puppet 6.3.0-x64-mingw32 → 6.4.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +30 -0
- data/Gemfile.lock +9 -9
- data/lib/puppet.rb +13 -0
- data/lib/puppet/application/agent.rb +8 -12
- data/lib/puppet/application/device.rb +2 -3
- data/lib/puppet/application/filebucket.rb +6 -1
- data/lib/puppet/application/ssl.rb +102 -55
- data/lib/puppet/configurer.rb +8 -7
- data/lib/puppet/defaults.rb +3 -1
- data/lib/puppet/file_system.rb +24 -4
- data/lib/puppet/file_system/file_impl.rb +25 -0
- data/lib/puppet/file_system/jruby.rb +23 -0
- data/lib/puppet/file_system/windows.rb +84 -0
- data/lib/puppet/indirector/rest.rb +4 -2
- data/lib/puppet/loaders.rb +1 -0
- data/lib/puppet/network/http.rb +1 -0
- data/lib/puppet/network/http/base_pool.rb +18 -0
- data/lib/puppet/network/http/connection.rb +49 -17
- data/lib/puppet/network/http/nocache_pool.rb +9 -4
- data/lib/puppet/network/http/pool.rb +10 -11
- data/lib/puppet/network/http/session.rb +3 -2
- data/lib/puppet/network/http_pool.rb +32 -0
- data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
- data/lib/puppet/pops/loader/loader_paths.rb +46 -10
- data/lib/puppet/pops/loader/module_loaders.rb +10 -3
- data/lib/puppet/provider/file/windows.rb +49 -1
- data/lib/puppet/provider/package/windows.rb +5 -1
- data/lib/puppet/reports/http.rb +2 -1
- data/lib/puppet/rest/client.rb +7 -3
- data/lib/puppet/rest/routes.rb +9 -44
- data/lib/puppet/ssl.rb +6 -0
- data/lib/puppet/ssl/error.rb +26 -0
- data/lib/puppet/ssl/host.rb +9 -92
- data/lib/puppet/ssl/ssl_context.rb +30 -0
- data/lib/puppet/ssl/ssl_provider.rb +232 -0
- data/lib/puppet/ssl/state_machine.rb +261 -0
- data/lib/puppet/ssl/validator.rb +1 -0
- data/lib/puppet/ssl/validator/default_validator.rb +1 -0
- data/lib/puppet/ssl/validator/no_validator.rb +2 -0
- data/lib/puppet/ssl/verifier.rb +134 -0
- data/lib/puppet/ssl/verifier_adapter.rb +48 -0
- data/lib/puppet/test/test_helper.rb +2 -1
- data/lib/puppet/type/exec.rb +30 -6
- data/lib/puppet/type/file/mode.rb +6 -1
- data/lib/puppet/type/file/source.rb +2 -2
- data/lib/puppet/type/filebucket.rb +12 -8
- data/lib/puppet/type/user.rb +14 -1
- data/lib/puppet/util/connection.rb +10 -5
- data/lib/puppet/util/feature.rb +11 -2
- data/lib/puppet/util/http_proxy.rb +3 -2
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/ssl.rb +1 -10
- data/lib/puppet/util/windows/security.rb +29 -8
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +7 -0
- data/lib/puppet/x509/cert_provider.rb +286 -0
- data/lib/puppet/x509/pem_store.rb +55 -0
- data/locales/ja/puppet.po +740 -590
- data/locales/puppet.pot +433 -208
- data/man/man5/puppet.conf.5 +6 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +6 -2
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/bad-basic-constraints.pem +59 -0
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +59 -0
- data/spec/fixtures/ssl/ca.pem +59 -0
- data/spec/fixtures/ssl/crl.pem +30 -0
- data/spec/fixtures/ssl/encrypted-key.pem +70 -0
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +31 -0
- data/spec/fixtures/ssl/intermediate-agent.pem +60 -0
- data/spec/fixtures/ssl/intermediate-crl.pem +36 -0
- data/spec/fixtures/ssl/intermediate.pem +60 -0
- data/spec/fixtures/ssl/netlock-arany-utf8.pem +23 -0
- data/spec/fixtures/ssl/pluto-key.pem +67 -0
