puppet 5.5.12-x64-mingw32 → 5.5.13-x64-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +0 -5
- data/Gemfile.lock +11 -11
- data/lib/puppet/application/filebucket.rb +4 -0
- data/lib/puppet/configurer.rb +9 -3
- data/lib/puppet/indirector/request.rb +26 -15
- data/lib/puppet/indirector/rest.rb +16 -7
- data/lib/puppet/network/http/connection.rb +15 -7
- data/lib/puppet/transaction/event_manager.rb +1 -5
- data/lib/puppet/type/file/source.rb +0 -1
- data/lib/puppet/util/http_proxy.rb +3 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +108 -36
- data/man/man5/puppet.conf.5 +2 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-ca.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-cert.8 +1 -1
- data/man/man8/puppet-certificate.8 +1 -1
- data/man/man8/puppet-certificate_request.8 +1 -1
- data/man/man8/puppet-certificate_revocation_list.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-master.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/agent/logging_spec.rb +5 -7
- data/spec/integration/application/apply_spec.rb +28 -26
- data/spec/integration/application/doc_spec.rb +1 -2
- data/spec/integration/application/lookup_spec.rb +5 -5
- data/spec/integration/configurer_spec.rb +5 -6
- data/spec/integration/defaults_spec.rb +5 -6
- data/spec/integration/directory_environments_spec.rb +1 -1
- data/spec/integration/faces/ca_spec.rb +2 -3
- data/spec/integration/faces/config_spec.rb +3 -4
- data/spec/integration/faces/documentation_spec.rb +0 -1
- data/spec/integration/faces/plugin_spec.rb +1 -1
- data/spec/integration/file_bucket/file_spec.rb +3 -5
- data/spec/integration/file_serving/content_spec.rb +0 -1
- data/spec/integration/file_serving/fileset_spec.rb +0 -1
- data/spec/integration/file_serving/metadata_spec.rb +0 -1
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -1
- data/spec/integration/indirector/catalog/compiler_spec.rb +10 -11
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +5 -5
- data/spec/integration/indirector/file_content/file_server_spec.rb +7 -8
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +7 -8
- data/spec/integration/indirector/node/ldap_spec.rb +2 -3
- data/spec/integration/network/authconfig_spec.rb +23 -24
- data/spec/integration/network/formats_spec.rb +0 -1
- data/spec/integration/network/http/api/indirected_routes_spec.rb +0 -1
- data/spec/integration/node/environment_spec.rb +0 -1
- data/spec/integration/node/facts_spec.rb +9 -10
- data/spec/integration/node_spec.rb +6 -7
- data/spec/integration/parser/catalog_spec.rb +4 -2
- data/spec/integration/parser/collection_spec.rb +1 -2
- data/spec/integration/parser/compiler_spec.rb +6 -6
- data/spec/integration/parser/scope_spec.rb +1 -1
- data/spec/integration/parser/undef_param_spec.rb +1 -1
- data/spec/integration/provider/cron/crontab_spec.rb +8 -10
- data/spec/integration/provider/mailalias/aliases_spec.rb +0 -1
- data/spec/integration/provider/mount_spec.rb +9 -9
- data/spec/integration/provider/service/init_spec.rb +4 -5
- data/spec/integration/provider/service/systemd_spec.rb +0 -2
- data/spec/integration/provider/service/windows_spec.rb +1 -2
- data/spec/integration/provider/ssh_authorized_key_spec.rb +6 -8
- data/spec/integration/provider/sshkey_spec.rb +6 -12
- data/spec/integration/provider/yumrepo_spec.rb +8 -12
- data/spec/integration/reference/providers_spec.rb +0 -1
- data/spec/integration/reports_spec.rb +1 -2
- data/spec/integration/resource/catalog_spec.rb +14 -17
- data/spec/integration/resource/type_collection_spec.rb +4 -5
- data/spec/integration/ssl/certificate_authority_spec.rb +0 -1
- data/spec/integration/ssl/certificate_request_spec.rb +0 -1
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +0 -1
- data/spec/integration/ssl/host_spec.rb +0 -1
- data/spec/integration/ssl/key_spec.rb +0 -1
- data/spec/integration/test/test_helper_spec.rb +1 -2
- data/spec/integration/transaction/report_spec.rb +6 -11
- data/spec/integration/transaction_spec.rb +18 -19
- data/spec/integration/type/exec_spec.rb +0 -1
- data/spec/integration/type/file_spec.rb +13 -14
- data/spec/integration/type/nagios_spec.rb +3 -5
- data/spec/integration/type/package_spec.rb +19 -23
- data/spec/integration/type/tidy_spec.rb +1 -2
- data/spec/integration/type/user_spec.rb +0 -1
- data/spec/integration/type_spec.rb +0 -1
- data/spec/integration/util/autoload_spec.rb +1 -2
- data/spec/integration/util/rdoc/parser_spec.rb +0 -1
- data/spec/integration/util/settings_spec.rb +0 -1
- data/spec/integration/util/windows/adsi_spec.rb +3 -5
- data/spec/integration/util/windows/principal_spec.rb +0 -1
- data/spec/integration/util/windows/process_spec.rb +4 -6
- data/spec/integration/util/windows/registry_spec.rb +41 -51
- data/spec/integration/util/windows/security_spec.rb +2 -4
- data/spec/integration/util/windows/user_spec.rb +18 -20
- data/spec/integration/util_spec.rb +4 -7
- data/spec/lib/puppet_spec/compiler.rb +1 -1
- data/spec/lib/puppet_spec/files.rb +0 -1
- data/spec/lib/puppet_spec/module_tool/shared_functions.rb +1 -1
- data/spec/lib/puppet_spec/scope.rb +1 -2
- data/spec/shared_behaviours/all_parsedfile_providers.rb +1 -1
- data/spec/shared_behaviours/file_server_terminus.rb +8 -9
- data/spec/shared_behaviours/file_serving.rb +6 -8
- data/spec/shared_behaviours/file_serving_model.rb +4 -6
- data/spec/shared_behaviours/hiera_indirections.rb +3 -4
- data/spec/shared_behaviours/iterative_functions.rb +0 -1
- data/spec/shared_behaviours/memory_terminus.rb +2 -2
- data/spec/shared_examples/rhel_package_provider.rb +112 -70
- data/spec/spec_helper.rb +11 -2
- data/spec/unit/agent/disabler_spec.rb +4 -5
- data/spec/unit/agent/locker_spec.rb +12 -13
- data/spec/unit/agent_spec.rb +80 -85
- data/spec/unit/application/agent_spec.rb +88 -93
- data/spec/unit/application/apply_spec.rb +78 -79
- data/spec/unit/application/cert_spec.rb +42 -49
- data/spec/unit/application/certificate_spec.rb +2 -3
- data/spec/unit/application/config_spec.rb +0 -1
- data/spec/unit/application/describe_spec.rb +6 -7
- data/spec/unit/application/device_spec.rb +175 -184
- data/spec/unit/application/doc_spec.rb +44 -46
- data/spec/unit/application/face_base_spec.rb +61 -62
- data/spec/unit/application/facts_spec.rb +3 -4
- data/spec/unit/application/filebucket_spec.rb +66 -74
- data/spec/unit/application/indirection_base_spec.rb +8 -6
- data/spec/unit/application/lookup_spec.rb +26 -26
- data/spec/unit/application/master_spec.rb +95 -95
- data/spec/unit/application/resource_spec.rb +42 -48
- data/spec/unit/application_spec.rb +74 -84
- data/spec/unit/capability_spec.rb +9 -6
- data/spec/unit/configurer/downloader_spec.rb +20 -21
- data/spec/unit/configurer/fact_handler_spec.rb +2 -3
- data/spec/unit/configurer/plugin_handler_spec.rb +41 -8
- data/spec/unit/configurer_spec.rb +190 -193
- data/spec/unit/confine/exists_spec.rb +17 -15
- data/spec/unit/confine/false_spec.rb +5 -6
- data/spec/unit/confine/feature_spec.rb +7 -5
- data/spec/unit/confine/true_spec.rb +5 -6
- data/spec/unit/confine/variable_spec.rb +14 -15
- data/spec/unit/confine_collection_spec.rb +28 -29
- data/spec/unit/confine_spec.rb +13 -14
- data/spec/unit/confiner_spec.rb +10 -11
- data/spec/unit/context/trusted_information_spec.rb +1 -1
- data/spec/unit/daemon_spec.rb +34 -35
- data/spec/unit/data_providers/function_data_provider_spec.rb +0 -1
- data/spec/unit/data_providers/hiera_data_provider_spec.rb +0 -1
- data/spec/unit/datatypes_spec.rb +3 -4
- data/spec/unit/defaults_spec.rb +17 -12
- data/spec/unit/environments_spec.rb +7 -7
- data/spec/unit/etc_spec.rb +30 -32
- data/spec/unit/external/pson_spec.rb +0 -1
- data/spec/unit/face/ca_spec.rb +0 -1
- data/spec/unit/face/catalog_spec.rb +0 -1
- data/spec/unit/face/certificate_request_spec.rb +0 -1
- data/spec/unit/face/certificate_revocation_list_spec.rb +0 -1
- data/spec/unit/face/certificate_spec.rb +7 -10
- data/spec/unit/face/config_spec.rb +31 -35
- data/spec/unit/face/epp_face_spec.rb +3 -4
- data/spec/unit/face/facts_spec.rb +5 -6
- data/spec/unit/face/generate_spec.rb +4 -5
- data/spec/unit/face/help_spec.rb +7 -8
- data/spec/unit/face/key_spec.rb +0 -1
- data/spec/unit/face/man_spec.rb +1 -2
- data/spec/unit/face/module/build_spec.rb +17 -17
- data/spec/unit/face/module/install_spec.rb +3 -5
- data/spec/unit/face/module/list_spec.rb +2 -12
- data/spec/unit/face/module/search_spec.rb +11 -9
- data/spec/unit/face/module/uninstall_spec.rb +4 -8
- data/spec/unit/face/node_spec.rb +33 -34
- data/spec/unit/face/parser_spec.rb +3 -3
- data/spec/unit/face/plugin_spec.rb +36 -9
- data/spec/unit/face/status_spec.rb +0 -1
- data/spec/unit/file_bucket/dipper_spec.rb +24 -20
- data/spec/unit/file_bucket/file_spec.rb +0 -2
- data/spec/unit/file_serving/base_spec.rb +16 -17
- data/spec/unit/file_serving/configuration/parser_spec.rb +27 -28
- data/spec/unit/file_serving/configuration_spec.rb +63 -66
- data/spec/unit/file_serving/content_spec.rb +10 -11
- data/spec/unit/file_serving/fileset_spec.rb +63 -58
- data/spec/unit/file_serving/http_metadata_spec.rb +8 -7
- data/spec/unit/file_serving/metadata_spec.rb +36 -36
- data/spec/unit/file_serving/mount/file_spec.rb +31 -32
- data/spec/unit/file_serving/mount/locales_spec.rb +23 -24
- data/spec/unit/file_serving/mount/modules_spec.rb +14 -15
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +23 -24
- data/spec/unit/file_serving/mount/plugins_spec.rb +23 -24
- data/spec/unit/file_serving/mount/tasks_spec.rb +14 -15
- data/spec/unit/file_serving/mount_spec.rb +0 -1
- data/spec/unit/file_serving/terminus_helper_spec.rb +37 -42
- data/spec/unit/file_serving/terminus_selector_spec.rb +12 -13
- data/spec/unit/file_system/uniquefile_spec.rb +4 -4
- data/spec/unit/file_system_spec.rb +2 -2
- data/spec/unit/forge/errors_spec.rb +1 -1
- data/spec/unit/forge/forge_spec.rb +13 -14
- data/spec/unit/forge/module_release_spec.rb +18 -18
- data/spec/unit/forge/repository_spec.rb +29 -30
- data/spec/unit/forge_spec.rb +15 -11
- data/spec/unit/functions/binary_file_spec.rb +3 -3
- data/spec/unit/functions/contain_spec.rb +0 -2
- data/spec/unit/functions/defined_spec.rb +0 -1
- data/spec/unit/functions/epp_spec.rb +2 -2
- data/spec/unit/functions/find_file_spec.rb +7 -7
- data/spec/unit/functions/include_spec.rb +0 -4
- data/spec/unit/functions/lookup_fixture_spec.rb +0 -1
- data/spec/unit/functions/lookup_spec.rb +1 -2
- data/spec/unit/functions/module_directory_spec.rb +12 -12
- data/spec/unit/functions/require_spec.rb +0 -3
- data/spec/unit/functions/shared.rb +5 -8
- data/spec/unit/functions/versioncmp_spec.rb +1 -2
- data/spec/unit/functions4_spec.rb +7 -8
- data/spec/unit/gettext/config_spec.rb +4 -4
- data/spec/unit/gettext/module_loading_spec.rb +7 -7
- data/spec/unit/graph/rb_tree_map_spec.rb +0 -2
- data/spec/unit/graph/relationship_graph_spec.rb +1 -2
- data/spec/unit/graph/simple_graph_spec.rb +8 -9
- data/spec/unit/hiera_puppet_spec.rb +20 -20
- data/spec/unit/indirector/catalog/compiler_spec.rb +147 -149
- data/spec/unit/indirector/catalog/json_spec.rb +1 -2
