| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
I believe most of these predated our clearing the settings before each
test in the central puppet/test/test_helper.rb. And since we then set
some base settings (such as :environment_timeout) in the test_helper,
the effect of a secondary clear in the test itself is to wipe out the
baseline setup test_helper just laid down.
In particular this is a problem with environment_timeout, as it leads to
tests which end up creating environments, getting them cached with the
default 180s timeout, which can leak to subsequent tests and create
unpleasant spec order issues.
|
|
puppet cert revoke <name> was revoking only the first certificate
when the certificate file wasn't present on the system.
This patch makes sure all issued certificate matching a given name
are now revoked.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
|
This changes the API in a new implementation in a file called file_.rb
The intent is that it should replace the implemntation in File,
or perhaps directly in a Puppet::FileSystem class.
|
|
Previously, Puppet::Util::Yaml.load_file returned false when the file
was empty, causing the CSR attributes code to call non-existent methods
on `false`.
In addition, the code assumed that the YAML file contained a Hash, and
attempted to invoke non-existent methods on the loaded object.
This commit passes in a fallback value for the load_file invocation,
so that if the file is empty or contains only whitespace, we still
generate the CSR.
But if the file contains something other than a Hash, e.g. Arrray, then
we raise an exception so we don't generate a CSR with unexpected data.
Tests based on work by Josh Partlow <joshua.partlow@puppetlabs.com>
Paired-with: Adrien Thebo <adrien@puppetlabs.com>
|
|
Certificates generated by the Puppet CA come with a number of standard
extensions, but users may want to create certs with custom extensions
and then retrieve them later. This commit adds a mechanism for adding
extension requests to the CSR from the csr_attributes file and exposes
custom extensions on the signed certificate.
|
|
Previous implementation split out a new autosign_command setting for the
custom policy executable, which required a confusing autosign=false
setting.
This commit removes the autosign_command setting and instead uses the
autosign setting for all modes (true/false, autosign.conf or custom
policy executable). Internally we refactor to distinguish between
autosign.conf or an executable by the executable bit.
We are removing the mode of the autosign setting, because it was
stripping all executables of their executable bit. This only removes
the guarantee that group and other do not have write permissions.
However, these are the default permissions for a regular file on most
systems, so nothing should be lost.
|
|
- All previous File and FileTest calls to exist? or exists? go through
the new FileSystem::File abstraction so that the implementation can
later be swapped for a Windows specific one to support symlinks
|
|
fork() doesn't exist on windows. I had tried to confine the test to not
run there, but did it wrong. This should fix it.
|
|
This removes the autosigning attempt at signing all outstanding CSRs at
the same time, which removes contention between processes that are
submitting CSRs and then autosigning. It also properly locks and updates
the serial number file so that there is no more chance of duplicate
serial numbers.
|
|
This tests shows the case of multiple certificates being requested at
the same time with autosigning enabled. There are multiple different
ways that it fails: duplicate and lost serial numbers, attempts to
remove CSRs that have already been removed, incorrect file locking
|
|
|
|
Without this patch Ruby 1.9 is still complaining loudly about trying to
parse the spec files. The previous attempt to clean up this problem in
edc3ddf works for Ruby 1.8 but not 1.9.
I'd prefer to remove the shebang lines entirely, but doing so will cause
encoding errors in Ruby 1.9. This patch strives for a happy middle
ground of convincing Ruby it is actually working with Ruby while not
confusing it to think it should exec() to rspec.
This patch is the result of the following command run against the source
tree:
find spec -type f -print0 | \
xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
|
|
This adds a verification check when signing a certificate to ensure proof of
possession of the private key used to sign the CSR.
|
|
Without this patch some spec files are using `ruby -S rspec` and others
are using `rspec`.
We should standardize on a single form of the interpreter used for spec
files.
`ruby -S rspec` is the best choice because it correctly informs editors
such as Vim with Syntastic that the file is a Ruby file rather than an
Rspec file.
|
|
Many tests were previously tagged as 'fails_on_windows' and excluded
from Jenkins, because we did not have user, group, etc providers
on Windows. Now that these providers have been implemented, these
tests have been re-enabled (by removing the rspec exclude filter).
|
|
Disable CA related spec tests on Windows, since that functionality is not supported.
Some cert spec tests are still marked as fails_on_windows because
settings attempts to create and apply a catalog corresponding to
ssl/cert related directories. This fails because on Windows
Puppet.features.root? always returns true (which is a separate bug),
and as a result attempts to set the owner and group, which fails because
the provider is not implemented yet on Windows.