- data/spec/fixtures/ssl/pluto.pem +44 -0
- data/spec/fixtures/ssl/request-key.pem +67 -0
- data/spec/fixtures/ssl/request.pem +39 -0
- data/spec/fixtures/ssl/revoked-key.pem +67 -0
- data/spec/fixtures/ssl/revoked.pem +44 -0
- data/spec/fixtures/ssl/signed-key.pem +67 -0
- data/spec/fixtures/ssl/signed.pem +44 -0
- data/spec/fixtures/ssl/tampered-cert.pem +44 -0
- data/spec/fixtures/ssl/tampered-csr.pem +39 -0
- data/spec/integration/network/http_pool_spec.rb +222 -0
- data/spec/integration/provider/file/windows_spec.rb +162 -0
- data/spec/integration/rest/client_spec.rb +73 -0
- data/spec/integration/type/file_spec.rb +0 -19
- data/spec/lib/puppet/test_ca.rb +87 -50
- data/spec/lib/puppet_spec/fixtures.rb +20 -0
- data/spec/lib/puppet_spec/https.rb +84 -0
- data/spec/unit/application/agent_spec.rb +29 -30
- data/spec/unit/application/device_spec.rb +12 -49
- data/spec/unit/application/ssl_spec.rb +24 -38
- data/spec/unit/configurer_spec.rb +11 -11
- data/spec/unit/file_system/uniquefile_spec.rb +6 -0
- data/spec/unit/file_system_spec.rb +214 -0
- data/spec/unit/indirector/rest_spec.rb +3 -3
- data/spec/unit/network/http/connection_spec.rb +30 -90
- data/spec/unit/network/http/factory_spec.rb +1 -0
- data/spec/unit/network/http/nocache_pool_spec.rb +8 -8
- data/spec/unit/network/http/pool_spec.rb +63 -33
- data/spec/unit/network/http/session_spec.rb +8 -1
- data/spec/unit/network/http_pool_spec.rb +36 -0
- data/spec/unit/pops/loaders/loader_spec.rb +26 -1
- data/spec/unit/provider/package/windows_spec.rb +12 -1
- data/spec/unit/reports/http_spec.rb +7 -7
- data/spec/unit/rest/client_spec.rb +4 -6
- data/spec/unit/ssl/host_spec.rb +39 -33
- data/spec/unit/ssl/ssl_provider_spec.rb +428 -0
- data/spec/unit/ssl/state_machine_spec.rb +502 -0
- data/spec/unit/ssl/verifier_spec.rb +123 -0
- data/spec/unit/type/exec_spec.rb +63 -0
- data/spec/unit/type/file/source_spec.rb +5 -5
- data/spec/unit/type/filebucket_spec.rb +8 -6
- data/spec/unit/util/feature_spec.rb +2 -2
- data/spec/unit/util/storage_spec.rb +19 -19
- data/spec/unit/x509/cert_provider_spec.rb +527 -0
- data/spec/unit/x509/pem_store_spec.rb +160 -0
- data/tasks/generate_cert_fixtures.rake +158 -0
- metadata +78 -4
- data/MAINTAINERS +0 -47
- data/lib/puppet/rest/ssl_context.rb +0 -13
@@ -335,21 +335,21 @@ describe Puppet::Indirector::REST do
|
|
335
335
|
@request = stub 'request', :key => "foo", :server => nil, :port => nil
|
336
336
|
terminus.class.expects(:port).returns 321
|
337
337
|
terminus.class.expects(:server).returns "myserver"
|
338
|
-
Puppet::Network::HttpPool.expects(:
|
338
|
+
Puppet::Network::HttpPool.expects(:connection).with('myserver', 321, anything).returns "myconn"
|
339
339
|
expect(terminus.network(@request)).to eq("myconn")
|
340
340
|
end
|
341
341
|
|
342
342
|
it "should use the server from the indirection request if one is present" do
|
343
343
|
@request = stub 'request', :key => "foo", :server => "myserver", :port => nil
|
344
344
|
terminus.class.stubs(:port).returns 321
|
345
|
-
Puppet::Network::HttpPool.expects(:
|
345
|
+
Puppet::Network::HttpPool.expects(:connection).with('myserver', 321, anything).returns "myconn"
|
346
346
|
expect(terminus.network(@request)).to eq("myconn")
|
347
347
|
end
|
348
348
|
|
349
349
