puppet 6.0.7-x64-mingw32 → 6.0.8-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +0 -1
- data/Gemfile.lock +4 -8
- data/lib/puppet/application/device.rb +99 -83
- data/lib/puppet/application/filebucket.rb +4 -0
- data/lib/puppet/configurer.rb +5 -4
- data/lib/puppet/defaults.rb +31 -11
- data/lib/puppet/indirector/request.rb +26 -15
- data/lib/puppet/network/http/connection.rb +15 -7
- data/lib/puppet/transaction/event_manager.rb +1 -5
- data/lib/puppet/type/file/source.rb +0 -1
- data/lib/puppet/util/connection.rb +15 -6
- data/lib/puppet/util/http_proxy.rb +3 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +99 -40
- data/man/man5/puppet.conf.5 +8 -8
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/agent/logging_spec.rb +5 -7
- data/spec/integration/application/apply_spec.rb +18 -16
- data/spec/integration/application/doc_spec.rb +1 -2
- data/spec/integration/application/lookup_spec.rb +5 -5
- data/spec/integration/configurer_spec.rb +5 -6
- data/spec/integration/defaults_spec.rb +5 -6
- data/spec/integration/directory_environments_spec.rb +1 -1
- data/spec/integration/faces/config_spec.rb +3 -4
- data/spec/integration/faces/documentation_spec.rb +0 -1
- data/spec/integration/faces/plugin_spec.rb +1 -1
- data/spec/integration/file_bucket/file_spec.rb +2 -4
- data/spec/integration/file_serving/content_spec.rb +0 -1
- data/spec/integration/file_serving/fileset_spec.rb +0 -1
- data/spec/integration/file_serving/metadata_spec.rb +0 -1
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -1
- data/spec/integration/indirector/catalog/compiler_spec.rb +10 -11
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +4 -5
- data/spec/integration/indirector/file_content/file_server_spec.rb +7 -8
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +7 -8
- data/spec/integration/network/authconfig_spec.rb +23 -24
- data/spec/integration/network/formats_spec.rb +0 -1
- data/spec/integration/node/environment_spec.rb +0 -1
- data/spec/integration/node/facts_spec.rb +9 -10
- data/spec/integration/node_spec.rb +6 -7
- data/spec/integration/parser/catalog_spec.rb +1 -5
- data/spec/integration/parser/collection_spec.rb +1 -2
- data/spec/integration/parser/compiler_spec.rb +6 -6
- data/spec/integration/parser/scope_spec.rb +1 -1
- data/spec/integration/parser/undef_param_spec.rb +1 -1
- data/spec/integration/provider/service/init_spec.rb +4 -5
- data/spec/integration/provider/service/systemd_spec.rb +0 -2
- data/spec/integration/provider/service/windows_spec.rb +1 -2
- data/spec/integration/reference/providers_spec.rb +1 -2
- data/spec/integration/reports_spec.rb +1 -2
- data/spec/integration/resource/catalog_spec.rb +14 -17
- data/spec/integration/resource/type_collection_spec.rb +4 -5
- data/spec/integration/ssl/certificate_request_spec.rb +0 -1
- data/spec/integration/ssl/host_spec.rb +1 -2
- data/spec/integration/ssl/key_spec.rb +0 -1
- data/spec/integration/test/test_helper_spec.rb +0 -1
- data/spec/integration/transaction/report_spec.rb +6 -11
- data/spec/integration/transaction_spec.rb +18 -19
- data/spec/integration/type/exec_spec.rb +0 -1
- data/spec/integration/type/file_spec.rb +13 -14
- data/spec/integration/type/package_spec.rb +19 -23
- data/spec/integration/type/tidy_spec.rb +1 -2
- data/spec/integration/type_spec.rb +0 -1
- data/spec/integration/util/autoload_spec.rb +1 -2
- data/spec/integration/util/rdoc/parser_spec.rb +0 -1
- data/spec/integration/util/settings_spec.rb +0 -1
- data/spec/integration/util/windows/adsi_spec.rb +3 -5
- data/spec/integration/util/windows/principal_spec.rb +0 -1
- data/spec/integration/util/windows/process_spec.rb +4 -6
- data/spec/integration/util/windows/registry_spec.rb +41 -51
- data/spec/integration/util/windows/security_spec.rb +2 -4
- data/spec/integration/util/windows/user_spec.rb +18 -20
- data/spec/integration/util_spec.rb +4 -7
- data/spec/lib/puppet_spec/compiler.rb +1 -1
- data/spec/lib/puppet_spec/files.rb +0 -1
- data/spec/lib/puppet_spec/module_tool/shared_functions.rb +1 -1
- data/spec/lib/puppet_spec/scope.rb +1 -2
- data/spec/shared_behaviours/all_parsedfile_providers.rb +1 -1
- data/spec/shared_behaviours/file_server_terminus.rb +8 -9
- data/spec/shared_behaviours/file_serving.rb +6 -8
- data/spec/shared_behaviours/file_serving_model.rb +3 -5
- data/spec/shared_behaviours/hiera_indirections.rb +3 -4
- data/spec/shared_behaviours/iterative_functions.rb +0 -1
- data/spec/shared_behaviours/memory_terminus.rb +2 -2
- data/spec/shared_examples/rhel_package_provider.rb +112 -70
- data/spec/spec_helper.rb +10 -1
- data/spec/unit/agent/disabler_spec.rb +4 -5
- data/spec/unit/agent/locker_spec.rb +12 -13
- data/spec/unit/agent_spec.rb +80 -85
- data/spec/unit/application/agent_spec.rb +88 -93
- data/spec/unit/application/apply_spec.rb +82 -83
- data/spec/unit/application/config_spec.rb +0 -1
- data/spec/unit/application/describe_spec.rb +6 -7
- data/spec/unit/application/device_spec.rb +395 -419
- data/spec/unit/application/doc_spec.rb +44 -46
- data/spec/unit/application/face_base_spec.rb +61 -62
- data/spec/unit/application/facts_spec.rb +3 -4
- data/spec/unit/application/filebucket_spec.rb +66 -74
- data/spec/unit/application/indirection_base_spec.rb +8 -6
- data/spec/unit/application/lookup_spec.rb +26 -26
- data/spec/unit/application/resource_spec.rb +42 -48
- data/spec/unit/application/ssl_spec.rb +3 -3
- data/spec/unit/application_spec.rb +82 -92
- data/spec/unit/capability_spec.rb +6 -6
- data/spec/unit/certificate_factory_spec.rb +3 -5
- data/spec/unit/configurer/downloader_spec.rb +20 -21
- data/spec/unit/configurer/fact_handler_spec.rb +2 -3
- data/spec/unit/configurer/plugin_handler_spec.rb +41 -8
- data/spec/unit/configurer_spec.rb +189 -192
- data/spec/unit/confine/exists_spec.rb +17 -15
- data/spec/unit/confine/false_spec.rb +5 -6
- data/spec/unit/confine/feature_spec.rb +7 -5
- data/spec/unit/confine/true_spec.rb +5 -6
- data/spec/unit/confine/variable_spec.rb +14 -15
- data/spec/unit/confine_collection_spec.rb +28 -29
- data/spec/unit/confine_spec.rb +13 -14
- data/spec/unit/confiner_spec.rb +10 -11
- data/spec/unit/context/trusted_information_spec.rb +1 -1
- data/spec/unit/daemon_spec.rb +35 -36
- data/spec/unit/data_providers/function_data_provider_spec.rb +0 -1
- data/spec/unit/data_providers/hiera_data_provider_spec.rb +0 -1
- data/spec/unit/datatypes_spec.rb +3 -4
- data/spec/unit/defaults_spec.rb +18 -13
- data/spec/unit/environments_spec.rb +7 -7
- data/spec/unit/etc_spec.rb +30 -32
- data/spec/unit/external/pson_spec.rb +0 -1
- data/spec/unit/face/catalog_spec.rb +0 -1
- data/spec/unit/face/config_spec.rb +31 -35
- data/spec/unit/face/epp_face_spec.rb +3 -4
- data/spec/unit/face/facts_spec.rb +5 -6
- data/spec/unit/face/generate_spec.rb +4 -5
- data/spec/unit/face/help_spec.rb +7 -8
- data/spec/unit/face/key_spec.rb +0 -1
- data/spec/unit/face/man_spec.rb +1 -2
- data/spec/unit/face/module/install_spec.rb +3 -5
- data/spec/unit/face/module/list_spec.rb +2 -12
- data/spec/unit/face/module/search_spec.rb +11 -9
- data/spec/unit/face/module/uninstall_spec.rb +4 -8
- data/spec/unit/face/node_spec.rb +23 -24
- data/spec/unit/face/parser_spec.rb +3 -3
- data/spec/unit/face/plugin_spec.rb +36 -9
- data/spec/unit/face/status_spec.rb +0 -1
- data/spec/unit/file_bucket/dipper_spec.rb +24 -20
- data/spec/unit/file_bucket/file_spec.rb +0 -2
- data/spec/unit/file_serving/base_spec.rb +14 -15
- data/spec/unit/file_serving/configuration/parser_spec.rb +27 -28
- data/spec/unit/file_serving/configuration_spec.rb +63 -66
- data/spec/unit/file_serving/content_spec.rb +10 -11
- data/spec/unit/file_serving/fileset_spec.rb +63 -58
- data/spec/unit/file_serving/http_metadata_spec.rb +8 -7
- data/spec/unit/file_serving/metadata_spec.rb +36 -36
- data/spec/unit/file_serving/mount/file_spec.rb +31 -32
- data/spec/unit/file_serving/mount/locales_spec.rb +23 -24
- data/spec/unit/file_serving/mount/modules_spec.rb +14 -15
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +23 -24
- data/spec/unit/file_serving/mount/plugins_spec.rb +23 -24
- data/spec/unit/file_serving/mount/tasks_spec.rb +14 -15
- data/spec/unit/file_serving/mount_spec.rb +0 -1
- data/spec/unit/file_serving/terminus_helper_spec.rb +37 -42
- data/spec/unit/file_serving/terminus_selector_spec.rb +12 -13
- data/spec/unit/file_system/uniquefile_spec.rb +4 -4
- data/spec/unit/file_system_spec.rb +2 -2
- data/spec/unit/forge/errors_spec.rb +1 -1
- data/spec/unit/forge/forge_spec.rb +13 -14
- data/spec/unit/forge/module_release_spec.rb +18 -18
- data/spec/unit/forge/repository_spec.rb +29 -30
- data/spec/unit/forge_spec.rb +15 -11
- data/spec/unit/functions/binary_file_spec.rb +3 -3
- data/spec/unit/functions/contain_spec.rb +0 -2
- data/spec/unit/functions/defined_spec.rb +0 -1
- data/spec/unit/functions/epp_spec.rb +2 -2
- data/spec/unit/functions/find_file_spec.rb +7 -7
- data/spec/unit/functions/include_spec.rb +0 -4
