puppet 6.3.0-x64-mingw32 → 6.4.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (147) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +30 -0
  3. data/Gemfile.lock +9 -9
  4. data/lib/puppet.rb +13 -0
  5. data/lib/puppet/application/agent.rb +8 -12
  6. data/lib/puppet/application/device.rb +2 -3
  7. data/lib/puppet/application/filebucket.rb +6 -1
  8. data/lib/puppet/application/ssl.rb +102 -55
  9. data/lib/puppet/configurer.rb +8 -7
  10. data/lib/puppet/defaults.rb +3 -1
  11. data/lib/puppet/file_system.rb +24 -4
  12. data/lib/puppet/file_system/file_impl.rb +25 -0
  13. data/lib/puppet/file_system/jruby.rb +23 -0
  14. data/lib/puppet/file_system/windows.rb +84 -0
  15. data/lib/puppet/indirector/rest.rb +4 -2
  16. data/lib/puppet/loaders.rb +1 -0
  17. data/lib/puppet/network/http.rb +1 -0
  18. data/lib/puppet/network/http/base_pool.rb +18 -0
  19. data/lib/puppet/network/http/connection.rb +49 -17
  20. data/lib/puppet/network/http/nocache_pool.rb +9 -4
  21. data/lib/puppet/network/http/pool.rb +10 -11
  22. data/lib/puppet/network/http/session.rb +3 -2
  23. data/lib/puppet/network/http_pool.rb +32 -0
  24. data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
  25. data/lib/puppet/pops/loader/loader_paths.rb +46 -10
  26. data/lib/puppet/pops/loader/module_loaders.rb +10 -3
  27. data/lib/puppet/provider/file/windows.rb +49 -1
  28. data/lib/puppet/provider/package/windows.rb +5 -1
  29. data/lib/puppet/reports/http.rb +2 -1
  30. data/lib/puppet/rest/client.rb +7 -3
  31. data/lib/puppet/rest/routes.rb +9 -44
  32. data/lib/puppet/ssl.rb +6 -0
  33. data/lib/puppet/ssl/error.rb +26 -0
  34. data/lib/puppet/ssl/host.rb +9 -92
  35. data/lib/puppet/ssl/ssl_context.rb +30 -0
  36. data/lib/puppet/ssl/ssl_provider.rb +232 -0
  37. data/lib/puppet/ssl/state_machine.rb +261 -0
  38. data/lib/puppet/ssl/validator.rb +1 -0
  39. data/lib/puppet/ssl/validator/default_validator.rb +1 -0
  40. data/lib/puppet/ssl/validator/no_validator.rb +2 -0
  41. data/lib/puppet/ssl/verifier.rb +134 -0
  42. data/lib/puppet/ssl/verifier_adapter.rb +48 -0
  43. data/lib/puppet/test/test_helper.rb +2 -1
  44. data/lib/puppet/type/exec.rb +30 -6
  45. data/lib/puppet/type/file/mode.rb +6 -1
  46. data/lib/puppet/type/file/source.rb +2 -2
  47. data/lib/puppet/type/filebucket.rb +12 -8
  48. data/lib/puppet/type/user.rb +14 -1
  49. data/lib/puppet/util/connection.rb +10 -5
  50. data/lib/puppet/util/feature.rb +11 -2
  51. data/lib/puppet/util/http_proxy.rb +3 -2
  52. data/lib/puppet/util/pidlock.rb +1 -1
  53. data/lib/puppet/util/ssl.rb +1 -10
  54. data/lib/puppet/util/windows/security.rb +29 -8
  55. data/lib/puppet/version.rb +1 -1
  56. data/lib/puppet/x509.rb +7 -0
  57. data/lib/puppet/x509/cert_provider.rb +286 -0
  58. data/lib/puppet/x509/pem_store.rb +55 -0
  59. data/locales/ja/puppet.po +740 -590
  60. data/locales/puppet.pot +433 -208
  61. data/man/man5/puppet.conf.5 +6 -3
  62. data/man/man8/puppet-agent.8 +1 -1
  63. data/man/man8/puppet-apply.8 +1 -1
  64. data/man/man8/puppet-catalog.8 +1 -1
  65. data/man/man8/puppet-config.8 +1 -1
  66. data/man/man8/puppet-describe.8 +1 -1
  67. data/man/man8/puppet-device.8 +1 -1
  68. data/man/man8/puppet-doc.8 +1 -1
  69. data/man/man8/puppet-epp.8 +1 -1
  70. data/man/man8/puppet-facts.8 +1 -1
  71. data/man/man8/puppet-filebucket.8 +6 -2
  72. data/man/man8/puppet-generate.8 +1 -1
  73. data/man/man8/puppet-help.8 +1 -1
  74. data/man/man8/puppet-key.8 +1 -1
  75. data/man/man8/puppet-lookup.8 +1 -1
  76. data/man/man8/puppet-man.8 +1 -1
  77. data/man/man8/puppet-module.8 +1 -1
  78. data/man/man8/puppet-node.8 +1 -1
  79. data/man/man8/puppet-parser.8 +1 -1
  80. data/man/man8/puppet-plugin.8 +1 -1
  81. data/man/man8/puppet-report.8 +1 -1
  82. data/man/man8/puppet-resource.8 +1 -1
  83. data/man/man8/puppet-script.8 +1 -1