- data/spec/unit/indirector/catalog/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +0 -1
- data/spec/unit/indirector/catalog/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/catalog/yaml_spec.rb +0 -1
- data/spec/unit/indirector/certificate/ca_spec.rb +2 -4
- data/spec/unit/indirector/certificate/disabled_ca_spec.rb +1 -2
- data/spec/unit/indirector/certificate/file_spec.rb +2 -3
- data/spec/unit/indirector/certificate/rest_spec.rb +8 -10
- data/spec/unit/indirector/certificate_request/ca_spec.rb +0 -1
- data/spec/unit/indirector/certificate_request/disabled_ca_spec.rb +1 -2
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -1
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -1
- data/spec/unit/indirector/certificate_revocation_list/ca_spec.rb +1 -2
- data/spec/unit/indirector/certificate_revocation_list/disabled_ca_spec.rb +1 -2
- data/spec/unit/indirector/certificate_revocation_list/file_spec.rb +1 -2
- data/spec/unit/indirector/certificate_revocation_list/rest_spec.rb +2 -3
- data/spec/unit/indirector/certificate_status/file_spec.rb +2 -3
- data/spec/unit/indirector/certificate_status/rest_spec.rb +0 -1
- data/spec/unit/indirector/code_spec.rb +5 -6
- data/spec/unit/indirector/direct_file_server_spec.rb +33 -27
- data/spec/unit/indirector/envelope_spec.rb +1 -2
- data/spec/unit/indirector/exec_spec.rb +15 -14
- data/spec/unit/indirector/face_spec.rb +9 -9
- data/spec/unit/indirector/facts/facter_spec.rb +37 -43
- data/spec/unit/indirector/facts/network_device_spec.rb +8 -9
- data/spec/unit/indirector/facts/rest_spec.rb +7 -8
- data/spec/unit/indirector/facts/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/facts/yaml_spec.rb +2 -4
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +3 -4
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +4 -5
- data/spec/unit/indirector/file_content/file_server_spec.rb +0 -1
- data/spec/unit/indirector/file_content/file_spec.rb +0 -1
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_content/selector_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/file_server_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/file_spec.rb +12 -13
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/selector_spec.rb +0 -1
- data/spec/unit/indirector/file_server_spec.rb +99 -93
- data/spec/unit/indirector/indirection_spec.rb +242 -226
- data/spec/unit/indirector/json_spec.rb +7 -9
- data/spec/unit/indirector/key/ca_spec.rb +2 -3
- data/spec/unit/indirector/key/disabled_ca_spec.rb +1 -2
- data/spec/unit/indirector/key/file_spec.rb +25 -26
- data/spec/unit/indirector/ldap_spec.rb +34 -41
- data/spec/unit/indirector/memory_spec.rb +6 -7
- data/spec/unit/indirector/msgpack_spec.rb +7 -9
- data/spec/unit/indirector/node/exec_spec.rb +6 -6
- data/spec/unit/indirector/node/ldap_spec.rb +74 -76
- data/spec/unit/indirector/node/memory_spec.rb +2 -4
- data/spec/unit/indirector/node/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/node/plain_spec.rb +2 -4
- data/spec/unit/indirector/node/rest_spec.rb +0 -1
- data/spec/unit/indirector/node/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/node/write_only_yaml_spec.rb +1 -2
- data/spec/unit/indirector/node/yaml_spec.rb +0 -1
- data/spec/unit/indirector/none_spec.rb +5 -5
- data/spec/unit/indirector/plain_spec.rb +7 -8
- data/spec/unit/indirector/report/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/report/processor_spec.rb +21 -22
- data/spec/unit/indirector/report/rest_spec.rb +11 -12
- data/spec/unit/indirector/report/yaml_spec.rb +0 -1
- data/spec/unit/indirector/request_spec.rb +11 -12
- data/spec/unit/indirector/resource/ral_spec.rb +47 -54
- data/spec/unit/indirector/resource/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/rest_spec.rb +113 -110
- data/spec/unit/indirector/ssl_file_spec.rb +74 -77
- data/spec/unit/indirector/status/local_spec.rb +0 -1
- data/spec/unit/indirector/status/rest_spec.rb +0 -1
- data/spec/unit/indirector/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/terminus_spec.rb +31 -29
- data/spec/unit/indirector/yaml_spec.rb +33 -32
- data/spec/unit/indirector_spec.rb +1 -2
- data/spec/unit/info_service_spec.rb +3 -1
- data/spec/unit/interface/action_builder_spec.rb +0 -1
- data/spec/unit/interface/action_manager_spec.rb +0 -1
- data/spec/unit/interface/action_spec.rb +2 -3
- data/spec/unit/interface/documentation_spec.rb +0 -1
- data/spec/unit/interface/face_collection_spec.rb +19 -12
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/man_spec.rb +3 -4
- data/spec/unit/module_spec.rb +46 -51
- data/spec/unit/module_tool/applications/builder_spec.rb +5 -5
- data/spec/unit/module_tool/applications/installer_spec.rb +10 -11
- data/spec/unit/module_tool/applications/searcher_spec.rb +3 -3
- data/spec/unit/module_tool/applications/uninstaller_spec.rb +1 -2
- data/spec/unit/module_tool/applications/unpacker_spec.rb +13 -13
- data/spec/unit/module_tool/applications/upgrader_spec.rb +5 -5
- data/spec/unit/module_tool/install_directory_spec.rb +8 -8
- data/spec/unit/module_tool/installed_modules_spec.rb +3 -3
- data/spec/unit/module_tool/tar/gnu_spec.rb +6 -6
- data/spec/unit/module_tool/tar/mini_spec.rb +12 -12
- data/spec/unit/module_tool/tar_spec.rb +12 -13
- data/spec/unit/module_tool_spec.rb +7 -12
- data/spec/unit/network/auth_config_parser_spec.rb +11 -13
- data/spec/unit/network/authconfig_spec.rb +17 -18
- data/spec/unit/network/authorization_spec.rb +4 -5
- data/spec/unit/network/authstore_spec.rb +0 -1
- data/spec/unit/network/format_handler_spec.rb +0 -1
- data/spec/unit/network/format_spec.rb +9 -10
- data/spec/unit/network/format_support_spec.rb +28 -29
- data/spec/unit/network/formats_spec.rb +4 -5
- data/spec/unit/network/http/api/ca/v1_spec.rb +1 -1
- data/spec/unit/network/http/api/indirected_routes_spec.rb +22 -29
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +2 -2
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +1 -1
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +6 -7
- data/spec/unit/network/http/api_spec.rb +1 -3
- data/spec/unit/network/http/compression_spec.rb +21 -22
- data/spec/unit/network/http/connection_spec.rb +39 -36
- data/spec/unit/network/http/factory_spec.rb +5 -6
- data/spec/unit/network/http/handler_spec.rb +9 -18
- data/spec/unit/network/http/nocache_pool_spec.rb +6 -7
- data/spec/unit/network/http/pool_spec.rb +28 -29
- data/spec/unit/network/http/rack/rest_spec.rb +24 -27
- data/spec/unit/network/http/rack_spec.rb +5 -6
- data/spec/unit/network/http/request_spec.rb +0 -2
- data/spec/unit/network/http/response_spec.rb +11 -13
- data/spec/unit/network/http/route_spec.rb +0 -1
- data/spec/unit/network/http/session_spec.rb +1 -2
- data/spec/unit/network/http/site_spec.rb +0 -1
- data/spec/unit/network/http/webrick/rest_spec.rb +40 -41
- data/spec/unit/network/http/webrick_spec.rb +49 -52
- data/spec/unit/network/http_pool_spec.rb +18 -9
- data/spec/unit/network/http_spec.rb +0 -1
- data/spec/unit/network/resolver_spec.rb +16 -17
- data/spec/unit/network/rights_spec.rb +52 -53
- data/spec/unit/network/server_spec.rb +12 -13
- data/spec/unit/node/environment_spec.rb +16 -14
- data/spec/unit/node/facts_spec.rb +5 -7
- data/spec/unit/node_spec.rb +4 -10
- data/spec/unit/other/selinux_spec.rb +2 -3
- data/spec/unit/parameter/boolean_spec.rb +1 -2
- data/spec/unit/parameter/package_options_spec.rb +1 -2
- data/spec/unit/parameter/path_spec.rb +0 -1
- data/spec/unit/parameter/value_collection_spec.rb +0 -1
- data/spec/unit/parameter/value_spec.rb +0 -1
- data/spec/unit/parameter_spec.rb +9 -9
- data/spec/unit/parser/ast/block_expression_spec.rb +6 -8
- data/spec/unit/parser/ast/leaf_spec.rb +20 -21
- data/spec/unit/parser/compiler_spec.rb +84 -96
- data/spec/unit/parser/environment_compiler_spec.rb +11 -9
- data/spec/unit/parser/files_spec.rb +0 -1
- data/spec/unit/parser/functions/create_resources_spec.rb +1 -1
- data/spec/unit/parser/functions/digest_spec.rb +0 -1
- data/spec/unit/parser/functions/fail_spec.rb +1 -2
- data/spec/unit/parser/functions/file_spec.rb +13 -14
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +5 -6
- data/spec/unit/parser/functions/generate_spec.rb +7 -8
- data/spec/unit/parser/functions/inline_template_spec.rb +0 -1
- data/spec/unit/parser/functions/regsubst_spec.rb +0 -1
- data/spec/unit/parser/functions/scanf_spec.rb +0 -1
- data/spec/unit/parser/functions/shellquote_spec.rb +0 -1
- data/spec/unit/parser/functions/split_spec.rb +0 -1
- data/spec/unit/parser/functions/sprintf_spec.rb +0 -1
- data/spec/unit/parser/functions/tag_spec.rb +1 -2
- data/spec/unit/parser/functions/tagged_spec.rb +2 -3
- data/spec/unit/parser/functions/template_spec.rb +13 -13
- data/spec/unit/parser/functions/versioncmp_spec.rb +1 -2
- data/spec/unit/parser/functions_spec.rb +3 -4
- data/spec/unit/parser/relationship_spec.rb +0 -1
- data/spec/unit/parser/resource_spec.rb +42 -42
- data/spec/unit/parser/scope_spec.rb +39 -35
- data/spec/unit/parser/templatewrapper_spec.rb +11 -12
- data/spec/unit/parser/type_loader_spec.rb +17 -19
- data/spec/unit/pops/adaptable_spec.rb +0 -1
- data/spec/unit/pops/benchmark_spec.rb +0 -1
- data/spec/unit/pops/evaluator/access_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/arithmetic_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/evaluator/collections_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/comparison_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/conditionals_spec.rb +0 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +6 -6
- data/spec/unit/pops/evaluator/logical_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/runtime3_converter_spec.rb +0 -1
- data/spec/unit/pops/evaluator/string_interpolation_spec.rb +0 -1
- data/spec/unit/pops/evaluator/variables_spec.rb +0 -1
- data/spec/unit/pops/factory_spec.rb +3 -4
- data/spec/unit/pops/issues_spec.rb +19 -20
- data/spec/unit/pops/loaders/loader_spec.rb +8 -4
- data/spec/unit/pops/loaders/loaders_spec.rb +30 -27
- data/spec/unit/pops/lookup/context_spec.rb +0 -1
- data/spec/unit/pops/lookup/interpolation_spec.rb +2 -3
- data/spec/unit/pops/merge_strategy_spec.rb +0 -1
- data/spec/unit/pops/migration_spec.rb +3 -5
- data/spec/unit/pops/model/model_spec.rb +0 -1
- data/spec/unit/pops/model/pn_transformer_spec.rb +0 -1
- data/spec/unit/pops/parser/locator_spec.rb +3 -6
- data/spec/unit/pops/parser/parse_application_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_calls_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_conditionals_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_containers_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_plan_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_resource_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_site_spec.rb +0 -1
- data/spec/unit/pops/parser/pn_parser_spec.rb +0 -1
- data/spec/unit/pops/pn_spec.rb +0 -1
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -1
- data/spec/unit/pops/serialization/serialization_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/recursion_guard_spec.rb +10 -10
- data/spec/unit/pops/types/ruby_generator_spec.rb +2 -2
