| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
puppet cert revoke <name> was revoking only the first certificate
when the certificate file wasn't present on the system.
This patch makes sure all issued certificate matching a given name
are now revoked.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
|
Certificates generated by the Puppet CA come with a number of standard
extensions, but users may want to create certs with custom extensions
and then retrieve them later. This commit adds a mechanism for adding
extension requests to the CSR from the csr_attributes file and exposes
custom extensions on the signed certificate.
|
|
Previous implementation split out a new autosign_command setting for the
custom policy executable, which required a confusing autosign=false
setting.
This commit removes the autosign_command setting and instead uses the
autosign setting for all modes (true/false, autosign.conf or custom
policy executable). Internally we refactor to distinguish between
autosign.conf or an executable by the executable bit.
We are removing the mode of the autosign setting, because it was
stripping all executables of their executable bit. This only removes
the guarantee that group and other do not have write permissions.
However, these are the default permissions for a regular file on most
systems, so nothing should be lost.
|
|
fork() doesn't exist on windows. I had tried to confine the test to not
run there, but did it wrong. This should fix it.
|
|
This removes the autosigning attempt at signing all outstanding CSRs at
the same time, which removes contention between processes that are
submitting CSRs and then autosigning. It also properly locks and updates
the serial number file so that there is no more chance of duplicate
serial numbers.
|
|
This tests shows the case of multiple certificates being requested at
the same time with autosigning enabled. There are multiple different
ways that it fails: duplicate and lost serial numbers, attempts to
remove CSRs that have already been removed, incorrect file locking
|
|
|
|
Without this patch Ruby 1.9 is still complaining loudly about trying to
parse the spec files. The previous attempt to clean up this problem in
edc3ddf works for Ruby 1.8 but not 1.9.
I'd prefer to remove the shebang lines entirely, but doing so will cause
encoding errors in Ruby 1.9. This patch strives for a happy middle
ground of convincing Ruby it is actually working with Ruby while not
confusing it to think it should exec() to rspec.
This patch is the result of the following command run against the source
tree:
find spec -type f -print0 | \
xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
|
|
This adds a verification check when signing a certificate to ensure proof of
possession of the private key used to sign the CSR.
|
|
Without this patch some spec files are using `ruby -S rspec` and others
are using `rspec`.
We should standardize on a single form of the interpreter used for spec
files.
`ruby -S rspec` is the best choice because it correctly informs editors
such as Vim with Syntastic that the file is a Ruby file rather than an
Rspec file.
|
|
Disable CA related spec tests on Windows, since that functionality is not supported.
Some cert spec tests are still marked as fails_on_windows because
settings attempts to create and apply a catalog corresponding to
ssl/cert related directories. This fails because on Windows
Puppet.features.root? always returns true (which is a separate bug),
and as a result attempts to set the owner and group, which fails because
the provider is not implemented yet on Windows.
Also many of these tests were using Tempfile.new and trying to
system("rm -rf ...") later. I changed these to use
PuppetSpec::Files.tmpdir instead, which automatically cleans up
temporary directories after the tests have run.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 95837e6d3e74648617c308aedc52192bb13fde5a)
|
|
Allowing the singleton_instance value to be expirable is unnecessary, because
there will never be a need for a different CA instance in the lifetime of a
master. Additionally, the master never expired its cache anyway. This was only
using the cacher so it could be expired for tests, so it can safely be removed.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit fac867c7bdbfbd431b089eb1bfb6eb73230e912c)
|
|
Many spec tests fail on Windows because there are no default
providers implemented for Windows yet. Several others are
failing due to Puppet::Util::Cacher not working correctly,
so for now the tests that are known to fail are marked with
:fails_on_windows => true. To skip these tests, you can run:
rspec --tag ~fails_on_windows spec
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 255c5b4663bd389d2c87a2d39ec350034421a6f0)
Conflicts:
spec/unit/resource/catalog_spec.rb
|
|
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.
This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
We now use a shebang of: #!/usr/bin/env rspec
This enables the direct execution of spec tests again, which was lost earlier
during the transition to more directly using the rspec2 runtime environment.
|
|
rspec2 automatically sets a bunch of load-path stuff we were by hand, so we
can just stop. As a side-effect we can now avoid a whole pile of stupid things
to try and include the spec_helper.rb file...