- data/spec/unit/functions/lookup_fixture_spec.rb +0 -1
- data/spec/unit/functions/lookup_spec.rb +1 -2
- data/spec/unit/functions/module_directory_spec.rb +12 -12
- data/spec/unit/functions/require_spec.rb +0 -3
- data/spec/unit/functions/shared.rb +5 -8
- data/spec/unit/functions/versioncmp_spec.rb +1 -2
- data/spec/unit/functions4_spec.rb +9 -10
- data/spec/unit/gettext/config_spec.rb +4 -4
- data/spec/unit/gettext/module_loading_spec.rb +7 -7
- data/spec/unit/graph/rb_tree_map_spec.rb +0 -2
- data/spec/unit/graph/relationship_graph_spec.rb +1 -2
- data/spec/unit/graph/simple_graph_spec.rb +9 -10
- data/spec/unit/hiera_puppet_spec.rb +20 -20
- data/spec/unit/indirector/catalog/compiler_spec.rb +147 -149
- data/spec/unit/indirector/catalog/json_spec.rb +1 -2
- data/spec/unit/indirector/catalog/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +0 -1
- data/spec/unit/indirector/catalog/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/catalog/yaml_spec.rb +0 -1
- data/spec/unit/indirector/certificate/file_spec.rb +0 -1
- data/spec/unit/indirector/certificate/rest_spec.rb +8 -10
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -1
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -1
- data/spec/unit/indirector/direct_file_server_spec.rb +17 -18
- data/spec/unit/indirector/envelope_spec.rb +1 -2
- data/spec/unit/indirector/exec_spec.rb +4 -5
- data/spec/unit/indirector/face_spec.rb +9 -9
- data/spec/unit/indirector/facts/facter_spec.rb +37 -43
- data/spec/unit/indirector/facts/network_device_spec.rb +8 -9
- data/spec/unit/indirector/facts/rest_spec.rb +7 -8
- data/spec/unit/indirector/facts/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/facts/yaml_spec.rb +0 -1
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +3 -4
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +4 -5
- data/spec/unit/indirector/file_content/file_server_spec.rb +0 -1
- data/spec/unit/indirector/file_content/file_spec.rb +0 -1
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_content/selector_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/file_server_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/file_spec.rb +12 -13
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/selector_spec.rb +0 -1
- data/spec/unit/indirector/file_server_spec.rb +87 -87
- data/spec/unit/indirector/indirection_spec.rb +242 -226
- data/spec/unit/indirector/json_spec.rb +7 -9
- data/spec/unit/indirector/key/file_spec.rb +21 -22
- data/spec/unit/indirector/memory_spec.rb +6 -7
- data/spec/unit/indirector/msgpack_spec.rb +7 -9
- data/spec/unit/indirector/node/exec_spec.rb +2 -3
- data/spec/unit/indirector/node/memory_spec.rb +2 -4
- data/spec/unit/indirector/node/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/node/plain_spec.rb +2 -4
- data/spec/unit/indirector/node/rest_spec.rb +0 -1
- data/spec/unit/indirector/node/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/node/yaml_spec.rb +0 -1
- data/spec/unit/indirector/none_spec.rb +5 -5
- data/spec/unit/indirector/plain_spec.rb +7 -8
- data/spec/unit/indirector/report/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/report/processor_spec.rb +21 -22
- data/spec/unit/indirector/report/rest_spec.rb +11 -12
- data/spec/unit/indirector/report/yaml_spec.rb +0 -1
- data/spec/unit/indirector/request_spec.rb +11 -12
- data/spec/unit/indirector/resource/ral_spec.rb +46 -54
- data/spec/unit/indirector/resource/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/rest_spec.rb +113 -110
- data/spec/unit/indirector/ssl_file_spec.rb +64 -65
- data/spec/unit/indirector/status/local_spec.rb +0 -1
- data/spec/unit/indirector/status/rest_spec.rb +0 -1
- data/spec/unit/indirector/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/terminus_spec.rb +27 -27
- data/spec/unit/indirector/yaml_spec.rb +5 -6
- data/spec/unit/indirector_spec.rb +1 -2
- data/spec/unit/info_service_spec.rb +1 -1
- data/spec/unit/interface/action_builder_spec.rb +0 -1
- data/spec/unit/interface/action_manager_spec.rb +0 -1
- data/spec/unit/interface/action_spec.rb +2 -3
- data/spec/unit/interface/documentation_spec.rb +0 -1
- data/spec/unit/interface/face_collection_spec.rb +19 -12
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/man_spec.rb +3 -4
- data/spec/unit/module_spec.rb +46 -51
- data/spec/unit/module_tool/applications/installer_spec.rb +10 -11
- data/spec/unit/module_tool/applications/searcher_spec.rb +3 -3
- data/spec/unit/module_tool/applications/uninstaller_spec.rb +1 -2
- data/spec/unit/module_tool/applications/unpacker_spec.rb +13 -13
- data/spec/unit/module_tool/applications/upgrader_spec.rb +5 -5
- data/spec/unit/module_tool/install_directory_spec.rb +8 -8
- data/spec/unit/module_tool/installed_modules_spec.rb +3 -3
- data/spec/unit/module_tool/tar/gnu_spec.rb +6 -6
- data/spec/unit/module_tool/tar/mini_spec.rb +12 -12
- data/spec/unit/module_tool/tar_spec.rb +12 -13
- data/spec/unit/module_tool_spec.rb +7 -12
- data/spec/unit/network/auth_config_parser_spec.rb +11 -13
- data/spec/unit/network/authconfig_spec.rb +17 -18
- data/spec/unit/network/authorization_spec.rb +4 -5
- data/spec/unit/network/authstore_spec.rb +0 -1
- data/spec/unit/network/format_handler_spec.rb +0 -1
- data/spec/unit/network/format_spec.rb +9 -10
- data/spec/unit/network/format_support_spec.rb +28 -29
- data/spec/unit/network/formats_spec.rb +4 -5
- data/spec/unit/network/http/api/indirected_routes_spec.rb +24 -29
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +2 -2
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +1 -1
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +6 -7
- data/spec/unit/network/http/api_spec.rb +0 -2
- data/spec/unit/network/http/compression_spec.rb +21 -22
- data/spec/unit/network/http/connection_spec.rb +41 -36
- data/spec/unit/network/http/factory_spec.rb +5 -6
- data/spec/unit/network/http/handler_spec.rb +9 -18
- data/spec/unit/network/http/nocache_pool_spec.rb +6 -7
- data/spec/unit/network/http/pool_spec.rb +28 -29
- data/spec/unit/network/http/request_spec.rb +0 -2
- data/spec/unit/network/http/response_spec.rb +11 -13
- data/spec/unit/network/http/route_spec.rb +0 -1
- data/spec/unit/network/http/session_spec.rb +1 -2
- data/spec/unit/network/http/site_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +18 -9
- data/spec/unit/network/http_spec.rb +0 -1
- data/spec/unit/network/resolver_spec.rb +25 -26
- data/spec/unit/network/rights_spec.rb +52 -53
- data/spec/unit/node/environment_spec.rb +14 -15
- data/spec/unit/node/facts_spec.rb +5 -7
- data/spec/unit/node_spec.rb +4 -10
- data/spec/unit/other/selinux_spec.rb +0 -1
- data/spec/unit/parameter/boolean_spec.rb +1 -2
- data/spec/unit/parameter/package_options_spec.rb +1 -2
- data/spec/unit/parameter/path_spec.rb +0 -1
- data/spec/unit/parameter/value_collection_spec.rb +0 -1
- data/spec/unit/parameter/value_spec.rb +0 -1
- data/spec/unit/parameter_spec.rb +9 -9
- data/spec/unit/parser/ast/block_expression_spec.rb +6 -8
- data/spec/unit/parser/ast/leaf_spec.rb +20 -21
- data/spec/unit/parser/compiler_spec.rb +84 -96
- data/spec/unit/parser/environment_compiler_spec.rb +7 -8
- data/spec/unit/parser/files_spec.rb +0 -1
- data/spec/unit/parser/functions/create_resources_spec.rb +1 -1
- data/spec/unit/parser/functions/digest_spec.rb +0 -1
- data/spec/unit/parser/functions/fail_spec.rb +1 -2
- data/spec/unit/parser/functions/file_spec.rb +13 -14
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +5 -6
- data/spec/unit/parser/functions/generate_spec.rb +7 -8
- data/spec/unit/parser/functions/inline_template_spec.rb +0 -1
- data/spec/unit/parser/functions/regsubst_spec.rb +0 -1
- data/spec/unit/parser/functions/scanf_spec.rb +0 -1
- data/spec/unit/parser/functions/shellquote_spec.rb +0 -1
- data/spec/unit/parser/functions/split_spec.rb +0 -1
- data/spec/unit/parser/functions/sprintf_spec.rb +0 -1
- data/spec/unit/parser/functions/tag_spec.rb +1 -2
- data/spec/unit/parser/functions/tagged_spec.rb +2 -3
- data/spec/unit/parser/functions/template_spec.rb +13 -13
- data/spec/unit/parser/functions/versioncmp_spec.rb +1 -2
- data/spec/unit/parser/functions_spec.rb +6 -7
- data/spec/unit/parser/relationship_spec.rb +0 -1
- data/spec/unit/parser/resource_spec.rb +42 -42
- data/spec/unit/parser/scope_spec.rb +39 -35
- data/spec/unit/parser/templatewrapper_spec.rb +11 -12
- data/spec/unit/parser/type_loader_spec.rb +17 -19
- data/spec/unit/pops/adaptable_spec.rb +0 -1
- data/spec/unit/pops/benchmark_spec.rb +0 -1
- data/spec/unit/pops/evaluator/access_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/arithmetic_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/evaluator/collections_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/comparison_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/conditionals_spec.rb +0 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +10 -11
- data/spec/unit/pops/evaluator/logical_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/runtime3_converter_spec.rb +0 -1