- data/spec/unit/pops/types/type_asserter_spec.rb +2 -2
- data/spec/unit/pops/types/type_calculator_spec.rb +36 -36
- data/spec/unit/pops/types/type_parser_spec.rb +13 -13
- data/spec/unit/pops/validator/validator_spec.rb +1 -2
- data/spec/unit/pops/visitor_spec.rb +0 -1
- data/spec/unit/property/boolean_spec.rb +1 -1
- data/spec/unit/property/ensure_spec.rb +0 -1
- data/spec/unit/property/keyvalue_spec.rb +32 -34
- data/spec/unit/property/list_spec.rb +26 -27
- data/spec/unit/property/ordered_list_spec.rb +10 -14
- data/spec/unit/property_spec.rb +42 -43
- data/spec/unit/provider/aix_object_spec.rb +47 -45
- data/spec/unit/provider/augeas/augeas_spec.rb +192 -192
- data/spec/unit/provider/cisco_spec.rb +1 -2
- data/spec/unit/provider/command_spec.rb +9 -9
- data/spec/unit/provider/cron/crontab_spec.rb +10 -11
- data/spec/unit/provider/cron/parsed_spec.rb +22 -24
- data/spec/unit/provider/exec/posix_spec.rb +6 -7
- data/spec/unit/provider/exec/shell_spec.rb +0 -1
- data/spec/unit/provider/exec/windows_spec.rb +2 -4
- data/spec/unit/provider/exec_spec.rb +0 -1
- data/spec/unit/provider/file/posix_spec.rb +22 -24
- data/spec/unit/provider/file/windows_spec.rb +15 -17
- data/spec/unit/provider/group/aix_spec.rb +3 -2
- data/spec/unit/provider/group/groupadd_spec.rb +30 -26
- data/spec/unit/provider/group/ldap_spec.rb +18 -18
- data/spec/unit/provider/group/pw_spec.rb +11 -11
- data/spec/unit/provider/group/windows_adsi_spec.rb +54 -54
- data/spec/unit/provider/host/parsed_spec.rb +6 -6
- data/spec/unit/provider/interface/cisco_spec.rb +20 -24
- data/spec/unit/provider/ldap_spec.rb +61 -62
- data/spec/unit/provider/macauthorization_spec.rb +26 -47
- data/spec/unit/provider/mcx/mcxcontent_spec.rb +45 -47
- data/spec/unit/provider/mount/parsed_spec.rb +18 -24
- data/spec/unit/provider/mount_spec.rb +57 -66
- data/spec/unit/provider/naginator_spec.rb +13 -14
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +35 -36
- data/spec/unit/provider/nameservice_spec.rb +38 -40
- data/spec/unit/provider/network_device_spec.rb +28 -28
- data/spec/unit/provider/package/aix_spec.rb +15 -15
- data/spec/unit/provider/package/appdmg_spec.rb +13 -13
- data/spec/unit/provider/package/apt_spec.rb +44 -27
- data/spec/unit/provider/package/aptitude_spec.rb +6 -7
- data/spec/unit/provider/package/aptrpm_spec.rb +7 -12
- data/spec/unit/provider/package/base_spec.rb +4 -4
- data/spec/unit/provider/package/dnf_spec.rb +14 -16
- data/spec/unit/provider/package/dpkg_spec.rb +52 -52
- data/spec/unit/provider/package/freebsd_spec.rb +11 -11
- data/spec/unit/provider/package/gem_spec.rb +51 -43
- data/spec/unit/provider/package/hpux_spec.rb +8 -8
- data/spec/unit/provider/package/macports_spec.rb +46 -42
- data/spec/unit/provider/package/nim_spec.rb +30 -39
- data/spec/unit/provider/package/openbsd_spec.rb +36 -39
- data/spec/unit/provider/package/opkg_spec.rb +23 -26
- data/spec/unit/provider/package/pacman_spec.rb +97 -118
- data/spec/unit/provider/package/pip_spec.rb +69 -71
- data/spec/unit/provider/package/pkg_spec.rb +109 -109
- data/spec/unit/provider/package/pkgdmg_spec.rb +65 -63
- data/spec/unit/provider/package/pkgin_spec.rb +10 -8
- data/spec/unit/provider/package/pkgng_spec.rb +17 -18
- data/spec/unit/provider/package/pkgutil_spec.rb +45 -49
- data/spec/unit/provider/package/portage_spec.rb +70 -74
- data/spec/unit/provider/package/puppet_gem_spec.rb +28 -8
- data/spec/unit/provider/package/rpm_spec.rb +53 -64
- data/spec/unit/provider/package/sun_spec.rb +16 -18
- data/spec/unit/provider/package/tdnf_spec.rb +2 -2
- data/spec/unit/provider/package/up2date_spec.rb +2 -4
- data/spec/unit/provider/package/urpmi_spec.rb +15 -17
- data/spec/unit/provider/package/windows/exe_package_spec.rb +12 -15
- data/spec/unit/provider/package/windows/msi_package_spec.rb +19 -22
- data/spec/unit/provider/package/windows/package_spec.rb +37 -42
- data/spec/unit/provider/package/windows_spec.rb +36 -32
- data/spec/unit/provider/package/yum_spec.rb +4 -4
- data/spec/unit/provider/package/zypper_spec.rb +87 -87
- data/spec/unit/provider/parsedfile_spec.rb +44 -45
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +120 -130
- data/spec/unit/provider/selboolean_spec.rb +9 -11
- data/spec/unit/provider/selmodule_spec.rb +20 -22
- data/spec/unit/provider/service/base_spec.rb +4 -5
- data/spec/unit/provider/service/bsd_spec.rb +27 -29
- data/spec/unit/provider/service/daemontools_spec.rb +35 -35
- data/spec/unit/provider/service/debian_spec.rb +37 -37
- data/spec/unit/provider/service/freebsd_spec.rb +18 -18
- data/spec/unit/provider/service/gentoo_spec.rb +50 -56
- data/spec/unit/provider/service/init_spec.rb +55 -55
- data/spec/unit/provider/service/launchd_spec.rb +138 -116
- data/spec/unit/provider/service/openbsd_spec.rb +50 -50
- data/spec/unit/provider/service/openrc_spec.rb +43 -46
- data/spec/unit/provider/service/openwrt_spec.rb +26 -32
- data/spec/unit/provider/service/rcng_spec.rb +14 -14
- data/spec/unit/provider/service/redhat_spec.rb +45 -43
- data/spec/unit/provider/service/runit_spec.rb +29 -27
- data/spec/unit/provider/service/smf_spec.rb +74 -66
- data/spec/unit/provider/service/src_spec.rb +46 -47
- data/spec/unit/provider/service/systemd_spec.rb +93 -98
- data/spec/unit/provider/service/upstart_spec.rb +74 -72
- data/spec/unit/provider/service/windows_spec.rb +33 -41
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +54 -68
- data/spec/unit/provider/sshkey/parsed_spec.rb +7 -8
- data/spec/unit/provider/user/aix_spec.rb +31 -31
- data/spec/unit/provider/user/directoryservice_spec.rb +109 -114
- data/spec/unit/provider/user/hpux_spec.rb +15 -15
- data/spec/unit/provider/user/ldap_spec.rb +57 -57
- data/spec/unit/provider/user/openbsd_spec.rb +10 -12
- data/spec/unit/provider/user/pw_spec.rb +37 -35
- data/spec/unit/provider/user/user_role_add_spec.rb +93 -93
- data/spec/unit/provider/user/useradd_spec.rb +93 -92
- data/spec/unit/provider/user/windows_adsi_spec.rb +59 -60
- data/spec/unit/provider/vlan/cisco_spec.rb +10 -12
- data/spec/unit/provider/yumrepo/inifile_spec.rb +75 -80
- data/spec/unit/provider/zfs/zfs_spec.rb +26 -21
- data/spec/unit/provider/zone/solaris_spec.rb +56 -42
- data/spec/unit/provider/zpool/zpool_spec.rb +19 -20
- data/spec/unit/provider_spec.rb +29 -29
- data/spec/unit/puppet_pal_2pec.rb +4 -5
- data/spec/unit/puppet_pal_spec.rb +0 -1
- data/spec/unit/puppet_spec.rb +7 -8
- data/spec/unit/relationship_spec.rb +0 -1
- data/spec/unit/reports/http_spec.rb +21 -23
- data/spec/unit/reports/store_spec.rb +3 -4
- data/spec/unit/reports_spec.rb +12 -14
- data/spec/unit/resource/capability_finder_spec.rb +18 -16
- data/spec/unit/resource/catalog_spec.rb +72 -68
- data/spec/unit/resource/status_spec.rb +6 -8
- data/spec/unit/resource/type_collection_spec.rb +17 -18
- data/spec/unit/resource/type_spec.rb +34 -35
- data/spec/unit/resource_spec.rb +36 -32
- data/spec/unit/scheduler/job_spec.rb +0 -1
- data/spec/unit/scheduler/scheduler_spec.rb +0 -1
- data/spec/unit/scheduler/splay_job_spec.rb +1 -2
- data/spec/unit/settings/array_setting_spec.rb +1 -1
- data/spec/unit/settings/autosign_setting_spec.rb +9 -9
- data/spec/unit/settings/certificate_revocation_setting_spec.rb +1 -1
- data/spec/unit/settings/config_file_spec.rb +0 -1
- data/spec/unit/settings/directory_setting_spec.rb +2 -7
- data/spec/unit/settings/duration_setting_spec.rb +1 -2
- data/spec/unit/settings/enum_setting_spec.rb +1 -1
- data/spec/unit/settings/environment_conf_spec.rb +4 -6
- data/spec/unit/settings/file_setting_spec.rb +44 -46
- data/spec/unit/settings/path_setting_spec.rb +1 -2
- data/spec/unit/settings/priority_setting_spec.rb +1 -2
- data/spec/unit/settings/string_setting_spec.rb +14 -15
- data/spec/unit/settings/terminus_setting_spec.rb +1 -2
- data/spec/unit/settings/value_translator_spec.rb +0 -1
- data/spec/unit/settings_spec.rb +226 -233
- data/spec/unit/ssl/base_spec.rb +14 -15
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +6 -7
- data/spec/unit/ssl/certificate_authority/interface_spec.rb +116 -113
- data/spec/unit/ssl/certificate_authority_spec.rb +258 -268
- data/spec/unit/ssl/certificate_factory_spec.rb +3 -5
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +2 -3
- data/spec/unit/ssl/certificate_request_spec.rb +66 -67
- data/spec/unit/ssl/certificate_revocation_list_spec.rb +3 -4
- data/spec/unit/ssl/certificate_spec.rb +23 -25
- data/spec/unit/ssl/configuration_spec.rb +1 -4
- data/spec/unit/ssl/digest_spec.rb +0 -1
- data/spec/unit/ssl/host_spec.rb +217 -188
- data/spec/unit/ssl/inventory_spec.rb +25 -21
- data/spec/unit/ssl/key_spec.rb +30 -31
- data/spec/unit/ssl/validator_spec.rb +40 -40
- data/spec/unit/task_spec.rb +6 -7
- data/spec/unit/transaction/additional_resource_generator_spec.rb +6 -5
- data/spec/unit/transaction/event_manager_spec.rb +88 -88
- data/spec/unit/transaction/event_spec.rb +16 -15
- data/spec/unit/transaction/persistence_spec.rb +16 -17
- data/spec/unit/transaction/report_spec.rb +11 -12
- data/spec/unit/transaction/resource_harness_spec.rb +28 -33
- data/spec/unit/transaction_spec.rb +98 -100
- data/spec/unit/type/augeas_spec.rb +11 -10
- data/spec/unit/type/component_spec.rb +0 -1
- data/spec/unit/type/computer_spec.rb +7 -10
- data/spec/unit/type/cron_spec.rb +3 -7
- data/spec/unit/type/exec_spec.rb +60 -56
- data/spec/unit/type/file/checksum_spec.rb +9 -10
- data/spec/unit/type/file/checksum_value_spec.rb +31 -32
- data/spec/unit/type/file/content_spec.rb +58 -61
- data/spec/unit/type/file/ctime_spec.rb +0 -1
- data/spec/unit/type/file/ensure_spec.rb +12 -13
- data/spec/unit/type/file/group_spec.rb +5 -7
- data/spec/unit/type/file/mode_spec.rb +4 -6
- data/spec/unit/type/file/mtime_spec.rb +0 -1
- data/spec/unit/type/file/owner_spec.rb +6 -8
- data/spec/unit/type/file/selinux_spec.rb +17 -19
- data/spec/unit/type/file/source_spec.rb +104 -101
- data/spec/unit/type/file/type_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +195 -185
- data/spec/unit/type/filebucket_spec.rb +4 -5
- data/spec/unit/type/group_spec.rb +6 -8
- data/spec/unit/type/host_spec.rb +2 -3
- data/spec/unit/type/interface_spec.rb +2 -3
- data/spec/unit/type/k5login_spec.rb +3 -4
- data/spec/unit/type/macauthorization_spec.rb +6 -8
- data/spec/unit/type/mailalias_spec.rb +2 -3
- data/spec/unit/type/maillist_spec.rb +6 -9
- data/spec/unit/type/mcx_spec.rb +4 -8
- data/spec/unit/type/mount_spec.rb +26 -38
- data/spec/unit/type/nagios_spec.rb +0 -1
- data/spec/unit/type/noop_metaparam_spec.rb +1 -2
- data/spec/unit/type/package/package_settings_spec.rb +44 -23
- data/spec/unit/type/package_spec.rb +53 -54
- data/spec/unit/type/resources_spec.rb +86 -88
- data/spec/unit/type/schedule_spec.rb +24 -26
- data/spec/unit/type/scheduled_task_spec.rb +1 -2
- data/spec/unit/type/selboolean_spec.rb +5 -6
- data/spec/unit/type/selmodule_spec.rb +0 -1
- data/spec/unit/type/service_spec.rb +47 -47
- data/spec/unit/type/ssh_authorized_key_spec.rb +5 -35
- data/spec/unit/type/sshkey_spec.rb +0 -2
- data/spec/unit/type/stage_spec.rb +0 -1
- data/spec/unit/type/tidy_spec.rb +61 -62