|
it "should use the port from the indirection request if one is present" do
|
350
350
|
@request = stub 'request', :key => "foo", :server => nil, :port => 321
|
351
351
|
terminus.class.stubs(:server).returns "myserver"
|
352
|
-
Puppet::Network::HttpPool.expects(:
|
352
|
+
Puppet::Network::HttpPool.expects(:connection).with('myserver', 321, anything).returns "myconn"
|
353
353
|
expect(terminus.network(@request)).to eq("myconn")
|
354
354
|
end
|
355
355
|
end
|
@@ -26,8 +26,8 @@ describe Puppet::Network::HTTP::Connection do
|
|
26
26
|
expect(conn).to be_use_ssl
|
27
27
|
end
|
28
28
|
|
29
|
-
it "can disable ssl using an option" do
|
30
|
-
conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false
|
29
|
+
it "can disable ssl using an option and ignore the verify" do
|
30
|
+
conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false)
|
31
31
|
|
32
32
|
expect(conn).to_not be_use_ssl
|
33
33
|
end
|
@@ -38,9 +38,35 @@ describe Puppet::Network::HTTP::Connection do
|
|
38
38
|
expect(conn).to be_use_ssl
|
39
39
|
end
|
40
40
|
|
41
|
+
it "ignores the ':verify' option when ssl is disabled" do
|
42
|
+
conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false, :verify => Puppet::SSL::Validator.no_validator)
|
43
|
+
|
44
|
+
expect(conn.verifier).to be_nil
|
45
|
+
end
|
46
|
+
|
47
|
+
it "wraps the validator in an adapter" do
|
48
|
+
conn = Puppet::Network::HTTP::Connection.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
|
49
|
+
|
50
|
+
expect(conn.verifier).to be_a_kind_of(Puppet::SSL::VerifierAdapter)
|
51
|
+
end
|
52
|
+
|
41
53
|
it "should raise Puppet::Error when invalid options are specified" do
|
42
54
|
expect { Puppet::Network::HTTP::Connection.new(host, port, :invalid_option => nil) }.to raise_error(Puppet::Error, 'Unrecognized option(s): :invalid_option')
|
43
55
|
end
|
56
|
+
|
57
|
+
it "accepts a verifier" do
|
58
|
+
verifier = Puppet::SSL::Verifier.new('fqdn', stub('ssl_context'))
|
59
|
+
conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => true, :verifier => verifier)
|
60
|
+
|
61
|
+
expect(conn.verifier).to eq(verifier)
|
62
|
+
end
|
63
|
+
|
64
|
+
it "raises if the wrong verifier class is specified" do
|
65
|
+
expect {
|
66
|
+
Puppet::Network::HTTP::Connection.new(host, port, :verifier => Puppet::SSL::Validator.default_validator)
|
67
|
+
}.to raise_error(ArgumentError,
|
68
|
+
"Expected an instance of Puppet::SSL::Verifier but was passed a Puppet::SSL::Validator::DefaultValidator")
|
69
|
+
end
|
44
70
|
end
|
45
71
|
end
|
46
72
|
|
@@ -54,6 +80,8 @@ describe Puppet::Network::HTTP::Connection do
|
|
54
80
|
:request_post => "param: value" }.each do |method,body|
|
55
81
|
context "##{method}" do
|
56
82
|
it "should yield to the block" do
|
83
|
+
Net::HTTP.any_instance.stubs(method).yields.returns(httpok)
|
84
|
+
|
57
85
|
block_executed = false
|
58
86
|
subject.send(method, "/foo", body) do |response|
|
59
87
|
block_executed = true
|
@@ -64,94 +92,6 @@ describe Puppet::Network::HTTP::Connection do
|
|
64
92
|
end
|
65
93
|
end
|
66
94
|
|
67
|
-
shared_examples_for 'ssl verifier' do
|
68
|
-
include PuppetSpec::Files
|
69
|
-
|
70
|
-
let (:host) { "my_server" }
|
71
|
-
let (:port) { 8140 }
|
72
|
-
|
73
|
-
before :all do
|
74
|
-
WebMock.disable!
