diff --git a/spec/integration/indirector/bucket_file/rest_spec.rb b/spec/integration/indirector/bucket_file/rest_spec.rb index 4d90a8c59..dc10faa67 100644 --- a/spec/integration/indirector/bucket_file/rest_spec.rb +++ b/spec/integration/indirector/bucket_file/rest_spec.rb @@ -1,68 +1,69 @@ #!/usr/bin/env ruby Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } require 'puppet/file_bucket/file' require 'puppet/network/server' require 'puppet/network/http/webrick/rest' describe "Filebucket REST Terminus" do before do Puppet[:masterport] = 34343 Puppet[:server] = "localhost" # Get a safe temporary file @tmpfile = Tempfile.new("webrick_integration_testing") @dir = @tmpfile.path + "_dir" Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" Puppet::Util::Cacher.expire Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' Puppet[:certname] = '127.0.0.1' # Generate the certificate with a local CA Puppet::SSL::Host.ca_location = :local ca = Puppet::SSL::CertificateAuthority.new ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) ca.generate("foo.madstop.com") unless Puppet::SSL::Certificate.find(Puppet[:certname]) @host = Puppet::SSL::Host.new(Puppet[:certname]) @params = { :port => 34343, :handlers => [ :file_bucket_file ] } @server = Puppet::Network::Server.new(@params) @server.listen @old_terminus = Puppet::FileBucket::File.indirection.terminus_class Puppet::FileBucket::File.terminus_class = :rest # LAK:NOTE We need to have a fake model here so that our indirected methods get # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate # return. @file_bucket_file = stub_everything 'file_bucket_file' @mock_model = stub('faked model', :name => "file_bucket_file", :convert_from => @file_bucket_file) Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:check_authorization) end after do Puppet::Network::HttpPool.expire Puppet::SSL::Host.ca_location = :none Puppet.settings.clear @server.unlisten Puppet::FileBucket::File.terminus_class = @old_terminus end it "should be able save a file to the remote filebucket" do @file_bucket_file.expects(:save) file_bucket_file = Puppet::FileBucket::File.new("pouet") file_bucket_file.save end end diff --git a/spec/integration/indirector/certificate/rest_spec.rb b/spec/integration/indirector/certificate/rest_spec.rb index 356a7d316..58aa96c48 100755 --- a/spec/integration/indirector/certificate/rest_spec.rb +++ b/spec/integration/indirector/certificate/rest_spec.rb @@ -1,68 +1,69 @@ #!/usr/bin/env ruby Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } require 'puppet/ssl/certificate' require 'puppet/network/server' require 'puppet/network/http/webrick/rest' describe "Certificate REST Terminus" do before do Puppet[:masterport] = 34343 Puppet[:server] = "localhost" # Get a safe temporary file @tmpfile = Tempfile.new("webrick_integration_testing") @dir = @tmpfile.path + "_dir" Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" Puppet::Util::Cacher.expire Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' Puppet[:certname] = '127.0.0.1' # Generate the certificate with a local CA Puppet::SSL::Host.ca_location = :local ca = Puppet::SSL::CertificateAuthority.new ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) ca.generate("foo.madstop.com") unless Puppet::SSL::Certificate.find(Puppet[:certname]) @host = Puppet::SSL::Host.new(Puppet[:certname]) @params = { :port => 34343, :handlers => [ :certificate ] } @server = Puppet::Network::Server.new(@params) @server.listen # Then switch to a remote CA, so that we go through REST. Puppet::SSL::Host.ca_location = :remote # LAK:NOTE We need to have a fake model here so that our indirected methods get # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate # return. @mock_model = stub('faked model', :name => "certificate") Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:check_authorization).returns(true) end after do Puppet::Network::HttpPool.expire Puppet::SSL::Host.ca_location = :none Puppet.settings.clear @server.unlisten end it "should be able to retrieve a remote certificate" do @mock_model.expects(:find).returns @host.certificate result = Puppet::SSL::Certificate.find('bar') # There's no good '==' method on certs. result.content.to_s.should == @host.certificate.content.to_s result.name.should == "bar" end end diff --git a/spec/integration/indirector/certificate_request/rest_spec.rb b/spec/integration/indirector/certificate_request/rest_spec.rb index 2c98ef66c..c718b78ab 100755 --- a/spec/integration/indirector/certificate_request/rest_spec.rb +++ b/spec/integration/indirector/certificate_request/rest_spec.rb @@ -1,88 +1,89 @@ #!