- data/spec/unit/pops/evaluator/string_interpolation_spec.rb +0 -1
- data/spec/unit/pops/evaluator/variables_spec.rb +0 -1
- data/spec/unit/pops/factory_spec.rb +3 -4
- data/spec/unit/pops/issues_spec.rb +19 -20
- data/spec/unit/pops/loaders/loader_spec.rb +8 -4
- data/spec/unit/pops/loaders/loaders_spec.rb +31 -28
- data/spec/unit/pops/lookup/context_spec.rb +0 -1
- data/spec/unit/pops/lookup/interpolation_spec.rb +2 -3
- data/spec/unit/pops/merge_strategy_spec.rb +0 -1
- data/spec/unit/pops/migration_spec.rb +3 -5
- data/spec/unit/pops/model/model_spec.rb +0 -1
- data/spec/unit/pops/model/pn_transformer_spec.rb +0 -1
- data/spec/unit/pops/parser/locator_spec.rb +3 -6
- data/spec/unit/pops/parser/parse_application_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_calls_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_conditionals_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_containers_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_plan_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_resource_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_site_spec.rb +0 -1
- data/spec/unit/pops/parser/pn_parser_spec.rb +0 -1
- data/spec/unit/pops/pn_spec.rb +0 -1
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -1
- data/spec/unit/pops/serialization/serialization_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/recursion_guard_spec.rb +10 -10
- data/spec/unit/pops/types/ruby_generator_spec.rb +2 -2
- data/spec/unit/pops/types/type_asserter_spec.rb +2 -2
- data/spec/unit/pops/types/type_calculator_spec.rb +30 -30
- data/spec/unit/pops/types/type_parser_spec.rb +13 -13
- data/spec/unit/pops/validator/validator_spec.rb +1 -2
- data/spec/unit/pops/visitor_spec.rb +0 -1
- data/spec/unit/property/boolean_spec.rb +1 -1
- data/spec/unit/property/ensure_spec.rb +0 -1
- data/spec/unit/property/keyvalue_spec.rb +32 -34
- data/spec/unit/property/list_spec.rb +26 -27
- data/spec/unit/property/ordered_list_spec.rb +10 -14
- data/spec/unit/property_spec.rb +42 -43
- data/spec/unit/provider/aix_object_spec.rb +47 -45
- data/spec/unit/provider/command_spec.rb +9 -9
- data/spec/unit/provider/exec/posix_spec.rb +6 -7
- data/spec/unit/provider/exec/shell_spec.rb +0 -1
- data/spec/unit/provider/exec/windows_spec.rb +2 -4
- data/spec/unit/provider/exec_spec.rb +0 -1
- data/spec/unit/provider/file/posix_spec.rb +22 -24
- data/spec/unit/provider/file/windows_spec.rb +15 -17
- data/spec/unit/provider/group/aix_spec.rb +3 -2
- data/spec/unit/provider/group/groupadd_spec.rb +30 -26
- data/spec/unit/provider/group/ldap_spec.rb +18 -18
- data/spec/unit/provider/group/pw_spec.rb +11 -11
- data/spec/unit/provider/group/windows_adsi_spec.rb +54 -54
- data/spec/unit/provider/ldap_spec.rb +61 -62
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +35 -36
- data/spec/unit/provider/nameservice_spec.rb +38 -40
- data/spec/unit/provider/package/aix_spec.rb +15 -15
- data/spec/unit/provider/package/appdmg_spec.rb +13 -13
- data/spec/unit/provider/package/apt_spec.rb +44 -27
- data/spec/unit/provider/package/aptitude_spec.rb +6 -7
- data/spec/unit/provider/package/aptrpm_spec.rb +7 -12
- data/spec/unit/provider/package/base_spec.rb +4 -4
- data/spec/unit/provider/package/dnf_spec.rb +18 -20
- data/spec/unit/provider/package/dpkg_spec.rb +52 -52
- data/spec/unit/provider/package/freebsd_spec.rb +11 -11
- data/spec/unit/provider/package/gem_spec.rb +51 -43
- data/spec/unit/provider/package/hpux_spec.rb +8 -8
- data/spec/unit/provider/package/macports_spec.rb +46 -42
- data/spec/unit/provider/package/nim_spec.rb +30 -39
- data/spec/unit/provider/package/openbsd_spec.rb +36 -39
- data/spec/unit/provider/package/opkg_spec.rb +23 -26
- data/spec/unit/provider/package/pacman_spec.rb +97 -118
- data/spec/unit/provider/package/pip_spec.rb +71 -72
- data/spec/unit/provider/package/pkg_spec.rb +109 -109
- data/spec/unit/provider/package/pkgdmg_spec.rb +65 -63
- data/spec/unit/provider/package/pkgin_spec.rb +10 -8
- data/spec/unit/provider/package/pkgng_spec.rb +17 -18
- data/spec/unit/provider/package/pkgutil_spec.rb +45 -49
- data/spec/unit/provider/package/portage_spec.rb +70 -74
- data/spec/unit/provider/package/puppet_gem_spec.rb +28 -8
- data/spec/unit/provider/package/rpm_spec.rb +53 -64
- data/spec/unit/provider/package/sun_spec.rb +16 -18
- data/spec/unit/provider/package/tdnf_spec.rb +2 -2
- data/spec/unit/provider/package/up2date_spec.rb +2 -4
- data/spec/unit/provider/package/urpmi_spec.rb +15 -17
- data/spec/unit/provider/package/windows/exe_package_spec.rb +12 -15
- data/spec/unit/provider/package/windows/msi_package_spec.rb +19 -22
- data/spec/unit/provider/package/windows/package_spec.rb +37 -42
- data/spec/unit/provider/package/windows_spec.rb +36 -32
- data/spec/unit/provider/package/yum_spec.rb +7 -7
- data/spec/unit/provider/package/zypper_spec.rb +87 -87
- data/spec/unit/provider/parsedfile_spec.rb +44 -45
- data/spec/unit/provider/service/base_spec.rb +4 -5
- data/spec/unit/provider/service/bsd_spec.rb +27 -29
- data/spec/unit/provider/service/daemontools_spec.rb +35 -35
- data/spec/unit/provider/service/debian_spec.rb +38 -38
- data/spec/unit/provider/service/freebsd_spec.rb +18 -18
- data/spec/unit/provider/service/gentoo_spec.rb +50 -55
- data/spec/unit/provider/service/init_spec.rb +53 -52
- data/spec/unit/provider/service/launchd_spec.rb +138 -116
- data/spec/unit/provider/service/openbsd_spec.rb +50 -50
- data/spec/unit/provider/service/openrc_spec.rb +43 -45
- data/spec/unit/provider/service/openwrt_spec.rb +26 -31
- data/spec/unit/provider/service/rcng_spec.rb +14 -14
- data/spec/unit/provider/service/redhat_spec.rb +45 -43
- data/spec/unit/provider/service/runit_spec.rb +29 -27
- data/spec/unit/provider/service/smf_spec.rb +74 -66
- data/spec/unit/provider/service/src_spec.rb +46 -47
- data/spec/unit/provider/service/systemd_spec.rb +104 -113
- data/spec/unit/provider/service/upstart_spec.rb +74 -71
- data/spec/unit/provider/service/windows_spec.rb +33 -41
- data/spec/unit/provider/user/aix_spec.rb +31 -31
- data/spec/unit/provider/user/directoryservice_spec.rb +109 -114
- data/spec/unit/provider/user/hpux_spec.rb +16 -16
- data/spec/unit/provider/user/ldap_spec.rb +57 -57
- data/spec/unit/provider/user/openbsd_spec.rb +10 -12
- data/spec/unit/provider/user/pw_spec.rb +37 -35
- data/spec/unit/provider/user/user_role_add_spec.rb +93 -93
- data/spec/unit/provider/user/useradd_spec.rb +93 -92
- data/spec/unit/provider/user/windows_adsi_spec.rb +59 -60
- data/spec/unit/provider_spec.rb +35 -35
- data/spec/unit/puppet_pal_2pec.rb +4 -5
- data/spec/unit/puppet_pal_spec.rb +0 -1
- data/spec/unit/puppet_spec.rb +6 -7
- data/spec/unit/relationship_spec.rb +0 -1
- data/spec/unit/reports/http_spec.rb +21 -23
- data/spec/unit/reports/store_spec.rb +3 -4
- data/spec/unit/reports_spec.rb +12 -14
- data/spec/unit/resource/capability_finder_spec.rb +15 -17
- data/spec/unit/resource/catalog_spec.rb +72 -68
- data/spec/unit/resource/status_spec.rb +6 -8
- data/spec/unit/resource/type_collection_spec.rb +17 -18
- data/spec/unit/resource/type_spec.rb +34 -35
- data/spec/unit/resource_spec.rb +36 -32
- data/spec/unit/rest/client_spec.rb +58 -27
- data/spec/unit/rest/route_spec.rb +5 -5
- data/spec/unit/scheduler/job_spec.rb +0 -1
- data/spec/unit/scheduler/scheduler_spec.rb +0 -1
- data/spec/unit/scheduler/splay_job_spec.rb +1 -2
- data/spec/unit/settings/array_setting_spec.rb +1 -1
- data/spec/unit/settings/autosign_setting_spec.rb +9 -9
- data/spec/unit/settings/certificate_revocation_setting_spec.rb +1 -1
- data/spec/unit/settings/config_file_spec.rb +0 -1
- data/spec/unit/settings/directory_setting_spec.rb +2 -7
- data/spec/unit/settings/duration_setting_spec.rb +1 -2
- data/spec/unit/settings/enum_setting_spec.rb +1 -1
- data/spec/unit/settings/environment_conf_spec.rb +4 -6
- data/spec/unit/settings/file_setting_spec.rb +44 -46
- data/spec/unit/settings/path_setting_spec.rb +1 -2
- data/spec/unit/settings/priority_setting_spec.rb +1 -2
- data/spec/unit/settings/string_setting_spec.rb +14 -15
- data/spec/unit/settings/terminus_setting_spec.rb +1 -2
- data/spec/unit/settings/value_translator_spec.rb +0 -1
- data/spec/unit/settings_spec.rb +228 -235
- data/spec/unit/ssl/base_spec.rb +14 -15
- data/spec/unit/ssl/certificate_request_spec.rb +62 -58
- data/spec/unit/ssl/certificate_spec.rb +23 -25
- data/spec/unit/ssl/digest_spec.rb +0 -1
- data/spec/unit/ssl/host_spec.rb +166 -149
- data/spec/unit/ssl/key_spec.rb +30 -31
- data/spec/unit/ssl/validator_spec.rb +38 -39
- data/spec/unit/task_spec.rb +44 -45
- data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -5
- data/spec/unit/transaction/event_manager_spec.rb +87 -88
- data/spec/unit/transaction/event_spec.rb +16 -15
- data/spec/unit/transaction/persistence_spec.rb +16 -17
- data/spec/unit/transaction/report_spec.rb +11 -12
- data/spec/unit/transaction/resource_harness_spec.rb +28 -33
