puppet 6.16.0-x86-mingw32 → 7.0.0-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (645) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +5 -3
  3. data/Gemfile.lock +31 -33
  4. data/README.md +4 -5
  5. data/Rakefile +4 -12
  6. data/conf/fileserver.conf +5 -10
  7. data/ext/build_defaults.yaml +1 -1
  8. data/ext/osx/file_mapping.yaml +0 -5
  9. data/ext/project_data.yaml +1 -14
  10. data/ext/redhat/puppet.spec.erb +0 -1
  11. data/ext/windows/service/daemon.rb +6 -5
  12. data/install.rb +21 -17
  13. data/lib/puppet.rb +11 -20
  14. data/lib/puppet/agent.rb +2 -2
  15. data/lib/puppet/agent/locker.rb +0 -7
  16. data/lib/puppet/application.rb +172 -98
  17. data/lib/puppet/application/agent.rb +22 -6
  18. data/lib/puppet/application/apply.rb +18 -20
  19. data/lib/puppet/application/device.rb +100 -104
  20. data/lib/puppet/application/doc.rb +1 -1
  21. data/lib/puppet/application/filebucket.rb +15 -11
  22. data/lib/puppet/application/lookup.rb +16 -4
  23. data/lib/puppet/application/ssl.rb +1 -1
  24. data/lib/puppet/configurer.rb +66 -31
  25. data/lib/puppet/configurer/downloader.rb +31 -10
  26. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  27. data/lib/puppet/confine.rb +2 -2
  28. data/lib/puppet/confine/any.rb +1 -1
  29. data/lib/puppet/defaults.rb +166 -169
  30. data/lib/puppet/environments.rb +41 -15
  31. data/lib/puppet/face/catalog.rb +1 -1
  32. data/lib/puppet/face/config.rb +56 -16
  33. data/lib/puppet/face/epp.rb +12 -2
  34. data/lib/puppet/face/facts.rb +66 -6
  35. data/lib/puppet/face/help.rb +1 -1
  36. data/lib/puppet/face/node.rb +3 -3
  37. data/lib/puppet/face/node/clean.rb +2 -2
  38. data/lib/puppet/face/plugin.rb +5 -8
  39. data/lib/puppet/feature/base.rb +1 -1
  40. data/lib/puppet/ffi/windows.rb +12 -0
  41. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  42. data/lib/puppet/ffi/windows/constants.rb +404 -0
  43. data/lib/puppet/ffi/windows/functions.rb +628 -0
  44. data/lib/puppet/ffi/windows/structs.rb +338 -0
  45. data/lib/puppet/file_bucket/dipper.rb +1 -1
  46. data/lib/puppet/file_serving/configuration.rb +0 -5
  47. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  48. data/lib/puppet/file_serving/http_metadata.rb +13 -1
  49. data/lib/puppet/file_serving/metadata.rb +4 -1
  50. data/lib/puppet/file_serving/mount.rb +1 -2
  51. data/lib/puppet/file_serving/mount/locales.rb +1 -2
  52. data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
  53. data/lib/puppet/file_serving/mount/plugins.rb +1 -2
  54. data/lib/puppet/file_serving/terminus_selector.rb +7 -8
  55. data/lib/puppet/file_system/file_impl.rb +4 -4
  56. data/lib/puppet/file_system/uniquefile.rb +8 -16
  57. data/lib/puppet/forge.rb +1 -1
  58. data/lib/puppet/forge/cache.rb +1 -1
  59. data/lib/puppet/forge/repository.rb +3 -8
  60. data/lib/puppet/functions/epp.rb +1 -0
  61. data/lib/puppet/functions/inline_epp.rb +1 -0
  62. data/lib/puppet/functions/lstrip.rb +4 -4
  63. data/lib/puppet/functions/new.rb +8 -3
  64. data/lib/puppet/functions/reverse_each.rb +1 -1
  65. data/lib/puppet/functions/rstrip.rb +4 -4
  66. data/lib/puppet/functions/step.rb +1 -1
  67. data/lib/puppet/functions/strip.rb +4 -4
  68. data/lib/puppet/generate/models/type/type.rb +4 -1
  69. data/lib/puppet/gettext/config.rb +5 -5
  70. data/lib/puppet/gettext/module_translations.rb +4 -4
  71. data/lib/puppet/http.rb +23 -13
  72. data/lib/puppet/http/client.rb +170 -115
  73. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  74. data/lib/puppet/http/errors.rb +16 -0
  75. data/lib/puppet/http/external_client.rb +5 -7
  76. data/lib/puppet/{network/http → http}/factory.rb +8 -11
  77. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  78. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  79. data/lib/puppet/http/proxy.rb +137 -0
  80. data/lib/puppet/http/redirector.rb +13 -19
  81. data/lib/puppet/http/resolver.rb +10 -23
  82. data/lib/puppet/http/resolver/server_list.rb +23 -45
  83. data/lib/puppet/http/resolver/settings.rb +7 -10
  84. data/lib/puppet/http/resolver/srv.rb +11 -15
  85. data/lib/puppet/http/response.rb +49 -48
  86. data/lib/puppet/http/response_converter.rb +24 -0
  87. data/lib/puppet/http/response_net_http.rb +42 -0
  88. data/lib/puppet/http/retry_after_handler.rb +4 -13
  89. data/lib/puppet/http/service.rb +15 -27
  90. data/lib/puppet/http/service/ca.rb +11 -22
  91. data/lib/puppet/http/service/compiler.rb +23 -70
  92. data/lib/puppet/http/service/file_server.rb +19 -28
  93. data/lib/puppet/http/service/puppetserver.rb +53 -0
  94. data/lib/puppet/http/service/report.rb +8 -10
  95. data/lib/puppet/http/session.rb +16 -24
  96. data/lib/puppet/{network/http → http}/site.rb +1 -2
  97. data/lib/puppet/indirector.rb +1 -1
  98. data/lib/puppet/indirector/catalog/compiler.rb +1 -1
  99. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  100. data/lib/puppet/indirector/exec.rb +1 -1
  101. data/lib/puppet/indirector/fact_search.rb +60 -0
  102. data/lib/puppet/indirector/facts/facter.rb +27 -6
  103. data/lib/puppet/indirector/facts/json.rb +27 -0
  104. data/lib/puppet/indirector/facts/rest.rb +3 -22
  105. data/lib/puppet/indirector/facts/yaml.rb +4 -59
  106. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  107. data/lib/puppet/indirector/file_content/rest.rb +3 -7
  108. data/lib/puppet/indirector/file_metadata/http.rb +25 -5
  109. data/lib/puppet/indirector/file_metadata/rest.rb +5 -11
  110. data/lib/puppet/indirector/file_server.rb +1 -8
  111. data/lib/puppet/indirector/generic_http.rb +0 -11
  112. data/lib/puppet/indirector/hiera.rb +4 -0
  113. data/lib/puppet/indirector/indirection.rb +1 -1
  114. data/lib/puppet/indirector/json.rb +5 -1
  115. data/lib/puppet/indirector/msgpack.rb +1 -1
  116. data/lib/puppet/indirector/node/json.rb +8 -0
  117. data/lib/puppet/indirector/node/rest.rb +2 -4
  118. data/lib/puppet/indirector/report/json.rb +34 -0
  119. data/lib/puppet/indirector/report/processor.rb +2 -2
  120. data/lib/puppet/indirector/report/rest.rb +3 -8
  121. data/lib/puppet/indirector/request.rb +2 -103
  122. data/lib/puppet/indirector/rest.rb +12 -263
  123. data/lib/puppet/indirector/yaml.rb +1 -1
  124. data/lib/puppet/module.rb +1 -2
  125. data/lib/puppet/module_tool/applications.rb +0 -1
  126. data/lib/puppet/network/authconfig.rb +2 -96
  127. data/lib/puppet/network/authorization.rb +13 -35
  128. data/lib/puppet/network/format_support.rb +2 -2
  129. data/lib/puppet/network/formats.rb +2 -1
  130. data/lib/puppet/network/http.rb +3 -3
  131. data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
  132. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  133. data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
  134. data/lib/puppet/network/http/connection.rb +247 -316
  135. data/lib/puppet/network/http/handler.rb +0 -1
  136. data/lib/puppet/network/http/route.rb +2 -2
  137. data/lib/puppet/network/http_pool.rb +16 -34
  138. data/lib/puppet/node.rb +1 -30
  139. data/lib/puppet/node/environment.rb +12 -5
  140. data/lib/puppet/node/facts.rb +17 -0
  141. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  142. data/lib/puppet/pal/pal_impl.rb +93 -14
  143. data/lib/puppet/parameter.rb +1 -1
  144. data/lib/puppet/parser/ast/leaf.rb +5 -5
  145. data/lib/puppet/parser/ast/pops_bridge.rb +0 -42
  146. data/lib/puppet/parser/compiler.rb +1 -199
  147. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  148. data/lib/puppet/parser/functions.rb +21 -17
  149. data/lib/puppet/parser/functions/create_resources.rb +11 -7
  150. data/lib/puppet/parser/resource.rb +3 -71
  151. data/lib/puppet/parser/resource/param.rb +6 -0
  152. data/lib/puppet/parser/type_loader.rb +2 -2
  153. data/lib/puppet/pops/adaptable.rb +7 -13
  154. data/lib/puppet/pops/adapters.rb +8 -4
  155. data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
  156. data/lib/puppet/pops/evaluator/evaluator_impl.rb +27 -13
  157. data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
  158. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  159. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  160. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  161. data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
  162. data/lib/puppet/pops/loaders.rb +18 -11
  163. data/lib/puppet/pops/lookup/context.rb +1 -1
  164. data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
  165. data/lib/puppet/pops/model/ast.pp +0 -42
  166. data/lib/puppet/pops/model/ast.rb +0 -290
  167. data/lib/puppet/pops/model/factory.rb +0 -45
  168. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  169. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  170. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  171. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  172. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  173. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  174. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  175. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -22
  176. data/lib/puppet/pops/types/iterable.rb +34 -8
  177. data/lib/puppet/pops/types/p_meta_type.rb +1 -1
  178. data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
  179. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  180. data/lib/puppet/pops/types/type_parser.rb +0 -4
  181. data/lib/puppet/pops/types/types.rb +0 -1
  182. data/lib/puppet/pops/validation/checker4_0.rb +28 -42
  183. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  184. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -1
  185. data/lib/puppet/provider.rb +0 -13
  186. data/lib/puppet/provider/file/windows.rb +1 -1
  187. data/lib/puppet/provider/nameservice.rb +0 -18
  188. data/lib/puppet/provider/package/apt.rb +34 -0
  189. data/lib/puppet/provider/package/aptitude.rb +1 -1
  190. data/lib/puppet/provider/package/dpkg.rb +1 -11
  191. data/lib/puppet/provider/package/gem.rb +27 -5
  192. data/lib/puppet/provider/package/pip.rb +0 -1
  193. data/lib/puppet/provider/package/pip2.rb +17 -0
  194. data/lib/puppet/provider/package/pkg.rb +0 -4
  195. data/lib/puppet/provider/package/portage.rb +1 -1
  196. data/lib/puppet/provider/package/puppet_gem.rb +6 -4
  197. data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
  198. data/lib/puppet/provider/package/yum.rb +2 -1
  199. data/lib/puppet/provider/package/zypper.rb +3 -0
  200. data/lib/puppet/provider/service/smf.rb +191 -73
  201. data/lib/puppet/provider/service/windows.rb +23 -7
  202. data/lib/puppet/provider/user/aix.rb +1 -1
  203. data/lib/puppet/provider/user/directoryservice.rb +0 -10
  204. data/lib/puppet/provider/user/user_role_add.rb +1 -1
  205. data/lib/puppet/provider/user/useradd.rb +11 -4
  206. data/lib/puppet/provider/user/windows_adsi.rb +18 -1
  207. data/lib/puppet/reference/configuration.rb +2 -0
  208. data/lib/puppet/reference/indirection.rb +1 -1
  209. data/lib/puppet/reports/http.rb +2 -0
  210. data/lib/puppet/resource.rb +3 -90
  211. data/lib/puppet/resource/catalog.rb +1 -14
  212. data/lib/puppet/resource/type.rb +5 -112
  213. data/lib/puppet/resource/type_collection.rb +3 -48
  214. data/lib/puppet/runtime.rb +1 -2
  215. data/lib/puppet/settings.rb +84 -35
  216. data/lib/puppet/settings/base_setting.rb +26 -2
  217. data/lib/puppet/settings/integer_setting.rb +17 -0
  218. data/lib/puppet/settings/port_setting.rb +15 -0
  219. data/lib/puppet/settings/priority_setting.rb +5 -4
  220. data/lib/puppet/ssl.rb +10 -6
  221. data/lib/puppet/ssl/base.rb +3 -5
  222. data/lib/puppet/ssl/certificate.rb +0 -6
  223. data/lib/puppet/ssl/certificate_request.rb +1 -12
