ext/autotest/Rakefile ext/autotest/config ext/autotest/readme.rst lib/puppet/indirector/certificate/rest.rb lib/puppet/indirector/certificate_request/rest.rb lib/puppet/indirector/certificate_revocation_list/rest.rb lib/puppet/provider/confine.rb lib/puppet/provider/confine/exists.rb lib/puppet/provider/confine/facter.rb lib/puppet/provider/confine/false.rb lib/puppet/provider/confine/feature.rb lib/puppet/provider/confine/true.rb lib/puppet/provider/confine_collection.rb lib/puppet/provider/confiner.rb lib/puppet/provider/group/ldap.rb lib/puppet/provider/ldap.rb lib/puppet/provider/ssh_authorized_key/parsed.rb lib/puppet/provider/user/ldap.rb lib/puppet/ssl/certificate_authority/interface.rb lib/puppet/type/ssh_authorized_key.rb lib/puppet/util/cacher.rb lib/puppet/util/ldap.rb lib/puppet/util/ldap/connection.rb lib/puppet/util/ldap/generator.rb lib/puppet/util/ldap/manager.rb spec/integration/bin/puppetmasterd.rb spec/integration/defaults.rb spec/integration/ssl/certificate_revocation_list.rb spec/integration/type/package.rb spec/unit/indirector/certificate/rest.rb spec/unit/indirector/certificate_request/rest.rb spec/unit/indirector/certificate_revocation_list/rest.rb spec/unit/parser/templatewrapper.rb spec/unit/provider/confine.rb spec/unit/provider/confine/exists.rb spec/unit/provider/confine/facter.rb spec/unit/provider/confine/false.rb spec/unit/provider/confine/feature.rb spec/unit/provider/confine/true.rb spec/unit/provider/confine_collection.rb spec/unit/provider/confiner.rb spec/unit/provider/group/ldap.rb spec/unit/provider/interface/redhat.rb spec/unit/provider/interface/sunos.rb spec/unit/provider/ldap.rb spec/unit/provider/mount.rb spec/unit/provider/mount/parsed.rb spec/unit/provider/ssh_authorized_key/parsed.rb spec/unit/provider/user/ldap.rb spec/unit/ssl/certificate_authority/interface.rb spec/unit/type.rb spec/unit/type/exec.rb spec/unit/type/file.rb spec/unit/type/interface.rb spec/unit/type/mount.rb spec/unit/type/nagios.rb spec/unit/type/noop_metaparam.rb spec/unit/type/package.rb spec/unit/type/schedule.rb spec/unit/type/service.rb spec/unit/type/ssh_authorized_key.rb spec/unit/type/user.rb spec/unit/util/cacher.rb spec/unit/util/ldap/connection.rb spec/unit/util/ldap/generator.rb spec/unit/util/ldap/manager.rb spec/unit/util/storage.rb test/data/providers/ssh_authorized_key/parsed/authorized_keys test/data/types/ssh_authorized_key/1 @@ -10,7 +10,7 @@ # # puppetd [-D|--daemonize|--no-daemonize] [-d|--debug] [--disable] [--enable] # [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console] -# [-o|--onetime] [--serve <handler>] [-t|--test] +# [-o|--onetime] [--serve <handler>] [-t|--test] [--noop] # [-V|--version] [-v|--verbose] [-w|--waitforcert <seconds>] # # = Description @@ -57,7 +57,7 @@ # parameter, so you can specify '--server <servername>' as an argument. # # See the configuration file documentation at -# http://reductivelabs.com/projects/puppet/reference/configref.html for +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for # the full list of acceptable parameters. A commented list of all # configuration options can also be generated by running puppetd with # '--genconfig'. @@ -124,6 +124,10 @@ # Enable the most common options used for testing. These are +onetime+, # +verbose+, +ignorecache, and +no-usecacheonfailure+. # +# noop:: +# Use +noop+ mode where the daemon runs in a no-op or dry-run mode. This is useful +# for seeing what changes Puppet will make without actually executing the changes. +# # verbose:: # Turn on verbose reporting. # @@ -317,6 +321,11 @@ if options[:centrallogs] Puppet::Util::Log.newdestination(logdest) end +# We need to specify a ca location for things to work, but +# until the REST cert transfers are working, it needs to +# be local. +Puppet::SSL::Host.ca_location = :local + # We need tomake the client either way, we just don't start it # if --no-client is set. client = Puppet::Network::Client.master.new(args) @@ -338,10 +347,9 @@ if Puppet[:daemonize] client.daemonize end -unless Puppet::Network::HttpPool.read_cert - # If we don't already have the certificate, then create a client to - # request one. Use the special ca stuff, don't use the normal server and port. - caclient = Puppet::Network::Client.ca.new() +caclient = Puppet::Network::Client.ca.new() + +unless caclient.read_cert if options[:waitforcert] > 0 begin while ! caclient.request_cert do @@ -360,7 +368,7 @@ unless Puppet::Network::HttpPool.read_cert end # Now read the new cert in. - if Puppet::Network::HttpPool.read_cert + if caclient.read_cert # If we read it in, then get rid of our existing http connection. client.recycle_connection Puppet.notice "Got signed certificate" bin/puppetd @@ -8,8 +8,7 @@ # = Usage # # puppetmasterd [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help] -# [-l|--logdest <file>|console|syslog] [--nobucket] [--nonodes] -# [-v|--verbose] [-V|--version] +# [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version] # # = Description # @@ -22,7 +21,7 @@ # parameter, so you can specify '--ssldir <directory>' as an argument. # # See the configuration file documentation at -# http://reductivelabs.com/projects/puppet/reference/configref.html for +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for # the full list of acceptable parameters. A commented list of all # configuration options can also be generated by running puppetmasterdd with # '--genconfig'. @@ -44,16 +43,6 @@ # Defaults to sending messages to syslog, or the console # if debugging or verbosity is enabled. # -# nobucket:: -# Do not function as a file bucket. -# -# nonodes:: -# Do not use individual node designations; each node will receive the result -# of evaluating the entire configuration. -# -# noreports:: -# Do not start the reports server. -# # verbose:: # Enable verbosity. # @@ -81,16 +70,12 @@ end require 'getoptlong' require 'puppet' -require 'puppet/network/handler' -require 'puppet/sslcertificates' +require 'puppet/network/server' options = [ [ "--debug", "-d", GetoptLong::NO_ARGUMENT ], [ "--help", "-h", GetoptLong::NO_ARGUMENT ], [ "--logdest", "-l", GetoptLong::REQUIRED_ARGUMENT ], - [ "--nobucket", GetoptLong::NO_ARGUMENT ], - [ "--noreports", GetoptLong::NO_ARGUMENT ], - [ "--nonodes", GetoptLong::NO_ARGUMENT ], [ "--verbose", "-v", GetoptLong::NO_ARGUMENT ], [ "--version", "-V", GetoptLong::NO_ARGUMENT ] ] @@ -100,15 +85,7 @@ Puppet.settings.addargs(options) result = GetoptLong.new(*options) -master = {} -ca = {} -report = {} -bucket = {} - options = { - :havereport => true, - :havebucket => true, - :havemaster => true, :setdest => false, :verbose => false, :debug => false @@ -128,14 +105,6 @@ begin puts "No help available unless you have RDoc::usage installed" exit end - when "--noreports" - options[:havereport] = false - when "--nomaster" - options[:havemaster] = false - when "--nobucket" - options[:havebucket] = false - when "--nonodes" - master[:UseNodes] = false when "--logdest" begin Puppet::Util::Log.newdestination(arg) @@ -191,87 +160,54 @@ Puppet::Node::Facts.terminus_class = :yaml # Cache our nodes in yaml. Currently not configurable. Puppet::Node.cache_class = :yaml -require 'etc' - -handlers = { - :Status => {}, - :FileServer => {} -} - -if options[:havemaster] - handlers[:Master] = master +# Configure all of the SSL stuff. +if Puppet::SSL::CertificateAuthority.ca? + Puppet::SSL::Host.ca_location = :local + Puppet.settings.use :main, :ssl, :ca + Puppet::SSL::CertificateAuthority.instance +else + Puppet::SSL::Host.ca_location = :none end -if options[:havereport] - handlers[:Report] = report -end - -if Puppet[:ca] - handlers[:CA] = ca -end - -if options[:havebucket] - handlers[:FileBucket] = bucket -end +require 'etc' if Puppet[:parseonly] begin - Puppet::Network::Handler.master.new(master) + Puppet::Parser::Interpreter.new.parser(Puppet[:environment]) rescue => detail - if Puppet[:trace] - puts detail.backtrace - end - $stderr.puts detail - exit(32) + Puppet.err detail + exit 1 end - # we would have already exited if the file weren't syntactically correct exit(0) end -webserver = server = nil -begin - case Puppet[:servertype] - when "webrick" - # use the default, um, everything - require 'puppet/network/http_server/webrick' - webserver = server = Puppet::Network::HTTPServer::WEBrick.new(:Handlers => handlers) - when "mongrel": - require 'puppet/network/http_server/mongrel' - server = Puppet::Network::HTTPServer::Mongrel.new(handlers) - addr = Puppet[:bindaddress] - if addr == "" - addr = "127.0.0.1" - end - webserver = Mongrel::HttpServer.new(addr, Puppet[:masterport]) - webserver.register("/", server) - else - Puppet.err "Invalid server type %s" % Puppet[:servertype] - exit(45) - end -rescue => detail - if Puppet[:trace] - puts detail.backtrace - end - $stderr.puts detail - exit(1) +require 'puppet/file_serving/content' +require 'puppet/file_serving/metadata' +require 'puppet/checksum' + +xmlrpc_handlers = [:Status, :FileServer, :Master, :Report, :Filebucket] +rest_handlers = [:file_content, :file_metadata, :certificate, :facts, :catalog, :report, :checksum] + +if Puppet[:ca] + xmlrpc_handlers << :CA end +server = Puppet::Network::Server.new(:handlers => rest_handlers, :xmlrpc_handlers => xmlrpc_handlers) + if Process.uid == 0 begin Puppet::Util.chuser rescue => detail - if Puppet[:debug] - puts detail.backtrace - end + puts detail.backtrace if Puppet[:trace] $stderr.puts "Could not change user to %s: %s" % [Puppet[:user], detail] exit(39) end end -# Mongrel doesn't shut down like webrick; we really need to write plugins for it. -if Puppet[:servertype] == "webrick" - Puppet.newservice(server) -end +# Tell Puppet to manage this service for us, which has it starting and stopping +# as appropriate. +Puppet.newservice(server) + Puppet.settraps if Puppet[:daemonize] @@ -279,10 +215,5 @@ if Puppet[:daemonize] end Puppet.notice "Starting Puppet server version %s" % [Puppet.version] -case Puppet[:servertype] -when "webrick" - Puppet.start -when "mongrel": - webserver.run.join -end +Puppet.start bin/puppetmasterd @@ -65,7 +65,7 @@ # # This example uses ``ralsh`` to return Puppet configuration for the user ``luke``:: # -# $ ralsh user luke +# $ ralsh user luke # user { 'luke': # home => '/home/luke', # uid => '100', bin/ralsh @@ -2,10 +2,11 @@ ;;; puppet-mode.el ;;; ;;; Author: lutter -;;; Description: A simple mode for editing puppet manifests +;;; Author: Russ Allbery <rra@stanford.edu> ;;; +;;; Description: A simple mode for editing puppet manifests -(defconst puppet-mode-version "0.1") +(defconst puppet-mode-version "0.2") (defvar puppet-mode-abbrev-table nil "Abbrev table in use in puppet-mode buffers.") @@ -56,11 +57,43 @@ "*Indentation column of comments." :type 'integer :group 'puppet) +(defun puppet-count-matches (re start end) + "The same as Emacs 22 count-matches, for portability to other versions +of Emacs." + (save-excursion + (let ((n 0)) + (goto-char start) + (while (re-search-forward re end t) (setq n (1+ n))) + n))) + (defun puppet-comment-line-p () "Return non-nil iff this line is a comment." (save-excursion - (beginning-of-line) - (looking-at (format "\\s-*%s" comment-start)))) + (save-match-data + (beginning-of-line) + (looking-at (format "\\s-*%s" comment-start))))) + +(defun puppet-block-indent () + "If point is in a block, return the indentation of the first line of that +block (the line containing the opening brace). Used to set the indentation +of the closing brace of a block." + (save-excursion + (save-match-data + (let ((opoint (point)) + (apoint (search-backward "{" nil t))) + (when apoint + ;; This is a bit of a hack and doesn't allow for strings. We really + ;; want to parse by sexps at some point. + (let ((close-braces (puppet-count-matches "}" apoint opoint)) + (open-braces 0)) + (while (and apoint (> close-braces open-braces)) + (setq apoint (search-backward "{" nil t)) + (when apoint + (setq close-braces (puppet-count-matches "}" apoint opoint)) + (setq open-braces (1+ open-braces))))) + (if apoint + (current-indentation) + nil)))))) (defun puppet-in-array () "If point is in an array, return the position of the opening '[' of @@ -77,7 +110,7 @@ that array, else return nil." ;; ### steps, baby steps. A more robust strategy might be ;; ### to walk backwards by sexps, until hit a wall, then ;; ### inspect the nature of that wall. - (if (= (count-matches "\\]" apoint opoint) 0) + (if (= (puppet-count-matches "\\]" apoint opoint) 0) apoint)))))) (defun puppet-in-include () @@ -90,15 +123,14 @@ of the initial include plus puppet-include-indent." (while not-found (forward-line -1) (cond - ((puppet-comment-line-p) - (if (bobp) - (setq not-found nil))) - ((looking-at "^\\s-*include\\s-+.