- data/spec/unit/transaction_spec.rb +100 -101
- data/spec/unit/type/component_spec.rb +0 -1
- data/spec/unit/type/exec_spec.rb +60 -56
- data/spec/unit/type/file/checksum_spec.rb +9 -10
- data/spec/unit/type/file/checksum_value_spec.rb +31 -32
- data/spec/unit/type/file/content_spec.rb +58 -61
- data/spec/unit/type/file/ctime_spec.rb +0 -1
- data/spec/unit/type/file/ensure_spec.rb +12 -13
- data/spec/unit/type/file/group_spec.rb +5 -7
- data/spec/unit/type/file/mode_spec.rb +4 -6
- data/spec/unit/type/file/mtime_spec.rb +0 -1
- data/spec/unit/type/file/owner_spec.rb +6 -8
- data/spec/unit/type/file/selinux_spec.rb +17 -19
- data/spec/unit/type/file/source_spec.rb +104 -101
- data/spec/unit/type/file/type_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +195 -185
- data/spec/unit/type/filebucket_spec.rb +4 -5
- data/spec/unit/type/group_spec.rb +6 -8
- data/spec/unit/type/noop_metaparam_spec.rb +1 -2
- data/spec/unit/type/package/package_settings_spec.rb +44 -23
- data/spec/unit/type/package_spec.rb +56 -57
- data/spec/unit/type/resources_spec.rb +72 -74
- data/spec/unit/type/schedule_spec.rb +24 -26
- data/spec/unit/type/service_spec.rb +48 -48
- data/spec/unit/type/stage_spec.rb +0 -1
- data/spec/unit/type/tidy_spec.rb +61 -62
- data/spec/unit/type/user_spec.rb +24 -25
- data/spec/unit/type/whit_spec.rb +0 -1
- data/spec/unit/type_spec.rb +55 -54
- data/spec/unit/util/at_fork_spec.rb +18 -19
- data/spec/unit/util/autoload_spec.rb +55 -56
- data/spec/unit/util/backups_spec.rb +34 -35
- data/spec/unit/util/character_encoding_spec.rb +5 -5
- data/spec/unit/util/checksums_spec.rb +38 -39
- data/spec/unit/util/colors_spec.rb +1 -2
- data/spec/unit/util/command_line_spec.rb +24 -25
- data/spec/unit/util/constant_inflector_spec.rb +0 -1
- data/spec/unit/util/diff_spec.rb +7 -8
- data/spec/unit/util/errors_spec.rb +0 -1
- data/spec/unit/util/execution_spec.rb +185 -161
- data/spec/unit/util/execution_stub_spec.rb +0 -1
- data/spec/unit/util/feature_spec.rb +21 -14
- data/spec/unit/util/filetype_spec.rb +49 -49
- data/spec/unit/util/http_proxy_spec.rb +12 -12
- data/spec/unit/util/inifile_spec.rb +26 -31
- data/spec/unit/util/json_lockfile_spec.rb +3 -5
- data/spec/unit/util/ldap/connection_spec.rb +26 -25
- data/spec/unit/util/ldap/generator_spec.rb +0 -1
- data/spec/unit/util/ldap/manager_spec.rb +102 -101
- data/spec/unit/util/lockfile_spec.rb +0 -1
- data/spec/unit/util/log/destinations_spec.rb +30 -33
- data/spec/unit/util/log_spec.rb +35 -36
- data/spec/unit/util/logging_spec.rb +58 -72
- data/spec/unit/util/metric_spec.rb +0 -1
- data/spec/unit/util/monkey_patches_spec.rb +7 -9
- data/spec/unit/util/multi_match_spec.rb +0 -1
- data/spec/unit/util/network_device/config_spec.rb +0 -1
- data/spec/unit/util/network_device/transport/base_spec.rb +5 -6
- data/spec/unit/util/network_device_spec.rb +7 -9
- data/spec/unit/util/package_spec.rb +0 -1
- data/spec/unit/util/pidlock_spec.rb +21 -22
- data/spec/unit/util/plist_spec.rb +40 -33
- data/spec/unit/util/posix_spec.rb +54 -51
- data/spec/unit/util/rdoc_spec.rb +9 -10
- data/spec/unit/util/reference_spec.rb +0 -1
- data/spec/unit/util/resource_template_spec.rb +20 -20
- data/spec/unit/util/retry_action_spec.rb +7 -8
- data/spec/unit/util/rubygems_spec.rb +7 -8
- data/spec/unit/util/run_mode_spec.rb +3 -4
- data/spec/unit/util/selinux_spec.rb +79 -72
- data/spec/unit/util/splayer_spec.rb +8 -9
- data/spec/unit/util/ssl_spec.rb +0 -1
- data/spec/unit/util/storage_spec.rb +3 -4
- data/spec/unit/util/suidmanager_spec.rb +45 -54
- data/spec/unit/util/symbolic_file_mode_spec.rb +0 -1
- data/spec/unit/util/tag_set_spec.rb +0 -1
- data/spec/unit/util/tagging_spec.rb +0 -1
- data/spec/unit/util/terminal_spec.rb +9 -10
- data/spec/unit/util/user_attr_spec.rb +1 -2
- data/spec/unit/util/warnings_spec.rb +3 -4
- data/spec/unit/util/watcher/periodic_watcher_spec.rb +2 -2
- data/spec/unit/util/watcher_spec.rb +51 -21
- data/spec/unit/util/windows/access_control_entry_spec.rb +0 -1
- data/spec/unit/util/windows/access_control_list_spec.rb +0 -1
- data/spec/unit/util/windows/adsi_spec.rb +136 -138
- data/spec/unit/util/windows/api_types_spec.rb +0 -1
- data/spec/unit/util/windows/eventlog_spec.rb +9 -12
- data/spec/unit/util/windows/file_spec.rb +0 -1
- data/spec/unit/util/windows/root_certs_spec.rb +0 -1
- data/spec/unit/util/windows/security_descriptor_spec.rb +0 -2
- data/spec/unit/util/windows/service_spec.rb +66 -68
- data/spec/unit/util/windows/sid_spec.rb +11 -13
- data/spec/unit/util/windows/string_spec.rb +0 -1
- data/spec/unit/util_spec.rb +55 -57
- data/spec/unit/version_spec.rb +6 -6
- metadata +2 -2
data/spec/unit/ssl/base_spec.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
#! /usr/bin/env ruby
|
2
1
|
require 'spec_helper'
|
3
2
|
|
4
3
|
require 'puppet/ssl/certificate'
|
@@ -15,23 +14,23 @@ describe Puppet::SSL::Certificate do
|
|
15
14
|
|
16
15
|
describe "when creating new instances" do
|
17
16
|
it "should fail if given an object that is not an instance of the wrapped class" do
|
18
|
-
obj =
|
17
|
+
obj = double('obj', :is_a? => false)
|
19
18
|
expect { @class.from_instance(obj) }.to raise_error(ArgumentError)
|
20
19
|
end
|
21
20
|
|
22
21
|
it "should fail if a name is not supplied and can't be determined from the object" do
|
23
|
-
obj =
|
22
|
+
obj = double('obj', :is_a? => true)
|
24
23
|
expect { @class.from_instance(obj) }.to raise_error(ArgumentError)
|
25
24
|
end
|
26
25
|
|
27
26
|
it "should determine the name from the object if it has a subject" do
|
28
|
-
obj =
|
27
|
+
obj = double('obj', :is_a? => true, :subject => '/CN=foo')
|
29
28
|
|
30
|
-
inst =
|
31
|
-
inst.
|
29
|
+
inst = double('base')
|
30
|
+
expect(inst).to receive(:content=).with(obj)
|
32
31
|
|
33
|
-
@class.
|
34
|
-
@class.
|
32
|
+
expect(@class).to receive(:new).with('foo').and_return(inst)
|
33
|
+
expect(@class).to receive(:name_from_subject).with('/CN=foo').and_return('foo')
|
35
34
|
|
36
35
|
expect(@class.from_instance(obj)).to eq(inst)
|
37
36
|
end
|
@@ -39,8 +38,8 @@ describe Puppet::SSL::Certificate do
|
|
39
38
|
|
40
39
|
describe "when determining a name from a certificate subject" do
|
41
40
|
it "should extract only the CN and not any other components" do
|
42
|
-
subject =
|
43
|
-
Puppet::Util::SSL.
|
41
|
+
subject = double('sub')
|
42
|
+
expect(Puppet::Util::SSL).to receive(:cn_from_subject).with(subject).and_return('host.domain.com')
|
44
43
|
expect(@class.name_from_subject(subject)).to eq('host.domain.com')
|
45
44
|
end
|
46
45
|
end
|
@@ -48,14 +47,14 @@ describe Puppet::SSL::Certificate do
|
|
48
47
|
describe "when initializing wrapped class from a file with #read" do
|
49
48
|
it "should open the file with ASCII encoding" do
|
50
49
|
path = '/foo/bar/cert'
|
51
|
-
Puppet::SSL::Base.
|
52
|
-
Puppet::FileSystem.
|
50
|
+
allow(Puppet::SSL::Base).to receive(:valid_certname).and_return(true)
|
51
|
+
expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("bar")
|
53
52
|
@base.read(path)
|
54
53
|
end
|
55
54
|
end
|
56
55
|
|
57
56
|
describe "#digest_algorithm" do
|
58
|
-
let(:content) {
|
57
|
+
let(:content) { double('content') }
|
59
58
|
let(:base) {
|
60
59
|
b = Puppet::SSL::Base.new('base')
|
61
60
|
b.content = content
|
@@ -79,13 +78,13 @@ describe Puppet::SSL::Certificate do
|
|
79
78
|
'dsaWithSHA1' => 'sha1',
|
80
79
|
}.each do |signature, digest|
|
81
80
|
it "returns '#{digest}' for signature algorithm '#{signature}'" do
|
82
|
-
content.
|
81
|
+
allow(content).to receive(:signature_algorithm).and_return(signature)
|
83
82
|
expect(base.digest_algorithm).to eq(digest)
|
84
83
|
end
|
85
84
|
end
|
86
85
|
|
87
86
|
it "raises an error on an unknown signature algorithm" do
|
88
|
-
content.
|
87
|
+
allow(content).to receive(:signature_algorithm).and_return("nonsense")
|
89
88
|
expect {
|
90
89
|
base.digest_algorithm
|
91
90
|
}.to raise_error(Puppet::Error, "Unknown signature algorithm 'nonsense'")
|
@@ -1,4 +1,3 @@
|
|
1
|
-
#! /usr/bin/env ruby
|
2
1
|
require 'spec_helper'
|
3
2
|
|
4
3
|
require 'puppet/ssl/certificate_request'
|
@@ -12,7 +11,6 @@ describe Puppet::SSL::CertificateRequest do
|
|
12
11
|
k
|
13
12
|
}
|
14
13
|
|
15
|
-
|
16
14
|
it "should be extended with the Indirector module" do
|
17
15
|
expect(described_class.singleton_class).to be_include(Puppet::Indirector)
|
18
16
|
end
|
@@ -31,15 +29,15 @@ describe Puppet::SSL::CertificateRequest do
|
|
31
29
|
|
32
30
|
describe "when converting from a string" do
|
33
31
|
it "should create a CSR instance with its name set to the CSR subject and its content set to the extracted CSR" do
|
34
|
-
csr =
|
32
|
+
csr = double('csr',
|
35
33
|
:subject => OpenSSL::X509::Name.parse("/CN=Foo.madstop.com"),
|
36
|
-
:is_a? => true
|
37
|
-
OpenSSL::X509::Request.
|
34
|
+
:is_a? => true)
|
35
|
+
expect(OpenSSL::X509::Request).to receive(:new).with("my csr").and_return(csr)
|
38
36
|
|
39
|
-
mycsr =
|
40
|
-
mycsr.
