puppet 5.5.22-x86-mingw32 → 6.0.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +46 -72
- data/Gemfile.lock +86 -102
- data/MAINTAINERS +47 -0
- data/Rakefile +15 -19
- data/ext/build_defaults.yaml +0 -1
- data/ext/cert_inspector +3 -3
- data/ext/debian/copyright +0 -22
- data/ext/project_data.yaml +8 -10
- data/ext/puppet-test +2 -2
- data/ext/redhat/puppet.spec.erb +0 -4
- data/ext/regexp_nodes/regexp_nodes.rb +4 -4
- data/ext/solaris/smf/puppet.xml +0 -2
- data/ext/solaris/smf/svc-puppetd +1 -8
- data/ext/solaris/smf/svc-puppetmasterd +1 -8
- data/ext/windows/eventlog/Rakefile +32 -0
- data/ext/windows/eventlog/puppetres.dll +0 -0
- data/ext/windows/eventlog/puppetres.mc +18 -0
- data/ext/windows/service/daemon.rb +8 -54
- data/install.rb +24 -6
- data/lib/hiera/scope.rb +0 -7
- data/lib/puppet.rb +10 -21
- data/lib/puppet/agent.rb +13 -5
- data/lib/puppet/application.rb +10 -8
- data/lib/puppet/application/agent.rb +3 -21
- data/lib/puppet/application/apply.rb +22 -12
- data/lib/puppet/application/cert.rb +25 -180
- data/lib/puppet/application/describe.rb +9 -3
- data/lib/puppet/application/device.rb +41 -74
- data/lib/puppet/application/doc.rb +5 -3
- data/lib/puppet/application/filebucket.rb +1 -23
- data/lib/puppet/application/lookup.rb +2 -2
- data/lib/puppet/application/resource.rb +4 -4
- data/lib/puppet/application/script.rb +3 -3
- data/lib/puppet/application/ssl.rb +133 -0
- data/lib/puppet/application_support.rb +1 -2
- data/lib/puppet/configurer.rb +62 -127
- data/lib/puppet/configurer/downloader.rb +17 -34
- data/lib/puppet/configurer/fact_handler.rb +5 -1
- data/lib/puppet/configurer/plugin_handler.rb +2 -3
- data/lib/puppet/confine/false.rb +1 -7
- data/lib/puppet/confine/true.rb +1 -7
- data/lib/puppet/daemon.rb +2 -2
- data/lib/puppet/datatypes.rb +1 -1
- data/lib/puppet/defaults.rb +126 -286
- data/lib/puppet/environments.rb +2 -7
- data/lib/puppet/error.rb +14 -10
- data/lib/puppet/etc.rb +4 -25
- data/lib/puppet/external/dot.rb +23 -17
- data/lib/puppet/face/config.rb +50 -12
- data/lib/puppet/face/epp.rb +2 -2
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +21 -7
- data/lib/puppet/face/help/global.erb +2 -2
- data/lib/puppet/face/module/build.rb +4 -59
- data/lib/puppet/face/module/generate.rb +5 -247
- data/lib/puppet/face/module/install.rb +0 -4
- data/lib/puppet/face/module/list.rb +5 -10
- data/lib/puppet/face/module/search.rb +2 -2
- data/lib/puppet/face/module/uninstall.rb +1 -5
- data/lib/puppet/face/module/upgrade.rb +1 -5
- data/lib/puppet/face/node/clean.rb +14 -10
- data/lib/puppet/face/plugin.rb +2 -9
- data/lib/puppet/feature/base.rb +7 -26
- data/lib/puppet/feature/eventlog.rb +1 -1
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/base.rb +7 -7
- data/lib/puppet/file_serving/fileset.rb +2 -2
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +4 -3
- data/lib/puppet/file_serving/mount/locales.rb +2 -1
- data/lib/puppet/file_serving/mount/pluginfacts.rb +2 -1
- data/lib/puppet/file_serving/mount/plugins.rb +2 -1
- data/lib/puppet/file_system.rb +8 -0
- data/lib/puppet/file_system/memory_file.rb +1 -1
- data/lib/puppet/file_system/posix.rb +2 -3
- data/lib/puppet/file_system/uniquefile.rb +0 -4
- data/lib/puppet/forge.rb +8 -12
- data/lib/puppet/functions.rb +138 -0
- data/lib/puppet/functions/abs.rb +61 -0
- data/lib/puppet/functions/call.rb +38 -2
- data/lib/puppet/functions/camelcase.rb +62 -0
- data/lib/puppet/functions/capitalize.rb +61 -0
- data/lib/puppet/functions/ceiling.rb +37 -0
- data/lib/puppet/functions/chomp.rb +57 -0
- data/lib/puppet/functions/chop.rb +67 -0
- data/lib/puppet/functions/compare.rb +125 -0
- data/lib/puppet/functions/convert_to.rb +3 -2
- data/lib/puppet/functions/dig.rb +21 -1
- data/lib/puppet/functions/downcase.rb +89 -0
- data/lib/puppet/functions/epp.rb +4 -4
- data/lib/puppet/functions/eyaml_lookup_key.rb +4 -5
- data/lib/puppet/functions/filter.rb +7 -6
- data/lib/puppet/functions/floor.rb +37 -0
- data/lib/puppet/functions/get.rb +150 -0
- data/lib/puppet/functions/getvar.rb +87 -0
- data/lib/puppet/functions/inline_epp.rb +5 -5
- data/lib/puppet/functions/lstrip.rb +58 -0
- data/lib/puppet/functions/max.rb +183 -0
- data/lib/puppet/functions/min.rb +182 -0
- data/lib/puppet/functions/new.rb +3 -8
- data/lib/puppet/functions/reduce.rb +4 -2
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/round.rb +24 -0
- data/lib/puppet/functions/rstrip.rb +58 -0
- data/lib/puppet/functions/size.rb +15 -0
- data/lib/puppet/functions/sort.rb +74 -0
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +58 -0
- data/lib/puppet/functions/upcase.rb +89 -0
- data/lib/puppet/functions/yaml_data.rb +4 -5
- data/lib/puppet/gettext/config.rb +1 -1
- data/lib/puppet/gettext/module_translations.rb +1 -1
- data/lib/puppet/graph.rb +0 -2
- data/lib/puppet/graph/rb_tree_map.rb +2 -2
- data/lib/puppet/graph/simple_graph.rb +10 -7
- data/lib/puppet/indirector/catalog/compiler.rb +0 -8
- data/lib/puppet/indirector/catalog/json.rb +14 -3
- data/lib/puppet/indirector/catalog/yaml.rb +0 -16
- data/lib/puppet/indirector/certificate/file.rb +0 -1
- data/lib/puppet/indirector/facts/yaml.rb +4 -2
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/hiera.rb +0 -6
- data/lib/puppet/indirector/indirection.rb +8 -12
- data/lib/puppet/indirector/key/file.rb +1 -6
- data/lib/puppet/indirector/node/exec.rb +1 -3
- data/lib/puppet/indirector/node/yaml.rb +0 -6
- data/lib/puppet/indirector/request.rb +20 -27
- data/lib/puppet/indirector/resource/ral.rb +3 -1
- data/lib/puppet/indirector/resource/validator.rb +1 -1
- data/lib/puppet/indirector/rest.rb +7 -65
- data/lib/puppet/indirector/ssl_file.rb +3 -44
- data/lib/puppet/indirector/terminus.rb +1 -1
- data/lib/puppet/indirector/yaml.rb +4 -4
- data/lib/puppet/info_service/task_information_service.rb +7 -3
- data/lib/puppet/interface.rb +2 -3
- data/lib/puppet/interface/action.rb +2 -5
- data/lib/puppet/interface/face_collection.rb +3 -1
- data/lib/puppet/loaders.rb +2 -0
- data/lib/puppet/metatype/manager.rb +3 -5
- data/lib/puppet/module.rb +5 -31
- data/lib/puppet/module/task.rb +208 -30
- data/lib/puppet/module_tool.rb +2 -5
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/application.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +7 -8
- data/lib/puppet/module_tool/applications/uninstaller.rb +4 -5
- data/lib/puppet/module_tool/applications/unpacker.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +5 -6
- data/lib/puppet/module_tool/installed_modules.rb +2 -2
- data/lib/puppet/module_tool/local_tarball.rb +3 -3
- data/lib/puppet/module_tool/metadata.rb +1 -2
- data/lib/puppet/module_tool/shared_behaviors.rb +6 -6
- data/lib/puppet/module_tool/tar/mini.rb +2 -12
- data/lib/puppet/network/authconfig.rb +0 -13
- data/lib/puppet/network/format_support.rb +13 -8
- data/lib/puppet/network/formats.rb +93 -2
- data/lib/puppet/network/http.rb +0 -2
- data/lib/puppet/network/http/api.rb +1 -10
- data/lib/puppet/network/http/api/indirected_routes.rb +22 -16
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -3
- data/lib/puppet/network/http/connection.rb +14 -57
- data/lib/puppet/network/http/factory.rb +13 -7
- data/lib/puppet/network/http/handler.rb +59 -27
- data/lib/puppet/network/http/pool.rb +1 -7
- data/lib/puppet/network/http/site.rb +1 -1
- data/lib/puppet/network/resolver.rb +140 -67
- data/lib/puppet/node.rb +1 -2
- data/lib/puppet/node/environment.rb +5 -30
- data/lib/puppet/node/facts.rb +11 -1
- data/lib/puppet/parameter.rb +4 -7
- data/lib/puppet/parser/ast.rb +5 -9
- data/lib/puppet/parser/ast/branch.rb +3 -3
- data/lib/puppet/parser/ast/leaf.rb +5 -0
- data/lib/puppet/parser/ast/resourceparam.rb +1 -1
- data/lib/puppet/parser/catalog_compiler.rb +32 -0
- data/lib/puppet/parser/compiler.rb +2 -3
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -2
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -2
- data/lib/puppet/parser/environment_compiler.rb +0 -3
- data/lib/puppet/parser/functions.rb +48 -18
- data/lib/puppet/parser/functions/epp.rb +3 -3
- data/lib/puppet/parser/functions/filter.rb +1 -1
- data/lib/puppet/parser/functions/generate.rb +1 -1
- data/lib/puppet/parser/functions/inline_epp.rb +5 -5
- data/lib/puppet/parser/resource.rb +2 -4
- data/lib/puppet/parser/resource/param.rb +12 -11
- data/lib/puppet/parser/scope.rb +6 -8
- data/lib/puppet/parser/script_compiler.rb +7 -2
- data/lib/puppet/pops.rb +1 -0
- data/lib/puppet/pops/adaptable.rb +13 -7
- data/lib/puppet/pops/adapters.rb +18 -8
- data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +4 -4
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/compare_operator.rb +3 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +127 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +17 -2
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +23 -4
- data/lib/puppet/pops/evaluator/runtime3_support.rb +7 -8
- data/lib/puppet/pops/functions/dispatch.rb +6 -0
- data/lib/puppet/pops/issues.rb +9 -10
- data/lib/puppet/pops/loader/loader.rb +1 -1
- data/lib/puppet/pops/loader/loader_paths.rb +5 -3
- data/lib/puppet/pops/loader/module_loaders.rb +47 -21
- data/lib/puppet/pops/loader/null_loader.rb +60 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +54 -0
- data/lib/puppet/pops/loader/static_loader.rb +0 -36
- data/lib/puppet/pops/loader/task_instantiator.rb +72 -44
- data/lib/puppet/pops/loaders.rb +21 -33
- data/lib/puppet/pops/lookup/hiera_config.rb +1 -2
- data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
- data/lib/puppet/pops/merge_strategy.rb +18 -22
- data/lib/puppet/pops/model/ast.pp +16 -0
- data/lib/puppet/pops/model/ast.rb +94 -0
- data/lib/puppet/pops/model/factory.rb +17 -38
- data/lib/puppet/pops/model/model_label_provider.rb +8 -1
- data/lib/puppet/pops/parser/egrammar.ra +14 -3
- data/lib/puppet/pops/parser/eparser.rb +1537 -1492
- data/lib/puppet/pops/parser/epp_support.rb +6 -2
- data/lib/puppet/pops/parser/heredoc_support.rb +8 -17
- data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
- data/lib/puppet/pops/parser/lexer2.rb +2 -7
- data/lib/puppet/pops/parser/locator.rb +87 -107
- data/lib/puppet/pops/parser/parser_support.rb +2 -11
- data/lib/puppet/pops/parser/pn_parser.rb +16 -17
- data/lib/puppet/pops/pcore.rb +19 -8
- data/lib/puppet/pops/puppet_stack.rb +48 -51
- data/lib/puppet/pops/resource/resource_type_impl.rb +0 -2
- data/lib/puppet/pops/serialization.rb +3 -2
- data/lib/puppet/pops/serialization/from_data_converter.rb +4 -3
- data/lib/puppet/pops/serialization/to_data_converter.rb +3 -3
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
- data/lib/puppet/pops/types/iterable.rb +8 -34
- data/lib/puppet/pops/types/p_binary_type.rb +1 -2
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_object_type.rb +3 -0
- data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
- data/lib/puppet/pops/types/p_timespan_type.rb +2 -2
- data/lib/puppet/pops/types/p_type_set_type.rb +0 -4
- data/lib/puppet/pops/types/string_converter.rb +12 -21
- data/lib/puppet/pops/types/type_calculator.rb +0 -24
- data/lib/puppet/pops/types/type_factory.rb +17 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/types.rb +7 -32
- data/lib/puppet/pops/validation/checker4_0.rb +23 -33
- data/lib/puppet/pops/validation/tasks_checker.rb +47 -6
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +7 -10
- data/lib/puppet/property.rb +1 -1
- data/lib/puppet/property/ensure.rb +1 -1
- data/lib/puppet/provider.rb +14 -2
- data/lib/puppet/provider/exec.rb +58 -59
- data/lib/puppet/provider/file/posix.rb +0 -5
- data/lib/puppet/provider/file/windows.rb +2 -50
- data/lib/puppet/provider/group/aix.rb +2 -18
- data/lib/puppet/provider/group/groupadd.rb +19 -19
- data/lib/puppet/provider/group/windows_adsi.rb +4 -11
- data/lib/puppet/provider/nameservice.rb +28 -11
- data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
- data/lib/puppet/provider/nameservice/pw.rb +2 -2
- data/lib/puppet/provider/package.rb +0 -2
- data/lib/puppet/provider/package/aix.rb +2 -17
- data/lib/puppet/provider/package/apt.rb +3 -14
- data/lib/puppet/provider/package/dnf.rb +3 -3
- data/lib/puppet/provider/package/dpkg.rb +7 -18
- data/lib/puppet/provider/package/fink.rb +3 -20
- data/lib/puppet/provider/package/gem.rb +43 -105
- data/lib/puppet/provider/package/openbsd.rb +2 -14
- data/lib/puppet/provider/package/pip.rb +108 -160
- data/lib/puppet/provider/package/pip3.rb +1 -1
- data/lib/puppet/provider/package/pkg.rb +5 -18
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +4 -16
- data/lib/puppet/provider/package/portage.rb +6 -6
- data/lib/puppet/provider/package/puppet_gem.rb +2 -7
- data/lib/puppet/provider/package/rpm.rb +33 -82
- data/lib/puppet/provider/package/windows.rb +2 -6
- data/lib/puppet/provider/package/windows/exe_package.rb +10 -16
- data/lib/puppet/provider/package/windows/msi_package.rb +0 -8
- data/lib/puppet/provider/package/windows/package.rb +2 -10
- data/lib/puppet/provider/package/yum.rb +25 -37
- data/lib/puppet/provider/package/zypper.rb +0 -1
- data/lib/puppet/provider/parsedfile.rb +5 -26
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/daemontools.rb +9 -9
- data/lib/puppet/provider/service/debian.rb +1 -0
- data/lib/puppet/provider/service/launchd.rb +8 -39
- data/lib/puppet/provider/service/openbsd.rb +1 -1
- data/lib/puppet/provider/service/rcng.rb +2 -2
- data/lib/puppet/provider/service/runit.rb +8 -2
- data/lib/puppet/provider/service/smf.rb +0 -54
- data/lib/puppet/provider/service/systemd.rb +24 -35
- data/lib/puppet/provider/service/upstart.rb +1 -3
- data/lib/puppet/provider/service/windows.rb +3 -23
- data/lib/puppet/provider/user/aix.rb +2 -48
- data/lib/puppet/provider/user/directoryservice.rb +8 -45
- data/lib/puppet/provider/user/hpux.rb +1 -1
- data/lib/puppet/provider/user/pw.rb +3 -12
- data/lib/puppet/provider/user/user_role_add.rb +1 -5
- data/lib/puppet/provider/user/useradd.rb +44 -74
- data/lib/puppet/provider/user/windows_adsi.rb +0 -7
- data/lib/puppet/reference/indirection.rb +2 -2
- data/lib/puppet/reference/metaparameter.rb +3 -1
- data/lib/puppet/reference/providers.rb +1 -1
- data/lib/puppet/reference/type.rb +9 -3
- data/lib/puppet/reports.rb +3 -3
- data/lib/puppet/resource.rb +22 -22
- data/lib/puppet/resource/catalog.rb +8 -14
- data/lib/puppet/resource/type.rb +1 -10
- data/lib/puppet/rest/client.rb +83 -0
- data/lib/puppet/rest/errors.rb +14 -0
- data/lib/puppet/rest/response.rb +34 -0
- data/lib/puppet/rest/route.rb +84 -0
- data/lib/puppet/rest/routes.rb +154 -0
- data/lib/puppet/rest/ssl_context.rb +13 -0
- data/lib/puppet/settings.rb +9 -54
- data/lib/puppet/settings/config_file.rb +1 -2
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/file_setting.rb +1 -1