|
75
|
-
end
|
76
|
-
|
77
|
-
after :all do
|
78
|
-
WebMock.enable!
|
79
|
-
end
|
80
|
-
|
81
|
-
it "should provide a useful error message when one is available and certificate validation fails", :unless => Puppet::Util::Platform.windows? do
|
82
|
-
connection = Puppet::Network::HTTP::Connection.new(
|
83
|
-
host, port,
|
84
|
-
:verify => ConstantErrorValidator.new(:fails_with => 'certificate verify failed',
|
85
|
-
:error_string => 'shady looking signature'))
|
86
|
-
|
87
|
-
expect do
|
88
|
-
connection.get('request')
|
89
|
-
end.to raise_error(Puppet::Error, "certificate verify failed: [shady looking signature]")
|
90
|
-
end
|
91
|
-
|
92
|
-
it "should provide a helpful error message when hostname was not match with server certificate", :unless => Puppet::Util::Platform.windows? || RUBY_PLATFORM == 'java' do
|
93
|
-
Puppet[:confdir] = tmpdir('conf')
|
94
|
-
|
95
|
-
connection = Puppet::Network::HTTP::Connection.new(
|
96
|
-
host, port,
|
97
|
-
:verify => ConstantErrorValidator.new(
|
98
|
-
:fails_with => 'hostname was not match with server certificate',
|
99
|
-
:peer_certs => [Puppet::TestCa.new.generate('not_my_server',
|
100
|
-
:subject_alt_names => 'DNS:foo,DNS:bar,DNS:baz,DNS:not_my_server')[:cert]]))
|
101
|
-
|
102
|
-
expect do
|
103
|
-
connection.get('request')
|
104
|
-
end.to raise_error(Puppet::Error) do |error|
|
105
|
-
error.message =~ /\AServer hostname 'my_server' did not match server certificate; expected one of (.+)/
|
106
|
-
expect($1.split(', ')).to match_array(%w[DNS:foo DNS:bar DNS:baz DNS:not_my_server not_my_server])
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
|
-
it "should pass along the error message otherwise" do
|
111
|
-
connection = Puppet::Network::HTTP::Connection.new(
|
112
|
-
host, port,
|
113
|
-
:verify => ConstantErrorValidator.new(:fails_with => 'some other message'))
|
114
|
-
|
115
|
-
expect do
|
116
|
-
connection.get('request')
|
117
|
-
end.to raise_error(/some other message/)
|
118
|
-
end
|
119
|
-
|
120
|
-
it "should check all peer certificates for upcoming expiration", :unless => Puppet::Util::Platform.windows? || RUBY_PLATFORM == 'java' do
|
121
|
-
Puppet[:confdir] = tmpdir('conf')
|
122
|
-
cert = Puppet::TestCa.new.generate('server',
|
123
|
-
:subject_alt_names => 'DNS:foo,DNS:bar,DNS:baz,DNS:server')[:cert]
|
124
|
-
|
125
|
-
connection = Puppet::Network::HTTP::Connection.new(
|
126
|
-
host, port,
|
127
|
-
:verify => NoProblemsValidator.new(cert))
|
128
|
-
|
129
|
-
Net::HTTP.any_instance.stubs(:start)
|
130
|
-
Net::HTTP.any_instance.stubs(:request).returns(httpok)
|
131
|
-
Puppet::Network::HTTP::Pool.any_instance.stubs(:setsockopts)
|
132
|
-
|
133
|
-
connection.get('request')
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
context "when using single use HTTPS connections", :unless => RUBY_PLATFORM == 'java' do
|
138
|
-
it_behaves_like 'ssl verifier' do
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
|
-
context "when using persistent HTTPS connections", :unless => RUBY_PLATFORM == 'java' do
|
143
|
-