|
37
|
+
mycsr = double('sslcsr')
|
38
|
+
expect(mycsr).to receive(:content=).with(csr)
|
41
39
|
|
42
|
-
described_class.
|
40
|
+
expect(described_class).to receive(:new).with("Foo.madstop.com").and_return(mycsr)
|
43
41
|
|
44
42
|
described_class.from_s("my csr")
|
45
43
|
end
|
@@ -60,9 +58,9 @@ describe Puppet::SSL::CertificateRequest do
|
|
60
58
|
|
61
59
|
it "should be able to read requests from disk" do
|
62
60
|
path = "/my/path"
|
63
|
-
Puppet::FileSystem.
|
64
|
-
my_req =
|
65
|
-
OpenSSL::X509::Request.
|
61
|
+
expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("my request")
|
62
|
+
my_req = double('request')
|
63
|
+
expect(OpenSSL::X509::Request).to receive(:new).with("my request").and_return(my_req)
|
66
64
|
expect(request.read(path)).to equal(my_req)
|
67
65
|
expect(request.content).to equal(my_req)
|
68
66
|
end
|
@@ -77,8 +75,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
77
75
|
end
|
78
76
|
|
79
77
|
it "should have a :to_text method that it delegates to the actual key" do
|
80
|
-
real_request =
|
81
|
-
real_request.
|
78
|
+
real_request = double('request')
|
79
|
+
expect(real_request).to receive(:to_text).and_return("requesttext")
|
82
80
|
request.content = real_request
|
83
81
|
expect(request.to_text).to eq("requesttext")
|
84
82
|
end
|
@@ -302,26 +300,26 @@ describe Puppet::SSL::CertificateRequest do
|
|
302
300
|
|
303
301
|
it "should verify the generated request using the public key" do
|
304
302
|
# Stupid keys don't have a competent == method.
|
305
|
-
OpenSSL::X509::Request.
|
303
|
+
expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
|
306
304
|
public_key.to_s == key.content.public_key.to_s
|
307
|
-
|
305
|
+
end.and_return(true)
|
308
306
|
request.generate(key)
|
309
307
|
end
|
310
308
|
|
311
309
|
it "should fail if verification fails" do
|
312
|
-
OpenSSL::X509::Request.
|
310
|
+
expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
|
313
311
|
public_key.to_s == key.content.public_key.to_s
|
314
|
-
|
312
|
+
end.and_return(false)
|
315
313
|
|
316
|
-
expect
|
314
|
+
expect do
|
317
315
|
request.generate(key)
|
318
|
-
|
316
|
+
end.to raise_error(Puppet::Error, /CSR sign verification failed/)
|
319
317
|
end
|
320
318
|
|
321
319
|
it "should log the fingerprint" do
|
322
|
-
Puppet::SSL::Digest.
|
323
|
-
Puppet.
|
324
|
-
Puppet.
|
320
|
+
allow_any_instance_of(Puppet::SSL::Digest).to receive(:to_hex).and_return("FINGERPRINT")
|
321
|
+
allow(Puppet).to receive(:info)
|
322
|
+
expect(Puppet).to receive(:info).with(/FINGERPRINT/)
|
325
323
|
request.generate(key)
|
326
324
|
end
|
327
325
|
|
@@ -333,8 +331,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
333
331
|
|
334
332
|
it "should use SHA1 to sign the csr when SHA256 isn't available" do
|
335
333
|
csr = OpenSSL::X509::Request.new
|
336
|
-
OpenSSL::Digest.
|
337
|
-
OpenSSL::Digest.
|
334
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
|
335
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(true)
|
338
336
|
signer = Puppet::SSL::CertificateSigner.new
|
339
337
|
signer.sign(csr, key.content)
|
340
338
|
expect(csr.verify(key.content)).to be_truthy
|
@@ -344,46 +342,49 @@ describe Puppet::SSL::CertificateRequest do
|
|
344
342
|
# So commenting it out till it is sorted out
|
345
343
|
# The problem seems to be with the ability to sign a CSR when using either of
|
346
344
|
# these hash algorithms
|
345
|
+
pending "should use SHA512 to sign the csr when SHA256 and SHA1 aren't available" do
|
346
|
+
csr = OpenSSL::X509::Request.new
|
347
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
|
348
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
|
349
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(true)
|
350
|
+
signer = Puppet::SSL::CertificateSigner.new
|
351
|
+
signer.sign(csr, key.content)
|
352
|
+
expect(csr.verify(key.content)).to be_truthy
|
353
|
+
end
|
347
354
|
|
348
|
-
#
|
349
|
-
#
|
350
|
-
#
|
351
|
-
#
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
|
362
|
-
# OpenSSL::Digest.expects(:const_defined?).with("SHA512").returns(false)
|
363
|
-
# OpenSSL::Digest.expects(:const_defined?).with("SHA384").returns(true)
|
364
|
-
# signer = Puppet::SSL::CertificateSigner.new
|
365
|
-
# signer.sign(csr, key.content)
|
366
|
-
# expect(csr.verify(key.content)).to be_truthy
|
367
|
-
# end
|
355
|
+
# Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
|
356
|
+
# So commenting it out till it is sorted out
|
357
|
+
# The problem seems to be with the ability to sign a CSR when using either of
|
358
|
+
# these hash algorithms
|
359
|
+
pending "should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available" do
|
360
|
+
csr = OpenSSL::X509::Request.new
|
361
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
|
362
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
|
363
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(false)
|
364
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(true)
|
365
|
+
signer = Puppet::SSL::CertificateSigner.new
|
366
|
+
signer.sign(csr, key.content)
|
367
|
+
expect(csr.verify(key.content)).to be_truthy
|
368
|
+
end
|
368
369
|
|
369
370
|
it "should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available" do
|
370
371
|
csr = OpenSSL::X509::Request.new
|
371
|
-
OpenSSL::Digest.
|
372
|
-
OpenSSL::Digest.
|
373
|
-
OpenSSL::Digest.
|
374
|
-
OpenSSL::Digest.
|
375
|
-
OpenSSL::Digest.
|
372
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
|
373
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
|
374
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(false)
|
375
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(false)
|
376
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA224").and_return(true)
|
376
377
|
signer = Puppet::SSL::CertificateSigner.new
|
377
378
|
signer.sign(csr, key.content)
|
378
379
|
expect(csr.verify(key.content)).to be_truthy
|
379
380
|
end
|
380
381
|
|
381
382
|
it "should raise an error if neither SHA256/SHA1/SHA512/SHA384/SHA224 are available" do
|
382
|
-
OpenSSL::Digest.
|
383
|
-
OpenSSL::Digest.
|
384
|
-
OpenSSL::Digest.
|
385
|
-
OpenSSL::Digest.
|
386
|
-
OpenSSL::Digest.
|
383
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
|
384
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
|
385
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(false)
|
386
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(false)
|
387
|
+
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA224").and_return(false)
|
387
388
|
expect {
|
388
389
|
Puppet::SSL::CertificateSigner.new
|
389
390
|
}.to raise_error(Puppet::Error)
|
@@ -392,10 +393,13 @@ describe Puppet::SSL::CertificateRequest do
|
|
392
393
|
|
393
394
|
it "should save the CSR" do
|
394
395
|
csr = Puppet::SSL::CertificateRequest.new("me")
|
395
|
-
terminus =
|
396
|
-
terminus.
|
397
|
-
Puppet::SSL::CertificateRequest.indirection.
|
398
|
-
terminus.
|
396
|
+
terminus = double('terminus')
|
397
|
+
allow(terminus).to receive(:validate)
|
398
|
+
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:prepare).and_return(terminus)
|
399
|
+
expect(terminus).to receive(:save) do |request|
|
400
|
+
expect(request.instance).to eq(csr)
|
401
|
+
expect(request.key).to eq("me")
|
402
|
+
end
|
399
403
|
Puppet::SSL::CertificateRequest.indirection.save(csr)
|
400
404
|
end
|
401
405
|
end
|
@@ -1,4 +1,3 @@
|
|
1
|
-
#! /usr/bin/env ruby
|
2
1
|
require 'spec_helper'
|
3
2
|
require 'puppet/certificate_factory'
|
4
3
|
|
@@ -31,24 +30,26 @@ describe Puppet::SSL::Certificate do
|
|
31
30
|
|
32
31
|
describe "when converting from a string" do
|
33
32
|
it "should create a certificate instance with its name set to the certificate subject and its content set to the extracted certificate" do
|
34
|
-
cert =
|
33
|
+
cert = double(
|
34
|
+
'certificate',
|
35
35
|
:subject => OpenSSL::X509::Name.parse("/CN=Foo.madstop.com"),
|
36
36
|
:is_a? => true
|
37
|
-
|
37
|
+
)
|
38
|
+
expect(OpenSSL::X509::Certificate).to receive(:new).with("my certificate").and_return(cert)
|
38
39
|
|
39
|
-
mycert =
|
40
|
-
mycert.
|
40
|
+
mycert = double('sslcert')
|
41
|
+
expect(mycert).to receive(:content=).with(cert)
|
41
42
|
|
42
|
-
@class.
|
43
|
+
expect(@class).to receive(:new).with("Foo.madstop.com").and_return(mycert)
|
43
44
|
|
44
45
|
@class.from_s("my certificate")
|
45
46
|
end
|
46
47
|
|
47
48
|
it "should create multiple certificate instances when asked" do
|
48
|
-
cert1 =
|
49
|
-
@class.
|
50
|
-
cert2 =
|
51
|
-
@class.
|
49
|
+
cert1 = double('cert1')
|
50
|
+
expect(@class).to receive(:from_s).with("cert1").and_return(cert1)
|
51
|
+
cert2 = double('cert2')
|
52
|
+
expect(@class).to receive(:from_s).with("cert2").and_return(cert2)
|
52
53
|
|
53
54
|
expect(@class.from_multiple_s("cert1\n---\ncert2")).to eq([cert1, cert2])
|
54
55
|
end
|
@@ -64,15 +65,15 @@ describe Puppet::SSL::Certificate do
|
|
64
65
|
end
|
65
66
|
|
66
67
|
it "should convert the certificate to pem format" do
|
67
|
-
certificate =
|
68
|
+
certificate = double('certificate', :to_pem => "pem")
|
68
69
|
@certificate.content = certificate
|
69
70
|
expect(@certificate.to_s).to eq("pem")
|
70
71
|
end
|
71
72
|
|
72
73
|
it "should be able to convert multiple instances to a string" do
|
73
74
|
cert2 = @class.new("foo")
|
74
|
-
@certificate.
|
75
|
-
cert2.