- data/lib/puppet/settings/server_list_setting.rb +0 -9
- data/lib/puppet/ssl.rb +0 -1
- data/lib/puppet/ssl/base.rb +1 -9
- data/lib/puppet/ssl/certificate.rb +7 -4
- data/lib/puppet/ssl/certificate_request.rb +6 -14
- data/lib/puppet/ssl/certificate_request_attributes.rb +1 -1
- data/lib/puppet/ssl/host.rb +400 -174
- data/lib/puppet/ssl/key.rb +1 -5
- data/lib/puppet/ssl/oids.rb +3 -3
- data/lib/puppet/ssl/validator/default_validator.rb +33 -49
- data/lib/puppet/test/test_helper.rb +12 -18
- data/lib/puppet/transaction.rb +7 -12
- data/lib/puppet/transaction/event.rb +37 -14
- data/lib/puppet/transaction/event_manager.rb +3 -11
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/transaction/resource_harness.rb +2 -5
- data/lib/puppet/type.rb +7 -10
- data/lib/puppet/type/exec.rb +16 -50
- data/lib/puppet/type/file.rb +7 -16
- data/lib/puppet/type/file/content.rb +2 -3
- data/lib/puppet/type/file/data_sync.rb +1 -5
- data/lib/puppet/type/file/mode.rb +2 -7
- data/lib/puppet/type/file/source.rb +2 -1
- data/lib/puppet/type/filebucket.rb +8 -12
- data/lib/puppet/type/group.rb +3 -33
- data/lib/puppet/type/notify.rb +2 -3
- data/lib/puppet/type/package.rb +18 -154
- data/lib/puppet/type/resources.rb +2 -12
- data/lib/puppet/type/schedule.rb +34 -96
- data/lib/puppet/type/service.rb +10 -9
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +30 -14
- data/lib/puppet/util.rb +28 -52
- data/lib/puppet/util/autoload.rb +62 -56
- data/lib/puppet/util/character_encoding.rb +0 -22
- data/lib/puppet/util/classgen.rb +0 -6
- data/lib/puppet/util/command_line.rb +4 -7
- data/lib/puppet/util/command_line/trollop.rb +1 -1
- data/lib/puppet/util/connection.rb +74 -0
- data/lib/puppet/util/execution.rb +7 -22
- data/lib/puppet/util/feature.rb +63 -41
- data/lib/puppet/util/fileparsing.rb +27 -5
- data/lib/puppet/util/filetype.rb +8 -56
- data/lib/puppet/util/http_proxy.rb +18 -27
- data/lib/puppet/util/instance_loader.rb +3 -21
- data/lib/puppet/util/json.rb +0 -8
- data/lib/puppet/util/ldap/connection.rb +7 -7
- data/lib/puppet/util/log.rb +3 -8
- data/lib/puppet/util/log/destinations.rb +13 -5
- data/lib/puppet/util/logging.rb +19 -31
- data/lib/puppet/util/metric.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +1 -1
- data/lib/puppet/util/network_device/base.rb +1 -1
- data/lib/puppet/util/pidlock.rb +3 -23
- data/lib/puppet/util/platform.rb +3 -0
- data/lib/puppet/util/plist.rb +0 -6
- data/lib/puppet/util/posix.rb +0 -15
- data/lib/puppet/util/provider_features.rb +6 -7
- data/lib/puppet/util/rdoc.rb +2 -2
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/reference.rb +8 -7
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/rubygems.rb +1 -13
- data/lib/puppet/util/run_mode.rb +1 -1
- data/lib/puppet/util/selinux.rb +3 -9
- data/lib/puppet/util/ssl.rb +40 -1
- data/lib/puppet/util/storage.rb +1 -13
- data/lib/puppet/util/suidmanager.rb +7 -5
- data/lib/puppet/util/tag_set.rb +1 -1
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/util/windows.rb +15 -0
- data/lib/puppet/util/windows/adsi.rb +7 -116
- data/lib/puppet/util/windows/api_types.rb +33 -46
- data/lib/puppet/util/windows/eventlog.rb +6 -1
- data/lib/puppet/util/windows/principal.rb +6 -8
- data/lib/puppet/util/windows/process.rb +3 -94
- data/lib/puppet/util/windows/registry.rb +14 -46
- data/lib/puppet/util/windows/security.rb +2 -40
- data/lib/puppet/util/windows/service.rb +72 -431
- data/lib/puppet/util/windows/sid.rb +3 -4
- data/lib/puppet/util/windows/user.rb +9 -17
- data/lib/puppet/util/yaml.rb +41 -5
- data/lib/puppet/vendor.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet_pal.rb +246 -23
- data/locales/ja/puppet.po +11128 -0
- data/locales/puppet.pot +1321 -2527
- data/man/man5/puppet.conf.5 +31 -191
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +3 -3
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +19 -23
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +2 -21
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +10 -100
- data/man/man8/puppet-node.8 +4 -7
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +28 -0
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +12 -3
- data/spec/fixtures/unit/functions/hiera/hiera/backend/hieraspec_backend.rb +22 -0
- data/spec/fixtures/unit/functions/lookup/hiera/backend/custom_backend.rb +18 -0
- data/spec/fixtures/unit/functions/lookup/hiera/backend/other_backend.rb +7 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/manifests/init.pp +6 -6
- data/spec/fixtures/unit/provider/package/pkgng/pkg.info +0 -1
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +0 -2
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +0 -9
- data/spec/integration/agent/logging_spec.rb +9 -7
- data/spec/integration/application/apply_spec.rb +31 -26
- data/spec/integration/application/doc_spec.rb +2 -1
- data/spec/integration/application/lookup_spec.rb +5 -5
- data/spec/integration/configurer_spec.rb +8 -76
- data/spec/integration/data_binding_spec.rb +1 -1
- data/spec/integration/defaults_spec.rb +13 -16
- data/spec/integration/directory_environments_spec.rb +1 -1
- data/spec/integration/faces/config_spec.rb +4 -3
- data/spec/integration/faces/documentation_spec.rb +1 -0
- data/spec/integration/faces/plugin_spec.rb +49 -29
- data/spec/integration/file_bucket/file_spec.rb +4 -19
- data/spec/integration/file_serving/content_spec.rb +1 -0
- data/spec/integration/file_serving/fileset_spec.rb +1 -0
- data/spec/integration/file_serving/metadata_spec.rb +1 -0
- data/spec/integration/file_serving/terminus_helper_spec.rb +1 -0
- data/spec/integration/file_system/uniquefile_spec.rb +26 -29
- data/spec/integration/indirector/catalog/compiler_spec.rb +11 -10
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -22
- data/spec/integration/indirector/file_content/file_server_spec.rb +8 -7
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +8 -7
- data/spec/integration/network/authconfig_spec.rb +24 -23
- data/spec/integration/network/formats_spec.rb +1 -0
- data/spec/integration/network/http/api/indirected_routes_spec.rb +6 -34
- data/spec/integration/node/environment_spec.rb +2 -1
- data/spec/integration/node/facts_spec.rb +10 -9
- data/spec/integration/node_spec.rb +7 -10
- data/spec/integration/parser/catalog_spec.rb +8 -6
- data/spec/integration/parser/collection_spec.rb +9 -4
- data/spec/integration/parser/compiler_spec.rb +7 -25
- data/spec/integration/parser/scope_spec.rb +1 -1
- data/spec/integration/parser/undef_param_spec.rb +1 -1
- data/spec/integration/provider/service/init_spec.rb +9 -6
- data/spec/integration/provider/service/systemd_spec.rb +14 -11
- data/spec/integration/provider/service/windows_spec.rb +11 -8
- data/spec/integration/reference/providers_spec.rb +7 -0
- data/spec/integration/reports_spec.rb +2 -1
- data/spec/integration/resource/catalog_spec.rb +17 -14
- data/spec/integration/resource/type_collection_spec.rb +5 -4
- data/spec/integration/ssl/certificate_request_spec.rb +1 -2
- data/spec/integration/ssl/host_spec.rb +17 -24
- data/spec/integration/ssl/key_spec.rb +7 -2
- data/spec/integration/test/test_helper_spec.rb +32 -0
- data/spec/integration/transaction/report_spec.rb +14 -9
- data/spec/integration/type/exec_spec.rb +2 -1
- data/spec/integration/type/file_spec.rb +38 -46
- data/spec/integration/type/package_spec.rb +25 -21
- data/spec/integration/type/tidy_spec.rb +2 -1
- data/spec/integration/type_spec.rb +1 -0
- data/spec/integration/util/autoload_spec.rb +11 -7
- data/spec/integration/util/execution_spec.rb +5 -32
- data/spec/integration/util/rdoc/parser_spec.rb +14 -23
- data/spec/integration/util/settings_spec.rb +2 -1
- data/spec/integration/util/windows/adsi_spec.rb +8 -11
- data/spec/integration/util/windows/principal_spec.rb +2 -1
- data/spec/integration/util/windows/process_spec.rb +9 -7
- data/spec/integration/util/windows/registry_spec.rb +46 -127
- data/spec/integration/util/windows/security_spec.rb +15 -16
- data/spec/integration/util/windows/user_spec.rb +29 -66
- data/spec/integration/util_spec.rb +10 -7
- data/spec/lib/matchers/json.rb +12 -18
- data/{lib/puppet/ssl → spec/lib/puppet}/certificate_factory.rb +5 -6
- data/spec/lib/puppet/test_ca.rb +109 -0
- data/spec/lib/puppet_spec/compiler.rb +28 -1
- data/spec/lib/puppet_spec/files.rb +29 -23
- data/spec/lib/puppet_spec/module_tool/shared_functions.rb +1 -1
- data/spec/lib/puppet_spec/modules.rb +11 -1
- data/spec/lib/puppet_spec/scope.rb +2 -1
- data/spec/lib/puppet_spec/ssl.rb +265 -0
- data/spec/lib/puppet_spec/validators.rb +37 -0
- data/spec/shared_behaviours/all_parsedfile_providers.rb +1 -1
- data/spec/shared_behaviours/file_server_terminus.rb +9 -8
- data/spec/shared_behaviours/file_serving.rb +8 -6
- data/spec/shared_behaviours/file_serving_model.rb +5 -22
- data/spec/shared_behaviours/hiera_indirections.rb +4 -3
- data/spec/shared_behaviours/iterative_functions.rb +1 -0
- data/spec/shared_behaviours/memory_terminus.rb +2 -2
- data/spec/shared_behaviours/path_parameters.rb +1 -1
- data/spec/shared_contexts/types_setup.rb +0 -2
- data/spec/shared_examples/rhel_package_provider.rb +70 -112
- data/spec/spec_helper.rb +1 -15
- data/spec/unit/agent/disabler_spec.rb +5 -4
- data/spec/unit/agent/locker_spec.rb +13 -12
- data/spec/unit/agent_spec.rb +102 -105
- data/spec/unit/application/agent_spec.rb +95 -114
- data/spec/unit/application/apply_spec.rb +92 -119
- data/spec/unit/application/config_spec.rb +1 -0
- data/spec/unit/application/describe_spec.rb +7 -6
- data/spec/unit/application/device_spec.rb +180 -181
- data/spec/unit/application/doc_spec.rb +46 -44
- data/spec/unit/application/face_base_spec.rb +62 -61
- data/spec/unit/application/facts_spec.rb +4 -3
- data/spec/unit/application/filebucket_spec.rb +74 -66
- data/spec/unit/application/indirection_base_spec.rb +6 -8
- data/spec/unit/application/lookup_spec.rb +44 -37
- data/spec/unit/application/resource_spec.rb +48 -42
- data/spec/unit/application/ssl_spec.rb +322 -0
- data/spec/unit/application_spec.rb +108 -90
- data/spec/unit/capability_spec.rb +15 -16
- data/spec/unit/{ssl/certificate_factory_spec.rb → certificate_factory_spec.rb} +13 -20
- data/spec/unit/configurer/downloader_spec.rb +22 -31
- data/spec/unit/configurer/fact_handler_spec.rb +7 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +8 -41
- data/spec/unit/configurer_spec.rb +475 -520
- data/spec/unit/confine/exists_spec.rb +15 -17
- data/spec/unit/confine/false_spec.rb +6 -32
- data/spec/unit/confine/feature_spec.rb +5 -7
- data/spec/unit/confine/true_spec.rb +6 -32
- data/spec/unit/confine/variable_spec.rb +15 -14
- data/spec/unit/confine_collection_spec.rb +29 -28
- data/spec/unit/confine_spec.rb +14 -13
- data/spec/unit/confiner_spec.rb +11 -10
- data/spec/unit/context/trusted_information_spec.rb +4 -3
- data/spec/unit/daemon_spec.rb +38 -35
- data/spec/unit/data_providers/function_data_provider_spec.rb +1 -0
- data/spec/unit/data_providers/hiera_data_provider_spec.rb +1 -0
- data/spec/unit/datatypes_spec.rb +4 -3
- data/spec/unit/defaults_spec.rb +61 -32
- data/spec/unit/environments_spec.rb +7 -7
- data/spec/unit/etc_spec.rb +29 -52
- data/spec/unit/external/pson_spec.rb +1 -0
- data/spec/unit/face/catalog_spec.rb +1 -0
- data/spec/unit/face/config_spec.rb +35 -31
- data/spec/unit/face/epp_face_spec.rb +4 -3
- data/spec/unit/face/facts_spec.rb +6 -14
- data/spec/unit/face/generate_spec.rb +5 -4
- data/spec/unit/face/help_spec.rb +8 -7
- data/spec/unit/face/key_spec.rb +1 -0
- data/spec/unit/face/man_spec.rb +2 -1
- data/spec/unit/face/module/install_spec.rb +5 -3
- data/spec/unit/face/module/list_spec.rb +12 -62
- data/spec/unit/face/module/search_spec.rb +9 -11
- data/spec/unit/face/module/uninstall_spec.rb +8 -4
- data/spec/unit/face/node_spec.rb +30 -52
- data/spec/unit/face/parser_spec.rb +3 -3
- data/spec/unit/face/plugin_spec.rb +9 -44
- data/spec/unit/face/status_spec.rb +1 -0
- data/spec/unit/file_bucket/dipper_spec.rb +24 -28
- data/spec/unit/file_bucket/file_spec.rb +2 -0
- data/spec/unit/file_serving/base_spec.rb +18 -20
- data/spec/unit/file_serving/configuration/parser_spec.rb +28 -27
- data/spec/unit/file_serving/configuration_spec.rb +66 -63
- data/spec/unit/file_serving/content_spec.rb +11 -10
- data/spec/unit/file_serving/fileset_spec.rb +58 -63
- data/spec/unit/file_serving/http_metadata_spec.rb +7 -8
- data/spec/unit/file_serving/metadata_spec.rb +40 -40
- data/spec/unit/file_serving/mount/file_spec.rb +32 -31
- data/spec/unit/file_serving/mount/locales_spec.rb +26 -25
- data/spec/unit/file_serving/mount/modules_spec.rb +15 -14
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +26 -25
- data/spec/unit/file_serving/mount/plugins_spec.rb +26 -25
- data/spec/unit/file_serving/mount/tasks_spec.rb +15 -14
- data/spec/unit/file_serving/mount_spec.rb +1 -0
- data/spec/unit/file_serving/terminus_helper_spec.rb +42 -37
- data/spec/unit/file_serving/terminus_selector_spec.rb +13 -12
- data/spec/unit/file_system/path_pattern_spec.rb +1 -1
- data/spec/unit/file_system/uniquefile_spec.rb +6 -17
- data/spec/unit/file_system_spec.rb +9 -6
- data/spec/unit/forge/errors_spec.rb +1 -1
- data/spec/unit/forge/forge_spec.rb +16 -15
- data/spec/unit/forge/module_release_spec.rb +18 -18
- data/spec/unit/forge/repository_spec.rb +30 -27
- data/spec/unit/forge_spec.rb +11 -15
- data/spec/unit/functions/abs_spec.rb +70 -0
- data/spec/unit/functions/binary_file_spec.rb +3 -3
- data/spec/unit/functions/call_spec.rb +59 -5
- data/spec/unit/functions/camelcase_spec.rb +34 -0
- data/spec/unit/functions/capitalize_spec.rb +34 -0
- data/spec/unit/functions/ceiling_spec.rb +65 -0
- data/spec/unit/functions/chomp_spec.rb +46 -0
- data/spec/unit/functions/chop_spec.rb +38 -0
- data/spec/unit/functions/compare_spec.rb +147 -0
- data/spec/unit/functions/contain_spec.rb +2 -0
- data/spec/unit/functions/convert_to_spec.rb +3 -0
- data/spec/unit/functions/defined_spec.rb +1 -0
- data/spec/unit/functions/downcase_spec.rb +34 -0
- data/spec/unit/functions/epp_spec.rb +2 -2
- data/spec/unit/functions/filter_spec.rb +4 -4
- data/spec/unit/functions/find_file_spec.rb +7 -7
- data/spec/unit/functions/floor_spec.rb +65 -0
- data/spec/unit/functions/get_spec.rb +135 -0
- data/spec/unit/functions/getvar_spec.rb +121 -0
- data/spec/unit/functions/hiera_spec.rb +14 -48
- data/spec/unit/functions/include_spec.rb +4 -0
- data/spec/unit/functions/lookup_fixture_spec.rb +1 -0
- data/spec/unit/functions/lookup_spec.rb +37 -62
- data/spec/unit/functions/lstrip_spec.rb +30 -0
- data/spec/unit/functions/match_spec.rb +3 -4
- data/spec/unit/functions/max_spec.rb +129 -0
- data/spec/unit/functions/min_spec.rb +129 -0
- data/spec/unit/functions/module_directory_spec.rb +12 -12