  84. data/man/man8/puppet-ssl.8 +5 -1
  85. data/man/man8/puppet-status.8 +1 -1
  86. data/man/man8/puppet.8 +2 -2
  87. data/spec/fixtures/ssl/127.0.0.1-key.pem +67 -0
  88. data/spec/fixtures/ssl/127.0.0.1.pem +48 -0
  89. data/spec/fixtures/ssl/bad-basic-constraints.pem +59 -0
  90. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +59 -0
  91. data/spec/fixtures/ssl/ca.pem +59 -0
  92. data/spec/fixtures/ssl/crl.pem +30 -0
  93. data/spec/fixtures/ssl/encrypted-key.pem +70 -0
  94. data/spec/fixtures/ssl/intermediate-agent-crl.pem +31 -0
  95. data/spec/fixtures/ssl/intermediate-agent.pem +60 -0
  96. data/spec/fixtures/ssl/intermediate-crl.pem +36 -0
  97. data/spec/fixtures/ssl/intermediate.pem +60 -0
  98. data/spec/fixtures/ssl/netlock-arany-utf8.pem +23 -0
  99. data/spec/fixtures/ssl/pluto-key.pem +67 -0
  100. data/spec/fixtures/ssl/pluto.pem +44 -0
  101. data/spec/fixtures/ssl/request-key.pem +67 -0
  102. data/spec/fixtures/ssl/request.pem +39 -0
  103. data/spec/fixtures/ssl/revoked-key.pem +67 -0
  104. data/spec/fixtures/ssl/revoked.pem +44 -0
  105. data/spec/fixtures/ssl/signed-key.pem +67 -0
  106. data/spec/fixtures/ssl/signed.pem +44 -0
  107. data/spec/fixtures/ssl/tampered-cert.pem +44 -0
  108. data/spec/fixtures/ssl/tampered-csr.pem +39 -0
  109. data/spec/integration/network/http_pool_spec.rb +222 -0
  110. data/spec/integration/provider/file/windows_spec.rb +162 -0
  111. data/spec/integration/rest/client_spec.rb +73 -0
  112. data/spec/integration/type/file_spec.rb +0 -19
  113. data/spec/lib/puppet/test_ca.rb +87 -50
  114. data/spec/lib/puppet_spec/fixtures.rb +20 -0
  115. data/spec/lib/puppet_spec/https.rb +84 -0
  116. data/spec/unit/application/agent_spec.rb +29 -30
  117. data/spec/unit/application/device_spec.rb +12 -49
  118. data/spec/unit/application/ssl_spec.rb +24 -38
  119. data/spec/unit/configurer_spec.rb +11 -11
  120. data/spec/unit/file_system/uniquefile_spec.rb +6 -0
  121. data/spec/unit/file_system_spec.rb +214 -0
  122. data/spec/unit/indirector/rest_spec.rb +3 -3
  123. data/spec/unit/network/http/connection_spec.rb +30 -90
  124. data/spec/unit/network/http/factory_spec.rb +1 -0
  125. data/spec/unit/network/http/nocache_pool_spec.rb +8 -8
  126. data/spec/unit/network/http/pool_spec.rb +63 -33
  127. data/spec/unit/network/http/session_spec.rb +8 -1
  128. data/spec/unit/network/http_pool_spec.rb +36 -0
  129. data/spec/unit/pops/loaders/loader_spec.rb +26 -1
  130. data/spec/unit/provider/package/windows_spec.rb +12 -1
  131. data/spec/unit/reports/http_spec.rb +7 -7
  132. data/spec/unit/rest/client_spec.rb +4 -6
  133. data/spec/unit/ssl/host_spec.rb +39 -33
  134. data/spec/unit/ssl/ssl_provider_spec.rb +428 -0
  135. data/spec/unit/ssl/state_machine_spec.rb +502 -0
  136. data/spec/unit/ssl/verifier_spec.rb +123 -0
  137. data/spec/unit/type/exec_spec.rb +63 -0
  138. data/spec/unit/type/file/source_spec.rb +5 -5
  139. data/spec/unit/type/filebucket_spec.rb +8 -6
  140. data/spec/unit/util/feature_spec.rb +2 -2
  141. data/spec/unit/util/storage_spec.rb +19 -19
  142. data/spec/unit/x509/cert_provider_spec.rb +527 -0
  143. data/spec/unit/x509/pem_store_spec.rb +160 -0
  144. data/tasks/generate_cert_fixtures.rake +158 -0
  145. metadata +78 -4
  146. data/MAINTAINERS +0 -47
  147. data/lib/puppet/rest/ssl_context.rb +0 -13
@@ -335,21 +335,21 @@ describe Puppet::Indirector::REST do
335
335
  @request = stub 'request', :key => "foo", :server => nil, :port => nil
336
336
  terminus.class.expects(:port).returns 321
337
337
  terminus.class.expects(:server).returns "myserver"
338
- Puppet::Network::HttpPool.expects(:http_instance).with("myserver", 321).returns "myconn"
338
+ Puppet::Network::HttpPool.expects(:connection).with('myserver', 321, anything).returns "myconn"
339
339
  expect(terminus.network(@request)).to eq("myconn")
340
340
  end
341
341
 
