1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
#! /usr/bin/env ruby
require 'spec_helper'
require 'puppet/network/http_pool'
describe Puppet::Network::HttpPool do
before :each do
Puppet::SSL::Key.indirection.terminus_class = :memory
Puppet::SSL::CertificateRequest.indirection.terminus_class = :memory
end
describe "when managing http instances" do
it "should return an http instance created with the passed host and port" do
http = Puppet::Network::HttpPool.http_instance("me", 54321)
http.should be_an_instance_of Puppet::Network::HTTP::Connection
http.address.should == 'me'
http.port.should == 54321
end
it "should support using an alternate http client implementation" do
begin
class FooClient
def initialize(host, port, options = {})
@host = host
@port = port
end
attr_reader :host, :port
end
orig_class = Puppet::Network::HttpPool.http_client_class
Puppet::Network::HttpPool.http_client_class = FooClient
http = Puppet::Network::HttpPool.http_instance("me", 54321)
http.should be_an_instance_of FooClient
http.host.should == 'me'
http.port.should == 54321
ensure
Puppet::Network::HttpPool.http_client_class = orig_class
end
end
it "should enable ssl on the http instance by default" do
Puppet::Network::HttpPool.http_instance("me", 54321).should be_use_ssl
end
it "can set ssl using an option" do
Puppet::Network::HttpPool.http_instance("me", 54321, false).should_not be_use_ssl
Puppet::Network::HttpPool.http_instance("me", 54321, true).should be_use_ssl
end
describe 'peer verification' do
def setup_standard_ssl_configuration
ca_cert_file = File.expand_path('/path/to/ssl/certs/ca_cert.pem')
Puppet[:ssl_client_ca_auth] = ca_cert_file
Puppet::FileSystem.stubs(:exist?).with(ca_cert_file).returns(true)
end
def setup_standard_hostcert
host_cert_file = File.expand_path('/path/to/ssl/certs/host_cert.pem')
Puppet::FileSystem.stubs(:exist?).with(host_cert_file).returns(true)
Puppet[:hostcert] = host_cert_file
end
def setup_standard_ssl_host
cert = stub('cert', :content => 'real_cert')
key = stub('key', :content => 'real_key')
host = stub('host', :certificate => cert, :key => key, :ssl_store => stub('store'))
Puppet::SSL::Host.stubs(:localhost).returns(host)
end
before do
setup_standard_ssl_configuration
setup_standard_hostcert
setup_standard_ssl_host
end
it 'enables peer verification by default' do
response = Net::HTTPOK.new('1.1', 200, 'body')
conn = Puppet::Network::HttpPool.http_instance("me", 54321, true)
conn.expects(:execute_request).with { |http, request| expect(http.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER) }.returns(response)
conn.get('/')
end
it 'can disable peer verification' do
response = Net::HTTPOK.new('1.1', 200, 'body')
conn = Puppet::Network::HttpPool.http_instance("me", 54321, true, false)
conn.expects(:execute_request).with { |http, request| expect(http.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE) }.returns(response)
conn.get('/')
end
end
it "should not cache http instances" do
Puppet::Network::HttpPool.http_instance("me", 54321).
should_not equal(Puppet::Network::HttpPool.http_instance("me", 54321))
end
end
end
|
