puppet 6.4.0-universal-darwin → 6.4.1-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +0 -1
- data/Gemfile.lock +7 -11
- data/lib/puppet/application/device.rb +97 -82
- data/lib/puppet/application/filebucket.rb +4 -0
- data/lib/puppet/application/ssl.rb +2 -2
- data/lib/puppet/configurer.rb +5 -4
- data/lib/puppet/defaults.rb +33 -11
- data/lib/puppet/indirector/request.rb +28 -15
- data/lib/puppet/ssl.rb +1 -1
- data/lib/puppet/ssl/certificate.rb +1 -1
- data/lib/puppet/ssl/error.rb +1 -1
- data/lib/puppet/ssl/host.rb +0 -47
- data/lib/puppet/ssl/ssl_provider.rb +2 -2
- data/lib/puppet/ssl/state_machine.rb +16 -17
- data/lib/puppet/ssl/validator/default_validator.rb +4 -4
- data/lib/puppet/ssl/verifier.rb +1 -1
- data/lib/puppet/transaction/event_manager.rb +1 -5
- data/lib/puppet/util/connection.rb +15 -8
- data/lib/puppet/util/monkey_patches.rb +20 -1
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +135 -68
- data/man/man5/puppet.conf.5 +9 -9
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/agent/logging_spec.rb +5 -7
- data/spec/integration/application/apply_spec.rb +18 -16
- data/spec/integration/application/doc_spec.rb +1 -2
- data/spec/integration/application/lookup_spec.rb +5 -5
- data/spec/integration/configurer_spec.rb +5 -6
- data/spec/integration/defaults_spec.rb +5 -6
- data/spec/integration/directory_environments_spec.rb +1 -1
- data/spec/integration/faces/config_spec.rb +3 -4
- data/spec/integration/faces/documentation_spec.rb +0 -1
- data/spec/integration/faces/plugin_spec.rb +1 -1
- data/spec/integration/file_bucket/file_spec.rb +2 -4
- data/spec/integration/file_serving/content_spec.rb +0 -1
- data/spec/integration/file_serving/fileset_spec.rb +0 -1
- data/spec/integration/file_serving/metadata_spec.rb +0 -1
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -1
- data/spec/integration/indirector/catalog/compiler_spec.rb +10 -11
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +4 -5
- data/spec/integration/indirector/file_content/file_server_spec.rb +7 -8
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +7 -8
- data/spec/integration/network/authconfig_spec.rb +23 -24
- data/spec/integration/network/formats_spec.rb +0 -1
- data/spec/integration/network/http_pool_spec.rb +3 -3
- data/spec/integration/node/environment_spec.rb +0 -1
- data/spec/integration/node/facts_spec.rb +9 -10
- data/spec/integration/node_spec.rb +6 -7
- data/spec/integration/parser/catalog_spec.rb +1 -5
- data/spec/integration/parser/collection_spec.rb +1 -2
- data/spec/integration/parser/compiler_spec.rb +6 -6
- data/spec/integration/parser/scope_spec.rb +1 -1
- data/spec/integration/parser/undef_param_spec.rb +1 -1
- data/spec/integration/provider/service/init_spec.rb +4 -5
- data/spec/integration/provider/service/systemd_spec.rb +0 -2
- data/spec/integration/provider/service/windows_spec.rb +1 -2
- data/spec/integration/reference/providers_spec.rb +1 -2
- data/spec/integration/reports_spec.rb +1 -2
- data/spec/integration/resource/catalog_spec.rb +14 -17
- data/spec/integration/resource/type_collection_spec.rb +4 -5
- data/spec/integration/rest/client_spec.rb +1 -1
- data/spec/integration/ssl/certificate_request_spec.rb +0 -1
- data/spec/integration/ssl/host_spec.rb +1 -2
- data/spec/integration/ssl/key_spec.rb +0 -1
- data/spec/integration/test/test_helper_spec.rb +0 -1
- data/spec/integration/transaction/report_spec.rb +6 -11
- data/spec/integration/transaction_spec.rb +18 -19
- data/spec/integration/type/exec_spec.rb +0 -1
- data/spec/integration/type/file_spec.rb +13 -14
- data/spec/integration/type/package_spec.rb +19 -23
- data/spec/integration/type/tidy_spec.rb +1 -2
- data/spec/integration/type_spec.rb +0 -1
- data/spec/integration/util/autoload_spec.rb +1 -2
- data/spec/integration/util/rdoc/parser_spec.rb +0 -1
- data/spec/integration/util/settings_spec.rb +0 -1
- data/spec/integration/util/windows/adsi_spec.rb +3 -5
- data/spec/integration/util/windows/principal_spec.rb +0 -1
- data/spec/integration/util/windows/process_spec.rb +4 -6
- data/spec/integration/util/windows/registry_spec.rb +41 -51
- data/spec/integration/util/windows/security_spec.rb +2 -4
- data/spec/integration/util/windows/user_spec.rb +18 -20
- data/spec/integration/util_spec.rb +4 -7
- data/spec/lib/puppet_spec/compiler.rb +1 -1
- data/spec/lib/puppet_spec/files.rb +0 -1
- data/spec/lib/puppet_spec/module_tool/shared_functions.rb +1 -1
- data/spec/lib/puppet_spec/scope.rb +1 -2
- data/spec/shared_behaviours/all_parsedfile_providers.rb +1 -1
- data/spec/shared_behaviours/file_server_terminus.rb +8 -9
- data/spec/shared_behaviours/file_serving.rb +6 -8
- data/spec/shared_behaviours/file_serving_model.rb +3 -5
- data/spec/shared_behaviours/hiera_indirections.rb +3 -4
- data/spec/shared_behaviours/iterative_functions.rb +0 -1
- data/spec/shared_behaviours/memory_terminus.rb +2 -2
- data/spec/shared_examples/rhel_package_provider.rb +112 -70
- data/spec/spec_helper.rb +10 -1
- data/spec/unit/agent/disabler_spec.rb +4 -5
- data/spec/unit/agent/locker_spec.rb +12 -13
- data/spec/unit/agent_spec.rb +80 -85
- data/spec/unit/application/agent_spec.rb +88 -94
- data/spec/unit/application/apply_spec.rb +82 -83
- data/spec/unit/application/config_spec.rb +0 -1
- data/spec/unit/application/describe_spec.rb +6 -7
- data/spec/unit/application/device_spec.rb +379 -384
- data/spec/unit/application/doc_spec.rb +44 -46
- data/spec/unit/application/face_base_spec.rb +61 -62
- data/spec/unit/application/facts_spec.rb +3 -4
- data/spec/unit/application/filebucket_spec.rb +66 -74
- data/spec/unit/application/indirection_base_spec.rb +8 -6
- data/spec/unit/application/lookup_spec.rb +26 -26
- data/spec/unit/application/resource_spec.rb +42 -48
- data/spec/unit/application/ssl_spec.rb +9 -9
- data/spec/unit/application_spec.rb +82 -92
- data/spec/unit/capability_spec.rb +6 -6
- data/spec/unit/certificate_factory_spec.rb +3 -5
- data/spec/unit/configurer/downloader_spec.rb +20 -21
- data/spec/unit/configurer/fact_handler_spec.rb +2 -3
- data/spec/unit/configurer/plugin_handler_spec.rb +41 -8
- data/spec/unit/configurer_spec.rb +189 -192
- data/spec/unit/confine/exists_spec.rb +17 -15
- data/spec/unit/confine/false_spec.rb +5 -6
- data/spec/unit/confine/feature_spec.rb +7 -5
- data/spec/unit/confine/true_spec.rb +5 -6
- data/spec/unit/confine/variable_spec.rb +14 -15
- data/spec/unit/confine_collection_spec.rb +28 -29
- data/spec/unit/confine_spec.rb +13 -14
- data/spec/unit/confiner_spec.rb +10 -11
- data/spec/unit/context/trusted_information_spec.rb +1 -1
- data/spec/unit/daemon_spec.rb +35 -36
- data/spec/unit/data_providers/function_data_provider_spec.rb +0 -1
- data/spec/unit/data_providers/hiera_data_provider_spec.rb +0 -1
- data/spec/unit/datatypes_spec.rb +3 -4
- data/spec/unit/defaults_spec.rb +18 -13
- data/spec/unit/environments_spec.rb +7 -7
- data/spec/unit/etc_spec.rb +30 -32
- data/spec/unit/external/pson_spec.rb +0 -1
- data/spec/unit/face/catalog_spec.rb +0 -1
- data/spec/unit/face/config_spec.rb +31 -35
- data/spec/unit/face/epp_face_spec.rb +3 -4
- data/spec/unit/face/facts_spec.rb +5 -6
- data/spec/unit/face/generate_spec.rb +4 -5
- data/spec/unit/face/help_spec.rb +7 -8
- data/spec/unit/face/key_spec.rb +0 -1
- data/spec/unit/face/man_spec.rb +1 -2
- data/spec/unit/face/module/install_spec.rb +3 -5