342
342
  it "should use the server from the indirection request if one is present" do
343
343
  @request = stub 'request', :key => "foo", :server => "myserver", :port => nil
344
344
  terminus.class.stubs(:port).returns 321
345
- Puppet::Network::HttpPool.expects(:http_instance).with("myserver", 321).returns "myconn"
345
+ Puppet::Network::HttpPool.expects(:connection).with('myserver', 321, anything).returns "myconn"
346
346
  expect(terminus.network(@request)).to eq("myconn")
347
347
  end
348
348
 
349
349
  it "should use the port from the indirection request if one is present" do
350
350
  @request = stub 'request', :key => "foo", :server => nil, :port => 321
351
351
  terminus.class.stubs(:server).returns "myserver"
352
- Puppet::Network::HttpPool.expects(:http_instance).with("myserver", 321).returns "myconn"
352
+ Puppet::Network::HttpPool.expects(:connection).with('myserver', 321, anything).returns "myconn"
353
353
  expect(terminus.network(@request)).to eq("myconn")
354
354
  end
355
355
  end
@@ -26,8 +26,8 @@ describe Puppet::Network::HTTP::Connection do
26
26
  expect(conn).to be_use_ssl
27
27
  end
28
28
 
29
- it "can disable ssl using an option" do
30
- conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false, :verify => Puppet::SSL::Validator.no_validator)
29
+ it "can disable ssl using an option and ignore the verify" do
30
+ conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false)
31
31
 
