puppet 3.3.2 → 3.4.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CONTRIBUTING.md +22 -0
- data/Gemfile +11 -2
- data/README.md +13 -17
- data/README_DEVELOPER.md +1 -1
- data/Rakefile +1 -1
- data/examples/hiera/README.md +4 -4
- data/ext/debian/puppetmaster.init +1 -0
- data/ext/debian/rules +2 -5
- data/ext/nagios/check_puppet.rb +7 -7
- data/ext/osx/file_mapping.yaml +1 -1
- data/ext/osx/preflight.erb +34 -19
- data/ext/rack/{files/config.ru → config.ru} +0 -0
- data/ext/rack/{files/apache2.conf → example-passenger-vhost.conf} +6 -0
- data/ext/redhat/puppet.spec.erb +20 -2
- data/ext/systemd/{puppetagent.service → puppet.service} +0 -0
- data/lib/hiera_puppet.rb +2 -2
- data/lib/puppet/agent.rb +1 -6
- data/lib/puppet/application.rb +15 -2
- data/lib/puppet/application/agent.rb +2 -7
- data/lib/puppet/application/apply.rb +8 -13
- data/lib/puppet/application/cert.rb +47 -7
- data/lib/puppet/application/device.rb +1 -6
- data/lib/puppet/application/face_base.rb +1 -1
- data/lib/puppet/application/filebucket.rb +1 -1
- data/lib/puppet/application/inspect.rb +3 -12
- data/lib/puppet/application/master.rb +1 -6
- data/lib/puppet/application/queue.rb +1 -6
- data/lib/puppet/application/resource.rb +2 -6
- data/lib/puppet/coercion.rb +11 -0
- data/lib/puppet/configurer.rb +5 -3
- data/lib/puppet/configurer/downloader.rb +3 -1
- data/lib/puppet/configurer/plugin_handler.rb +10 -0
- data/lib/puppet/confine.rb +80 -0
- data/lib/puppet/{provider/confine → confine}/exists.rb +3 -3
- data/lib/puppet/{provider/confine → confine}/false.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/feature.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/true.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/variable.rb +2 -2
- data/lib/puppet/{provider/confine_collection.rb → confine_collection.rb} +4 -4
- data/lib/puppet/{provider/confiner.rb → confiner.rb} +4 -4
- data/lib/puppet/daemon.rb +2 -6
- data/lib/puppet/data_binding.rb +2 -30
- data/lib/puppet/defaults.rb +283 -174
- data/lib/puppet/error.rb +1 -0
- data/lib/puppet/external/nagios.rb +0 -2
- data/lib/puppet/external/nagios/base.rb +4 -3
- data/lib/puppet/external/nagios/grammar.ry +173 -112
- data/lib/puppet/external/nagios/parser.rb +233 -184
- data/lib/puppet/face/file/store.rb +1 -1
- data/lib/puppet/face/module/generate.rb +5 -7
- data/lib/puppet/face/parser.rb +12 -2
- data/lib/puppet/face/plugin.rb +6 -0
- data/lib/puppet/feature/base.rb +16 -0
- data/lib/puppet/feature/external_facts.rb +5 -0
- data/lib/puppet/feature/libuser.rb +1 -1
- data/lib/puppet/feature/msgpack.rb +1 -0
- data/lib/puppet/feature/rails.rb +2 -2
- data/lib/puppet/file_bucket/dipper.rb +8 -6
- data/lib/puppet/file_bucket/file.rb +17 -1
- data/lib/puppet/file_serving/base.rb +21 -10
- data/lib/puppet/file_serving/configuration.rb +5 -7
- data/lib/puppet/file_serving/configuration/parser.rb +1 -1
- data/lib/puppet/file_serving/content.rb +1 -1
- data/lib/puppet/file_serving/fileset.rb +3 -3
- data/lib/puppet/file_serving/metadata.rb +22 -18
- data/lib/puppet/file_serving/mount/file.rb +1 -1
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_system.rb +3 -0
- data/lib/puppet/file_system/file.rb +261 -0
- data/lib/puppet/file_system/file18.rb +5 -0
- data/lib/puppet/file_system/file19.rb +5 -0
- data/lib/puppet/file_system/file19windows.rb +113 -0
- data/lib/puppet/file_system/memory_file.rb +31 -0
- data/lib/puppet/file_system/tempfile.rb +20 -0
- data/lib/puppet/indirector/active_record.rb +1 -0
- data/lib/puppet/indirector/catalog/compiler.rb +28 -0
- data/lib/puppet/indirector/certificate_request/memory.rb +6 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +46 -2
- data/lib/puppet/indirector/direct_file_server.rb +2 -2
- data/lib/puppet/indirector/facts/facter.rb +25 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +60 -74
- data/lib/puppet/indirector/indirection.rb +5 -1
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/key/ca.rb +4 -0
- data/lib/puppet/indirector/key/file.rb +7 -3
- data/lib/puppet/indirector/key/memory.rb +6 -0
- data/lib/puppet/indirector/node/write_only_yaml.rb +2 -2
- data/lib/puppet/indirector/request.rb +17 -11
- data/lib/puppet/indirector/resource/ral.rb +5 -0
- data/lib/puppet/indirector/resource/rest.rb +1 -0
- data/lib/puppet/indirector/resource/store_configs.rb +4 -0
- data/lib/puppet/indirector/rest.rb +2 -1
- data/lib/puppet/indirector/ssl_file.rb +7 -7
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/indirector/yaml.rb +3 -3
- data/lib/puppet/interface/documentation.rb +4 -11
- data/lib/puppet/module.rb +19 -6
- data/lib/puppet/module_tool/applications/builder.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +1 -1
- data/lib/puppet/module_tool/checksums.rb +1 -1
- data/lib/puppet/module_tool/dependency.rb +7 -3
- data/lib/puppet/module_tool/metadata.rb +6 -2
- data/lib/puppet/module_tool/tar.rb +2 -1
- data/lib/puppet/module_tool/tar/gnu.rb +6 -2
- data/lib/puppet/module_tool/tar/mini.rb +2 -0
- data/lib/puppet/module_tool/tar/solaris.rb +2 -5
- data/lib/puppet/network/authconfig.rb +0 -2
- data/lib/puppet/network/authentication.rb +1 -1
- data/lib/puppet/network/authstore.rb +6 -7
- data/lib/puppet/network/format.rb +2 -3
- data/lib/puppet/network/format_handler.rb +16 -11
- data/lib/puppet/network/format_support.rb +14 -0
- data/lib/puppet/network/formats.rb +26 -0
- data/lib/puppet/network/http/connection.rb +8 -41
- data/lib/puppet/network/http/handler.rb +28 -32
- data/lib/puppet/network/http/webrick.rb +15 -22
- data/lib/puppet/network/http_pool.rb +43 -9
- data/lib/puppet/network/rights.rb +0 -0
- data/lib/puppet/node.rb +24 -8
- data/lib/puppet/node/environment.rb +18 -20
- data/lib/puppet/node/facts.rb +23 -6
- data/lib/puppet/parameter.rb +15 -2
- data/lib/puppet/parameter/boolean.rb +5 -0
