/status.rb +4 -0
- data/lib/puppet/test/test_helper.rb +5 -0
- data/lib/puppet/transaction.rb +13 -0
- data/lib/puppet/transaction/event.rb +8 -3
- data/lib/puppet/transaction/report.rb +6 -2
- data/lib/puppet/transaction/resource_harness.rb +173 -115
- data/lib/puppet/type.rb +30 -13
- data/lib/puppet/type/augeas.rb +12 -46
- data/lib/puppet/type/component.rb +1 -7
- data/lib/puppet/type/cron.rb +0 -0
- data/lib/puppet/type/exec.rb +13 -1
- data/lib/puppet/type/file.rb +19 -10
- data/lib/puppet/type/file/checksum.rb +0 -0
- data/lib/puppet/type/file/content.rb +3 -0
- data/lib/puppet/type/file/ensure.rb +33 -15
- data/lib/puppet/type/file/group.rb +0 -0
- data/lib/puppet/type/file/mode.rb +6 -2
- data/lib/puppet/type/file/owner.rb +0 -0
- data/lib/puppet/type/file/source.rb +65 -14
- data/lib/puppet/type/file/target.rb +6 -6
- data/lib/puppet/type/file/type.rb +0 -0
- data/lib/puppet/type/filebucket.rb +0 -0
- data/lib/puppet/type/group.rb +18 -0
- data/lib/puppet/type/host.rb +0 -0
- data/lib/puppet/type/k5login.rb +4 -4
- data/lib/puppet/type/mailalias.rb +0 -0
- data/lib/puppet/type/maillist.rb +0 -0
- data/lib/puppet/type/mount.rb +15 -1
- data/lib/puppet/type/package.rb +7 -1
- data/lib/puppet/type/port.rb +0 -0
- data/lib/puppet/type/schedule.rb +9 -4
- data/lib/puppet/type/service.rb +1 -1
- data/lib/puppet/type/sshkey.rb +0 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type/yumrepo.rb +8 -6
- data/lib/puppet/type/zpool.rb +0 -0
- data/lib/puppet/util.rb +4 -31
- data/lib/puppet/util/adsi.rb +73 -17
- data/lib/puppet/util/autoload.rb +3 -3
- data/lib/puppet/util/backups.rb +4 -4
- data/lib/puppet/util/cacher.rb +7 -13
- data/lib/puppet/util/checksums.rb +2 -2
- data/lib/puppet/util/classgen.rb +3 -1
- data/lib/puppet/util/colors.rb +1 -0
- data/lib/puppet/util/command_line.rb +5 -0
- data/lib/puppet/util/docs.rb +33 -27
- data/lib/puppet/util/execution.rb +42 -18
- data/lib/puppet/util/filetype.rb +3 -3
- data/lib/puppet/util/instance_loader.rb +2 -2
- data/lib/puppet/util/instrumentation.rb +23 -42
- data/lib/puppet/util/instrumentation/data.rb +11 -4
- data/lib/puppet/util/instrumentation/indirection_probe.rb +11 -4
- data/lib/puppet/util/instrumentation/instrumentable.rb +7 -14
- data/lib/puppet/util/instrumentation/listener.rb +15 -8
- data/lib/puppet/util/instrumentation/listeners/log.rb +4 -10
- data/lib/puppet/util/instrumentation/listeners/performance.rb +8 -14
- data/lib/puppet/util/limits.rb +12 -0
- data/lib/puppet/util/lockfile.rb +2 -2
- data/lib/puppet/util/log.rb +14 -6
- data/lib/puppet/util/log/destinations.rb +23 -1
- data/lib/puppet/util/metric.rb +9 -3
- data/lib/puppet/util/monkey_patches.rb +7 -2
- data/lib/puppet/util/network_device/config.rb +1 -1
- data/lib/puppet/util/plugins.rb +1 -1
- data/lib/puppet/util/posix.rb +0 -0
- data/lib/puppet/util/profiler.rb +7 -2
- data/lib/puppet/util/provider_features.rb +2 -2
- data/lib/puppet/util/rdoc.rb +28 -30
- data/lib/puppet/util/rdoc/code_objects.rb +75 -25
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +1 -1
- data/lib/puppet/util/rdoc/parser.rb +12 -487
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +477 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb +19 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/storage.rb +2 -2
- data/lib/puppet/util/suidmanager.rb +1 -1
- data/lib/puppet/util/tag_set.rb +29 -0
- data/lib/puppet/util/tagging.rb +8 -24
- data/lib/puppet/util/watched_file.rb +1 -1
- data/lib/puppet/util/watcher.rb +1 -1
- data/lib/puppet/util/windows.rb +3 -0
- data/lib/puppet/util/windows/access_control_entry.rb +84 -0
- data/lib/puppet/util/windows/access_control_list.rb +106 -0
- data/lib/puppet/util/windows/file.rb +213 -0
- data/lib/puppet/util/windows/process.rb +199 -0
- data/lib/puppet/util/windows/root_certs.rb +52 -37
- data/lib/puppet/util/windows/security.rb +270 -245
- data/lib/puppet/util/windows/security_descriptor.rb +62 -0
- data/lib/puppet/util/windows/sid.rb +26 -4
- data/lib/puppet/version.rb +2 -2
- data/spec/fixtures/releases/jamtur01-apache/lib/puppet/provider/a2mod/debian.rb +1 -1