- data/spec/unit/face/module/list_spec.rb +2 -12
- data/spec/unit/face/module/search_spec.rb +11 -9
- data/spec/unit/face/module/uninstall_spec.rb +4 -8
- data/spec/unit/face/node_spec.rb +23 -24
- data/spec/unit/face/parser_spec.rb +3 -3
- data/spec/unit/face/plugin_spec.rb +36 -9
- data/spec/unit/face/status_spec.rb +0 -1
- data/spec/unit/file_bucket/dipper_spec.rb +24 -20
- data/spec/unit/file_bucket/file_spec.rb +0 -2
- data/spec/unit/file_serving/base_spec.rb +14 -15
- data/spec/unit/file_serving/configuration/parser_spec.rb +27 -28
- data/spec/unit/file_serving/configuration_spec.rb +63 -66
- data/spec/unit/file_serving/content_spec.rb +10 -11
- data/spec/unit/file_serving/fileset_spec.rb +63 -58
- data/spec/unit/file_serving/http_metadata_spec.rb +8 -7
- data/spec/unit/file_serving/metadata_spec.rb +36 -36
- data/spec/unit/file_serving/mount/file_spec.rb +31 -32
- data/spec/unit/file_serving/mount/locales_spec.rb +23 -24
- data/spec/unit/file_serving/mount/modules_spec.rb +14 -15
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +23 -24
- data/spec/unit/file_serving/mount/plugins_spec.rb +23 -24
- data/spec/unit/file_serving/mount/tasks_spec.rb +14 -15
- data/spec/unit/file_serving/mount_spec.rb +0 -1
- data/spec/unit/file_serving/terminus_helper_spec.rb +37 -42
- data/spec/unit/file_serving/terminus_selector_spec.rb +12 -13
- data/spec/unit/file_system/uniquefile_spec.rb +4 -4
- data/spec/unit/file_system_spec.rb +4 -4
- data/spec/unit/forge/errors_spec.rb +1 -1
- data/spec/unit/forge/forge_spec.rb +13 -14
- data/spec/unit/forge/module_release_spec.rb +18 -18
- data/spec/unit/forge/repository_spec.rb +29 -30
- data/spec/unit/forge_spec.rb +15 -11
- data/spec/unit/functions/binary_file_spec.rb +3 -3
- data/spec/unit/functions/contain_spec.rb +0 -2
- data/spec/unit/functions/defined_spec.rb +0 -1
- data/spec/unit/functions/epp_spec.rb +2 -2
- data/spec/unit/functions/find_file_spec.rb +7 -7
- data/spec/unit/functions/include_spec.rb +0 -4
- data/spec/unit/functions/lookup_fixture_spec.rb +0 -1
- data/spec/unit/functions/lookup_spec.rb +1 -2
- data/spec/unit/functions/module_directory_spec.rb +12 -12
- data/spec/unit/functions/require_spec.rb +0 -3
- data/spec/unit/functions/shared.rb +5 -8
- data/spec/unit/functions/versioncmp_spec.rb +1 -2
- data/spec/unit/functions4_spec.rb +9 -10
- data/spec/unit/gettext/config_spec.rb +4 -4
- data/spec/unit/gettext/module_loading_spec.rb +7 -7
- data/spec/unit/graph/rb_tree_map_spec.rb +0 -2
- data/spec/unit/graph/relationship_graph_spec.rb +1 -2
- data/spec/unit/graph/simple_graph_spec.rb +9 -10
- data/spec/unit/hiera_puppet_spec.rb +20 -20
- data/spec/unit/indirector/catalog/compiler_spec.rb +147 -149
- data/spec/unit/indirector/catalog/json_spec.rb +1 -2
- data/spec/unit/indirector/catalog/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +0 -1
- data/spec/unit/indirector/catalog/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/catalog/yaml_spec.rb +0 -1
- data/spec/unit/indirector/certificate/file_spec.rb +0 -1
- data/spec/unit/indirector/certificate/rest_spec.rb +8 -10
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -1
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -1
- data/spec/unit/indirector/direct_file_server_spec.rb +17 -18
- data/spec/unit/indirector/envelope_spec.rb +1 -2
- data/spec/unit/indirector/exec_spec.rb +4 -5
- data/spec/unit/indirector/face_spec.rb +9 -9
- data/spec/unit/indirector/facts/facter_spec.rb +37 -43
- data/spec/unit/indirector/facts/network_device_spec.rb +8 -9
- data/spec/unit/indirector/facts/rest_spec.rb +7 -8
- data/spec/unit/indirector/facts/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/facts/yaml_spec.rb +0 -1
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +3 -4
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +4 -5
- data/spec/unit/indirector/file_content/file_server_spec.rb +0 -1
- data/spec/unit/indirector/file_content/file_spec.rb +0 -1
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_content/selector_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/file_server_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/file_spec.rb +12 -13
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -1
- data/spec/unit/indirector/file_metadata/selector_spec.rb +0 -1
- data/spec/unit/indirector/file_server_spec.rb +87 -87
- data/spec/unit/indirector/indirection_spec.rb +242 -226
- data/spec/unit/indirector/json_spec.rb +7 -9
- data/spec/unit/indirector/key/file_spec.rb +21 -22
- data/spec/unit/indirector/memory_spec.rb +6 -7
- data/spec/unit/indirector/msgpack_spec.rb +7 -9
- data/spec/unit/indirector/node/exec_spec.rb +2 -3
- data/spec/unit/indirector/node/memory_spec.rb +2 -4
- data/spec/unit/indirector/node/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/node/plain_spec.rb +2 -4
- data/spec/unit/indirector/node/rest_spec.rb +0 -1
- data/spec/unit/indirector/node/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/node/yaml_spec.rb +0 -1
- data/spec/unit/indirector/none_spec.rb +5 -5
- data/spec/unit/indirector/plain_spec.rb +7 -8
- data/spec/unit/indirector/report/msgpack_spec.rb +0 -1
- data/spec/unit/indirector/report/processor_spec.rb +21 -22
- data/spec/unit/indirector/report/rest_spec.rb +11 -12
- data/spec/unit/indirector/report/yaml_spec.rb +0 -1
- data/spec/unit/indirector/request_spec.rb +11 -12
- data/spec/unit/indirector/resource/ral_spec.rb +47 -54
- data/spec/unit/indirector/resource/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/rest_spec.rb +113 -110
- data/spec/unit/indirector/ssl_file_spec.rb +64 -65
- data/spec/unit/indirector/status/local_spec.rb +0 -1
- data/spec/unit/indirector/status/rest_spec.rb +0 -1
- data/spec/unit/indirector/store_configs_spec.rb +0 -1
- data/spec/unit/indirector/terminus_spec.rb +27 -27
- data/spec/unit/indirector/yaml_spec.rb +5 -6
- data/spec/unit/indirector_spec.rb +1 -2
- data/spec/unit/info_service_spec.rb +1 -1
- data/spec/unit/interface/action_builder_spec.rb +0 -1
- data/spec/unit/interface/action_manager_spec.rb +0 -1
- data/spec/unit/interface/action_spec.rb +2 -3
- data/spec/unit/interface/documentation_spec.rb +0 -1
- data/spec/unit/interface/face_collection_spec.rb +19 -12
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/man_spec.rb +3 -4
- data/spec/unit/module_spec.rb +46 -51
- data/spec/unit/module_tool/applications/installer_spec.rb +10 -11
- data/spec/unit/module_tool/applications/searcher_spec.rb +3 -3
- data/spec/unit/module_tool/applications/uninstaller_spec.rb +1 -2
- data/spec/unit/module_tool/applications/unpacker_spec.rb +13 -13
- data/spec/unit/module_tool/applications/upgrader_spec.rb +5 -5
- data/spec/unit/module_tool/install_directory_spec.rb +8 -8
- data/spec/unit/module_tool/installed_modules_spec.rb +3 -3
- data/spec/unit/module_tool/tar/gnu_spec.rb +6 -6
- data/spec/unit/module_tool/tar/mini_spec.rb +12 -12
- data/spec/unit/module_tool/tar_spec.rb +12 -13
- data/spec/unit/module_tool_spec.rb +7 -12
- data/spec/unit/network/auth_config_parser_spec.rb +11 -13
- data/spec/unit/network/authconfig_spec.rb +17 -18
- data/spec/unit/network/authorization_spec.rb +4 -5
- data/spec/unit/network/authstore_spec.rb +0 -1
- data/spec/unit/network/format_handler_spec.rb +0 -1
- data/spec/unit/network/format_spec.rb +9 -10
- data/spec/unit/network/format_support_spec.rb +28 -29
- data/spec/unit/network/formats_spec.rb +4 -5