- data/spec/unit/type/user_spec.rb +41 -27
- data/spec/unit/type/vlan_spec.rb +2 -4
- data/spec/unit/type/whit_spec.rb +0 -1
- data/spec/unit/type/zfs_spec.rb +6 -7
- data/spec/unit/type/zone_spec.rb +14 -4
- data/spec/unit/type/zpool_spec.rb +4 -5
- data/spec/unit/type_spec.rb +54 -53
- data/spec/unit/util/at_fork_spec.rb +18 -19
- data/spec/unit/util/autoload_spec.rb +53 -54
- data/spec/unit/util/backups_spec.rb +34 -35
- data/spec/unit/util/character_encoding_spec.rb +8 -8
- data/spec/unit/util/checksums_spec.rb +38 -39
- data/spec/unit/util/colors_spec.rb +1 -2
- data/spec/unit/util/command_line_spec.rb +24 -25
- data/spec/unit/util/constant_inflector_spec.rb +0 -1
- data/spec/unit/util/diff_spec.rb +7 -8
- data/spec/unit/util/errors_spec.rb +0 -1
- data/spec/unit/util/execution_spec.rb +187 -162
- data/spec/unit/util/execution_stub_spec.rb +0 -1
- data/spec/unit/util/feature_spec.rb +13 -13
- data/spec/unit/util/filetype_spec.rb +49 -49
- data/spec/unit/util/http_proxy_spec.rb +12 -12
- data/spec/unit/util/inifile_spec.rb +26 -31
- data/spec/unit/util/json_lockfile_spec.rb +3 -5
- data/spec/unit/util/ldap/connection_spec.rb +26 -25
- data/spec/unit/util/ldap/generator_spec.rb +0 -1
- data/spec/unit/util/ldap/manager_spec.rb +102 -101
- data/spec/unit/util/lockfile_spec.rb +0 -1
- data/spec/unit/util/log/destinations_spec.rb +30 -33
- data/spec/unit/util/log_spec.rb +35 -36
- data/spec/unit/util/logging_spec.rb +58 -66
- data/spec/unit/util/metric_spec.rb +0 -1
- data/spec/unit/util/monkey_patches_spec.rb +7 -9
- data/spec/unit/util/multi_match_spec.rb +0 -1
- data/spec/unit/util/nagios_maker_spec.rb +35 -36
- data/spec/unit/util/network_device/cisco/device_spec.rb +59 -50
- data/spec/unit/util/network_device/cisco/facts_spec.rb +4 -5
- data/spec/unit/util/network_device/cisco/interface_spec.rb +29 -20
- data/spec/unit/util/network_device/config_spec.rb +0 -1
- data/spec/unit/util/network_device/ipcalc_spec.rb +0 -1
- data/spec/unit/util/network_device/transport/base_spec.rb +5 -6
- data/spec/unit/util/network_device/transport/ssh_spec.rb +94 -60
- data/spec/unit/util/network_device/transport/telnet_spec.rb +18 -14
- data/spec/unit/util/network_device_spec.rb +7 -9
- data/spec/unit/util/package_spec.rb +0 -1
- data/spec/unit/util/pidlock_spec.rb +13 -14
- data/spec/unit/util/plist_spec.rb +40 -33
- data/spec/unit/util/posix_spec.rb +54 -51
- data/spec/unit/util/rdoc_spec.rb +9 -10
- data/spec/unit/util/reference_spec.rb +0 -1
- data/spec/unit/util/resource_template_spec.rb +20 -20
- data/spec/unit/util/retry_action_spec.rb +7 -8
- data/spec/unit/util/rubygems_spec.rb +14 -14
- data/spec/unit/util/run_mode_spec.rb +3 -4
- data/spec/unit/util/selinux_spec.rb +79 -72
- data/spec/unit/util/splayer_spec.rb +8 -9
- data/spec/unit/util/ssl_spec.rb +0 -1
- data/spec/unit/util/storage_spec.rb +3 -4
- data/spec/unit/util/suidmanager_spec.rb +45 -54
- data/spec/unit/util/symbolic_file_mode_spec.rb +0 -1
- data/spec/unit/util/tag_set_spec.rb +0 -1
- data/spec/unit/util/tagging_spec.rb +0 -1
- data/spec/unit/util/terminal_spec.rb +9 -10
- data/spec/unit/util/user_attr_spec.rb +1 -2
- data/spec/unit/util/warnings_spec.rb +3 -4
- data/spec/unit/util/watcher/periodic_watcher_spec.rb +2 -2
- data/spec/unit/util/watcher_spec.rb +51 -21
- data/spec/unit/util/windows/access_control_entry_spec.rb +0 -1
- data/spec/unit/util/windows/access_control_list_spec.rb +0 -1
- data/spec/unit/util/windows/adsi_spec.rb +136 -138
- data/spec/unit/util/windows/api_types_spec.rb +0 -1
- data/spec/unit/util/windows/eventlog_spec.rb +9 -12
- data/spec/unit/util/windows/file_spec.rb +0 -1
- data/spec/unit/util/windows/root_certs_spec.rb +0 -1
- data/spec/unit/util/windows/security_descriptor_spec.rb +0 -2
- data/spec/unit/util/windows/service_spec.rb +66 -68
- data/spec/unit/util/windows/sid_spec.rb +11 -13
- data/spec/unit/util/windows/string_spec.rb +0 -1
- data/spec/unit/util_spec.rb +55 -59
- data/spec/unit/version_spec.rb +6 -6
- metadata +2 -2
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
#! /usr/bin/env ruby
|
|
2
1
|
# encoding: ASCII-8BIT
|
|
3
2
|
require 'spec_helper'
|
|
4
3
|
|
|
@@ -10,12 +9,12 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
10
9
|
end
|
|
11
10
|
|
|
12
11
|
def stub_ca_host
|
|
13
|
-
@key =
|
|
14
|
-
@key.
|
|
15
|
-
@cacert =
|
|
16
|
-
@cacert.
|
|
12
|
+
@key = double('key')
|
|
13
|
+
allow(@key).to receive(:content).and_return("cakey")
|
|
14
|
+
@cacert = double('certificate')
|
|
15
|
+
allow(@cacert).to receive(:content).and_return("cacertificate")
|
|
17
16
|
|
|
18
|
-
@host =
|
|
17
|
+
@host = double('ssl_host', :key => @key, :certificate => @cacert, :name => Puppet::SSL::Host.ca_name)
|
|
19
18
|
end
|
|
20
19
|
|
|
21
20
|
it "should have a class method for returning a singleton instance" do
|
|
@@ -26,10 +25,10 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
26
25
|
describe "and the host is a CA host and the run_mode is master" do
|
|
27
26
|
before do
|
|
28
27
|
Puppet[:ca] = true
|
|
29
|
-
Puppet.run_mode.
|
|
28
|
+
allow(Puppet.run_mode).to receive(:master?).and_return(true)
|
|
30
29
|
|
|
31
|
-
@ca =
|
|
32
|
-
Puppet::SSL::CertificateAuthority.
|
|
30
|
+
@ca = double('ca')
|
|
31
|
+
allow(Puppet::SSL::CertificateAuthority).to receive(:new).and_return(@ca)
|
|
33
32
|
end
|
|
34
33
|
|
|
35
34
|
it "should return an instance" do
|
|
@@ -44,9 +43,9 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
44
43
|
describe "and the host is not a CA host" do
|
|
45
44
|
it "should return nil" do
|
|
46
45
|
Puppet[:ca] = false
|
|
47
|
-
Puppet.run_mode.
|
|
46
|
+
allow(Puppet.run_mode).to receive(:master?).and_return(true)
|
|
48
47
|
|
|
49
|
-
Puppet::SSL::CertificateAuthority.
|
|
48
|
+
expect(Puppet::SSL::CertificateAuthority).not_to receive(:new)
|
|
50
49
|
expect(Puppet::SSL::CertificateAuthority.instance).to be_nil
|
|
51
50
|
end
|
|
52
51
|
end
|
|
@@ -54,9 +53,9 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
54
53
|
describe "and the run_mode is not master" do
|
|
55
54
|
it "should return nil" do
|
|
56
55
|
Puppet[:ca] = true
|
|
57
|
-
Puppet.run_mode.
|
|
56
|
+
allow(Puppet.run_mode).to receive(:master?).and_return(false)
|
|
58
57
|
|
|
59
|
-
Puppet::SSL::CertificateAuthority.
|
|
58
|
+
expect(Puppet::SSL::CertificateAuthority).not_to receive(:new)
|
|
60
59
|
expect(Puppet::SSL::CertificateAuthority.instance).to be_nil
|
|
61
60
|
end
|
|
62
61
|
end
|
|
@@ -64,9 +63,9 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
64
63
|
|
|
65
64
|
describe "when initializing" do
|
|
66
65
|
before do
|
|
67
|
-
Puppet.settings.
|
|
66
|
+
allow(Puppet.settings).to receive(:use)
|
|
68
67
|
|
|
69
|
-
Puppet::SSL::CertificateAuthority.
|
|
68
|
+
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
|
70
69
|
end
|
|
71
70
|
|
|
72
71
|
it "should always set its name to the value of :certname" do
|
|
@@ -76,21 +75,21 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
76
75
|
end
|
|
77
76
|
|
|
78
77
|
it "should create an SSL::Host instance whose name is the 'ca_name'" do
|
|
79
|
-
Puppet::SSL::Host.
|
|
78
|
+
expect(Puppet::SSL::Host).to receive(:ca_name).and_return("caname")
|
|
80
79
|
|
|
81
|
-
host =
|
|
82
|
-
Puppet::SSL::Host.
|
|
80
|
+
host = double('host')
|
|
81
|
+
expect(Puppet::SSL::Host).to receive(:new).with("caname").and_return(host)
|
|
83
82
|
|
|
84
83
|
Puppet::SSL::CertificateAuthority.new
|
|
85
84
|
end
|
|
86
85
|
|
|
87
86
|
it "should use the :main, :ca, and :ssl settings sections" do
|
|
88
|
-
Puppet.settings.
|
|
87
|
+
expect(Puppet.settings).to receive(:use).with(:main, :ssl, :ca)
|
|
89
88
|
Puppet::SSL::CertificateAuthority.new
|
|
90
89
|
end
|
|
91
90
|
|
|
92
91
|
it "should make sure the CA is set up" do
|
|
93
|
-
Puppet::SSL::CertificateAuthority.
|
|
92
|
+
expect_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
|
94
93
|
|
|
95
94
|
Puppet::SSL::CertificateAuthority.new
|
|
96
95
|
end
|
|
@@ -98,47 +97,47 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
98
97
|
|
|
99
98
|
describe "when setting itself up" do
|
|
100
99
|
it "should generate the CA certificate if it does not have one" do
|
|
101
|
-
Puppet.settings.
|
|
100
|
+
allow(Puppet.settings).to receive(:use)
|
|
102
101
|
|
|
103
|
-
host =
|
|
104
|
-
Puppet::SSL::Host.
|
|
102
|
+
host = double('host')
|
|
103
|
+
allow(Puppet::SSL::Host).to receive(:new).and_return(host)
|
|
105
104
|
|
|
106
|
-
host.
|
|
105
|
+
expect(host).to receive(:certificate).and_return(nil)
|
|
107
106
|
|
|
108
|
-
Puppet::SSL::CertificateAuthority.
|
|
107
|
+
expect_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:generate_ca_certificate)
|
|
109
108
|
Puppet::SSL::CertificateAuthority.new
|
|
110
109
|
end
|
|
111
110
|
end
|
|
112
111
|
|
|
113
112
|
describe "when retrieving the certificate revocation list" do
|
|
114
113
|
before do
|
|
115
|
-
Puppet.settings.
|
|
114
|
+
allow(Puppet.settings).to receive(:use)
|
|
116
115
|
Puppet[:cacrl] = "/my/crl"
|
|
117
116
|
|
|
118
|
-
cert =
|
|
119
|
-
key =
|
|
120
|
-
@host =
|
|
117
|
+
cert = double("certificate", :content => "real_cert")
|
|
118
|
+
key = double("key", :content => "real_key")
|
|
119
|
+
@host = double('host', :certificate => cert, :name => "hostname", :key => key)
|
|
121
120
|
|
|
122
|
-
Puppet::SSL::CertificateAuthority.
|
|
121
|
+
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
|
123
122
|
@ca = Puppet::SSL::CertificateAuthority.new
|
|
124
123
|
|
|
125
|
-
@ca.
|
|
124
|
+
allow(@ca).to receive(:host).and_return(@host)
|
|
126
125
|
end
|
|
127
126
|
|
|
128
127
|
it "should return any found CRL instance" do
|
|
129
|
-
crl =
|
|
130
|
-
Puppet::SSL::CertificateRevocationList.indirection.
|
|
128
|
+
crl = double('crl')
|
|
129
|
+
expect(Puppet::SSL::CertificateRevocationList.indirection).to receive(:find).and_return(crl)
|
|
131
130
|
expect(@ca.crl).to equal(crl)
|
|
132
131
|
end
|
|
133
132
|
|
|
134
133
|
it "should create, generate, and save a new CRL instance of no CRL can be found" do
|
|
135
134
|
crl = Puppet::SSL::CertificateRevocationList.new("fakename")
|
|
136
|
-
Puppet::SSL::CertificateRevocationList.indirection.
|
|
135
|
+
expect(Puppet::SSL::CertificateRevocationList.indirection).to receive(:find).and_return(nil)
|
|
137
136
|
|
|
138
|
-
Puppet::SSL::CertificateRevocationList.
|
|
137
|
+
expect(Puppet::SSL::CertificateRevocationList).to receive(:new).and_return(crl)
|
|
139
138
|
|
|
140
|
-
crl.
|
|
141
|
-
Puppet::SSL::CertificateRevocationList.indirection.
|
|
139
|
+
expect(crl).to receive(:generate).with(@ca.host.certificate.content, @ca.host.key.content)
|
|
140
|
+
expect(Puppet::SSL::CertificateRevocationList.indirection).to receive(:save).with(crl)
|
|
142
141
|
|
|
143
142
|
expect(@ca.crl).to equal(crl)
|
|
144
143
|
end
|
|
@@ -146,28 +145,28 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
146
145
|
|
|
147
146
|
describe "when generating a self-signed CA certificate" do
|
|
148
147
|
before do
|
|
149
|
-
Puppet.settings.