- data/spec/unit/functions/new_spec.rb +0 -15
- data/spec/unit/functions/regsubst_spec.rb +3 -4
- data/spec/unit/functions/require_spec.rb +3 -0
- data/spec/unit/functions/round_spec.rb +41 -0
- data/spec/unit/functions/rstrip_spec.rb +30 -0
- data/spec/unit/functions/shared.rb +8 -5
- data/spec/unit/functions/size_spec.rb +50 -0
- data/spec/unit/functions/sort_spec.rb +79 -0
- data/spec/unit/functions/split_spec.rb +3 -4
- data/spec/unit/functions/strip_spec.rb +30 -0
- data/spec/unit/functions/upcase_spec.rb +34 -0
- data/spec/unit/functions/versioncmp_spec.rb +4 -4
- data/spec/unit/functions4_spec.rb +78 -51
- data/spec/unit/gettext/config_spec.rb +4 -4
- data/spec/unit/gettext/module_loading_spec.rb +7 -7
- data/spec/unit/graph/rb_tree_map_spec.rb +2 -0
- data/spec/unit/graph/relationship_graph_spec.rb +2 -1
- data/spec/unit/graph/simple_graph_spec.rb +52 -11
- data/spec/unit/hiera/scope_spec.rb +0 -7
- data/spec/unit/hiera_puppet_spec.rb +20 -20
- data/spec/unit/indirector/catalog/compiler_spec.rb +166 -183
- data/spec/unit/indirector/catalog/json_spec.rb +2 -1
- data/spec/unit/indirector/catalog/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -0
- data/spec/unit/indirector/catalog/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/catalog/yaml_spec.rb +1 -0
- data/spec/unit/indirector/certificate/file_spec.rb +1 -8
- data/spec/unit/indirector/certificate/rest_spec.rb +10 -8
- data/spec/unit/indirector/certificate_request/file_spec.rb +1 -0
- data/spec/unit/indirector/certificate_request/rest_spec.rb +1 -0
- data/spec/unit/indirector/direct_file_server_spec.rb +49 -57
- data/spec/unit/indirector/envelope_spec.rb +2 -1
- data/spec/unit/indirector/exec_spec.rb +31 -26
- data/spec/unit/indirector/face_spec.rb +9 -9
- data/spec/unit/indirector/facts/facter_spec.rb +43 -37
- data/spec/unit/indirector/facts/network_device_spec.rb +9 -8
- data/spec/unit/indirector/facts/rest_spec.rb +8 -7
- data/spec/unit/indirector/facts/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/facts/yaml_spec.rb +90 -77
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +13 -9
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +5 -4
- data/spec/unit/indirector/file_content/file_server_spec.rb +1 -0
- data/spec/unit/indirector/file_content/file_spec.rb +1 -0
- data/spec/unit/indirector/file_content/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_content/selector_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/file_server_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/file_spec.rb +13 -12
- data/spec/unit/indirector/file_metadata/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/selector_spec.rb +1 -0
- data/spec/unit/indirector/file_server_spec.rb +145 -145
- data/spec/unit/indirector/indirection_spec.rb +226 -249
- data/spec/unit/indirector/json_spec.rb +9 -7
- data/spec/unit/indirector/key/file_spec.rb +22 -38
- data/spec/unit/indirector/memory_spec.rb +7 -6
- data/spec/unit/indirector/msgpack_spec.rb +9 -7
- data/spec/unit/indirector/node/exec_spec.rb +43 -22
- data/spec/unit/indirector/node/memory_spec.rb +4 -2
- data/spec/unit/indirector/node/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/node/plain_spec.rb +4 -2
- data/spec/unit/indirector/node/rest_spec.rb +1 -0
- data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/node/yaml_spec.rb +1 -0
- data/spec/unit/indirector/none_spec.rb +5 -5
- data/spec/unit/indirector/plain_spec.rb +8 -7
- data/spec/unit/indirector/report/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/report/processor_spec.rb +22 -21
- data/spec/unit/indirector/report/rest_spec.rb +12 -11
- data/spec/unit/indirector/report/yaml_spec.rb +1 -0
- data/spec/unit/indirector/request_spec.rb +18 -15
- data/spec/unit/indirector/resource/ral_spec.rb +55 -47
- data/spec/unit/indirector/resource/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/rest_spec.rb +110 -113
- data/spec/unit/indirector/ssl_file_spec.rb +100 -119
- data/spec/unit/indirector/status/local_spec.rb +1 -0
- data/spec/unit/indirector/status/rest_spec.rb +1 -0
- data/spec/unit/indirector/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/terminus_spec.rb +30 -32
- data/spec/unit/indirector/yaml_spec.rb +90 -68
- data/spec/unit/indirector_spec.rb +2 -1
- data/spec/unit/info_service_spec.rb +144 -10
- data/spec/unit/interface/action_builder_spec.rb +1 -0
- data/spec/unit/interface/action_manager_spec.rb +1 -0
- data/spec/unit/interface/action_spec.rb +3 -2
- data/spec/unit/interface/documentation_spec.rb +1 -0
- data/spec/unit/interface/face_collection_spec.rb +12 -19
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/man_spec.rb +4 -3
- data/spec/unit/module_spec.rb +52 -102
- data/spec/unit/module_tool/applications/installer_spec.rb +13 -12
- data/spec/unit/module_tool/applications/searcher_spec.rb +3 -3
- data/spec/unit/module_tool/applications/uninstaller_spec.rb +2 -1
- data/spec/unit/module_tool/applications/unpacker_spec.rb +13 -13
- data/spec/unit/module_tool/applications/upgrader_spec.rb +6 -6
- data/spec/unit/module_tool/install_directory_spec.rb +8 -8
- data/spec/unit/module_tool/installed_modules_spec.rb +3 -3
- data/spec/unit/module_tool/tar/gnu_spec.rb +6 -6
- data/spec/unit/module_tool/tar/mini_spec.rb +12 -12
- data/spec/unit/module_tool/tar_spec.rb +13 -12
- data/spec/unit/module_tool_spec.rb +12 -29
- data/spec/unit/network/auth_config_parser_spec.rb +13 -11
- data/spec/unit/network/authconfig_spec.rb +18 -17
- data/spec/unit/network/authorization_spec.rb +5 -4
- data/spec/unit/network/authstore_spec.rb +1 -0
- data/spec/unit/network/format_handler_spec.rb +1 -0
- data/spec/unit/network/format_spec.rb +10 -9
- data/spec/unit/network/format_support_spec.rb +29 -28
- data/spec/unit/network/formats_spec.rb +31 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +41 -51
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +7 -9
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +1 -2
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +7 -6
- data/spec/unit/network/http/api_spec.rb +2 -26
- data/spec/unit/network/http/compression_spec.rb +28 -24
- data/spec/unit/network/http/connection_spec.rb +122 -72
- data/spec/unit/network/http/factory_spec.rb +11 -40
- data/spec/unit/network/http/handler_spec.rb +18 -9
- data/spec/unit/network/http/nocache_pool_spec.rb +7 -6
- data/spec/unit/network/http/pool_spec.rb +29 -60
- data/spec/unit/network/http/request_spec.rb +2 -0
- data/spec/unit/network/http/response_spec.rb +13 -11
- data/spec/unit/network/http/route_spec.rb +1 -0
- data/spec/unit/network/http/session_spec.rb +2 -1
- data/spec/unit/network/http/site_spec.rb +1 -0
- data/spec/unit/network/http_pool_spec.rb +9 -18
- data/spec/unit/network/http_spec.rb +1 -0
- data/spec/unit/network/resolver_spec.rb +104 -28
- data/spec/unit/network/rights_spec.rb +53 -52
- data/spec/unit/node/environment_spec.rb +17 -18
- data/spec/unit/node/facts_spec.rb +21 -6
- data/spec/unit/node_spec.rb +23 -17
- data/spec/unit/other/selinux_spec.rb +1 -71
- data/spec/unit/parameter/boolean_spec.rb +2 -1
- data/spec/unit/parameter/package_options_spec.rb +2 -1
- data/spec/unit/parameter/path_spec.rb +1 -0
- data/spec/unit/parameter/value_collection_spec.rb +1 -0
- data/spec/unit/parameter/value_spec.rb +1 -0
- data/spec/unit/parameter_spec.rb +9 -9
- data/spec/unit/parser/ast/block_expression_spec.rb +8 -6
- data/spec/unit/parser/ast/leaf_spec.rb +21 -20
- data/spec/unit/parser/compiler_spec.rb +96 -84
- data/spec/unit/parser/environment_compiler_spec.rb +16 -23
- data/spec/unit/parser/files_spec.rb +1 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +1 -1
- data/spec/unit/parser/functions/digest_spec.rb +1 -4
- data/spec/unit/parser/functions/fail_spec.rb +2 -5
- data/spec/unit/parser/functions/file_spec.rb +14 -17
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +6 -5
- data/spec/unit/parser/functions/generate_spec.rb +37 -38
- data/spec/unit/parser/functions/inline_template_spec.rb +1 -4
- data/spec/unit/parser/functions/regsubst_spec.rb +1 -4
- data/spec/unit/parser/functions/scanf_spec.rb +1 -4
- data/spec/unit/parser/functions/shellquote_spec.rb +1 -0
- data/spec/unit/parser/functions/split_spec.rb +1 -4
- data/spec/unit/parser/functions/sprintf_spec.rb +1 -4
- data/spec/unit/parser/functions/tag_spec.rb +2 -5
- data/spec/unit/parser/functions/tagged_spec.rb +3 -6
- data/spec/unit/parser/functions/template_spec.rb +13 -17
- data/spec/unit/parser/functions/versioncmp_spec.rb +2 -5
- data/spec/unit/parser/functions_spec.rb +29 -3
- data/spec/unit/parser/relationship_spec.rb +1 -0
- data/spec/unit/parser/resource/param_spec.rb +1 -1
- data/spec/unit/parser/resource_spec.rb +42 -42
- data/spec/unit/parser/scope_spec.rb +35 -39
- data/spec/unit/parser/templatewrapper_spec.rb +12 -11
- data/spec/unit/parser/type_loader_spec.rb +19 -17
- data/spec/unit/pops/adaptable_spec.rb +1 -0
- data/spec/unit/pops/benchmark_spec.rb +1 -0
- data/spec/unit/pops/evaluator/access_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/arithmetic_ops_spec.rb +11 -0
- data/spec/unit/pops/evaluator/basic_expressions_spec.rb +1 -0
- data/spec/unit/pops/evaluator/collections_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/comparison_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/conditionals_spec.rb +1 -0
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +78 -18
- data/spec/unit/pops/evaluator/logical_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/runtime3_converter_spec.rb +5 -4
- data/spec/unit/pops/evaluator/string_interpolation_spec.rb +1 -0
- data/spec/unit/pops/evaluator/variables_spec.rb +1 -0
- data/spec/unit/pops/factory_spec.rb +4 -3
- data/spec/unit/pops/issues_spec.rb +20 -19
- data/spec/unit/pops/loaders/dependency_loader_spec.rb +2 -2
- data/spec/unit/pops/loaders/loader_spec.rb +12 -36
- data/spec/unit/pops/loaders/loaders_spec.rb +57 -54
- data/spec/unit/pops/loaders/module_loaders_spec.rb +35 -3
- data/spec/unit/pops/loaders/static_loader_spec.rb +0 -36
- data/spec/unit/pops/lookup/context_spec.rb +1 -0
- data/spec/unit/pops/lookup/interpolation_spec.rb +3 -2
- data/spec/unit/pops/merge_strategy_spec.rb +1 -0
- data/spec/unit/pops/migration_spec.rb +5 -3
- data/spec/unit/pops/model/model_spec.rb +1 -0
- data/spec/unit/pops/model/pn_transformer_spec.rb +1 -0
- data/spec/unit/pops/parser/lexer2_spec.rb +60 -21
- data/spec/unit/pops/parser/locator_spec.rb +6 -48
- data/spec/unit/pops/parser/parse_application_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_calls_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_conditionals_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_containers_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_heredoc_spec.rb +12 -124
- data/spec/unit/pops/parser/parse_plan_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_resource_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_site_spec.rb +1 -0
- data/spec/unit/pops/parser/pn_parser_spec.rb +1 -0
- data/spec/unit/pops/pn_spec.rb +1 -0
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +1 -0
- data/spec/unit/pops/serialization/serialization_spec.rb +7 -5
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +29 -4
- data/spec/unit/pops/serialization/to_stringified_spec.rb +157 -0
- data/spec/unit/pops/types/deferred_spec.rb +87 -0
- data/spec/unit/pops/types/p_object_type_spec.rb +20 -0
- data/spec/unit/pops/types/p_timespan_type_spec.rb +0 -22
- data/spec/unit/pops/types/p_timestamp_type_spec.rb +0 -19
- data/spec/unit/pops/types/recursion_guard_spec.rb +10 -10
- data/spec/unit/pops/types/ruby_generator_spec.rb +2 -2
- data/spec/unit/pops/types/string_converter_spec.rb +11 -22
- data/spec/unit/pops/types/task_spec.rb +148 -16
- data/spec/unit/pops/types/type_asserter_spec.rb +2 -2
- data/spec/unit/pops/types/type_calculator_spec.rb +36 -36
- data/spec/unit/pops/types/type_mismatch_describer_spec.rb +0 -9
- data/spec/unit/pops/types/type_parser_spec.rb +13 -13
- data/spec/unit/pops/types/types_spec.rb +12 -6
- data/spec/unit/pops/validator/validator_spec.rb +162 -82
- data/spec/unit/pops/visitor_spec.rb +1 -0
- data/spec/unit/property/boolean_spec.rb +1 -1
- data/spec/unit/property/ensure_spec.rb +1 -0
- data/spec/unit/property/keyvalue_spec.rb +34 -32
- data/spec/unit/property/list_spec.rb +27 -26
- data/spec/unit/property/ordered_list_spec.rb +14 -10
- data/spec/unit/property_spec.rb +53 -43
- data/spec/unit/provider/aix_object_spec.rb +45 -47
- data/spec/unit/provider/command_spec.rb +9 -9
- data/spec/unit/provider/exec/posix_spec.rb +9 -8
- data/spec/unit/provider/exec/shell_spec.rb +3 -1
- data/spec/unit/provider/exec/windows_spec.rb +6 -4
- data/spec/unit/provider/exec_spec.rb +1 -209
- data/spec/unit/provider/file/posix_spec.rb +24 -22
- data/spec/unit/provider/file/windows_spec.rb +19 -17
- data/spec/unit/provider/group/aix_spec.rb +7 -22
- data/spec/unit/provider/group/groupadd_spec.rb +27 -60
- data/spec/unit/provider/group/ldap_spec.rb +36 -33
- data/spec/unit/provider/group/pw_spec.rb +18 -15
- data/spec/unit/provider/group/windows_adsi_spec.rb +80 -128
- data/spec/unit/provider/ldap_spec.rb +62 -61
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +109 -102
- data/spec/unit/provider/nameservice_spec.rb +41 -39
- data/spec/unit/provider/package/aix_spec.rb +22 -48
- data/spec/unit/provider/package/appdmg_spec.rb +13 -13
- data/spec/unit/provider/package/apt_spec.rb +35 -60
- data/spec/unit/provider/package/aptitude_spec.rb +7 -7
- data/spec/unit/provider/package/aptrpm_spec.rb +13 -8
- data/spec/unit/provider/package/base_spec.rb +4 -4
- data/spec/unit/provider/package/dnf_spec.rb +23 -34
- data/spec/unit/provider/package/dpkg_spec.rb +72 -114
- data/spec/unit/provider/package/freebsd_spec.rb +18 -15
- data/spec/unit/provider/package/gem_spec.rb +86 -163
- data/spec/unit/provider/package/hpux_spec.rb +18 -15
- data/spec/unit/provider/package/macports_spec.rb +54 -56
- data/spec/unit/provider/package/nim_spec.rb +49 -33
- data/spec/unit/provider/package/openbsd_spec.rb +49 -60
- data/spec/unit/provider/package/opkg_spec.rb +26 -23
- data/spec/unit/provider/package/pacman_spec.rb +118 -97
- data/spec/unit/provider/package/pip3_spec.rb +6 -20
- data/spec/unit/provider/package/pip_spec.rb +129 -185
- data/spec/unit/provider/package/pkg_spec.rb +119 -129
- data/spec/unit/provider/package/pkgdmg_spec.rb +63 -65
- data/spec/unit/provider/package/pkgin_spec.rb +23 -20
- data/spec/unit/provider/package/pkgng_spec.rb +35 -67
- data/spec/unit/provider/package/pkgutil_spec.rb +49 -45
- data/spec/unit/provider/package/portage_spec.rb +76 -72
- data/spec/unit/provider/package/puppet_gem_spec.rb +21 -45
- data/spec/unit/provider/package/rpm_spec.rb +79 -291
- data/spec/unit/provider/package/sun_spec.rb +18 -16