- data/spec/unit/network/http/api/indirected_routes_spec.rb +24 -29
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +2 -2
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +1 -1
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +6 -7
- data/spec/unit/network/http/api_spec.rb +0 -2
- data/spec/unit/network/http/compression_spec.rb +21 -22
- data/spec/unit/network/http/connection_spec.rb +35 -35
- data/spec/unit/network/http/factory_spec.rb +5 -6
- data/spec/unit/network/http/handler_spec.rb +9 -18
- data/spec/unit/network/http/nocache_pool_spec.rb +6 -7
- data/spec/unit/network/http/pool_spec.rb +33 -34
- data/spec/unit/network/http/request_spec.rb +0 -2
- data/spec/unit/network/http/response_spec.rb +11 -13
- data/spec/unit/network/http/route_spec.rb +0 -1
- data/spec/unit/network/http/session_spec.rb +2 -3
- data/spec/unit/network/http/site_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +19 -10
- data/spec/unit/network/http_spec.rb +0 -1
- data/spec/unit/network/resolver_spec.rb +25 -26
- data/spec/unit/network/rights_spec.rb +52 -53
- data/spec/unit/node/environment_spec.rb +14 -15
- data/spec/unit/node/facts_spec.rb +5 -7
- data/spec/unit/node_spec.rb +4 -10
- data/spec/unit/other/selinux_spec.rb +0 -1
- data/spec/unit/parameter/boolean_spec.rb +1 -2
- data/spec/unit/parameter/package_options_spec.rb +1 -2
- data/spec/unit/parameter/path_spec.rb +0 -1
- data/spec/unit/parameter/value_collection_spec.rb +0 -1
- data/spec/unit/parameter/value_spec.rb +0 -1
- data/spec/unit/parameter_spec.rb +9 -9
- data/spec/unit/parser/ast/block_expression_spec.rb +6 -8
- data/spec/unit/parser/ast/leaf_spec.rb +20 -21
- data/spec/unit/parser/compiler_spec.rb +84 -96
- data/spec/unit/parser/environment_compiler_spec.rb +7 -8
- data/spec/unit/parser/files_spec.rb +0 -1
- data/spec/unit/parser/functions/create_resources_spec.rb +1 -1
- data/spec/unit/parser/functions/digest_spec.rb +0 -1
- data/spec/unit/parser/functions/fail_spec.rb +1 -2
- data/spec/unit/parser/functions/file_spec.rb +13 -14
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +5 -6
- data/spec/unit/parser/functions/generate_spec.rb +7 -8
- data/spec/unit/parser/functions/inline_template_spec.rb +0 -1
- data/spec/unit/parser/functions/regsubst_spec.rb +0 -1
- data/spec/unit/parser/functions/scanf_spec.rb +0 -1
- data/spec/unit/parser/functions/shellquote_spec.rb +0 -1
- data/spec/unit/parser/functions/split_spec.rb +0 -1
- data/spec/unit/parser/functions/sprintf_spec.rb +0 -1
- data/spec/unit/parser/functions/tag_spec.rb +1 -2
- data/spec/unit/parser/functions/tagged_spec.rb +2 -3
- data/spec/unit/parser/functions/template_spec.rb +13 -13
- data/spec/unit/parser/functions/versioncmp_spec.rb +1 -2
- data/spec/unit/parser/functions_spec.rb +6 -7
- data/spec/unit/parser/relationship_spec.rb +0 -1
- data/spec/unit/parser/resource_spec.rb +42 -42
- data/spec/unit/parser/scope_spec.rb +39 -35
- data/spec/unit/parser/templatewrapper_spec.rb +11 -12
- data/spec/unit/parser/type_loader_spec.rb +17 -19
- data/spec/unit/pops/adaptable_spec.rb +0 -1
- data/spec/unit/pops/benchmark_spec.rb +0 -1
- data/spec/unit/pops/evaluator/access_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/arithmetic_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/evaluator/collections_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/comparison_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/conditionals_spec.rb +0 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +10 -11
- data/spec/unit/pops/evaluator/logical_ops_spec.rb +0 -1
- data/spec/unit/pops/evaluator/runtime3_converter_spec.rb +0 -1
- data/spec/unit/pops/evaluator/string_interpolation_spec.rb +0 -1
- data/spec/unit/pops/evaluator/variables_spec.rb +0 -1
- data/spec/unit/pops/factory_spec.rb +3 -4
- data/spec/unit/pops/issues_spec.rb +19 -20
- data/spec/unit/pops/loaders/loader_spec.rb +9 -5
- data/spec/unit/pops/loaders/loaders_spec.rb +31 -28
- data/spec/unit/pops/lookup/context_spec.rb +0 -1
- data/spec/unit/pops/lookup/interpolation_spec.rb +2 -3
- data/spec/unit/pops/merge_strategy_spec.rb +0 -1
- data/spec/unit/pops/migration_spec.rb +3 -5
- data/spec/unit/pops/model/model_spec.rb +0 -1
- data/spec/unit/pops/model/pn_transformer_spec.rb +0 -1
- data/spec/unit/pops/parser/locator_spec.rb +3 -6
- data/spec/unit/pops/parser/parse_application_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_calls_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_conditionals_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_containers_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_plan_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_resource_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_site_spec.rb +0 -1
- data/spec/unit/pops/parser/pn_parser_spec.rb +0 -1
- data/spec/unit/pops/pn_spec.rb +0 -1
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -1
- data/spec/unit/pops/serialization/serialization_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/recursion_guard_spec.rb +10 -10
- data/spec/unit/pops/types/ruby_generator_spec.rb +2 -2
- data/spec/unit/pops/types/type_asserter_spec.rb +2 -2
- data/spec/unit/pops/types/type_calculator_spec.rb +30 -30
- data/spec/unit/pops/types/type_parser_spec.rb +13 -13
- data/spec/unit/pops/validator/validator_spec.rb +1 -2
- data/spec/unit/pops/visitor_spec.rb +0 -1
- data/spec/unit/property/boolean_spec.rb +1 -1
- data/spec/unit/property/ensure_spec.rb +0 -1
- data/spec/unit/property/keyvalue_spec.rb +32 -34
- data/spec/unit/property/list_spec.rb +26 -27
- data/spec/unit/property/ordered_list_spec.rb +10 -14
- data/spec/unit/property_spec.rb +42 -43
- data/spec/unit/provider/aix_object_spec.rb +47 -45
- data/spec/unit/provider/command_spec.rb +9 -9
- data/spec/unit/provider/exec/posix_spec.rb +8 -9
- data/spec/unit/provider/exec/shell_spec.rb +0 -1
- data/spec/unit/provider/exec/windows_spec.rb +2 -4
- data/spec/unit/provider/exec_spec.rb +0 -1
- data/spec/unit/provider/file/posix_spec.rb +22 -24
- data/spec/unit/provider/file/windows_spec.rb +15 -17
- data/spec/unit/provider/group/aix_spec.rb +3 -2
- data/spec/unit/provider/group/groupadd_spec.rb +30 -26
- data/spec/unit/provider/group/ldap_spec.rb +18 -18
- data/spec/unit/provider/group/pw_spec.rb +11 -11
- data/spec/unit/provider/group/windows_adsi_spec.rb +54 -54
- data/spec/unit/provider/ldap_spec.rb +61 -62
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +35 -36
- data/spec/unit/provider/nameservice_spec.rb +38 -40
- data/spec/unit/provider/package/aix_spec.rb +15 -15
- data/spec/unit/provider/package/appdmg_spec.rb +13 -13
- data/spec/unit/provider/package/apt_spec.rb +44 -27
- data/spec/unit/provider/package/aptitude_spec.rb +6 -7
- data/spec/unit/provider/package/aptrpm_spec.rb +7 -12
- data/spec/unit/provider/package/base_spec.rb +4 -4
- data/spec/unit/provider/package/dnf_spec.rb +18 -20
- data/spec/unit/provider/package/dpkg_spec.rb +52 -52
- data/spec/unit/provider/package/freebsd_spec.rb +11 -11
- data/spec/unit/provider/package/gem_spec.rb +51 -43
- data/spec/unit/provider/package/hpux_spec.rb +8 -8
- data/spec/unit/provider/package/macports_spec.rb +46 -42
- data/spec/unit/provider/package/nim_spec.rb +30 -39
- data/spec/unit/provider/package/openbsd_spec.rb +36 -39
- data/spec/unit/provider/package/opkg_spec.rb +23 -26
- data/spec/unit/provider/package/pacman_spec.rb +97 -118