...and then we can stop protecting spec_helper from evaluating twice, since we
now require it with a consistent name. Yay.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
|
Doing a require to a relative path can cause files to be required more
than once when they're required from different relative paths. If you
expand the path fully, this won't happen. Ruby 1.9 also requires that
you use expand_path when doing these requires.
Paired-with: Jesse Wolfe
|
|
Replaced uses of the find, search, destroy, and expire methods on
model classes with direct calls to the indirection objects. This
change affects tests only.
|
|
We already had an internal implementation of which hiding under an assumed
name (Puppet::Util.binary); this commit calls it out of hiding and uses it
consisantly.
|
|
These specs 'use' some settings which create directories belonging
to the 'service' user/group. If the default service group doesn't
exist, these fail. This patch explicitly sets the service group to
the gid of the process, which is known to be accessible by the user.
|
|
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
|
* Replaced 83 occurances of
(.*)" *[+] *([$@]?[\w_0-9.:]+?)(.to_s\b)?(?! *[*(%\w_0-9.:{\[])
with
\1#{\2}"
3 Examples:
The code:
puts "PUPPET " + status + ": " + process + ", " + state
becomes:
puts "PUPPET " + status + ": " + process + ", #{state}"
The code:
puts "PUPPET " + status + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
The code:
}.compact.join( "\n" ) + "\n" + t + "]\n"
becomes:
}.compact.join( "\n" ) + "\n#{t}" + "]\n"
* Replaced 21 occurances of (.*)" *[+] *" with \1
3 Examples:
The code:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}, #{state}"
The code:
puts "PUPPET #{status}" + ": #{process}, #{state}"
becomes:
puts "PUPPET #{status}: #{process}, #{state}"
The code:
res = self.class.name + ": #{@name}" + "\n"
becomes:
res = self.class.name + ": #{@name}\n"
* Don't use string concatenation to split lines unless they would be very long.
Replaced 11 occurances of
(.*)(['"]) *[+]
*(['"])(.*)
with
3 Examples:
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified " +
"Puppet process is running and the state file is no " +
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
The code:
o.separator "Mandatory arguments to long options are mandatory for " +
"short options too."
becomes:
o.separator "Mandatory arguments to long options are mandatory for short options too."
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
"older than specified interval."
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no older than specified interval."
* Replaced no occurances of do (.*?) end with {\1}
* Replaced 1488 occurances of
"([^"\n]*%s[^"\n]*)" *% *(.+?)(?=$| *\b(do|if|while|until|unless|#)\b)
with
20 Examples:
The code:
args[0].split(/\./).map do |s| "dc=%s"%[s] end.join(",")
becomes:
args[0].split(/\./).map do |s| "dc=#{s}" end.join(",")
The code:
puts "%s" % Puppet.version
becomes:
puts "#{Puppet.version}"
The code:
raise "Could not find information for %s" % node
becomes:
raise "Could not find information for #{node}"
The code:
raise Puppet::Error, "Cannot create %s: basedir %s is a file" % [dir, File.join(path)]
becomes:
raise Puppet::Error, "Cannot create #{dir}: basedir #{File.join(path)} is a file"
The code:
Puppet.err "Could not run %s: %s" % [client_class, detail]
becomes:
Puppet.err "Could not run #{client_class}: #{detail}"
The code:
raise "Could not find handler for %s" % arg
becomes:
raise "Could not find handler for #{arg}"
The code:
Puppet.err "Will not start without authorization file %s" % Puppet[:authconfig]
becomes:
Puppet.err "Will not start without authorization file #{Puppet[:authconfig]}"
The code:
raise Puppet::Error, "Could not deserialize catalog from pson: %s" % detail
becomes:
raise Puppet::Error, "Could not deserialize catalog from pson: #{detail}"