- data/spec/unit/provider/package/tdnf_spec.rb +12 -9
- data/spec/unit/provider/package/up2date_spec.rb +4 -2
- data/spec/unit/provider/package/urpmi_spec.rb +17 -15
- data/spec/unit/provider/package/windows/exe_package_spec.rb +18 -15
- data/spec/unit/provider/package/windows/msi_package_spec.rb +23 -20
- data/spec/unit/provider/package/windows/package_spec.rb +43 -38
- data/spec/unit/provider/package/windows_spec.rb +36 -51
- data/spec/unit/provider/package/yum_spec.rb +24 -128
- data/spec/unit/provider/package/zypper_spec.rb +106 -117
- data/spec/unit/provider/parsedfile_spec.rb +45 -44
- data/spec/unit/provider/service/base_spec.rb +6 -5
- data/spec/unit/provider/service/bsd_spec.rb +54 -47
- data/spec/unit/provider/service/daemontools_spec.rb +53 -70
- data/spec/unit/provider/service/debian_spec.rb +58 -46
- data/spec/unit/provider/service/freebsd_spec.rb +23 -20
- data/spec/unit/provider/service/gentoo_spec.rb +81 -74
- data/spec/unit/provider/service/init_spec.rb +66 -65
- data/spec/unit/provider/service/launchd_spec.rb +114 -181
- data/spec/unit/provider/service/openbsd_spec.rb +94 -87
- data/spec/unit/provider/service/openrc_spec.rb +74 -70
- data/spec/unit/provider/service/openwrt_spec.rb +38 -30
- data/spec/unit/provider/service/rcng_spec.rb +24 -19
- data/spec/unit/provider/service/redhat_spec.rb +60 -60
- data/spec/unit/provider/service/runit_spec.rb +44 -61
- data/spec/unit/provider/service/smf_spec.rb +74 -143
- data/spec/unit/provider/service/src_spec.rb +69 -60
- data/spec/unit/provider/service/systemd_spec.rb +160 -222
- data/spec/unit/provider/service/upstart_spec.rb +99 -83
- data/spec/unit/provider/service/windows_spec.rb +42 -84
- data/spec/unit/provider/user/aix_spec.rb +24 -65
- data/spec/unit/provider/user/directoryservice_spec.rb +114 -187
- data/spec/unit/provider/user/hpux_spec.rb +21 -17
- data/spec/unit/provider/user/ldap_spec.rb +83 -80
- data/spec/unit/provider/user/openbsd_spec.rb +12 -11
- data/spec/unit/provider/user/pw_spec.rb +44 -80
- data/spec/unit/provider/user/user_role_add_spec.rb +94 -94
- data/spec/unit/provider/user/useradd_spec.rb +100 -208
- data/spec/unit/provider/user/windows_adsi_spec.rb +63 -62
- data/spec/unit/provider_spec.rb +189 -41
- data/spec/unit/puppet_pal_2pec.rb +26 -12
- data/spec/unit/puppet_pal_catalog_spec.rb +801 -0
- data/spec/unit/puppet_pal_spec.rb +2 -8
- data/spec/unit/puppet_spec.rb +7 -27
- data/spec/unit/relationship_spec.rb +1 -0
- data/spec/unit/reports/http_spec.rb +23 -21
- data/spec/unit/reports/store_spec.rb +4 -3
- data/spec/unit/reports_spec.rb +14 -12
- data/spec/unit/resource/capability_finder_spec.rb +26 -29
- data/spec/unit/resource/catalog_spec.rb +77 -81
- data/spec/unit/resource/status_spec.rb +8 -6
- data/spec/unit/resource/type_collection_spec.rb +18 -17
- data/spec/unit/resource/type_spec.rb +35 -34
- data/spec/unit/resource_spec.rb +79 -67
- data/spec/unit/rest/client_spec.rb +135 -0
- data/spec/unit/rest/route_spec.rb +132 -0
- data/spec/unit/scheduler/job_spec.rb +1 -0
- data/spec/unit/scheduler/scheduler_spec.rb +1 -0
- data/spec/unit/scheduler/splay_job_spec.rb +2 -1
- data/spec/unit/settings/array_setting_spec.rb +1 -1
- data/spec/unit/settings/autosign_setting_spec.rb +9 -9
- data/spec/unit/settings/certificate_revocation_setting_spec.rb +1 -1
- data/spec/unit/settings/config_file_spec.rb +10 -0
- data/spec/unit/settings/directory_setting_spec.rb +7 -2
- data/spec/unit/settings/duration_setting_spec.rb +2 -1
- data/spec/unit/settings/enum_setting_spec.rb +1 -1
- data/spec/unit/settings/environment_conf_spec.rb +6 -4
- data/spec/unit/settings/file_setting_spec.rb +50 -46
- data/spec/unit/settings/ini_file_spec.rb +2 -4
- data/spec/unit/settings/path_setting_spec.rb +3 -2
- data/spec/unit/settings/priority_setting_spec.rb +2 -1
- data/spec/unit/settings/string_setting_spec.rb +15 -14
- data/spec/unit/settings/terminus_setting_spec.rb +2 -1
- data/spec/unit/settings/value_translator_spec.rb +1 -0
- data/spec/unit/settings_spec.rb +226 -253
- data/spec/unit/ssl/base_spec.rb +15 -14
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +22 -8
- data/spec/unit/ssl/certificate_request_spec.rb +63 -92
- data/spec/unit/ssl/certificate_spec.rb +29 -37
- data/spec/unit/ssl/digest_spec.rb +1 -0
- data/spec/unit/ssl/host_spec.rb +305 -685
- data/spec/unit/ssl/key_spec.rb +34 -46
- data/spec/unit/ssl/validator_spec.rb +70 -203
- data/spec/unit/task_spec.rb +172 -26
- data/spec/unit/transaction/additional_resource_generator_spec.rb +68 -67
- data/spec/unit/transaction/event_manager_spec.rb +84 -95
- data/spec/unit/transaction/event_spec.rb +15 -16
- data/spec/unit/transaction/persistence_spec.rb +18 -17
- data/spec/unit/transaction/report_spec.rb +24 -18
- data/spec/unit/transaction/resource_harness_spec.rb +33 -72
- data/spec/unit/transaction_spec.rb +106 -176
- data/spec/unit/type/component_spec.rb +1 -0
- data/spec/unit/type/exec_spec.rb +66 -120
- data/spec/unit/type/file/checksum_spec.rb +11 -10
- data/spec/unit/type/file/checksum_value_spec.rb +32 -31
- data/spec/unit/type/file/content_spec.rb +62 -65
- data/spec/unit/type/file/ctime_spec.rb +1 -0
- data/spec/unit/type/file/ensure_spec.rb +13 -12
- data/spec/unit/type/file/group_spec.rb +7 -5
- data/spec/unit/type/file/mode_spec.rb +6 -4
- data/spec/unit/type/file/mtime_spec.rb +1 -0
- data/spec/unit/type/file/owner_spec.rb +8 -6
- data/spec/unit/type/file/selinux_spec.rb +19 -17
- data/spec/unit/type/file/source_spec.rb +110 -113
- data/spec/unit/type/file/type_spec.rb +1 -0
- data/spec/unit/type/file_spec.rb +190 -204
- data/spec/unit/type/filebucket_spec.rb +10 -11
- data/spec/unit/type/group_spec.rb +9 -15
- data/spec/unit/type/noop_metaparam_spec.rb +2 -1
- data/spec/unit/type/package/package_settings_spec.rb +23 -44
- data/spec/unit/type/package_spec.rb +64 -61
- data/spec/unit/type/resources_spec.rb +101 -103
- data/spec/unit/type/schedule_spec.rb +28 -28
- data/spec/unit/type/service_spec.rb +85 -76
- data/spec/unit/type/stage_spec.rb +1 -0
- data/spec/unit/type/tidy_spec.rb +63 -62
- data/spec/unit/type/user_spec.rb +26 -147
- data/spec/unit/type/whit_spec.rb +1 -0
- data/spec/unit/type_spec.rb +164 -125
- data/spec/unit/util/at_fork_spec.rb +19 -18
- data/spec/unit/util/autoload_spec.rb +122 -93
- data/spec/unit/util/backups_spec.rb +35 -34
- data/spec/unit/util/character_encoding_spec.rb +5 -48
- data/spec/unit/util/checksums_spec.rb +39 -38
- data/spec/unit/util/colors_spec.rb +2 -1
- data/spec/unit/util/command_line_spec.rb +20 -40
- data/spec/unit/util/constant_inflector_spec.rb +1 -0
- data/spec/unit/util/diff_spec.rb +8 -7
- data/spec/unit/util/errors_spec.rb +1 -0
- data/spec/unit/util/execution_spec.rb +167 -285
- data/spec/unit/util/execution_stub_spec.rb +3 -2
- data/spec/unit/util/feature_spec.rb +46 -28
- data/spec/unit/util/filetype_spec.rb +53 -61
- data/spec/unit/util/http_proxy_spec.rb +13 -133
- data/spec/unit/util/inifile_spec.rb +31 -26
- data/spec/unit/util/json_lockfile_spec.rb +5 -3
- data/spec/unit/util/ldap/connection_spec.rb +25 -26
- data/spec/unit/util/ldap/generator_spec.rb +1 -0
- data/spec/unit/util/ldap/manager_spec.rb +102 -118
- data/spec/unit/util/lockfile_spec.rb +2 -1
- data/spec/unit/util/log/destinations_spec.rb +40 -23
- data/spec/unit/util/log_spec.rb +146 -48
- data/spec/unit/util/logging_spec.rb +114 -252
- data/spec/unit/util/metric_spec.rb +1 -0
- data/spec/unit/util/monkey_patches_spec.rb +12 -24
- data/spec/unit/util/multi_match_spec.rb +1 -0
- data/spec/unit/util/network_device/config_spec.rb +1 -0
- data/spec/unit/util/network_device/transport/base_spec.rb +6 -5
- data/spec/unit/util/network_device_spec.rb +9 -7
- data/spec/unit/util/package_spec.rb +1 -0
- data/spec/unit/util/pidlock_spec.rb +14 -86
- data/spec/unit/util/plist_spec.rb +33 -60
- data/spec/unit/util/posix_spec.rb +47 -78
- data/spec/unit/util/profiler/object_counts_spec.rb +2 -1
- data/spec/unit/util/rdoc_spec.rb +10 -9
- data/spec/unit/util/reference_spec.rb +1 -0
- data/spec/unit/util/resource_template_spec.rb +20 -20
- data/spec/unit/util/retry_action_spec.rb +8 -7
- data/spec/unit/util/rubygems_spec.rb +7 -41
- data/spec/unit/util/run_mode_spec.rb +11 -10
- data/spec/unit/util/selinux_spec.rb +73 -84
- data/spec/unit/util/splayer_spec.rb +9 -8
- data/spec/unit/util/ssl_spec.rb +1 -0
- data/spec/unit/util/storage_spec.rb +17 -111
- data/spec/unit/util/suidmanager_spec.rb +58 -47
- data/spec/unit/util/symbolic_file_mode_spec.rb +1 -0
- data/spec/unit/util/tag_set_spec.rb +9 -1
- data/spec/unit/util/tagging_spec.rb +12 -0
- data/spec/unit/util/terminal_spec.rb +10 -9
- data/spec/unit/util/user_attr_spec.rb +2 -1
- data/spec/unit/util/warnings_spec.rb +4 -3
- data/spec/unit/util/watcher/periodic_watcher_spec.rb +2 -2
- data/spec/unit/util/watcher_spec.rb +21 -51
- data/spec/unit/util/windows/access_control_entry_spec.rb +2 -1
- data/spec/unit/util/windows/access_control_list_spec.rb +2 -1
- data/spec/unit/util/windows/adsi_spec.rb +134 -278
- data/spec/unit/util/windows/api_types_spec.rb +42 -105
- data/spec/unit/util/windows/eventlog_spec.rb +13 -10
- data/spec/unit/util/windows/file_spec.rb +1 -0
- data/spec/unit/util/windows/root_certs_spec.rb +1 -0
- data/spec/unit/util/windows/security_descriptor_spec.rb +3 -1
- data/spec/unit/util/windows/service_spec.rb +180 -432
- data/spec/unit/util/windows/sid_spec.rb +17 -15
- data/spec/unit/util/windows/string_spec.rb +2 -1
- data/spec/unit/util/yaml_spec.rb +162 -28
- data/spec/unit/util_spec.rb +74 -119
- data/spec/unit/version_spec.rb +6 -6
- data/tasks/benchmark.rake +5 -1
- data/tasks/ci.rake +0 -5
- data/tasks/manpages.rake +9 -2
- data/tasks/parser.rake +11 -3
- metadata +162 -479
- data/CODEOWNERS +0 -30
- data/ext/rack/config.ru +0 -44
- data/ext/rack/example-passenger-vhost.conf +0 -57
- data/lib/puppet/application/ca.rb +0 -11
- data/lib/puppet/application/certificate.rb +0 -17
- data/lib/puppet/application/certificate_request.rb +0 -7
- data/lib/puppet/application/certificate_revocation_list.rb +0 -7
- data/lib/puppet/application/master.rb +0 -319
- data/lib/puppet/confine/boolean.rb +0 -45
- data/lib/puppet/external/nagios.rb +0 -46
- data/lib/puppet/external/nagios/base.rb +0 -472
- data/lib/puppet/external/nagios/grammar.ry +0 -248
- data/lib/puppet/external/nagios/makefile +0 -9
- data/lib/puppet/external/nagios/parser.rb +0 -400
- data/lib/puppet/face/ca.rb +0 -266
- data/lib/puppet/face/certificate.rb +0 -167
- data/lib/puppet/face/certificate_request.rb +0 -56
- data/lib/puppet/face/certificate_revocation_list.rb +0 -56
- data/lib/puppet/feature/rack.rb +0 -19
- data/lib/puppet/graph/random_prioritizer.rb +0 -16
- data/lib/puppet/graph/title_hash_prioritizer.rb +0 -16
- data/lib/puppet/indirector/certificate/ca.rb +0 -9
- data/lib/puppet/indirector/certificate/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_request/ca.rb +0 -22
- data/lib/puppet/indirector/certificate_request/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +0 -8
- data/lib/puppet/indirector/certificate_revocation_list/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +0 -8
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +0 -22
- data/lib/puppet/indirector/certificate_status.rb +0 -4
- data/lib/puppet/indirector/certificate_status/file.rb +0 -91
- data/lib/puppet/indirector/certificate_status/rest.rb +0 -11
- data/lib/puppet/indirector/key/ca.rb +0 -16
- data/lib/puppet/indirector/key/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/ldap.rb +0 -86
- data/lib/puppet/indirector/node/ldap.rb +0 -275
- data/lib/puppet/indirector/node/write_only_yaml.rb +0 -39
- data/lib/puppet/module_tool/applications/builder.rb +0 -152
- data/lib/puppet/module_tool/skeleton/templates/generator/Gemfile +0 -18
- data/lib/puppet/module_tool/skeleton/templates/generator/README.md.erb +0 -89
- data/lib/puppet/module_tool/skeleton/templates/generator/Rakefile +0 -32
- data/lib/puppet/module_tool/skeleton/templates/generator/examples/init.pp.erb +0 -12
- data/lib/puppet/module_tool/skeleton/templates/generator/manifests/init.pp.erb +0 -48
- data/lib/puppet/module_tool/skeleton/templates/generator/metadata.json.erb +0 -1
- data/lib/puppet/module_tool/skeleton/templates/generator/spec/classes/init_spec.rb.erb +0 -6
- data/lib/puppet/module_tool/skeleton/templates/generator/spec/spec_helper.rb +0 -1
- data/lib/puppet/network/http/api/ca.rb +0 -2
- data/lib/puppet/network/http/api/ca/v1.rb +0 -11
- data/lib/puppet/network/http/rack.rb +0 -33
- data/lib/puppet/network/http/rack/rest.rb +0 -162
- data/lib/puppet/network/http/webrick.rb +0 -124
- data/lib/puppet/network/http/webrick/rest.rb +0 -114
- data/lib/puppet/network/server.rb +0 -39
- data/lib/puppet/provider/augeas/augeas.rb +0 -767
- data/lib/puppet/provider/cisco.rb +0 -9
- data/lib/puppet/provider/computer/computer.rb +0 -20
- data/lib/puppet/provider/cron/crontab.rb +0 -297
- data/lib/puppet/provider/host/parsed.rb +0 -46
- data/lib/puppet/provider/interface/cisco.rb +0 -27
- data/lib/puppet/provider/macauthorization/macauthorization.rb +0 -298
- data/lib/puppet/provider/mailalias/aliases.rb +0 -50
- data/lib/puppet/provider/maillist/mailman.rb +0 -108
- data/lib/puppet/provider/mcx/mcxcontent.rb +0 -173
- data/lib/puppet/provider/mount.rb +0 -76
- data/lib/puppet/provider/mount/parsed.rb +0 -285
- data/lib/puppet/provider/naginator.rb +0 -63
- data/lib/puppet/provider/package/dnfmodule.rb +0 -141
- data/lib/puppet/provider/package_targetable.rb +0 -69
- data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +0 -590
- data/lib/puppet/provider/selboolean/getsetsebool.rb +0 -47
- data/lib/puppet/provider/selmodule/semodule.rb +0 -157
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +0 -105
- data/lib/puppet/provider/sshkey/parsed.rb +0 -50
- data/lib/puppet/provider/vlan/cisco.rb +0 -28
- data/lib/puppet/provider/yumrepo/inifile.rb +0 -315
- data/lib/puppet/provider/zfs/zfs.rb +0 -108
- data/lib/puppet/provider/zone/solaris.rb +0 -364
- data/lib/puppet/provider/zpool/zpool.rb +0 -125
- data/lib/puppet/ssl/certificate_authority.rb +0 -554
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +0 -45
- data/lib/puppet/ssl/certificate_authority/interface.rb +0 -324
- data/lib/puppet/ssl/certificate_revocation_list.rb +0 -111
- data/lib/puppet/ssl/configuration.rb +0 -61
- data/lib/puppet/ssl/inventory.rb +0 -55
- data/lib/puppet/type/augeas.rb +0 -211
- data/lib/puppet/type/computer.rb +0 -66
- data/lib/puppet/type/cron.rb +0 -480
- data/lib/puppet/type/host.rb +0 -95
- data/lib/puppet/type/interface.rb +0 -121
- data/lib/puppet/type/k5login.rb +0 -165
- data/lib/puppet/type/macauthorization.rb +0 -167
- data/lib/puppet/type/mailalias.rb +0 -46