- data/spec/unit/provider/package/pip_spec.rb +71 -72
- data/spec/unit/provider/package/pkg_spec.rb +113 -114
- data/spec/unit/provider/package/pkgdmg_spec.rb +65 -63
- data/spec/unit/provider/package/pkgin_spec.rb +10 -8
- data/spec/unit/provider/package/pkgng_spec.rb +21 -22
- data/spec/unit/provider/package/pkgutil_spec.rb +45 -49
- data/spec/unit/provider/package/portage_spec.rb +71 -75
- data/spec/unit/provider/package/puppet_gem_spec.rb +28 -8
- data/spec/unit/provider/package/rpm_spec.rb +53 -64
- data/spec/unit/provider/package/sun_spec.rb +16 -18
- data/spec/unit/provider/package/tdnf_spec.rb +2 -2
- data/spec/unit/provider/package/up2date_spec.rb +2 -4
- data/spec/unit/provider/package/urpmi_spec.rb +15 -17
- data/spec/unit/provider/package/windows/exe_package_spec.rb +12 -15
- data/spec/unit/provider/package/windows/msi_package_spec.rb +19 -22
- data/spec/unit/provider/package/windows/package_spec.rb +37 -42
- data/spec/unit/provider/package/windows_spec.rb +36 -32
- data/spec/unit/provider/package/yum_spec.rb +7 -7
- data/spec/unit/provider/package/zypper_spec.rb +87 -87
- data/spec/unit/provider/parsedfile_spec.rb +44 -45
- data/spec/unit/provider/service/base_spec.rb +4 -5
- data/spec/unit/provider/service/bsd_spec.rb +27 -29
- data/spec/unit/provider/service/daemontools_spec.rb +35 -35
- data/spec/unit/provider/service/debian_spec.rb +38 -38
- data/spec/unit/provider/service/freebsd_spec.rb +18 -18
- data/spec/unit/provider/service/gentoo_spec.rb +50 -55
- data/spec/unit/provider/service/init_spec.rb +53 -52
- data/spec/unit/provider/service/launchd_spec.rb +138 -116
- data/spec/unit/provider/service/openbsd_spec.rb +50 -50
- data/spec/unit/provider/service/openrc_spec.rb +43 -45
- data/spec/unit/provider/service/openwrt_spec.rb +26 -31
- data/spec/unit/provider/service/rcng_spec.rb +14 -14
- data/spec/unit/provider/service/redhat_spec.rb +45 -43
- data/spec/unit/provider/service/runit_spec.rb +29 -27
- data/spec/unit/provider/service/smf_spec.rb +74 -66
- data/spec/unit/provider/service/src_spec.rb +46 -47
- data/spec/unit/provider/service/systemd_spec.rb +113 -122
- data/spec/unit/provider/service/upstart_spec.rb +74 -71
- data/spec/unit/provider/service/windows_spec.rb +33 -41
- data/spec/unit/provider/user/aix_spec.rb +31 -31
- data/spec/unit/provider/user/directoryservice_spec.rb +109 -114
- data/spec/unit/provider/user/hpux_spec.rb +16 -16
- data/spec/unit/provider/user/ldap_spec.rb +57 -57
- data/spec/unit/provider/user/openbsd_spec.rb +10 -12
- data/spec/unit/provider/user/pw_spec.rb +37 -35
- data/spec/unit/provider/user/user_role_add_spec.rb +93 -93
- data/spec/unit/provider/user/useradd_spec.rb +93 -92
- data/spec/unit/provider/user/windows_adsi_spec.rb +59 -60
- data/spec/unit/provider_spec.rb +35 -35
- data/spec/unit/puppet_pal_2pec.rb +4 -5
- data/spec/unit/puppet_pal_spec.rb +0 -1
- data/spec/unit/puppet_spec.rb +6 -7
- data/spec/unit/relationship_spec.rb +0 -1
- data/spec/unit/reports/http_spec.rb +22 -24
- data/spec/unit/reports/store_spec.rb +3 -4
- data/spec/unit/reports_spec.rb +12 -14
- data/spec/unit/resource/capability_finder_spec.rb +15 -17
- data/spec/unit/resource/catalog_spec.rb +72 -68
- data/spec/unit/resource/status_spec.rb +6 -8
- data/spec/unit/resource/type_collection_spec.rb +17 -18
- data/spec/unit/resource/type_spec.rb +34 -35
- data/spec/unit/resource_spec.rb +36 -32
- data/spec/unit/rest/client_spec.rb +56 -25
- data/spec/unit/rest/route_spec.rb +5 -5
- data/spec/unit/scheduler/job_spec.rb +0 -1
- data/spec/unit/scheduler/scheduler_spec.rb +0 -1
- data/spec/unit/scheduler/splay_job_spec.rb +1 -2
- data/spec/unit/settings/array_setting_spec.rb +1 -1
- data/spec/unit/settings/autosign_setting_spec.rb +9 -9
- data/spec/unit/settings/certificate_revocation_setting_spec.rb +1 -1
- data/spec/unit/settings/config_file_spec.rb +0 -1
- data/spec/unit/settings/directory_setting_spec.rb +2 -7
- data/spec/unit/settings/duration_setting_spec.rb +1 -2
- data/spec/unit/settings/enum_setting_spec.rb +1 -1
- data/spec/unit/settings/environment_conf_spec.rb +4 -6
- data/spec/unit/settings/file_setting_spec.rb +44 -46
- data/spec/unit/settings/path_setting_spec.rb +1 -2
- data/spec/unit/settings/priority_setting_spec.rb +1 -2
- data/spec/unit/settings/string_setting_spec.rb +14 -15
- data/spec/unit/settings/terminus_setting_spec.rb +1 -2
- data/spec/unit/settings/value_translator_spec.rb +0 -1
- data/spec/unit/settings_spec.rb +228 -235
- data/spec/unit/ssl/base_spec.rb +14 -15
- data/spec/unit/ssl/certificate_request_spec.rb +62 -58
- data/spec/unit/ssl/certificate_spec.rb +23 -25
- data/spec/unit/ssl/digest_spec.rb +0 -1
- data/spec/unit/ssl/host_spec.rb +147 -130
- data/spec/unit/ssl/key_spec.rb +30 -31
- data/spec/unit/ssl/ssl_provider_spec.rb +24 -24
- data/spec/unit/ssl/state_machine_spec.rb +50 -58
- data/spec/unit/ssl/validator_spec.rb +43 -54
- data/spec/unit/ssl/verifier_spec.rb +10 -10
- data/spec/unit/task_spec.rb +44 -45
- data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -5
- data/spec/unit/transaction/event_manager_spec.rb +87 -88
- data/spec/unit/transaction/event_spec.rb +16 -15
- data/spec/unit/transaction/persistence_spec.rb +16 -17
- data/spec/unit/transaction/report_spec.rb +11 -12
- data/spec/unit/transaction/resource_harness_spec.rb +28 -33
- data/spec/unit/transaction_spec.rb +100 -101
- data/spec/unit/type/component_spec.rb +0 -1
- data/spec/unit/type/exec_spec.rb +60 -56
- data/spec/unit/type/file/checksum_spec.rb +9 -10
- data/spec/unit/type/file/checksum_value_spec.rb +31 -32
- data/spec/unit/type/file/content_spec.rb +58 -61
- data/spec/unit/type/file/ctime_spec.rb +0 -1
- data/spec/unit/type/file/ensure_spec.rb +12 -13
- data/spec/unit/type/file/group_spec.rb +5 -7
- data/spec/unit/type/file/mode_spec.rb +4 -6
- data/spec/unit/type/file/mtime_spec.rb +0 -1
- data/spec/unit/type/file/owner_spec.rb +6 -8
- data/spec/unit/type/file/selinux_spec.rb +17 -19
- data/spec/unit/type/file/source_spec.rb +104 -101
- data/spec/unit/type/file/type_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +195 -185
- data/spec/unit/type/filebucket_spec.rb +4 -5
- data/spec/unit/type/group_spec.rb +6 -8
- data/spec/unit/type/noop_metaparam_spec.rb +1 -2
- data/spec/unit/type/package/package_settings_spec.rb +44 -23
- data/spec/unit/type/package_spec.rb +56 -57
- data/spec/unit/type/resources_spec.rb +72 -74
- data/spec/unit/type/schedule_spec.rb +24 -26
- data/spec/unit/type/service_spec.rb +49 -49
- data/spec/unit/type/stage_spec.rb +0 -1
- data/spec/unit/type/tidy_spec.rb +61 -62
- data/spec/unit/type/user_spec.rb +24 -25
- data/spec/unit/type/whit_spec.rb +0 -1
- data/spec/unit/type_spec.rb +55 -54
- data/spec/unit/util/at_fork_spec.rb +18 -19
- data/spec/unit/util/autoload_spec.rb +55 -56
- data/spec/unit/util/backups_spec.rb +34 -35
- data/spec/unit/util/character_encoding_spec.rb +5 -5
- data/spec/unit/util/checksums_spec.rb +38 -39
- data/spec/unit/util/colors_spec.rb +1 -2
- data/spec/unit/util/command_line_spec.rb +24 -25
- data/spec/unit/util/constant_inflector_spec.rb +0 -1
- data/spec/unit/util/diff_spec.rb +7 -8
- data/spec/unit/util/errors_spec.rb +0 -1
- data/spec/unit/util/execution_spec.rb +185 -161
- data/spec/unit/util/execution_stub_spec.rb +0 -1
- data/spec/unit/util/feature_spec.rb +23 -14
- data/spec/unit/util/filetype_spec.rb +49 -49