/usr/bin/env ruby Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } require 'puppet/ssl/certificate_request' require 'puppet/network/server' require 'puppet/network/http/webrick/rest' describe "Certificate Request REST Terminus" do before do Puppet::Util::Cacher.expire Puppet[:masterport] = 34343 Puppet[:server] = "localhost" # Get a safe temporary file @tmpfile = Tempfile.new("webrick_integration_testing") @dir = @tmpfile.path + "_dir" Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' Puppet[:certname] = '127.0.0.1' # Generate the certificate with a local CA Puppet::SSL::Host.ca_location = :local ca = Puppet::SSL::CertificateAuthority.new ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) # Create the CSR and write it to disk @host = Puppet::SSL::Host.new("foo.madstop.com") @host.generate_certificate_request # Now remove the cached csr Puppet::SSL::Host.ca_location = :none Puppet::SSL::Host.destroy("foo.madstop.com") @params = { :port => 34343, :handlers => [ :certificate_request ] } @server = Puppet::Network::Server.new(@params) @server.listen # Then switch to a remote CA, so that we go through REST. Puppet::SSL::Host.ca_location = :remote # LAK:NOTE We need to have a fake model here so that our indirected methods get # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate # return. @mock_model = stub('faked model', :name => "certificate request") Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:check_authorization).returns(true) end after do Puppet::Network::HttpPool.expire Puppet::SSL::Host.ca_location = :none Puppet.settings.clear @server.unlisten end it "should be able to save a certificate request to the CA" do key = Puppet::SSL::Key.new("bar.madstop.com") key.generate csr = Puppet::SSL::CertificateRequest.new("bar.madstop.com") csr.generate(key.content) server_csr = mock 'csr' server_csr.expects(:save) @mock_model.expects(:convert_from).with("s", csr.content.to_s).returns server_csr csr.save end it "should be able to retrieve a remote certificate request" do # We're finding the cached value :/ @mock_model.expects(:find).returns @host.certificate_request result = Puppet::SSL::CertificateRequest.find('foo.madstop.com') # There's no good '==' method on certs. result.content.to_s.should == @host.certificate_request.content.to_s result.name.should == @host.certificate_request.name end end diff --git a/spec/integration/indirector/certificate_revocation_list/rest_spec.rb b/spec/integration/indirector/certificate_revocation_list/rest_spec.rb index 62a2f808e..86f2b0150 100755 --- a/spec/integration/indirector/certificate_revocation_list/rest_spec.rb +++ b/spec/integration/indirector/certificate_revocation_list/rest_spec.rb @@ -1,76 +1,77 @@ #!/usr/bin/env ruby Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } require 'puppet/ssl/certificate' require 'puppet/network/server' require 'puppet/network/http/webrick/rest' describe "Certificate REST Terminus" do before do Puppet[:masterport] = 34343 Puppet[:server] = "localhost" # Get a safe temporary file @tmpfile = Tempfile.new("webrick_integration_testing") @dir = @tmpfile.path + "_dir" Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" Puppet::Util::Cacher.expire Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' Puppet[:certname] = '127.0.0.1' # Generate the certificate with a local CA Puppet::SSL::Host.ca_location = :local ca = Puppet::SSL::CertificateAuthority.new ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) @params = { :port => 34343, :handlers => [ :certificate_revocation_list ] } @server = Puppet::Network::Server.new(@params) @server.listen # And make sure we've generated the CRL @crl = ca.crl # Now remove the cached crl Puppet::SSL::Host.ca_location = :none Puppet::SSL::CertificateRevocationList.destroy(Puppet::SSL::CA_NAME) # This is necessary so that we create the SSL store before we start # using REST. This is necessary to prevent an infinite loop, # which only occurs during testing. Puppet::Network::HttpPool.ssl_host.ssl_store # Then switch to a remote CA, so that we go through REST. Puppet::SSL::Host.ca_location = :remote # LAK:NOTE We need to have a fake model here so that our indirected methods get # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate # return. @mock_model = stub('faked model', :name => "certificate") Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:check_authorization).returns(true) end after do Puppet::Network::HttpPool.expire Puppet::SSL::Host.ca_location = :none Puppet.settings.clear @server.unlisten end it "should be able to retrieve a remote CRL" do @mock_model.expects(:find).returns @crl result = Puppet::SSL::CertificateRevocationList.find('bar') # There's no good '==' method on certs. result.content.to_s.should == @crl.content.to_s end end diff --git a/spec/integration/indirector/report/rest_spec.rb b/spec/integration/indirector/report/rest_spec.rb index 089f8fd3f..fdc218975 100644 --- a/spec/integration/indirector/report/rest_spec.rb +++ b/spec/integration/indirector/report/rest_spec.rb @@ -1,96 +1,97 @@ #!