32
32
  expect(conn).to_not be_use_ssl
33
33
  end
@@ -38,9 +38,35 @@ describe Puppet::Network::HTTP::Connection do
38
38
  expect(conn).to be_use_ssl
39
39
  end
40
40
 
41
+ it "ignores the ':verify' option when ssl is disabled" do
42
+ conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false, :verify => Puppet::SSL::Validator.no_validator)
43
+
44
+ expect(conn.verifier).to be_nil
45
+ end
46
+
47
+ it "wraps the validator in an adapter" do
48
+ conn = Puppet::Network::HTTP::Connection.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
49
+
50
+ expect(conn.verifier).to be_a_kind_of(Puppet::SSL::VerifierAdapter)
51
+ end
52
+
41
53
  it "should raise Puppet::Error when invalid options are specified" do
42
54
  expect { Puppet::Network::HTTP::Connection.new(host, port, :invalid_option => nil) }.to raise_error(Puppet::Error, 'Unrecognized option(s): :invalid_option')
43
55
  end
56
+
57
+ it "accepts a verifier" do
58
+ verifier = Puppet::SSL::Verifier.new('fqdn', stub('ssl_context'))
59
+ conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => true, :verifier => verifier)
60
+
61
+ expect(conn.verifier).to eq(verifier)
62
+ end
63
+
64
+ it "raises if the wrong verifier class is specified" do
65
+ expect {
66
+ Puppet::Network::HTTP::Connection.new(host, port, :verifier => Puppet::SSL::Validator.default_validator)
67
+ }.to raise_error(ArgumentError,
68
+ "Expected an instance of Puppet::SSL::Verifier but was passed a Puppet::SSL::Validator::DefaultValidator")
69
+ end
44
70
  end
45
71
  end
46
72
 
@@ -54,6 +80,8 @@ describe Puppet::Network::HTTP::Connection do
54
80
  :request_post => "param: value" }.each do |method,body|
55
81
  context "##{method}" do
56
82
  it "should yield to the block" do
83
+ Net::HTTP.any_instance.stubs(method).yields.returns(httpok)
84
+
57
85
  block_executed = false
58
86
  subject.send(method, "/foo", body) do |response|
59
87
  block_executed = true
@@ -64,94 +92,6 @@ describe Puppet::Network::HTTP::Connection do
64
92
  end
65
93
  end
66
94
 