  224. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  225. data/lib/puppet/ssl/oids.rb +3 -1
  226. data/lib/puppet/ssl/ssl_context.rb +2 -2
  227. data/lib/puppet/ssl/ssl_provider.rb +37 -1
  228. data/lib/puppet/ssl/state_machine.rb +3 -1
  229. data/lib/puppet/ssl/verifier.rb +2 -0
  230. data/lib/puppet/test/test_helper.rb +19 -16
  231. data/lib/puppet/transaction.rb +3 -9
  232. data/lib/puppet/transaction/persistence.rb +1 -1
  233. data/lib/puppet/transaction/report.rb +10 -8
  234. data/lib/puppet/trusted_external.rb +29 -1
  235. data/lib/puppet/type.rb +9 -77
  236. data/lib/puppet/type/file.rb +45 -22
  237. data/lib/puppet/type/file/checksum.rb +5 -5
  238. data/lib/puppet/type/file/source.rb +33 -13
  239. data/lib/puppet/type/filebucket.rb +4 -4
  240. data/lib/puppet/type/notify.rb +2 -2
  241. data/lib/puppet/type/package.rb +5 -13
  242. data/lib/puppet/type/service.rb +53 -0
  243. data/lib/puppet/type/user.rb +18 -3
  244. data/lib/puppet/util.rb +41 -3
  245. data/lib/puppet/util/autoload.rb +9 -7
  246. data/lib/puppet/util/character_encoding.rb +9 -5
  247. data/lib/puppet/util/checksums.rb +19 -4
  248. data/lib/puppet/util/execution.rb +2 -13
  249. data/lib/puppet/util/fileparsing.rb +2 -2
  250. data/lib/puppet/util/http_proxy.rb +2 -215
  251. data/lib/puppet/util/monkey_patches.rb +0 -46
  252. data/lib/puppet/util/provider_features.rb +1 -1
  253. data/lib/puppet/util/rdoc.rb +0 -7
  254. data/lib/puppet/util/reference.rb +1 -1
  255. data/lib/puppet/util/retry_action.rb +1 -1
  256. data/lib/puppet/util/rubygems.rb +5 -1
  257. data/lib/puppet/util/run_mode.rb +14 -2
  258. data/lib/puppet/util/windows.rb +3 -7
  259. data/lib/puppet/util/windows/daemon.rb +360 -0
  260. data/lib/puppet/util/windows/error.rb +1 -0
  261. data/lib/puppet/util/windows/eventlog.rb +5 -15
  262. data/lib/puppet/util/windows/file.rb +8 -242
  263. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  264. data/lib/puppet/util/windows/principal.rb +8 -6
  265. data/lib/puppet/util/windows/process.rb +4 -226
  266. data/lib/puppet/util/windows/registry.rb +11 -11
  267. data/lib/puppet/util/windows/security.rb +4 -4
  268. data/lib/puppet/util/windows/service.rb +52 -486
  269. data/lib/puppet/util/windows/string.rb +12 -13
  270. data/lib/puppet/util/windows/user.rb +242 -8
  271. data/lib/puppet/util/yaml.rb +0 -22
  272. data/lib/puppet/vendor/require_vendored.rb +0 -1
  273. data/lib/puppet/version.rb +1 -1
  274. data/lib/puppet/x509.rb +5 -1
  275. data/lib/puppet/x509/cert_provider.rb +29 -1
  276. data/locales/puppet.pot +713 -1380
  277. data/man/man5/puppet.conf.5 +84 -98
  278. data/man/man8/puppet-agent.8 +7 -4
  279. data/man/man8/puppet-apply.8 +1 -1
  280. data/man/man8/puppet-catalog.8 +1 -1
  281. data/man/man8/puppet-config.8 +6 -6
  282. data/man/man8/puppet-describe.8 +1 -1
  283. data/man/man8/puppet-device.8 +1 -1
  284. data/man/man8/puppet-doc.8 +1 -1
  285. data/man/man8/puppet-epp.8 +1 -1
  286. data/man/man8/puppet-facts.8 +55 -9
  287. data/man/man8/puppet-filebucket.8 +6 -6
  288. data/man/man8/puppet-generate.8 +1 -1
  289. data/man/man8/puppet-help.8 +1 -1
  290. data/man/man8/puppet-lookup.8 +2 -2
  291. data/man/man8/puppet-module.8 +1 -58
  292. data/man/man8/puppet-node.8 +7 -4
  293. data/man/man8/puppet-parser.8 +1 -1
  294. data/man/man8/puppet-plugin.8 +1 -1
  295. data/man/man8/puppet-report.8 +4 -1
  296. data/man/man8/puppet-resource.8 +1 -1
  297. data/man/man8/puppet-script.8 +1 -1
  298. data/man/man8/puppet-ssl.8 +1 -1
  299. data/man/man8/puppet.8 +2 -2
  300. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
  301. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
  302. data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
  303. data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
  304. data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
  305. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  306. data/spec/integration/application/agent_spec.rb +157 -59
  307. data/spec/integration/application/apply_spec.rb +150 -150
  308. data/spec/integration/application/doc_spec.rb +16 -6
  309. data/spec/integration/application/filebucket_spec.rb +78 -29
  310. data/spec/integration/application/help_spec.rb +44 -0
  311. data/spec/integration/application/lookup_spec.rb +13 -0
  312. data/spec/integration/application/module_spec.rb +68 -0
  313. data/spec/integration/application/plugin_spec.rb +76 -4
  314. data/spec/integration/configurer_spec.rb +14 -0
  315. data/spec/integration/data_binding_spec.rb +82 -0
  316. data/spec/integration/defaults_spec.rb +33 -5
  317. data/spec/integration/directory_environments_spec.rb +17 -17
  318. data/spec/integration/environments/setting_hooks_spec.rb +1 -1
  319. data/spec/integration/indirector/facts/facter_spec.rb +8 -6
  320. data/spec/integration/network/http_pool_spec.rb +29 -30
  321. data/spec/integration/node/environment_spec.rb +1 -1
  322. data/spec/integration/parser/catalog_spec.rb +0 -38
  323. data/spec/integration/parser/compiler_spec.rb +11 -0
  324. data/spec/integration/parser/node_spec.rb +0 -9
  325. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  326. data/spec/integration/type/file_spec.rb +6 -5
  327. data/spec/integration/util/execution_spec.rb +22 -0
  328. data/spec/integration/util/windows/adsi_spec.rb +2 -2
  329. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  330. data/spec/integration/util/windows/process_spec.rb +26 -32
  331. data/spec/integration/util/windows/registry_spec.rb +7 -7
  332. data/spec/integration/util/windows/security_spec.rb +1 -1
  333. data/spec/integration/util/windows/user_spec.rb +47 -5
  334. data/spec/integration/util_spec.rb +7 -33
  335. data/spec/lib/puppet_spec/matchers.rb +0 -80
  336. data/spec/lib/puppet_spec/puppetserver.rb +9 -1
  337. data/spec/lib/puppet_spec/settings.rb +7 -1
  338. data/spec/shared_contexts/types_setup.rb +2 -0
  339. data/spec/spec_helper.rb +2 -0
  340. data/spec/unit/agent_spec.rb +0 -2
  341. data/spec/unit/application/agent_spec.rb +3 -4
  342. data/spec/unit/application/config_spec.rb +224 -4
  343. data/spec/unit/application/doc_spec.rb +2 -2
  344. data/spec/unit/application/face_base_spec.rb +6 -4
  345. data/spec/unit/application/facts_spec.rb +74 -8
  346. data/spec/unit/application/filebucket_spec.rb +41 -39
  347. data/spec/unit/application/resource_spec.rb +3 -1
  348. data/spec/unit/application/ssl_spec.rb +17 -4
  349. data/spec/unit/application_spec.rb +9 -4
  350. data/spec/unit/certificate_factory_spec.rb +1 -1
  351. data/spec/unit/configurer/downloader_spec.rb +14 -0
  352. data/spec/unit/configurer/fact_handler_spec.rb +4 -4
  353. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  354. data/spec/unit/configurer_spec.rb +96 -44
  355. data/spec/unit/confine_spec.rb +2 -1
  356. data/spec/unit/context/trusted_information_spec.rb +12 -10
  357. data/spec/unit/defaults_spec.rb +77 -28
  358. data/spec/unit/environments_spec.rb +96 -32
  359. data/spec/unit/face/config_spec.rb +65 -12
  360. data/spec/unit/face/facts_spec.rb +4 -0
  361. data/spec/unit/face/node_spec.rb +2 -2
  362. data/spec/unit/face/plugin_spec.rb +73 -33
  363. data/spec/unit/file_bucket/file_spec.rb +1 -1
  364. data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
  365. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  366. data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
  367. data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
  368. data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
  369. data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
  370. data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
  371. data/spec/unit/file_system/uniquefile_spec.rb +18 -0
  372. data/spec/unit/file_system_spec.rb +1 -2
  373. data/spec/unit/functions/camelcase_spec.rb +1 -1
  374. data/spec/unit/functions/capitalize_spec.rb +1 -1
  375. data/spec/unit/functions/downcase_spec.rb +1 -1
  376. data/spec/unit/functions/inline_epp_spec.rb +26 -1
  377. data/spec/unit/functions/upcase_spec.rb +1 -1
  378. data/spec/unit/http/client_spec.rb +71 -17
  379. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  380. data/spec/unit/http/external_client_spec.rb +4 -4
  381. data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
  382. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  383. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  384. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  385. data/spec/unit/http/resolver_spec.rb +34 -15
  386. data/spec/unit/http/response_spec.rb +6 -0
  387. data/spec/unit/http/service/ca_spec.rb +2 -3
  388. data/spec/unit/http/service/compiler_spec.rb +51 -65
  389. data/spec/unit/http/service/file_server_spec.rb +5 -6
  390. data/spec/unit/http/service/puppetserver_spec.rb +112 -0
  391. data/spec/unit/http/service/report_spec.rb +2 -3
  392. data/spec/unit/http/service_spec.rb +1 -3
  393. data/spec/unit/http/session_spec.rb +24 -35
  394. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  395. data/spec/unit/indirector/catalog/json_spec.rb +1 -1
  396. data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
  397. data/spec/unit/indirector/facts/facter_spec.rb +97 -0
  398. data/spec/unit/indirector/facts/json_spec.rb +255 -0
  399. data/spec/unit/indirector/facts/rest_spec.rb +1 -1
  400. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  401. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  402. data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
  403. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  404. data/spec/unit/indirector/file_server_spec.rb +1 -15
  405. data/spec/unit/indirector/json_spec.rb +8 -8
  406. data/spec/unit/indirector/msgpack_spec.rb +8 -8
  407. data/spec/unit/indirector/node/json_spec.rb +33 -0
  408. data/spec/unit/indirector/node/rest_spec.rb +1 -1
  409. data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
  410. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  411. data/spec/unit/indirector/report/yaml_spec.rb +72 -8
  412. data/spec/unit/indirector/request_spec.rb +3 -267
  413. data/spec/unit/indirector/rest_spec.rb +98 -752
  414. data/spec/unit/indirector/yaml_spec.rb +7 -7
  415. data/spec/unit/interface_spec.rb +3 -3
  416. data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
  417. data/spec/unit/network/authconfig_spec.rb +2 -132
  418. data/spec/unit/network/authorization_spec.rb +2 -55
  419. data/spec/unit/network/format_support_spec.rb +3 -2
  420. data/spec/unit/network/formats_spec.rb +4 -4
  421. data/spec/unit/network/http/api/indirected_routes_spec.rb +3 -98
  422. data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
  423. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  424. data/spec/unit/network/http/api_spec.rb +10 -0
  425. data/spec/unit/network/http/connection_spec.rb +61 -73
  426. data/spec/unit/network/http/handler_spec.rb +0 -6
  427. data/spec/unit/network/http_pool_spec.rb +0 -4
  428. data/spec/unit/node/environment_spec.rb +51 -22
  429. data/spec/unit/node_spec.rb +2 -54
  430. data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
  431. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  432. data/spec/unit/parser/scope_spec.rb +1 -1
  433. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +19 -8
  434. data/spec/unit/pops/loaders/loaders_spec.rb +77 -22
  435. data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