*,\\s-*$") - (setq include-column - (+ (current-indentation) puppet-include-indent)) - (setq not-found nil)) - ((not (looking-at ".*,\\s-*$")) - (setq not-found nil)))) + ((bobp) + (setq not-found nil)) + ((looking-at "^\\s-*include\\s-+.*,\\s-*$") + (setq include-column + (+ (current-indentation) puppet-include-indent)) + (setq not-found nil)) + ((not (looking-at ".*,\\s-*$")) + (setq not-found nil)))) include-column)))) (defun puppet-indent-line () @@ -110,6 +142,7 @@ of the initial include plus puppet-include-indent." (let ((not-indented t) (array-start (puppet-in-array)) (include-start (puppet-in-include)) + (block-indent (puppet-block-indent)) cur-indent) (cond (array-start @@ -146,18 +179,11 @@ of the initial include plus puppet-include-indent." (setq cur-indent (current-column)))) (include-start (setq cur-indent include-start)) - ((looking-at "^[^{\n]*}") - ;; This line contains the end of a block, but the block does - ;; not also begin on this line, so decrease the indentation. - (save-excursion - (forward-line -1) - (if (looking-at "^.*}") - (progn - (setq cur-indent (- (current-indentation) puppet-indent-level)) - (setq not-indented nil)) - (setq cur-indent (- (current-indentation) puppet-indent-level)))) - (if (< cur-indent 0) ; We can't indent past the left margin - (setq cur-indent 0))) + ((and (looking-at "^\\s-*}\\s-*$") block-indent) + ;; This line contains only a closing brace and we're at the inner + ;; block, so we should indent it matching the indentation of the + ;; opening brace of the block. + (setq cur-indent block-indent)) (t ;; Otherwise, we did not start on a block-ending-only line. (save-excursion @@ -165,30 +191,136 @@ of the initial include plus puppet-include-indent." (while not-indented (forward-line -1) (cond + ;; Comment lines are ignored unless we're at the start of the + ;; buffer. ((puppet-comment-line-p) (if (bobp) - (setq not-indented nil) - ;; else ignore the line and continue iterating backwards - )) - ((looking-at "^.*}") ; indent at the level of the END_ token + (setq not-indented nil))) + + ;; Brace or paren on a line by itself will already be indented to + ;; the right level, so we can cheat and stop there. + ((looking-at "^\\s-*[\)}]\\s-*") (setq cur-indent (current-indentation)) (setq not-indented nil)) - ((looking-at "^.*{") ; indent an extra level + + ;; Brace or paren not on a line by itself will be indented one + ;; level too much, but don't catch cases where the block is + ;; started and closed on the same line. + ((looking-at "^[^\({]*[\)}]\\s-*$") + (setq cur-indent (- (current-indentation) puppet-indent-level)) + (setq not-indented nil)) + + ;; Indent by one level more than the start of our block. We lose + ;; if there is more than one block opened and closed on the same + ;; line but it's still unbalanced; hopefully people don't do that. + ((looking-at "^.*{[^}]*$") + (setq cur-indent (+ (current-indentation) puppet-indent-level)) + (setq not-indented nil)) + + ;; Indent by one level if the line ends with an open paren. + ((looking-at "^.*\(\\s-*$") (setq cur-indent (+ (current-indentation) puppet-indent-level)) (setq not-indented nil)) - ((looking-at "^.*;\\s-*$") ; Semicolon ends a nested resource + + ;; Semicolon ends a block for a resource when multiple resources + ;; are defined in the same block, but try not to get the case of + ;; a complete resource on a single line wrong. + ((looking-at "^\\([^'\":\n]\\|\"[^\"]*\"\\|'[^']'\\)**;\\s-*$") (setq cur-indent (- (current-indentation) puppet-indent-level)) (setq not-indented nil)) - ((looking-at "^.*:\\s-*$") ; indent an extra level after : + + ;; Indent an extra level after : since it introduces a resource. + ((looking-at "^.*:\\s-*$") (setq cur-indent (+ (current-indentation) puppet-indent-level)) (setq not-indented nil)) + + ;; Start of buffer. ((bobp) - (setq not-indented nil)) - ))))) - (if cur-indent + (setq not-indented nil))))) + + ;; If this line contains only a closing paren, we should lose one + ;; level of indentation. + (if (looking-at "^\\s-*\)\\s-*$") + (setq cur-indent (- cur-indent puppet-indent-level))))) + + ;; We've figured out the indentation, so do it. + (if (and cur-indent (> cur-indent 0)) (indent-line-to cur-indent) (indent-line-to 0))))) +(defvar puppet-font-lock-syntax-table + (let* ((tbl (copy-syntax-table puppet-mode-syntax-table))) + (modify-syntax-entry ?