Also many of these tests were using Tempfile.new and trying to
system("rm -rf ...") later. I changed these to use
PuppetSpec::Files.tmpdir instead, which automatically cleans up
temporary directories after the tests have run.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 95837e6d3e74648617c308aedc52192bb13fde5a)
|
|
We have removed every usage of cached_attr in which the attribute needs to be
manually expired. Thus, the only meaningful behavior provided by
Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the
cacher to only support that behavior.
Rather than accepting an options hash, of which :ttl is the only available
option, cached_attr now requires a second argument, which is the TTL.
TTLs are now used to compute expirations, which are stored and used for
expiring values. Previously, we stored a timestamp and used it and the TTL to
determine whether the attribute was expired. This had the potentially
undesirable side effect that the lifetime of a cached attribute could be
extended after its insertion by modifying the TTL setting for the cache. Now,
the lifetime of an attribute is determined when it is set, and is thereafter
immutable, aside from deliberately re-setting the expiration for that
particular attribute.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit d198fedf65e472b384666fc9ae3bef487852068a)
Conflicts:
spec/integration/node/facts_spec.rb
spec/unit/node_spec.rb
|
|
Previously, indirections were storing their termini in a cached_attr, so that
they could be easily cleared for tests. Because this provides no value outside
of testing, we instead simply create an attr_reader for termini, and expire
them manually in tests.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit e74090468192697a6a2447dc6fcece3dd09a46f1)
|
|
Allowing the singleton_instance value to be expirable is unnecessary, because
there will never be a need for a different CA instance in the lifetime of a
master. Additionally, the master never expired its cache anyway. This was only
using the cacher so it could be expired for tests, so it can safely be removed.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit fac867c7bdbfbd431b089eb1bfb6eb73230e912c)
|
|
Many spec tests fail on Windows because there are no default
providers implemented for Windows yet. Several others are
failing due to Puppet::Util::Cacher not working correctly,
so for now the tests that are known to fail are marked with
:fails_on_windows => true. To skip these tests, you can run:
rspec --tag ~fails_on_windows spec
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 255c5b4663bd389d2c87a2d39ec350034421a6f0)
Conflicts:
spec/unit/resource/catalog_spec.rb
|
|
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.
This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
We now use a shebang of: #!/usr/bin/env rspec
This enables the direct execution of spec tests again, which was lost earlier
during the transition to more directly using the rspec2 runtime environment.
|
|
rspec2 automatically sets a bunch of load-path stuff we were by hand, so we
can just stop. As a side-effect we can now avoid a whole pile of stupid things
to try and include the spec_helper.rb file...
...and then we can stop protecting spec_helper from evaluating twice, since we
now require it with a consistent name. Yay.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
|
Doing a require to a relative path can cause files to be required more
than once when they're required from different relative paths. If you
expand the path fully, this won't happen. Ruby 1.9 also requires that
you use expand_path when doing these requires.
Paired-with: Jesse Wolfe
|
|
This change replaces calls to <model object>.save with calls to <model
class>.indirection.save(<model object>). This makes the use of the
indirector explicit rather than implicit so that it will be easier to
search for all indirector call sites using grep. This is an
intermediate refactor on the way towards allowing indirector calls to
be explicitly routed to multiple termini.
This patch affects tests only; the next patch will make the
corresponding change to the code.
|
|
Replaced uses of the find, search, destroy, and expire methods on
model classes with direct calls to the indirection objects. This
change affects tests only.
|
|
We already had an internal implementation of which hiding under an assumed
name (Puppet::Util.binary); this commit calls it out of hiding and uses it
consisantly.
|
|
These specs 'use' some settings which create directories belonging
to the 'service' user/group. If the default service group doesn't
exist, these fail. This patch explicitly sets the service group to
the gid of the process, which is known to be accessible by the user.
|
|
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
|
* Replaced 83 occurances of
(.*)" *[+] *([$@]?[\w_0-9.:]+?)(.to_s\b)?(?! *[*(%\w_0-9.:{\[])
with
\1#{\2}"
3 Examples:
The code:
puts "PUPPET " + status + ": " + process + ", " + state
becomes:
puts "PUPPET " + status + ": " + process + ", #{state}"
The code:
puts "PUPPET " + status + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
The code:
}.compact.join( "\n" ) + "\n" + t + "]\n"
becomes:
}.compact.join( "\n" ) + "\n#{t}" + "]\n"
* Replaced 21 occurances of (.*)" *[+] *" with \1
3 Examples:
The code:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}, #{state}"
The code:
puts "PUPPET #{status}" + ": #{process}, #{state}"
becomes:
puts "PUPPET #{status}: #{process}, #{state}"
The code:
res = self.class.name + ": #{@name}" + "\n"
becomes:
res = self.class.name + ": #{@name}\n"
* Don't use string concatenation to split lines unless they would be very long.