67
- shared_examples_for 'ssl verifier' do
68
- include PuppetSpec::Files
69
-
70
- let (:host) { "my_server" }
71
- let (:port) { 8140 }
72
-
73
- before :all do
74
- WebMock.disable!
75
- end
76
-
77
- after :all do
78
- WebMock.enable!
79
- end
80
-
81
- it "should provide a useful error message when one is available and certificate validation fails", :unless => Puppet::Util::Platform.windows? do
82
- connection = Puppet::Network::HTTP::Connection.new(
83
- host, port,
84
- :verify => ConstantErrorValidator.new(:fails_with => 'certificate verify failed',
85
- :error_string => 'shady looking signature'))
86
-
87
- expect do
88
- connection.get('request')
89
- end.to raise_error(Puppet::Error, "certificate verify failed: [shady looking signature]")
90
- end
91
-
92
- it "should provide a helpful error message when hostname was not match with server certificate", :unless => Puppet::Util::Platform.windows? || RUBY_PLATFORM == 'java' do
93
- Puppet[:confdir] = tmpdir('conf')
94
-
95
- connection = Puppet::Network::HTTP::Connection.new(
96
- host, port,
97
- :verify => ConstantErrorValidator.new(
98
- :fails_with => 'hostname was not match with server certificate',
99
- :peer_certs => [Puppet::TestCa.new.generate('not_my_server',
100
- :subject_alt_names => 'DNS:foo,DNS:bar,DNS:baz,DNS:not_my_server')[:cert]]))
101
-
102
- expect do
103
- connection.get('request')
104
- end.to raise_error(Puppet::Error) do |error|
105
- error.message =~ /\AServer hostname 'my_server' did not match server certificate; expected one of (.+)/
106
- expect($1.split(', ')).to match_array(%w[DNS:foo DNS:bar DNS:baz DNS:not_my_server not_my_server])
107
- end
108
- end
109
-
110
- it "should pass along the error message otherwise" do
111
- connection = Puppet::Network::HTTP::Connection.new(
112
- host, port,
113
- :verify => ConstantErrorValidator.new(:fails_with => 'some other message'))
114
-
115
- expect do
116
- connection.get('request')
117
- end.to raise_error(/some other message/)
118
- end
119
-
120
- it "should check all peer certificates for upcoming expiration", :unless => Puppet::Util::Platform.windows? || RUBY_PLATFORM == 'java' do
121
- Puppet[:confdir] = tmpdir('conf')
122
- cert = Puppet::TestCa.new.generate('server',
123
- :subject_alt_names => 'DNS:foo,DNS:bar,DNS:baz,DNS:server')[:cert]
124
-
125
- connection = Puppet::Network::HTTP::Connection.new(
126
- host, port,
127
- :verify => NoProblemsValidator.new(cert))
128
-
129
- Net::HTTP.any_instance.stubs(:start)
130
- Net::HTTP.any_instance.stubs(:request).returns(httpok)
131
- Puppet::Network::HTTP::Pool.any_instance.stubs(:setsockopts)
132
-
133
- connection.get('request')
134
- end
135
- end
136
-
137
- context "when using single use HTTPS connections", :unless => RUBY_PLATFORM == 'java' do
138
- it_behaves_like 'ssl verifier' do
139
- end
140
- end
141
-
142
- context "when using persistent HTTPS connections", :unless => RUBY_PLATFORM == 'java' do
143
- around :each do |example|
144
- pool = Puppet::Network::HTTP::Pool.new
145
- Puppet.override(:http_pool => pool) do
146
- example.run
147
- end
148
- pool.close
149
- end
150
-
151
- it_behaves_like 'ssl verifier' do
152
- end
153
- end
154
-
155
95
  context "when response is a redirect" do
156
96
  let (:site) { Puppet::Network::HTTP::Site.new('http', 'my_server', 8140) }
157
97
  let (:other_site) { Puppet::Network::HTTP::Site.new('http', 'redirected', 9292) }
@@ -14,6 +14,7 @@ describe Puppet::Network::HTTP::Factory do
14
14
  end
15
15
 
16
16
  let(:site) { Puppet::Network::HTTP::Site.new('https', 'www.example.com', 443) }
17
+
17
18
  def create_connection(site)
18
19
  factory = Puppet::Network::HTTP::Factory.new
19
20
 
@@ -6,34 +6,34 @@ require 'puppet/network/http/connection'
6
6
 
7
7
  describe Puppet::Network::HTTP::NoCachePool do
8
8
  let(:site) { Puppet::Network::HTTP::Site.new('https', 'rubygems.org', 443) }
9
- let(:verify) { stub('verify', :setup_connection => nil) }
9
+ let(:verifier) { stub('verifier', :setup_connection => nil) }
10
10
 
11
- it 'yields a connection' do
12
- http = stub('http')
11
+ it 'yields a started connection' do
12
+ http = stub('http', start: nil, finish: nil)
13
13
 
14
14
  factory = Puppet::Network::HTTP::Factory.new
15
15
  factory.stubs(:create_connection).returns(http)
16
16
  pool = Puppet::Network::HTTP::NoCachePool.new(factory)
17
17
 
18
18
  expect { |b|
19
- pool.with_connection(site, verify, &b)
19
+ pool.with_connection(site, verifier, &b)
20
20
  }.to yield_with_args(http)
21
21
  end
22
22
 
23
23
  it 'yields a new connection each time' do
24
- http1 = stub('http1')
25
- http2 = stub('http2')
24
+ http1 = stub('http1', start: nil, finish: nil)
25
+ http2 = stub('http2', start: nil, finish: nil)
26
26
 
27
27
  factory = Puppet::Network::HTTP::Factory.new
28
28
  factory.stubs(:create_connection).returns(http1).then.returns(http2)
29
29
  pool = Puppet::Network::HTTP::NoCachePool.new(factory)
30
30
 