- data/spec/fixtures/unit/indirector/{hiera → data_binding/hiera}/global.yaml +0 -0
- data/spec/fixtures/unit/indirector/data_binding/hiera/invalid.yaml +1 -0
- data/spec/fixtures/unit/module/trailing-comma.json +24 -0
- data/spec/fixtures/unit/util/monkey_patches/x509.pem +32 -0
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/doc_spec.rb +1 -1
- data/spec/integration/configurer_spec.rb +4 -2
- data/spec/integration/data_binding.rb +100 -0
- data/spec/integration/indirector/catalog/compiler_spec.rb +16 -13
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -5
- data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
- data/spec/integration/node/facts_spec.rb +1 -1
- data/spec/integration/node_spec.rb +1 -1
- data/spec/integration/parser/compiler_spec.rb +90 -0
- data/spec/integration/parser/parser_spec.rb +2 -2
- data/spec/integration/provider/cron/crontab_spec.rb +3 -5
- data/spec/integration/resource/catalog_spec.rb +1 -1
- data/spec/integration/ssl/autosign_spec.rb +90 -0
- data/spec/integration/ssl/certificate_authority_spec.rb +62 -69
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -1
- data/spec/integration/ssl/host_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +13 -13
- data/spec/integration/type/exec_spec.rb +2 -2
- data/spec/integration/type/file_spec.rb +287 -45
- data/spec/integration/type/tidy_spec.rb +3 -3
- data/spec/integration/util/rdoc/parser_spec.rb +236 -35
- data/spec/integration/util/settings_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +22 -0
- data/spec/integration/util/windows/security_spec.rb +316 -106
- data/spec/lib/matchers/containment_matchers.rb +52 -0
- data/spec/lib/puppet_spec/compiler.rb +6 -0
- data/spec/lib/puppet_spec/files.rb +20 -21
- data/spec/shared_behaviours/documentation_on_faces.rb +3 -3
- data/spec/shared_behaviours/file_server_terminus.rb +2 -2
- data/spec/shared_contexts/platform.rb +1 -0
- data/spec/spec_helper.rb +13 -1
- data/spec/unit/agent_spec.rb +0 -12
- data/spec/unit/application/agent_spec.rb +4 -4
- data/spec/unit/application/apply_spec.rb +18 -2
- data/spec/unit/application/cert_spec.rb +8 -6
- data/spec/unit/application/device_spec.rb +1 -1
- data/spec/unit/application/filebucket_spec.rb +1 -1
- data/spec/unit/application/inspect_spec.rb +1 -1
- data/spec/unit/application_spec.rb +24 -0
- data/spec/unit/configurer/downloader_spec.rb +8 -7
- data/spec/unit/configurer/fact_handler_spec.rb +23 -0
- data/spec/unit/configurer/plugin_handler_spec.rb +7 -2
- data/spec/unit/configurer_spec.rb +15 -5
- data/spec/unit/{provider/confine → confine}/exists_spec.rb +12 -12
- data/spec/unit/{provider/confine → confine}/false_spec.rb +9 -9
- data/spec/unit/{provider/confine → confine}/feature_spec.rb +10 -10
- data/spec/unit/{provider/confine → confine}/true_spec.rb +7 -7
- data/spec/unit/{provider/confine → confine}/variable_spec.rb +16 -16
- data/spec/unit/{provider/confine_collection_spec.rb → confine_collection_spec.rb} +30 -30
- data/spec/unit/{provider/confine_spec.rb → confine_spec.rb} +11 -11
- data/spec/unit/{provider/confiner_spec.rb → confiner_spec.rb} +4 -4
- data/spec/unit/face/parser_spec.rb +54 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/base_spec.rb +32 -9
- data/spec/unit/file_serving/configuration_spec.rb +7 -7
- data/spec/unit/file_serving/content_spec.rb +12 -7
- data/spec/unit/file_serving/fileset_spec.rb +57 -27
- data/spec/unit/file_serving/metadata_spec.rb +74 -12
- data/spec/unit/file_serving/mount/file_spec.rb +10 -10
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +73 -0
- data/spec/unit/file_system/file_spec.rb +486 -0
- data/spec/unit/file_system/tempfile_spec.rb +48 -0
- data/spec/unit/graph/relationship_graph_spec.rb +0 -6
- data/spec/unit/hiera_puppet_spec.rb +2 -2
- data/spec/unit/indirector/catalog/compiler_spec.rb +15 -19
- data/spec/unit/indirector/certificate_status/file_spec.rb +30 -40
- data/spec/unit/indirector/data_binding/hiera_spec.rb +95 -2
- data/spec/unit/indirector/direct_file_server_spec.rb +6 -6
- data/spec/unit/indirector/facts/facter_spec.rb +33 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +61 -52
- data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