_ "w" tbl) + tbl)) + +(defvar puppet-font-lock-keywords + (list + ;; defines, classes, and nodes + '("^\\s *\\(class\\|define\\|node\\)\\s +\\([^( \t\n]+\\)" + 2 font-lock-function-name-face) + ;; inheritence + '("\\s +inherits\\s +\\([^( \t\n]+\\)" + 1 font-lock-function-name-face) + ;; include + '("\\(^\\|\\s +\\)include\\s +\\(\\([a-zA-Z0-9:_-]+\\(,[ \t\n]*\\)?\\)+\\)" + 2 font-lock-reference-face) + ;; keywords + (cons (concat + "\\b\\(\\(" + (mapconcat + 'identity + '("alert" + "case" + "class" + "crit" + "debug" + "default" + "define" + "defined" + "else" + "emerg" + "err" + "fail" + "false" + "file" + "filebucket" + "generate" + "if" + "import" + "include" + "info" + "inherits" + "node" + "notice" + "realize" + "search" + "tag" + "tagged" + "template" + "true" + "warning" + ) + "\\|") + "\\)\\>\\)") + 1) + ;; variables + '("\\(^\\|[^_:.@$]\\)\\b\\(true\\|false\\)\\>" + 2 font-lock-variable-name-face) + ;; variables + '("\\(\\$\\([^a-zA-Z0-9 \n]\\|[0-9]\\)\\)\\W" + 1 font-lock-variable-name-face) + '("\\(\\$\\|@\\|@@\\)\\(\\w\\|_\\|:\\)+" + 0 font-lock-variable-name-face) + ;; usage of types + '("^\\s *\\([a-zA-Z_-]+\\)\\s +{" + 1 font-lock-type-face) + ;; overrides + '("^\\s +\\([a-zA-Z_-]+\\)\\[" + 1 font-lock-type-face) + ;; general delimited string + '("\\(^\\|[[ \t\n<+(,=]\\)\\(%[xrqQwW]?\\([^<[{(a-zA-Z0-9 \n]\\)[^\n\\\\]*\\(\\\\.[^\n\\\\]*\\)*\\(\\3\\)\\)" + (2 font-lock-string-face))) + "*Additional expressions to highlight in puppet mode.") ;;;###autoload (defun puppet-mode () @@ -213,97 +345,14 @@ The variable puppet-indent-level controls the amount of indentation. (set (make-local-variable 'paragraph-ignore-fill-prefix) t) (set (make-local-variable 'paragraph-start) "\f\\|[ ]*$") (set (make-local-variable 'paragraph-separate) "[ \f]*$") - (run-hooks 'puppet-mode-hook)) - -(cond - ((featurep 'font-lock) (or (boundp 'font-lock-variable-name-face) (setq font-lock-variable-name-face font-lock-type-face)) - - (setq puppet-font-lock-syntactic-keywords - '( - ("\\(^\\|[=(,~?:;]\\|\\(^\\|\\s \\)\\(if\\|elsif\\|unless\\|while\\|until\\|when\\|and\\|or\\|&&\\|||\\)\\|g?sub!?\\|scan\\|split!?\\)\\s *\\(/\\)[^/\n\\\\]*\\(\\\\.[^/\n\\\\]*\\)*\\(/\\)" - (4 (7 . ?/)) - (6 (7 . ?/))) - ("^\\(=\\)begin\\(\\s \\|$\\)" 1 (7 . nil)) - ("^\\(=\\)end\\(\\s \\|$\\)" 1 (7 . nil)))) - - (cond ((featurep 'xemacs) - (put 'puppet-mode 'font-lock-defaults - '((puppet-font-lock-keywords) - nil nil nil - beginning-of-line - (font-lock-syntactic-keywords - . puppet-font-lock-syntactic-keywords)))) - (t - (add-hook 'puppet-mode-hook - '(lambda () - (make-local-variable 'font-lock-defaults) - (make-local-variable 'font-lock-keywords) - (make-local-variable 'font-lock-syntax-table) - (make-local-variable 'font-lock-syntactic-keywords) - (setq font-lock-defaults '((puppet-font-lock-keywords) nil nil)) - (setq font-lock-keywords puppet-font-lock-keywords) - (setq font-lock-syntax-table puppet-font-lock-syntax-table) - (setq font-lock-syntactic-keywords puppet-font-lock-syntactic-keywords))))) - - (defvar puppet-font-lock-syntax-table - (let* ((tbl (copy-syntax-table puppet-mode-syntax-table))) - (modify-syntax-entry ?_ "w" tbl) - tbl)) - - (defvar puppet-font-lock-keywords - (list - ;; defines - '("^\\s *\\(define\\|node\\|class\\)\\s +\\([^( \t\n]+\\)" - 2 font-lock-function-name-face) - '("\\s +inherits\\s +\\([^( \t\n]+\\)" - 1 font-lock-function-name-face) - ;; include - '("^\\s *include\\s +\\([^( \t\n,]+\\)" - 1 font-lock-reference-face) - ;; hack to catch continued includes - '("^\\s *\\([a-zA-Z0-9:_-]+\\),?\\s *$" - 1 font-lock-reference-face) - ;; keywords - (cons (concat - "\\b\\(\\(" - (mapconcat - 'identity - '("case" - "class" - "default" - "define" - "false" - "import" - "include" - "inherits" - "node" - "realize" - "true" - ) - "\\|") - "\\)\\>\\)") - 1) - ;; variables - '("\\(^\\|[^_:.@$]\\|\\.\\.