- data/lib/puppet/parameter/value_collection.rb +6 -4
- data/lib/puppet/parser/ast/resourceparam.rb +2 -1
- data/lib/puppet/parser/compiler.rb +25 -9
- data/lib/puppet/parser/files.rb +1 -1
- data/lib/puppet/parser/functions.rb +12 -21
- data/lib/puppet/parser/functions/collect.rb +6 -35
- data/lib/puppet/parser/functions/contain.rb +26 -0
- data/lib/puppet/parser/functions/create_resources.rb +5 -0
- data/lib/puppet/parser/functions/extlookup.rb +2 -2
- data/lib/puppet/parser/functions/file.rb +1 -1
- data/lib/puppet/parser/functions/{reject.rb → filter.rb} +13 -12
- data/lib/puppet/parser/functions/fqdn_rand.rb +13 -5
- data/lib/puppet/parser/functions/include.rb +18 -1
- data/lib/puppet/parser/functions/map.rb +44 -0
- data/lib/puppet/parser/functions/select.rb +6 -38
- data/lib/puppet/parser/lexer.rb +1 -1
- data/lib/puppet/parser/parser_support.rb +1 -1
- data/lib/puppet/parser/resource.rb +6 -45
- data/lib/puppet/parser/scope.rb +33 -2
- data/lib/puppet/parser/type_loader.rb +4 -60
- data/lib/puppet/pops/binder/bindings_loader.rb +1 -1
- data/lib/puppet/pops/binder/config/binder_config.rb +3 -3
- data/lib/puppet/pops/binder/hiera2/bindings_provider.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/confdir_hiera_scheme.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/module_hiera_scheme.rb +2 -2
- data/lib/puppet/pops/issues.rb +4 -0
- data/lib/puppet/pops/model/ast_transformer.rb +4 -1
- data/lib/puppet/pops/model/model_label_provider.rb +1 -1
- data/lib/puppet/pops/parser/egrammar.ra +5 -24
- data/lib/puppet/pops/parser/eparser.rb +859 -902
- data/lib/puppet/pops/parser/lexer.rb +48 -30
- data/lib/puppet/pops/parser/parser_support.rb +1 -1
- data/lib/puppet/pops/patterns.rb +4 -4
- data/lib/puppet/pops/utils.rb +1 -1
- data/lib/puppet/pops/validation/checker3_1.rb +25 -20
- data/lib/puppet/provider.rb +23 -6
- data/lib/puppet/provider/aixobject.rb +0 -0
- data/lib/puppet/provider/augeas/augeas.rb +21 -5
- data/lib/puppet/provider/confine.rb +5 -79
- data/lib/puppet/provider/cron/crontab.rb +0 -0
- data/lib/puppet/provider/exec.rb +9 -7
- data/lib/puppet/provider/exec/posix.rb +10 -1
- data/lib/puppet/provider/exec/windows.rb +1 -1
- data/lib/puppet/provider/file/posix.rb +1 -0
- data/lib/puppet/provider/file/windows.rb +16 -5
- data/lib/puppet/provider/group/aix.rb +0 -0
- data/lib/puppet/provider/group/windows_adsi.rb +33 -1
- data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
- data/lib/puppet/provider/mailalias/aliases.rb +0 -0
- data/lib/puppet/provider/maillist/mailman.rb +0 -0
- data/lib/puppet/provider/mount/parsed.rb +0 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
- data/lib/puppet/provider/package/appdmg.rb +1 -1
- data/lib/puppet/provider/package/apple.rb +1 -1
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/aptitude.rb +0 -0
- data/lib/puppet/provider/package/blastwave.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -1
- data/lib/puppet/provider/package/fink.rb +1 -1
- data/lib/puppet/provider/package/freebsd.rb +0 -0
- data/lib/puppet/provider/package/gem.rb +0 -0
- data/lib/puppet/provider/package/macports.rb +0 -0
- data/lib/puppet/provider/package/msi.rb +4 -10
- data/lib/puppet/provider/package/nim.rb +8 -8
- data/lib/puppet/provider/package/openbsd.rb +1 -1
- data/lib/puppet/provider/package/opkg.rb +0 -0
- data/lib/puppet/provider/package/pacman.rb +2 -2
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgutil.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +0 -0
- data/lib/puppet/provider/package/rpm.rb +39 -3
- data/lib/puppet/provider/package/sun.rb +3 -3
- data/lib/puppet/provider/package/sunfreeware.rb +0 -0
- data/lib/puppet/provider/package/windows.rb +12 -19
- data/lib/puppet/provider/package/windows/package.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/parsedfile.rb +0 -0
- data/lib/puppet/provider/port/parsed.rb +0 -0
- data/lib/puppet/provider/service/base.rb +0 -0
- data/lib/puppet/provider/service/bsd.rb +3 -3
- data/lib/puppet/provider/service/daemontools.rb +8 -8
- data/lib/puppet/provider/service/debian.rb +0 -0
- data/lib/puppet/provider/service/freebsd.rb +3 -3
- data/lib/puppet/provider/service/init.rb +5 -4
- data/lib/puppet/provider/service/launchd.rb +35 -24
- data/lib/puppet/provider/service/openbsd.rb +23 -0
- data/lib/puppet/provider/service/redhat.rb +0 -0
- data/lib/puppet/provider/service/runit.rb +3 -3
- data/lib/puppet/provider/service/smf.rb +0 -0
- data/lib/puppet/provider/service/src.rb +0 -0
- data/lib/puppet/provider/service/systemd.rb +0 -0
- data/lib/puppet/provider/service/upstart.rb +3 -3
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
- data/lib/puppet/provider/sshkey/parsed.rb +0 -0
- data/lib/puppet/provider/user/aix.rb +0 -0
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +1 -1
- data/lib/puppet/rails/benchmark.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -2
- data/lib/puppet/reference/indirection.rb +12 -14
- data/lib/puppet/relationship.rb +7 -4
- data/lib/puppet/reports.rb +2 -2
- data/lib/puppet/reports/rrdgraph.rb +1 -1
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +2 -2
- data/lib/puppet/resource.rb +66 -8
- data/lib/puppet/resource/catalog.rb +18 -25
- data/lib/puppet/resource/status.rb +10 -4
- data/lib/puppet/run.rb +6 -2
- data/lib/puppet/settings.rb +39 -119
- data/lib/puppet/settings/base_setting.rb +8 -9
- data/lib/puppet/settings/directory_setting.rb +8 -0
- data/lib/puppet/settings/file_setting.rb +35 -1
- data/lib/puppet/settings/priority_setting.rb +42 -0
- data/lib/puppet/ssl.rb +4 -0
- data/lib/puppet/ssl/certificate.rb +18 -0
- data/lib/puppet/ssl/certificate_authority.rb +101 -72
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +44 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +21 -17
- data/lib/puppet/ssl/certificate_factory.rb +38 -12
- data/lib/puppet/ssl/certificate_request.rb +201 -47