- data/spec/unit/indirector/file_server_spec.rb +4 -4
- data/spec/unit/indirector/json_spec.rb +4 -4
- data/spec/unit/indirector/key/file_spec.rb +13 -14
- data/spec/unit/indirector/resource/ral_spec.rb +7 -0
- data/spec/unit/indirector/resource/store_configs_spec.rb +11 -0
- data/spec/unit/indirector/rest_spec.rb +7 -3
- data/spec/unit/indirector/ssl_file_spec.rb +14 -17
- data/spec/unit/indirector/yaml_spec.rb +4 -4
- data/spec/unit/module_spec.rb +43 -15
- data/spec/unit/module_tool/tar/gnu_spec.rb +2 -2
- data/spec/unit/module_tool/tar/solaris_spec.rb +2 -2
- data/spec/unit/module_tool/tar_spec.rb +45 -0
- data/spec/unit/network/authconfig_spec.rb +2 -1
- data/spec/unit/network/authentication_spec.rb +2 -2
- data/spec/unit/network/format_handler_spec.rb +2 -2
- data/spec/unit/network/formats_spec.rb +24 -0
- data/spec/unit/network/http/connection_spec.rb +76 -199
- data/spec/unit/network/http/handler_spec.rb +33 -34
- data/spec/unit/network/http_pool_spec.rb +8 -5
- data/spec/unit/node/environment_spec.rb +76 -90
- data/spec/unit/node/facts_spec.rb +20 -3
- data/spec/unit/node_spec.rb +43 -0
- data/spec/unit/parameter/boolean_spec.rb +22 -12
- data/spec/unit/parser/ast/resourceparam_spec.rb +51 -0
- data/spec/unit/parser/compiler_spec.rb +103 -35
- data/spec/unit/parser/eparser_adapter_spec.rb +12 -12
- data/spec/unit/parser/files_spec.rb +11 -11
- data/spec/unit/parser/functions/contain_spec.rb +185 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +13 -5
- data/spec/unit/parser/functions/generate_spec.rb +1 -1
- data/spec/unit/parser/functions_spec.rb +2 -2
- data/spec/unit/parser/lexer_spec.rb +1 -1
- data/spec/unit/parser/methods/each_spec.rb +1 -1
- data/spec/unit/parser/methods/{select_spec.rb → filter_spec.rb} +11 -11
- data/spec/unit/parser/methods/map_spec.rb +95 -0
- data/spec/unit/parser/methods/reduce_spec.rb +12 -11
- data/spec/unit/parser/methods/shared.rb +5 -5
- data/spec/unit/parser/methods/slice_spec.rb +13 -13
- data/spec/unit/parser/parser_spec.rb +1 -1
- data/spec/unit/parser/resource/param_spec.rb +44 -0
- data/spec/unit/parser/resource_spec.rb +16 -15
- data/spec/unit/pops/model/ast_transformer_spec.rb +18 -4
- data/spec/unit/pops/parser/lexer_spec.rb +22 -5
- data/spec/unit/pops/parser/parse_calls_spec.rb +5 -5
- data/spec/unit/pops/transformer/transform_calls_spec.rb +6 -6
- data/spec/unit/pops/transformer/transform_containers_spec.rb +2 -2
- data/spec/unit/pops/validator/validator_spec.rb +31 -0
- data/spec/unit/provider/augeas/augeas_spec.rb +57 -2
- data/spec/unit/provider/exec/posix_spec.rb +8 -3
- data/spec/unit/provider/file/posix_spec.rb +2 -2
- data/spec/unit/provider/group/windows_adsi_spec.rb +70 -3
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +3 -3
- data/spec/unit/provider/package/apt_spec.rb +1 -1
- data/spec/unit/provider/package/msi_spec.rb +15 -42
- data/spec/unit/provider/package/openbsd_spec.rb +3 -3
- data/spec/unit/provider/package/rpm_spec.rb +56 -13
- data/spec/unit/provider/package/windows_spec.rb +15 -19
- data/spec/unit/provider/service/base_spec.rb +1 -1
- data/spec/unit/provider/service/daemontools_spec.rb +18 -8
- data/spec/unit/provider/service/freebsd_spec.rb +3 -3
- data/spec/unit/provider/service/gentoo_spec.rb +5 -2
- data/spec/unit/provider/service/init_spec.rb +17 -17
- data/spec/unit/provider/service/launchd_spec.rb +76 -23
- data/spec/unit/provider/service/openbsd_spec.rb +125 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +12 -5
- data/spec/unit/provider/service/upstart_spec.rb +4 -4
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +4 -4
- data/spec/unit/provider/zone/solaris_spec.rb +1 -1
- data/spec/unit/provider_spec.rb +2 -2
- data/spec/unit/reports/http_spec.rb +19 -34
- data/spec/unit/reports/store_spec.rb +2 -2
- data/spec/unit/resource/catalog_spec.rb +81 -11
- data/spec/unit/resource/status_spec.rb +11 -1
- data/spec/unit/resource/type_spec.rb +30 -1
- data/spec/unit/resource_spec.rb +40 -4
- data/spec/unit/settings/file_setting_spec.rb +2 -2
- data/spec/unit/settings/path_setting_spec.rb +2 -2
- data/spec/unit/settings/priority_setting_spec.rb +66 -0