The code:
raise "Could not find facts for %s" % Puppet[:certname]
becomes:
raise "Could not find facts for #{Puppet[:certname]}"
The code:
raise ArgumentError, "%s is not readable" % path
becomes:
raise ArgumentError, "#{path} is not readable"
The code:
raise ArgumentError, "Invalid handler %s" % name
becomes:
raise ArgumentError, "Invalid handler #{name}"
The code:
debug "Executing '%s' in zone %s with '%s'" % [command, @resource[:name], str]
becomes:
debug "Executing '#{command}' in zone #{@resource[:name]} with '#{str}'"
The code:
raise Puppet::Error, "unknown cert type '%s'" % hash[:type]
becomes:
raise Puppet::Error, "unknown cert type '#{hash[:type]}'"
The code:
Puppet.info "Creating a new certificate request for %s" % Puppet[:certname]
becomes:
Puppet.info "Creating a new certificate request for #{Puppet[:certname]}"
The code:
"Cannot create alias %s: object already exists" % [name]
becomes:
"Cannot create alias #{name}: object already exists"
The code:
return "replacing from source %s with contents %s" % [metadata.source, metadata.checksum]
becomes:
return "replacing from source #{metadata.source} with contents #{metadata.checksum}"
The code:
it "should have a %s parameter" % param do
becomes:
it "should have a #{param} parameter" do
The code:
describe "when registring '%s' messages" % log do
becomes:
describe "when registring '#{log}' messages" do
The code:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration%stest" % l }
becomes:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration#{l}test" }
The code:
assert_raise(Puppet::Error, "Check '%s' did not fail on false" % check) do
becomes:
assert_raise(Puppet::Error, "Check '#{check}' did not fail on false") do
|
|
* Replaced 36 occurances of [$][?] with $CHILD_STATUS
3 Examples:
The code:
print "%s finished with exit code %s\n" % [host, $?.exitstatus]
becomes:
print "%s finished with exit code %s\n" % [host, $CHILD_STATUS.exitstatus]
The code:
$stderr.puts "Could not find host for PID %s with status %s" % [pid, $?.exitstatus]
becomes:
$stderr.puts "Could not find host for PID %s with status %s" % [pid, $CHILD_STATUS.exitstatus]
The code:
unless $? == 0
becomes:
unless $CHILD_STATUS == 0
* Replaced 3 occurances of [$][$] with $PID
3 Examples:
The code:
Process.kill(:HUP, $$) if restart_requested?
becomes:
Process.kill(:HUP, $PID) if restart_requested?
The code:
if pid == $$
becomes:
if pid == $PID
The code:
host[:name] = "!invalid.hostname.$$$"
becomes:
host[:name] = "!invalid.hostname.$PID$"
* Replaced 7 occurances of [$]& with $MATCH
3 Examples:
The code:
work.slice!(0, $&.length)
becomes:
work.slice!(0, $MATCH.length)
The code:
if $&
becomes:
if $MATCH
The code:
if $&
becomes:
if $MATCH
* Replaced 28 occurances of [$]:(?!:) with $LOAD_PATH
3 Examples:
The code:
sitelibdir = $:.find { |x| x =~ /site_ruby/ }
becomes:
sitelibdir = $LOAD_PATH.find { |x| x =~ /site_ruby/ }
The code:
$:.unshift "lib"
becomes:
$LOAD_PATH.unshift "lib"
The code:
$:.shift
becomes:
$LOAD_PATH.shift
* Replaced 3 occurances of [$]! with $ERROR_INFO
3 Examples:
The code:
$LOG.fatal("Problem reading #{filepath}: #{$!}")
becomes:
$LOG.fatal("Problem reading #{filepath}: #{$ERROR_INFO}")
The code:
$stderr.puts "Couldn't build man pages: " + $!
becomes:
$stderr.puts "Couldn't build man pages: " + $ERROR_INFO
The code:
$stderr.puts $!.message
becomes:
$stderr.puts $ERROR_INFO.message
* Replaced 3 occurances of ^(.*)[$]" with \1$LOADED_FEATURES
3 Examples:
The code:
unless $".index 'racc/parser.rb'
becomes:
unless $LOADED_FEATURES.index 'racc/parser.rb'
The code:
$".push 'racc/parser.rb'
becomes:
$LOADED_FEATURES.push 'racc/parser.rb'
The code:
$".should be_include("tmp/myfile.rb")
becomes:
$LOADED_FEATURES.should be_include("tmp/myfile.rb")
|
|
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