  436. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  437. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  438. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  439. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  440. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  441. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  442. data/spec/unit/pops/types/type_calculator_spec.rb +7 -17
  443. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  444. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  445. data/spec/unit/pops/visitor_spec.rb +1 -1
  446. data/spec/unit/provider/exec_spec.rb +4 -3
  447. data/spec/unit/provider/nameservice_spec.rb +0 -57
  448. data/spec/unit/provider/package/apt_spec.rb +77 -0
  449. data/spec/unit/provider/package/aptitude_spec.rb +1 -0
  450. data/spec/unit/provider/package/dpkg_spec.rb +22 -55
  451. data/spec/unit/provider/package/gem_spec.rb +32 -0
  452. data/spec/unit/provider/package/openbsd_spec.rb +2 -0
  453. data/spec/unit/provider/package/pip2_spec.rb +36 -0
  454. data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
  455. data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
  456. data/spec/unit/provider/package/yum_spec.rb +31 -0
  457. data/spec/unit/provider/package/zypper_spec.rb +14 -0
  458. data/spec/unit/provider/service/base_spec.rb +2 -4
  459. data/spec/unit/provider/service/bsd_spec.rb +5 -1
  460. data/spec/unit/provider/service/daemontools_spec.rb +1 -1
  461. data/spec/unit/provider/service/debian_spec.rb +3 -5
  462. data/spec/unit/provider/service/freebsd_spec.rb +1 -1
  463. data/spec/unit/provider/service/gentoo_spec.rb +4 -5
  464. data/spec/unit/provider/service/init_spec.rb +45 -5
  465. data/spec/unit/provider/service/launchd_spec.rb +5 -6
  466. data/spec/unit/provider/service/openrc_spec.rb +4 -5
  467. data/spec/unit/provider/service/openwrt_spec.rb +1 -1
  468. data/spec/unit/provider/service/redhat_spec.rb +1 -1
  469. data/spec/unit/provider/service/runit_spec.rb +2 -1
  470. data/spec/unit/provider/service/smf_spec.rb +402 -166
  471. data/spec/unit/provider/service/src_spec.rb +3 -5
  472. data/spec/unit/provider/service/systemd_spec.rb +3 -6
  473. data/spec/unit/provider/service/upstart_spec.rb +4 -5
  474. data/spec/unit/provider/service/windows_spec.rb +50 -15
  475. data/spec/unit/provider/user/openbsd_spec.rb +1 -0
  476. data/spec/unit/provider/user/useradd_spec.rb +22 -16
  477. data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
  478. data/spec/unit/provider_spec.rb +0 -12
  479. data/spec/unit/puppet_pal_2pec.rb +40 -0
  480. data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
  481. data/spec/unit/reports/store_spec.rb +17 -13
  482. data/spec/unit/resource/type_collection_spec.rb +2 -22
  483. data/spec/unit/resource_spec.rb +3 -59
  484. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  485. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  486. data/spec/unit/settings/port_setting_spec.rb +31 -0
  487. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  488. data/spec/unit/settings_spec.rb +586 -239
  489. data/spec/unit/ssl/base_spec.rb +36 -3
  490. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  491. data/spec/unit/ssl/certificate_spec.rb +2 -11
  492. data/spec/unit/ssl/ssl_provider_spec.rb +78 -49
  493. data/spec/unit/ssl/state_machine_spec.rb +0 -1
  494. data/spec/unit/ssl/verifier_spec.rb +0 -21
  495. data/spec/unit/test/test_helper_spec.rb +17 -0
  496. data/spec/unit/transaction/persistence_spec.rb +15 -0
  497. data/spec/unit/transaction/report_spec.rb +3 -3
  498. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  499. data/spec/unit/transaction_spec.rb +45 -79
  500. data/spec/unit/type/file/checksum_spec.rb +6 -6
  501. data/spec/unit/type/file/content_spec.rb +1 -1
  502. data/spec/unit/type/file/ensure_spec.rb +1 -1
  503. data/spec/unit/type/file/mode_spec.rb +1 -1
  504. data/spec/unit/type/file/source_spec.rb +4 -5
  505. data/spec/unit/type/file_spec.rb +134 -102
  506. data/spec/unit/type/filebucket_spec.rb +1 -1
  507. data/spec/unit/type/package_spec.rb +1 -1
  508. data/spec/unit/type/service_spec.rb +209 -0
  509. data/spec/unit/type/user_spec.rb +31 -2
  510. data/spec/unit/type_spec.rb +70 -0
  511. data/spec/unit/util/backups_spec.rb +0 -2
  512. data/spec/unit/util/character_encoding_spec.rb +4 -4
  513. data/spec/unit/util/checksums_spec.rb +16 -0
  514. data/spec/unit/util/command_line_spec.rb +11 -6
  515. data/spec/unit/util/execution_spec.rb +0 -29
  516. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  517. data/spec/unit/util/rubygems_spec.rb +2 -2
  518. data/spec/unit/util/run_mode_spec.rb +27 -127
  519. data/spec/unit/util/windows/api_types_spec.rb +104 -40
  520. data/spec/unit/util/windows/service_spec.rb +4 -4
  521. data/spec/unit/util/windows/string_spec.rb +1 -3
  522. data/spec/unit/util/yaml_spec.rb +0 -54
  523. data/spec/unit/util_spec.rb +3 -21
  524. data/spec/unit/x509/cert_provider_spec.rb +1 -1
  525. metadata +76 -270
  526. data/conf/auth.conf +0 -150
  527. data/lib/puppet/application/cert.rb +0 -76
  528. data/lib/puppet/application/key.rb +0 -4
  529. data/lib/puppet/application/man.rb +0 -4
  530. data/lib/puppet/application/status.rb +0 -4
  531. data/lib/puppet/face/key.rb +0 -16
  532. data/lib/puppet/face/man.rb +0 -145
  533. data/lib/puppet/face/module/build.rb +0 -14
  534. data/lib/puppet/face/module/generate.rb +0 -14
  535. data/lib/puppet/face/module/search.rb +0 -103
  536. data/lib/puppet/face/status.rb +0 -51
  537. data/lib/puppet/indirector/certificate/file.rb +0 -9
  538. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  539. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  540. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  541. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  542. data/lib/puppet/indirector/file_content/http.rb +0 -22
  543. data/lib/puppet/indirector/key/file.rb +0 -46
  544. data/lib/puppet/indirector/key/memory.rb +0 -7
  545. data/lib/puppet/indirector/ssl_file.rb +0 -162
  546. data/lib/puppet/indirector/status.rb +0 -3
  547. data/lib/puppet/indirector/status/local.rb +0 -12
  548. data/lib/puppet/indirector/status/rest.rb +0 -27
  549. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  550. data/lib/puppet/network/auth_config_parser.rb +0 -90
  551. data/lib/puppet/network/authstore.rb +0 -283
  552. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  553. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -85
  554. data/lib/puppet/network/http/base_pool.rb +0 -36
  555. data/lib/puppet/network/http/compression.rb +0 -127
  556. data/lib/puppet/network/http/connection_adapter.rb +0 -182
  557. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  558. data/lib/puppet/network/rest_controller.rb +0 -2
  559. data/lib/puppet/network/rights.rb +0 -210
  560. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -64
  561. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -20
  562. data/lib/puppet/parser/environment_compiler.rb +0 -199
  563. data/lib/puppet/pops/types/enumeration.rb +0 -16
  564. data/lib/puppet/resource/capability_finder.rb +0 -154
  565. data/lib/puppet/rest/errors.rb +0 -15
  566. data/lib/puppet/rest/response.rb +0 -35
  567. data/lib/puppet/rest/route.rb +0 -85
  568. data/lib/puppet/rest/routes.rb +0 -135
  569. data/lib/puppet/ssl/host.rb +0 -505
  570. data/lib/puppet/ssl/key.rb +0 -61
  571. data/lib/puppet/ssl/validator.rb +0 -61
  572. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  573. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  574. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  575. data/lib/puppet/status.rb +0 -40
  576. data/lib/puppet/util/connection.rb +0 -88
  577. data/lib/puppet/util/ssl.rb +0 -83
  578. data/lib/puppet/util/windows/api_types.rb +0 -282
  579. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  580. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  581. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  582. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  583. data/lib/puppet/vendor/pathspec/README.md +0 -53
  584. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  585. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  586. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  587. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  588. data/man/man8/puppet-key.8 +0 -126
  589. data/man/man8/puppet-man.8 +0 -76
  590. data/man/man8/puppet-status.8 +0 -108
  591. data/spec/integration/faces/config_spec.rb +0 -91
  592. data/spec/integration/faces/documentation_spec.rb +0 -57
  593. data/spec/integration/file_bucket/file_spec.rb +0 -50
  594. data/spec/integration/file_serving/content_spec.rb +0 -7
  595. data/spec/integration/file_serving/fileset_spec.rb +0 -12
  596. data/spec/integration/file_serving/metadata_spec.rb +0 -8
  597. data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
  598. data/spec/integration/file_system/uniquefile_spec.rb +0 -26
  599. data/spec/integration/module_tool/forge_spec.rb +0 -51
  600. data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
  601. data/spec/integration/network/authconfig_spec.rb +0 -256
  602. data/spec/integration/provider/service/init_spec.rb +0 -48
  603. data/spec/integration/provider/service/systemd_spec.rb +0 -25
  604. data/spec/integration/provider/service/windows_spec.rb +0 -50
  605. data/spec/integration/reference/providers_spec.rb +0 -21
  606. data/spec/integration/reports_spec.rb +0 -13
  607. data/spec/integration/ssl/certificate_request_spec.rb +0 -44
  608. data/spec/integration/ssl/host_spec.rb +0 -72
  609. data/spec/integration/ssl/key_spec.rb +0 -99
  610. data/spec/integration/test/test_helper_spec.rb +0 -31
  611. data/spec/shared_behaviours/file_serving_model.rb +0 -51
  612. data/spec/unit/capability_spec.rb +0 -414
  613. data/spec/unit/face/catalog_spec.rb +0 -6
  614. data/spec/unit/face/key_spec.rb +0 -9
  615. data/spec/unit/face/man_spec.rb +0 -25
  616. data/spec/unit/face/module/search_spec.rb +0 -231
  617. data/spec/unit/face/module_spec.rb +0 -3
  618. data/spec/unit/face/status_spec.rb +0 -9
  619. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  620. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  621. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  622. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  623. data/spec/unit/indirector/key/file_spec.rb +0 -79
  624. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  625. data/spec/unit/indirector/status/local_spec.rb +0 -10
  626. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  627. data/spec/unit/man_spec.rb +0 -31
  628. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  629. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  630. data/spec/unit/network/authstore_spec.rb +0 -422
  631. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  632. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  633. data/spec/unit/network/http/compression_spec.rb +0 -240
  634. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  635. data/spec/unit/network/http_spec.rb +0 -9
  636. data/spec/unit/network/rights_spec.rb +0 -439
  637. data/spec/unit/parser/environment_compiler_spec.rb +0 -723
  638. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  639. data/spec/unit/resource/capability_finder_spec.rb +0 -143
  640. data/spec/unit/rest/route_spec.rb +0 -132
  641. data/spec/unit/ssl/host_spec.rb +0 -650
  642. data/spec/unit/ssl/key_spec.rb +0 -173
  643. data/spec/unit/ssl/validator_spec.rb +0 -278
  644. data/spec/unit/status_spec.rb +0 -45
  645. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -38,9 +38,8 @@ describe Puppet::SSL::Certificate do
38
38
 