- data/lib/puppet/type/maillist.rb +0 -62
- data/lib/puppet/type/mcx.rb +0 -98
- data/lib/puppet/type/mount.rb +0 -314
- data/lib/puppet/type/nagios_command.rb +0 -3
- data/lib/puppet/type/nagios_contact.rb +0 -3
- data/lib/puppet/type/nagios_contactgroup.rb +0 -3
- data/lib/puppet/type/nagios_host.rb +0 -3
- data/lib/puppet/type/nagios_hostdependency.rb +0 -3
- data/lib/puppet/type/nagios_hostescalation.rb +0 -3
- data/lib/puppet/type/nagios_hostextinfo.rb +0 -3
- data/lib/puppet/type/nagios_hostgroup.rb +0 -3
- data/lib/puppet/type/nagios_service.rb +0 -3
- data/lib/puppet/type/nagios_servicedependency.rb +0 -3
- data/lib/puppet/type/nagios_serviceescalation.rb +0 -3
- data/lib/puppet/type/nagios_serviceextinfo.rb +0 -3
- data/lib/puppet/type/nagios_servicegroup.rb +0 -3
- data/lib/puppet/type/nagios_timeperiod.rb +0 -3
- data/lib/puppet/type/router.rb +0 -17
- data/lib/puppet/type/scheduled_task.rb +0 -183
- data/lib/puppet/type/selboolean.rb +0 -40
- data/lib/puppet/type/selmodule.rb +0 -58
- data/lib/puppet/type/ssh_authorized_key.rb +0 -143
- data/lib/puppet/type/sshkey.rb +0 -83
- data/lib/puppet/type/vlan.rb +0 -26
- data/lib/puppet/type/yumrepo.rb +0 -430
- data/lib/puppet/type/zfs.rb +0 -154
- data/lib/puppet/type/zone.rb +0 -382
- data/lib/puppet/type/zpool.rb +0 -91
- data/lib/puppet/util/methodhelper.rb +0 -32
- data/lib/puppet/util/nagios_maker.rb +0 -85
- data/lib/puppet/util/network_device/cisco.rb +0 -4
- data/lib/puppet/util/network_device/cisco/device.rb +0 -285
- data/lib/puppet/util/network_device/cisco/facts.rb +0 -72
- data/lib/puppet/util/network_device/cisco/interface.rb +0 -94
- data/lib/puppet/util/network_device/ipcalc.rb +0 -68
- data/lib/puppet/util/network_device/transport/ssh.rb +0 -126
- data/lib/puppet/util/network_device/transport/telnet.rb +0 -47
- data/lib/puppet/util/windows/taskscheduler.rb +0 -1267
- data/lib/puppet/vendor/load_semantic.rb +0 -1
- data/lib/puppet/vendor/load_semantic_puppet.rb +0 -1
- data/lib/puppet/vendor/semantic/lib/semantic.rb +0 -5
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet.rb +0 -11
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency.rb +0 -181
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph.rb +0 -60
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph_node.rb +0 -117
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/module_release.rb +0 -58
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/source.rb +0 -25
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/unsatisfiable_graph.rb +0 -31
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/gem_version.rb +0 -3
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version.rb +0 -203
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version_range.rb +0 -758
- data/lib/puppet/vendor/semantic_puppet/locales/config.yaml +0 -21
- data/man/man8/puppet-ca.8 +0 -196
- data/man/man8/puppet-cert.8 +0 -118
- data/man/man8/puppet-certificate.8 +0 -240
- data/man/man8/puppet-certificate_request.8 +0 -161
- data/man/man8/puppet-certificate_revocation_list.8 +0 -139
- data/man/man8/puppet-master.8 +0 -85
- data/spec/fixtures/integration/provider/cron/crontab/create_normal_entry +0 -19
- data/spec/fixtures/integration/provider/cron/crontab/create_special_entry +0 -18
- data/spec/fixtures/integration/provider/cron/crontab/crontab_user1 +0 -15
- data/spec/fixtures/integration/provider/cron/crontab/crontab_user2 +0 -4
- data/spec/fixtures/integration/provider/cron/crontab/modify_entry +0 -13
- data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input1 +0 -15
- data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input2 +0 -6
- data/spec/fixtures/integration/provider/cron/crontab/purged +0 -8
- data/spec/fixtures/integration/provider/cron/crontab/remove_named_resource +0 -12
- data/spec/fixtures/integration/provider/cron/crontab/remove_unnamed_resource +0 -14
- data/spec/fixtures/integration/provider/cron/crontab/unspecialized +0 -15
- data/spec/fixtures/integration/provider/mailalias/aliases/test1 +0 -32
- data/spec/fixtures/integration/provider/sshkey/sample +0 -21
- data/spec/fixtures/unit/provider/augeas/augeas/augeas/lenses/test.aug +0 -13
- data/spec/fixtures/unit/provider/augeas/augeas/etc/fstab +0 -10
- data/spec/fixtures/unit/provider/augeas/augeas/etc/hosts +0 -6
- data/spec/fixtures/unit/provider/augeas/augeas/etc/test +0 -3
- data/spec/fixtures/unit/provider/augeas/augeas/test.aug +0 -13
- data/spec/fixtures/unit/provider/host/parsed/valid_hosts +0 -19
- data/spec/fixtures/unit/provider/mount/mount-output.aix.txt +0 -7
- data/spec/fixtures/unit/provider/mount/parsed/aix.filesystems +0 -152
- data/spec/fixtures/unit/provider/mount/parsed/aix.mount +0 -11
- data/spec/fixtures/unit/provider/mount/parsed/darwin.mount +0 -6
- data/spec/fixtures/unit/provider/mount/parsed/freebsd.fstab +0 -9
- data/spec/fixtures/unit/provider/mount/parsed/freebsd.mount +0 -4
- data/spec/fixtures/unit/provider/mount/parsed/hpux.mount +0 -17
- data/spec/fixtures/unit/provider/mount/parsed/linux.fstab +0 -12
- data/spec/fixtures/unit/provider/mount/parsed/linux.mount +0 -6
- data/spec/fixtures/unit/provider/mount/parsed/netbsd.fstab +0 -10
- data/spec/fixtures/unit/provider/mount/parsed/netbsd.mount +0 -9
- data/spec/fixtures/unit/provider/mount/parsed/openbsd.fstab +0 -5
- data/spec/fixtures/unit/provider/mount/parsed/openbsd.mount +0 -5
- data/spec/fixtures/unit/provider/mount/parsed/solaris.fstab +0 -11
- data/spec/fixtures/unit/provider/mount/parsed/solaris.mount +0 -6
- data/spec/fixtures/unit/provider/naginator/define_empty_param +0 -6
- data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list.txt +0 -19
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +0 -9
- data/spec/fixtures/unit/provider/service/smf/svcs_fmri.out +0 -6
- data/spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out +0 -13
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys +0 -7
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys1 +0 -3
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys2 +0 -1
- data/spec/fixtures/unit/provider/sshkey/parsed/sample +0 -21
- data/spec/fixtures/unit/provider/sshkey/parsed/sample_with_blank_lines +0 -8
- data/spec/fixtures/unit/provider/zfs/zfs/zfs-list.out +0 -2
- data/spec/fixtures/unit/provider/zpool/zpool/zpool-list.out +0 -2
- data/spec/integration/faces/ca_spec.rb +0 -353
- data/spec/integration/indirector/node/ldap_spec.rb +0 -13
- data/spec/integration/network/http_pool_spec.rb +0 -120
- data/spec/integration/provider/cron/crontab_spec.rb +0 -240
- data/spec/integration/provider/file/windows_spec.rb +0 -162
- data/spec/integration/provider/mailalias/aliases_spec.rb +0 -9
- data/spec/integration/provider/mount_spec.rb +0 -163
- data/spec/integration/provider/ssh_authorized_key_spec.rb +0 -217
- data/spec/integration/provider/sshkey_spec.rb +0 -153
- data/spec/integration/provider/yumrepo_spec.rb +0 -126
- data/spec/integration/ssl/autosign_spec.rb +0 -145
- data/spec/integration/ssl/certificate_authority_spec.rb +0 -161
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +0 -33
- data/spec/integration/transaction_spec.rb +0 -553
- data/spec/integration/type/nagios_spec.rb +0 -69
- data/spec/integration/type/notify_spec.rb +0 -46
- data/spec/integration/type/user_spec.rb +0 -63
- data/spec/lib/puppet_spec/https.rb +0 -166
- data/spec/unit/application/cert_spec.rb +0 -272
- data/spec/unit/application/certificate_spec.rb +0 -21
- data/spec/unit/application/master_spec.rb +0 -414
- data/spec/unit/face/ca_spec.rb +0 -9
- data/spec/unit/face/certificate_request_spec.rb +0 -9
- data/spec/unit/face/certificate_revocation_list_spec.rb +0 -9
- data/spec/unit/face/certificate_spec.rb +0 -228
- data/spec/unit/face/module/build_spec.rb +0 -69
- data/spec/unit/graph/title_hash_prioritizer_spec.rb +0 -50
- data/spec/unit/indirector/certificate/ca_spec.rb +0 -21
- data/spec/unit/indirector/certificate/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_request/ca_spec.rb +0 -56
- data/spec/unit/indirector/certificate_request/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_revocation_list/ca_spec.rb +0 -15
- data/spec/unit/indirector/certificate_revocation_list/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_revocation_list/file_spec.rb +0 -16
- data/spec/unit/indirector/certificate_revocation_list/rest_spec.rb +0 -33
- data/spec/unit/indirector/certificate_status/file_spec.rb +0 -190
- data/spec/unit/indirector/certificate_status/rest_spec.rb +0 -17
- data/spec/unit/indirector/code_spec.rb +0 -30
- data/spec/unit/indirector/key/ca_spec.rb +0 -22
- data/spec/unit/indirector/key/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/ldap_spec.rb +0 -151
- data/spec/unit/indirector/node/ldap_spec.rb +0 -463
- data/spec/unit/indirector/node/write_only_yaml_spec.rb +0 -11
- data/spec/unit/module_tool/applications/builder_spec.rb +0 -439
- data/spec/unit/network/http/api/ca/v1_spec.rb +0 -26
- data/spec/unit/network/http/rack/rest_spec.rb +0 -322
- data/spec/unit/network/http/rack_spec.rb +0 -42
- data/spec/unit/network/http/webrick/rest_spec.rb +0 -230
- data/spec/unit/network/http/webrick_spec.rb +0 -277
- data/spec/unit/network/server_spec.rb +0 -94
- data/spec/unit/provider/augeas/augeas_spec.rb +0 -1096
- data/spec/unit/provider/cisco_spec.rb +0 -14
- data/spec/unit/provider/cron/crontab_spec.rb +0 -206
- data/spec/unit/provider/cron/parsed_spec.rb +0 -355
- data/spec/unit/provider/host/parsed_spec.rb +0 -219
- data/spec/unit/provider/interface/cisco_spec.rb +0 -53
- data/spec/unit/provider/macauthorization_spec.rb +0 -134
- data/spec/unit/provider/mcx/mcxcontent_spec.rb +0 -190
- data/spec/unit/provider/mount/parsed_spec.rb +0 -318
- data/spec/unit/provider/mount_spec.rb +0 -169
- data/spec/unit/provider/naginator_spec.rb +0 -78
- data/spec/unit/provider/network_device_spec.rb +0 -152
- data/spec/unit/provider/package/dnfmodule_spec.rb +0 -247
- data/spec/unit/provider/package_targetable_spec.rb +0 -60
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +0 -2050
- data/spec/unit/provider/selboolean_spec.rb +0 -34
- data/spec/unit/provider/selmodule-example.pp +0 -0
- data/spec/unit/provider/selmodule_spec.rb +0 -154
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +0 -259
- data/spec/unit/provider/sshkey/parsed_spec.rb +0 -92
- data/spec/unit/provider/vlan/cisco_spec.rb +0 -53
- data/spec/unit/provider/yumrepo/inifile_spec.rb +0 -413
- data/spec/unit/provider/zfs/zfs_spec.rb +0 -171
- data/spec/unit/provider/zone/solaris_spec.rb +0 -261
- data/spec/unit/provider/zpool/zpool_spec.rb +0 -250
- data/spec/unit/settings/server_list_setting_spec.rb +0 -21
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +0 -29
- data/spec/unit/ssl/certificate_authority/interface_spec.rb +0 -563
- data/spec/unit/ssl/certificate_authority_spec.rb +0 -1165
- data/spec/unit/ssl/certificate_revocation_list_spec.rb +0 -196
- data/spec/unit/ssl/configuration_spec.rb +0 -138
- data/spec/unit/ssl/inventory_spec.rb +0 -155
- data/spec/unit/test/test_helper_spec.rb +0 -17
- data/spec/unit/type/augeas_spec.rb +0 -120
- data/spec/unit/type/computer_spec.rb +0 -77
- data/spec/unit/type/cron_spec.rb +0 -539
- data/spec/unit/type/host_spec.rb +0 -680
- data/spec/unit/type/interface_spec.rb +0 -128
- data/spec/unit/type/k5login_spec.rb +0 -204
- data/spec/unit/type/macauthorization_spec.rb +0 -111
- data/spec/unit/type/mailalias_spec.rb +0 -48
- data/spec/unit/type/maillist_spec.rb +0 -38
- data/spec/unit/type/mcx_spec.rb +0 -75
- data/spec/unit/type/mount_spec.rb +0 -622
- data/spec/unit/type/nagios_spec.rb +0 -312
- data/spec/unit/type/scheduled_task_spec.rb +0 -117
- data/spec/unit/type/selboolean_spec.rb +0 -41
- data/spec/unit/type/selmodule_spec.rb +0 -16
- data/spec/unit/type/ssh_authorized_key_spec.rb +0 -228
- data/spec/unit/type/sshkey_spec.rb +0 -75
- data/spec/unit/type/vlan_spec.rb +0 -42
- data/spec/unit/type/yumrepo_spec.rb +0 -476
- data/spec/unit/type/zfs_spec.rb +0 -45
- data/spec/unit/type/zone_spec.rb +0 -182
- data/spec/unit/type/zpool_spec.rb +0 -108
- data/spec/unit/util/nagios_maker_spec.rb +0 -121
- data/spec/unit/util/network_device/cisco/device_spec.rb +0 -491
- data/spec/unit/util/network_device/cisco/facts_spec.rb +0 -63
- data/spec/unit/util/network_device/cisco/interface_spec.rb +0 -97
- data/spec/unit/util/network_device/ipcalc_spec.rb +0 -61
- data/spec/unit/util/network_device/transport/ssh_spec.rb +0 -252
- data/spec/unit/util/network_device/transport/telnet_spec.rb +0 -90
@@ -1,1165 +0,0 @@
|
|
1
|
-
# encoding: ASCII-8BIT
|
2
|
-
require 'spec_helper'
|
3
|
-
|
4
|
-
require 'puppet/ssl/certificate_authority'
|
5
|
-
|
6
|
-
describe Puppet::SSL::CertificateAuthority do
|
7
|
-
after do
|
8
|
-
Puppet::SSL::CertificateAuthority.instance_variable_set(:@singleton_instance, nil)
|
9
|
-
end
|
10
|
-
|
11
|
-
def stub_ca_host
|
12
|
-
@key = double('key')
|
13
|
-
allow(@key).to receive(:content).and_return("cakey")
|
14
|
-
@cacert = double('certificate')
|
15
|
-
allow(@cacert).to receive(:content).and_return("cacertificate")
|
16
|
-
|
17
|
-
@host = double('ssl_host', :key => @key, :certificate => @cacert, :name => Puppet::SSL::Host.ca_name)
|
18
|
-
end
|
19
|
-
|
20
|
-
it "should have a class method for returning a singleton instance" do
|
21
|
-
expect(Puppet::SSL::CertificateAuthority).to respond_to(:instance)
|
22
|
-
end
|
23
|
-
|
24
|
-
describe "when finding an existing instance" do
|
25
|
-
describe "and the host is a CA host and the run_mode is master" do
|
26
|
-
before do
|
27
|
-
Puppet[:ca] = true
|
28
|
-
allow(Puppet.run_mode).to receive(:master?).and_return(true)
|
29
|
-
|
30
|
-
@ca = double('ca')
|
31
|
-
allow(Puppet::SSL::CertificateAuthority).to receive(:new).and_return(@ca)
|
32
|
-
end
|
33
|
-
|
34
|
-
it "should return an instance" do
|
35
|
-
expect(Puppet::SSL::CertificateAuthority.instance).to equal(@ca)
|
36
|
-
end
|
37
|
-
|
38
|
-
it "should always return the same instance" do
|
39
|
-
expect(Puppet::SSL::CertificateAuthority.instance).to equal(Puppet::SSL::CertificateAuthority.instance)
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
describe "and the host is not a CA host" do
|
44
|
-
it "should return nil" do
|
45
|
-
Puppet[:ca] = false
|
46
|
-
allow(Puppet.run_mode).to receive(:master?).and_return(true)
|
47
|
-
|
48
|
-
expect(Puppet::SSL::CertificateAuthority).not_to receive(:new)
|
49
|
-
expect(Puppet::SSL::CertificateAuthority.instance).to be_nil
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
describe "and the run_mode is not master" do
|
54
|
-
it "should return nil" do
|
55
|
-
Puppet[:ca] = true
|
56
|
-
allow(Puppet.run_mode).to receive(:master?).and_return(false)
|
57
|
-
|
58
|