- data/spec/unit/util/http_proxy_spec.rb +12 -12
- data/spec/unit/util/inifile_spec.rb +26 -31
- data/spec/unit/util/json_lockfile_spec.rb +3 -5
- data/spec/unit/util/ldap/connection_spec.rb +26 -25
- data/spec/unit/util/ldap/generator_spec.rb +0 -1
- data/spec/unit/util/ldap/manager_spec.rb +102 -101
- data/spec/unit/util/lockfile_spec.rb +0 -1
- data/spec/unit/util/log/destinations_spec.rb +30 -33
- data/spec/unit/util/log_spec.rb +35 -36
- data/spec/unit/util/logging_spec.rb +58 -72
- data/spec/unit/util/metric_spec.rb +0 -1
- data/spec/unit/util/monkey_patches_spec.rb +7 -9
- data/spec/unit/util/multi_match_spec.rb +0 -1
- data/spec/unit/util/network_device/config_spec.rb +0 -1
- data/spec/unit/util/network_device/transport/base_spec.rb +5 -6
- data/spec/unit/util/network_device_spec.rb +7 -9
- data/spec/unit/util/package_spec.rb +0 -1
- data/spec/unit/util/pidlock_spec.rb +21 -22
- data/spec/unit/util/plist_spec.rb +40 -33
- data/spec/unit/util/posix_spec.rb +54 -51
- data/spec/unit/util/rdoc_spec.rb +9 -10
- data/spec/unit/util/reference_spec.rb +0 -1
- data/spec/unit/util/resource_template_spec.rb +20 -20
- data/spec/unit/util/retry_action_spec.rb +7 -8
- data/spec/unit/util/rubygems_spec.rb +7 -8
- data/spec/unit/util/run_mode_spec.rb +3 -4
- data/spec/unit/util/selinux_spec.rb +79 -72
- data/spec/unit/util/splayer_spec.rb +8 -9
- data/spec/unit/util/ssl_spec.rb +0 -1
- data/spec/unit/util/storage_spec.rb +3 -4
- data/spec/unit/util/suidmanager_spec.rb +45 -54
- data/spec/unit/util/symbolic_file_mode_spec.rb +0 -1
- data/spec/unit/util/tag_set_spec.rb +0 -1
- data/spec/unit/util/tagging_spec.rb +0 -1
- data/spec/unit/util/terminal_spec.rb +9 -10
- data/spec/unit/util/user_attr_spec.rb +1 -2
- data/spec/unit/util/warnings_spec.rb +3 -4
- data/spec/unit/util/watcher/periodic_watcher_spec.rb +2 -2
- data/spec/unit/util/watcher_spec.rb +51 -21
- data/spec/unit/util/windows/access_control_entry_spec.rb +0 -1
- data/spec/unit/util/windows/access_control_list_spec.rb +0 -1
- data/spec/unit/util/windows/adsi_spec.rb +136 -138
- data/spec/unit/util/windows/api_types_spec.rb +0 -1
- data/spec/unit/util/windows/eventlog_spec.rb +9 -12
- data/spec/unit/util/windows/file_spec.rb +0 -1
- data/spec/unit/util/windows/root_certs_spec.rb +1 -2
- data/spec/unit/util/windows/security_descriptor_spec.rb +0 -2
- data/spec/unit/util/windows/service_spec.rb +66 -68
- data/spec/unit/util/windows/sid_spec.rb +11 -13
- data/spec/unit/util/windows/string_spec.rb +0 -1
- data/spec/unit/util_spec.rb +55 -57
- data/spec/unit/version_spec.rb +6 -6
- data/spec/unit/x509/cert_provider_spec.rb +14 -14
- data/spec/unit/x509/pem_store_spec.rb +5 -5
- metadata +2 -2
data/spec/unit/ssl/key_spec.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
#! /usr/bin/env ruby
|
2
1
|
require 'spec_helper'
|
3
2
|
|
4
3
|
require 'puppet/ssl/key'
|
@@ -48,36 +47,36 @@ describe Puppet::SSL::Key do
|
|
48
47
|
|
49
48
|
it "should be able to read keys from disk" do
|
50
49
|
path = "/my/path"
|
51
|
-
Puppet::FileSystem.
|
52
|
-
key =
|
53
|
-
OpenSSL::PKey::RSA.
|
50
|
+
expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("my key")
|
51
|
+
key = double('key')
|
52
|
+
expect(OpenSSL::PKey::RSA).to receive(:new).and_return(key)
|
54
53
|
expect(@key.read(path)).to equal(key)
|
55
54
|
expect(@key.content).to equal(key)
|
56
55
|
end
|
57
56
|
|
58
57
|
it "should not try to use the provided password file if the file does not exist" do
|
59
|
-
Puppet::FileSystem.
|
58
|
+
allow(Puppet::FileSystem).to receive(:exist?).and_return(false)
|
60
59
|
@key.password_file = "/path/to/password"
|
61
60
|
|
62
61
|
path = "/my/path"
|
63
62
|
|
64
|
-
Puppet::FileSystem.
|
65
|
-
OpenSSL::PKey::RSA.
|
66
|
-
Puppet::FileSystem.
|
63
|
+
allow(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("my key")
|
64
|
+
expect(OpenSSL::PKey::RSA).to receive(:new).with("my key", nil).and_return(double('key'))
|
65
|
+
expect(Puppet::FileSystem).not_to receive(:read).with("/path/to/password", :encoding => Encoding::BINARY)
|
67
66
|
|
68
67
|
@key.read(path)
|
69
68
|
end
|
70
69
|
|
71
70
|
it "should read the key with the password retrieved from the password file if one is provided" do
|
72
|
-
Puppet::FileSystem.
|
71
|
+
allow(Puppet::FileSystem).to receive(:exist?).and_return(true)
|
73
72
|
@key.password_file = "/path/to/password"
|
74
73
|
|
75
74
|
path = "/my/path"
|
76
|
-
Puppet::FileSystem.
|
77
|
-
Puppet::FileSystem.
|
75
|
+
expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("my key")
|
76
|
+
expect(Puppet::FileSystem).to receive(:read).with("/path/to/password", :encoding => Encoding::BINARY).and_return("my password")
|
78
77
|
|
79
|
-
key =
|
80
|
-
OpenSSL::PKey::RSA.
|
78
|
+
key = double('key')
|
79
|
+
expect(OpenSSL::PKey::RSA).to receive(:new).with("my key", "my password").and_return(key)
|
81
80
|
expect(@key.read(path)).to equal(key)
|
82
81
|
expect(@key.content).to equal(key)
|
83
82
|
end
|
@@ -87,14 +86,14 @@ describe Puppet::SSL::Key do
|
|
87
86
|
end
|
88
87
|
|
89
88
|
it "should convert the key to pem format when converted to a string" do
|
90
|
-
key =
|
89
|
+
key = double('key', :to_pem => "pem")
|
91
90
|
@key.content = key
|
92
91
|
expect(@key.to_s).to eq("pem")
|
93
92
|
end
|
94
93
|
|
95
94
|
it "should have a :to_text method that it delegates to the actual key" do
|
96
|
-
real_key =
|
97
|
-
real_key.
|
95
|
+
real_key = double('key')
|
96
|
+
expect(real_key).to receive(:to_text).and_return("keytext")
|
98
97
|
@key.content = real_key
|
99
98
|
expect(@key.to_text).to eq("keytext")
|
100
99
|
end
|
@@ -104,43 +103,43 @@ describe Puppet::SSL::Key do
|
|
104
103
|
before do
|
105
104
|
@instance = @class.new("test")
|
106
105
|
|
107
|
-
@key =
|
106
|
+
@key = double('key')
|
108
107
|
end
|
109
108
|
|
110
109
|
it "should create an instance of OpenSSL::PKey::RSA" do
|
111
|
-
OpenSSL::PKey::RSA.
|
110
|
+
expect(OpenSSL::PKey::RSA).to receive(:new).and_return(@key)
|
112
111
|
|
113
112
|
@instance.generate
|
114
113
|
end
|
115
114
|
|
116
115
|
it "should create the private key with the keylength specified in the settings" do
|
117
116
|
Puppet[:keylength] = 513
|
118
|
-
OpenSSL::PKey::RSA.
|
117
|
+
expect(OpenSSL::PKey::RSA).to receive(:new).with(513).and_return(@key)
|
119
118
|
|
120
119
|
@instance.generate
|
121
120
|
end
|
122
121
|
|
123
122
|
it "should set the content to the generated key" do
|
124
|
-
OpenSSL::PKey::RSA.
|
123
|
+
allow(OpenSSL::PKey::RSA).to receive(:new).and_return(@key)
|
125
124
|
@instance.generate
|
126
125
|
expect(@instance.content).to equal(@key)
|
127
126
|
end
|
128
127
|
|
129
128
|
it "should return the generated key" do
|
130
|
-
OpenSSL::PKey::RSA.
|
129
|
+
allow(OpenSSL::PKey::RSA).to receive(:new).and_return(@key)
|
131
130
|
expect(@instance.generate).to equal(@key)
|
132
131
|
end
|
133
132
|
|
134
133
|
it "should return the key in pem format" do
|
135
134
|
@instance.generate
|
136
|
-
@instance.content.
|
135
|
+
expect(@instance.content).to receive(:to_pem).and_return("my normal key")
|
137
136
|
expect(@instance.to_s).to eq("my normal key")
|
138
137
|
end
|
139
138
|
|
140
139
|
describe "with a password file set" do
|
141
140
|
it "should return a nil password if the password file does not exist" do
|
142
|
-
Puppet::FileSystem.