|
75
|
+
expect(@certificate).to receive(:to_s).and_return("cert1")
|
76
|
+
expect(cert2).to receive(:to_s).and_return("cert2")
|
76
77
|
|
77
78
|
expect(@class.to_multiple_s([@certificate, cert2])).to eq("cert1\n---\ncert2")
|
78
79
|
|
@@ -80,7 +81,6 @@ describe Puppet::SSL::Certificate do
|
|
80
81
|
end
|
81
82
|
|
82
83
|
describe "when managing instances" do
|
83
|
-
|
84
84
|
def build_cert(opts)
|
85
85
|
key = Puppet::SSL::Key.new('quux')
|
86
86
|
key.generate
|
@@ -139,36 +139,35 @@ describe Puppet::SSL::Certificate do
|
|
139
139
|
cert = build_cert(:dns_alt_names => 'foo')
|
140
140
|
expect(cert.custom_extensions).to be_empty
|
141
141
|
end
|
142
|
-
|
143
142
|
end
|
144
143
|
|
145
144
|
it "should return a nil expiration if there is no actual certificate" do
|
146
|
-
@certificate.
|
145
|
+
allow(@certificate).to receive(:content).and_return(nil)
|
147
146
|
|
148
147
|
expect(@certificate.expiration).to be_nil
|
149
148
|
end
|
150
149
|
|
151
150
|
it "should use the expiration of the certificate as its expiration date" do
|
152
|
-
cert =
|
153
|
-
@certificate.
|
151
|
+
cert = double('cert')
|
152
|
+
allow(@certificate).to receive(:content).and_return(cert)
|
154
153
|
|
155
|
-
cert.
|
154
|
+
expect(cert).to receive(:not_after).and_return("sometime")
|
156
155
|
|
157
156
|
expect(@certificate.expiration).to eq("sometime")
|
158
157
|
end
|
159
158
|
|
160
159
|
it "should be able to read certificates from disk" do
|
161
160
|
path = "/my/path"
|
162
|
-
Puppet::FileSystem.
|
163
|
-
certificate =
|
164
|
-
OpenSSL::X509::Certificate.
|
161
|
+
expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("my certificate")
|
162
|
+
certificate = double('certificate')
|
163
|
+
expect(OpenSSL::X509::Certificate).to receive(:new).with("my certificate").and_return(certificate)
|
165
164
|
expect(@certificate.read(path)).to equal(certificate)
|
166
165
|
expect(@certificate.content).to equal(certificate)
|
167
166
|
end
|
168
167
|
|
169
168
|
it "should have a :to_text method that it delegates to the actual key" do
|
170
|
-
real_certificate =
|
171
|
-
real_certificate.
|
169
|
+
real_certificate = double('certificate')
|
170
|
+
expect(real_certificate).to receive(:to_text).and_return("certificatetext")
|
172
171
|
@certificate.content = real_certificate
|
173
172
|
expect(@certificate.to_text).to eq("certificatetext")
|
174
173
|
end
|
@@ -182,6 +181,5 @@ describe Puppet::SSL::Certificate do
|
|
182
181
|
expect(exts.find { |ext| ext['oid'] == 'pp_instance_id'}['value']).to eq('i_am_an_id')
|
183
182
|
expect(exts.find { |ext| ext['oid'] == 'pp_image_name'}['value']).to eq('i_am_an_image_name')
|
184
183
|
end
|
185
|
-
|
186
184
|
end
|
187
185
|
end
|
data/spec/unit/ssl/host_spec.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
1
|
require 'spec_helper'
|
3
2
|
require 'puppet/test_ca'
|
4
3
|
|
@@ -37,19 +36,19 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
37
36
|
end
|
38
37
|
|
39
38
|
it "should retrieve its public key from its private key" do
|
40
|
-
realkey =
|
41
|
-
key =
|
42
|
-
Puppet::SSL::Key.indirection.
|
43
|
-
pubkey =
|
44
|
-
realkey.
|
39
|
+
realkey = double('realkey')
|
40
|
+
key = double('key', :content => realkey)
|
41
|
+
allow(Puppet::SSL::Key.indirection).to receive(:find).and_return(key)
|
42
|
+
pubkey = double('public_key')
|
43
|
+
expect(realkey).to receive(:public_key).and_return(pubkey)
|
45
44
|
|
46
45
|
expect(@host.public_key).to equal(pubkey)
|
47
46
|
end
|
48
47
|
|
49
48
|
describe 'localhost' do
|
50
49
|
before(:each) do
|
51
|
-
Puppet::SSL::Host.
|
52
|
-
Puppet::SSL::Host.
|
50
|
+
allow_any_instance_of(Puppet::SSL::Host).to receive(:certificate).and_return(nil)
|
51
|
+
allow_any_instance_of(Puppet::SSL::Host).to receive(:generate)
|
53
52
|
end
|
54
53
|
|
55
54
|
it "should have a method for producing an instance to manage the local host's keys" do
|
@@ -63,40 +62,40 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
63
62
|
end
|
64
63
|
|
65
64
|
it "should generate the certificate for the localhost instance if no certificate is available" do
|
66
|
-
host =
|
67
|
-
Puppet::SSL::Host.
|
65
|
+
host = double('host', :key => nil)
|
66
|
+
expect(Puppet::SSL::Host).to receive(:new).and_return(host)
|
68
67
|
|
69
|
-
host.
|
70
|
-
host.
|
68
|
+
expect(host).to receive(:certificate).and_return(nil)
|
69
|
+
expect(host).to receive(:generate)
|
71
70
|
|
72
71
|
expect(Puppet::SSL::Host.localhost).to equal(host)
|
73
72
|
end
|
74
73
|
|
75
74
|
it "should always read the key for the localhost instance in from disk" do
|
76
|
-
host =
|
77
|
-
host.
|
78
|
-
Puppet::SSL::Host.
|
75
|
+
host = double('host', :certificate => "eh")
|
76
|
+
expect(host).to receive(:key)
|
77
|
+
expect(Puppet::SSL::Host).to receive(:new).and_return(host)
|
79
78
|
|
80
79
|
Puppet::SSL::Host.localhost
|
81
80
|
end
|
82
81
|
|
83
82
|
it "should cache the localhost instance" do
|
84
|
-
host =
|
85
|
-
Puppet::SSL::Host.
|
83
|
+
host = double('host', :certificate => "eh", :key => 'foo')
|
84
|
+
expect(Puppet::SSL::Host).to receive(:new).once.and_return(host)
|
86
85
|
expect(Puppet::SSL::Host.localhost).to eq(Puppet::SSL::Host.localhost)
|
87
86
|
end
|
88
87
|
end
|
89
88
|
|
90
89
|
context "with dns_alt_names" do
|
91
90
|
before :each do
|
92
|
-
@key =
|
93
|
-
key =
|
94
|
-
Puppet::SSL::Key.
|
95
|
-
Puppet::SSL::Key.indirection.
|
91
|
+
@key = double('key content')
|
92
|
+
key = double('key', :generate => true, :content => @key)
|
93
|
+
allow(Puppet::SSL::Key).to receive(:new).and_return(key)
|
94
|
+
allow(Puppet::SSL::Key.indirection).to receive(:save).with(key)
|
96
95
|
|
97
|
-
@cr =
|
98
|
-
Puppet::SSL::CertificateRequest.
|
99
|
-
Puppet::SSL::Host.
|
96
|
+
@cr = double('certificate request', :render => "csr pem")
|
97
|
+
allow(Puppet::SSL::CertificateRequest).to receive(:new).and_return(@cr)
|
98
|
+
allow_any_instance_of(Puppet::SSL::Host).to receive(:submit_certificate_request)
|
100
99
|
end
|
101
100
|
|
102
101
|
describe "explicitly specified" do
|
@@ -105,13 +104,13 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
105
104
|
end
|
106
105
|
|
107
106
|
it "should not include subjectAltName if not the local node" do
|
108
|
-
@cr.
|
107
|
+
expect(@cr).to receive(:generate).with(@key, {})
|
109
108
|
|
110
109
|
Puppet::SSL::Host.new('not-the-' + Puppet[:certname]).generate_certificate_request
|
111
110
|
end
|
112
111
|
|
113
112
|
it "should include subjectAltName if the local node" do
|
114
|
-
@cr.
|
113
|
+
expect(@cr).to receive(:generate).with(@key, { :dns_alt_names => 'one, two' })
|
115
114
|
|
116
115
|
Puppet::SSL::Host.new(Puppet[:certname]).generate_certificate_request
|
117
116
|
end
|
@@ -124,55 +123,55 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
124
123
|
|
125
124
|
it "should consider the certificate invalid if it cannot find a key" do
|
126
125
|
host = Puppet::SSL::Host.new("foo")
|
127
|
-
certificate =
|
128
|
-
host.
|
126
|
+
certificate = double('cert', :fingerprint => 'DEADBEEF')
|
127
|
+
expect(host).to receive(:key).and_return(nil)
|
129
128
|
expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, "No private key with which to validate certificate with fingerprint: DEADBEEF")
|
130
129
|
end
|
131
130
|
|
132
131
|
it "should consider the certificate invalid if it cannot find a certificate" do
|
133
132
|
host = Puppet::SSL::Host.new("foo")
|
134
|
-
host.
|
133
|
+
expect(host).not_to receive(:key)
|
135
134
|
expect { host.validate_certificate_with_key(nil) }.to raise_error(Puppet::Error, "No certificate to validate.")
|
136
135
|
end
|
137
136
|
|
138
137
|
it "should consider the certificate invalid if the SSL certificate's key verification fails" do
|
139
138
|
host = Puppet::SSL::Host.new("foo")
|
140
|
-
key =
|
141
|
-
sslcert =
|
142
|
-
certificate =
|
143
|
-
host.
|
144
|
-
sslcert.
|
139
|
+
key = double('key', :content => "private_key")
|
140
|
+
sslcert = double('sslcert')
|
141
|
+
certificate = double('cert', {:content => sslcert, :fingerprint => 'DEADBEEF'})
|
142
|
+
allow(host).to receive(:key).and_return(key)
|
143
|
+
expect(sslcert).to receive(:check_private_key).with("private_key").and_return(false)
|
145
144
|
expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, /DEADBEEF/)
|
146
145
|
end
|
147
146
|
|
148
147
|
it "should consider the certificate valid if the SSL certificate's key verification succeeds" do
|
149
148
|
host = Puppet::SSL::Host.new("foo")
|
150
|
-
key =
|
151
|
-
sslcert =
|
152
|
-
certificate =
|
153
|
-
host.
|
154
|
-
sslcert.
|
149
|
+
key = double('key', :content => "private_key")
|
150
|
+
sslcert = double('sslcert')
|
151
|
+
certificate = double('cert', :content => sslcert)
|
152
|
+
allow(host).to receive(:key).and_return(key)
|
153
|
+
expect(sslcert).to receive(:check_private_key).with("private_key").and_return(true)
|
155
154
|
expect{ host.validate_certificate_with_key(certificate) }.not_to raise_error
|
156
155
|
end
|
157
156
|
|
158
157
|
it "should output agent-specific commands when validation fails" do
|
159
158
|
host = Puppet::SSL::Host.new("foo")
|
160
|
-
key =
|
161
|
-
sslcert =
|
162
|
-
certificate =
|
163
|
-
host.