-
expect(Puppet::SSL::CertificateAuthority).not_to receive(:new)
|
59
|
-
expect(Puppet::SSL::CertificateAuthority.instance).to be_nil
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
describe "when initializing" do
|
65
|
-
before do
|
66
|
-
allow(Puppet.settings).to receive(:use)
|
67
|
-
|
68
|
-
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
69
|
-
end
|
70
|
-
|
71
|
-
it "should always set its name to the value of :certname" do
|
72
|
-
Puppet[:certname] = "ca_testing"
|
73
|
-
|
74
|
-
expect(Puppet::SSL::CertificateAuthority.new.name).to eq("ca_testing")
|
75
|
-
end
|
76
|
-
|
77
|
-
it "should create an SSL::Host instance whose name is the 'ca_name'" do
|
78
|
-
expect(Puppet::SSL::Host).to receive(:ca_name).and_return("caname")
|
79
|
-
|
80
|
-
host = double('host')
|
81
|
-
expect(Puppet::SSL::Host).to receive(:new).with("caname").and_return(host)
|
82
|
-
|
83
|
-
Puppet::SSL::CertificateAuthority.new
|
84
|
-
end
|
85
|
-
|
86
|
-
it "should use the :main, :ca, and :ssl settings sections" do
|
87
|
-
expect(Puppet.settings).to receive(:use).with(:main, :ssl, :ca)
|
88
|
-
Puppet::SSL::CertificateAuthority.new
|
89
|
-
end
|
90
|
-
|
91
|
-
it "should make sure the CA is set up" do
|
92
|
-
expect_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
93
|
-
|
94
|
-
Puppet::SSL::CertificateAuthority.new
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
describe "when setting itself up" do
|
99
|
-
it "should generate the CA certificate if it does not have one" do
|
100
|
-
allow(Puppet.settings).to receive(:use)
|
101
|
-
|
102
|
-
host = double('host')
|
103
|
-
allow(Puppet::SSL::Host).to receive(:new).and_return(host)
|
104
|
-
|
105
|
-
expect(host).to receive(:certificate).and_return(nil)
|
106
|
-
|
107
|
-
expect_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:generate_ca_certificate)
|
108
|
-
Puppet::SSL::CertificateAuthority.new
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
describe "when retrieving the certificate revocation list" do
|
113
|
-
before do
|
114
|
-
allow(Puppet.settings).to receive(:use)
|
115
|
-
Puppet[:cacrl] = "/my/crl"
|
116
|
-
|
117
|
-
cert = double("certificate", :content => "real_cert")
|
118
|
-
key = double("key", :content => "real_key")
|
119
|
-
@host = double('host', :certificate => cert, :name => "hostname", :key => key)
|
120
|
-
|
121
|
-
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
122
|
-
@ca = Puppet::SSL::CertificateAuthority.new
|
123
|
-
|
124
|
-
allow(@ca).to receive(:host).and_return(@host)
|
125
|
-
end
|
126
|
-
|
127
|
-
it "should return any found CRL instance" do
|
128
|
-
crl = double('crl')
|
129
|
-
expect(Puppet::SSL::CertificateRevocationList.indirection).to receive(:find).and_return(crl)
|
130
|
-
expect(@ca.crl).to equal(crl)
|
131
|
-
end
|
132
|
-
|
133
|
-
it "should create, generate, and save a new CRL instance of no CRL can be found" do
|
134
|
-
crl = Puppet::SSL::CertificateRevocationList.new("fakename")
|
135
|
-
expect(Puppet::SSL::CertificateRevocationList.indirection).to receive(:find).and_return(nil)
|
136
|
-
|
137
|
-
expect(Puppet::SSL::CertificateRevocationList).to receive(:new).and_return(crl)
|
138
|
-
|
139
|
-
expect(crl).to receive(:generate).with(@ca.host.certificate.content, @ca.host.key.content)
|
140
|
-
expect(Puppet::SSL::CertificateRevocationList.indirection).to receive(:save).with(crl)
|
141
|
-
|
142
|
-
expect(@ca.crl).to equal(crl)
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
describe "when generating a self-signed CA certificate" do
|
147
|
-
before do
|
148
|
-
allow(Puppet.settings).to receive(:use)
|
149
|
-
|
150
|
-
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:setup)
|
151
|
-
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:crl)
|
152
|
-
@ca = Puppet::SSL::CertificateAuthority.new
|
153
|
-
|
154
|
-
@host = double('host', :key => double("key"), :name => "hostname", :certificate => double('certificate'))
|
155
|
-
|
156
|
-
allow_any_instance_of(Puppet::SSL::CertificateRequest).to receive(:generate)
|
157
|
-
|
158
|
-
allow(@ca).to receive(:host).and_return(@host)
|
159
|
-
end
|
160
|
-
|
161
|
-
it "should create and store a password at :capass" do
|
162
|
-
Puppet[:capass] = File.expand_path("/path/to/pass")
|
163
|
-
|
164
|
-
expect(Puppet::FileSystem).to receive(:exist?).with(Puppet[:capass]).and_return(false)
|
165
|
-
|
166
|
-
fh = StringIO.new
|
167
|
-
expect(Puppet.settings.setting(:capass)).to receive(:open).with('w:ASCII').and_yield(fh)
|
168
|
-
|
169
|
-
allow(@ca).to receive(:sign)
|
170
|
-
|
171
|
-
@ca.generate_ca_certificate
|
172
|
-
|
173
|
-
expect(fh.string.length).to be > 18
|
174
|
-
end
|
175
|
-
|
176
|
-
it "should generate a key if one does not exist" do
|
177
|
-
allow(@ca).to receive(:generate_password)
|
178
|
-
allow(@ca).to receive(:sign)
|
179
|
-
|
180
|
-
expect(@ca.host).to receive(:key).and_return(nil)
|
181
|
-
expect(@ca.host).to receive(:generate_key)
|
182
|
-
|
183
|
-
@ca.generate_ca_certificate
|
184
|
-
end
|
185
|
-
|
186
|
-
it "should create and sign a self-signed cert using the CA name" do
|
187
|
-
request = double('request')
|
188
|
-
expect(Puppet::SSL::CertificateRequest).to receive(:new).with(@ca.host.name).and_return(request)
|
189
|
-
expect(request).to receive(:generate).with(@ca.host.key)
|
190
|
-
allow(request).to receive(:request_extensions).and_return([])
|
191
|
-
|
192
|
-
expect(@ca).to receive(:sign).with(
|
193
|
-
@host.name,
|
194
|
-
{
|
195
|
-
allow_dns_alt_names: false,
|
196
|
-
self_signing_csr: request
|
197
|
-
}
|
198
|
-
)
|
199
|
-
|
200
|
-
allow(@ca).to receive(:generate_password)
|
201
|
-
|
202
|
-
@ca.generate_ca_certificate
|
203
|
-
end
|
204
|
-
|
205
|
-
it "should generate its CRL" do
|
206
|
-
allow(@ca).to receive(:generate_password)
|
207
|
-
allow(@ca).to receive(:sign)
|
208
|
-
|
209
|
-
expect(@ca.host).to receive(:key).and_return(nil)
|
210
|
-
expect(@ca.host).to receive(:generate_key)
|
211
|
-
|
212
|
-
expect(@ca).to receive(:crl)
|
213
|
-
|
214
|
-
@ca.generate_ca_certificate
|
215
|
-
end
|
216
|
-
end
|
217
|
-
|
218
|
-
describe "when signing" do
|
219
|
-
before do
|
220
|
-
allow(Puppet.settings).to receive(:use)
|
221
|
-
|
222
|
-
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:password?).and_return(true)
|
223
|
-
|
224
|
-
stub_ca_host
|
225
|
-
|
226
|
-
expect(Puppet::SSL::Host).to receive(:new).with(Puppet::SSL::Host.ca_name).and_return(@host)
|
227
|
-
|
228
|
-
@ca = Puppet::SSL::CertificateAuthority.new
|
229
|
-
|
230
|
-
@name = "myhost"
|
231
|
-
@real_cert = double('realcert', :sign => nil)
|
232
|
-
@cert = Puppet::SSL::Certificate.new(@name)
|
233
|
-
@cert.content = @real_cert
|
234
|
-
|
235
|
-
allow(Puppet::SSL::Certificate).to receive(:new).and_return(@cert)
|
236
|
-
|
237
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
238
|
-
|
239
|
-
# Stub out the factory
|
240
|
-
allow(Puppet::SSL::CertificateFactory).to receive(:build).and_return(@cert.content)
|
241
|
-
|
242
|
-
@request_content = double("request content stub", :subject => OpenSSL::X509::Name.new([['CN', @name]]), :public_key => double('public_key'))
|
243
|
-
@request = double('request', :name => @name, :request_extensions => [], :subject_alt_names => [], :content => @request_content)
|
244
|
-
allow(@request_content).to receive(:verify).and_return(true)
|
245
|
-
|
246
|
-
# And the inventory
|
247
|
-
@inventory = double('inventory', :add => nil)
|
248
|
-
allow(@ca).to receive(:inventory).and_return(@inventory)
|
249
|
-
|
250
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:destroy)
|
251
|
-
end
|
252
|
-
|
253
|
-
describe "its own certificate" do
|
254
|
-
before do
|
255
|
-
@serial = 10
|
256
|
-
allow(@ca).to receive(:next_serial).and_return(@serial)
|
257
|
-
end
|
258
|
-
|
259
|
-
it "should not look up a certificate request for the host" do
|
260
|
-
expect(Puppet::SSL::CertificateRequest.indirection).not_to receive(:find)
|
261
|
-
|
262
|
-
@ca.sign(@name, {allow_dns_alt_names: true,
|
263
|
-
self_signing_csr: @request})
|
264
|
-
end
|
265
|
-
|
266
|
-
it "should use a certificate type of :ca" do
|
267
|
-
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(:ca, any_args).and_return(@cert.content)
|
268
|
-
@ca.sign(@name, {allow_dns_alt_names: true,
|
269
|
-
self_signing_csr: @request})
|
270
|
-
end
|
271
|
-
|
272
|
-
it "should pass the provided CSR as the CSR" do
|
273
|
-
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, @request, any_args).and_return(@cert.content)
|
274
|
-
@ca.sign(@name, {allow_dns_alt_names: true,
|
275
|
-
self_signing_csr: @request})
|
276
|
-
end
|
277
|
-
|
278
|
-
it "should use the provided CSR's content as the issuer" do
|
279
|
-
expect(Puppet::SSL::CertificateFactory).to receive(:build) do |*args|
|
280
|
-
expect(args[2].subject.to_s).to eq("/CN=myhost")
|
281
|
-
end.and_return(@cert.content)
|
282
|
-
@ca.sign(@name, {allow_dns_alt_names: true,
|
283
|
-
self_signing_csr: @request})
|
284
|
-
end
|
285
|
-
|
286
|
-
it "should pass the next serial as the serial number" do
|
287
|
-
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, anything, anything, @serial).and_return(@cert.content)
|
288
|
-
@ca.sign(@name, {allow_dns_alt_names: true,
|
289
|
-
self_signing_csr: @request})
|
290
|
-
end
|
291
|
-
|
292
|
-
it "should sign the certificate request even if it contains alt names" do
|
293
|
-
allow(@request).to receive(:subject_alt_names).and_return(%w[DNS:foo DNS:bar DNS:baz])
|
294
|
-
|
295
|
-
expect do
|
296
|
-
@ca.sign(@name, {allow_dns_alt_names: false,
|
297
|
-
self_signing_csr: @request})
|
298
|
-
end.not_to raise_error
|
299
|
-
end
|
300
|
-
|
301
|
-
it "should save the resulting certificate" do
|
302
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:save).with(@cert)
|
303
|
-
|
304
|
-
@ca.sign(@name, {allow_dns_alt_names: true,
|
305
|
-
self_signing_csr: @request})
|
306
|
-
end
|
307
|
-
end
|
308
|
-
|
309
|
-
describe "another host's certificate" do
|
310
|
-
before do
|
311
|
-
@serial = 10
|
312
|
-
allow(@ca).to receive(:next_serial).and_return(@serial)
|
313
|
-
|
314
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
315
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:save)
|
316
|
-
end
|
317
|
-
|
318
|
-
it "should use a certificate type of :server" do
|
319
|
-
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(:server, any_args).and_return(@cert.content)
|
320
|
-
|
321
|
-
@ca.sign(@name)
|
322
|
-
end
|
323
|
-
|
324
|
-
it "should use look up a CSR for the host in the :ca_file terminus" do
|
325
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
326
|
-
|
327
|
-
@ca.sign(@name)
|
328
|
-
end
|
329
|
-
|
330
|
-
it "should fail if no CSR can be found for the host" do
|
331
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(nil)
|
332
|
-
|
333
|
-
expect { @ca.sign(@name) }.to raise_error(ArgumentError)
|
334
|
-
end
|
335
|
-
|
336
|
-
it "should fail if an unknown request extension is present" do
|
337
|
-
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "bananas",
|
338
|
-
"value" => "delicious" }])
|
339
|
-
expect {
|
340
|
-
@ca.sign(@name)
|
341
|
-
}.to raise_error(/CSR has request extensions that are not permitted/)
|
342
|
-
end
|
343
|
-
|
344
|
-
it "should reject auth extensions" do
|
345
|
-
allow(@request).to receive(:request_extensions).and_return([{"oid" => "1.3.6.1.4.1.34380.1.3.1",
|
346
|
-
"value" => "true"},
|
347
|
-
{"oid" => "1.3.6.1.4.1.34380.1.3.13",
|
348
|
-
"value" => "com"}])
|
349
|
-
|
350
|
-
expect {
|
351
|
-
@ca.sign(@name)
|
352
|
-
}.to raise_error(Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
353
|
-
/CSR '#{@name}' contains authorization extensions (.*?, .*?).*/)
|
354
|
-
end
|
355
|
-
|
356
|
-
it "should not fail if the CSR contains auth extensions and they're allowed" do
|
357
|
-
allow(@request).to receive(:request_extensions).and_return([{"oid" => "1.3.6.1.4.1.34380.1.3.1",
|
358
|
-
"value" => "true"},
|
359
|
-
{"oid" => "1.3.6.1.4.1.34380.1.3.13",
|
360
|
-
"value" => "com"}])
|
361
|
-
expect { @ca.sign(@name, {allow_authorization_extensions: true})}.to_not raise_error
|
362
|
-
end
|
363
|
-
|
364
|
-
it "should fail if the CSR contains alt names and they are not expected" do
|
365
|
-
allow(@request).to receive(:subject_alt_names).and_return(%w[DNS:foo DNS:bar DNS:baz])
|
366
|
-
|
367
|
-
expect do
|
368
|
-
@ca.sign(@name, {allow_dns_alt_names: false})
|
369
|
-
end.to raise_error(Puppet::SSL::CertificateAuthority::CertificateSigningError, /CSR '#{@name}' contains subject alternative names \(.*?\), which are disallowed. Use `puppet cert --allow-dns-alt-names sign #{@name}` to sign this request./)
|
370
|
-
end
|
371
|
-
|
372
|
-
it "should not fail if the CSR does not contain alt names and they are expected" do
|
373
|
-
allow(@request).to receive(:subject_alt_names).and_return([])
|
374
|
-
expect { @ca.sign(@name, {allow_dns_alt_names: true}) }.to_not raise_error
|
375
|
-
end
|
376
|
-
|
377
|
-
it "should reject alt names by default" do
|
378
|
-
allow(@request).to receive(:subject_alt_names).and_return(%w[DNS:foo DNS:bar DNS:baz])
|
379
|
-
|
380
|
-
expect do
|
381
|
-
@ca.sign(@name)
|
382
|
-
end.to raise_error(Puppet::SSL::CertificateAuthority::CertificateSigningError, /CSR '#{@name}' contains subject alternative names \(.*?\), which are disallowed. Use `puppet cert --allow-dns-alt-names sign #{@name}` to sign this request./)
|
383
|
-
end
|
384
|
-
|
385
|
-
it "should use the CA certificate as the issuer" do
|
386
|
-
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, anything, @cacert.content, any_args).and_return(@cert.content)
|
387
|
-
@ca.sign(@name)
|
388
|
-
end
|
389
|
-
|
390
|
-
it "should pass the next serial as the serial number" do
|
391
|
-
expect(Puppet::SSL::CertificateFactory).to receive(:build).with(anything, anything, anything, @serial).and_return(@cert.content)
|
392
|
-
@ca.sign(@name)
|
393
|
-
end
|
394
|
-
|
395
|
-
it "should sign the resulting certificate using its real key and a digest" do
|
396
|
-
digest = double('digest')
|
397
|
-
expect(OpenSSL::Digest::SHA256).to receive(:new).and_return(digest)
|
398
|
-
|
399
|
-
key = double('key', :content => "real_key")
|
400
|
-
allow(@ca.host).to receive(:key).and_return(key)
|
401
|
-
|
402
|
-
expect(@cert.content).to receive(:sign).with("real_key", digest)
|
403
|
-
@ca.sign(@name)
|
404
|
-
end
|
405
|
-
|
406
|
-
it "should save the resulting certificate" do
|
407
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:save).with(@cert)
|
408
|
-
@ca.sign(@name)
|
409
|
-
end
|
410
|
-
|
411
|
-
it "should remove the host's certificate request" do