/usr/bin/env ruby Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } require 'puppet/transaction/report' require 'puppet/network/server' require 'puppet/network/http/webrick/rest' describe "Report REST Terminus" do before do Puppet[:masterport] = 34343 Puppet[:server] = "localhost" # Get a safe temporary file @tmpfile = Tempfile.new("webrick_integration_testing") @dir = @tmpfile.path + "_dir" Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" Puppet::Util::Cacher.expire Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' Puppet[:certname] = '127.0.0.1' # Generate the certificate with a local CA Puppet::SSL::Host.ca_location = :local ca = Puppet::SSL::CertificateAuthority.new ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) ca.generate("foo.madstop.com") unless Puppet::SSL::Certificate.find(Puppet[:certname]) @host = Puppet::SSL::Host.new(Puppet[:certname]) @params = { :port => 34343, :handlers => [ :report ] } @server = Puppet::Network::Server.new(@params) @server.listen # Let's use REST for our reports :-) @old_terminus = Puppet::Transaction::Report.indirection.terminus_class Puppet::Transaction::Report.terminus_class = :rest # LAK:NOTE We need to have a fake model here so that our indirected methods get # passed through REST; otherwise we'd be stubbing 'save', which would cause an immediate # return. @report = stub_everything 'report' @mock_model = stub_everything 'faked model', :name => "report", :convert_from => @report Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:check_authorization) end after do Puppet::Network::HttpPool.expire Puppet::SSL::Host.ca_location = :none Puppet.settings.clear @server.unlisten Puppet::Transaction::Report.terminus_class = @old_terminus end it "should be able to send a report to the server" do @report.expects(:save) report = Puppet::Transaction::Report.new resourcemetrics = { :total => 12, :out_of_sync => 20, :applied => 45, :skipped => 1, :restarted => 23, :failed_restarts => 1, :scheduled => 10 } report.add_metric(:resources, resourcemetrics) timemetrics = { :resource1 => 10, :resource2 => 50, :resource3 => 40, :resource4 => 20, } report.add_metric(:times, timemetrics) report.add_metric( :changes, :total => 20 ) report.save end end diff --git a/spec/integration/indirector/rest_spec.rb b/spec/integration/indirector/rest_spec.rb index e9048392a..14e9e9593 100755 --- a/spec/integration/indirector/rest_spec.rb +++ b/spec/integration/indirector/rest_spec.rb @@ -1,524 +1,525 @@ #!/usr/bin/env ruby require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/network/server' require 'puppet/indirector' require 'puppet/indirector/rest' # a fake class that will be indirected via REST class Puppet::TestIndirectedFoo extend Puppet::Indirector indirects :test_indirected_foo, :terminus_setting => :test_indirected_foo_terminus attr_reader :value attr_accessor :name def initialize(value = 0) @value = value end def self.from_yaml(yaml) YAML.load(yaml) end def name "bob" end end # empty Terminus class -- this would normally have to be in a directory findable by the autoloader, but we short-circuit that below class Puppet::TestIndirectedFoo::Rest < Puppet::Indirector::REST end describe Puppet::Indirector::REST do before do # Get a safe temporary file @tmpfile = Tempfile.new("webrick_integration_testing") @dir = @tmpfile.path + "_dir" Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" Puppet::SSL::Host.ca_location = :local Puppet::TestIndirectedFoo.terminus_class = :rest end after do Puppet::Network::HttpPool.expire Puppet::SSL::Host.ca_location = :none Puppet.settings.clear end describe "when using webrick" do before :each do Puppet::Util::Cacher.expire Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' Puppet[:certname] = '127.0.0.1' ca = Puppet::SSL::CertificateAuthority.new ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) @params = { :port => 34343, :handlers => [ :test_indirected_foo ], :xmlrpc_handlers => [ :status ] } @server = Puppet::Network::Server.new(@params) @server.listen # LAK:NOTE We need to have a fake model here so that our indirected methods get # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate # return. @mock_model = stub('faked model', :name => "foo") Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) # do not trigger the authorization layer Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:check_authorization).returns(true) end describe "when finding a model instance over REST" do describe "when a matching model instance can be found" do before :each do @model_instance = Puppet::TestIndirectedFoo.new(23) @mock_model.stubs(:find).returns @model_instance end it "should not fail" do lambda { Puppet::TestIndirectedFoo.find('bar') }.should_not raise_error end it 'should return an