around :each do |example|
|
144
|
-
pool = Puppet::Network::HTTP::Pool.new
|
145
|
-
Puppet.override(:http_pool => pool) do
|
146
|
-
example.run
|
147
|
-
end
|
148
|
-
pool.close
|
149
|
-
end
|
150
|
-
|
151
|
-
it_behaves_like 'ssl verifier' do
|
152
|
-
end
|
153
|
-
end
|
154
|
-
|
155
95
|
context "when response is a redirect" do
|
156
96
|
let (:site) { Puppet::Network::HTTP::Site.new('http', 'my_server', 8140) }
|
157
97
|
let (:other_site) { Puppet::Network::HTTP::Site.new('http', 'redirected', 9292) }
|
@@ -6,34 +6,34 @@ require 'puppet/network/http/connection'
|
|
6
6
|
|
7
7
|
describe Puppet::Network::HTTP::NoCachePool do
|
8
8
|
let(:site) { Puppet::Network::HTTP::Site.new('https', 'rubygems.org', 443) }
|
9
|
-
let(:
|
9
|
+
let(:verifier) { stub('verifier', :setup_connection => nil) }
|
10
10
|
|
11
|
-
it 'yields a connection' do
|
12
|
-
http = stub('http')
|
11
|
+
it 'yields a started connection' do
|
12
|
+
http = stub('http', start: nil, finish: nil)
|
13
13
|
|
14
14
|
factory = Puppet::Network::HTTP::Factory.new
|
15
15
|
factory.stubs(:create_connection).returns(http)
|
16
16
|
pool = Puppet::Network::HTTP::NoCachePool.new(factory)
|
17
17
|
|
18
18
|
expect { |b|
|
19
|
-
pool.with_connection(site,
|
19
|
+
pool.with_connection(site, verifier, &b)
|
20
20
|
}.to yield_with_args(http)
|
21
21
|
end
|
22
22
|
|
23
23
|
it 'yields a new connection each time' do
|
24
|
-
http1 = stub('http1')
|
25
|
-
http2 = stub('http2')
|
24
|
+
http1 = stub('http1', start: nil, finish: nil)
|
25
|
+
http2 = stub('http2', start: nil, finish: nil)
|
26
26
|
|
27
27
|
factory = Puppet::Network::HTTP::Factory.new
|
28
28
|
factory.stubs(:create_connection).returns(http1).then.returns(http2)
|
29
29
|
pool = Puppet::Network::HTTP::NoCachePool.new(factory)
|
30
30
|
|
31
31
|
expect { |b|
|
32
|
-
pool.with_connection(site,
|
32
|
+
pool.with_connection(site, verifier, &b)
|
33
33
|
}.to yield_with_args(http1)
|
34
34
|
|
35
35
|
expect { |b|
|
36
|
-
pool.with_connection(site,
|
36
|
+
pool.with_connection(site, verifier, &b)
|
37
37
|
}.to yield_with_args(http2)
|
38
38
|
end
|
39
39
|
|
@@ -19,8 +19,11 @@ describe Puppet::Network::HTTP::Pool do
|
|
19
19
|
Puppet::Network::HTTP::Site.new('https', 'github.com', 443)
|
20
20
|
end
|
21
21
|
|
22
|
-
let(:
|
23
|
-
|
22
|
+
let(:ssl_context) { Puppet::SSL::SSLContext.new }
|
23
|
+
let(:verifier) do
|
24
|
+
v = Puppet::SSL::Verifier.new(site.host, ssl_context)
|
25
|
+
v.stubs(:setup_connection => nil)
|
26
|
+
v
|
24
27
|
end
|
25
28
|
|
26
29
|
def create_pool
|
@@ -30,7 +33,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
30
33
|
def create_pool_with_connections(site, *connections)
|
31
34
|
pool = Puppet::Network::HTTP::Pool.new
|
32
35
|
connections.each do |conn|
|
33
|
-
pool.release(site, conn)
|
36
|
+
pool.release(site, verifier, conn)
|
34
37
|
end
|
35
38
|
pool
|
36
39
|
end
|
@@ -40,7 +43,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
40
43
|
# connections have already expired
|
41
44
|
pool = Puppet::Network::HTTP::Pool.new(-1)
|
42