|
|
148
|
+
allow(Puppet.settings).to receive(:use)
|
|
150
149
|
|
|
151
|
-
Puppet::SSL::CertificateAuthority.
|
|
152
|
-
Puppet::SSL::CertificateAuthority.
|
|
150
|
+
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
|
151
|
+
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:crl)
|
|
153
152
|
@ca = Puppet::SSL::CertificateAuthority.new
|
|
154
153
|
|
|
155
|
-
@host =
|
|
154
|
+
@host = double('host', :key => double("key"), :name => "hostname", :certificate => double('certificate'))
|
|
156
155
|
|
|
157
|
-
Puppet::SSL::CertificateRequest.
|
|
156
|
+
allow_any_instance_of(Puppet::SSL::CertificateRequest).to receive(:generate)
|
|
158
157
|
|
|
159
|
-
@ca.
|
|
158
|
+
allow(@ca).to receive(:host).and_return(@host)
|
|
160
159
|
end
|
|
161
160
|
|
|
162
161
|
it "should create and store a password at :capass" do
|
|
163
162
|
Puppet[:capass] = File.expand_path("/path/to/pass")
|
|
164
163
|
|
|
165
|
-
Puppet::FileSystem.
|
|
164
|
+
expect(Puppet::FileSystem).to receive(:exist?).with(Puppet[:capass]).and_return(false)
|
|
166
165
|
|
|
167
166
|
fh = StringIO.new
|
|
168
|
-
Puppet.settings.setting(:capass).
|
|
167
|
+
expect(Puppet.settings.setting(:capass)).to receive(:open).with('w:ASCII').and_yield(fh)
|
|
169
168
|
|
|
170
|
-
@ca.
|
|
169
|
+
allow(@ca).to receive(:sign)
|
|
171
170
|
|
|
172
171
|
@ca.generate_ca_certificate
|
|
173
172
|
|
|
@@ -175,37 +174,42 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
175
174
|
end
|
|
176
175
|
|
|
177
176
|
it "should generate a key if one does not exist" do
|
|
178
|
-
@ca.
|
|
179
|
-
@ca.
|
|
177
|
+
allow(@ca).to receive(:generate_password)
|
|
178
|
+
allow(@ca).to receive(:sign)
|
|
180
179
|
|
|
181
|
-
@ca.host.
|
|
182
|
-
@ca.host.
|
|
180
|
+
expect(@ca.host).to receive(:key).and_return(nil)
|
|
181
|
+
expect(@ca.host).to receive(:generate_key)
|
|
183
182
|
|
|
184
183
|
@ca.generate_ca_certificate
|
|
185
184
|
end
|
|
186
185
|
|
|
187
186
|
it "should create and sign a self-signed cert using the CA name" do
|
|
188
|
-
request =
|
|
189
|
-
Puppet::SSL::CertificateRequest.
|
|
190
|
-
request.
|
|
191
|
-
request.
|
|
187
|
+
request = double('request')
|
|
188
|
+
expect(Puppet::SSL::CertificateRequest).to receive(:new).with(@ca.host.name).and_return(request)
|
|
189
|
+
expect(request).to receive(:generate).with(@ca.host.key)
|
|
190
|
+
allow(request).to receive(:request_extensions).and_return([])
|
|
192
191
|
|
|
193
|
-
@ca.
|
|
194
|
-
|
|
192
|
+
expect(@ca).to receive(:sign).with(
|
|
193
|
+
@host.name,
|
|
194
|
+
{
|
|
195
|
+
allow_dns_alt_names: false,
|
|
196
|
+
self_signing_csr: request
|
|
197
|
+
}
|
|
198
|
+
)
|
|
195
199
|
|
|
196
|
-
@ca.
|
|
200
|
+
allow(@ca).to receive(:generate_password)
|
|
197
201
|
|
|
198
202
|
@ca.generate_ca_certificate
|
|
199
203
|
end
|
|
200
204
|
|
|
201
205
|
it "should generate its CRL" do
|
|
202
|
-
@ca.
|
|
203
|
-
@ca.
|
|
206
|
+
allow(@ca).to receive(:generate_password)
|
|
207
|
+
allow(@ca).to receive(:sign)
|
|
204
208
|
|
|
205
|
-
@ca.host.
|
|
206
|
-
@ca.host.
|
|
209
|
+
expect(@ca.host).to receive(:key).and_return(nil)
|
|
210
|
+
expect(@ca.host).to receive(:generate_key)
|
|
207
211
|
|
|
208
|
-
@ca.
|
|
212
|
+
expect(@ca).to receive(:crl)
|
|
209
213
|
|
|
210
214
|
@ca.generate_ca_certificate
|
|
211
215
|
end
|
|
@@ -213,86 +217,80 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
213
217
|
|
|
214
218
|
describe "when signing" do
|
|
215
219
|
before do
|
|
216
|
-
Puppet.settings.
|
|
220
|
+
allow(Puppet.settings).to receive(:use)
|
|
217
221
|
|
|
218
|
-
Puppet::SSL::CertificateAuthority.
|
|
222
|
+
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:password?).and_return(true)
|
|
219
223
|
|
|
220
224
|
stub_ca_host
|
|
221
225
|
|
|
222
|
-
Puppet::SSL::Host.
|
|
226
|
+
expect(Puppet::SSL::Host).to receive(:new).with(Puppet::SSL::Host.ca_name).and_return(@host)
|
|
223
227
|
|
|
224
228
|
@ca = Puppet::SSL::CertificateAuthority.new
|
|
225
229
|
|
|
226
230
|
@name = "myhost"
|
|
227
|
-
@real_cert =
|
|
231
|
+
@real_cert = double('realcert', :sign => nil)
|
|
228
232
|
@cert = Puppet::SSL::Certificate.new(@name)
|
|
229
233
|
@cert.content = @real_cert
|
|
230
234
|
|
|
231
|
-
Puppet::SSL::Certificate.
|
|
235
|
+
allow(Puppet::SSL::Certificate).to receive(:new).and_return(@cert)
|
|
232
236
|
|
|
233
|
-
Puppet::SSL::Certificate.indirection.
|
|
237
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
|
234
238
|
|
|
235
239
|
# Stub out the factory
|
|
236
|
-
Puppet::SSL::CertificateFactory.
|
|
240
|
+
allow(Puppet::SSL::CertificateFactory).to receive(:build).and_return(@cert.content)
|
|
237
241
|
|
|
238
|
-
@request_content =
|
|
239
|
-
@request =
|
|
240
|
-
@request_content.
|
|
242
|
+
@request_content = double("request content stub", :subject => OpenSSL::X509::Name.new([['CN', @name]]), :public_key => double('public_key'))
|
|
243
|
+
@request = double('request', :name => @name, :request_extensions => [], :subject_alt_names => [], :content => @request_content)
|
|
244
|
+
allow(@request_content).to receive(:verify).and_return(true)
|
|
241
245
|
|
|
242
246
|
# And the inventory
|
|
243
|
-
@inventory =
|
|
244
|
-
@ca.
|
|
247
|
+
@inventory = double('inventory', :add => nil)
|
|
248
|
+
allow(@ca).to receive(:inventory).and_return(@inventory)
|
|
245
249
|
|
|
246
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
250
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:destroy)
|
|
247
251
|
end
|
|
248
252
|
|
|
249
253
|
describe "its own certificate" do
|
|
250
254
|
before do
|
|
251
255
|
@serial = 10
|
|
252
|
-
@ca.
|
|
256
|
+
allow(@ca).to receive(:next_serial).and_return(@serial)
|
|
253
257
|
end
|
|
254
258
|
|
|
255
259
|
it "should not look up a certificate request for the host" do
|
|
256
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
260
|
+
expect(Puppet::SSL::CertificateRequest.indirection).not_to receive(:find)
|
|
257
261
|
|
|
258
262
|
@ca.sign(@name, {allow_dns_alt_names: true,
|
|
259
263
|
self_signing_csr: @request})
|
|
260
264
|
end
|
|
261
265
|
|
|
262
266
|
it "should use a certificate type of :ca" do
|
|
263
|
-
Puppet::SSL::CertificateFactory.
|
|
264
|
-
expect(args[0]).to eq(:ca)
|
|
265
|
-
end.returns @cert.content
|
|
267
|
+
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(:ca, any_args).and_return(@cert.content)
|
|
266
268
|
@ca.sign(@name, {allow_dns_alt_names: true,
|
|
267
269
|
self_signing_csr: @request})
|
|
268
270
|
end
|
|
269
271
|
|
|
270
272
|
it "should pass the provided CSR as the CSR" do
|
|
271
|
-
Puppet::SSL::CertificateFactory.
|
|
272
|
-
expect(args[1]).to eq(@request)
|
|
273
|
-
end.returns @cert.content
|
|
273
|
+
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, @request, any_args).and_return(@cert.content)
|
|
274
274
|
@ca.sign(@name, {allow_dns_alt_names: true,
|
|
275
275
|
self_signing_csr: @request})
|
|
276
276
|
end
|
|
277
277
|
|
|
278
278
|
it "should use the provided CSR's content as the issuer" do
|
|
279
|
-
Puppet::SSL::CertificateFactory.
|
|
279
|
+
expect(Puppet::SSL::CertificateFactory).to receive(:build) do |*args|
|
|
280
280
|
expect(args[2].subject.to_s).to eq("/CN=myhost")
|
|
281
|
-
end.
|
|
281
|
+
end.and_return(@cert.content)
|
|
282
282
|
@ca.sign(@name, {allow_dns_alt_names: true,
|
|
283
283
|
self_signing_csr: @request})
|
|
284
284
|
end
|
|
285
285
|
|
|
286
286
|
it "should pass the next serial as the serial number" do
|
|
287
|
-
Puppet::SSL::CertificateFactory.
|
|
288
|
-
expect(args[3]).to eq(@serial)
|
|
289
|
-
end.returns @cert.content
|
|
287
|
+
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, anything, anything, @serial).and_return(@cert.content)
|
|
290
288
|
@ca.sign(@name, {allow_dns_alt_names: true,
|
|
291
289
|
self_signing_csr: @request})
|
|
292
290
|
end
|
|
293
291
|
|
|
294
292
|
it "should sign the certificate request even if it contains alt names" do
|
|
295
|
-
@request.
|
|
293
|
+
allow(@request).to receive(:subject_alt_names).and_return(%w[DNS:foo DNS:bar DNS:baz])
|
|
296
294
|
|
|
297
295
|
expect do
|
|
298
296
|
@ca.sign(@name, {allow_dns_alt_names: false,
|
|
@@ -301,7 +299,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
301
299
|
end
|
|
302
300
|
|
|
303
301
|
it "should save the resulting certificate" do
|
|
304
|
-
Puppet::SSL::Certificate.indirection.
|
|
302
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:save).with(@cert)
|
|
305
303
|
|
|
306
304
|
@ca.sign(@name, {allow_dns_alt_names: true,
|
|
307
305
|
self_signing_csr: @request})
|
|
@@ -311,45 +309,43 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
311
309
|
describe "another host's certificate" do
|
|
312
310
|
before do
|
|
313
311
|
@serial = 10
|
|
314
|
-
@ca.
|
|
312
|
+
allow(@ca).to receive(:next_serial).and_return(@serial)
|
|
315
313
|
|
|
316
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
317
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
314
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
|
315
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:save)
|
|
318
316
|
end
|
|
319
317
|
|
|
320
318
|
it "should use a certificate type of :server" do
|
|
321
|
-
Puppet::SSL::CertificateFactory.
|
|
322
|
-
args[0] == :server
|
|
323
|
-
end.returns @cert.content
|
|
319
|
+
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(:server, any_args).and_return(@cert.content)
|
|
324
320
|
|
|
325
321
|
@ca.sign(@name)
|
|
326
322
|
end
|
|
327
323
|
|
|
328
324
|
it "should use look up a CSR for the host in the :ca_file terminus" do
|
|
329
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
325
|
+
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
|
330
326
|
|
|
331
327
|
@ca.sign(@name)
|
|
332
328
|
end
|
|
333
329
|
|
|
334
330
|
it "should fail if no CSR can be found for the host" do
|
|
335
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
331
|
+
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(nil)
|
|
336
332
|
|
|
337
333
|
expect { @ca.sign(@name) }.to raise_error(ArgumentError)
|
|
338
334
|
end
|
|
339
335
|
|
|
340
336
|
it "should fail if an unknown request extension is present" do
|
|
341
|
-
@request.
|
|
342
|
-
|
|
337
|
+
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "bananas",
|
|
338
|
+
"value" => "delicious" }])
|
|
343
339
|
expect {
|
|
344
340
|
@ca.sign(@name)
|
|
345
341
|
}.to raise_error(/CSR has request extensions that are not permitted/)
|
|
346
342
|
end
|
|
347
343
|
|
|
348
344
|
it "should reject auth extensions" do
|
|
349
|
-
@request.
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
345
|
+
allow(@request).to receive(:request_extensions).and_return([{"oid" => "1.3.6.1.4.1.34380.1.3.1",
|
|
346
|
+
"value" => "true"},
|
|
347
|
+
{"oid" => "1.3.6.1.4.1.34380.1.3.13",
|
|
348
|
+
"value" => "com"}])
|
|
353
349
|
|
|
354
350
|
expect {
|
|
355
351
|
@ca.sign(@name)
|
|
@@ -358,15 +354,15 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
358
354
|
end
|
|
359
355
|
|
|
360
356
|
it "should not fail if the CSR contains auth extensions and they're allowed" do
|
|
361
|
-
@request.
