summaryrefslogtreecommitdiff
path: root/spec/unit/network/authentication_spec.rb
AgeCommit message (Collapse)AuthorFilesLines
2014-08-14(PUP-3031) Move certification expiration check upChris Price1-0/+4
The http handler code contains a check to see if the expiration date of the client certificate is within a certain window, so that we can log a warning message if it will expire soon. However, the mechanisms for handling this kind of check can really vary depending on what web server you're running in, so it doesn't make sense for this check to occur in a code path that is common to all of the different web servers. This commit simply moves the logic up into the code for the individual web servers so that they will have the ability to adjust the behavior according to their own needs.
2014-01-06(PUP-716) Fix up unit/network specs after FileSystem API changeHenrik Lindberg1-4/+4
2013-11-19(#21869) Fix recursion in cert expiration checkCharlie Sharpsteen1-5/+19
During every authenticated request, the expiration date of the involved certificates is checked. However, if the localhost cert is loaded when the CA cert is not present an authenticated request will be initiated to download the CA cert. This triggers another expiration check for authenticated requests, which loads the localhost cert, which initiates another authenticated request to download the CA cert... and so on until stack space is exhausted. This patch skips the expiration check for the localhost cert if the CA cert is missing.
2013-11-08(#19447) Puppet::FileSystem::File.exist?Ethan J. Brown1-2/+2
- All previous File and FileTest calls to exist? or exists? go through the new FileSystem::File abstraction so that the implementation can later be swapped for a Windows specific one to support symlinks
2012-09-26(Maint) Remove rspec from shebang lineJeff McCune1-1/+1
Without this patch Ruby 1.9 is still complaining loudly about trying to parse the spec files. The previous attempt to clean up this problem in edc3ddf works for Ruby 1.8 but not 1.9. I'd prefer to remove the shebang lines entirely, but doing so will cause encoding errors in Ruby 1.9. This patch strives for a happy middle ground of convincing Ruby it is actually working with Ruby while not confusing it to think it should exec() to rspec. This patch is the result of the following command run against the source tree: find spec -type f -print0 | \ xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
2012-09-06(#7962) Added certificate expiration checks.Steven Lindberg1-0/+86
Warnings are logged both when receiving a request and issuing a request so that both the master and agent logs contain warnings. This increases visibilty since the master logs are looked at more frequently, but also ensures that the warnings make it into agent reports. The new `Puppet::Network::Authentication` module contains the logic for logging the expiration warnings (certificates are part of the authentication process, hence the name). It uses a rate-limited logger so that identical warnings as a result of multiple requests in the same run are not logged. The minimum time between log messages is set to the `runinterval` setting, since it is a good tradeoff between ensuring visibility and noisiness.