39
39
  describe "when determining a name from a certificate subject" do
40
40
  it "should extract only the CN and not any other components" do
41
- subject = double('sub')
42
- expect(Puppet::Util::SSL).to receive(:cn_from_subject).with(subject).and_return('host.domain.com')
43
- expect(@class.name_from_subject(subject)).to eq('host.domain.com')
41
+ name = OpenSSL::X509::Name.parse('/CN=host.domain.com/L=Portland/ST=Oregon')
42
+ expect(@class.name_from_subject(name)).to eq('host.domain.com')
44
43
  end
45
44
  end
46
45
 
@@ -90,4 +89,38 @@ describe Puppet::SSL::Certificate do
90
89
  }.to raise_error(Puppet::Error, "Unknown signature algorithm 'nonsense'")
91
90
  end
92
91
  end
92
+
93
+ describe "when getting a CN from a subject" do
94
+ def parse(dn)
95
+ OpenSSL::X509::Name.parse(dn)
96
+ end
97
+
98
+ def cn_from(subject)
99
+ @class.name_from_subject(subject)
100
+ end
101
+
102
+ it "should correctly parse a subject containing only a CN" do
103
+ subj = parse('/CN=foo')
104
+ expect(cn_from(subj)).to eq('foo')
105
+ end
106
+
107
+ it "should correctly parse a subject containing other components" do
108
+ subj = parse('/CN=Root CA/OU=Server Operations/O=Example Org')
109
+ expect(cn_from(subj)).to eq('Root CA')
110
+ end
111
+
112
+ it "should correctly parse a subject containing other components with CN not first" do
113
+ subj = parse('/emailAddress=foo@bar.com/CN=foo.bar.com/O=Example Org')
114
+ expect(cn_from(subj)).to eq('foo.bar.com')
115
+ end
116
+
117
+ it "should return nil for a subject with no CN" do
118
+ subj = parse('/OU=Server Operations/O=Example Org')
119
+ expect(cn_from(subj)).to eq(nil)
120
+ end
121
+
122
+ it "should return nil for a bare string" do
123
+ expect(cn_from("/CN=foo")).to eq(nil)
124
+ end
125
+ end
93
126
  end
@@ -1,23 +1,10 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  require 'puppet/ssl/certificate_request'
4
- require 'puppet/ssl/key'
5
4
 