|
143
|
-
Puppet::FileSystem.
|
141
|
+
expect(Puppet::FileSystem).to receive(:exist?).with("/path/to/pass").and_return(false)
|
142
|
+
expect(Puppet::FileSystem).not_to receive(:read).with("/path/to/pass", :encoding => Encoding::BINARY)
|
144
143
|
|
145
144
|
@instance.password_file = "/path/to/pass"
|
146
145
|
|
@@ -148,8 +147,8 @@ describe Puppet::SSL::Key do
|
|
148
147
|
end
|
149
148
|
|
150
149
|
it "should return the contents of the password file as its password" do
|
151
|
-
Puppet::FileSystem.
|
152
|
-
Puppet::FileSystem.
|
150
|
+
expect(Puppet::FileSystem).to receive(:exist?).with("/path/to/pass").and_return(true)
|
151
|
+
expect(Puppet::FileSystem).to receive(:read).with("/path/to/pass", :encoding => Encoding::BINARY).and_return("my password")
|
153
152
|
|
154
153
|
@instance.password_file = "/path/to/pass"
|
155
154
|
|
@@ -158,14 +157,14 @@ describe Puppet::SSL::Key do
|
|
158
157
|
|
159
158
|
it "should export the private key to text using the password" do
|
160
159
|
@instance.password_file = "/path/to/pass"
|
161
|
-
@instance.
|
160
|
+
allow(@instance).to receive(:password).and_return("my password")
|
162
161
|
|
163
|
-
OpenSSL::PKey::RSA.
|
162
|
+
expect(OpenSSL::PKey::RSA).to receive(:new).and_return(@key)
|
164
163
|
@instance.generate
|
165
164
|
|
166
|
-
cipher =
|
167
|
-
OpenSSL::Cipher::DES.
|
168
|
-
@key.
|
165
|
+
cipher = double('cipher')
|
166
|
+
expect(OpenSSL::Cipher::DES).to receive(:new).with(:EDE3, :CBC).and_return(cipher)
|
167
|
+
expect(@key).to receive(:export).with(cipher, "my password").and_return("my encrypted key")
|
169
168
|
|
170
169
|
expect(@instance.to_s).to eq("my encrypted key")
|
171
170
|
end
|
@@ -151,8 +151,8 @@ describe Puppet::SSL::SSLProvider do
|
|
151
151
|
it 'resolves the client chain from leaf to root' do
|
152
152
|
sslctx = subject.create_context(config)
|
153
153
|
expect(
|
154
|
-
sslctx.client_chain.map(&:subject).map(&:
|
155
|
-
).to eq(['
|
154
|
+
sslctx.client_chain.map(&:subject).map(&:to_utf8)
|
155
|
+
).to eq(['CN=signed', 'CN=Test CA Subauthority', 'CN=Test CA'])
|
156
156
|
end
|
157
157
|
|
158
158
|
it 'raises if client cert signature is invalid' do
|
@@ -160,21 +160,21 @@ describe Puppet::SSL::SSLProvider do
|
|
160
160
|
expect {
|
161
161
|
subject.create_context(config.merge(client_cert: client_cert))
|
162
162
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
163
|
-
"Invalid signature for certificate '
|
163
|
+
"Invalid signature for certificate 'CN=signed'")
|
164
164
|
end
|
165
165
|
|
166
166
|
it 'raises if client cert and private key are mismatched' do
|
167
167
|
expect {
|
168
168
|
subject.create_context(config.merge(private_key: wrong_key))
|
169
169
|
}.to raise_error(Puppet::SSL::SSLError,
|
170
|
-
"The certificate for '
|
170
|
+
"The certificate for 'CN=signed' does not match its private key")
|
171
171
|
end
|
172
172
|
|
173
173
|
it "raises if client cert's public key has been replaced" do
|
174
174
|
expect {
|
175
175
|
subject.create_context(config.merge(client_cert: cert_fixture('tampered-cert.pem')))
|
176
176
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
177
|
-
"Invalid signature for certificate '
|
177
|
+
"Invalid signature for certificate 'CN=signed'")
|
178
178
|
end
|
179
179
|
|
180
180
|
# This option is only available in openssl 1.1
|
@@ -185,7 +185,7 @@ describe Puppet::SSL::SSLProvider do
|
|
185
185
|
expect {
|
186
186
|
subject.create_context(config.merge(cacerts: global_cacerts))
|
187
187
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
188
|
-
"Invalid signature for certificate '
|
188
|
+
"Invalid signature for certificate 'CN=Test CA'")
|
189
189
|
end
|
190
190
|
|
191
191
|
it 'raises if intermediate CA signature is invalid' do
|
@@ -195,7 +195,7 @@ describe Puppet::SSL::SSLProvider do
|
|
195
195
|
expect {
|
196
196
|
subject.create_context(config.merge(cacerts: global_cacerts))
|
197
197
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
198
|
-
"Invalid signature for certificate '
|
198
|
+
"Invalid signature for certificate 'CN=Test CA Subauthority'")
|
199
199
|
end
|
200
200
|
|
201
201
|
it 'raises if CRL signature for root CA is invalid', unless: Puppet::Util::Platform.jruby? do
|
@@ -205,7 +205,7 @@ describe Puppet::SSL::SSLProvider do
|
|
205
205
|
expect {
|
206
206
|
subject.create_context(config.merge(crls: global_crls))
|
207
207
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
208
|
-
"Invalid signature for CRL issued by '
|
208
|
+
"Invalid signature for CRL issued by 'CN=Test CA'")
|
209
209
|
end
|
210
210
|
|
211
211
|
it 'raises if CRL signature for intermediate CA is invalid', unless: Puppet::Util::Platform.jruby? do
|
@@ -215,18 +215,18 @@ describe Puppet::SSL::SSLProvider do
|
|
215
215
|
expect {
|
216
216
|
subject.create_context(config.merge(crls: global_crls))
|
217
217
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
218
|
-
"Invalid signature for CRL issued by '
|
218
|
+
"Invalid signature for CRL issued by 'CN=Test CA Subauthority'")
|
219
219
|
end
|
220
220
|
|
221
221
|
it 'raises if client cert is revoked' do
|
222
222
|
expect {
|
223
223
|
subject.create_context(config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
|
224
224
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
225
|
-
"Certificate '
|
225
|
+
"Certificate 'CN=revoked' is revoked")
|
226
226
|
end
|
227
227
|
|
228
228
|
it 'warns if intermediate issuer is missing' do
|
229
|
-
Puppet.