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
357
|
+
allow(@request).to receive(:request_extensions).and_return([{"oid" => "1.3.6.1.4.1.34380.1.3.1",
|
|
358
|
+
"value" => "true"},
|
|
359
|
+
{"oid" => "1.3.6.1.4.1.34380.1.3.13",
|
|
360
|
+
"value" => "com"}])
|
|
365
361
|
expect { @ca.sign(@name, {allow_authorization_extensions: true})}.to_not raise_error
|
|
366
362
|
end
|
|
367
363
|
|
|
368
364
|
it "should fail if the CSR contains alt names and they are not expected" do
|
|
369
|
-
@request.
|
|
365
|
+
allow(@request).to receive(:subject_alt_names).and_return(%w[DNS:foo DNS:bar DNS:baz])
|
|
370
366
|
|
|
371
367
|
expect do
|
|
372
368
|
@ca.sign(@name, {allow_dns_alt_names: false})
|
|
@@ -374,12 +370,12 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
374
370
|
end
|
|
375
371
|
|
|
376
372
|
it "should not fail if the CSR does not contain alt names and they are expected" do
|
|
377
|
-
@request.
|
|
373
|
+
allow(@request).to receive(:subject_alt_names).and_return([])
|
|
378
374
|
expect { @ca.sign(@name, {allow_dns_alt_names: true}) }.to_not raise_error
|
|
379
375
|
end
|
|
380
376
|
|
|
381
377
|
it "should reject alt names by default" do
|
|
382
|
-
@request.
|
|
378
|
+
allow(@request).to receive(:subject_alt_names).and_return(%w[DNS:foo DNS:bar DNS:baz])
|
|
383
379
|
|
|
384
380
|
expect do
|
|
385
381
|
@ca.sign(@name)
|
|
@@ -387,43 +383,39 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
387
383
|
end
|
|
388
384
|
|
|
389
385
|
it "should use the CA certificate as the issuer" do
|
|
390
|
-
Puppet::SSL::CertificateFactory.
|
|
391
|
-
args[2] == @cacert.content
|
|
392
|
-
end.returns @cert.content
|
|
386
|
+
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, anything, @cacert.content, any_args).and_return(@cert.content)
|
|
393
387
|
@ca.sign(@name)
|
|
394
388
|
end
|
|
395
389
|
|
|
396
390
|
it "should pass the next serial as the serial number" do
|
|
397
|
-
Puppet::SSL::CertificateFactory.
|
|
398
|
-
args[3] == @serial
|
|
399
|
-
end.returns @cert.content
|
|
391
|
+
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, anything, anything, @serial).and_return(@cert.content)
|
|
400
392
|
@ca.sign(@name)
|
|
401
393
|
end
|
|
402
394
|
|
|
403
395
|
it "should sign the resulting certificate using its real key and a digest" do
|
|
404
|
-
digest =
|
|
405
|
-
OpenSSL::Digest::SHA256.
|
|
396
|
+
digest = double('digest')
|
|
397
|
+
expect(OpenSSL::Digest::SHA256).to receive(:new).and_return(digest)
|
|
406
398
|
|
|
407
|
-
key =
|
|
408
|
-
@ca.host.
|
|
399
|
+
key = double('key', :content => "real_key")
|
|
400
|
+
allow(@ca.host).to receive(:key).and_return(key)
|
|
409
401
|
|
|
410
|
-
@cert.content.
|
|
402
|
+
expect(@cert.content).to receive(:sign).with("real_key", digest)
|
|
411
403
|
@ca.sign(@name)
|
|
412
404
|
end
|
|
413
405
|
|
|
414
406
|
it "should save the resulting certificate" do
|
|
415
|
-
Puppet::SSL::Certificate.indirection.
|
|
407
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:save).with(@cert)
|
|
416
408
|
@ca.sign(@name)
|
|
417
409
|
end
|
|
418
410
|
|
|
419
411
|
it "should remove the host's certificate request" do
|
|
420
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
412
|
+
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:destroy).with(@name)
|
|
421
413
|
|
|
422
414
|
@ca.sign(@name)
|
|
423
415
|
end
|
|
424
416
|
|
|
425
417
|
it "should check the internal signing policies" do
|
|
426
|
-
@ca.
|
|
418
|
+
expect(@ca).to receive(:check_internal_signing_policies).and_return(true)
|
|
427
419
|
@ca.sign(@name)
|
|
428
420
|
end
|
|
429
421
|
end
|
|
@@ -431,10 +423,10 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
431
423
|
context "#check_internal_signing_policies" do
|
|
432
424
|
before do
|
|
433
425
|
@serial = 10
|
|
434
|
-
@ca.
|
|
426
|
+
allow(@ca).to receive(:next_serial).and_return(@serial)
|
|
435
427
|
|
|
436
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
437
|
-
@cert.
|
|
428
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
|
429
|
+
allow(@cert).to receive(:save)
|
|
438
430
|
end
|
|
439
431
|
|
|
440
432
|
it "should reject CSRs whose CN doesn't match the name for which we're signing them" do
|
|
@@ -489,7 +481,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
489
481
|
it "should reject #{name.inspect}" do
|
|
490
482
|
# We aren't even allowed to make objects with these names, so let's
|
|
491
483
|
# stub that to simulate an invalid one coming from outside Puppet
|
|
492
|
-
Puppet::SSL::CertificateRequest.
|
|
484
|
+
allow(Puppet::SSL::CertificateRequest).to receive(:validate_certname)
|
|
493
485
|
csr = Puppet::SSL::CertificateRequest.new(name)
|
|
494
486
|
csr.generate(@signing_key)
|
|
495
487
|
|
|
@@ -507,7 +499,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
507
499
|
exts = [{ 'oid' => '1.3.6.1.4.1.34380.1.1.1',
|
|
508
500
|
'value' => '657e4780-4cf5-11e3-8f96-0800200c9a66'}]
|
|
509
501
|
|
|
510
|
-
@request.
|
|
502
|
+
allow(@request).to receive(:request_extensions).and_return(exts)
|
|
511
503
|
|
|
512
504
|
expect {
|
|
513
505
|
@ca.check_internal_signing_policies(@name, @request)
|
|
@@ -518,7 +510,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
518
510
|
exts = [{ 'oid' => 'pp_uuid',
|
|
519
511
|
'value' => '657e4780-4cf5-11e3-8f96-0800200c9a66'}]
|
|
520
512
|
|
|
521
|
-
@request.
|
|
513
|
+
allow(@request).to receive(:request_extensions).and_return(exts)
|
|
522
514
|
|
|
523
515
|
expect {
|
|
524
516
|
@ca.check_internal_signing_policies(@name, @request)
|
|
@@ -529,7 +521,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
529
521
|
exts = [{ 'oid' => '1.3.6.1.4.1.34380.1.2.1',
|
|
530
522
|
'value' => 'private extension'}]
|
|
531
523
|
|
|
532
|
-
@request.
|
|
524
|
+
allow(@request).to receive(:request_extensions).and_return(exts)
|
|
533
525
|
|
|
534
526
|
expect {
|
|
535
527
|
@ca.check_internal_signing_policies(@name, @request)
|
|
@@ -538,9 +530,9 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
538
530
|
|
|
539
531
|
|
|
540
532
|
it "should reject a critical extension that isn't on the whitelist" do
|
|
541
|
-
@request.
|
|
542
|
-
|
|
543
|
-
|
|
533
|
+
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "banana",
|
|
534
|
+
"value" => "yumm",
|
|
535
|
+
"critical" => true }])
|
|
544
536
|
expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
|
|
545
537
|
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
|
546
538
|
/request extensions that are not permitted/
|
|
@@ -548,9 +540,9 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
548
540
|
end
|
|
549
541
|
|
|
550
542
|
it "should reject a non-critical extension that isn't on the whitelist" do
|
|
551
|
-
@request.
|
|
552
|
-
|
|
553
|
-
|
|
543
|
+
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "peach",
|
|
544
|
+
"value" => "meh",
|
|
545
|
+
"critical" => false }])
|
|
554
546
|
expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
|
|
555
547
|
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
|
556
548
|
/request extensions that are not permitted/
|
|
@@ -558,12 +550,12 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
558
550
|
end
|
|
559
551
|
|
|
560
552
|
it "should reject non-whitelist extensions even if a valid extension is present" do
|
|
561
|
-
@request.
|
|
562
|
-
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
553
|
+
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "peach",
|
|
554
|
+
"value" => "meh",
|
|
555
|
+
"critical" => false },
|
|
556
|
+
{ "oid" => "subjectAltName",
|
|
557
|
+
"value" => "DNS:foo",
|
|
558
|
+
"critical" => true }])
|
|
567
559
|
expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
|
|
568
560
|
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
|
569
561
|
/request extensions that are not permitted/
|
|
@@ -571,7 +563,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
571
563
|
end
|
|
572
564
|
|
|
573
565
|
it "should reject a subjectAltName for a non-DNS value" do
|
|
574
|
-
@request.
|
|
566
|
+
allow(@request).to receive(:subject_alt_names).and_return(['DNS:foo', 'email:bar@example.com'])
|
|
575
567
|
expect {
|
|
576
568
|
@ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: true})
|
|
577
569
|
}.to raise_error(
|
|
@@ -581,7 +573,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
581
573
|
end
|
|
582
574
|
|
|
583
575
|
it "should allow a subjectAltName if subject matches CA's certname" do
|
|
584
|
-
@request.
|
|
576
|
+
allow(@request).to receive(:subject_alt_names).and_return(['DNS:foo'])
|
|
585
577
|
Puppet[:certname] = @name
|
|
586
578
|
|
|
587
579
|
expect {
|
|
@@ -590,8 +582,8 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
590
582
|
end
|
|
591
583
|
|
|
592
584
|
it "should reject a wildcard subject" do
|
|
593
|
-
@request.content.
|
|
594
|
-
|
|
585
|
+
allow(@request.content).to receive(:subject).
|
|
586
|
+
and_return(OpenSSL::X509::Name.new([["CN", "*.local"]]))
|
|
595
587
|
|
|
596
588
|
expect { @ca.check_internal_signing_policies('*.local', @request) }.to raise_error(
|
|
597
589
|
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
|
@@ -600,7 +592,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
600
592
|
end
|
|
601
593
|
|
|
602
594
|
it "should reject a wildcard subjectAltName" do
|
|
603
|
-
@request.
|
|
595
|
+
allow(@request).to receive(:subject_alt_names).and_return(['DNS:foo', 'DNS:*.bar'])
|
|
604
596
|
expect {
|
|
605
597
|
@ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: true})
|
|
606
598
|
}.to raise_error(
|
|
@@ -612,28 +604,28 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
612
604
|
|
|
613
605
|
it "should create a certificate instance with the content set to the newly signed x509 certificate" do
|
|
614
606
|
@serial = 10
|
|
615
|
-
@ca.
|
|
607
|
+
allow(@ca).to receive(:next_serial).and_return(@serial)
|
|
616
608
|
|
|
617
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
618
|
-
Puppet::SSL::Certificate.indirection.
|
|
619
|
-
Puppet::SSL::Certificate.
|
|
609
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
|
610
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
|
611
|
+
expect(Puppet::SSL::Certificate).to receive(:new).with(@name).and_return(@cert)
|
|
620
612
|
|
|
621
613
|
@ca.sign(@name)
|
|
622
614
|
end
|
|
623
615
|
|
|
624
616
|
it "should return the certificate instance" do
|
|
625
|
-
@ca.
|
|
626
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
627
|
-
Puppet::SSL::Certificate.indirection.
|
|
617
|
+
allow(@ca).to receive(:next_serial).and_return(@serial)
|
|
618
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
|
619
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
|
628
620
|
expect(@ca.sign(@name)).to equal(@cert)
|
|
629
621
|
end
|
|
630
622
|
|
|
631
623
|
it "should add the certificate to its inventory" do
|
|
632
|
-
@ca.
|
|
633
|
-
@inventory.
|
|
624
|
+
allow(@ca).to receive(:next_serial).and_return(@serial)
|
|
625
|
+
expect(@inventory).to receive(:add).with(@cert)
|
|
634
626
|
|
|
635
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
636
|
-
Puppet::SSL::Certificate.indirection.
|
|
627
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
|
628
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
|
637
629
|
@ca.sign(@name)
|
|
638
630
|
end
|
|
639
631
|
|
|
@@ -650,7 +642,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
650
642
|
it "should do nothing if autosign is disabled" do
|
|
651
643
|
Puppet[:autosign] = false
|
|
652
644
|
|
|
653
|
-
@ca.
|
|
645
|
+
expect(@ca).not_to receive(:sign)
|
|
654
646
|
@ca.autosign(csr)
|
|
655
647
|
end
|
|
656
648
|
|
|
@@ -658,13 +650,13 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
658
650
|
Puppet[:autosign] = autosign
|
|
659
651
|
non_existent_file = Puppet::FileSystem::MemoryFile.a_missing_file(autosign)
|
|
660
652
|
Puppet::FileSystem.overlay(non_existent_file) do
|
|
661
|
-
@ca.