|
412
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:destroy).with(@name)
|
413
|
-
|
414
|
-
@ca.sign(@name)
|
415
|
-
end
|
416
|
-
|
417
|
-
it "should check the internal signing policies" do
|
418
|
-
expect(@ca).to receive(:check_internal_signing_policies).and_return(true)
|
419
|
-
@ca.sign(@name)
|
420
|
-
end
|
421
|
-
end
|
422
|
-
|
423
|
-
context "#check_internal_signing_policies" do
|
424
|
-
before do
|
425
|
-
@serial = 10
|
426
|
-
allow(@ca).to receive(:next_serial).and_return(@serial)
|
427
|
-
|
428
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
429
|
-
allow(@cert).to receive(:save)
|
430
|
-
end
|
431
|
-
|
432
|
-
it "should reject CSRs whose CN doesn't match the name for which we're signing them" do
|
433
|
-
# Shorten this so the test doesn't take too long
|
434
|
-
Puppet[:keylength] = 1024
|
435
|
-
key = Puppet::SSL::Key.new('the_certname')
|
436
|
-
key.generate
|
437
|
-
|
438
|
-
csr = Puppet::SSL::CertificateRequest.new('the_certname')
|
439
|
-
csr.generate(key)
|
440
|
-
|
441
|
-
expect do
|
442
|
-
@ca.check_internal_signing_policies('not_the_certname', csr)
|
443
|
-
end.to raise_error(
|
444
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
445
|
-
/common name "the_certname" does not match expected certname "not_the_certname"/
|
446
|
-
)
|
447
|
-
end
|
448
|
-
|
449
|
-
describe "when validating the CN" do
|
450
|
-
before :all do
|
451
|
-
Puppet[:keylength] = 1024
|
452
|
-
Puppet[:passfile] = '/f00'
|
453
|
-
@signing_key = Puppet::SSL::Key.new('my_signing_key')
|
454
|
-
@signing_key.generate
|
455
|
-
end
|
456
|
-
|
457
|
-
[
|
458
|
-
'completely_okay',
|
459
|
-
'sure, why not? :)',
|
460
|
-
'so+many(things)-are=allowed.',
|
461
|
-
'this"is#just&madness%you[see]',
|
462
|
-
'and even a (an?) \\!',
|
463
|
-
'waltz, nymph, for quick jigs vex bud.',
|
464
|
-
'{552c04ca-bb1b-11e1-874b-60334b04494e}'
|
465
|
-
].each do |name|
|
466
|
-
it "should accept #{name.inspect}" do
|
467
|
-
csr = Puppet::SSL::CertificateRequest.new(name)
|
468
|
-
csr.generate(@signing_key)
|
469
|
-
|
470
|
-
@ca.check_internal_signing_policies(name, csr)
|
471
|
-
end
|
472
|
-
end
|
473
|
-
|
474
|
-
[
|
475
|
-
'super/bad',
|
476
|
-
"not\neven\tkind\rof",
|
477
|
-
"ding\adong\a",
|
478
|
-
"hidden\b\b\b\b\b\bmessage",
|
479
|
-
"\xE2\x98\x83 :("
|
480
|
-
].each do |name|
|
481
|
-
it "should reject #{name.inspect}" do
|
482
|
-
# We aren't even allowed to make objects with these names, so let's
|
483
|
-
# stub that to simulate an invalid one coming from outside Puppet
|
484
|
-
allow(Puppet::SSL::CertificateRequest).to receive(:validate_certname)
|
485
|
-
csr = Puppet::SSL::CertificateRequest.new(name)
|
486
|
-
csr.generate(@signing_key)
|
487
|
-
|
488
|
-
expect do
|
489
|
-
@ca.check_internal_signing_policies(name, csr)
|
490
|
-
end.to raise_error(
|
491
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
492
|
-
/subject contains unprintable or non-ASCII characters/
|
493
|
-
)
|
494
|
-
end
|
495
|
-
end
|
496
|
-
end
|
497
|
-
|
498
|
-
it "accepts numeric OIDs under the ppRegCertExt subtree" do
|
499
|
-
exts = [{ 'oid' => '1.3.6.1.4.1.34380.1.1.1',
|
500
|
-
'value' => '657e4780-4cf5-11e3-8f96-0800200c9a66'}]
|
501
|
-
|
502
|
-
allow(@request).to receive(:request_extensions).and_return(exts)
|
503
|
-
|
504
|
-
expect {
|
505
|
-
@ca.check_internal_signing_policies(@name, @request)
|
506
|
-
}.to_not raise_error
|
507
|
-
end
|
508
|
-
|
509
|
-
it "accepts short name OIDs under the ppRegCertExt subtree" do
|
510
|
-
exts = [{ 'oid' => 'pp_uuid',
|
511
|
-
'value' => '657e4780-4cf5-11e3-8f96-0800200c9a66'}]
|
512
|
-
|
513
|
-
allow(@request).to receive(:request_extensions).and_return(exts)
|
514
|
-
|
515
|
-
expect {
|
516
|
-
@ca.check_internal_signing_policies(@name, @request)
|
517
|
-
}.to_not raise_error
|
518
|
-
end
|
519
|
-
|
520
|
-
it "accepts OIDs under the ppPrivCertAttrs subtree" do
|
521
|
-
exts = [{ 'oid' => '1.3.6.1.4.1.34380.1.2.1',
|
522
|
-
'value' => 'private extension'}]
|
523
|
-
|
524
|
-
allow(@request).to receive(:request_extensions).and_return(exts)
|
525
|
-
|
526
|
-
expect {
|
527
|
-
@ca.check_internal_signing_policies(@name, @request)
|
528
|
-
}.to_not raise_error
|
529
|
-
end
|
530
|
-
|
531
|
-
|
532
|
-
it "should reject a critical extension that isn't on the whitelist" do
|
533
|
-
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "banana",
|
534
|
-
"value" => "yumm",
|
535
|
-
"critical" => true }])
|
536
|
-
expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
|
537
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
538
|
-
/request extensions that are not permitted/
|
539
|
-
)
|
540
|
-
end
|
541
|
-
|
542
|
-
it "should reject a non-critical extension that isn't on the whitelist" do
|
543
|
-
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "peach",
|
544
|
-
"value" => "meh",
|
545
|
-
"critical" => false }])
|
546
|
-
expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
|
547
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
548
|
-
/request extensions that are not permitted/
|
549
|
-
)
|
550
|
-
end
|
551
|
-
|
552
|
-
it "should reject non-whitelist extensions even if a valid extension is present" do
|
553
|
-
allow(@request).to receive(:request_extensions).and_return([{ "oid" => "peach",
|
554
|
-
"value" => "meh",
|
555
|
-
"critical" => false },
|
556
|
-
{ "oid" => "subjectAltName",
|
557
|
-
"value" => "DNS:foo",
|
558
|
-
"critical" => true }])
|
559
|
-
expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
|
560
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
561
|
-
/request extensions that are not permitted/
|
562
|
-
)
|
563
|
-
end
|
564
|
-
|
565
|
-
it "should reject a subjectAltName for a non-DNS value" do
|
566
|
-
allow(@request).to receive(:subject_alt_names).and_return(['DNS:foo', 'email:bar@example.com'])
|
567
|
-
expect {
|
568
|
-
@ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: true})
|
569
|
-
}.to raise_error(
|
570
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
571
|
-
/subjectAltName outside the DNS label space/
|
572
|
-
)
|
573
|
-
end
|
574
|
-
|
575
|
-
it "should allow a subjectAltName if subject matches CA's certname" do
|
576
|
-
allow(@request).to receive(:subject_alt_names).and_return(['DNS:foo'])
|
577
|
-
Puppet[:certname] = @name
|
578
|
-
|
579
|
-
expect {
|
580
|
-
@ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: false})
|
581
|
-
}.to_not raise_error
|
582
|
-
end
|
583
|
-
|
584
|
-
it "should reject a wildcard subject" do
|
585
|
-
allow(@request.content).to receive(:subject).
|
586
|
-
and_return(OpenSSL::X509::Name.new([["CN", "*.local"]]))
|
587
|
-
|
588
|
-
expect { @ca.check_internal_signing_policies('*.local', @request) }.to raise_error(
|
589
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
590
|
-
/subject contains a wildcard/
|
591
|
-
)
|
592
|
-
end
|
593
|
-
|
594
|
-
it "should reject a wildcard subjectAltName" do
|
595
|
-
allow(@request).to receive(:subject_alt_names).and_return(['DNS:foo', 'DNS:*.bar'])
|
596
|
-
expect {
|
597
|
-
@ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: true})
|
598
|
-
}.to raise_error(
|
599
|
-
Puppet::SSL::CertificateAuthority::CertificateSigningError,
|
600
|
-
/subjectAltName contains a wildcard/
|
601
|
-
)
|
602
|
-
end
|
603
|
-
end
|
604
|
-
|
605
|
-
it "should create a certificate instance with the content set to the newly signed x509 certificate" do
|
606
|
-
@serial = 10
|
607
|
-
allow(@ca).to receive(:next_serial).and_return(@serial)
|
608
|
-
|
609
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
610
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
611
|
-
expect(Puppet::SSL::Certificate).to receive(:new).with(@name).and_return(@cert)
|
612
|
-
|
613
|
-
@ca.sign(@name)
|
614
|
-
end
|
615
|
-
|
616
|
-
it "should return the certificate instance" do
|
617
|
-
allow(@ca).to receive(:next_serial).and_return(@serial)
|
618
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
619
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
620
|
-
expect(@ca.sign(@name)).to equal(@cert)
|
621
|
-
end
|
622
|
-
|
623
|
-
it "should add the certificate to its inventory" do
|
624
|
-
allow(@ca).to receive(:next_serial).and_return(@serial)
|
625
|
-
expect(@inventory).to receive(:add).with(@cert)
|
626
|
-
|
627
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with(@name).and_return(@request)
|
628
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:save)
|
629
|
-
@ca.sign(@name)
|
630
|
-
end
|
631
|
-
|
632
|
-
it "should have a method for triggering autosigning of available CSRs" do
|
633
|
-
expect(@ca).to respond_to(:autosign)
|
634
|
-
end
|
635
|
-
|
636
|
-
describe "when autosigning certificates" do
|
637
|
-
let(:csr) { Puppet::SSL::CertificateRequest.new("host") }
|
638
|
-
|
639
|
-
describe "using the autosign setting" do
|
640
|
-
let(:autosign) { File.expand_path("/auto/sign") }
|
641
|
-
|
642
|
-
it "should do nothing if autosign is disabled" do
|
643
|
-
Puppet[:autosign] = false
|
644
|
-
|
645
|
-
expect(@ca).not_to receive(:sign)
|
646
|
-
@ca.autosign(csr)
|
647
|
-
end
|
648
|
-
|
649
|
-
it "should do nothing if no autosign.conf exists" do
|
650
|
-
Puppet[:autosign] = autosign
|
651
|
-
non_existent_file = Puppet::FileSystem::MemoryFile.a_missing_file(autosign)
|
652
|
-
Puppet::FileSystem.overlay(non_existent_file) do
|
653
|
-
expect(@ca).not_to receive(:sign)
|
654
|
-
@ca.autosign(csr)
|
655
|
-
end
|
656
|
-
end
|
657
|
-
|
658
|
-
describe "and autosign is enabled and the autosign.conf file exists" do
|
659
|
-
let(:store) { double('store', :allow => nil, :allowed? => false) }
|
660
|
-
|
661
|
-
before do
|
662
|
-
Puppet[:autosign] = autosign
|
663
|
-
end
|
664
|
-
|
665
|
-
describe "when creating the AuthStore instance to verify autosigning" do
|
666
|
-
it "should create an AuthStore with each line in the configuration file allowed to be autosigned" do
|
667
|
-
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one\ntwo\n")) do
|
668
|
-
allow(Puppet::Network::AuthStore).to receive(:new).and_return(store)
|
669
|
-
|
670
|
-
expect(store).to receive(:allow).with("one")
|
671
|
-
expect(store).to receive(:allow).with("two")
|
672
|
-
|
673
|
-
@ca.autosign(csr)
|
674
|
-
end
|
675
|
-
end
|
676
|
-
|
677
|
-
it "should reparse the autosign configuration on each call" do
|
678
|
-
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one")) do
|
679
|
-
allow(Puppet::Network::AuthStore).to receive(:new).twice.and_return(store)
|
680
|
-
|
681
|
-
@ca.autosign(csr)
|
682
|
-
@ca.autosign(csr)
|
683
|
-
end
|
684
|
-
end
|
685
|
-
|
686
|
-
it "should ignore comments" do
|
687
|
-
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one\n#two\n")) do
|
688
|
-
allow(Puppet::Network::AuthStore).to receive(:new).and_return(store)
|
689
|
-
|
690
|
-
expect(store).to receive(:allow).with("one")
|
691
|
-
|
692
|
-
@ca.autosign(csr)
|
693
|
-
end
|
694
|
-
end
|
695
|
-
|
696
|
-
it "should ignore blank lines" do
|
697
|
-
Puppet::FileSystem.overlay(Puppet::FileSystem::MemoryFile.a_regular_file_containing(autosign, "one\n\n")) do
|
698
|
-
allow(Puppet::Network::AuthStore).to receive(:new).and_return(store)
|
699
|
-
|
700
|
-
expect(store).to receive(:allow).with("one")
|
701
|
-
@ca.autosign(csr)
|
702
|
-
end
|
703
|
-
end
|
704
|
-
end
|
705
|
-
end
|
706
|
-
end
|
707
|
-
|
708
|
-
describe "using the autosign command setting" do
|
709
|
-
let(:cmd) { File.expand_path('/autosign_cmd') }
|
710
|
-
let(:autosign_cmd) { double('autosign_command') }
|
711
|
-
let(:autosign_executable) { Puppet::FileSystem::MemoryFile.an_executable(cmd) }
|
712
|
-
|
713
|
-
before do
|
714
|
-
Puppet[:autosign] = cmd
|
715
|
-
|
716
|
-
allow(Puppet::SSL::CertificateAuthority::AutosignCommand).to receive(:new).and_return(autosign_cmd)
|
717
|
-
end
|
718
|
-
|
719
|
-
it "autosigns the CSR if the autosign command returned true" do
|
720
|
-
Puppet::FileSystem.overlay(autosign_executable) do
|
721
|
-
expect(autosign_cmd).to receive(:allowed?).with(csr).and_return(true)
|
722
|
-
|
723
|
-
expect(@ca).to receive(:sign).with('host')
|
724
|
-
@ca.autosign(csr)
|
725
|
-
end
|
726
|
-
end
|
727
|
-
|
728
|
-
it "doesn't autosign the CSR if the autosign_command returned false" do
|
729
|
-
Puppet::FileSystem.overlay(autosign_executable) do
|
730
|
-
expect(autosign_cmd).to receive(:allowed?).with(csr).and_return(false)
|
731
|
-
|
732
|
-
expect(@ca).not_to receive(:sign)
|
733
|
-
@ca.autosign(csr)
|
734
|
-
end
|
735
|
-
end
|
736
|
-
end
|
737
|
-
end
|
738
|
-
end
|
739
|
-
|
740
|
-
describe "when managing certificate clients" do
|
741
|
-
before do
|
742
|
-
allow(Puppet.settings).to receive(:use)
|
743
|
-
|
744
|
-
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:password?).and_return(true)
|
745
|
-
|
746
|
-
stub_ca_host
|
747
|
-
|
748
|
-
expect(Puppet::SSL::Host).to receive(:new).and_return(@host)
|
749
|
-
allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:host).and_return(@host)
|
750
|
-
|
751
|
-
@cacert = double('certificate')
|
752
|
-
allow(@cacert).to receive(:content).and_return("cacertificate")
|
753
|
-
@ca = Puppet::SSL::CertificateAuthority.new
|
754
|
-
end
|
755
|
-
|
756
|
-
it "should be able to list waiting certificate requests" do
|
757
|
-
req1 = double('req1', :name => "one")
|
758
|
-
req2 = double('req2', :name => "two")
|
759
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:search).with("*").and_return([req1, req2])
|
760
|
-
|
761
|
-
expect(@ca.waiting?).to eq(%w{one two})
|
762
|
-
end
|
763
|
-
|
764
|
-
it "should delegate removing hosts to the Host class" do
|
765
|
-
expect(Puppet::SSL::Host).to receive(:destroy).with("myhost")
|
766
|
-
|
767
|
-
@ca.destroy("myhost")
|
768
|
-
end
|
769
|
-
|
770
|
-
it "should be able to verify certificates" do
|
771
|
-
expect(@ca).to respond_to(:verify)
|
772
|
-
end
|
773
|
-
|
774
|
-
it "should list certificates as the sorted list of all existing signed certificates" do
|
775
|
-
cert1 = double('cert1', :name => "cert1")
|
776
|
-
cert2 = double('cert2', :name => "cert2")
|
777
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:search).with("*").and_return([cert1, cert2])
|
778
|
-
expect(@ca.list).to eq(%w{cert1 cert2})
|
779
|
-
end
|
780
|
-
|
781
|
-
it "should list the full certificates" do
|
782
|
-
cert1 = double('cert1', :name => "cert1")
|
783
|
-
cert2 = double('cert2', :name => "cert2")
|
784
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:search).with("*").and_return([cert1, cert2])
|
785
|
-
expect(@ca.list_certificates).to eq([cert1, cert2])
|
786
|
-
end
|
787
|
-
|
788
|
-