- data/spec/unit/settings_spec.rb +16 -31
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +30 -0
- data/spec/unit/ssl/certificate_authority_spec.rb +129 -134
- data/spec/unit/ssl/certificate_factory_spec.rb +18 -0
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +61 -0
- data/spec/unit/ssl/certificate_request_spec.rb +103 -0
- data/spec/unit/ssl/certificate_spec.rb +31 -18
- data/spec/unit/ssl/host_spec.rb +34 -8
- data/spec/unit/ssl/inventory_spec.rb +27 -62
- data/spec/unit/ssl/key_spec.rb +4 -4
- data/spec/unit/ssl/oids_spec.rb +48 -0
- data/spec/unit/ssl/validator_spec.rb +49 -6
- data/spec/unit/status_spec.rb +9 -0
- data/spec/unit/transaction/event_spec.rb +1 -9
- data/spec/unit/transaction/report_spec.rb +20 -1
- data/spec/unit/transaction/resource_harness_spec.rb +60 -210
- data/spec/unit/transaction_spec.rb +54 -8
- data/spec/unit/type/component_spec.rb +2 -2
- data/spec/unit/type/exec_spec.rb +14 -7
- data/spec/unit/type/file/content_spec.rb +13 -2
- data/spec/unit/type/file/ctime_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +48 -2
- data/spec/unit/type/file/mtime_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +177 -7
- data/spec/unit/type/file_spec.rb +63 -71
- data/spec/unit/type/group_spec.rb +20 -0
- data/spec/unit/type/k5login_spec.rb +3 -3
- data/spec/unit/type/mount_spec.rb +53 -0
- data/spec/unit/type/nagios_spec.rb +216 -0
- data/spec/unit/type/package_spec.rb +7 -1
- data/spec/unit/type/schedule_spec.rb +6 -0
- data/spec/unit/type/service_spec.rb +3 -3
- data/spec/unit/type/tidy_spec.rb +14 -14
- data/spec/unit/type/user_spec.rb +9 -0
- data/spec/unit/type_spec.rb +86 -4
- data/spec/unit/util/adsi_spec.rb +120 -12
- data/spec/unit/util/autoload_spec.rb +14 -14
- data/spec/unit/util/backups_spec.rb +29 -21
- data/spec/unit/util/checksums_spec.rb +2 -1
- data/spec/unit/util/command_line_spec.rb +41 -0
- data/spec/unit/util/docs_spec.rb +91 -0
- data/spec/unit/util/execution_spec.rb +26 -2
- data/spec/unit/util/filetype_spec.rb +7 -7
- data/spec/unit/util/lockfile_spec.rb +2 -2
- data/spec/unit/util/log/destinations_spec.rb +32 -0
- data/spec/unit/util/monkey_patches_spec.rb +41 -0
- data/spec/unit/util/pidlock_spec.rb +6 -6
- data/spec/unit/util/rdoc/parser_spec.rb +15 -13
- data/spec/unit/util/rdoc_spec.rb +18 -24
- data/spec/unit/util/resource_template_spec.rb +3 -3
- data/spec/unit/util/selinux_spec.rb +4 -2
- data/spec/unit/util/storage_spec.rb +4 -4
- data/spec/unit/util/suidmanager_spec.rb +7 -0
- data/spec/unit/util/tag_set_spec.rb +46 -0
- data/spec/unit/util/tagging_spec.rb +82 -45
- data/spec/unit/util/watcher_spec.rb +4 -1
- data/spec/unit/util/windows/access_control_entry_spec.rb +67 -0
- data/spec/unit/util/windows/access_control_list_spec.rb +133 -0
- data/spec/unit/util/windows/root_certs_spec.rb +10 -8
- data/spec/unit/util/windows/security_descriptor_spec.rb +117 -0
- data/spec/unit/util/windows/sid_spec.rb +69 -0
- data/spec/unit/util_spec.rb +7 -7
- data/tasks/ci.rake +17 -36
- metadata +2811 -2746
- checksums.yaml +0 -7
- data/examples/mac_automount.pp +0 -16
- data/examples/mcx_dock_absent.pp +0 -4
- data/examples/mcx_dock_default.pp +0 -118
- data/examples/mcx_dock_full.pp +0 -125
- data/examples/mcx_dock_invalid.pp +0 -9
- data/examples/mcx_nogroup.pp +0 -118
- data/examples/mcx_notexists_absent.pp +0 -4
- data/ext/rack/README +0 -58
- data/ext/rack/manifest.pp +0 -59
- data/lib/puppet/external/lock.rb +0 -63
- data/lib/puppet/indirector/hiera.rb +0 -39
- data/lib/puppet/parser/functions/foreach.rb +0 -95
- data/spec/integration/network/server/webrick_spec.rb +0 -76
- data/spec/integration/parser/functions_spec.rb +0 -16
- data/spec/unit/indirector/hiera_spec.rb +0 -154
- data/spec/unit/parser/methods/collect_spec.rb +0 -153
- data/spec/unit/parser/methods/foreach_spec.rb +0 -91
- data/spec/unit/parser/methods/reject_spec.rb +0 -73
- data/spec/unit/resource/resource_type.json +0 -34
@@ -213,11 +213,11 @@ describe "Puppet::Parser::Parser" do
|
|
213
213
|
end
|
214
214
|
|
215
215
|
it 'should flag illegal use of non r-value producing <| |>' do
|
216
|
-
expect { @parser.parse("$a =
|
216
|
+