31
31
  expect { |b|
32
- pool.with_connection(site, verify, &b)
32
+ pool.with_connection(site, verifier, &b)
33
33
  }.to yield_with_args(http1)
34
34
 
35
35
  expect { |b|
36
- pool.with_connection(site, verify, &b)
36
+ pool.with_connection(site, verifier, &b)
37
37
  }.to yield_with_args(http2)
38
38
  end
39
39
 
@@ -19,8 +19,11 @@ describe Puppet::Network::HTTP::Pool do
19
19
  Puppet::Network::HTTP::Site.new('https', 'github.com', 443)
20
20
  end
21
21
 
22
- let(:verify) do
23
- stub('verify', :setup_connection => nil)
22
+ let(:ssl_context) { Puppet::SSL::SSLContext.new }
23
+ let(:verifier) do
24
+ v = Puppet::SSL::Verifier.new(site.host, ssl_context)
25
+ v.stubs(:setup_connection => nil)
26
+ v
24
27
  end
25
28
 
26
29
  def create_pool
@@ -30,7 +33,7 @@ describe Puppet::Network::HTTP::Pool do
30
33
  def create_pool_with_connections(site, *connections)
31
34
  pool = Puppet::Network::HTTP::Pool.new
32
35
  connections.each do |conn|
33
- pool.release(site, conn)
36
+ pool.release(site, verifier, conn)
34
37
  end
35
38
  pool
36
39
  end
@@ -40,7 +43,7 @@ describe Puppet::Network::HTTP::Pool do
40
43
  # connections have already expired
41
44
  pool = Puppet::Network::HTTP::Pool.new(-1)
42
45
  connections.each do |conn|
43
- pool.release(site, conn)
46
+ pool.release(site, verifier, conn)
44
47
  end
45
48
  pool
46
49
  end
@@ -55,16 +58,16 @@ describe Puppet::Network::HTTP::Pool do
55
58
  pool = create_pool_with_connections(site, conn)
56
59
 
57
60
  expect { |b|
58
- pool.with_connection(site, verify, &b)
61
+ pool.with_connection(site, verifier, &b)
59
62
  }.to yield_with_args(conn)
60
63
  end
61
64
 
62
65
  it 'returns the connection to the pool' do
63
66
  conn = create_connection(site)
64
67
  pool = create_pool
65
- pool.release(site, conn)
68
+ pool.release(site, verifier, conn)
66
69
 
67
- pool.with_connection(site, verify) { |c| }
70
+ pool.with_connection(site, verifier) { |c| }
68
71
 
69
72
  expect(pool.pool[site].first.connection).to eq(conn)
70
73
  end
@@ -74,10 +77,10 @@ describe Puppet::Network::HTTP::Pool do
74
77
  mru_conn = create_connection(site)
75
78
  pool = create_pool_with_connections(site, lru_conn, mru_conn)
76
79
 
77
- pool.with_connection(site, verify) do |a|
80
+ pool.with_connection(site, verifier) do |a|
78
81
  expect(a).to eq(mru_conn)
79
82
 
80
- pool.with_connection(site, verify) do |b|
83
+ pool.with_connection(site, verifier) do |b|
81
84
  expect(b).to eq(lru_conn)
82
85
  end
83
86
  end
@@ -86,10 +89,10 @@ describe Puppet::Network::HTTP::Pool do
86
89
  it 'propagates exceptions' do
87
90
  conn = create_connection(site)
88
91
  pool = create_pool
89
- pool.release(site, conn)
92
+ pool.release(site, verifier, conn)
90
93
 
91
94
  expect {
92
- pool.with_connection(site, verify) do |c|
95
+ pool.with_connection(site, verifier) do |c|
93
96
  raise IOError, 'connection reset'
94
97
  end
95
98
  }.to raise_error(IOError, 'connection reset')
@@ -100,11 +103,11 @@ describe Puppet::Network::HTTP::Pool do
100
103
  # suggest we close the socket, and other errors
101
104
  conn = create_connection(site)
102
105
  pool = create_pool
103
- pool.release(site, conn)
106
+ pool.release(site, verifier, conn)
104
107
 