|
164
|
-
sslcert.
|
159
|
+
key = double('key', :content => "private_key")
|
160
|
+
sslcert = double('sslcert')
|
161
|
+
certificate = double('cert', {:content => sslcert, :fingerprint => 'DEADBEEF'})
|
162
|
+
allow(host).to receive(:key).and_return(key)
|
163
|
+
expect(sslcert).to receive(:check_private_key).with("private_key").and_return(false)
|
165
164
|
expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, /puppet ssl clean \n/)
|
166
165
|
end
|
167
166
|
|
168
167
|
it "should output device-specific commands when validation fails" do
|
169
168
|
Puppet[:certname] = "device.example.com"
|
170
169
|
host = Puppet::SSL::Host.new("device.example.com", true)
|
171
|
-
key =
|
172
|
-
sslcert =
|
173
|
-
certificate =
|
174
|
-
host.
|
175
|
-
sslcert.
|
170
|
+
key = double('key', :content => "private_key")
|
171
|
+
sslcert = double('sslcert')
|
172
|
+
certificate = double('cert', {:content => sslcert, :fingerprint => 'DEADBEEF'})
|
173
|
+
allow(host).to receive(:key).and_return(key)
|
174
|
+
expect(sslcert).to receive(:check_private_key).with("private_key").and_return(false)
|
176
175
|
expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, /puppet ssl clean --target device.example.com/)
|
177
176
|
end
|
178
177
|
|
@@ -196,37 +195,37 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
196
195
|
end
|
197
196
|
|
198
197
|
it "should return nil if the key is not set and cannot be found" do
|
199
|
-
Puppet::SSL::Key.indirection.
|
198
|
+
expect(Puppet::SSL::Key.indirection).to receive(:find).with("myname").and_return(nil)
|
200
199
|
expect(@host.key).to be_nil
|
201
200
|
end
|
202
201
|
|
203
202
|
it "should find the key in the Key class and return the Puppet instance" do
|
204
|
-
Puppet::SSL::Key.indirection.
|
203
|
+
expect(Puppet::SSL::Key.indirection).to receive(:find).with("myname").and_return(@key)
|
205
204
|
expect(@host.key).to equal(@key)
|
206
205
|
end
|
207
206
|
|
208
207
|
it "should be able to generate and save a new key" do
|
209
|
-
Puppet::SSL::Key.
|
208
|
+
expect(Puppet::SSL::Key).to receive(:new).with("myname").and_return(@key)
|
210
209
|
|
211
|
-
@key.
|
212
|
-
Puppet::SSL::Key.indirection.
|
210
|
+
expect(@key).to receive(:generate)
|
211
|
+
expect(Puppet::SSL::Key.indirection).to receive(:save)
|
213
212
|
|
214
213
|
expect(@host.generate_key).to be_truthy
|
215
214
|
expect(@host.key).to equal(@key)
|
216
215
|
end
|
217
216
|
|
218
217
|
it "should not retain keys that could not be saved" do
|
219
|
-
Puppet::SSL::Key.
|
218
|
+
expect(Puppet::SSL::Key).to receive(:new).with("myname").and_return(@key)
|
220
219
|
|
221
|
-
@key.
|
222
|
-
Puppet::SSL::Key.indirection.
|
220
|
+
expect(@key).to receive(:generate)
|
221
|
+
expect(Puppet::SSL::Key.indirection).to receive(:save).and_raise("eh")
|
223
222
|
|
224
223
|
expect { @host.generate_key }.to raise_error(RuntimeError)
|
225
224
|
expect(@host.key).to be_nil
|
226
225
|
end
|
227
226
|
|
228
227
|
it "should return any previously found key without requerying" do
|
229
|
-
Puppet::SSL::Key.indirection.
|
228
|
+
expect(Puppet::SSL::Key.indirection).to receive(:find).with("myname").and_return(@key).once
|
230
229
|
expect(@host.key).to equal(@key)
|
231
230
|
expect(@host.key).to equal(@key)
|
232
231
|
end
|
@@ -244,52 +243,52 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
244
243
|
let(:key) { Puppet::SSL::Key.from_s(@pki[:leaf_key].to_s, @host.name) }
|
245
244
|
|
246
245
|
it "should generate a new key when generating the cert request if no key exists" do
|
247
|
-
@host.
|
248
|
-
@host.
|
246
|
+
expect(@host).to receive(:key).exactly(2).times.and_return(nil, key)
|
247
|
+
expect(@host).to receive(:generate_key).and_return(key)
|
249
248
|
|
250
|
-
@host.
|
249
|
+
allow(@host).to receive(:submit_certificate_request)
|
251
250
|
|
252
251
|
@host.generate_certificate_request
|
253
252
|
expect(Puppet::FileSystem.exist?(File.join(Puppet[:requestdir], "#{@host.name}.pem"))).to be true
|
254
253
|
end
|
255
254
|
|
256
255
|
it "should be able to generate and save a new request using the private key" do
|
257
|
-
@host.
|
258
|
-
@host.
|
256
|
+
allow(@host).to receive(:key).and_return(key)
|
257
|
+
allow(@host).to receive(:submit_certificate_request)
|
259
258
|
|
260
259
|
expect(@host.generate_certificate_request).to be_truthy
|
261
260
|
expect(Puppet::FileSystem.exist?(File.join(Puppet[:requestdir], "#{@host.name}.pem"))).to be true
|
262
261
|
end
|
263
262
|
|
264
263
|
it "should send a new request to the CA for signing" do
|
265
|
-
@http =
|
266
|
-
@host.
|
267
|
-
@host.
|
268
|
-
@host.
|
269
|
-
request =
|
270
|
-
request.
|
271
|
-
request.
|
272
|
-
Puppet::SSL::CertificateRequest.
|
273
|
-
|
274
|
-
Puppet::Rest::Routes.
|
264
|
+
@http = double("http")
|
265
|
+
allow(@host).to receive(:http_client).and_return(@http)
|
266
|
+
allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
|
267
|
+
allow(@host).to receive(:key).and_return(key)
|
268
|
+
request = double("request")
|
269
|
+
allow(request).to receive(:generate)
|
270
|
+
expect(request).to receive(:render).and_return("my request").twice
|
271
|
+
expect(Puppet::SSL::CertificateRequest).to receive(:new).and_return(request)
|
272
|
+
|
273
|
+
expect(Puppet::Rest::Routes).to receive(:put_certificate_request)
|
275
274
|
.with("my request", @host.name, anything)
|
276
|
-
.
|
275
|
+
.and_return(nil)
|
277
276
|
|
278
277
|
expect(@host.generate_certificate_request).to be true
|
279
278
|
end
|
280
279
|
|
281
280
|
it "should return any previously found request without requerying" do
|
282
|
-
request =
|
283
|
-
@host.
|
281
|
+
request = double("request")
|
282
|
+
expect(@host).to receive(:load_certificate_request_from_file).and_return(request).once
|
284
283
|
|
285
284
|
expect(@host.certificate_request).to equal(request)
|
286
285
|
expect(@host.certificate_request).to equal(request)
|
287
286
|
end
|
288
287
|
|
289
288
|
it "should not keep its certificate request in memory if the request cannot be saved" do
|
290
|
-
@host.
|
291
|
-
@host.
|
292
|
-
Puppet::Util.
|
289
|
+
allow(@host).to receive(:key).and_return(key)
|
290
|
+
allow(@host).to receive(:submit_certificate_request)
|
291
|
+
expect(Puppet::Util).to receive(:replace_file).and_raise(RuntimeError)
|
293
292
|
|
294
293
|
expect { @host.generate_certificate_request }.to raise_error(RuntimeError)
|
295
294
|
|
@@ -304,57 +303,57 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
304
303
|
|
305
304
|
before(:each) do
|
306
305
|
Puppet[:certdir] = tmpdir('certs')
|
307
|
-
@host.
|
308
|
-
@host.
|
309
|
-
@host.
|
310
|
-
@host.
|
306
|
+
allow(@host).to receive(:key).and_return(double("key"))
|
307
|
+
allow(@host).to receive(:validate_certificate_with_key)
|
308
|
+
allow(@host).to receive(:http_client).and_return(@http)
|
309
|
+
allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
|
311
310
|
end
|
312
311
|
|
313
312
|
let(:ca_cert_response) { @pki[:ca_bundle] }
|
314
313
|
let(:host_cert_response) { @pki[:unrevoked_leaf_node_cert] }
|
315
314
|
|
316
315
|
it "should find the CA certificate and save it to disk" do
|
317
|
-
Puppet::Rest::Routes.
|
316
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
318
317
|
.with(Puppet::SSL::CA_NAME, anything)
|
319
|
-
.
|
320
|
-
Puppet::Rest::Routes.
|
318
|
+
.and_return(ca_cert_response)
|
319
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
321
320
|
.with(@host.name, anything)
|
322
|
-
.
|
323
|
-
|
321
|
+
.and_raise(Puppet::Rest::ResponseError.new('no client cert',
|
322
|
+
double('response', code: '404')))
|
324
323
|
@host.certificate
|
325
324
|
actual_ca_bundle = Puppet::FileSystem.read(Puppet[:localcacert])
|
326
325
|
expect(actual_ca_bundle).to match(/BEGIN CERTIFICATE.*END CERTIFICATE.*BEGIN CERTIFICATE/m)
|
327
326
|
end
|
328
327
|
|
329
328
|
it "should return nil if it cannot find a CA certificate" do
|
330
|
-
@host.
|
331
|
-
@host.
|
329
|
+
expect(@host).to receive(:ensure_ca_certificate).and_return(false)
|
330
|
+
expect(@host).not_to receive(:get_host_certificate)
|
332
331
|
|
333
332
|
expect(@host.certificate).to be_nil
|
334
333
|
end
|
335
334
|
|
336
335
|
it "should find the key if it does not have one" do
|
337
|
-
@host.
|
338
|
-
@host.
|
339
|
-
@host.
|
336
|
+
expect(@host).to receive(:ensure_ca_certificate).and_return(true)
|
337
|
+
expect(@host).to receive(:get_host_certificate).and_return(nil)
|
338
|
+
expect(@host).to receive(:key).and_return(double("key"))
|
340
339
|
@host.certificate
|
341
340
|
end
|
342
341
|
|
343
342
|
it "should generate the key if one cannot be found" do
|
344
|
-
@host.
|
345
|
-
@host.
|
346
|
-
@host.
|
347
|
-
@host.
|
343
|
+
expect(@host).to receive(:ensure_ca_certificate).and_return(true)
|
344
|
+
expect(@host).to receive(:get_host_certificate).and_return(nil)
|
345
|
+
expect(@host).to receive(:key).and_return(nil)
|
346
|
+
expect(@host).to receive(:generate_key)
|
348
347
|
@host.certificate
|
349
348
|
end
|
350
349
|
|
351
350
|
it "should find the host certificate, write it to file, and return the Puppet certificate instance" do
|
352
|
-
Puppet::Rest::Routes.