expect { @parser.parse("$a = File <| |>") }.to raise_error(/A Virtual Query does not produce a value at line 1:6/)
|
217
217
|
end
|
218
218
|
|
219
219
|
it 'should flag illegal use of non r-value producing <<| |>>' do
|
220
|
-
expect { @parser.parse("$a =
|
220
|
+
expect { @parser.parse("$a = File <<| |>>") }.to raise_error(/An Exported Query does not produce a value at line 1:6/)
|
221
221
|
end
|
222
222
|
|
223
223
|
it 'should flag illegal use of non r-value producing define' do
|
@@ -10,12 +10,12 @@ describe Puppet::Type.type(:cron).provider(:crontab), '(integration)', :unless =
|
|
10
10
|
Puppet::Type.type(:cron).stubs(:defaultprovider).returns described_class
|
11
11
|
Puppet::FileBucket::Dipper.any_instance.stubs(:backup) # Don't backup to filebucket
|
12
12
|
|
13
|
-
# I
|
13
|
+
# I don't want to execute anything
|
14
14
|
described_class.stubs(:filetype).returns Puppet::Util::FileType::FileTypeFlat
|
15
15
|
described_class.stubs(:default_target).returns crontab_user1
|
16
16
|
|
17
|
-
# I
|
18
|
-
# where Time.now is used
|
17
|
+
# I don't want to stub Time.now to get a static header because I don't know
|
18
|
+
# where Time.now is used elsewhere, so just go with a very simple header
|
19
19
|
described_class.stubs(:header).returns "# HEADER: some simple\n# HEADER: header\n"
|
20
20
|
FileUtils.cp(my_fixture('crontab_user1'), crontab_user1)
|
21
21
|
FileUtils.cp(my_fixture('crontab_user2'), crontab_user2)
|
@@ -191,8 +191,6 @@ describe Puppet::Type.type(:cron).provider(:crontab), '(integration)', :unless =
|
|
191
191
|
File.read(crontab_user2).should == File.read(my_fixture('moved_cronjob_input2'))
|
192
192
|
end
|
193
193
|
end
|
194
|
-
|
195
|
-
it "should not add multiple headers"
|
196
194
|
end
|
197
195
|
|
198
196
|
end
|
@@ -21,7 +21,7 @@ describe Puppet::Resource::Catalog do
|
|
21
21
|
terminus = Puppet::Resource::Catalog.indirection.terminus(:yaml)
|
22
22
|
terminus.expects(:path).with("me").returns "/my/yaml/file"
|
23
23
|
|
24
|
-
|
24
|
+
Puppet::FileSystem::File.expects(:exist?).with("/my/yaml/file").returns false
|
25
25
|
Puppet::Resource::Catalog.indirection.find("me").should be_nil
|
26
26
|
end
|
27
27
|
|
@@ -0,0 +1,90 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "autosigning" do
|
4
|
+
include PuppetSpec::Files
|
5
|
+
|
6
|
+
let(:puppet_dir) { tmpdir("ca_autosigning") }
|
7
|
+
let(:csr_attributes_content) do
|
8
|
+
{
|
9
|
+
'custom_attributes' => {
|
10
|
+
'1.3.6.1.4.1.34380.2.0' => 'hostname.domain.com',
|
11
|
+
'1.3.6.1.4.1.34380.2.1' => 'my passphrase',
|
12
|
+
'1.3.6.1.4.1.34380.2.2' => # system IPs in hex
|
13
|
+
[ 0xC0A80001, # 192.168.0.1
|
14
|
+
0xC0A80101 ], # 192.168.1.1
|
15
|
+
},
|
16
|
+
'extension_requests' => {
|
17
|
+
'pp_uuid' => 'abcdef',
|
18
|
+
'1.3.6.1.4.1.34380.1.1.2' => '1234', # pp_instance_id
|
19
|
+
'1.3.6.1.4.1.34380.1.2.1' => 'some-value', # private extension
|
20
|
+
},
|
21
|
+
}
|
22
|
+
end
|
23
|
+
|
24
|
+
let(:host) { Puppet::SSL::Host.new }
|
25
|
+
|
26
|
+
before do
|
27
|
+
Puppet.settings[:confdir] = puppet_dir
|
28
|
+
Puppet.settings[:vardir] = puppet_dir
|
29
|
+
|
30
|
+
# This is necessary so the terminus instances don't lie around.
|
31
|
+
Puppet::SSL::Key.indirection.termini.clear
|
32
|
+
end
|
33
|
+
|
34
|
+
context "with extension requests from csr_attributes file" do
|
35
|
+
let(:ca) { Puppet::SSL::CertificateAuthority.new }
|
36
|
+
|
37
|
+
def write_csr_attributes
|
38
|
+
File.open(Puppet.settings[:csr_attributes], 'w') do |file|
|
39
|
+
file.puts YAML.dump(csr_attributes_content)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
context "and subjectAltName" do
|
44
|
+
it "raises an error if you include subjectAltName in csr_attributes" do
|
45
|
+
csr_attributes_content['extension_requests']['subjectAltName'] = 'foo'
|
46
|
+
write_csr_attributes
|
47
|
+
expect { host.generate_certificate_request }.to raise_error(Puppet::Error, /subjectAltName.*conflicts with internally used extension request/)
|
48
|
+
end
|
49
|
+
|
50
|
+
it "properly merges subjectAltName when in settings" do
|
51
|
+
Puppet.settings[:dns_alt_names] = 'althostname.nowhere'