45
|
connections.each do |conn|
|
43
|
-
pool.release(site, conn)
|
46
|
+
pool.release(site, verifier, conn)
|
44
47
|
end
|
45
48
|
pool
|
46
49
|
end
|
@@ -55,16 +58,16 @@ describe Puppet::Network::HTTP::Pool do
|
|
55
58
|
pool = create_pool_with_connections(site, conn)
|
56
59
|
|
57
60
|
expect { |b|
|
58
|
-
pool.with_connection(site,
|
61
|
+
pool.with_connection(site, verifier, &b)
|
59
62
|
}.to yield_with_args(conn)
|
60
63
|
end
|
61
64
|
|
62
65
|
it 'returns the connection to the pool' do
|
63
66
|
conn = create_connection(site)
|
64
67
|
pool = create_pool
|
65
|
-
pool.release(site, conn)
|
68
|
+
pool.release(site, verifier, conn)
|
66
69
|
|
67
|
-
pool.with_connection(site,
|
70
|
+
pool.with_connection(site, verifier) { |c| }
|
68
71
|
|
69
72
|
expect(pool.pool[site].first.connection).to eq(conn)
|
70
73
|
end
|
@@ -74,10 +77,10 @@ describe Puppet::Network::HTTP::Pool do
|
|
74
77
|
mru_conn = create_connection(site)
|
75
78
|
pool = create_pool_with_connections(site, lru_conn, mru_conn)
|
76
79
|
|
77
|
-
pool.with_connection(site,
|
80
|
+
pool.with_connection(site, verifier) do |a|
|
78
81
|
expect(a).to eq(mru_conn)
|
79
82
|
|
80
|
-
pool.with_connection(site,
|
83
|
+
pool.with_connection(site, verifier) do |b|
|
81
84
|
expect(b).to eq(lru_conn)
|
82
85
|
end
|
83
86
|
end
|
@@ -86,10 +89,10 @@ describe Puppet::Network::HTTP::Pool do
|
|
86
89
|
it 'propagates exceptions' do
|
87
90
|
conn = create_connection(site)
|
88
91
|
pool = create_pool
|
89
|
-
pool.release(site, conn)
|
92
|
+
pool.release(site, verifier, conn)
|
90
93
|
|
91
94
|
expect {
|
92
|
-
pool.with_connection(site,
|
95
|
+
pool.with_connection(site, verifier) do |c|
|
93
96
|
raise IOError, 'connection reset'
|
94
97
|
end
|
95
98
|
}.to raise_error(IOError, 'connection reset')
|
@@ -100,11 +103,11 @@ describe Puppet::Network::HTTP::Pool do
|
|
100
103
|
# suggest we close the socket, and other errors
|
101
104
|
conn = create_connection(site)
|
102
105
|
pool = create_pool
|
103
|
-
pool.release(site, conn)
|
106
|
+
pool.release(site, verifier, conn)
|
104
107
|
|
105
|
-
pool.expects(:release).with(site, conn).never
|
108
|
+
pool.expects(:release).with(site, verifier, conn).never
|
106
109
|
|
107
|
-
pool.with_connection(site,
|
110
|
+
pool.with_connection(site, verifier) do |c|
|
108
111
|
raise IOError, 'connection reset'
|
109
112
|
end rescue nil
|
110
113
|
end
|
@@ -140,9 +143,9 @@ describe Puppet::Network::HTTP::Pool do
|
|
140
143
|
conn.expects(:use_ssl?).returns(false)
|
141
144
|
|
142
145
|
pool = create_pool_with_connections(site, conn)
|
143
|
-
pool.expects(:release).with(site, conn)
|
146
|
+
pool.expects(:release).with(site, verifier, conn)
|
144
147
|
|
145
|
-
pool.with_connection(site,
|
148
|
+
pool.with_connection(site, verifier) {|c| }
|
146
149
|
end
|
147
150
|
|
148
151
|
it 'releases secure HTTPS connections' do
|
@@ -151,9 +154,9 @@ describe Puppet::Network::HTTP::Pool do
|
|
151
154
|
conn.expects(:verify_mode).returns(OpenSSL::SSL::VERIFY_PEER)
|
152
155
|
|
153
156
|