- data/lib/puppet/ssl/certificate_request_attributes.rb +34 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +2 -2
- data/lib/puppet/ssl/host.rb +21 -10
- data/lib/puppet/ssl/inventory.rb +6 -10
- data/lib/puppet/ssl/key.rb +1 -1
- data/lib/puppet/ssl/oids.rb +78 -0
- data/lib/puppet/ssl/validator.rb +41 -97
- data/lib/puppet/ssl/validator/default_validator.rb +153 -0
- data/lib/puppet/ssl/validator/no_validator.rb +17 -0
- data/lib/puppet/status.rb +4 -0
- data/lib/puppet/test/test_helper.rb +5 -0
- data/lib/puppet/transaction.rb +13 -0
- data/lib/puppet/transaction/event.rb +8 -3
- data/lib/puppet/transaction/report.rb +6 -2
- data/lib/puppet/transaction/resource_harness.rb +173 -115
- data/lib/puppet/type.rb +30 -13
- data/lib/puppet/type/augeas.rb +12 -46
- data/lib/puppet/type/component.rb +1 -7
- data/lib/puppet/type/cron.rb +0 -0
- data/lib/puppet/type/exec.rb +13 -1
- data/lib/puppet/type/file.rb +19 -10
- data/lib/puppet/type/file/checksum.rb +0 -0
- data/lib/puppet/type/file/content.rb +3 -0
- data/lib/puppet/type/file/ensure.rb +33 -15
- data/lib/puppet/type/file/group.rb +0 -0
- data/lib/puppet/type/file/mode.rb +6 -2
- data/lib/puppet/type/file/owner.rb +0 -0
- data/lib/puppet/type/file/source.rb +65 -14
- data/lib/puppet/type/file/target.rb +6 -6
- data/lib/puppet/type/file/type.rb +0 -0
- data/lib/puppet/type/filebucket.rb +0 -0
- data/lib/puppet/type/group.rb +18 -0
- data/lib/puppet/type/host.rb +0 -0
- data/lib/puppet/type/k5login.rb +4 -4
- data/lib/puppet/type/mailalias.rb +0 -0
- data/lib/puppet/type/maillist.rb +0 -0
- data/lib/puppet/type/mount.rb +15 -1
- data/lib/puppet/type/package.rb +7 -1
- data/lib/puppet/type/port.rb +0 -0
- data/lib/puppet/type/schedule.rb +9 -4
- data/lib/puppet/type/service.rb +1 -1
- data/lib/puppet/type/sshkey.rb +0 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type/yumrepo.rb +8 -6
- data/lib/puppet/type/zpool.rb +0 -0
- data/lib/puppet/util.rb +4 -31
- data/lib/puppet/util/adsi.rb +73 -17
- data/lib/puppet/util/autoload.rb +3 -3
- data/lib/puppet/util/backups.rb +4 -4
- data/lib/puppet/util/cacher.rb +7 -13
- data/lib/puppet/util/checksums.rb +2 -2
- data/lib/puppet/util/classgen.rb +3 -1
- data/lib/puppet/util/colors.rb +1 -0
- data/lib/puppet/util/command_line.rb +5 -0
- data/lib/puppet/util/docs.rb +33 -27
- data/lib/puppet/util/execution.rb +42 -18
- data/lib/puppet/util/filetype.rb +3 -3
- data/lib/puppet/util/instance_loader.rb +2 -2
- data/lib/puppet/util/instrumentation.rb +23 -42
- data/lib/puppet/util/instrumentation/data.rb +11 -4
- data/lib/puppet/util/instrumentation/indirection_probe.rb +11 -4
- data/lib/puppet/util/instrumentation/instrumentable.rb +7 -14
- data/lib/puppet/util/instrumentation/listener.rb +15 -8
- data/lib/puppet/util/instrumentation/listeners/log.rb +4 -10
- data/lib/puppet/util/instrumentation/listeners/performance.rb +8 -14
- data/lib/puppet/util/limits.rb +12 -0
- data/lib/puppet/util/lockfile.rb +2 -2
- data/lib/puppet/util/log.rb +14 -6
- data/lib/puppet/util/log/destinations.rb +23 -1
- data/lib/puppet/util/metric.rb +9 -3
- data/lib/puppet/util/monkey_patches.rb +7 -2
- data/lib/puppet/util/network_device/config.rb +1 -1
- data/lib/puppet/util/plugins.rb +1 -1
- data/lib/puppet/util/posix.rb +0 -0
- data/lib/puppet/util/profiler.rb +7 -2
- data/lib/puppet/util/provider_features.rb +2 -2
- data/lib/puppet/util/rdoc.rb +28 -30
- data/lib/puppet/util/rdoc/code_objects.rb +75 -25
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +1 -1
- data/lib/puppet/util/rdoc/parser.rb +12 -487
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +477 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb +19 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/storage.rb +2 -2
- data/lib/puppet/util/suidmanager.rb +1 -1
- data/lib/puppet/util/tag_set.rb +29 -0
- data/lib/puppet/util/tagging.rb +8 -24
- data/lib/puppet/util/watched_file.rb +1 -1
- data/lib/puppet/util/watcher.rb +1 -1
- data/lib/puppet/util/windows.rb +3 -0
- data/lib/puppet/util/windows/access_control_entry.rb +84 -0
- data/lib/puppet/util/windows/access_control_list.rb +106 -0
- data/lib/puppet/util/windows/file.rb +213 -0
- data/lib/puppet/util/windows/process.rb +199 -0
- data/lib/puppet/util/windows/root_certs.rb +52 -37
- data/lib/puppet/util/windows/security.rb +270 -245
- data/lib/puppet/util/windows/security_descriptor.rb +62 -0
- data/lib/puppet/util/windows/sid.rb +26 -4
- data/lib/puppet/version.rb +2 -2
- data/spec/fixtures/releases/jamtur01-apache/lib/puppet/provider/a2mod/debian.rb +1 -1
- data/spec/fixtures/unit/indirector/{hiera → data_binding/hiera}/global.yaml +0 -0
- data/spec/fixtures/unit/indirector/data_binding/hiera/invalid.yaml +1 -0
- data/spec/fixtures/unit/module/trailing-comma.json +24 -0
- data/spec/fixtures/unit/util/monkey_patches/x509.pem +32 -0
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/doc_spec.rb +1 -1
- data/spec/integration/configurer_spec.rb +4 -2
- data/spec/integration/data_binding.rb +100 -0
- data/spec/integration/indirector/catalog/compiler_spec.rb +16 -13
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -5
- data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
- data/spec/integration/node/facts_spec.rb +1 -1
- data/spec/integration/node_spec.rb +1 -1
- data/spec/integration/parser/compiler_spec.rb +90 -0
- data/spec/integration/parser/parser_spec.rb +2 -2
- data/spec/integration/provider/cron/crontab_spec.rb +3 -5
- data/spec/integration/resource/catalog_spec.rb +1 -1
- data/spec/integration/ssl/autosign_spec.rb +90 -0
- data/spec/integration/ssl/certificate_authority_spec.rb +62 -69
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -1
- data/spec/integration/ssl/host_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +13 -13
- data/spec/integration/type/exec_spec.rb +2 -2