\\)\\b\\(nil\\|self\\|true\\|false\\)\\>" - 2 font-lock-variable-name-face) - ;; variables - '("\\(\\$\\([^a-zA-Z0-9 \n]\\|[0-9]\\)\\)\\W" - 1 font-lock-variable-name-face) - '("\\(\\$\\|@\\|@@\\)\\(\\w\\|_\\)+" - 0 font-lock-variable-name-face) - ;; usage of types - '("^\\s +\\([a-zA-Z_-]+\\)\\s +{" - 1 font-lock-type-face) - ;; overrides - '("^\\s +\\([a-zA-Z_-]+\\)\\[" - 1 font-lock-type-face) - ;; general delimited string - '("\\(^\\|[[ \t\n<+(,=]\\)\\(%[xrqQwW]?\\([^<[{(a-zA-Z0-9 \n]\\)[^\n\\\\]*\\(\\\\.[^\n\\\\]*\\)*\\(\\3\\)\\)" - (2 font-lock-string-face)) - ) - "*Additional expressions to highlight in puppet mode.")) - ) + (set (make-local-variable 'font-lock-keywords) puppet-font-lock-keywords) + (set (make-local-variable 'font-lock-multiline) t) + (set (make-local-variable 'font-lock-defaults) + '((puppet-font-lock-keywords) nil nil)) + (set (make-local-variable 'font-lock-syntax-table) + puppet-font-lock-syntax-table) + (run-hooks 'puppet-mode-hook)) (provide 'puppet-mode) ext/emacs/puppet-mode.el @@ -17,6 +17,11 @@ attributetype ( 1.1.3.11 NAME 'environment' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +attributetype ( 1.1.3.12 NAME 'puppetvar' + DESC 'A variable setting for puppet' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + objectclass ( 1.1.1.2 NAME 'puppetClient' SUP top AUXILIARY DESC 'Puppet Client objectclass' - MAY ( puppetclass $ parentnode $ environment )) + MAY ( puppetclass $ parentnode $ environment $ puppetvar )) ext/ldap/puppet.schema @@ -106,7 +106,7 @@ def do_man(man, strip = 'man/') File.install(mf, omf, 0644, true) gzip = %x{which gzip} gzip.chomp! - %x{#{gzip} #{omf}} + %x{#{gzip} -f #{omf}} end end @@ -210,6 +210,15 @@ def prepare_installation end end + # Mac OS X 10.5 declares bindir and sbindir as + # /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin + # /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/sbin + # which is not generally where people expect executables to be installed + if RUBY_PLATFORM == "universal-darwin9.0" + Config::CONFIG['bindir'] = "/usr/bin" + Config::CONFIG['sbindir'] = "/usr/sbin" + end + if (destdir = ENV['DESTDIR']) bindir = "#{destdir}#{Config::CONFIG['bindir']}" sbindir = "#{destdir}#{Config::CONFIG['sbindir']}" install.rb @@ -60,12 +60,6 @@ module Puppet this directory can be removed without causing harm (although it might result in spurious service restarts)." }, - :ssldir => { - :default => "$confdir/ssl", - :mode => 0771, - :owner => "root", - :desc => "Where SSL certificates are kept." - }, :rundir => { :default => rundir, :mode => 01777, @@ -148,7 +142,20 @@ module Puppet but then ship with tools that do not know how to handle signed ints, so the UIDs show up as huge numbers that can then not be fed back into the system. This is a hackish way to fail in a slightly more useful way when that happens."], - :node_terminus => ["plain", "Where to find information about nodes."] + :node_terminus => ["plain", "Where to find information about nodes."], + :httplog => { :default => "$logdir/http.log", + :owner => "root", + :mode => 0640, + :desc => "Where the puppetd web server logs." + }, + :http_proxy_host => ["none", + "The HTTP proxy host to use for outgoing connections. Note: You + may need to use a FQDN for the server hostname when using a proxy."], + :http_proxy_port => [3128, + "The HTTP proxy port to use for outgoing connections"], + :http_enable_post_connection_check => [true, + "Boolean; wheter or not puppetd should validate the server + SSL certificate against the request hostname."] ) hostname = Facter["hostname"].value @@ -159,13 +166,19 @@ module Puppet fqdn = hostname end - Puppet.setdefaults(:ssl, + Puppet.setdefaults(:main, :certname => [fqdn, "The name to use when handling certificates. Defaults to the fully qualified domain name."], :certdnsnames => ['', "The DNS names on the Server certificate as a colon-separated list. If it's anything other than an empty string, it will be used as an alias in the created certificate. By default, only the server gets an alias set up, and only for 'puppet'."], :certdir => ["$ssldir/certs", "The certificate directory."], + :ssldir => { + :default => "$confdir/ssl", + :mode => 0771, + :owner => "root", + :desc => "Where SSL certificates are kept." + }, :publickeydir => ["$ssldir/public_keys", "The public key directory."], :requestdir => ["$ssldir/certificate_requests", "Where host certificate requests are stored."], :privatekeydir => { :default => "$ssldir/private_keys", @@ -236,7 +249,12 @@ module Puppet :owner => "$user", :group => "$group", :mode => 0664, - :desc => "The certificate revocation list (CRL) for the CA. Set this to 'false' if you do not want to use a CRL." + :desc => "The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored.", + :hook => proc do |value| + if value == 'false' + Puppet.warning "Setting the :cacrl to 'false' is deprecated; Puppet will just ignore the crl if yours is missing" + end + end }, :caprivatedir => { :default => "$cadir/private", :owner => "$user", @@ -264,7 +282,7 @@ module Puppet :serial => { :default => "$cadir/serial", :owner => "$user", :group => "$group", - :mode => 0600, + :mode => 0644, :desc => "Where the serial number for certificates is stored." }, :autosign => { :default => "$confdir/autosign.conf", @@ -297,7 +315,7 @@ module Puppet self.setdefaults(self.settings[:name], :config => ["$confdir/puppet.conf", "The configuration file for #{Puppet[:name]}."], - :pidfile => ["", "The pid file"], + :pidfile => ["$rundir/$name.pid", "The pid file"], :bindaddress => ["", "The address to bind to. Mongrel servers default to 127.0.0.1 and WEBrick defaults to 0.0.0.0."], :servertype => ["webrick", "The type of server to use. Currently supported @@ -388,19 +406,6 @@ module Puppet :mode => 0640, :desc => "The log file for puppetd. This is generally not used." }, - :httplog => { :default => "$logdir/http.log", - :owner => "root", - :mode => 0640, - :desc => "Where the puppetd web server logs." - }, - :http_proxy_host => ["none", - "The HTTP proxy host to use for outgoing connections. Note: You - may need to use a FQDN for the server hostname when using a proxy."], - :http_proxy_port => [3128, - "The HTTP proxy port to use for outgoing connections"], - :http_enable_post_connection_check => [true, - "Boolean; wheter or not puppetd should validate the server - SSL certificate against the request hostname."], :server => ["puppet", "The server to which server puppetd should connect"], :ignoreschedules => [false, @@ -511,9 +516,11 @@ module Puppet # Central fact information. self.setdefaults(:main, - :factpath => ["$vardir/facts", - "Where Puppet should look for facts. Multiple directories should - be colon-separated, like normal PATH variables."], + :factpath => {:default => "$vardir/facts", + :desc => "Where Puppet should look for facts. Multiple directories should + be colon-separated, like normal PATH variables.", + :call_on_define => true, # Call our hook with the default value, so we always get the value added to facter. + :hook => proc { |value| Facter.search(value) if Facter.respond_to?(:search) }}, :factdest => ["$vardir/facts", "Where Puppet should store facts that it pulls down from the central server."], @@ -628,6 +635,10 @@ module Puppet :ldapclassattrs => ["puppetclass", "The LDAP attributes to use to define Puppet classes. Values should be comma-separated."], + :ldapstackedattrs => ["puppetvar", + "The LDAP attributes that should be stacked to arrays by adding + the values in all hierarchy elements of the tree. Values + should be comma-separated."], :ldapattrs => ["all", "The LDAP attributes to include when querying LDAP for nodes. All returned attributes are set as variables in the top-level scope. lib/puppet/defaults.rb @@ -5,25 +5,20 @@ require 'puppet' require 'puppet/file_serving' require 'puppet/file_serving/mount' +require 'puppet/util/cacher' class Puppet::FileServing::Configuration require 'puppet/file_serving/configuration/parser' + extend Puppet::Util::Cacher + @config_fileuration = nil Mount = Puppet::FileServing::Mount - # Remove our singleton instance. - def self.clear_cache - @config_fileuration = nil - end - # Create our singleton configuration. def self.create - unless @config_fileuration - @config_fileuration = new() - end - @config_fileuration + attr_cache(:configuration) { new() } end private_class_method :new lib/puppet/file_serving/configuration.rb @@ -4,6 +4,7 @@ require 'puppet/network/authstore' require 'puppet/util/logging' +require 'puppet/util/cacher' require 'puppet/file_serving' require 'puppet/file_serving/metadata' require 'puppet/file_serving/content' @@ -12,12 +13,16 @@ require 'puppet/file_serving/content' # or