pool = create_pool_with_connections(site, conn)
|
154
|
-
pool.expects(:release).with(site, conn)
|
157
|
+
pool.expects(:release).with(site, verifier, conn)
|
155
158
|
|
156
|
-
pool.with_connection(site,
|
159
|
+
pool.with_connection(site, verifier) {|c| }
|
157
160
|
end
|
158
161
|
|
159
162
|
it 'closes insecure HTTPS connections' do
|
@@ -163,9 +166,9 @@ describe Puppet::Network::HTTP::Pool do
|
|
163
166
|
|
164
167
|
pool = create_pool_with_connections(site, conn)
|
165
168
|
|
166
|
-
pool.expects(:release).with(site, conn).never
|
169
|
+
pool.expects(:release).with(site, verifier, conn).never
|
167
170
|
|
168
|
-
pool.with_connection(site,
|
171
|
+
pool.with_connection(site, verifier) {|c| }
|
169
172
|
end
|
170
173
|
end
|
171
174
|
end
|
@@ -177,7 +180,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
177
180
|
pool.factory.expects(:create_connection).with(site).returns(conn)
|
178
181
|
pool.expects(:setsockopts)
|
179
182
|
|
180
|
-
expect(pool.borrow(site,
|
183
|
+
expect(pool.borrow(site, verifier)).to eq(conn)
|
181
184
|
end
|
182
185
|
|
183
186
|
it 'returns a matching connection' do
|
@@ -186,7 +189,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
186
189
|
|
187
190
|
pool.factory.expects(:create_connection).never
|
188
191
|
|
189
|
-
expect(pool.borrow(site,
|
192
|
+
expect(pool.borrow(site, verifier)).to eq(conn)
|
190
193
|
end
|
191
194
|
|
192
195
|
it 'returns a new connection if there are no matching sites' do
|
@@ -197,7 +200,34 @@ describe Puppet::Network::HTTP::Pool do
|
|
197
200
|
pool.factory.expects(:create_connection).with(site).returns(conn)
|
198
201
|
pool.expects(:setsockopts)
|
199
202
|
|
200
|
-
expect(pool.borrow(site,
|
203
|
+
expect(pool.borrow(site, verifier)).to eq(conn)
|
204
|
+
end
|
205
|
+
|
206
|
+
it 'returns a new connection if the ssl contexts are different' do
|
207
|
+
old_conn = create_connection(site)
|
208
|
+
pool = create_pool_with_connections(site, old_conn)
|
209
|
+
pool.stubs(:setsockopts)
|
210
|
+
|
211
|
+
new_conn = create_connection(site)
|
212
|
+
pool.factory.stubs(:create_connection).with(site).returns(new_conn)
|
213
|
+
|
214
|
+
new_verifier = Puppet::SSL::Verifier.new(site.host, Puppet::SSL::SSLContext.new)
|
215
|
+
new_verifier.stubs(:setup_connection)
|
216
|
+
|
217
|
+
# 'equal' tests that it's the same object
|
218
|
+
expect(pool.borrow(site, new_verifier)).to eq(new_conn)
|
219
|
+
end
|
220
|
+
|
221
|
+
it 'returns a cached connection if the ssl contexts are the same' do
|
222
|
+
old_conn = create_connection(site)
|
223
|
+
pool = create_pool_with_connections(site, old_conn)
|
224
|
+
pool.stubs(:setsockopts)
|
225
|
+
|
226
|
+
pool.factory.expects(:create_connection).never
|
227
|
+
|
228
|
+
# 'equal' tests that it's the same object
|
229
|
+
new_verifier = Puppet::SSL::Verifier.new(site.host, ssl_context)
|
230
|
+
expect(pool.borrow(site, new_verifier)).to equal(old_conn)
|
201
231
|
end
|
202
232
|
|
203
233
|
it 'returns started connections' do
|
@@ -208,7 +238,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