- data/spec/integration/type/file_spec.rb +287 -45
- data/spec/integration/type/tidy_spec.rb +3 -3
- data/spec/integration/util/rdoc/parser_spec.rb +236 -35
- data/spec/integration/util/settings_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +22 -0
- data/spec/integration/util/windows/security_spec.rb +316 -106
- data/spec/lib/matchers/containment_matchers.rb +52 -0
- data/spec/lib/puppet_spec/compiler.rb +6 -0
- data/spec/lib/puppet_spec/files.rb +20 -21
- data/spec/shared_behaviours/documentation_on_faces.rb +3 -3
- data/spec/shared_behaviours/file_server_terminus.rb +2 -2
- data/spec/shared_contexts/platform.rb +1 -0
- data/spec/spec_helper.rb +13 -1
- data/spec/unit/agent_spec.rb +0 -12
- data/spec/unit/application/agent_spec.rb +4 -4
- data/spec/unit/application/apply_spec.rb +18 -2
- data/spec/unit/application/cert_spec.rb +8 -6
- data/spec/unit/application/device_spec.rb +1 -1
- data/spec/unit/application/filebucket_spec.rb +1 -1
- data/spec/unit/application/inspect_spec.rb +1 -1
- data/spec/unit/application_spec.rb +24 -0
- data/spec/unit/configurer/downloader_spec.rb +8 -7
- data/spec/unit/configurer/fact_handler_spec.rb +23 -0
- data/spec/unit/configurer/plugin_handler_spec.rb +7 -2
- data/spec/unit/configurer_spec.rb +15 -5
- data/spec/unit/{provider/confine → confine}/exists_spec.rb +12 -12
- data/spec/unit/{provider/confine → confine}/false_spec.rb +9 -9
- data/spec/unit/{provider/confine → confine}/feature_spec.rb +10 -10
- data/spec/unit/{provider/confine → confine}/true_spec.rb +7 -7
- data/spec/unit/{provider/confine → confine}/variable_spec.rb +16 -16
- data/spec/unit/{provider/confine_collection_spec.rb → confine_collection_spec.rb} +30 -30
- data/spec/unit/{provider/confine_spec.rb → confine_spec.rb} +11 -11
- data/spec/unit/{provider/confiner_spec.rb → confiner_spec.rb} +4 -4
- data/spec/unit/face/parser_spec.rb +54 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/base_spec.rb +32 -9
- data/spec/unit/file_serving/configuration_spec.rb +7 -7
- data/spec/unit/file_serving/content_spec.rb +12 -7
- data/spec/unit/file_serving/fileset_spec.rb +57 -27
- data/spec/unit/file_serving/metadata_spec.rb +74 -12
- data/spec/unit/file_serving/mount/file_spec.rb +10 -10
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +73 -0
- data/spec/unit/file_system/file_spec.rb +486 -0
- data/spec/unit/file_system/tempfile_spec.rb +48 -0
- data/spec/unit/graph/relationship_graph_spec.rb +0 -6
- data/spec/unit/hiera_puppet_spec.rb +2 -2
- data/spec/unit/indirector/catalog/compiler_spec.rb +15 -19
- data/spec/unit/indirector/certificate_status/file_spec.rb +30 -40
- data/spec/unit/indirector/data_binding/hiera_spec.rb +95 -2
- data/spec/unit/indirector/direct_file_server_spec.rb +6 -6
- data/spec/unit/indirector/facts/facter_spec.rb +33 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +61 -52
- data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
- data/spec/unit/indirector/file_server_spec.rb +4 -4
- data/spec/unit/indirector/json_spec.rb +4 -4
- data/spec/unit/indirector/key/file_spec.rb +13 -14
- data/spec/unit/indirector/resource/ral_spec.rb +7 -0
- data/spec/unit/indirector/resource/store_configs_spec.rb +11 -0
- data/spec/unit/indirector/rest_spec.rb +7 -3
- data/spec/unit/indirector/ssl_file_spec.rb +14 -17
- data/spec/unit/indirector/yaml_spec.rb +4 -4
- data/spec/unit/module_spec.rb +43 -15
- data/spec/unit/module_tool/tar/gnu_spec.rb +2 -2
- data/spec/unit/module_tool/tar/solaris_spec.rb +2 -2
- data/spec/unit/module_tool/tar_spec.rb +45 -0
- data/spec/unit/network/authconfig_spec.rb +2 -1
- data/spec/unit/network/authentication_spec.rb +2 -2
- data/spec/unit/network/format_handler_spec.rb +2 -2
- data/spec/unit/network/formats_spec.rb +24 -0
- data/spec/unit/network/http/connection_spec.rb +76 -199
- data/spec/unit/network/http/handler_spec.rb +33 -34
- data/spec/unit/network/http_pool_spec.rb +8 -5
- data/spec/unit/node/environment_spec.rb +76 -90
- data/spec/unit/node/facts_spec.rb +20 -3
- data/spec/unit/node_spec.rb +43 -0
- data/spec/unit/parameter/boolean_spec.rb +22 -12
- data/spec/unit/parser/ast/resourceparam_spec.rb +51 -0
- data/spec/unit/parser/compiler_spec.rb +103 -35
- data/spec/unit/parser/eparser_adapter_spec.rb +12 -12
- data/spec/unit/parser/files_spec.rb +11 -11
- data/spec/unit/parser/functions/contain_spec.rb +185 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +13 -5
- data/spec/unit/parser/functions/generate_spec.rb +1 -1
- data/spec/unit/parser/functions_spec.rb +2 -2
- data/spec/unit/parser/lexer_spec.rb +1 -1
- data/spec/unit/parser/methods/each_spec.rb +1 -1
- data/spec/unit/parser/methods/{select_spec.rb → filter_spec.rb} +11 -11
- data/spec/unit/parser/methods/map_spec.rb +95 -0
- data/spec/unit/parser/methods/reduce_spec.rb +12 -11
- data/spec/unit/parser/methods/shared.rb +5 -5
- data/spec/unit/parser/methods/slice_spec.rb +13 -13
- data/spec/unit/parser/parser_spec.rb +1 -1
- data/spec/unit/parser/resource/param_spec.rb +44 -0
- data/spec/unit/parser/resource_spec.rb +16 -15
- data/spec/unit/pops/model/ast_transformer_spec.rb +18 -4
- data/spec/unit/pops/parser/lexer_spec.rb +22 -5
- data/spec/unit/pops/parser/parse_calls_spec.rb +5 -5
- data/spec/unit/pops/transformer/transform_calls_spec.rb +6 -6
- data/spec/unit/pops/transformer/transform_containers_spec.rb +2 -2
- data/spec/unit/pops/validator/validator_spec.rb +31 -0
- data/spec/unit/provider/augeas/augeas_spec.rb +57 -2
- data/spec/unit/provider/exec/posix_spec.rb +8 -3
- data/spec/unit/provider/file/posix_spec.rb +2 -2
- data/spec/unit/provider/group/windows_adsi_spec.rb +70 -3
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +3 -3
- data/spec/unit/provider/package/apt_spec.rb +1 -1
- data/spec/unit/provider/package/msi_spec.rb +15 -42
- data/spec/unit/provider/package/openbsd_spec.rb +3 -3