Replaced 11 occurances of
(.*)(['"]) *[+]
*(['"])(.*)
with
3 Examples:
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified " +
"Puppet process is running and the state file is no " +
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
The code:
o.separator "Mandatory arguments to long options are mandatory for " +
"short options too."
becomes:
o.separator "Mandatory arguments to long options are mandatory for short options too."
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
"older than specified interval."
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no older than specified interval."
* Replaced no occurances of do (.*?) end with {\1}
* Replaced 1488 occurances of
"([^"\n]*%s[^"\n]*)" *% *(.+?)(?=$| *\b(do|if|while|until|unless|#)\b)
with
20 Examples:
The code:
args[0].split(/\./).map do |s| "dc=%s"%[s] end.join(",")
becomes:
args[0].split(/\./).map do |s| "dc=#{s}" end.join(",")
The code:
puts "%s" % Puppet.version
becomes:
puts "#{Puppet.version}"
The code:
raise "Could not find information for %s" % node
becomes:
raise "Could not find information for #{node}"
The code:
raise Puppet::Error, "Cannot create %s: basedir %s is a file" % [dir, File.join(path)]
becomes:
raise Puppet::Error, "Cannot create #{dir}: basedir #{File.join(path)} is a file"
The code:
Puppet.err "Could not run %s: %s" % [client_class, detail]
becomes:
Puppet.err "Could not run #{client_class}: #{detail}"
The code:
raise "Could not find handler for %s" % arg
becomes:
raise "Could not find handler for #{arg}"
The code:
Puppet.err "Will not start without authorization file %s" % Puppet[:authconfig]
becomes:
Puppet.err "Will not start without authorization file #{Puppet[:authconfig]}"
The code:
raise Puppet::Error, "Could not deserialize catalog from pson: %s" % detail
becomes:
raise Puppet::Error, "Could not deserialize catalog from pson: #{detail}"
The code:
raise "Could not find facts for %s" % Puppet[:certname]
becomes:
raise "Could not find facts for #{Puppet[:certname]}"
The code:
raise ArgumentError, "%s is not readable" % path
becomes:
raise ArgumentError, "#{path} is not readable"
The code:
raise ArgumentError, "Invalid handler %s" % name
becomes:
raise ArgumentError, "Invalid handler #{name}"
The code:
debug "Executing '%s' in zone %s with '%s'" % [command, @resource[:name], str]
becomes:
debug "Executing '#{command}' in zone #{@resource[:name]} with '#{str}'"
The code:
raise Puppet::Error, "unknown cert type '%s'" % hash[:type]
becomes:
raise Puppet::Error, "unknown cert type '#{hash[:type]}'"
The code:
Puppet.info "Creating a new certificate request for %s" % Puppet[:certname]
becomes:
Puppet.info "Creating a new certificate request for #{Puppet[:certname]}"
The code:
"Cannot create alias %s: object already exists" % [name]
becomes:
"Cannot create alias #{name}: object already exists"
The code:
return "replacing from source %s with contents %s" % [metadata.source, metadata.checksum]
becomes:
return "replacing from source #{metadata.source} with contents #{metadata.checksum}"
The code:
it "should have a %s parameter" % param do
becomes:
it "should have a #{param} parameter" do
The code:
describe "when registring '%s' messages" % log do
becomes:
describe "when registring '#{log}' messages" do
The code:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration%stest" % l }
becomes:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration#{l}test" }
The code:
assert_raise(Puppet::Error, "Check '%s' did not fail on false" % check) do
becomes:
assert_raise(Puppet::Error, "Check '#{check}' did not fail on false") do
|
|
* Replaced 36 occurances of [$][?] with $CHILD_STATUS
3 Examples:
The code:
print "%s finished with exit code %s\n" % [host, $?.exitstatus]
becomes:
print "%s finished with exit code %s\n" % [host, $CHILD_STATUS.exitstatus]
The code:
$stderr.puts "Could not find host for PID %s with status %s" % [pid, $?.exitstatus]
becomes:
$stderr.puts "Could not find host for PID %s with status %s" % [pid, $CHILD_STATUS.exitstatus]
The code:
unless $? == 0
becomes:
unless $CHILD_STATUS == 0
* Replaced 3 occurances of [$][$] with $PID
3 Examples:
The code:
Process.kill(:HUP, $$) if restart_requested?
becomes:
Process.kill(:HUP, $PID) if restart_requested?