208
238
|
pool.factory.expects(:create_connection).with(site).returns(conn)
|
209
239
|
pool.expects(:setsockopts)
|
210
240
|
|
211
|
-
expect(pool.borrow(site,
|
241
|
+
expect(pool.borrow(site, verifier)).to eq(conn)
|
212
242
|
end
|
213
243
|
|
214
244
|
it "doesn't start a cached connection" do
|
@@ -216,7 +246,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
216
246
|
conn.expects(:start).never
|
217
247
|
|
218
248
|
pool = create_pool_with_connections(site, conn)
|
219
|
-
pool.borrow(site,
|
249
|
+
pool.borrow(site, verifier)
|
220
250
|
end
|
221
251
|
|
222
252
|
it 'returns the most recently used connection from the pool' do
|
@@ -224,7 +254,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
224
254
|
most_recently_used = create_connection(site)
|
225
255
|
|
226
256
|
pool = create_pool_with_connections(site, least_recently_used, most_recently_used)
|
227
|
-
expect(pool.borrow(site,
|
257
|
+
expect(pool.borrow(site, verifier)).to eq(most_recently_used)
|
228
258
|
end
|
229
259
|
|
230
260
|
it 'finishes expired connections' do
|
@@ -235,7 +265,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
235
265
|
pool.factory.expects(:create_connection => stub('conn', :start => nil))
|
236
266
|
pool.expects(:setsockopts)
|
237
267
|
|
238
|
-
pool.borrow(site,
|
268
|
+
pool.borrow(site, verifier)
|
239
269
|
end
|
240
270
|
|
241
271
|
it 'logs an exception if it fails to close an expired connection' do
|
@@ -248,7 +278,7 @@ describe Puppet::Network::HTTP::Pool do
|
|
248
278
|
pool.factory.expects(:create_connection => stub('open_conn', :start => nil))
|
249
279
|
pool.expects(:setsockopts)
|
250
280
|
|
251
|
-
pool.borrow(site,
|
281
|
+
pool.borrow(site, verifier)
|
252
282
|
end
|
253
283
|
end
|
254
284
|
|
@@ -257,23 +287,23 @@ describe Puppet::Network::HTTP::Pool do
|
|
257
287
|
conn = create_connection(site)
|
258
288
|
|
259
289
|
pool = create_pool
|
260
|
-
pool.release(site, conn)
|
290
|
+
pool.release(site, verifier, conn)
|
261
291
|
|
262
292
|
expect(pool.pool[site].first.connection).to eq(conn)
|
263
293
|
end
|
264
294
|
|
265
295
|
it 'adds the connection to a pool with a connection for the same site' do
|
266
296
|
pool = create_pool
|
267
|
-
pool.release(site, create_connection(site))
|
268
|
-
pool.release(site, create_connection(site))
|
297
|
+
pool.release(site, verifier, create_connection(site))
|
298
|
+
pool.release(site, verifier, create_connection(site))
|
269
299
|
|
270
300
|
expect(pool.pool[site].count).to eq(2)
|
271
301
|
end
|
272
302
|
|
273
303
|
it 'adds the connection to a pool with a connection for a different site' do
|
274
304
|
pool = create_pool
|
275
|
-
pool.release(site, create_connection(site))
|
276
|
-
pool.release(different_site, create_connection(different_site))
|
305
|
+
pool.release(site, verifier, create_connection(site))
|
306
|
+
pool.release(different_site, verifier, create_connection(different_site))
|
277
307
|
|
278
308
|
expect(pool.pool[site].count).to eq(1)
|
279
309
|
expect(pool.pool[different_site].count).to eq(1)
|