- data/spec/unit/provider/package/rpm_spec.rb +56 -13
- data/spec/unit/provider/package/windows_spec.rb +15 -19
- data/spec/unit/provider/service/base_spec.rb +1 -1
- data/spec/unit/provider/service/daemontools_spec.rb +18 -8
- data/spec/unit/provider/service/freebsd_spec.rb +3 -3
- data/spec/unit/provider/service/gentoo_spec.rb +5 -2
- data/spec/unit/provider/service/init_spec.rb +17 -17
- data/spec/unit/provider/service/launchd_spec.rb +76 -23
- data/spec/unit/provider/service/openbsd_spec.rb +125 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +12 -5
- data/spec/unit/provider/service/upstart_spec.rb +4 -4
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +4 -4
- data/spec/unit/provider/zone/solaris_spec.rb +1 -1
- data/spec/unit/provider_spec.rb +2 -2
- data/spec/unit/reports/http_spec.rb +19 -34
- data/spec/unit/reports/store_spec.rb +2 -2
- data/spec/unit/resource/catalog_spec.rb +81 -11
- data/spec/unit/resource/status_spec.rb +11 -1
- data/spec/unit/resource/type_spec.rb +30 -1
- data/spec/unit/resource_spec.rb +40 -4
- data/spec/unit/settings/file_setting_spec.rb +2 -2
- data/spec/unit/settings/path_setting_spec.rb +2 -2
- data/spec/unit/settings/priority_setting_spec.rb +66 -0
- data/spec/unit/settings_spec.rb +16 -31
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +30 -0
- data/spec/unit/ssl/certificate_authority_spec.rb +129 -134
- data/spec/unit/ssl/certificate_factory_spec.rb +18 -0
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +61 -0
- data/spec/unit/ssl/certificate_request_spec.rb +103 -0
- data/spec/unit/ssl/certificate_spec.rb +31 -18
- data/spec/unit/ssl/host_spec.rb +34 -8
- data/spec/unit/ssl/inventory_spec.rb +27 -62
- data/spec/unit/ssl/key_spec.rb +4 -4
- data/spec/unit/ssl/oids_spec.rb +48 -0
- data/spec/unit/ssl/validator_spec.rb +49 -6
- data/spec/unit/status_spec.rb +9 -0
- data/spec/unit/transaction/event_spec.rb +1 -9
- data/spec/unit/transaction/report_spec.rb +20 -1
- data/spec/unit/transaction/resource_harness_spec.rb +60 -210
- data/spec/unit/transaction_spec.rb +54 -8
- data/spec/unit/type/component_spec.rb +2 -2
- data/spec/unit/type/exec_spec.rb +14 -7
- data/spec/unit/type/file/content_spec.rb +13 -2
- data/spec/unit/type/file/ctime_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +48 -2
- data/spec/unit/type/file/mtime_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +177 -7
- data/spec/unit/type/file_spec.rb +63 -71
- data/spec/unit/type/group_spec.rb +20 -0
- data/spec/unit/type/k5login_spec.rb +3 -3
- data/spec/unit/type/mount_spec.rb +53 -0
- data/spec/unit/type/nagios_spec.rb +216 -0
- data/spec/unit/type/package_spec.rb +7 -1
- data/spec/unit/type/schedule_spec.rb +6 -0
- data/spec/unit/type/service_spec.rb +3 -3
- data/spec/unit/type/tidy_spec.rb +14 -14
- data/spec/unit/type/user_spec.rb +9 -0
- data/spec/unit/type_spec.rb +86 -4
- data/spec/unit/util/adsi_spec.rb +120 -12
- data/spec/unit/util/autoload_spec.rb +14 -14
- data/spec/unit/util/backups_spec.rb +29 -21
- data/spec/unit/util/checksums_spec.rb +2 -1
- data/spec/unit/util/command_line_spec.rb +41 -0
- data/spec/unit/util/docs_spec.rb +91 -0
- data/spec/unit/util/execution_spec.rb +26 -2
- data/spec/unit/util/filetype_spec.rb +7 -7
- data/spec/unit/util/lockfile_spec.rb +2 -2
- data/spec/unit/util/log/destinations_spec.rb +32 -0
- data/spec/unit/util/monkey_patches_spec.rb +41 -0
- data/spec/unit/util/pidlock_spec.rb +6 -6
- data/spec/unit/util/rdoc/parser_spec.rb +15 -13
- data/spec/unit/util/rdoc_spec.rb +18 -24
- data/spec/unit/util/resource_template_spec.rb +3 -3
- data/spec/unit/util/selinux_spec.rb +4 -2
- data/spec/unit/util/storage_spec.rb +4 -4
- data/spec/unit/util/suidmanager_spec.rb +7 -0
- data/spec/unit/util/tag_set_spec.rb +46 -0
- data/spec/unit/util/tagging_spec.rb +82 -45
- data/spec/unit/util/watcher_spec.rb +4 -1
- data/spec/unit/util/windows/access_control_entry_spec.rb +67 -0
- data/spec/unit/util/windows/access_control_list_spec.rb +133 -0
- data/spec/unit/util/windows/root_certs_spec.rb +10 -8
- data/spec/unit/util/windows/security_descriptor_spec.rb +117 -0
- data/spec/unit/util/windows/sid_spec.rb +69 -0
- data/spec/unit/util_spec.rb +7 -7
- data/tasks/ci.rake +17 -36
- metadata +2811 -2746
- checksums.yaml +0 -7
- data/examples/mac_automount.pp +0 -16
- data/examples/mcx_dock_absent.pp +0 -4
- data/examples/mcx_dock_default.pp +0 -118
- data/examples/mcx_dock_full.pp +0 -125
- data/examples/mcx_dock_invalid.pp +0 -9
- data/examples/mcx_nogroup.pp +0 -118
- data/examples/mcx_notexists_absent.pp +0 -4
- data/ext/rack/README +0 -58
- data/ext/rack/manifest.pp +0 -59
- data/lib/puppet/external/lock.rb +0 -63
- data/lib/puppet/indirector/hiera.rb +0 -39
- data/lib/puppet/parser/functions/foreach.rb +0 -95
- data/spec/integration/network/server/webrick_spec.rb +0 -76
- data/spec/integration/parser/functions_spec.rb +0 -16
- data/spec/unit/indirector/hiera_spec.rb +0 -154
- data/spec/unit/parser/methods/collect_spec.rb +0 -153
- data/spec/unit/parser/methods/foreach_spec.rb +0 -91
- data/spec/unit/parser/methods/reject_spec.rb +0 -73
- data/spec/unit/resource/resource_type.json +0 -34
@@ -115,6 +115,24 @@ describe Puppet::SSL::CertificateFactory do
|
|
115
115
|
end
|
116
116
|
end
|
117
117
|
|
118
|
+
it "can add custom extension requests" do
|
119
|
+
csr = Puppet::SSL::CertificateRequest.new(name)
|
120
|
+
csr.generate(key)
|
121
|
+
|
122
|
+
csr.stubs(:request_extensions).returns([
|
123
|
+
{'oid' => '1.3.6.1.4.1.34380.1.2.1', 'value' => 'some-value'},
|
124
|
+
{'oid' => 'pp_uuid', 'value' => 'some-uuid'},
|
125
|
+
])
|
126
|
+
|
127
|
+
cert = subject.build(:client, csr, issuer, serial)
|
128
|
+
|
129
|
+
priv_ext = cert.extensions.find {|ext| ext.oid == '1.3.6.1.4.1.34380.1.2.1'}
|
130
|
+
uuid_ext = cert.extensions.find {|ext| ext.oid == 'pp_uuid'}