|
52
|
+
write_csr_attributes
|
53
|
+
host.generate_certificate_request
|
54
|
+
csr = Puppet::SSL::CertificateRequest.indirection.find(host.name)
|
55
|
+
expect(csr.subject_alt_names).to include('DNS:althostname.nowhere')
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
context "without subjectAltName" do
|
60
|
+
|
61
|
+
before do
|
62
|
+
write_csr_attributes
|
63
|
+
host.generate_certificate_request
|
64
|
+
end
|
65
|
+
|
66
|
+
it "pulls extension attributes from the csr_attributes file into the certificate" do
|
67
|
+
csr = Puppet::SSL::CertificateRequest.indirection.find(host.name)
|
68
|
+
expect(csr.request_extensions).to have(3).items
|
69
|
+
expect(csr.request_extensions).to include('oid' => 'pp_uuid', 'value' => 'abcdef')
|
70
|
+
expect(csr.request_extensions).to include('oid' => 'pp_instance_id', 'value' => '1234')
|
71
|
+
expect(csr.request_extensions).to include('oid' => '1.3.6.1.4.1.34380.1.2.1', 'value' => 'some-value')
|
72
|
+
end
|
73
|
+
|
74
|
+
it "copies extension requests to certificate" do
|
75
|
+
cert = ca.sign(host.name)
|
76
|
+
expect(cert.custom_extensions).to include('oid' => 'pp_uuid', 'value' => 'abcdef')
|
77
|
+
expect(cert.custom_extensions).to include('oid' => 'pp_instance_id', 'value' => '1234')
|
78
|
+
expect(cert.custom_extensions).to include('oid' => '1.3.6.1.4.1.34380.1.2.1', 'value' => 'some-value')
|
79
|
+
end
|
80
|
+
|
81
|
+
it "does not copy custom attributes to certificate" do
|
82
|
+
cert = ca.sign(host.name)
|
83
|
+
cert.custom_extensions.each do |ext|
|
84
|
+
expect(Puppet::SSL::Oids.subtree_of?('1.3.6.1.4.1.34380.2', ext['oid'])).to be_false
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
end
|
90
|
+
end
|
@@ -6,8 +6,9 @@ require 'puppet/ssl/certificate_authority'
|
|
6
6
|
describe Puppet::SSL::CertificateAuthority, :unless => Puppet.features.microsoft_windows? do
|
7
7
|
include PuppetSpec::Files
|
8
8
|
|
9
|
+
let(:ca) { @ca }
|
10
|
+
|
9
11
|
before do
|
10
|
-
# Get a safe temporary file
|
11
12
|
dir = tmpdir("ca_integration_testing")
|
12
13
|
|
13
14
|
Puppet.settings[:confdir] = dir
|
@@ -15,103 +16,58 @@ describe Puppet::SSL::CertificateAuthority, :unless => Puppet.features.microsoft
|
|
15
16
|
Puppet.settings[:group] = Process.gid
|
16
17
|
|
17
18
|
Puppet::SSL::Host.ca_location = :local
|
18
|
-
@ca = Puppet::SSL::CertificateAuthority.new
|
19
|
-
end
|
20
|
-
|
21
|
-
after {
|
22
|
-
Puppet::SSL::Host.ca_location = :none
|
23
|
-
|
24
|
-
Puppet.settings.clear
|
25
|
-
|
26
|
-
Puppet::SSL::CertificateAuthority.instance_variable_set("@instance", nil)
|
27
|
-
}
|
28
19
|
|
29
|
-
|
30
|
-
@ca.
|
31
|
-
end
|
32
|
-
|
33
|
-
it "should be able to generate a certificate" do
|
34
|
-
@ca.generate_ca_certificate
|
35
|
-
|
36
|
-
@ca.host.certificate.should be_instance_of(Puppet::SSL::Certificate)
|
20
|
+
# this has the side-effect of creating the various directories that we need
|
21
|
+
@ca = Puppet::SSL::CertificateAuthority.new
|
37
22
|
end
|
38
23
|
|
39
24
|
it "should be able to generate a new host certificate" do
|
40
|
-
|
25
|
+
ca.generate("newhost")
|
41
26
|
|
42
27
|
Puppet::SSL::Certificate.indirection.find("newhost").should be_instance_of(Puppet::SSL::Certificate)
|
43
28
|
end
|
44
29
|
|
45
30
|
it "should be able to revoke a host certificate" do
|
46
|
-
|
31
|
+
ca.generate("newhost")
|
47
32
|
|
48
|
-
|
33
|
+
ca.revoke("newhost")
|
49
34
|
|
50
|
-
|
51
|
-
end
|
52
|
-
|
53
|
-
it "should have a CRL" do
|
54
|
-
@ca.generate_ca_certificate
|
55
|
-
@ca.crl.should_not be_nil
|
56
|
-
end
|
57
|
-
|
58
|
-
it "should be able to read in a previously created CRL" do
|
59
|
-
@ca.generate_ca_certificate
|
60
|
-
|
61
|
-
# Create it to start with.
|
62
|
-
@ca.crl
|
63
|
-
|
64
|
-
Puppet::SSL::CertificateAuthority.new.crl.should_not be_nil
|
35
|
+
expect { ca.verify("newhost") }.to raise_error(Puppet::SSL::CertificateAuthority::CertificateVerificationError, "certificate revoked")
|
65
36
|
end
|
66
37
|
|
67
38
|
describe "when signing certificates" do
|
68
|
-
before do
|
69
|
-
@host = Puppet::SSL::Host.new("luke.madstop.com")