|
351
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
353
352
|
.with(Puppet::SSL::CA_NAME, anything)
|
354
|
-
.
|
355
|
-
Puppet::Rest::Routes.
|
353
|
+
.and_return(ca_cert_response)
|
354
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
356
355
|
.with(@host.name, anything)
|
357
|
-
.
|
356
|
+
.and_return(host_cert_response)
|
358
357
|
expected_cert = Puppet::SSL::Certificate.from_s(@pki[:unrevoked_leaf_node_cert])
|
359
358
|
actual_cert = @host.certificate
|
360
359
|
expect(actual_cert).to be_a(Puppet::SSL::Certificate)
|
@@ -364,9 +363,9 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
364
363
|
end
|
365
364
|
|
366
365
|
it "should return any previously found certificate" do
|
367
|
-
cert =
|
368
|
-
@host.
|
369
|
-
@host.
|
366
|
+
cert = double('cert')
|
367
|
+
expect(@host).to receive(:ensure_ca_certificate).and_return(true).once
|
368
|
+
expect(@host).to receive(:get_host_certificate).and_return(cert).once
|
370
369
|
|
371
370
|
expect(@host.certificate).to equal(cert)
|
372
371
|
expect(@host.certificate).to equal(cert)
|
@@ -374,19 +373,19 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
374
373
|
|
375
374
|
context 'invalid certificates' do
|
376
375
|
it "should raise if the CA certificate downloaded from CA is invalid" do
|
377
|
-
Puppet::Rest::Routes.
|
376
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
378
377
|
.with(Puppet::SSL::CA_NAME, anything)
|
379
|
-
.
|
378
|
+
.and_return('garbage')
|
380
379
|
expect { @host.certificate }.to raise_error(Puppet::Error, /did not contain a valid CA certificate/)
|
381
380
|
end
|
382
381
|
|
383
382
|
it "should warn if the host certificate downloaded from CA is invalid" do
|
384
|
-
Puppet::Rest::Routes.
|
383
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
385
384
|
.with(Puppet::SSL::CA_NAME, anything)
|
386
|
-
.
|
387
|
-
Puppet::Rest::Routes.
|
385
|
+
.and_return(ca_cert_response)
|
386
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
388
387
|
.with(@host.name, anything)
|
389
|
-
.
|
388
|
+
.and_return('garbage')
|
390
389
|
expect { @host.certificate }.to raise_error(Puppet::Error, /did not contain a valid certificate for #{@host.name}/)
|
391
390
|
end
|
392
391
|
|
@@ -398,9 +397,9 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
398
397
|
end
|
399
398
|
|
400
399
|
it 'should warn if the host certificate loaded from disk in invalid' do
|
401
|
-
Puppet::Rest::Routes.
|
400
|
+
expect(Puppet::Rest::Routes).to receive(:get_certificate)
|
402
401
|
.with(Puppet::SSL::CA_NAME, anything)
|
403
|
-
.
|
402
|
+
.and_return(ca_cert_response)
|
404
403
|
Puppet::FileSystem.open(File.join(Puppet[:certdir], "#{@host.name}.pem"), nil, "w:ASCII") do |f|
|
405
404
|
f.puts 'garbage'
|
406
405
|
end
|
@@ -416,22 +415,22 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
416
415
|
describe "when generating files" do
|
417
416
|
before do
|
418
417
|
@host = Puppet::SSL::Host.new("me")
|
419
|
-
@host.
|
420
|
-
@host.
|
421
|
-
@host.
|
422
|
-
@host.
|
418
|
+
allow(@host).to receive(:generate_key)
|
419
|
+
allow(@host).to receive(:generate_certificate_request)
|
420
|
+
allow(@host).to receive(:certificate_request)
|
421
|
+
allow(@host).to receive(:certificate)
|
423
422
|
end
|
424
423
|
|
425
424
|
it "should generate a key if one is not present" do
|
426
|
-
@host.
|
427
|
-
@host.
|
425
|
+
allow(@host).to receive(:key).and_return nil
|
426
|
+
expect(@host).to receive(:generate_key)
|
428
427
|
|
429
428
|
@host.generate
|
430
429
|
end
|
431
430
|
|
432
431
|
it "should generate a certificate request if one is not present" do
|
433
|
-
@host.
|
434
|
-
@host.
|
432
|
+
expect(@host).to receive(:certificate_request).and_return nil
|
433
|
+
expect(@host).to receive(:generate_certificate_request)
|
435
434
|
|
436
435
|
@host.generate
|
437
436
|
end
|
@@ -447,10 +446,9 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
447
446
|
end
|
448
447
|
|
449
448
|
it "should accept a purpose" do
|
450
|
-
store =
|
451
|
-
store
|
452
|
-
OpenSSL::X509::
|
453
|
-
store.expects(:purpose=).with(OpenSSL::X509::PURPOSE_SSL_SERVER)
|
449
|
+
store = double('store', :add_file => nil)
|
450
|
+
expect(OpenSSL::X509::Store).to receive(:new).and_return(store)
|
451
|
+
expect(store).to receive(:purpose=).with(OpenSSL::X509::PURPOSE_SSL_SERVER)
|
454
452
|
host = Puppet::SSL::Host.new("me")
|
455
453
|
host.crl_usage = false
|
456
454
|
|
@@ -463,8 +461,8 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
463
461
|
@revoked_cert = @pki[:revoked_root_node_cert]
|
464
462
|
localcacert = Puppet.settings[:localcacert]
|
465
463
|
Puppet::Util.replace_file(localcacert, 0644) {|f| f.write @pki[:ca_bundle] }
|
466
|
-
@http =
|
467
|
-
@host.
|
464
|
+
@http = double('http')
|
465
|
+
allow(@host).to receive(:http_client).and_return(@http)
|
468
466
|
end
|
469
467
|
|
470
468
|
after do
|
@@ -473,9 +471,9 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
473
471
|
end
|
474
472
|
|
475
473
|
it "retrieves it from the server" do
|
476
|
-
Puppet::Rest::Routes.
|
474
|
+
expect(Puppet::Rest::Routes).to receive(:get_crls)
|
477
475
|
.with(Puppet::SSL::CA_NAME, anything)
|
478
|
-
.
|
476
|
+
.and_return(@pki[:crl_chain])
|
479
477
|
|
480
478
|
@host.ssl_store
|
481
479
|
expect(Puppet::FileSystem.read(Puppet.settings[:hostcrl], :encoding => Encoding::UTF_8)).to eq(@pki[:crl_chain])
|
@@ -575,54 +573,73 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
575
573
|
end
|
576
574
|
|
577
575
|
it "should generate its certificate request and attempt to read the certificate again if no certificate is found" do
|
578
|
-
@host.
|
579
|
-
@host.
|
576
|
+
expect(@host).to receive(:certificate).twice.and_return(nil, "foo")
|
577
|
+
expect(@host).to receive(:generate)
|
580
578
|
@host.wait_for_cert(1)
|
581
579
|
end
|
582
580
|
|
583
581
|
it "should catch and log errors during CSR saving" do
|
584
|
-
@host.
|
585
|
-
|
586
|
-
@host.
|
582
|
+
expect(@host).to receive(:certificate).twice.and_return(nil, "foo")
|
583
|
+
times_generate_called = 0
|
584
|
+
expect(@host).to receive(:generate) do
|
585
|
+
times_generate_called += 1
|
586
|
+
raise RuntimeError if times_generate_called == 1
|
587
|
+
nil
|
588
|
+
end
|
589
|
+
allow(@host).to receive(:sleep)
|
587
590
|
@host.wait_for_cert(1)
|
588
591
|
end
|
589
592
|
|
590
593
|
it "should sleep and retry after failures saving the CSR if waitforcert is enabled" do
|
591
|
-
@host.
|
592
|
-
|
593
|
-
@host.
|
594
|
+
expect(@host).to receive(:certificate).twice.and_return(nil, "foo")
|
595
|
+
times_generate_called = 0
|
596
|
+
expect(@host).to receive(:generate) do
|
597
|
+
times_generate_called += 1
|
598
|
+
raise RuntimeError if times_generate_called == 1
|
599
|
+
nil
|
600
|
+
end
|
601
|
+
expect(@host).to receive(:sleep).with(1)
|
594
602
|
@host.wait_for_cert(1)
|
595
603
|
end
|
596
604
|
|
597
605
|
it "should exit after failures saving the CSR of waitforcert is disabled" do
|
598
|
-
@host.
|
599
|
-
@host.
|
600
|
-
@host.
|
606
|
+
expect(@host).to receive(:certificate).and_return(nil)
|
607
|
+
expect(@host).to receive(:generate).and_raise(RuntimeError)
|
608
|
+
expect(@host).to receive(:puts)
|
601
609
|
expect { @host.wait_for_cert(0) }.to exit_with 1
|
602
610
|
end
|
603
611
|
|
604
612
|
it "should exit if the wait time is 0 and it can neither find nor retrieve a certificate" do
|
605
|
-
@host.
|
606
|
-
@host.
|
607
|
-
@host.
|
613
|
+
allow(@host).to receive(:certificate).and_return(nil)
|
614
|
+
expect(@host).to receive(:generate)
|
615
|
+
expect(@host).to receive(:puts)
|
608
616
|
expect { @host.wait_for_cert(0) }.to exit_with 1
|
609
617
|
end
|
610
618
|
|
611
619
|
it "should sleep for the specified amount of time if no certificate is found after generating its certificate request" do
|
612
|
-
@host.
|
613
|
-
@host.
|
620
|
+
expect(@host).to receive(:certificate).exactly(3).times().and_return(nil, nil, "foo")
|
621
|
+
expect(@host).to receive(:generate)
|
614
622
|
|
615
|
-
@host.
|
623
|
+
expect(@host).to receive(:sleep).with(1)
|
616
624
|
|
617
625
|
@host.wait_for_cert(1)
|
618
626
|
end
|
619
627
|
|
620
628
|
it "should catch and log exceptions during certificate retrieval" do
|
621
|
-
|
622
|
-
@host.
|
623
|
-
|
629
|
+
times_certificate_called = 0
|
630
|
+
expect(@host).to receive(:certificate) do
|
631
|
+
times_certificate_called += 1
|
632
|
+
if times_certificate_called == 1
|
633
|
+
return nil
|
634
|
+
elsif times_certificate_called == 2
|
635
|
+
raise RuntimeError
|
636
|
+
end
|
637
|
+
"foo"
|
638
|
+
end.exactly(3).times()
|
639
|
+
allow(@host).to receive(:generate)
|
640
|
+
allow(@host).to receive(:sleep)
|
624
641
|
|
625
|
-
Puppet.
|
642
|
+
expect(Puppet).to receive(:log_exception).at_least(:once)
|
626
643
|
|
627
644
|
@host.wait_for_cert(1)
|
628
645
|
end
|