|
131
|
+
|
132
|
+
expect(priv_ext.value).to eq 'some-value'
|
133
|
+
expect(uuid_ext.value).to eq 'some-uuid'
|
134
|
+
end
|
135
|
+
|
118
136
|
# Can't check the CA here, since that requires way more infrastructure
|
119
137
|
# that I want to build up at this time. We can verify the critical
|
120
138
|
# values, though, which are non-CA certs. --daniel 2011-10-11
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
require 'puppet/ssl/certificate_request_attributes'
|
4
|
+
|
5
|
+
describe Puppet::SSL::CertificateRequestAttributes do
|
6
|
+
|
7
|
+
let(:expected) do
|
8
|
+
{
|
9
|
+
"custom_attributes" => {
|
10
|
+
"1.3.6.1.4.1.34380.2.2"=>[3232235521, 3232235777], # system IPs in hex
|
11
|
+
"1.3.6.1.4.1.34380.2.0"=>"hostname.domain.com",
|
12
|
+
}
|
13
|
+
}
|
14
|
+
end
|
15
|
+
let(:csr_attributes_hash) { expected.dup }
|
16
|
+
let(:csr_attributes_path) { '/some/where/csr_attributes.yaml' }
|
17
|
+
let(:csr_attributes) { Puppet::SSL::CertificateRequestAttributes.new(csr_attributes_path) }
|
18
|
+
|
19
|
+
it "initializes with a path" do
|
20
|
+
expect(csr_attributes.path).to eq(csr_attributes_path)
|
21
|
+
end
|
22
|
+
|
23
|
+
describe "loading" do
|
24
|
+
it "returns nil when loading from a non-existent file" do
|
25
|
+
expect(csr_attributes.load).to be_false
|
26
|
+
end
|
27
|
+
|
28
|
+
context "with an available attributes file" do
|
29
|
+
before do
|
30
|
+
Puppet::FileSystem::File.expects(:exist?).with(csr_attributes_path).returns(true)
|
31
|
+
Puppet::Util::Yaml.expects(:load_file).with(csr_attributes_path).returns(csr_attributes_hash)
|
32
|
+
end
|
33
|
+
|
34
|
+
it "loads csr attributes from a file when the file is present" do
|
35
|
+
expect(csr_attributes.load).to be_true
|
36
|
+
end
|
37
|
+
|
38
|
+
it "exposes custom_attributes" do
|
39
|
+
csr_attributes.load
|
40
|
+
expect(csr_attributes.custom_attributes).to eq(expected['custom_attributes'])
|
41
|
+
end
|
42
|
+
|
43
|
+
it "returns an empty hash if custom_attributes points to nil" do
|
44
|
+
csr_attributes_hash["custom_attributes"] = nil
|
45
|
+
csr_attributes.load
|
46
|
+
expect(csr_attributes.custom_attributes).to eq({})
|
47
|
+
end
|
48
|
+
|
49
|
+
it "returns an empty hash if custom_attributes key is not present" do
|
50
|
+
csr_attributes_hash.delete("custom_attributes")
|
51
|
+
csr_attributes.load
|
52
|
+
expect(csr_attributes.custom_attributes).to eq({})
|
53
|
+
end
|
54
|
+
|
55
|
+
it "raise a Puppet::Error if an unexpected root key is defined" do
|
56
|
+
csr_attributes_hash['unintentional'] = 'data'
|
57
|
+
expect { csr_attributes.load }.to raise_error(Puppet::Error, /unexpected attributes.*unintentional/)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
@@ -178,6 +178,109 @@ describe Puppet::SSL::CertificateRequest do
|
|
178
178
|
end
|
179
179
|
end
|
180
180
|
|
181
|
+
context "with custom CSR attributes" do
|
182
|
+
|
183
|
+
it "adds attributes with single values" do
|
184
|
+
csr_attributes = {
|
185
|
+
'1.3.6.1.4.1.34380.1.2.1' => 'CSR specific info',
|
186
|
+
'1.3.6.1.4.1.34380.1.2.2' => 'more CSR specific info',
|
187
|
+
}
|
188
|
+
|
189
|
+
request.generate(key, :csr_attributes => csr_attributes)
|
190
|
+
|
191
|
+
attrs = request.custom_attributes
|
192
|
+
attrs.should include({'oid' => '1.3.6.1.4.1.34380.1.2.1', 'value' => 'CSR specific info'})
|
193
|
+
attrs.should include({'oid' => '1.3.6.1.4.1.34380.1.2.2', 'value' => 'more CSR specific info'})
|
194
|
+
end
|
195
|
+
|
196
|
+
['extReq', '1.2.840.113549.1.9.14'].each do |oid|
|
197
|
+
it "doesn't overwrite standard PKCS#9 CSR attribute '#{oid}'" do
|
198
|
+
expect do
|
199
|
+
request.generate(key, :csr_attributes => {oid => 'data'})
|
200
|
+
end.to raise_error ArgumentError, /Cannot specify.*#{oid}/
|
201
|
+
end
|
202
|
+
end
|
203
|
+
|
204
|
+
['msExtReq', '1.3.6.1.4.1.311.2.1.14'].each do |oid|
|
205
|
+
it "doesn't overwrite Microsoft extension request OID '#{oid}'" do
|
206
|
+
expect do
|
207
|
+
request.generate(key, :csr_attributes => {oid => 'data'})
|
208
|
+
end.to raise_error ArgumentError, /Cannot specify.*#{oid}/
|
209
|
+
end
|
210
|
+
end
|
211
|
+
|
212
|
+
it "raises an error if an attribute cannot be created" do
|
213
|
+
csr_attributes = { "thats.no.moon" => "death star" }
|
214
|
+
|
215
|
+
expect do
|
216
|
+
request.generate(key, :csr_attributes => csr_attributes)
|
217
|
+
end.to raise_error Puppet::Error, /Cannot create CSR with attribute thats\.no\.moon: first num too large/
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
221
|
+
context "with extension requests" do
|
222
|
+
let(:extension_data) do
|
223
|
+
{
|
224
|
+
'1.3.6.1.4.1.34380.1.1.31415' => 'pi',
|
225
|
+
'1.3.6.1.4.1.34380.1.1.2718' => 'e',
|
226
|
+
}
|
227
|
+
end
|
228
|
+
|
229
|
+
it "adds an extreq attribute to the CSR" do
|
230
|
+
request.generate(key, :extension_requests => extension_data)
|
231
|
+
|
232
|
+
exts = request.content.attributes.select { |attr| attr.oid = 'extReq' }
|
233
|
+
exts.length.should == 1
|
234
|
+
end
|
235
|
+
|
236
|
+
it "adds an extension for each entry in the extension request structure" do
|
237
|
+
request.generate(key, :extension_requests => extension_data)
|
238
|
+
|
239
|
+
exts = request.request_extensions
|
240
|
+
|
241
|
+
exts.should include('oid' => '1.3.6.1.4.1.34380.1.1.31415', 'value' => 'pi')
|
242
|
+
exts.should include('oid' => '1.3.6.1.4.1.34380.1.1.2718', 'value' => 'e')
|
243
|
+
end
|
244
|
+
|
245
|
+
it "defines the extensions as non-critical" do
|
246
|
+
request.generate(key, :extension_requests => extension_data)
|
247
|
+
request.request_extensions.each do |ext|
|
248
|
+
ext['critical'].should be_false
|
249
|
+
end
|
250
|
+
end
|
251
|
+
|
252
|
+
it "rejects the subjectAltNames extension" do
|
253
|
+
san_names = ['subjectAltName', '2.5.29.17']