it "should print a deprecation when using #list_certificates" do
|
789
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:search).with("*").and_return([:foo, :bar])
|
790
|
-
expect(Puppet).to receive(:deprecation_warning).with(/list_certificates is deprecated/)
|
791
|
-
@ca.list_certificates
|
792
|
-
end
|
793
|
-
|
794
|
-
describe "and printing certificates" do
|
795
|
-
it "should return nil if the certificate cannot be found" do
|
796
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(nil)
|
797
|
-
expect(@ca.print("myhost")).to be_nil
|
798
|
-
end
|
799
|
-
|
800
|
-
it "should print certificates by calling :to_text on the host's certificate" do
|
801
|
-
cert1 = double('cert1', :name => "cert1", :to_text => "mytext")
|
802
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(cert1)
|
803
|
-
expect(@ca.print("myhost")).to eq("mytext")
|
804
|
-
end
|
805
|
-
end
|
806
|
-
|
807
|
-
describe "and fingerprinting certificates" do
|
808
|
-
before :each do
|
809
|
-
@cert = double('cert', :name => "cert", :fingerprint => "DIGEST")
|
810
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(@cert)
|
811
|
-
allow(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with("myhost")
|
812
|
-
end
|
813
|
-
|
814
|
-
it "should raise an error if the certificate or CSR cannot be found" do
|
815
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(nil)
|
816
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with("myhost").and_return(nil)
|
817
|
-
expect { @ca.fingerprint("myhost") }.to raise_error(ArgumentError, /Could not find a certificate/)
|
818
|
-
end
|
819
|
-
|
820
|
-
it "should try to find a CSR if no certificate can be found" do
|
821
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("myhost").and_return(nil)
|
822
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:find).with("myhost").and_return(@cert)
|
823
|
-
expect(@cert).to receive(:fingerprint)
|
824
|
-
@ca.fingerprint("myhost")
|
825
|
-
end
|
826
|
-
|
827
|
-
it "should delegate to the certificate fingerprinting" do
|
828
|
-
expect(@cert).to receive(:fingerprint)
|
829
|
-
@ca.fingerprint("myhost")
|
830
|
-
end
|
831
|
-
|
832
|
-
it "should propagate the digest algorithm to the certificate fingerprinting system" do
|
833
|
-
expect(@cert).to receive(:fingerprint).with(:digest)
|
834
|
-
@ca.fingerprint("myhost", :digest)
|
835
|
-
end
|
836
|
-
end
|
837
|
-
|
838
|
-
describe "and verifying certificates" do
|
839
|
-
let(:cacert) { File.expand_path("/ca/cert") }
|
840
|
-
|
841
|
-
before do
|
842
|
-
@store = double('store', :verify => true, :add_file => nil, :purpose= => nil, :add_crl => true, :flags= => nil)
|
843
|
-
|
844
|
-
allow(OpenSSL::X509::Store).to receive(:new).and_return(@store)
|
845
|
-
|
846
|
-
@cert = double('cert', :content => "mycert")
|
847
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:find).and_return(@cert)
|
848
|
-
|
849
|
-
@crl = double('crl', :content => "mycrl")
|
850
|
-
|
851
|
-
allow(@ca).to receive(:crl).and_return(@crl)
|
852
|
-
end
|
853
|
-
|
854
|
-
it "should fail if the host's certificate cannot be found" do
|
855
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("me").and_return(nil)
|
856
|
-
|
857
|
-
expect { @ca.verify("me") }.to raise_error(ArgumentError)
|
858
|
-
end
|
859
|
-
|
860
|
-
it "should create an SSL Store to verify" do
|
861
|
-
expect(OpenSSL::X509::Store).to receive(:new).and_return(@store)
|
862
|
-
|
863
|
-
@ca.verify("me")
|
864
|
-
end
|
865
|
-
|
866
|
-
it "should add the CA Certificate to the store" do
|
867
|
-
Puppet[:cacert] = cacert
|
868
|
-
expect(@store).to receive(:add_file).with(cacert)
|
869
|
-
|
870
|
-
@ca.verify("me")
|
871
|
-
end
|
872
|
-
|
873
|
-
it "should add the CRL to the store if the crl is enabled" do
|
874
|
-
expect(@store).to receive(:add_crl).with("mycrl")
|
875
|
-
|
876
|
-
@ca.verify("me")
|
877
|
-
end
|
878
|
-
|
879
|
-
it "should set the store purpose to OpenSSL::X509::PURPOSE_ANY" do
|
880
|
-
expect(@store).to receive(:purpose=).with OpenSSL::X509::PURPOSE_ANY
|
881
|
-
|
882
|
-
@ca.verify("me")
|
883
|
-
end
|
884
|
-
|
885
|
-
it "should set the store flags to check the crl" do
|
886
|
-
expect(@store).to receive(:flags=).with(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | OpenSSL::X509::V_FLAG_CRL_CHECK)
|
887
|
-
|
888
|
-
@ca.verify("me")
|
889
|
-
end
|
890
|
-
|
891
|
-
it "should use the store to verify the certificate" do
|
892
|
-
expect(@cert).to receive(:content).and_return("mycert")
|
893
|
-
|
894
|
-
expect(@store).to receive(:verify).with("mycert").and_return(true)
|
895
|
-
|
896
|
-
@ca.verify("me")
|
897
|
-
end
|
898
|
-
|
899
|
-
it "should fail if the verification returns false" do
|
900
|
-
expect(@cert).to receive(:content).and_return("mycert")
|
901
|
-
|
902
|
-
expect(@store).to receive(:verify).with("mycert").and_return(false)
|
903
|
-
expect(@store).to receive(:error)
|
904
|
-
expect(@store).to receive(:error_string)
|
905
|
-
|
906
|
-
expect { @ca.verify("me") }.to raise_error(Puppet::SSL::CertificateAuthority::CertificateVerificationError)
|
907
|
-
end
|
908
|
-
|
909
|
-
describe "certificate_is_alive?" do
|
910
|
-
it "should return false if verification fails" do
|
911
|
-
expect(@cert).to receive(:content).and_return("mycert")
|
912
|
-
|
913
|
-
expect(@store).to receive(:verify).with("mycert").and_return(false)
|
914
|
-
|
915
|
-
expect(@ca.certificate_is_alive?(@cert)).to be_falsey
|
916
|
-
end
|
917
|
-
|
918
|
-
it "should return true if verification passes" do
|
919
|
-
expect(@cert).to receive(:content).and_return("mycert")
|
920
|
-
|
921
|
-
expect(@store).to receive(:verify).with("mycert").and_return(true)
|
922
|
-
|
923
|
-
expect(@ca.certificate_is_alive?(@cert)).to be_truthy
|
924
|
-
end
|
925
|
-
|
926
|
-
it "should use a cached instance of the x509 store" do
|
927
|
-
allow(OpenSSL::X509::Store).to receive(:new).and_return(@store).once
|
928
|
-
|
929
|
-
expect(@cert).to receive(:content).and_return("mycert")
|
930
|
-
|
931
|
-
expect(@store).to receive(:verify).with("mycert").and_return(true)
|
932
|
-
|
933
|
-
@ca.certificate_is_alive?(@cert)
|
934
|
-
@ca.certificate_is_alive?(@cert)
|
935
|
-
end
|
936
|
-
|
937
|
-
it "should be deprecated" do
|
938
|
-
expect(Puppet).to receive(:deprecation_warning).with(/certificate_is_alive\? is deprecated/)
|
939
|
-
@ca.certificate_is_alive?(@cert)
|
940
|
-
end
|
941
|
-
end
|
942
|
-
end
|
943
|
-
|
944
|
-
describe "and revoking certificates" do
|
945
|
-
before do
|
946
|
-
@crl = double('crl')
|
947
|
-
allow(@ca).to receive(:crl).and_return(@crl)
|
948
|
-
|
949
|
-
allow(@ca).to receive(:next_serial).and_return(10)
|
950
|
-
|
951
|
-
@real_cert = double('real_cert', :serial => 15)
|
952
|
-
@cert = double('cert', :content => @real_cert)
|
953
|
-
allow(Puppet::SSL::Certificate.indirection).to receive(:find).and_return(@cert)
|
954
|
-
end
|
955
|
-
|
956
|
-
it "should fail if the certificate revocation list is disabled" do
|
957
|
-
allow(@ca).to receive(:crl).and_return(false)
|
958
|
-
|
959
|
-
expect { @ca.revoke('ca_testing') }.to raise_error(ArgumentError)
|
960
|
-
|
961
|
-
end
|
962
|
-
|
963
|
-
it "should delegate the revocation to its CRL" do
|
964
|
-
expect(@ca.crl).to receive(:revoke)
|
965
|
-
|
966
|
-
@ca.revoke('host')
|
967
|
-
end
|
968
|
-
|
969
|
-
it "should get the serial number from the local certificate if it exists" do
|
970
|
-
expect(@ca.crl).to receive(:revoke).with(15, anything)
|
971
|
-
|
972
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(@cert)
|
973
|
-
|
974
|
-
@ca.revoke('host')
|
975
|
-
end
|
976
|
-
|
977
|
-
it "should get the serial number from inventory if no local certificate exists" do
|
978
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(nil)
|
979
|
-
|
980
|
-
expect(@ca.inventory).to receive(:serials).with("host").and_return([16])
|
981
|
-
|
982
|
-
expect(@ca.crl).to receive(:revoke).with(16, anything)
|
983
|
-
@ca.revoke('host')
|
984
|
-
end
|
985
|
-
|
986
|
-
it "should revoke all serials matching a name" do
|
987
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(nil)
|
988
|
-
|
989
|
-
expect(@ca.inventory).to receive(:serials).with("host").and_return([16, 20, 25])
|
990
|
-
|
991
|
-
expect(@ca.crl).to receive(:revoke).with(16, anything)
|
992
|
-
expect(@ca.crl).to receive(:revoke).with(20, anything)
|
993
|
-
expect(@ca.crl).to receive(:revoke).with(25, anything)
|
994
|
-
@ca.revoke('host')
|
995
|
-
end
|
996
|
-
|
997
|
-
it "should raise an error if no certificate match" do
|
998
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("host").and_return(nil)
|
999
|
-
|
1000
|
-
expect(@ca.inventory).to receive(:serials).with("host").and_return([])
|
1001
|
-
|
1002
|
-
expect(@ca.crl).not_to receive(:revoke)
|
1003
|
-
expect { @ca.revoke('host') }.to raise_error(ArgumentError, /Could not find a serial number for host/)
|
1004
|
-
end
|
1005
|
-
|
1006
|
-
context "revocation by serial number (#16798)" do
|
1007
|
-
it "revokes when given a lower case hexadecimal formatted string" do
|
1008
|
-
expect(@ca.crl).to receive(:revoke).with(15, anything)
|
1009
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("0xf").and_return(nil)
|
1010
|
-
|
1011
|
-
@ca.revoke('0xf')
|
1012
|
-
end
|
1013
|
-
|
1014
|
-
it "revokes when given an upper case hexadecimal formatted string" do
|
1015
|
-
expect(@ca.crl).to receive(:revoke).with(15, anything)
|
1016
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with("0xF").and_return(nil)
|
1017
|
-
|
1018
|
-
@ca.revoke('0xF')
|
1019
|
-
end
|
1020
|
-
|
1021
|
-
it "handles very large serial numbers" do
|
1022
|
-
bighex = '0x4000000000000000000000000000000000000000'
|
1023
|
-
bighex_int = 365375409332725729550921208179070754913983135744
|
1024
|
-
|
1025
|
-
expect(@ca.crl).to receive(:revoke).with(bighex_int, anything)
|
1026
|
-
expect(Puppet::SSL::Certificate.indirection).to receive(:find).with(bighex).and_return(nil)
|
1027
|
-
|
1028
|
-
@ca.revoke(bighex)
|
1029
|
-
end
|
1030
|
-
end
|
1031
|
-
end
|
1032
|
-
|
1033
|
-
it "should be able to generate a complete new SSL host" do
|
1034
|
-
expect(@ca).to respond_to(:generate)
|
1035
|
-
end
|
1036
|
-
end
|
1037
|
-
end
|
1038
|
-
|
1039
|
-
require 'puppet/indirector/memory'
|
1040
|
-
|
1041
|
-
module CertificateAuthorityGenerateSpecs
|
1042
|
-
describe "CertificateAuthority.generate" do
|
1043
|
-
def expect_to_increment_serial_file
|
1044
|
-
expect(Puppet.settings.setting(:serial)).to receive(:exclusive_open)
|
1045
|
-
end
|
1046
|
-
|
1047
|
-
def expect_to_sign_a_cert
|
1048
|
-
expect_to_increment_serial_file
|
1049
|
-
end
|
1050
|
-
|
1051
|
-
def expect_to_write_the_ca_password
|
1052
|
-
expect(Puppet.settings.setting(:capass)).to receive(:open).with('w:ASCII')
|
1053
|
-
end
|
1054
|
-
|
1055
|
-
def expect_ca_initialization
|
1056
|
-
expect_to_write_the_ca_password
|
1057
|
-
expect_to_sign_a_cert
|
1058
|
-
end
|
1059
|
-
|
1060
|
-
INDIRECTED_CLASSES = [
|
1061
|
-
Puppet::SSL::Certificate,
|
1062
|
-
Puppet::SSL::CertificateRequest,
|
1063
|
-
Puppet::SSL::CertificateRevocationList,
|
1064
|
-
Puppet::SSL::Key,
|
1065
|
-
]
|
1066
|
-
|
1067
|
-
INDIRECTED_CLASSES.each do |const|
|
1068
|
-
class const::Memory < Puppet::Indirector::Memory
|
1069
|
-
|
1070
|
-
# @return Array of all the indirector's values
|
1071
|
-
#
|
1072
|
-
# This mirrors Puppet::Indirector::SslFile#search which returns all files
|
1073
|
-
# in the directory.
|
1074
|
-
def search(request)
|
1075
|
-
return @instances.values
|
1076
|
-
end
|
1077
|
-
end
|
1078
|
-
end
|
1079
|
-
|
1080
|
-
before do
|
1081
|
-
allow(Puppet::SSL::Inventory).to receive(:new).and_return(double("Inventory", :add => nil))
|
1082
|
-
INDIRECTED_CLASSES.each { |const| const.indirection.terminus_class = :memory }
|
1083
|
-
end
|
1084
|
-
|
1085
|
-
after do
|
1086
|
-
INDIRECTED_CLASSES.each do |const|
|
1087
|
-
const.indirection.terminus_class = :file
|
1088
|
-
const.indirection.termini.clear
|
1089
|
-
end
|
1090
|
-
end
|
1091
|
-
|
1092
|
-
describe "when generating certificates" do
|
1093
|
-
let(:ca) { Puppet::SSL::CertificateAuthority.new }
|
1094
|
-
|
1095
|
-
before do
|
1096
|
-
expect_ca_initialization
|
1097
|
-
end
|
1098
|
-
|
1099
|
-
it "should fail if a certificate already exists for the host" do
|
1100
|
-
cert = Puppet::SSL::Certificate.new('pre.existing')
|
1101
|
-
Puppet::SSL::Certificate.indirection.save(cert)
|
1102
|
-
expect { ca.generate(cert.name) }.to raise_error(ArgumentError, /a certificate already exists/i)
|
1103
|
-
end
|
1104
|
-
|
1105
|
-
describe "that do not yet exist" do
|
1106
|
-
let(:cn) { "new.host" }
|
1107
|
-
|
1108
|
-
def expect_cert_does_not_exist(cn)
|
1109
|
-
expect( Puppet::SSL::Certificate.indirection.find(cn) ).to be_nil
|
1110
|
-
end
|
1111
|
-
|
1112
|
-
before do
|
1113
|
-
expect_to_sign_a_cert
|
1114
|
-
expect_cert_does_not_exist(cn)
|
1115
|
-
end
|
1116
|
-
|
1117
|
-
it "should return the created certificate" do
|
1118
|
-
cert = ca.generate(cn)
|
1119
|
-
expect( cert ).to be_kind_of(Puppet::SSL::Certificate)
|
1120
|
-
expect( cert.name ).to eq(cn)
|
1121
|
-
end
|
1122
|
-
|
1123
|
-
it "should not have any subject_alt_names by default" do
|
1124
|
-
cert = ca.generate(cn)
|
1125
|
-
expect( cert.subject_alt_names ).to be_empty
|
1126
|
-
end
|
1127
|
-
|
1128
|
-
it "should have subject_alt_names if passed dns_alt_names" do
|
1129
|
-
cert = ca.generate(cn, :dns_alt_names => 'foo,bar')
|
1130
|
-
expect( cert.subject_alt_names ).to match_array(["DNS:#{cn}",'DNS:foo','DNS:bar'])
|
1131
|
-
end
|
1132
|
-
|
1133
|
-
context "if autosign is false" do
|
1134
|
-
before do
|
1135
|
-
Puppet[:autosign] = false
|
1136
|
-
end
|
1137
|
-
|
1138
|
-
it "should still generate and explicitly sign the request" do
|
1139
|
-
cert = nil
|
1140
|
-
cert = ca.generate(cn)
|
1141
|
-
expect(cert.name).to eq(cn)
|
1142
|
-
end
|
1143
|
-
end
|
1144
|
-
|
1145
|
-
context "if autosign is true (Redmine #6112)" do
|
1146
|
-
def run_mode_must_be_master_for_autosign_to_be_attempted
|
1147
|
-
allow(Puppet).to receive(:run_mode).and_return(Puppet::Util::RunMode[:master])
|
1148
|
-
end
|
1149
|
-
|
1150
|
-
before do
|
1151
|
-
Puppet[:autosign] = true
|
1152
|
-
run_mode_must_be_master_for_autosign_to_be_attempted
|
1153
|
-
Puppet::Util::Log.level = :info
|
1154
|
-
end
|
1155
|
-
|
1156
|
-
it "should generate a cert without attempting to sign again" do
|
1157
|
-
cert = ca.generate(cn)
|
1158
|
-
expect(cert.name).to eq(cn)
|
1159
|
-
expect(@logs.map(&:message)).to include("Autosigning #{cn}")
|
1160
|
-
end
|
1161
|
-
end
|
1162
|
-
end
|
1163
|
-
end
|
1164
|
-
end
|
1165
|
-
end
|