6
5
  describe Puppet::SSL::CertificateRequest do
7
6
  let(:request) { described_class.new("myname") }
8
- let(:key) {
9
- k = Puppet::SSL::Key.new("myname")
10
- k.generate
11
- k
12
- }
13
-
14
- it "should be extended with the Indirector module" do
15
- expect(described_class.singleton_class).to be_include(Puppet::Indirector)
16
- end
17
-
18
- it "should indirect certificate_request" do
19
- expect(described_class.indirection.name).to eq(:certificate_request)
20
- end
7
+ let(:key) { OpenSSL::PKey::RSA.new(Puppet[:keylength]) }
21
8
 
22
9
  it "should use any provided name as its name" do
23
10
  expect(described_class.new("myname").name).to eq("myname")
@@ -83,14 +70,9 @@ describe Puppet::SSL::CertificateRequest do
83
70
  end
84
71
 
85
72
  describe "when generating", :unless => RUBY_PLATFORM == 'java' do
86
- it "should use the content of the provided key if the key is a Puppet::SSL::Key instance" do
73
+ it "should verify the CSR using the public key associated with the private key" do
87
74
  request.generate(key)
88
- expect(request.content.verify(key.content.public_key)).to be_truthy
89
- end
90
-
91
- it "should set the subject to [CN, name]" do
92
- request.generate(key)
93
- expect(request.content.subject).to eq OpenSSL::X509::Name.new([['CN', key.name]])
75
+ expect(request.content.verify(key.public_key)).to be_truthy
94
76
  end
95
77
 