instance of the model class' do Puppet::TestIndirectedFoo.find('bar').class.should == Puppet::TestIndirectedFoo end it "should pass options all the way through" do @mock_model.expects(:find).with { |key, args| args[:one] == "two" and args[:three] == "four" }.returns @model_instance Puppet::TestIndirectedFoo.find('bar', :one => "two", :three => "four") end it 'should return the instance of the model class associated with the provided lookup key' do Puppet::TestIndirectedFoo.find('bar').value.should == @model_instance.value end it 'should set an expiration on model instance' do Puppet::TestIndirectedFoo.find('bar').expiration.should_not be_nil end it "should use a supported format" do Puppet::TestIndirectedFoo.expects(:supported_formats).returns ["marshal"] text = Marshal.dump(@model_instance) @model_instance.expects(:render).with(Puppet::Network::FormatHandler.format("marshal")).returns text Puppet::TestIndirectedFoo.find('bar') end end describe "when no matching model instance can be found" do before :each do @mock_model = stub('faked model', :name => "foo", :find => nil) Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) end it "should return nil" do Puppet::TestIndirectedFoo.find('bar').should be_nil end end describe "when an exception is encountered in looking up a model instance" do before :each do @mock_model = stub('faked model', :name => "foo") @mock_model.stubs(:find).raises(RuntimeError) Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) end it "should raise an exception" do lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(Net::HTTPError) end end end describe "when searching for model instances over REST" do describe "when matching model instances can be found" do before :each do @model_instances = [ Puppet::TestIndirectedFoo.new(23), Puppet::TestIndirectedFoo.new(24) ] @mock_model.stubs(:search).returns @model_instances # Force yaml, because otherwise our mocks can't work correctly Puppet::TestIndirectedFoo.stubs(:supported_formats).returns %w{yaml} @mock_model.stubs(:render_multiple).returns @model_instances.to_yaml end it "should not fail" do lambda { Puppet::TestIndirectedFoo.search('bar') }.should_not raise_error end it 'should return all matching results' do Puppet::TestIndirectedFoo.search('bar').length.should == @model_instances.length end it "should pass options all the way through" do @mock_model.expects(:search).with { |key, args| args[:one] == "two" and args[:three] == "four" }.returns @model_instances Puppet::TestIndirectedFoo.search("foo", :one => "two", :three => "four") end it 'should return model instances' do Puppet::TestIndirectedFoo.search('bar').each do |result| result.class.should == Puppet::TestIndirectedFoo end end it 'should return the instance of the model class associated with the provided lookup key' do Puppet::TestIndirectedFoo.search('bar').collect { |i| i.value }.should == @model_instances.collect { |i| i.value } end end describe "when no matching model instance can be found" do before :each do @mock_model = stub('faked model', :name => "foo", :find => nil) Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) end it "should return nil" do Puppet::TestIndirectedFoo.find('bar').should be_nil end end describe "when an exception is encountered in looking up a model instance" do before :each do @mock_model = stub('faked model') @mock_model.stubs(:find).raises(RuntimeError) Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) end it "should raise an exception" do lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(Net::HTTPError) end end end describe "when destroying a model instance over REST" do describe "when a matching model instance can be found" do before :each do @mock_model.stubs(:destroy).returns true end it "should not fail" do lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should_not raise_error end it 'should return success' do Puppet::TestIndirectedFoo.destroy('bar').should == true end end describe "when no matching model instance can be found" do before :each do @mock_model.stubs(:destroy).returns false end it "should return failure" do Puppet::TestIndirectedFoo.destroy('bar').should == false end end describe "when an exception is encountered in destroying a model instance" do before :each do @mock_model.stubs(:destroy).raises(RuntimeError) end it "should raise an exception" do lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should raise_error(Net::HTTPError) end end end describe "when saving a model instance over REST" do before :each do @instance = Puppet::TestIndirectedFoo.new(42) @mock_model.stubs(:save_object).returns @instance @mock_model.stubs(:convert_from).returns @instance Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).returns(@instance) end describe "when a successful save can be performed" do before :each