|
|
653
|
+
expect(@ca).not_to receive(:sign)
|
|
662
654
|
@ca.autosign(csr)
|
|
663
655
|
end
|
|
664
656
|
end
|
|
665
657
|
|
|
666
658
|
describe "and autosign is enabled and the autosign.conf file exists" do
|
|
667
|
-
let(:store) {
|
|
659
|
+
let(:store) { double('store', :allow => nil, :allowed? => false) }
|
|
668
660
|
|
|
669
661
|
before do
|
|
670
662
|
Puppet[:autosign] = autosign
|
|
@@ -673,10 +665,10 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
673
665
|
describe "when creating the AuthStore instance to verify autosigning" do
|
|
674
666
|
it "should create an AuthStore with each line in the configuration file allowed to be autosigned" do
|
|
675
667
|
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one\ntwo\n")) do
|
|
676
|
-
Puppet::Network::AuthStore.
|
|
668
|
+
allow(Puppet::Network::AuthStore).to receive(:new).and_return(store)
|
|
677
669
|
|
|
678
|
-
store.
|
|
679
|
-
store.
|
|
670
|
+
expect(store).to receive(:allow).with("one")
|
|
671
|
+
expect(store).to receive(:allow).with("two")
|
|
680
672
|
|
|
681
673
|
@ca.autosign(csr)
|
|
682
674
|
end
|
|
@@ -684,7 +676,7 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
684
676
|
|
|
685
677
|
it "should reparse the autosign configuration on each call" do
|
|
686
678
|
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one")) do
|
|
687
|
-
Puppet::Network::AuthStore.
|
|
679
|
+
allow(Puppet::Network::AuthStore).to receive(:new).twice.and_return(store)
|
|
688
680
|
|
|
689
681
|
@ca.autosign(csr)
|
|
690
682
|
@ca.autosign(csr)
|
|
@@ -693,9 +685,9 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
693
685
|
|
|
694
686
|
it "should ignore comments" do
|
|
695
687
|
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one\n#two\n")) do
|
|
696
|
-
Puppet::Network::AuthStore.
|
|
688
|
+
allow(Puppet::Network::AuthStore).to receive(:new).and_return(store)
|
|
697
689
|
|
|
698
|
-
store.
|
|
690
|
+
expect(store).to receive(:allow).with("one")
|
|
699
691
|
|
|
700
692
|
@ca.autosign(csr)
|
|
701
693
|
end
|
|
@@ -703,9 +695,9 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
703
695
|
|
|
704
696
|
it "should ignore blank lines" do
|
|
705
697
|
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one\n\n")) do
|
|
706
|
-
Puppet::Network::AuthStore.
|
|
698
|
+
allow(Puppet::Network::AuthStore).to receive(:new).and_return(store)
|
|
707
699
|
|
|
708
|
-
store.
|
|
700
|
+
expect(store).to receive(:allow).with("one")
|
|
709
701
|
@ca.autosign(csr)
|
|
710
702
|
end
|
|
711
703
|
end
|
|
@@ -715,29 +707,29 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
715
707
|
|
|
716
708
|
describe "using the autosign command setting" do
|
|
717
709
|
let(:cmd) { File.expand_path('/autosign_cmd') }
|
|
718
|
-
let(:autosign_cmd) {
|
|
710
|
+
let(:autosign_cmd) { double('autosign_command') }
|
|
719
711
|
let(:autosign_executable) { Puppet::FileSystem::MemoryFile.an_executable(cmd) }
|
|
720
712
|
|
|
721
713
|
before do
|
|
722
714
|
Puppet[:autosign] = cmd
|
|
723
715
|
|
|
724
|
-
Puppet::SSL::CertificateAuthority::AutosignCommand.
|
|
716
|
+
allow(Puppet::SSL::CertificateAuthority::AutosignCommand).to receive(:new).and_return(autosign_cmd)
|
|
725
717
|
end
|
|
726
718
|
|
|
727
719
|
it "autosigns the CSR if the autosign command returned true" do
|
|
728
720
|
Puppet::FileSystem.overlay(autosign_executable) do
|
|
729
|
-
autosign_cmd.
|
|
721
|
+
expect(autosign_cmd).to receive(:allowed?).with(csr).and_return(true)
|
|
730
722
|
|
|
731
|
-
@ca.
|
|
723
|
+
expect(@ca).to receive(:sign).with('host')
|
|
732
724
|
@ca.autosign(csr)
|
|
733
725
|
end
|
|
734
726
|
end
|
|
735
727
|
|
|
736
728
|
it "doesn't autosign the CSR if the autosign_command returned false" do
|
|
737
729
|
Puppet::FileSystem.overlay(autosign_executable) do
|
|
738
|
-
autosign_cmd.
|
|
730
|
+
expect(autosign_cmd).to receive(:allowed?).with(csr).and_return(false)
|
|
739
731
|
|
|
740
|
-
@ca.
|
|
732
|
+
expect(@ca).not_to receive(:sign)
|
|
741
733
|
@ca.autosign(csr)
|
|
742
734
|
end
|
|
743
735
|
end
|
|
@@ -747,30 +739,30 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
747
739
|
|
|
748
740
|
describe "when managing certificate clients" do
|
|
749
741
|
before do
|
|
750
|
-
Puppet.settings.
|
|
742
|
+
allow(Puppet.settings).to receive(:use)
|
|
751
743
|
|
|
752
|
-
Puppet::SSL::CertificateAuthority.
|
|
744
|
+
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:password?).and_return(true)
|
|
753
745
|
|
|
754
746
|
stub_ca_host
|
|
755
747
|
|
|
756
|
-
Puppet::SSL::Host.
|
|
757
|
-
Puppet::SSL::CertificateAuthority.
|
|
748
|
+
expect(Puppet::SSL::Host).to receive(:new).and_return(@host)
|
|
749
|
+
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:host).and_return(@host)
|
|
758
750
|
|
|
759
|
-
@cacert =
|
|
760
|
-
@cacert.
|
|
751
|
+
@cacert = double('certificate')
|
|
752
|
+
allow(@cacert).to receive(:content).and_return("cacertificate")
|
|
761
753
|
@ca = Puppet::SSL::CertificateAuthority.new
|
|
762
754
|
end
|
|
763
755
|
|
|
764
756
|
it "should be able to list waiting certificate requests" do
|
|
765
|
-
req1 =
|
|
766
|
-
req2 =
|
|
767
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
757
|
+
req1 = double('req1', :name => "one")
|
|
758
|
+
req2 = double('req2', :name => "two")
|
|
759
|
+
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:search).with("*").and_return([req1, req2])
|
|
768
760
|
|
|
769
761
|
expect(@ca.waiting?).to eq(%w{one two})
|
|
770
762
|
end
|
|
771
763
|
|
|
772
764
|
it "should delegate removing hosts to the Host class" do
|
|
773
|
-
Puppet::SSL::Host.
|
|
765
|
+
expect(Puppet::SSL::Host).to receive(:destroy).with("myhost")
|
|
774
766
|
|
|
775
767
|
@ca.destroy("myhost")
|
|
776
768
|
end
|
|
@@ -780,170 +772,171 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
780
772
|
end
|
|
781
773
|
|
|
782
774
|
it "should list certificates as the sorted list of all existing signed certificates" do
|
|
783
|
-
cert1 =
|
|
784
|
-
cert2 =
|
|
785
|
-
Puppet::SSL::Certificate.indirection.
|
|
775
|
+
cert1 = double('cert1', :name => "cert1")
|
|
776
|
+
cert2 = double('cert2', :name => "cert2")
|
|
777
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:search).with("*").and_return([cert1, cert2])
|
|
786
778
|
expect(@ca.list).to eq(%w{cert1 cert2})
|
|
787
779
|
end
|
|
788
780
|
|
|
789
781
|
it "should list the full certificates" do
|
|
790
|
-
cert1 =
|
|
791
|
-
cert2 =
|
|
792
|
-
Puppet::SSL::Certificate.indirection.
|
|
782
|
+
cert1 = double('cert1', :name => "cert1")
|
|
783
|
+
cert2 = double('cert2', :name => "cert2")
|
|
784
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:search).with("*").and_return([cert1, cert2])
|
|
793
785
|
expect(@ca.list_certificates).to eq([cert1, cert2])
|
|
794
786
|
end
|
|
795
787
|
|
|
796
788
|
it "should print a deprecation when using #list_certificates" do
|
|
797
|
-
Puppet::SSL::Certificate.indirection.
|
|
798
|
-
Puppet.
|
|
789
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:search).with("*").and_return([:foo, :bar])
|
|
790
|
+
expect(Puppet).to receive(:deprecation_warning).with(/list_certificates is deprecated/)
|
|
799
791
|
@ca.list_certificates
|
|
800
792
|
end
|
|
801
793
|
|
|
802
794
|
describe "and printing certificates" do
|
|
803
795
|
it "should return nil if the certificate cannot be found" do
|
|
804
|
-
Puppet::SSL::Certificate.indirection.
|
|
796
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(nil)
|
|
805
797
|
expect(@ca.print("myhost")).to be_nil
|
|
806
798
|
end
|
|
807
799
|
|
|
808
800
|
it "should print certificates by calling :to_text on the host's certificate" do
|
|
809
|
-
cert1 =
|
|
810
|
-
Puppet::SSL::Certificate.indirection.
|
|
801
|
+
cert1 = double('cert1', :name => "cert1", :to_text => "mytext")
|
|
802
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(cert1)
|
|
811
803
|
expect(@ca.print("myhost")).to eq("mytext")
|
|
812
804
|
end
|
|
813
805
|
end
|
|
814
806
|
|
|
815
807
|
describe "and fingerprinting certificates" do
|
|
816
808
|
before :each do
|
|
817
|
-
@cert =
|
|
818
|
-
Puppet::SSL::Certificate.indirection.
|
|
819
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
809
|
+
@cert = double('cert', :name => "cert", :fingerprint => "DIGEST")
|
|
810
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(@cert)
|
|
811
|
+
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with("myhost")
|
|
820
812
|
end
|
|
821
813
|
|
|
822
814
|
it "should raise an error if the certificate or CSR cannot be found" do
|
|
823
|
-
Puppet::SSL::Certificate.indirection.
|
|
824
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
815
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(nil)
|
|
816
|
+
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with("myhost").and_return(nil)
|
|
825
817
|
expect { @ca.fingerprint("myhost") }.to raise_error(ArgumentError, /Could not find a certificate/)
|
|
826
818
|
end
|
|
827
819
|
|
|
828
820
|
it "should try to find a CSR if no certificate can be found" do
|
|
829
|
-
Puppet::SSL::Certificate.indirection.
|
|
830
|
-
Puppet::SSL::CertificateRequest.indirection.
|
|
831
|
-
@cert.
|
|
821
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(nil)
|
|
822
|
+
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with("myhost").and_return(@cert)
|
|
823
|
+
expect(@cert).to receive(:fingerprint)
|
|
832
824
|
@ca.fingerprint("myhost")
|
|
833
825
|
end
|
|
834
826
|
|
|
835
827
|
it "should delegate to the certificate fingerprinting" do
|
|
836
|
-
@cert.
|
|
828
|
+
expect(@cert).to receive(:fingerprint)
|
|
837
829
|
@ca.fingerprint("myhost")
|
|
838
830
|
end
|
|
839
831
|
|
|
840
832
|
it "should propagate the digest algorithm to the certificate fingerprinting system" do
|
|
841
|
-
@cert.
|
|
833
|
+
expect(@cert).to receive(:fingerprint).with(:digest)
|
|
842
834
|
@ca.fingerprint("myhost", :digest)
|
|
843
835
|
end
|
|
844
836
|
end
|
|
845
837
|
|
|
846
838
|
describe "and verifying certificates" do
|
|
847
839
|
let(:cacert) { File.expand_path("/ca/cert") }
|
|
840
|
+
|
|
848
841
|
before do
|
|
849
|
-
@store =
|
|
842
|
+
@store = double('store', :verify => true, :add_file => nil, :purpose= => nil, :add_crl => true, :flags= => nil)
|
|
850
843
|
|
|
851
|
-
OpenSSL::X509::Store.
|
|
844
|
+
allow(OpenSSL::X509::Store).to receive(:new).and_return(@store)
|
|
852
845
|
|
|
853
|
-
@cert =
|
|
854
|
-
Puppet::SSL::Certificate.indirection.
|
|
846
|
+
@cert = double('cert', :content => "mycert")
|
|
847
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:find).and_return(@cert)
|
|
855
848
|
|
|
856
|
-
@crl =
|
|
849
|
+
@crl = double('crl', :content => "mycrl")
|
|
857
850
|
|
|
858
|
-
@ca.
|
|
851
|
+
allow(@ca).to receive(:crl).and_return(@crl)
|
|
859
852
|
end
|
|
860
853
|
|
|
861
854
|
it "should fail if the host's certificate cannot be found" do
|
|
862
|
-
Puppet::SSL::Certificate.indirection.
|
|
855
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("me").and_return(nil)
|
|
863
856
|
|
|
864
857
|
expect { @ca.verify("me") }.to raise_error(ArgumentError)
|
|
865
858
|
end
|
|
866
859
|
|
|
867
860
|
it "should create an SSL Store to verify" do
|
|
868
|
-
OpenSSL::X509::Store.
|
|
861
|
+
expect(OpenSSL::X509::Store).to receive(:new).and_return(@store)
|
|
869
862
|
|
|
870
863
|
@ca.verify("me")
|
|
871
864
|
end
|
|
872
865
|
|
|
873
866
|
it "should add the CA Certificate to the store" do
|
|
874
867
|
Puppet[:cacert] = cacert
|
|
875
|
-
@store.
