| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This commit does several things, all in order to make authorizing API V2
requests a bit easier:
* Renames /v2 to /v2.0, which was chosen because it doesn't conflict
with a legal environment name in the V1 API.
* Adds route chaining so that a handler can deal with a request
prefixed with /v2.0 and then continue on to another route
* Changes how calls to authorization are handled so that full paths
are checked rather than indirection/key pairs.
* Introduces an authorization step in the /v2.0 request chain. This is
currently limited to only handle GET requests (seen as find in
auth.conf).
|
|
|
|
- All calls to File class stat / lstat go through the new
FileSystem::File abstraction so that the implementation can later
be swapped for a Windows specific one to support symlinks
|
|
certname
Without this patch applied any authenticated client is able to save a
report for any node by default. This is a problem because the
compliance feature of Puppet Enterprise expects reports to be submitted
only from the node the report is associated with.
This patch addresses the problem by restricting the access control rules
in a similar manner to the catalog. With this patch applied, the
default behavior of the Puppet master will only allow reports to be
saved when the node name matches the cert name.
|
|
Without this patch Ruby 1.9 is still complaining loudly about trying to
parse the spec files. The previous attempt to clean up this problem in
edc3ddf works for Ruby 1.8 but not 1.9.
I'd prefer to remove the shebang lines entirely, but doing so will cause
encoding errors in Ruby 1.9. This patch strives for a happy middle
ground of convincing Ruby it is actually working with Ruby while not
confusing it to think it should exec() to rspec.
This patch is the result of the following command run against the source
tree:
find spec -type f -print0 | \
xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
|
|
This pulls parsing and file management out of the AuthConfig class. It
introduces the AuthConfigParser class which is responsible for parsing and
returning a new AuthConfig instance. Reloading the AuthConfig from a changed
auth.conf is pulled out into Puppet::Network::Authorization, which already had
partial responsibility for this.
Paired-with: Jeff McCune <jeff@puppetlabs.com>
|
|
Since the underlying classes have been merged it doesn't make sense to have
separate spec files.
Paired-with: Jeff McCune <jeff@puppetlabs.com>
|
|
There is no longer a meaningful distinction between REST authorization and
XMLRPC authorization. AuthConfig provided a base class for both XMLRPC and
REST. This is a problem because it makes the code difficult to understand in
a world where XMLRPC does not exist. This patch fixes the problem by merging
the behavior of the RestAuthConfig class into the AuthConfig class. The
AuthConfig class is now solely responsible for REST authorization.
Paired-with: Jeff McCune <jeff@puppetlabs.com>
|
|
XMLRPC is no longer used and this was dead code.
Paired-with: Jeff McCune <jeff@puppetlabs.com>
|
|
Many tests set stubs or expectations on configuration values. This is
unnecessary, as settings are reset before each test. Because creating a stub
stubs out the entire value method on settings, stubbing any individual setting
interferes with retrieving any other setting. This makes for weird errors and
fragile tests. This commit changes most cases to just set each setting
directly.
Expectations on settings were often used to verify that a setting is used.
This is not a good way of testing this, since it checks that the value is
accessed but not that it is actually used correctly. Most expecations on
settings are better expressed by changing the setting and then verifying a
returned value.
|
|
Without this patch some spec files are using `ruby -S rspec` and others
are using `rspec`.
We should standardize on a single form of the interpreter used for spec
files.
`ruby -S rspec` is the best choice because it correctly informs editors
such as Vim with Syntastic that the file is a Ruby file rather than an
Rspec file.
|
|
In earlier versions of Ruby, String#each and String#each_line were identical.
In the 1.9 series the former was dropped; this audits the code for places that
should by using `each_line` instead.
This includes some fixes for tests that had very specific stubs around reading
file content, where the expectation - but not the test - was broken by
changing the method we invoke.
It also fixes a stub over `execpipe` that had a different return type to the
actual method, but which happened to work because `each` was defined on both
Array and String in earlier versions.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
Auth.conf, namespaceauth.conf and fileserver.conf were not supporting
trailing inlined comments.
Also this commit fixes some indentation and error management.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
|
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
|
We now use a shebang of: #!/usr/bin/env rspec
This enables the direct execution of spec tests again, which was lost earlier
during the transition to more directly using the rspec2 runtime environment.
|
|
rspec2 automatically sets a bunch of load-path stuff we were by hand, so we
can just stop. As a side-effect we can now avoid a whole pile of stupid things
to try and include the spec_helper.rb file...
...and then we can stop protecting spec_helper from evaluating twice, since we
now require it with a consistent name. Yay.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
|
Ruby 1.9 won't allow to_i to be called on a symbol. It results in the
error:
undefined method `to_i' for :now:Symbol
Reviewed-by: Jesse Wolfe <jesse@puppetlabs.com>
|
|
Doing a require to a relative path can cause files to be required more
than once when they're required from different relative paths. If you
expand the path fully, this won't happen. Ruby 1.9 also requires that
you use expand_path when doing these requires.
Paired-with: Jesse Wolfe
|
|
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
|
Part 2 re-did the change on the spec files, which it shouldn't have.
|
|
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
|
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