do end it "should not fail" do lambda { @instance.save }.should_not raise_error end it 'should return an instance of the model class' do @instance.save.class.should == Puppet::TestIndirectedFoo end it 'should return a matching instance of the model class' do @instance.save.value.should == @instance.value end end describe "when a save cannot be completed" do before :each do Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).returns(false) end it "should return failure" do @instance.save.should == false end end describe "when an exception is encountered in performing a save" do before :each do Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).raises(RuntimeError) end it "should raise an exception" do lambda { @instance.save }.should raise_error(Net::HTTPError) end end end after :each do @server.unlisten end end describe "when using mongrel" do confine "Mongrel is not available" => Puppet.features.mongrel? before :each do Puppet[:servertype] = 'mongrel' @params = { :port => 34343, :handlers => [ :test_indirected_foo ] } # Make sure we never get a cert, since mongrel can't speak ssl Puppet::SSL::Certificate.stubs(:find).returns nil # We stub ssl to be off, since mongrel can't speak ssl Net::HTTP.any_instance.stubs(:use_ssl?).returns false @server = Puppet::Network::Server.new(@params) @server.listen # LAK:NOTE We need to have a fake model here so that our indirected methods get # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate # return. @mock_model = stub('faked model', :name => "foo") Puppet::Indirector::Request.any_instance.stubs(:model).returns(@mock_model) # do not trigger the authorization layer Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:check_authorization).returns(true) end after do @server.unlisten end describe "when finding a model instance over REST" do describe "when a matching model instance can be found" do before :each do @model_instance = Puppet::TestIndirectedFoo.new(23) @mock_model.stubs(:find).returns @model_instance end it "should not fail" do lambda { Puppet::TestIndirectedFoo.find('bar') }.should_not raise_error end it 'should return an instance of the model class' do Puppet::TestIndirectedFoo.find('bar').class.should == Puppet::TestIndirectedFoo end it "should pass options all the way through" do @mock_model.expects(:find).with { |key, args| args[:one] == "two" and args[:three] == "four" }.returns @model_instance Puppet::TestIndirectedFoo.find('bar', :one => "two", :three => "four") end it 'should return the instance of the model class associated with the provided lookup key' do Puppet::TestIndirectedFoo.find('bar').value.should == @model_instance.value end it 'should set an expiration on model instance' do Puppet::TestIndirectedFoo.find('bar').expiration.should_not be_nil end it "should use a supported format" do Puppet::TestIndirectedFoo.expects(:supported_formats).returns ["marshal"] format = stub 'format' text = Marshal.dump(@model_instance) @model_instance.expects(:render).with(Puppet::Network::FormatHandler.format("marshal")).returns text Puppet::TestIndirectedFoo.find('bar') end end describe "when no matching model instance can be found" do before :each do @mock_model.stubs(:find).returns nil end it "should return nil" do Puppet::TestIndirectedFoo.find('bar').should be_nil end end describe "when an exception is encountered in looking up a model instance" do before :each do @mock_model.stubs(:find).raises(RuntimeError) end it "should raise an exception" do lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(Net::HTTPError) end end end describe "when searching for model instances over REST" do describe "when matching model instances can be found" do before :each do @model_instances = [ Puppet::TestIndirectedFoo.new(23), Puppet::TestIndirectedFoo.new(24) ] # Force yaml, because otherwise our mocks can't work correctly Puppet::TestIndirectedFoo.stubs(:supported_formats).returns %w{yaml} @mock_model.stubs(:search).returns @model_instances @mock_model.stubs(:render_multiple).returns @model_instances.to_yaml end it "should not fail" do lambda { Puppet::TestIndirectedFoo.search('bar') }.should_not raise_error end it 'should return all matching results' do Puppet::TestIndirectedFoo.search('bar').length.should == @model_instances.length end it "should pass options all the way through" do @mock_model.expects(:search).with { |key, args| args[:one] == "two" and args[:three] == "four" }.returns @model_instances Puppet::TestIndirectedFoo.search('bar', :one => "two", :three => "four") end it 'should return model instances' do Puppet::TestIndirectedFoo.search('bar').each do |result| result.class.should == Puppet::TestIndirectedFoo end end it 'should return the instance of the model class associated with the provided lookup key' do Puppet::TestIndirectedFoo.search('bar').collect { |i| i.value }.should == @model_instances.collect { |i| i.value } end it 'should set an expiration on model instances' do Puppet::TestIndirectedFoo.search('bar').each do |result| result.expiration.should_not be_nil end end end describe "when no matching model instance can be found" do before :each do @mock_model.stubs(:search).returns nil @mock_model.stubs(:render_multiple).returns nil.to_yaml end it "should return nil" do Puppet::TestIndirectedFoo.search('bar').should == [] end end describe "when an exception is encountered in looking up a model instance" do before :each do @mock_model.stubs(:find).raises(RuntimeError) end it "should raise an exception" do lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(Net::HTTPError) end end end describe "when destroying a model instance over REST" do describe "when a matching model instance can be found" do before :each do @mock_model.stubs(:destroy).returns true end it "should not fail" do lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should_not raise_error end it 'should return success' do Puppet::TestIndirectedFoo.destroy('bar').should == true end end describe "when no matching model instance can be found" do before :each do @mock_model.stubs(:destroy).returns false end it "should return failure" do Puppet::TestIndirectedFoo.destroy('bar').should == false end end describe "when an exception is encountered in destroying a model instance" do before :each do @mock_model.stubs(:destroy).raises(RuntimeError) end it "should raise an exception" do lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should raise_error(Net::HTTPError) end end end describe "when saving a model instance over REST" do before :each do @instance = Puppet::TestIndirectedFoo.new(42) @mock_model.stubs(:convert_from).returns @instance # LAK:NOTE This stub is necessary to prevent the REST call from calling # REST.save again, thus producing painful infinite recursion. Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).returns(@instance) end describe "when a successful save can be performed" do before :each do end it "should not fail" do lambda { @instance.save }.should_not raise_error end it 'should return an instance of the model class' do @instance.save.class.should == Puppet::TestIndirectedFoo end it 'should return a matching instance of the model class' do @instance.save.value.should == @instance.value end end describe "when a save cannot be completed" do before :each do Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).returns(false) end it "should return failure" do @instance.save.should == false end end describe "when an exception is encountered in performing a save" do before :each do Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).raises(RuntimeError) end it "should raise an exception" do lambda { @instance.save }.should raise_error(Net::HTTPError) end end end end end diff --git a/spec/integration/network/server/webrick_spec.rb b/spec/integration/network/server/webrick_spec.rb index 2809df780..2b14dfb37 100755 --- a/spec/integration/network/server/webrick_spec.rb +++ b/spec/integration/network/server/webrick_spec.rb @@ -1,85 +1,86 @@ #!/usr/bin/env ruby require File.dirname(__FILE__) + '/../../../spec_helper' require 'puppet/network/server' require 'puppet/ssl/certificate_authority' require 'socket' describe Puppet::Network::Server do describe "when using webrick" do before :each do Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' @params = { :port => 34343, :handlers => [ :node ], :xmlrpc_handlers => [ :status ] } # Get a safe temporary file @tmpfile = Tempfile.new("webrick_integration_testing") @dir = @tmpfile.path + "_dir" Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet::SSL::Host.ca_location = :local ca = Puppet::SSL::CertificateAuthority.new ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) end after do @tmpfile.delete Puppet.settings.clear system("rm -rf #{@dir}") Puppet::Util::Cacher.expire end describe "before listening" do it "should not be reachable at the specified address and port" do lambda { TCPSocket.new('127.0.0.1', 34343) }.should raise_error end end describe "when listening" do it "should be reachable on the specified address and port" do @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) @server.listen lambda { TCPSocket.new('127.0.0.1', 34343) }.should_not raise_error end it "should default to '0.0.0.0' as its bind address" do Puppet.settings.clear Puppet[:servertype] = 'webrick' Puppet[:bindaddress].should == '0.0.0.0' end it "should use any specified bind address" do Puppet[:bindaddress] = "127.0.0.1" @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) @server.stubs(:unlisten) # we're breaking listening internally, so we have to keep it from unlistening @server.send(:http_server).expects(:listen).with { |args| args[:address] == "127.0.0.1" } @server.listen end it "should not allow multiple servers to listen on the same address and port" do @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) @server.listen @server2 = Puppet::Network::Server.new(@params.merge(:port => 34343)) lambda { @server2.listen }.should raise_error end after :each do @server.unlisten if @server && @server.listening? end end describe "after unlistening" do it "should not be reachable on the port and address assigned" do @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) @server.listen @server.unlisten lambda { TCPSocket.new('127.0.0.1', 34343) }.should raise_error(Errno::ECONNREFUSED) end end end end diff --git a/spec/integration/ssl/certificate_authority_spec.rb b/spec/integration/ssl/certificate_authority_spec.rb index be82b5fb7..fca17b405 100755 --- a/spec/integration/ssl/certificate_authority_spec.rb +++ b/spec/integration/ssl/certificate_authority_spec.rb @@ -1,135 +1,136 @@ #!/usr/bin/env ruby # # Created by Luke Kanies on 2008-4-17. # Copyright (c) 2008. All rights reserved. require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/ssl/certificate_authority' require 'tempfile' describe Puppet::SSL::CertificateAuthority do before do # Get a safe temporary file file = Tempfile.new("ca_integration_testing") @dir = file.path file.delete Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet::SSL::Host.ca_location = :local @ca = Puppet::SSL::CertificateAuthority.new end after { Puppet::SSL::Host.ca_location = :none system("rm -rf #{@dir}") Puppet.settings.clear Puppet::Util::Cacher.expire Puppet::SSL::CertificateAuthority.instance_variable_set("@instance", nil) } it "should create a CA host" do @ca.host.should be_ca end it "should be able to generate a certificate" do @ca.generate_ca_certificate @ca.host.certificate.should be_instance_of(Puppet::SSL::Certificate) end it "should be able to generate a new host certificate" do @ca.generate("newhost") Puppet::SSL::Certificate.find("newhost").should be_instance_of(Puppet::SSL::Certificate) end it "should be able to revoke a host certificate" do @ca.generate("newhost") @ca.revoke("newhost") lambda { @ca.verify("newhost") }.should raise_error end it "should have a CRL" do @ca.generate_ca_certificate @ca.crl.should_not be_nil end it "should be able to read in a previously created CRL" do @ca.generate_ca_certificate # Create it to start with. @ca.crl Puppet::SSL::CertificateAuthority.new.crl.should_not be_nil end describe "when signing certificates" do before do @host = Puppet::SSL::Host.new("luke.madstop.com") # We have to provide the key, since when we're in :ca_only mode, we can only interact # with the CA key. key = Puppet::SSL::Key.new(@host.name) key.generate @host.key = key @host.generate_certificate_request path = File.join(Puppet[:requestdir], "luke.madstop.com.pem") end it "should be able to sign certificates" do @ca.sign("luke.madstop.com") end it "should save the signed certificate" do @ca.sign("luke.madstop.com") Puppet::SSL::Certificate.find("luke.madstop.com").should be_instance_of(Puppet::SSL::Certificate) end it "should be able to sign multiple certificates" do @other = Puppet::SSL::Host.new("other.madstop.com") okey = Puppet::SSL::Key.new(@other.name) okey.generate @other.key = okey @other.generate_certificate_request @ca.sign("luke.madstop.com") @ca.sign("other.madstop.com") Puppet::SSL::Certificate.find("other.madstop.com").should be_instance_of(Puppet::SSL::Certificate) Puppet::SSL::Certificate.find("luke.madstop.com").should be_instance_of(Puppet::SSL::Certificate) end it "should save the signed certificate to the :signeddir" do @ca.sign("luke.madstop.com") client_cert = File.join(Puppet[:signeddir], "luke.madstop.com.pem") File.read(client_cert).should == Puppet::SSL::Certificate.find("luke.madstop.com").content.to_s end it "should save valid certificates" do @ca.sign("luke.madstop.com") ssl = %x{which openssl} unless ssl pending "No ssl available" else ca_cert = Puppet[:cacert] client_cert = File.join(Puppet[:signeddir], "luke.madstop.com.pem") output = %x{openssl verify -CAfile #{ca_cert} #{client_cert}} $CHILD_STATUS.should == 0 end end end end diff --git a/spec/integration/ssl/certificate_request_spec.rb b/spec/integration/ssl/certificate_request_spec.rb index 365ecce38..8426b9dc5 100755 --- a/spec/integration/ssl/certificate_request_spec.rb +++ b/spec/integration/ssl/certificate_request_spec.rb @@ -1,61 +1,62 @@ #!