The code:
if pid == $$
becomes:
if pid == $PID
The code:
host[:name] = "!invalid.hostname.$$$"
becomes:
host[:name] = "!invalid.hostname.$PID$"
* Replaced 7 occurances of [$]& with $MATCH
3 Examples:
The code:
work.slice!(0, $&.length)
becomes:
work.slice!(0, $MATCH.length)
The code:
if $&
becomes:
if $MATCH
The code:
if $&
becomes:
if $MATCH
* Replaced 28 occurances of [$]:(?!:) with $LOAD_PATH
3 Examples:
The code:
sitelibdir = $:.find { |x| x =~ /site_ruby/ }
becomes:
sitelibdir = $LOAD_PATH.find { |x| x =~ /site_ruby/ }
The code:
$:.unshift "lib"
becomes:
$LOAD_PATH.unshift "lib"
The code:
$:.shift
becomes:
$LOAD_PATH.shift
* Replaced 3 occurances of [$]! with $ERROR_INFO
3 Examples:
The code:
$LOG.fatal("Problem reading #{filepath}: #{$!}")
becomes:
$LOG.fatal("Problem reading #{filepath}: #{$ERROR_INFO}")
The code:
$stderr.puts "Couldn't build man pages: " + $!
becomes:
$stderr.puts "Couldn't build man pages: " + $ERROR_INFO
The code:
$stderr.puts $!.message
becomes:
$stderr.puts $ERROR_INFO.message
* Replaced 3 occurances of ^(.*)[$]" with \1$LOADED_FEATURES
3 Examples:
The code:
unless $".index 'racc/parser.rb'
becomes:
unless $LOADED_FEATURES.index 'racc/parser.rb'
The code:
$".push 'racc/parser.rb'
becomes:
$LOADED_FEATURES.push 'racc/parser.rb'
The code:
$".should be_include("tmp/myfile.rb")
becomes:
$LOADED_FEATURES.should be_include("tmp/myfile.rb")
|
|
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
|
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
|
There's a dependency on Puppet::SSL::Host.ca_location
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
|
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
This patch does two things:
* it enhance puppetca to list revoked certificates (prefixed by -)
* it fixes the ca crl verification which was broken
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
|
Tests were failing this patch makes the temporary directory in line with other
integration tests.
|
|
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
This provides a single, global bit for determining whether
a given piece of cached data is still valid.
|
|
Previously, you had to configure whether you wanted the CRL or not,
which resulted in errors all the time when it was configured but
unavailable.
Now, Puppet will always create and try to use it, but you won't
get failures if it's unavailable.
|
|
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
|
|
We can't have the HttpPool class use the Indirector to see
if it has a cert available, because it might be being used to
try to download one, which would cause it to make an http instance,
which would cause it to... Well, you get the idea.
Adding and fixing a few other tests I ran into on the way.
|
|
This requires less setup and configuration on the part of the user.
|
|
responsibilities to the SSL::Host class.
I was previously saving invalid CRLs unless they'd had a revocation
done in them; this commit fixes them so that they're always valid.
Also, I've added to SSL::Host the ability to generate a valid
SSL Store, suitable for validation. This is now used by
Webrick and can be used by the http clients, too.
This should have been two commits, but I'm kind of down the
rabbit hole ATM.
|
|
I realized that it never made sense to have a CA
that didn't know how to initialize itself, so we
now have a singleton method for the CA, and it also
automatically initializes itself.
|
|
Now I just need to get xmlrpc working alongside REST in
both mongrel and webrick.
|
|
It looks like it's not taking the CRL into account, so
I can't seem to actually get a cert to fail verification.
|
|
Certificate revocation now works, the CA knows how
to generate the CRL, and the SSL::Host class knows
how to configure the CRL class for indirection.
|
|
Without this, then you could end up duplicating your CA
key into the normal directory depending on how caching
was set up.
Again, this design aspect isn't the most straightforward,
but at least it's functional now.
|
|
Previously, the class was returning OpenSSL instances
(e.g, OpenSSL::X509::Certificate) instead of Puppet instances
(e.g., Puppet::SSL::Certificate). This made some things
easier, but it made them asymmetric (e.g., you assigned the
key as a Puppet instance but got back an OpenSSL instance), and
it also reduced your flexibility and introspectiveness.
|