105
- pool.expects(:release).with(site, conn).never
108
+ pool.expects(:release).with(site, verifier, conn).never
106
109
 
107
- pool.with_connection(site, verify) do |c|
110
+ pool.with_connection(site, verifier) do |c|
108
111
  raise IOError, 'connection reset'
109
112
  end rescue nil
110
113
  end
@@ -140,9 +143,9 @@ describe Puppet::Network::HTTP::Pool do
140
143
  conn.expects(:use_ssl?).returns(false)
141
144
 
142
145
  pool = create_pool_with_connections(site, conn)
143
- pool.expects(:release).with(site, conn)
146
+ pool.expects(:release).with(site, verifier, conn)
144
147
 
145
- pool.with_connection(site, verify) {|c| }
148
+ pool.with_connection(site, verifier) {|c| }
146
149
  end
147
150
 
148
151
  it 'releases secure HTTPS connections' do
@@ -151,9 +154,9 @@ describe Puppet::Network::HTTP::Pool do
151
154
  conn.expects(:verify_mode).returns(OpenSSL::SSL::VERIFY_PEER)
152
155
 
153
156
  pool = create_pool_with_connections(site, conn)
154
- pool.expects(:release).with(site, conn)
157
+ pool.expects(:release).with(site, verifier, conn)
155
158
 
156
- pool.with_connection(site, verify) {|c| }
159
+ pool.with_connection(site, verifier) {|c| }
157
160
  end
158
161
 
159
162
  it 'closes insecure HTTPS connections' do
@@ -163,9 +166,9 @@ describe Puppet::Network::HTTP::Pool do
163
166
 
164
167
  pool = create_pool_with_connections(site, conn)
165
168
 
166
- pool.expects(:release).with(site, conn).never
169
+ pool.expects(:release).with(site, verifier, conn).never
167
170
 
168
- pool.with_connection(site, verify) {|c| }
171
+ pool.with_connection(site, verifier) {|c| }
169
172
  end
170
173
  end
171
174
  end
@@ -177,7 +180,7 @@ describe Puppet::Network::HTTP::Pool do
177
180
  pool.factory.expects(:create_connection).with(site).returns(conn)
178
181
  pool.expects(:setsockopts)
179
182
 
180
- expect(pool.borrow(site, verify)).to eq(conn)
183
+ expect(pool.borrow(site, verifier)).to eq(conn)
181
184
  end
182
185
 
183
186
  it 'returns a matching connection' do
@@ -186,7 +189,7 @@ describe Puppet::Network::HTTP::Pool do
186
189
 
187
190
  pool.factory.expects(:create_connection).never
188
191
 
189
- expect(pool.borrow(site, verify)).to eq(conn)
192
+ expect(pool.borrow(site, verifier)).to eq(conn)
190
193
  end
191
194
 
192
195
  it 'returns a new connection if there are no matching sites' do
@@ -197,7 +200,34 @@ describe Puppet::Network::HTTP::Pool do
197
200
  pool.factory.expects(:create_connection).with(site).returns(conn)
198
201
  pool.expects(:setsockopts)
199
202
 
200
- expect(pool.borrow(site, verify)).to eq(conn)
203
+ expect(pool.borrow(site, verifier)).to eq(conn)
204
+ end
205
+
206
+ it 'returns a new connection if the ssl contexts are different' do
207
+ old_conn = create_connection(site)
208
+ pool = create_pool_with_connections(site, old_conn)
209
+ pool.stubs(:setsockopts)
210
+
211
+ new_conn = create_connection(site)
212
+ pool.factory.stubs(:create_connection).with(site).returns(new_conn)
213
+
214
+ new_verifier = Puppet::SSL::Verifier.new(site.host, Puppet::SSL::SSLContext.new)
215
+ new_verifier.stubs(:setup_connection)
216
+
217
+ # 'equal' tests that it's the same object
218
+ expect(pool.borrow(site, new_verifier)).to eq(new_conn)
219
+ end
220
+
221
+ it 'returns a cached connection if the ssl contexts are the same' do
222
+ old_conn = create_connection(site)
223
+ pool = create_pool_with_connections(site, old_conn)
224
+ pool.stubs(:setsockopts)
225
+
226
+ pool.factory.expects(:create_connection).never
227
+
228
+ # 'equal' tests that it's the same object
229
+ new_verifier = Puppet::SSL::Verifier.new(site.host, ssl_context)
230
+ expect(pool.borrow(site, new_verifier)).to equal(old_conn)
201
231
  end
202
232
 