|
229
|
+
expect(Puppet).to receive(:warning).with("The issuer 'CN=Test CA Subauthority' of certificate 'CN=signed' cannot be found locally")
|
230
230
|
|
231
231
|
subject.create_context(config.merge(cacerts: [cert_fixture('ca.pem')]))
|
232
232
|
end
|
@@ -235,7 +235,7 @@ describe Puppet::SSL::SSLProvider do
|
|
235
235
|
expect {
|
236
236
|
subject.create_context(config.merge(cacerts: [cert_fixture('intermediate.pem')]))
|
237
237
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
238
|
-
"The issuer '
|
238
|
+
"The issuer 'CN=Test CA' of certificate 'CN=Test CA Subauthority' is missing")
|
239
239
|
end
|
240
240
|
|
241
241
|
it 'raises if cert is not valid yet', unless: Puppet::Util::Platform.jruby? do
|
@@ -243,7 +243,7 @@ describe Puppet::SSL::SSLProvider do
|
|
243
243
|
expect {
|
244
244
|
subject.create_context(config.merge(client_cert: client_cert))
|
245
245
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
246
|
-
"The certificate '
|
246
|
+
"The certificate 'CN=signed' is not yet valid, verify time is synchronized")
|
247
247
|
end
|
248
248
|
|
249
249
|
it 'raises if cert is expired', unless: Puppet::Util::Platform.jruby? do
|
@@ -251,7 +251,7 @@ describe Puppet::SSL::SSLProvider do
|
|
251
251
|
expect {
|
252
252
|
subject.create_context(config.merge(client_cert: client_cert))
|
253
253
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
254
|
-
"The certificate '
|
254
|
+
"The certificate 'CN=signed' has expired, verify time is synchronized")
|
255
255
|
end
|
256
256
|
|
257
257
|
it 'raises if crl is not valid yet', unless: Puppet::Util::Platform.jruby? do
|
@@ -262,7 +262,7 @@ describe Puppet::SSL::SSLProvider do
|
|
262
262
|
expect {
|
263
263
|
subject.create_context(config.merge(crls: future_crls))
|
264
264
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
265
|
-
"The CRL issued by '
|
265
|
+
"The CRL issued by 'CN=Test CA' is not yet valid, verify time is synchronized")
|
266
266
|
end
|
267
267
|
|
268
268
|
it 'raises if crl is expired', unless: Puppet::Util::Platform.jruby? do
|
@@ -273,7 +273,7 @@ describe Puppet::SSL::SSLProvider do
|
|
273
273
|
expect {
|
274
274
|
subject.create_context(config.merge(crls: past_crls))
|
275
275
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
276
|
-
"The CRL issued by '
|
276
|
+
"The CRL issued by 'CN=Test CA' has expired, verify time is synchronized")
|
277
277
|
end
|
278
278
|
|
279
279
|
it 'raises if the root CRL is missing' do
|
@@ -281,7 +281,7 @@ describe Puppet::SSL::SSLProvider do
|
|
281
281
|
expect {
|
282
282
|
subject.create_context(config.merge(crls: crls, revocation: :chain))
|
283
283
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
284
|
-
"The CRL issued by '
|
284
|
+
"The CRL issued by 'CN=Test CA' is missing")
|
285
285
|
end
|
286
286
|
|
287
287
|
it 'raises if the intermediate CRL is missing' do
|
@@ -289,7 +289,7 @@ describe Puppet::SSL::SSLProvider do
|
|
289
289
|
expect {
|
290
290
|
subject.create_context(config.merge(crls: crls))
|
291
291
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
292
|
-
"The CRL issued by '
|
292
|
+
"The CRL issued by 'CN=Test CA Subauthority' is missing")
|
293
293
|
end
|
294
294
|
|
295
295
|
it "doesn't raise if the root CRL is missing and we're just checking the leaf" do
|
@@ -313,7 +313,7 @@ describe Puppet::SSL::SSLProvider do
|
|
313
313
|
expect {
|
314
314
|
subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
|
315
315
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
316
|
-
"Certificate '
|
316
|
+
"Certificate 'CN=Test CA' failed verification (24): invalid CA certificate")
|
317
317
|
end
|
318
318
|
|
319
319
|
# OpenSSL < 1.1 does not verify basicConstraints
|
@@ -323,19 +323,19 @@ describe Puppet::SSL::SSLProvider do
|
|
323
323
|
expect {
|
324
324
|
subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
|
325
325
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
326
|
-
"Certificate '
|
326
|
+
"Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate")
|
327
327
|
end
|
328
328
|
|
329
329
|
it 'accepts CA certs in any order' do
|
330
330
|
sslctx = subject.create_context(config.merge(cacerts: global_cacerts.reverse))
|
331
331
|
# certs in ruby+openssl 1.0.x are not comparable, so compare subjects
|
332
|
-
expect(sslctx.client_chain.map(&:subject).map(&:
|
332
|
+
expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
|
333
333
|
end
|
334
334
|
|
335
335
|
it 'accepts CRLs in any order' do
|
336
336
|
sslctx = subject.create_context(config.merge(crls: global_crls.reverse))
|
337
337
|
# certs in ruby+openssl 1.0.x are not comparable, so compare subjects
|
338
|
-
expect(sslctx.client_chain.map(&:subject).map(&:
|
338
|
+
expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
|
339
339
|
end
|
340
340
|
|
341
341
|
it 'raises if the frozen context is modified' do
|
@@ -414,7 +414,7 @@ describe Puppet::SSL::SSLProvider do
|
|
414
414
|
expect {
|
415
415
|
subject.verify_request(csr, wrong_key.public_key)
|
416
416
|
}.to raise_error(Puppet::SSL::SSLError,
|
417
|
-
"The CSR for host '
|
417
|
+
"The CSR for host 'CN=pending' does not match the public key")
|
418
418
|
end
|
419
419
|
|
420
420
|
it "raises if the CSR was tampered with" do
|
@@ -422,7 +422,7 @@ describe Puppet::SSL::SSLProvider do
|
|
422
422
|
expect {
|
423
423
|
subject.verify_request(csr, csr.public_key)
|
424
424
|
}.to raise_error(Puppet::SSL::SSLError,
|
425
|
-
"The CSR for host '
|
425
|
+
"The CSR for host 'CN=signed' does not match the public key")
|
426
426
|
end
|
427
427
|
end
|
428
428
|
end
|
@@ -10,8 +10,8 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
10
10
|
before(:each) do
|
11
11
|
WebMock.disable_net_connect!
|
12
12
|
|
13
|
-
Net::HTTP.
|
14
|
-
Net::HTTP.
|
13
|
+
allow_any_instance_of(Net::HTTP).to receive(:start)
|
14
|
+
allow_any_instance_of(Net::HTTP).to receive(:finish)
|
15
15
|
end
|
16
16
|
|
17
17
|
let(:machine) { described_class.new }
|
@@ -29,14 +29,14 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
29
29
|
before(:each) do
|
30
30
|
WebMock.disable_net_connect!
|
31
31
|
|
32
|
-
Net::HTTP.
|
33
|
-
Net::HTTP.
|
32
|
+
allow_any_instance_of(Net::HTTP).to receive(:start)
|
33
|
+
allow_any_instance_of(Net::HTTP).to receive(:finish)
|
34
34
|
end
|
35
35
|
|
36
36
|
context 'when ensuring CA certs and CRLs' do
|
37
37
|
it 'returns an SSLContext with the loaded CA certs and CRLs' do
|
38
|
-
Puppet::X509::CertProvider.
|
39
|
-
Puppet::X509::CertProvider.
|
38
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
|
39
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(crls)
|
40
40
|
|
41
41
|
ssl_context = machine.ensure_ca_certificates
|
42
42
|
|
@@ -48,10 +48,10 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
48
48
|
|
49
49
|
context 'when ensuring a client cert' do
|
50
50
|
it 'returns an SSLContext with the loaded CA certs, CRLs, private key and client cert' do
|
51
|
-
Puppet::X509::CertProvider.
|
52
|
-
Puppet::X509::CertProvider.
|
53
|
-
Puppet::X509::CertProvider.
|
54
|
-
Puppet::X509::CertProvider.
|
51
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
|
52
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(crls)
|
53
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_return(private_key)
|
54
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(client_cert)
|
55
55
|
|
56
56
|
ssl_context = machine.ensure_client_certificate
|
57
57
|
|
@@ -71,20 +71,20 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
71
71
|
end
|
72
72
|
|
73
73
|
it 'transitions to NeedCRLs state' do
|
74
|
-
Puppet::X509::CertProvider.
|
74
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
|
75
75
|
|
76
76
|
expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedCRLs)
|
77
77
|
end
|
78
78
|
|
79
79
|
it 'loads existing CA certs' do
|
80
|
-
Puppet::X509::CertProvider.
|
80
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
|
81
81
|
|
82
82
|
st = state.next_state
|
83
83
|
expect(st.ssl_context[:cacerts]).to eq(cacerts)
|
84
84
|
end
|
85
85
|
|
86
86
|
it 'fetches and saves CA certs' do
|
87
|
-
Puppet::X509::CertProvider.
|
87
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(nil)
|
88
88
|
stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: cacert_pem)
|
89
89
|
|
90
90
|
st = state.next_state
|
@@ -93,11 +93,11 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
93
93
|
end
|
94
94
|
|
95
95
|
it "does not verify the server's cert if there are no local CA certs" do
|
96
|
-
Puppet::X509::CertProvider.
|
96
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(nil)
|
97
97
|
stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: cacert_pem)
|
98
|
-
Puppet::X509::CertProvider.
|
98
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:save_cacerts)
|
99
99
|
|
100
|
-
Net::HTTP.
|
100
|
+
expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
|
101
101
|
|
102
102
|
state.next_state
|
103
103
|
end
|
@@ -119,7 +119,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
119
119
|
end
|
120
120
|
|
121
121
|
it 'raises if CA certs are invalid' do
|
122
|
-
Puppet::X509::CertProvider.
|
122
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(nil)
|
123
123
|
stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: '')
|
124
124
|
|
125
125
|
expect {
|
@@ -148,20 +148,20 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
148
148
|
end
|
149
149
|
|
150
150
|
it 'transitions to NeedKey state' do
|
151
|
-
Puppet::X509::CertProvider.
|
151
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(crls)
|
152
152
|
|
153
153
|
expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedKey)
|
154
154
|
end
|
155
155
|
|
156
156
|
it 'loads existing CRLs' do
|
157
|
-
Puppet::X509::CertProvider.
|
157
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(crls)
|
158
158
|
|
159
159
|
st = state.next_state
|
160
160
|
expect(st.ssl_context[:crls]).to eq(crls)
|
161
161
|
end
|
162
162
|
|
163
163
|
it 'fetches and saves CRLs' do
|
164
|
-
Puppet::X509::CertProvider.
|
164
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(nil)
|
165
165
|
stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_pem)
|
166
166
|
|
167
167
|
st = state.next_state
|
@@ -170,11 +170,11 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
170
170
|
end
|
171
171
|
|
172
172
|
it "verifies the server's certificate when fetching the CRL" do
|
173
|
-
Puppet::X509::CertProvider.
|
173
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(nil)
|
174
174
|
stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_pem)
|
175
|
-
Puppet::X509::CertProvider.
|
175
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:save_crls)
|
176
176
|
|
177
|
-
Net::HTTP.