|
254
|
+
san_field = 'DNS:first.tld, DNS:second.tld'
|
255
|
+
|
256
|
+
san_names.each do |name|
|
257
|
+
expect do
|
258
|
+
request.generate(key, :extension_requests => {name => san_field})
|
259
|
+
end.to raise_error Puppet::Error, /conflicts with internally used extension/
|
260
|
+
end
|
261
|
+
end
|
262
|
+
|
263
|
+
it "merges the extReq attribute with the subjectAltNames extension" do
|
264
|
+
request.generate(key,
|
265
|
+
:dns_alt_names => 'first.tld, second.tld',
|
266
|
+
:extension_requests => extension_data)
|
267
|
+
exts = request.request_extensions
|
268
|
+
|
269
|
+
exts.should include('oid' => '1.3.6.1.4.1.34380.1.1.31415', 'value' => 'pi')
|
270
|
+
exts.should include('oid' => '1.3.6.1.4.1.34380.1.1.2718', 'value' => 'e')
|
271
|
+
exts.should include('oid' => 'subjectAltName', 'value' => 'DNS:first.tld, DNS:myname, DNS:second.tld')
|
272
|
+
|
273
|
+
request.subject_alt_names.should eq ['DNS:first.tld', 'DNS:myname', 'DNS:second.tld']
|
274
|
+
end
|
275
|
+
|
276
|
+
it "raises an error if the OID could not be created" do
|
277
|
+
exts = {"thats.no.moon" => "death star"}
|
278
|
+
expect do
|
279
|
+
request.generate(key, :extension_requests => exts)
|
280
|
+
end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon: first num too large/
|
281
|
+
end
|
282
|
+
end
|
283
|
+
|
181
284
|
it "should sign the csr with the provided key" do
|
182
285
|
request.generate(key)
|
183
286
|
request.content.verify(key.content.public_key).should be_true
|
@@ -75,6 +75,17 @@ describe Puppet::SSL::Certificate do
|
|
75
75
|
end
|
76
76
|
|
77
77
|
describe "when managing instances" do
|
78
|
+
|
79
|
+
def build_cert(opts)
|
80
|
+
key = Puppet::SSL::Key.new('quux')
|
81
|
+
key.generate
|
82
|
+
csr = Puppet::SSL::CertificateRequest.new('quux')
|
83
|
+
csr.generate(key, opts)
|
84
|
+
|
85
|
+
raw_cert = Puppet::SSL::CertificateFactory.build('client', csr, csr.content, 14)
|
86
|
+
@class.from_instance(raw_cert)
|
87
|
+
end
|
88
|
+
|
78
89
|
before do
|
79
90
|
@certificate = @class.new("myname")
|
80
91
|
end
|
@@ -93,33 +104,35 @@ describe Puppet::SSL::Certificate do
|
|
93
104
|
|
94
105
|
describe "#subject_alt_names" do
|
95
106
|
it "should list all alternate names when the extension is present" do
|
96
|
-
|
97
|
-
key.generate
|
98
|
-
|
99
|
-
csr = Puppet::SSL::CertificateRequest.new('quux')
|
100
|
-
csr.generate(key, :dns_alt_names => 'foo, bar,baz')
|
101
|
-
|
102
|
-
raw_csr = csr.content
|
103
|
-
|
104
|
-
cert = Puppet::SSL::CertificateFactory.build('server', csr, raw_csr, 14)
|
105
|
-
certificate = @class.from_s(cert.to_pem)
|
107
|
+
certificate = build_cert(:dns_alt_names => 'foo, bar,baz')
|
106
108
|
certificate.subject_alt_names.
|
107
109
|
should =~ ['DNS:foo', 'DNS:bar', 'DNS:baz', 'DNS:quux']
|
108
110
|
end
|
109
111
|
|
110
112
|
it "should return an empty list of names if the extension is absent" do
|
111
|
-
|
112
|
-
|
113
|
+
certificate = build_cert({})
|
114
|
+
certificate.subject_alt_names.should be_empty
|
115
|
+
end
|
116
|
+
end
|
113
117
|
|
114
|
-
|
115
|
-
|
118
|
+
describe "custom extensions" do
|
119
|
+
it "returns extensions under the ppRegCertExt" do
|
120
|
+
exts = {'pp_uuid' => 'abcdfd'}
|
121
|
+
cert = build_cert(:extension_requests => exts)
|
122
|
+
expect(cert.custom_extensions).to include('oid' => 'pp_uuid', 'value' => 'abcdfd')
|
123
|
+
end
|
116
124
|
|
117
|
-
|
125
|
+
it "returns extensions under the ppPrivCertExt" do
|
126
|
+
exts = {'1.3.6.1.4.1.34380.1.2.1' => 'x509 :('}
|
127
|
+
cert = build_cert(:extension_requests => exts)
|
128
|
+
expect(cert.custom_extensions).to include('oid' => '1.3.6.1.4.1.34380.1.2.1', 'value' => 'x509 :(')
|
129
|
+
end
|
118
130
|
|
119
|
-
|
120
|
-
|
121
|
-
|
131
|
+
it "doesn't return standard extensions" do
|
132
|
+
cert = build_cert(:dns_alt_names => 'foo')
|
133
|
+
expect(cert.custom_extensions).to be_empty
|
122
134
|
end
|
135
|
+
|
123
136
|
end
|
124
137
|
|
125
138
|
it "should return a nil expiration if there is no actual certificate" do
|
data/spec/unit/ssl/host_spec.rb
CHANGED
@@ -9,9 +9,24 @@ def base_pson_comparison(result, pson_hash)
|
|
9
9
|
result["state"].should == pson_hash["desired_state"]
|
10
10
|
end
|
11
11
|
|
12
|
+
# the json-schema gem doesn't support windows
|
13
|
+
if not Puppet.features.microsoft_windows?
|
14
|
+
HOST_SCHEMA = JSON.parse(File.read(File.join(File.dirname(__FILE__), '../../../api/schemas/host.json')))
|
15
|
+
|
16
|
+
describe "host schema" do
|
17
|
+
it "should validate against the json meta-schema" do
|
18
|
+
JSON::Validator.validate!(JSON_META_SCHEMA, HOST_SCHEMA)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
12
23
|
describe Puppet::SSL::Host do
|
13
24
|
include PuppetSpec::Files
|
14
25
|
|
26
|
+
def validate_json_for_host(host)
|
27
|
+
JSON::Validator.validate!(HOST_SCHEMA, host.to_pson)
|
28
|
+
end
|
29
|
+
|
15
30
|
before do
|
16
31
|
Puppet::SSL::Host.indirection.terminus_class = :file
|
17
32
|
|
@@ -823,7 +838,7 @@ describe Puppet::SSL::Host do
|
|
823
838
|
let(:host) do
|
824
839
|
Puppet::SSL::Host.new("bazinga")
|
825
840
|
end
|
826
|
-
|
841
|
+
|
827
842
|
let(:pson_hash) do
|
828
843
|
{
|
829
844
|
"fingerprint" => host.certificate_request.fingerprint,
|
@@ -831,15 +846,20 @@ describe Puppet::SSL::Host do
|
|
831
846
|
"name" => host.name
|
832
847
|
}
|
833
848
|
end
|
834
|
-
|
849
|
+
|
835
850
|
it "should be able to identify a host with an unsigned certificate request" do
|
836
851
|
host.generate_certificate_request
|
837
852
|
|
838
853
|
result = PSON.parse(Puppet::SSL::Host.new(host.name).to_pson)
|
839
|
-
|
854
|
+
|
840
855
|
base_pson_comparison result, pson_hash
|
841
856
|
end
|
842
|
-
|
857
|
+
|
858
|
+
it "should validate against the schema", :unless => Puppet.features.microsoft_windows? do