|
70
|
-
|
71
|
-
# We have to provide the key, since when we're in :ca_only mode, we can only interact
|
72
|
-
# with the CA key.
|
73
|
-
key = Puppet::SSL::Key.new(@host.name)
|
74
|
-
key.generate
|
75
|
-
|
76
|
-
@host.key = key
|
77
|
-
@host.generate_certificate_request
|
78
|
-
|
79
|
-
path = File.join(Puppet[:requestdir], "luke.madstop.com.pem")
|
80
|
-
end
|
81
|
-
|
82
|
-
it "should be able to sign certificates" do
|
83
|
-
@ca.sign("luke.madstop.com")
|
84
|
-
end
|
85
|
-
|
86
39
|
it "should save the signed certificate" do
|
87
|
-
|
40
|
+
host = certificate_request_for("luke.madstop.com")
|
41
|
+
|
42
|
+
ca.sign("luke.madstop.com")
|
88
43
|
|
89
44
|
Puppet::SSL::Certificate.indirection.find("luke.madstop.com").should be_instance_of(Puppet::SSL::Certificate)
|
90
45
|
end
|
91
46
|
|
92
47
|
it "should be able to sign multiple certificates" do
|
93
|
-
|
94
|
-
|
95
|
-
okey.generate
|
96
|
-
@other.key = okey
|
97
|
-
@other.generate_certificate_request
|
48
|
+
host = certificate_request_for("luke.madstop.com")
|
49
|
+
other = certificate_request_for("other.madstop.com")
|
98
50
|
|
99
|
-
|
100
|
-
|
51
|
+
ca.sign("luke.madstop.com")
|
52
|
+
ca.sign("other.madstop.com")
|
101
53
|
|
102
54
|
Puppet::SSL::Certificate.indirection.find("other.madstop.com").should be_instance_of(Puppet::SSL::Certificate)
|
103
55
|
Puppet::SSL::Certificate.indirection.find("luke.madstop.com").should be_instance_of(Puppet::SSL::Certificate)
|
104
56
|
end
|
105
57
|
|
106
58
|
it "should save the signed certificate to the :signeddir" do
|
107
|
-
|
59
|
+
host = certificate_request_for("luke.madstop.com")
|
60
|
+
|
61
|
+
ca.sign("luke.madstop.com")
|
108
62
|
|
109
63
|
client_cert = File.join(Puppet[:signeddir], "luke.madstop.com.pem")
|
110
64
|
File.read(client_cert).should == Puppet::SSL::Certificate.indirection.find("luke.madstop.com").content.to_s
|
111
65
|
end
|
112
66
|
|
113
67
|
it "should save valid certificates" do
|
114
|
-
|
68
|
+
host = certificate_request_for("luke.madstop.com")
|
69
|
+
|
70
|
+
ca.sign("luke.madstop.com")
|
115
71
|
|
116
72
|
unless ssl = Puppet::Util::which('openssl')
|
117
73
|
pending "No ssl available"
|
@@ -124,21 +80,58 @@ describe Puppet::SSL::CertificateAuthority, :unless => Puppet.features.microsoft
|
|
124
80
|
end
|
125
81
|
|
126
82
|
it "should verify proof of possession when signing certificates" do
|
127
|
-
|
128
|
-
|
83
|
+
host = certificate_request_for("luke.madstop.com")
|
84
|
+
csr = host.certificate_request
|
85
|
+
wrong_key = Puppet::SSL::Key.new(host.name)
|
129
86
|
wrong_key.generate
|
130
87
|
|
131
88
|
csr.content.public_key = wrong_key.content.public_key
|
132
89
|
# The correct key has to be removed so we can save the incorrect one
|
133
|
-
Puppet::SSL::CertificateRequest.indirection.destroy(
|
90
|
+
Puppet::SSL::CertificateRequest.indirection.destroy(host.name)
|
134
91
|
Puppet::SSL::CertificateRequest.indirection.save(csr)
|
135
92
|
|
136
93
|
expect {
|
137
|
-
|
94
|
+
ca.sign(host.name)
|
138
95
|
}.to raise_error(
|
139
96
|
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
140
97
|
"CSR contains a public key that does not correspond to the signing key"
|
141
98
|
)
|
142
99
|
end
|
143
100
|
end
|
101
|
+
|
102
|
+
it "allows autosigning certificates concurrently", :unless => Puppet::Util::Platform.windows? do
|
103
|
+
Puppet[:autosign] = true
|
104
|
+
hosts = (0..4).collect { |i| certificate_request_for("host#{i}") }
|
105
|
+
|
106
|
+
run_in_parallel(5) do |i|
|
107
|
+
ca.autosign(Puppet::SSL::CertificateRequest.indirection.find(hosts[i].name))
|
108
|
+
end
|
109
|
+
|
110
|
+
certs = hosts.collect { |host| Puppet::SSL::Certificate.indirection.find(host.name).content }
|
111
|
+
serial_numbers = certs.collect(&:serial)
|
112
|
+
|
113
|
+
serial_numbers.sort.should == [2, 3, 4, 5, 6] # serial 1 is the ca certificate
|
114
|
+
end
|
115
|
+
|
116
|
+
def certificate_request_for(hostname)
|
117
|
+
key = Puppet::SSL::Key.new(hostname)
|
118
|
+
key.generate
|
119
|
+
|
120
|
+
host = Puppet::SSL::Host.new(hostname)
|
121
|
+
host.key = key
|
122
|
+
host.generate_certificate_request
|
123
|
+
|
124
|
+
host
|
125
|
+
end
|
126
|
+
|
127
|
+
def run_in_parallel(number)
|
128
|
+
children = []
|
129
|
+
number.times do |i|
|
130
|
+
children << Kernel.fork do
|
131
|
+
yield i