96
78
  it "should set the version to 0" do
@@ -101,7 +83,7 @@ describe Puppet::SSL::CertificateRequest do
101
83
  it "should set the public key to the provided key's public key" do
102
84
  request.generate(key)
103
85
  # The openssl bindings do not define equality on keys so we use to_s
104
- expect(request.content.public_key.to_s).to eq(key.content.public_key.to_s)
86
+ expect(request.content.public_key.to_s).to eq(key.public_key.to_s)
105
87
  end
106
88
 
107
89
  context "without subjectAltName / dns_alt_names" do
@@ -295,20 +277,20 @@ describe Puppet::SSL::CertificateRequest do
295
277
 
296
278
  it "should sign the csr with the provided key" do
297
279
  request.generate(key)
298
- expect(request.content.verify(key.content.public_key)).to be_truthy
280
+ expect(request.content.verify(key.public_key)).to be_truthy
299
281
  end
300
282
 
301
283
  it "should verify the generated request using the public key" do
302
284
  # Stupid keys don't have a competent == method.
303
285
  expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
304
- public_key.to_s == key.content.public_key.to_s
286
+ public_key.to_s == key.public_key.to_s
305
287
  end.and_return(true)
306
288
  request.generate(key)
307
289
  end
308
290
 
309
291
  it "should fail if verification fails" do
310
292
  expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
311
- public_key.to_s == key.content.public_key.to_s
293
+ public_key.to_s == key.public_key.to_s
312
294
  end.and_return(false)
313
295
 
314
296
  expect do
@@ -334,8 +316,8 @@ describe Puppet::SSL::CertificateRequest do
334
316
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
335
317
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(true)
336
318
  signer = Puppet::SSL::CertificateSigner.new
337
- signer.sign(csr, key.content)
338
- expect(csr.verify(key.content)).to be_truthy
319
+ signer.sign(csr, key)
320
+ expect(csr.verify(key)).to be_truthy
339
321
  end
340
322
 
341
323
  # Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
@@ -348,8 +330,8 @@ describe Puppet::SSL::CertificateRequest do
348
330
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
349
331
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(true)
350
332
  signer = Puppet::SSL::CertificateSigner.new
351
- signer.sign(csr, key.content)
352
- expect(csr.verify(key.content)).to be_truthy
333
+ signer.sign(csr, key)
334
+ expect(csr.verify(key)).to be_truthy
353
335
  end
354
336
 
355
337
  # Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
@@ -363,8 +345,8 @@ describe Puppet::SSL::CertificateRequest do
363
345
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(false)
364
346
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(true)
365
347
  signer = Puppet::SSL::CertificateSigner.new
366
- signer.sign(csr, key.content)
367
- expect(csr.verify(key.content)).to be_truthy
348
+ signer.sign(csr, key)
349
+ expect(csr.verify(key)).to be_truthy
368
350
  end
369
351
 
370
352
  it "should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available" do
@@ -375,8 +357,8 @@ describe Puppet::SSL::CertificateRequest do
375
357
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(false)
376
358
  expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA224").and_return(true)
377
359
  signer = Puppet::SSL::CertificateSigner.new
378
- signer.sign(csr, key.content)
379
- expect(csr.verify(key.content)).to be_truthy
360
+ signer.sign(csr, key)
361
+ expect(csr.verify(key)).to be_truthy
380
362
  end
381
363
 
382
364
  it "should raise an error if neither SHA256/SHA1/SHA512/SHA384/SHA224 are available" do
@@ -390,16 +372,4 @@ describe Puppet::SSL::CertificateRequest do
390
372
  }.to raise_error(Puppet::Error)
391
373
  end
392
374
  end
393
-
394
- it "should save the CSR" do
395
- csr = Puppet::SSL::CertificateRequest.new("me")
396
- terminus = double('terminus')
397
- allow(terminus).to receive(:validate)
398
- expect(Puppet::SSL::CertificateRequest.indirection).to receive(:prepare).and_return(terminus)
399
- expect(terminus).to receive(:save) do |request|
400
- expect(request.instance).to eq(csr)
401
- expect(request.key).to eq("me")
402
- end
403
- Puppet::SSL::CertificateRequest.indirection.save(csr)
404
- end
405
375
  end
@@ -4,7 +4,7 @@ require 'puppet/certificate_factory'
4
4
  require 'puppet/ssl/certificate'
5
5
 
6
6
  describe Puppet::SSL::Certificate do
7
- let :key do Puppet::SSL::Key.new("test.localdomain").generate end
7
+ let :key do OpenSSL::PKey::RSA.new(Puppet[:keylength]) end
8
8
 
9
9
  # Sign the provided cert so that it can be DER-decoded later
10
10
  def sign_wrapped_cert(cert)
@@ -16,14 +16,6 @@ describe Puppet::SSL::Certificate do
16
16
  @class = Puppet::SSL::Certificate
17
17
  end
18
18
 
19
- it "should be extended with the Indirector module" do
20
- expect(@class.singleton_class).to be_include(Puppet::Indirector)
21
- end
22
-
23
- it "should indirect certificate" do
24
- expect(@class.indirection.name).to eq(:certificate)
25
- end
26
-
27
19
  it "should only support the text format" do
28
20
  expect(@class.supported_formats).to eq([:s])
29
21
  end
@@ -82,8 +74,7 @@ describe Puppet::SSL::Certificate do
82
74
 
83
75
  describe "when managing instances" do
84
76
  def build_cert(opts)
85
- key = Puppet::SSL::Key.new('quux')
86
- key.generate
77
+ key = OpenSSL::PKey::RSA.new(Puppet[:keylength])
87
78
  csr = Puppet::SSL::CertificateRequest.new('quux')
88
79
  csr.generate(key, opts)
89
80
 
@@ -42,20 +42,20 @@ describe Puppet::SSL::SSLProvider do
42
42
  let(:config) { { cacerts: [], crls: [], revocation: false } }
43
43
 
44
44
  it 'accepts empty list of certs and crls' do
45
- sslctx = subject.create_root_context(config)
45
+ sslctx = subject.create_root_context(**config)
46
46
  expect(sslctx.cacerts).to eq([])
47
47
  expect(sslctx.crls).to eq([])
48
48
  end
49
49
 
50
50
  it 'accepts valid root certs' do
51
51
  certs = [cert_fixture('ca.pem')]
52
- sslctx = subject.create_root_context(config.merge(cacerts: certs))
52
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs))
53
53
  expect(sslctx.cacerts).to eq(certs)
54
54
  end
55
55
 
56
56
  it 'accepts valid intermediate certs' do
57
57
  certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
58
- sslctx = subject.create_root_context(config.merge(cacerts: certs))
58
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs))
59
59
  expect(sslctx.cacerts).to eq(certs)
60
60
  end
61
61
 
@@ -63,19 +63,19 @@ describe Puppet::SSL::SSLProvider do
63
63
  expired = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
64
64
  expired.each { |x509| x509.not_after = Time.at(0) }
65
65
 
66
- sslctx = subject.create_root_context(config.merge(cacerts: expired))
66
+ sslctx = subject.create_root_context(**config.merge(cacerts: expired))
67
67
  expect(sslctx.cacerts).to eq(expired)
68
68
  end
69
69
 
70
70
  it 'raises if the frozen context is modified' do
71
- sslctx = subject.create_root_context(config)
71
+ sslctx = subject.create_root_context(**config)
72
72
  expect {
73
73
  sslctx.verify_peer = false
74
74
  }.to raise_error(/can't modify frozen/)
75
75
  end
76
76
 
77
77
  it 'verifies peer' do
78
- sslctx = subject.create_root_context(config)
78
+ sslctx = subject.create_root_context(**config)
79
79
  expect(sslctx.verify_peer).to eq(true)
80
80
  end
81
81
  end
@@ -134,6 +134,32 @@ describe Puppet::SSL::SSLProvider do
134
134
  expect(sslctx.client_cert).to be_nil
135
135
  expect(sslctx.private_key).to be_nil
136
136
  end
137
+
138
+ it 'trusts additional system certs' do
139
+ path = tmpfile('system_cacerts')
140
+ File.write(path, cert_fixture('ca.pem').to_pem)
141
+
142
+ expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
143
+
144
+ subject.create_system_context(cacerts: [], path: path)
145
+ end
146
+
147
+ it 'ignores empty files' do
148
+ path = tmpfile('system_cacerts')
149
+ FileUtils.touch(path)
150
+
151
+ subject.create_system_context(cacerts: [], path: path)
152
+
153
+ expect(@logs).to eq([])
154
+ end
155
+
156
+ it 'prints an error if it is not a file' do
157
+ path = tmpdir('system_cacerts')
158
+
159
+ subject.create_system_context(cacerts: [], path: path)
160
+
161
+ expect(@logs).to include(an_object_having_attributes(level: :warning, message: /^The 'ssl_trust_store' setting does not refer to a file and will be ignored/))
162
+ end
137
163
  end
138
164
 