203
233
  it 'returns started connections' do
@@ -208,7 +238,7 @@ describe Puppet::Network::HTTP::Pool do
208
238
  pool.factory.expects(:create_connection).with(site).returns(conn)
209
239
  pool.expects(:setsockopts)
210
240
 
211
- expect(pool.borrow(site, verify)).to eq(conn)
241
+ expect(pool.borrow(site, verifier)).to eq(conn)
212
242
  end
213
243
 
214
244
  it "doesn't start a cached connection" do
@@ -216,7 +246,7 @@ describe Puppet::Network::HTTP::Pool do
216
246
  conn.expects(:start).never
217
247
 
218
248
  pool = create_pool_with_connections(site, conn)
219
- pool.borrow(site, verify)
249
+ pool.borrow(site, verifier)
220
250
  end
221
251
 
222
252
  it 'returns the most recently used connection from the pool' do
@@ -224,7 +254,7 @@ describe Puppet::Network::HTTP::Pool do
224
254
  most_recently_used = create_connection(site)
225
255
 
226
256
  pool = create_pool_with_connections(site, least_recently_used, most_recently_used)
227
- expect(pool.borrow(site, verify)).to eq(most_recently_used)
257
+ expect(pool.borrow(site, verifier)).to eq(most_recently_used)
228
258
  end
229
259
 
230
260
  it 'finishes expired connections' do
@@ -235,7 +265,7 @@ describe Puppet::Network::HTTP::Pool do
235
265
  pool.factory.expects(:create_connection => stub('conn', :start => nil))
236
266
  pool.expects(:setsockopts)
237
267
 
238
- pool.borrow(site, verify)
268
+ pool.borrow(site, verifier)
239
269
  end
240
270
 
241
271
  it 'logs an exception if it fails to close an expired connection' do
@@ -248,7 +278,7 @@ describe Puppet::Network::HTTP::Pool do
248
278
  pool.factory.expects(:create_connection => stub('open_conn', :start => nil))
249
279
  pool.expects(:setsockopts)
250
280
 
251
- pool.borrow(site, verify)
281
+ pool.borrow(site, verifier)
252
282
  end
253
283
  end
254
284
 
@@ -257,23 +287,23 @@ describe Puppet::Network::HTTP::Pool do
257
287
  conn = create_connection(site)
258
288
 
259
289
  pool = create_pool
260
- pool.release(site, conn)
290
+ pool.release(site, verifier, conn)
261
291
 
262
292
  expect(pool.pool[site].first.connection).to eq(conn)
263
293
  end
264
294
 
265
295
  it 'adds the connection to a pool with a connection for the same site' do
266
296
  pool = create_pool
267
- pool.release(site, create_connection(site))
268
- pool.release(site, create_connection(site))
297
+ pool.release(site, verifier, create_connection(site))
298
+ pool.release(site, verifier, create_connection(site))
269
299
 
270
300
  expect(pool.pool[site].count).to eq(2)
271
301
  end
272
302
 
273
303
  it 'adds the connection to a pool with a connection for a different site' do
274
304
  pool = create_pool
275
- pool.release(site, create_connection(site))
276
- pool.release(different_site, create_connection(different_site))
305
+ pool.release(site, verifier, create_connection(site))
306
+ pool.release(different_site, verifier, create_connection(different_site))
277
307
 
278
308
  expect(pool.pool[site].count).to eq(1)
279
309
  expect(pool.pool[different_site].count).to eq(1)