/usr/bin/env ruby # # Created by Luke Kanies on 2008-4-17. # Copyright (c) 2008. All rights reserved. require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/ssl/certificate_request' require 'tempfile' describe Puppet::SSL::CertificateRequest do before do # Get a safe temporary file file = Tempfile.new("csr_integration_testing") @dir = file.path file.delete Dir.mkdir(@dir) Puppet.settings.clear Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet::SSL::Host.ca_location = :none @csr = Puppet::SSL::CertificateRequest.new("luke.madstop.com") @key = OpenSSL::PKey::RSA.new(512) end after do system("rm -rf #{@dir}") Puppet.settings.clear # This is necessary so the terminus instances don't lie around. Puppet::Util::Cacher.expire end it "should be able to generate CSRs" do @csr.generate(@key) end it "should be able to save CSRs" do @csr.save end it "should be able to find saved certificate requests via the Indirector" do @csr.generate(@key) @csr.save Puppet::SSL::CertificateRequest.find("luke.madstop.com").should be_instance_of(Puppet::SSL::CertificateRequest) end it "should save the completely CSR when saving" do @csr.generate(@key) @csr.save Puppet::SSL::CertificateRequest.find("luke.madstop.com").content.to_s.should == @csr.content.to_s end end diff --git a/spec/integration/ssl/certificate_revocation_list_spec.rb b/spec/integration/ssl/certificate_revocation_list_spec.rb index 127654ce3..44eee363d 100755 --- a/spec/integration/ssl/certificate_revocation_list_spec.rb +++ b/spec/integration/ssl/certificate_revocation_list_spec.rb @@ -1,42 +1,43 @@ #!/usr/bin/env ruby # # Created by Luke Kanies on 2008-5-5. # Copyright (c) 2008. All rights reserved. require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/ssl/certificate_revocation_list' require 'tempfile' describe Puppet::SSL::CertificateRevocationList do before do # Get a safe temporary file file = Tempfile.new("ca_integration_testing") @dir = file.path file.delete Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet::SSL::Host.ca_location = :local end after { Puppet::SSL::Host.ca_location = :none system("rm -rf #{@dir}") Puppet.settings.clear # This is necessary so the terminus instances don't lie around. Puppet::Util::Cacher.expire } it "should be able to read in written out CRLs with no revoked certificates" do ca = Puppet::SSL::CertificateAuthority.new raise "CRL not created" unless FileTest.exist?(Puppet[:hostcrl]) crl = Puppet::SSL::CertificateRevocationList.new("crl_int_testing") crl.read(Puppet[:hostcrl]) end end diff --git a/spec/integration/ssl/host_spec.rb b/spec/integration/ssl/host_spec.rb index 9b4152e83..05862dfc4 100755 --- a/spec/integration/ssl/host_spec.rb +++ b/spec/integration/ssl/host_spec.rb @@ -1,90 +1,91 @@ #!/usr/bin/env ruby # # Created by Luke Kanies on 2008-4-17. # Copyright (c) 2008. All rights reserved. require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/ssl/host' require 'tempfile' describe Puppet::SSL::Host do before do # Get a safe temporary file file = Tempfile.new("host_integration_testing") @dir = file.path file.delete Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet.settings[:group] = Process.gid Puppet::SSL::Host.ca_location = :local @host = Puppet::SSL::Host.new("luke.madstop.com") @ca = Puppet::SSL::CertificateAuthority.new end after { Puppet::SSL::Host.ca_location = :none system("rm -rf #{@dir}") Puppet.settings.clear Puppet::Util::Cacher.expire } it "should be considered a CA host if its name is equal to 'ca'" do Puppet::SSL::Host.new(Puppet::SSL::CA_NAME).should be_ca end describe "when managing its key" do it "should be able to generate and save a key" do @host.generate_key end it "should save the key such that the Indirector can find it" do @host.generate_key Puppet::SSL::Key.find(@host.name).content.to_s.should == @host.key.to_s end it "should save the private key into the :privatekeydir" do @host.generate_key File.read(File.join(Puppet.settings[:privatekeydir], "luke.madstop.com.pem")).should == @host.key.to_s end end describe "when managing its certificate request" do it "should be able to generate and save a certificate request" do @host.generate_certificate_request end it "should save the certificate request such that the Indirector can find it" do @host.generate_certificate_request Puppet::SSL::CertificateRequest.find(@host.name).content.to_s.should == @host.certificate_request.to_s end it "should save the private certificate request into the :privatekeydir" do @host.generate_certificate_request File.read(File.join(Puppet.settings[:requestdir], "luke.madstop.com.pem")).should == @host.certificate_request.to_s end end describe "when the CA host" do it "should never store its key in the :privatekeydir" do Puppet.settings.use(:main, :ssl, :ca) @ca = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name) @ca.generate_key FileTest.should_not be_exist(File.join(Puppet[:privatekeydir], "ca.pem")) end end it "should pass the verification of its own SSL store" do @host.generate @ca = Puppet::SSL::CertificateAuthority.new @ca.sign(@host.name) @host.ssl_store.verify(@host.certificate.content).should be_true end end