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
children.each { |pid| Process.wait(pid) }
|
136
|
+
end
|
144
137
|
end
|
@@ -29,7 +29,7 @@ describe Puppet::SSL::CertificateRevocationList do
|
|
29
29
|
it "should be able to read in written out CRLs with no revoked certificates" do
|
30
30
|
ca = Puppet::SSL::CertificateAuthority.new
|
31
31
|
|
32
|
-
raise "CRL not created" unless
|
32
|
+
raise "CRL not created" unless Puppet::FileSystem::File.exist?(Puppet[:hostcrl])
|
33
33
|
|
34
34
|
crl = Puppet::SSL::CertificateRevocationList.new("crl_int_testing")
|
35
35
|
crl.read(Puppet[:hostcrl])
|
@@ -70,7 +70,7 @@ describe Puppet::SSL::Host do
|
|
70
70
|
@ca = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name)
|
71
71
|
@ca.generate_key
|
72
72
|
|
73
|
-
|
73
|
+
Puppet::FileSystem::File.exist?(File.join(Puppet[:privatekeydir], "ca.pem")).should be_false
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
@@ -64,7 +64,7 @@ describe Puppet::Transaction do
|
|
64
64
|
catalog.add_resource resource
|
65
65
|
|
66
66
|
catalog.apply
|
67
|
-
|
67
|
+
Puppet::FileSystem::File.exist?(path).should be_true
|
68
68
|
end
|
69
69
|
|
70
70
|
it "should not apply virtual exported resources" do
|
@@ -189,8 +189,8 @@ describe Puppet::Transaction do
|
|
189
189
|
|
190
190
|
catalog = mk_catalog(file, exec1, exec2)
|
191
191
|
catalog.apply
|
192
|
-
|
193
|
-
|
192
|
+
Puppet::FileSystem::File.exist?(file1).should be_true
|
193
|
+
Puppet::FileSystem::File.exist?(file2).should be_true
|
194
194
|
end
|
195
195
|
|
196
196
|
it "should not let one failed refresh result in other refreshes failing" do
|
@@ -223,7 +223,7 @@ describe Puppet::Transaction do
|
|
223
223
|
|
224
224
|
catalog = mk_catalog(file, exec1, exec2)
|
225
225
|
catalog.apply
|
226
|
-
|
226
|
+
Puppet::FileSystem::File.exist?(newfile).should be_true
|
227
227
|
end
|
228
228
|
|
229
229
|
it "should still trigger skipped resources" do
|
@@ -251,18 +251,18 @@ describe Puppet::Transaction do
|
|
251
251
|
|
252
252
|
# Run it once
|
253
253
|
catalog.apply
|
254
|
-
|
254
|
+
Puppet::FileSystem::File.exist?(fname).should be_true
|
255
255
|
|
256
256
|
# Now remove it, so it can get created again
|
257
|
-
File.unlink(fname)
|
257
|
+
Puppet::FileSystem::File.unlink(fname)
|
258
258
|
|
259
259
|
file[:content] = "some content"
|
260
260
|
|
261
261
|
catalog.apply
|
262
|
-
|
262
|
+
Puppet::FileSystem::File.exist?(fname).should be_true
|
263
263
|
|
264
264
|
# Now remove it, so it can get created again
|
265
|
-
File.unlink(fname)
|
265
|
+
Puppet::FileSystem::File.unlink(fname)
|
266
266
|
|
267
267
|
# And tag our exec
|
268
268
|
exec.tag("testrun")
|
@@ -275,7 +275,7 @@ describe Puppet::Transaction do
|
|
275
275
|
file[:content] = "totally different content"
|
276
276
|
|
277
277
|
catalog.apply
|
278
|
-
|
278
|
+
Puppet::FileSystem::File.exist?(fname).should be_true
|
279
279
|
end
|
280
280
|
|
281
281
|
it "should not attempt to evaluate resources with failed dependencies" do
|
@@ -302,8 +302,8 @@ describe Puppet::Transaction do
|
|
302
302
|
catalog = mk_catalog(exec, file1, file2)
|
303
303
|
catalog.apply
|
304
304
|
|
305
|
-
|
306
|
-
|
305
|
+
Puppet::FileSystem::File.exist?(file1[:path]).should be_false
|
306
|
+
Puppet::FileSystem::File.exist?(file2[:path]).should be_false
|
307
307
|
end
|
308
308
|
|
309
309
|
it "should not trigger subscribing resources on failure" do
|
@@ -328,8 +328,8 @@ describe Puppet::Transaction do
|
|
328
328
|
catalog = mk_catalog(exec, create_file1, create_file2)
|
329
329
|
catalog.apply
|
330
330
|
|
331
|
-
|
332
|
-
|
331
|
+
Puppet::FileSystem::File.exist?(file1).should be_false
|
332
|
+
Puppet::FileSystem::File.exist?(file2).should be_false
|
333
333
|
end
|
334
334
|
|
335
335
|
# #801 -- resources only checked in noop should be rescheduled immediately.
|
@@ -33,7 +33,7 @@ describe Puppet::Type.type(:exec) do
|
|
33
33
|
catalog.add_resource exec
|
34
34
|
catalog.apply
|
35
35
|
|
36
|
-
File.
|
36
|
+
Puppet::FileSystem::File.exist?(path).should be_false
|
37
37
|
end
|
38
38
|
|
39
39
|
it "should execute the command if onlyif returns zero" do
|
@@ -72,6 +72,6 @@ describe Puppet::Type.type(:exec) do
|
|
72
72
|
catalog.add_resource exec
|
73
73
|
catalog.apply
|
74
74
|
|
75
|
-
File.
|
75
|
+
Puppet::FileSystem::File.exist?(path).should be_false
|
76
76
|
end
|
77
77
|
end
|