|
177
|
+
expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
|
178
178
|
|
179
179
|
state.next_state
|
180
180
|
end
|
@@ -196,7 +196,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
196
196
|
end
|
197
197
|
|
198
198
|
it 'raises if CRLs are invalid' do
|
199
|
-
Puppet::X509::CertProvider.
|
199
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(nil)
|
200
200
|
stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: '')
|
201
201
|
|
202
202
|
expect {
|
@@ -218,8 +218,8 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
218
218
|
it 'skips CRL download when revocation is disabled' do
|
219
219
|
Puppet[:certificate_revocation] = false
|
220
220
|
|
221
|
-
Puppet::X509::CertProvider.
|
222
|
-
Puppet::Rest::Routes.
|
221
|
+
expect_any_instance_of(Puppet::X509::CertProvider).not_to receive(:load_crls)
|
222
|
+
expect(Puppet::Rest::Routes).not_to receive(:get_crls)
|
223
223
|
|
224
224
|
state.next_state
|
225
225
|
|
@@ -233,7 +233,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
233
233
|
let(:state) { Puppet::SSL::StateMachine::NeedKey.new(machine, ssl_context) }
|
234
234
|
|
235
235
|
it 'loads an existing private key and passes it to the next state' do
|
236
|
-
Puppet::X509::CertProvider.
|
236
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_return(private_key)
|
237
237
|
|
238
238
|
st = state.next_state
|
239
239
|
expect(st).to be_instance_of(Puppet::SSL::StateMachine::NeedSubmitCSR)
|
@@ -241,25 +241,25 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
241
241
|
end
|
242
242
|
|
243
243
|
it 'loads a matching private key and cert' do
|
244
|
-
Puppet::X509::CertProvider.
|
245
|
-
Puppet::X509::CertProvider.
|
244
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_return(private_key)
|
245
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(client_cert)
|
246
246
|
|
247
247
|
st = state.next_state
|
248
248
|
expect(st).to be_instance_of(Puppet::SSL::StateMachine::Done)
|
249
249
|
end
|
250
250
|
|
251
251
|
it 'raises if the client cert is mismatched' do
|
252
|
-
Puppet::X509::CertProvider.
|
253
|
-
Puppet::X509::CertProvider.
|
252
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_return(private_key)
|
253
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(cert_fixture('tampered-cert.pem'))
|
254
254
|
|
255
255
|
expect {
|
256
256
|
state.next_state
|
257
|
-
}.to raise_error(Puppet::SSL::SSLError, %r{The certificate for '
|
257
|
+
}.to raise_error(Puppet::SSL::SSLError, %r{The certificate for 'CN=signed' does not match its private key})
|
258
258
|
end
|
259
259
|
|
260
260
|
it 'generates a new private key, saves it and passes it to the next state' do
|
261
|
-
Puppet::X509::CertProvider.
|
262
|
-
Puppet::X509::CertProvider.
|
261
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_return(nil)
|
262
|
+
expect_any_instance_of(Puppet::X509::CertProvider).to receive(:save_private_key)
|
263
263
|
|
264
264
|
st = state.next_state
|
265
265
|
expect(st).to be_instance_of(Puppet::SSL::StateMachine::NeedSubmitCSR)
|
@@ -267,7 +267,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
267
267
|
end
|
268
268
|
|
269
269
|
it 'raises an error if it fails to load the key' do
|
270
|
-
Puppet::X509::CertProvider.
|
270
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_raise(OpenSSL::PKey::RSAError)
|
271
271
|
|
272
272
|
expect {
|
273
273
|
state.next_state
|
@@ -286,7 +286,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
286
286
|
end
|
287
287
|
|
288
288
|
before :each do
|
289
|
-
Puppet::X509::CertProvider.
|
289
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:save_request)
|
290
290
|
end
|
291
291
|
|
292
292
|
it 'submits the CSR and transitions to NeedCert' do
|
@@ -298,7 +298,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
298
298
|
it 'saves the CSR and transitions to NeedCert' do
|
299
299
|
stub_request(:put, %r{puppet-ca/v1/certificate_request/#{Puppet[:certname]}}).to_return(status: 200)
|
300
300
|
|
301
|
-
Puppet::X509::CertProvider.
|
301
|
+
expect_any_instance_of(Puppet::X509::CertProvider).to receive(:save_request).with(Puppet[:certname], instance_of(OpenSSL::X509::Request))
|
302
302
|
|
303
303
|
state.next_state
|
304
304
|
end
|
@@ -389,7 +389,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
389
389
|
it "verifies the server's certificate when submitting the CSR" do
|
390
390
|
stub_request(:put, %r{puppet-ca/v1/certificate_request/#{Puppet[:certname]}}).to_return(status: 200)
|
391
391
|
|
392
|
-
Net::HTTP.
|
392
|
+
expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
|
393
393
|
|
394
394
|
state.next_state
|
395
395
|
end
|
@@ -402,8 +402,8 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
402
402
|
let(:state) { Puppet::SSL::StateMachine::NeedCert.new(machine, ssl_context, private_key) }
|
403
403
|
|
404
404
|
it 'transitions to Done if the cert is signed and matches our private key' do
|
405
|
-
Puppet::X509::CertProvider.
|
406
|
-
Puppet::X509::CertProvider.
|
405
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:save_client_cert)
|
406
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:save_request)
|
407
407
|
|
408
408
|
stub_request(:get, %r{puppet-ca/v1/certificate/#{Puppet[:certname]}}).to_return(status: 200, body: client_cert.to_pem)
|
409
409
|
|
@@ -425,10 +425,10 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
425
425
|
|
426
426
|
it "verifies the server's certificate when getting the client cert" do
|
427
427
|
stub_request(:get, %r{puppet-ca/v1/certificate/#{Puppet[:certname]}}).to_return(status: 200, body: client_cert.to_pem)
|
428
|
-
Puppet::X509::CertProvider.
|
429
|
-
Puppet::X509::CertProvider.
|
428
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:save_client_cert)
|
429
|
+
allow_any_instance_of(Puppet::X509::CertProvider).to receive(:save_request)
|
430
430
|
|
431
|
-
Net::HTTP.
|
431
|
+
expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
|
432
432
|
|
433
433
|
state.next_state
|
434
434
|
end
|
@@ -451,7 +451,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
451
451
|
|
452
452
|
state.next_state
|
453
453
|
|
454
|
-
expect(@logs).to include(an_object_having_attributes(message: %r{The certificate for '
|
454
|
+
expect(@logs).to include(an_object_having_attributes(message: %r{The certificate for 'CN=127.0.0.1' does not match its private key}))
|
455
455
|
expect(File).to_not exist(Puppet[:hostcert])
|
456
456
|
end
|
457
457
|
|
@@ -461,7 +461,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
461
461
|
|
462
462
|
state.next_state
|
463
463
|
|
464
|
-
expect(@logs).to include(an_object_having_attributes(message: %r{Certificate '
|
464
|
+
expect(@logs).to include(an_object_having_attributes(message: %r{Certificate 'CN=revoked' is revoked}))
|
465
465
|
expect(File).to_not exist(Puppet[:hostcert])
|
466
466
|
end
|
467
467
|
end
|
@@ -469,31 +469,23 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
469
469
|
context 'in state Wait' do
|
470
470
|
let(:ssl_context) { Puppet::SSL::SSLContext.new(cacerts: cacerts, crls: crls)}
|
471
471
|
|
472
|
-
it 'exits with 1 if only running once' do
|
473
|
-
machine = described_class.new(onetime: true)
|
474
|
-
|
475
|
-
expect {
|
476
|
-
expect {
|
477
|
-
Puppet::SSL::StateMachine::Wait.new(machine, ssl_context).next_state
|
478
|
-
}.to output("Exiting; no certificate found and waitforcert is disabled").to_stdout
|
479
|
-
}.to exit_with(1)
|
480
|
-
end
|
481
|
-
|
482
472
|
it 'exits with 1 if waitforcert is 0' do
|
483
473
|
machine = described_class.new(waitforcert: 0)
|
484
474
|
|
485
475
|
expect {
|
486
476
|
expect {
|
487
477
|
Puppet::SSL::StateMachine::Wait.new(machine, ssl_context).next_state
|
488
|
-
}.to
|
489
|
-
}.to
|
478
|
+
}.to exit_with(1)
|
479
|
+
}.to output(/Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate \(.*\). Exiting now because the waitforcert setting is set to 0./).to_stdout
|
490
480
|
end
|
491
481
|
|
492
482
|
it 'sleeps and transitions to NeedCACerts' do
|
493
483
|
machine = described_class.new(waitforcert: 15)
|
494
484
|
|
495
485
|
state = Puppet::SSL::StateMachine::Wait.new(machine, ssl_context)
|
496
|
-
state.
|
486
|
+
expect(state).to receive(:sleep).with(15)
|
487
|
+
|
488
|
+
expect(Puppet).to receive(:info).with(/Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate \(.*\). Will try again in 15 seconds./)
|
497
489
|
|
498
490
|
expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedCACerts)
|
499
491
|
end
|