|
859
|
+
host.generate_certificate_request
|
860
|
+
validate_json_for_host(host)
|
861
|
+
end
|
862
|
+
|
843
863
|
describe "explicit fingerprints" do
|
844
864
|
[:SHA1, :SHA256, :SHA512].each do |md|
|
845
865
|
it "should include #{md}" do
|
@@ -854,7 +874,7 @@ describe Puppet::SSL::Host do
|
|
854
874
|
end
|
855
875
|
end
|
856
876
|
end
|
857
|
-
|
877
|
+
|
858
878
|
describe "dns_alt_names" do
|
859
879
|
describe "when not specified" do
|
860
880
|
it "should include the dns_alt_names associated with the certificate" do
|
@@ -867,22 +887,28 @@ describe Puppet::SSL::Host do
|
|
867
887
|
end
|
868
888
|
end
|
869
889
|
|
870
|
-
[ "",
|
890
|
+
[ "",
|
871
891
|
"test, alt, names"
|
872
892
|
].each do |alt_names|
|
873
893
|
describe "when #{alt_names}" do
|
874
|
-
|
894
|
+
before(:each) do
|
875
895
|
host.generate_certificate_request :dns_alt_names => alt_names
|
896
|
+
end
|
897
|
+
|
898
|
+
it "should include the dns_alt_names associated with the certificate" do
|
876
899
|
pson_hash["desired_alt_names"] = host.certificate_request.subject_alt_names
|
877
900
|
|
878
901
|
result = PSON.parse(Puppet::SSL::Host.new(host.name).to_pson)
|
879
902
|
base_pson_comparison result, pson_hash
|
880
903
|
result["dns_alt_names"].should == pson_hash["desired_alt_names"]
|
881
904
|
end
|
905
|
+
|
906
|
+
it "should validate against the schema", :unless => Puppet.features.microsoft_windows? do
|
907
|
+
validate_json_for_host(host)
|
908
|
+
end
|
882
909
|
end
|
883
910
|
end
|
884
911
|
end
|
885
|
-
|
886
912
|
|
887
913
|
it "should be able to identify a host with a signed certificate" do
|
888
914
|
host.generate_certificate_request
|
@@ -20,7 +20,7 @@ describe Puppet::SSL::Inventory, :unless => Puppet.features.microsoft_windows? d
|
|
20
20
|
before do
|
21
21
|
Puppet[:cert_inventory] = cert_inventory
|
22
22
|
|
23
|
-
|
23
|
+
Puppet::FileSystem::File.stubs(:exist?).with(cert_inventory).returns true
|
24
24
|
|
25
25
|
@inventory = @class.new
|
26
26
|
|
@@ -28,86 +28,51 @@ describe Puppet::SSL::Inventory, :unless => Puppet.features.microsoft_windows? d
|
|
28
28
|
end
|
29
29
|
|
30
30
|
describe "and creating the inventory file" do
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
Puppet::SSL::Certificate.
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
@inventory.rebuild
|
48
|
-
end
|
49
|
-
|
50
|
-
it "should add a header to the file" do
|
51
|
-
fh = mock 'filehandle'
|
52
|
-
Puppet.settings.stubs(:write).yields fh
|
53
|
-
fh.expects(:print).with { |str| str =~ /^#/ }
|
54
|
-
|
55
|
-
@inventory.rebuild
|
56
|
-
end
|
57
|
-
|
58
|
-
it "should add formatted information on all existing certificates" do
|
59
|
-
cert1 = mock 'cert1'
|
60
|
-
cert2 = mock 'cert2'
|
61
|
-
|
31
|
+
it "re-adds all of the existing certificates" do
|
32
|
+
inventory_file = StringIO.new
|
33
|
+
Puppet.settings.setting(:cert_inventory).stubs(:open).yields(inventory_file)
|
34
|
+
|
35
|
+
cert1 = Puppet::SSL::Certificate.new("cert1")
|
36
|
+
cert1.content = stub 'cert1',
|
37
|
+
:serial => 2,
|
38
|
+
:not_before => Time.now,
|
39
|
+
:not_after => Time.now,
|
40
|
+
:subject => "/CN=smocking"
|
41
|
+
cert2 = Puppet::SSL::Certificate.new("cert2")
|
42
|
+
cert2.content = stub 'cert2',
|
43
|
+
:serial => 3,
|
44
|
+
:not_before => Time.now,
|
45
|
+
:not_after => Time.now,
|
46
|
+
:subject => "/CN=mocking bird"
|
62
47
|
Puppet::SSL::Certificate.indirection.expects(:search).with("*").returns [cert1, cert2]
|
63
48
|
|
64
|
-
@class.any_instance.expects(:add).with(cert1)
|
65
|
-
@class.any_instance.expects(:add).with(cert2)
|
66
|
-
|
67
49
|
@inventory.rebuild
|
50
|
+
|
51
|
+
expect(inventory_file.string).to match(/\/CN=smocking/)
|
52
|
+
expect(inventory_file.string).to match(/\/CN=mocking bird/)
|
68
53
|
end
|
69
54
|
end
|
70
55
|
|
71
56
|
describe "and adding a certificate" do
|
72
|
-
it "should build the inventory file if one does not exist" do
|
73
|
-
Puppet[:cert_inventory] = cert_inventory
|
74
|
-
Puppet.settings.stubs(:write)
|
75
|
-
|
76
|
-
FileTest.expects(:exist?).with(cert_inventory).returns false
|
77
|
-
|
78
|
-
@inventory.expects(:rebuild)
|
79
|
-
|
80
|
-
@inventory.add(@cert)
|
81
|
-
end
|
82
57
|
|
83
58
|
it "should use the Settings to write to the file" do
|
84
|
-
Puppet.settings.expects(:
|
59
|
+
Puppet.settings.setting(:cert_inventory).expects(:open).with("a")
|
85
60
|
|
86
61
|
@inventory.add(@cert)
|
87
62
|
end
|
88
63
|
|
89
|
-
it "should
|
64
|
+
it "should add formatted certificate information to the end of the file" do
|
90
65
|
cert = Puppet::SSL::Certificate.new("mycert")
|
91
66
|
cert.content = @cert
|
92
67
|
|
93
|
-
fh =
|
94
|
-
Puppet.settings.
|
95
|
-
|
96
|
-
@inventory.expects(:format).with(@cert)
|
97
|
-
|
98
|
-
@inventory.add(@cert)
|
99
|
-
end
|
100
|
-
|
101
|
-
it "should add formatted certificate information to the end of the file" do
|
102
|
-
fh = mock 'filehandle'
|
103
|
-
|
104
|
-
Puppet.settings.stubs(:write).yields fh
|
68
|
+
fh = StringIO.new
|
69
|
+
Puppet.settings.setting(:cert_inventory).expects(:open).with("a").yields(fh)
|
105
70
|
|
106
71
|
@inventory.expects(:format).with(@cert).returns "myformat"
|
107
72
|
|
108
|
-
fh.expects(:print).with("myformat")
|
109
|
-
|
110
73
|
@inventory.add(@cert)
|
74
|
+
|
75
|
+
expect(fh.string).to eq("myformat")
|
111
76
|
end
|
112
77
|
end
|
113
78
|
|
@@ -152,7 +117,7 @@ describe Puppet::SSL::Inventory, :unless => Puppet.features.microsoft_windows? d
|
|
152
117
|
|
153
118
|
describe "and finding a serial number" do
|
154
119
|
it "should return nil if the inventory file is missing" do
|
155
|
-
|
120
|
+
Puppet::FileSystem::File.expects(:exist?).with(cert_inventory).returns false
|
156
121
|
@inventory.serial(:whatever).should be_nil
|
157
122
|
end
|
158
123
|
|