139
165
  context 'when creating an ssl context with crls' do
@@ -142,14 +168,14 @@ describe Puppet::SSL::SSLProvider do
142
168
  it 'accepts valid CRLs' do
143
169
  certs = [cert_fixture('ca.pem')]
144
170
  crls = [crl_fixture('crl.pem')]
145
- sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
171
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
146
172
  expect(sslctx.crls).to eq(crls)
147
173
  end
148
174
 
149
175
  it 'accepts valid CRLs for intermediate certs' do
150
176
  certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
151
177
  crls = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
152
- sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
178
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
153
179
  expect(sslctx.crls).to eq(crls)
154
180
  end
155
181
 
@@ -157,12 +183,12 @@ describe Puppet::SSL::SSLProvider do
157
183
  expired = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
158
184
  expired.each { |x509| x509.last_update = Time.at(0) }
159
185
 
160
- sslctx = subject.create_root_context(config.merge(crls: expired))
186
+ sslctx = subject.create_root_context(**config.merge(crls: expired))
161
187
  expect(sslctx.crls).to eq(expired)
162
188
  end
163
189
 
164
190
  it 'verifies peer' do
165
- sslctx = subject.create_root_context(config)
191
+ sslctx = subject.create_root_context(**config)
166
192
  expect(sslctx.verify_peer).to eq(true)
167
193
  end
168
194
  end
@@ -174,49 +200,49 @@ describe Puppet::SSL::SSLProvider do
174
200
 
175
201
  it 'raises if CA certs are missing' do
176
202
  expect {
177
- subject.create_context(config.merge(cacerts: nil))
203
+ subject.create_context(**config.merge(cacerts: nil))
178
204
  }.to raise_error(ArgumentError, /CA certs are missing/)
179
205
  end
180
206
 
181
207
  it 'raises if CRLs are are missing' do
182
208
  expect {
183
- subject.create_context(config.merge(crls: nil))
209
+ subject.create_context(**config.merge(crls: nil))
184
210
  }.to raise_error(ArgumentError, /CRLs are missing/)
185
211
  end
186
212
 
187
213
  it 'raises if private key is missing' do
188
214
  expect {
189
- subject.create_context(config.merge(private_key: nil))
215
+ subject.create_context(**config.merge(private_key: nil))
190
216
  }.to raise_error(ArgumentError, /Private key is missing/)
191
217
  end
192
218
 
193
219
  it 'raises if client cert is missing' do
194
220
  expect {
195
- subject.create_context(config.merge(client_cert: nil))
221
+ subject.create_context(**config.merge(client_cert: nil))
196
222
  }.to raise_error(ArgumentError, /Client cert is missing/)
197
223
  end
198
224
 
199
225
  it 'accepts RSA keys' do
200
- sslctx = subject.create_context(config)
226
+ sslctx = subject.create_context(**config)
201
227
  expect(sslctx.private_key).to eq(private_key)
202
228
  end
203
229
 
204
230
  it 'accepts EC keys' do
205
231
  ec_key = ec_key_fixture('ec-key.pem')
206
232
  ec_cert = cert_fixture('ec.pem')
207
- sslctx = subject.create_context(config.merge(client_cert: ec_cert, private_key: ec_key))
233
+ sslctx = subject.create_context(**config.merge(client_cert: ec_cert, private_key: ec_key))
208
234
  expect(sslctx.private_key).to eq(ec_key)
209
235
  end
210
236
 
211
237
  it 'raises if private key is unsupported' do
212
238
  dsa_key = OpenSSL::PKey::DSA.new
213
239
  expect {
214
- subject.create_context(config.merge(private_key: dsa_key))
240
+ subject.create_context(**config.merge(private_key: dsa_key))
215
241
  }.to raise_error(Puppet::SSL::SSLError, /Unsupported key 'OpenSSL::PKey::DSA'/)
216
242
  end
217
243
 
218
244
  it 'resolves the client chain from leaf to root' do
219
- sslctx = subject.create_context(config)
245
+ sslctx = subject.create_context(**config)
220
246
  expect(
221
247
  sslctx.client_chain.map(&:subject).map(&:to_utf8)
222
248
  ).to eq(['CN=signed', 'CN=Test CA Subauthority', 'CN=Test CA'])
@@ -225,34 +251,37 @@ describe Puppet::SSL::SSLProvider do
225
251
  it 'raises if client cert signature is invalid' do
226
252
  client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
227
253
  expect {
228
- subject.create_context(config.merge(client_cert: client_cert))
254
+ subject.create_context(**config.merge(client_cert: client_cert))
229
255
  }.to raise_error(Puppet::SSL::CertVerifyError,
230
256
  "Invalid signature for certificate 'CN=signed'")
231
257
  end
232
258
 
233
259
  it 'raises if client cert and private key are mismatched' do
234
260
  expect {
235
- subject.create_context(config.merge(private_key: wrong_key))
261
+ subject.create_context(**config.merge(private_key: wrong_key))
236
262
  }.to raise_error(Puppet::SSL::SSLError,
237
263
  "The certificate for 'CN=signed' does not match its private key")
238
264
  end
239
265
 
240
266
  it "raises if client cert's public key has been replaced" do
241
267
  expect {
242
- subject.create_context(config.merge(client_cert: cert_fixture('tampered-cert.pem')))
268
+ subject.create_context(**config.merge(client_cert: cert_fixture('tampered-cert.pem')))
243
269
  }.to raise_error(Puppet::SSL::CertVerifyError,
244
270
  "Invalid signature for certificate 'CN=signed'")
245
271
  end
246
272
 
247
273
  # This option is only available in openssl 1.1
248
- it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
249
- ca = global_cacerts.first
250
- ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
274
+ # TODO PUP-10689 behavior changed in openssl 1.1.1h
275
+ if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') < 0
276
+ it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
277
+ ca = global_cacerts.first
278
+ ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
251
279
 
252
- expect {
253
- subject.create_context(config.merge(cacerts: global_cacerts))
254
- }.to raise_error(Puppet::SSL::CertVerifyError,
255
- "Invalid signature for certificate 'CN=Test CA'")
280
+ expect {
281
+ subject.create_context(**config.merge(cacerts: global_cacerts))
282
+ }.to raise_error(Puppet::SSL::CertVerifyError,
283
+ "Invalid signature for certificate 'CN=Test CA'")
284
+ end
256
285
  end
257
286
 
258
287
  it 'raises if intermediate CA signature is invalid' do
@@ -260,7 +289,7 @@ describe Puppet::SSL::SSLProvider do
260
289
  int.sign(wrong_key, OpenSSL::Digest::SHA256.new)
261
290
 
262
291
  expect {
263
- subject.create_context(config.merge(cacerts: global_cacerts))
292
+ subject.create_context(**config.merge(cacerts: global_cacerts))
264
293
  }.to raise_error(Puppet::SSL::CertVerifyError,
265
294
  "Invalid signature for certificate 'CN=Test CA Subauthority'")
266
295
  end
@@ -270,7 +299,7 @@ describe Puppet::SSL::SSLProvider do
270
299
  crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
271
300
 
272
301
  expect {
273
- subject.create_context(config.merge(crls: global_crls))
302
+ subject.create_context(**config.merge(crls: global_crls))
274
303
  }.to raise_error(Puppet::SSL::CertVerifyError,
275
304
  "Invalid signature for CRL issued by 'CN=Test CA'")
276
305
  end
@@ -280,14 +309,14 @@ describe Puppet::SSL::SSLProvider do
280
309
  crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
281
310
 