|
|
868
|
+
expect(@store).to receive(:add_file).with(cacert)
|
|
876
869
|
|
|
877
870
|
@ca.verify("me")
|
|
878
871
|
end
|
|
879
872
|
|
|
880
873
|
it "should add the CRL to the store if the crl is enabled" do
|
|
881
|
-
@store.
|
|
874
|
+
expect(@store).to receive(:add_crl).with("mycrl")
|
|
882
875
|
|
|
883
876
|
@ca.verify("me")
|
|
884
877
|
end
|
|
885
878
|
|
|
886
879
|
it "should set the store purpose to OpenSSL::X509::PURPOSE_SSL_CLIENT" do
|
|
887
880
|
Puppet[:cacert] = cacert
|
|
888
|
-
@store.
|
|
881
|
+
expect(@store).to receive(:add_file).with(cacert)
|
|
889
882
|
|
|
890
883
|
@ca.verify("me")
|
|
891
884
|
end
|
|
892
885
|
|
|
893
886
|
it "should set the store flags to check the crl" do
|
|
894
|
-
@store.
|
|
887
|
+
expect(@store).to receive(:flags=).with(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | OpenSSL::X509::V_FLAG_CRL_CHECK)
|
|
895
888
|
|
|
896
889
|
@ca.verify("me")
|
|
897
890
|
end
|
|
898
891
|
|
|
899
892
|
it "should use the store to verify the certificate" do
|
|
900
|
-
@cert.
|
|
893
|
+
expect(@cert).to receive(:content).and_return("mycert")
|
|
901
894
|
|
|
902
|
-
@store.
|
|
895
|
+
expect(@store).to receive(:verify).with("mycert").and_return(true)
|
|
903
896
|
|
|
904
897
|
@ca.verify("me")
|
|
905
898
|
end
|
|
906
899
|
|
|
907
900
|
it "should fail if the verification returns false" do
|
|
908
|
-
@cert.
|
|
901
|
+
expect(@cert).to receive(:content).and_return("mycert")
|
|
909
902
|
|
|
910
|
-
@store.
|
|
911
|
-
@store.
|
|
912
|
-
@store.
|
|
903
|
+
expect(@store).to receive(:verify).with("mycert").and_return(false)
|
|
904
|
+
expect(@store).to receive(:error)
|
|
905
|
+
expect(@store).to receive(:error_string)
|
|
913
906
|
|
|
914
907
|
expect { @ca.verify("me") }.to raise_error(Puppet::SSL::CertificateAuthority::CertificateVerificationError)
|
|
915
908
|
end
|
|
916
909
|
|
|
917
910
|
describe "certificate_is_alive?" do
|
|
918
911
|
it "should return false if verification fails" do
|
|
919
|
-
@cert.
|
|
912
|
+
expect(@cert).to receive(:content).and_return("mycert")
|
|
920
913
|
|
|
921
|
-
@store.
|
|
914
|
+
expect(@store).to receive(:verify).with("mycert").and_return(false)
|
|
922
915
|
|
|
923
916
|
expect(@ca.certificate_is_alive?(@cert)).to be_falsey
|
|
924
917
|
end
|
|
925
918
|
|
|
926
919
|
it "should return true if verification passes" do
|
|
927
|
-
@cert.
|
|
920
|
+
expect(@cert).to receive(:content).and_return("mycert")
|
|
928
921
|
|
|
929
|
-
@store.
|
|
922
|
+
expect(@store).to receive(:verify).with("mycert").and_return(true)
|
|
930
923
|
|
|
931
924
|
expect(@ca.certificate_is_alive?(@cert)).to be_truthy
|
|
932
925
|
end
|
|
933
926
|
|
|
934
927
|
it "should use a cached instance of the x509 store" do
|
|
935
|
-
OpenSSL::X509::Store.
|
|
928
|
+
allow(OpenSSL::X509::Store).to receive(:new).and_return(@store).once
|
|
936
929
|
|
|
937
|
-
@cert.
|
|
930
|
+
expect(@cert).to receive(:content).and_return("mycert")
|
|
938
931
|
|
|
939
|
-
@store.
|
|
932
|
+
expect(@store).to receive(:verify).with("mycert").and_return(true)
|
|
940
933
|
|
|
941
934
|
@ca.certificate_is_alive?(@cert)
|
|
942
935
|
@ca.certificate_is_alive?(@cert)
|
|
943
936
|
end
|
|
944
937
|
|
|
945
938
|
it "should be deprecated" do
|
|
946
|
-
Puppet.
|
|
939
|
+
expect(Puppet).to receive(:deprecation_warning).with(/certificate_is_alive\? is deprecated/)
|
|
947
940
|
@ca.certificate_is_alive?(@cert)
|
|
948
941
|
end
|
|
949
942
|
end
|
|
@@ -951,78 +944,77 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
951
944
|
|
|
952
945
|
describe "and revoking certificates" do
|
|
953
946
|
before do
|
|
954
|
-
@crl =
|
|
955
|
-
@ca.
|
|
956
|
-
|
|
957
|
-
@ca.stubs(:next_serial).returns 10
|
|
947
|
+
@crl = double('crl')
|
|
948
|
+
allow(@ca).to receive(:crl).and_return(@crl)
|
|
958
949
|
|
|
959
|
-
@
|
|
960
|
-
@cert = stub 'cert', :content => @real_cert
|
|
961
|
-
Puppet::SSL::Certificate.indirection.stubs(:find).returns @cert
|
|
950
|
+
allow(@ca).to receive(:next_serial).and_return(10)
|
|
962
951
|
|
|
952
|
+
@real_cert = double('real_cert', :serial => 15)
|
|
953
|
+
@cert = double('cert', :content => @real_cert)
|
|
954
|
+
allow(Puppet::SSL::Certificate.indirection).to receive(:find).and_return(@cert)
|
|
963
955
|
end
|
|
964
956
|
|
|
965
957
|
it "should fail if the certificate revocation list is disabled" do
|
|
966
|
-
@ca.
|
|
958
|
+
allow(@ca).to receive(:crl).and_return(false)
|
|
967
959
|
|
|
968
960
|
expect { @ca.revoke('ca_testing') }.to raise_error(ArgumentError)
|
|
969
961
|
|
|
970
962
|
end
|
|
971
963
|
|
|
972
964
|
it "should delegate the revocation to its CRL" do
|
|
973
|
-
@ca.crl.
|
|
965
|
+
expect(@ca.crl).to receive(:revoke)
|
|
974
966
|
|
|
975
967
|
@ca.revoke('host')
|
|
976
968
|
end
|
|
977
969
|
|
|
978
970
|
it "should get the serial number from the local certificate if it exists" do
|
|
979
|
-
@ca.crl.
|
|
971
|
+
expect(@ca.crl).to receive(:revoke).with(15, anything)
|
|
980
972
|
|
|
981
|
-
Puppet::SSL::Certificate.indirection.
|
|
973
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(@cert)
|
|
982
974
|
|
|
983
975
|
@ca.revoke('host')
|
|
984
976
|
end
|
|
985
977
|
|
|
986
978
|
it "should get the serial number from inventory if no local certificate exists" do
|
|
987
|
-
Puppet::SSL::Certificate.indirection.
|
|
979
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(nil)
|
|
988
980
|
|
|
989
|
-
@ca.inventory.
|
|
981
|
+
expect(@ca.inventory).to receive(:serials).with("host").and_return([16])
|
|
990
982
|
|
|
991
|
-
@ca.crl.
|
|
983
|
+
expect(@ca.crl).to receive(:revoke).with(16, anything)
|
|
992
984
|
@ca.revoke('host')
|
|
993
985
|
end
|
|
994
986
|
|
|
995
987
|
it "should revoke all serials matching a name" do
|
|
996
|
-
Puppet::SSL::Certificate.indirection.
|
|
988
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(nil)
|
|
997
989
|
|
|
998
|
-
@ca.inventory.
|
|
990
|
+
expect(@ca.inventory).to receive(:serials).with("host").and_return([16, 20, 25])
|
|
999
991
|
|
|
1000
|
-
@ca.crl.
|
|
1001
|
-
@ca.crl.
|
|
1002
|
-
@ca.crl.
|
|
992
|
+
expect(@ca.crl).to receive(:revoke).with(16, anything)
|
|
993
|
+
expect(@ca.crl).to receive(:revoke).with(20, anything)
|
|
994
|
+
expect(@ca.crl).to receive(:revoke).with(25, anything)
|
|
1003
995
|
@ca.revoke('host')
|
|
1004
996
|
end
|
|
1005
997
|
|
|
1006
998
|
it "should raise an error if no certificate match" do
|
|
1007
|
-
Puppet::SSL::Certificate.indirection.
|
|
999
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(nil)
|
|
1008
1000
|
|
|
1009
|
-
@ca.inventory.
|
|
1001
|
+
expect(@ca.inventory).to receive(:serials).with("host").and_return([])
|
|
1010
1002
|
|
|
1011
|
-
@ca.crl.
|
|
1003
|
+
expect(@ca.crl).not_to receive(:revoke)
|
|
1012
1004
|
expect { @ca.revoke('host') }.to raise_error(ArgumentError, /Could not find a serial number for host/)
|
|
1013
1005
|
end
|
|
1014
1006
|
|
|
1015
1007
|
context "revocation by serial number (#16798)" do
|
|
1016
1008
|
it "revokes when given a lower case hexadecimal formatted string" do
|
|
1017
|
-
@ca.crl.
|
|
1018
|
-
Puppet::SSL::Certificate.indirection.
|
|
1009
|
+
expect(@ca.crl).to receive(:revoke).with(15, anything)
|
|
1010
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("0xf").and_return(nil)
|
|
1019
1011
|
|
|
1020
1012
|
@ca.revoke('0xf')
|
|
1021
1013
|
end
|
|
1022
1014
|
|
|
1023
1015
|
it "revokes when given an upper case hexadecimal formatted string" do
|
|
1024
|
-
@ca.crl.
|
|
1025
|
-
Puppet::SSL::Certificate.indirection.
|
|
1016
|
+
expect(@ca.crl).to receive(:revoke).with(15, anything)
|
|
1017
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("0xF").and_return(nil)
|
|
1026
1018
|
|
|
1027
1019
|
@ca.revoke('0xF')
|
|
1028
1020
|
end
|
|
@@ -1031,8 +1023,8 @@ describe Puppet::SSL::CertificateAuthority do
|
|
|
1031
1023
|
bighex = '0x4000000000000000000000000000000000000000'
|
|
1032
1024
|
bighex_int = 365375409332725729550921208179070754913983135744
|
|
1033
1025
|
|
|
1034
|
-
@ca.crl.
|
|
1035
|
-
Puppet::SSL::Certificate.indirection.
|
|
1026
|
+
expect(@ca.crl).to receive(:revoke).with(bighex_int, anything)
|
|
1027
|
+
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with(bighex).and_return(nil)
|
|
1036
1028
|
|
|
1037
1029
|
@ca.revoke(bighex)
|
|
1038
1030
|
end
|
|
@@ -1049,9 +1041,8 @@ require 'puppet/indirector/memory'
|
|
|
1049
1041
|
|
|
1050
1042
|
module CertificateAuthorityGenerateSpecs
|
|
1051
1043
|
describe "CertificateAuthority.generate" do
|
|
1052
|
-
|
|
1053
1044
|
def expect_to_increment_serial_file
|
|
1054
|
-
Puppet.settings.setting(:serial).
|
|
1045
|
+
expect(Puppet.settings.setting(:serial)).to receive(:exclusive_open)
|
|
1055
1046
|
end
|
|
1056
1047
|
|
|
1057
1048
|
def expect_to_sign_a_cert
|
|
@@ -1059,7 +1050,7 @@ describe "CertificateAuthority.generate" do
|
|
|
1059
1050
|
end
|
|
1060
1051
|
|
|
1061
1052
|
def expect_to_write_the_ca_password
|
|
1062
|
-
Puppet.settings.setting(:capass).
|
|
1053
|
+
expect(Puppet.settings.setting(:capass)).to receive(:open).with('w:ASCII')
|
|
1063
1054
|
end
|
|
1064
1055
|
|
|
1065
1056
|
def expect_ca_initialization
|
|
@@ -1088,7 +1079,7 @@ describe "CertificateAuthority.generate" do
|
|
|
1088
1079
|
end
|
|
1089
1080
|
|
|
1090
1081
|
before do
|
|
1091
|
-
Puppet::SSL::Inventory.
|
|
1082
|
+
allow(Puppet::SSL::Inventory).to receive(:new).and_return(double("Inventory", :add => nil))
|
|
1092
1083
|
INDIRECTED_CLASSES.each { |const| const.indirection.terminus_class = :memory }
|
|
1093
1084
|
end
|
|
1094
1085
|
|
|
@@ -1153,9 +1144,8 @@ describe "CertificateAuthority.generate" do
|
|
|
1153
1144
|
end
|
|
1154
1145
|
|
|
1155
1146
|
context "if autosign is true (Redmine #6112)" do
|
|
1156
|
-
|
|
1157
1147
|
def run_mode_must_be_master_for_autosign_to_be_attempted
|
|
1158
|
-
Puppet.
|
|
1148
|
+
allow(Puppet).to receive(:run_mode).and_return(Puppet::Util::RunMode[:master])
|
|
1159
1149
|
end
|
|
1160
1150
|
|
|
1161
1151
|
before do
|