282
311
  expect {
283
- subject.create_context(config.merge(crls: global_crls))
312
+ subject.create_context(**config.merge(crls: global_crls))
284
313
  }.to raise_error(Puppet::SSL::CertVerifyError,
285
314
  "Invalid signature for CRL issued by 'CN=Test CA Subauthority'")
286
315
  end
287
316
 
288
317
  it 'raises if client cert is revoked' do
289
318
  expect {
290
- subject.create_context(config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
319
+ subject.create_context(**config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
291
320
  }.to raise_error(Puppet::SSL::CertVerifyError,
292
321
  "Certificate 'CN=revoked' is revoked")
293
322
  end
@@ -295,12 +324,12 @@ describe Puppet::SSL::SSLProvider do
295
324
  it 'warns if intermediate issuer is missing' do
296
325
  expect(Puppet).to receive(:warning).with("The issuer 'CN=Test CA Subauthority' of certificate 'CN=signed' cannot be found locally")
297
326
 
298
- subject.create_context(config.merge(cacerts: [cert_fixture('ca.pem')]))
327
+ subject.create_context(**config.merge(cacerts: [cert_fixture('ca.pem')]))
299
328
  end
300
329
 
301
330
  it 'raises if root issuer is missing' do
302
331
  expect {
303
- subject.create_context(config.merge(cacerts: [cert_fixture('intermediate.pem')]))
332
+ subject.create_context(**config.merge(cacerts: [cert_fixture('intermediate.pem')]))
304
333
  }.to raise_error(Puppet::SSL::CertVerifyError,
305
334
  "The issuer 'CN=Test CA' of certificate 'CN=Test CA Subauthority' is missing")
306
335
  end
@@ -308,7 +337,7 @@ describe Puppet::SSL::SSLProvider do
308
337
  it 'raises if cert is not valid yet', unless: Puppet::Util::Platform.jruby? do
309
338
  client_cert.not_before = Time.now + (5 * 60 * 60)
310
339
  expect {
311
- subject.create_context(config.merge(client_cert: client_cert))
340
+ subject.create_context(**config.merge(client_cert: client_cert))
312
341
  }.to raise_error(Puppet::SSL::CertVerifyError,
313
342
  "The certificate 'CN=signed' is not yet valid, verify time is synchronized")
314
343
  end
@@ -316,7 +345,7 @@ describe Puppet::SSL::SSLProvider do
316
345
  it 'raises if cert is expired', unless: Puppet::Util::Platform.jruby? do
317
346
  client_cert.not_after = Time.at(0)
318
347
  expect {
319
- subject.create_context(config.merge(client_cert: client_cert))
348
+ subject.create_context(**config.merge(client_cert: client_cert))
320
349
  }.to raise_error(Puppet::SSL::CertVerifyError,
321
350
  "The certificate 'CN=signed' has expired, verify time is synchronized")
322
351
  end
@@ -327,7 +356,7 @@ describe Puppet::SSL::SSLProvider do
327
356
  future_crls.first.last_update = Time.now + (5 * 60 * 60)
328
357
 
329
358
  expect {
330
- subject.create_context(config.merge(crls: future_crls))
359
+ subject.create_context(**config.merge(crls: future_crls))
331
360
  }.to raise_error(Puppet::SSL::CertVerifyError,
332
361
  "The CRL issued by 'CN=Test CA' is not yet valid, verify time is synchronized")
333
362
  end
@@ -338,7 +367,7 @@ describe Puppet::SSL::SSLProvider do
338
367
  past_crls.first.next_update = Time.at(0)
339
368
 
340
369
  expect {
341
- subject.create_context(config.merge(crls: past_crls))
370
+ subject.create_context(**config.merge(crls: past_crls))
342
371
  }.to raise_error(Puppet::SSL::CertVerifyError,
343
372
  "The CRL issued by 'CN=Test CA' has expired, verify time is synchronized")
344
373
  end
@@ -346,7 +375,7 @@ describe Puppet::SSL::SSLProvider do
346
375
  it 'raises if the root CRL is missing' do
347
376
  crls = [crl_fixture('intermediate-crl.pem')]
348
377
  expect {
349
- subject.create_context(config.merge(crls: crls, revocation: :chain))
378
+ subject.create_context(**config.merge(crls: crls, revocation: :chain))
350
379
  }.to raise_error(Puppet::SSL::CertVerifyError,
351
380
  "The CRL issued by 'CN=Test CA' is missing")
352
381
  end
@@ -354,23 +383,23 @@ describe Puppet::SSL::SSLProvider do
354
383
  it 'raises if the intermediate CRL is missing' do
355
384
  crls = [crl_fixture('crl.pem')]
356
385
  expect {
357
- subject.create_context(config.merge(crls: crls))
386
+ subject.create_context(**config.merge(crls: crls))
358
387
  }.to raise_error(Puppet::SSL::CertVerifyError,
359
388
  "The CRL issued by 'CN=Test CA Subauthority' is missing")
360
389
  end
361
390
 
362
391
  it "doesn't raise if the root CRL is missing and we're just checking the leaf" do
363
392
  crls = [crl_fixture('intermediate-crl.pem')]
364
- subject.create_context(config.merge(crls: crls, revocation: :leaf))
393
+ subject.create_context(**config.merge(crls: crls, revocation: :leaf))
365
394
  end
366
395
 
367
396
  it "doesn't raise if the intermediate CRL is missing and revocation checking is disabled" do
368
397
  crls = [crl_fixture('crl.pem')]
369
- subject.create_context(config.merge(crls: crls, revocation: false))
398
+ subject.create_context(**config.merge(crls: crls, revocation: false))
370
399
  end
371
400
 
372
401
  it "doesn't raise if both CRLs are missing and revocation checking is disabled" do
373
- subject.create_context(config.merge(crls: [], revocation: false))
402
+ subject.create_context(**config.merge(crls: [], revocation: false))
374
403
  end
375
404
 
376
405
  # OpenSSL < 1.1 does not verify basicConstraints
@@ -378,7 +407,7 @@ describe Puppet::SSL::SSLProvider do
378
407
  certs = [cert_fixture('bad-basic-constraints.pem'), cert_fixture('intermediate.pem')]
379
408
 
380
409
  expect {
381
- subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
410
+ subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
382
411
  }.to raise_error(Puppet::SSL::CertVerifyError,
383
412
  "Certificate 'CN=Test CA' failed verification (24): invalid CA certificate")
384
413
  end
@@ -388,32 +417,32 @@ describe Puppet::SSL::SSLProvider do
388
417
  certs = [cert_fixture('ca.pem'), cert_fixture('bad-int-basic-constraints.pem')]
389
418
 
390
419
  expect {
391
- subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
420
+ subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
392
421
  }.to raise_error(Puppet::SSL::CertVerifyError,
393
422
  "Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate")
394
423
  end
395
424
 
396
425
  it 'accepts CA certs in any order' do
397
- sslctx = subject.create_context(config.merge(cacerts: global_cacerts.reverse))
426
+ sslctx = subject.create_context(**config.merge(cacerts: global_cacerts.reverse))
398
427
  # certs in ruby+openssl 1.0.x are not comparable, so compare subjects
399
428
  expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
400
429
  end
401
430
 
402
431
  it 'accepts CRLs in any order' do
403
- sslctx = subject.create_context(config.merge(crls: global_crls.reverse))
432
+ sslctx = subject.create_context(**config.merge(crls: global_crls.reverse))
404
433
  # certs in ruby+openssl 1.0.x are not comparable, so compare subjects
405
434
  expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
406
435
  end
407
436
 
408
437
  it 'raises if the frozen context is modified' do
409
- sslctx = subject.create_context(config)
438
+ sslctx = subject.create_context(**config)
410
439
  expect {
411
440
  sslctx.verify_peer = false
412
441
  }.to raise_error(/can't modify frozen/)
413
442
  end
414
443
 
415
444
  it 'verifies peer' do
416
- sslctx = subject.create_context(config)
445
+ sslctx = subject.create_context(**config)
417
446
  expect(sslctx.verify_peer).to eq(true)
418
447
  end
419
448
  end