content objects. class Puppet::FileServing::Mount < Puppet::Network::AuthStore include Puppet::Util::Logging + extend Puppet::Util::Cacher - @@localmap = nil - - # Clear the cache. This is only ever used for testing. - def self.clear_cache - @@localmap = nil + def self.localmap + attr_cache(:localmap) { + { "h" => Facter.value("hostname"), + "H" => [Facter.value("hostname"), + Facter.value("domain")].join("."), + "d" => Facter.value("domain") + } + } end attr_reader :name @@ -173,14 +178,6 @@ class Puppet::FileServing::Mount < Puppet::Network::AuthStore # Cache this manufactured map, since if it's used it's likely # to get used a lot. def localmap - unless @@localmap - @@localmap = { - "h" => Facter.value("hostname"), - "H" => [Facter.value("hostname"), - Facter.value("domain")].join("."), - "d" => Facter.value("domain") - } - end - @@localmap + self.class.localmap end end lib/puppet/file_serving/mount.rb @@ -1,20 +1,17 @@ require 'puppet/util/docs' require 'puppet/indirector/envelope' require 'puppet/indirector/request' +require 'puppet/util/cacher' # The class that connects functional classes with their different collection # back-ends. Each indirection has a set of associated terminus classes, # each of which is a subclass of Puppet::Indirector::Terminus. class Puppet::Indirector::Indirection + include Puppet::Util::Cacher include Puppet::Util::Docs @@indirections = [] - # Clear all cached termini from all indirections. - def self.clear_cache - @@indirections.each { |ind| ind.clear_cache } - end - # Find an indirection by name. This is provided so that Terminus classes # can specifically hook up with the indirections they are associated with. def self.instance(name) @@ -54,13 +51,6 @@ class Puppet::Indirector::Indirection @cache_class = class_name end - # Clear our cached list of termini, and reset the cache name - # so it's looked up again. - # This is only used for testing. - def clear_cache - @termini.clear - end - # This is only used for testing. def delete @@indirections.delete(self) if @@indirections.include?(self) @@ -104,7 +94,6 @@ class Puppet::Indirector::Indirection @model = model @name = name - @termini = {} @cache_class = nil @terminus_class = nil @@ -138,7 +127,7 @@ class Puppet::Indirector::Indirection raise Puppet::DevError, "No terminus specified for %s; cannot redirect" % self.name end - return @termini[terminus_name] ||= make_terminus(terminus_name) + return termini[terminus_name] ||= make_terminus(terminus_name) end # This can be used to select the terminus class. @@ -299,4 +288,9 @@ class Puppet::Indirector::Indirection end return klass.new end + + # Use cached termini. + def termini + attr_cache(:termini) { Hash.new } + end end lib/puppet/indirector/indirection.rb @@ -19,6 +19,8 @@ class Puppet::Node::Ldap < Puppet::Indirector::Ldap node = Puppet::Node.new(name) + information[:stacked_parameters] = {} + parent_info = nil parent = information[:parent] parents = [name] @@ -34,6 +36,10 @@ class Puppet::Node::Ldap < Puppet::Indirector::Ldap raise Puppet::Error.new("Could not find parent node '%s'" % parent) end information[:classes] += parent_info[:classes] + parent_info[:stacked].each do |value| + param = value.split('=', 2) + information[:stacked_parameters][param[0]] = param[1] + end parent_info[:parameters].each do |param, value| # Specifically test for whether it's set, so false values are handled # correctly. @@ -45,6 +51,15 @@ class Puppet::Node::Ldap < Puppet::Indirector::Ldap parent = parent_info[:parent] end + information[:stacked].each do |value| + param = value.split('=', 2) + information[:stacked_parameters][param[0]] = param[1] + end + + information[:stacked_parameters].each do |param, value| + information[:parameters][param] = value unless information[:parameters].include?(param) + end + node.classes = information[:classes].uniq unless information[:classes].empty? node.parameters = information[:parameters] unless information[:parameters].empty? node.environment = information[:environment] if information[:environment] @@ -62,6 +77,12 @@ class Puppet::Node::Ldap < Puppet::Indirector::Ldap end end + # The attributes that Puppet will stack as array over the full + # hierarchy. + def stacked_attributes + Puppet[:ldapstackedattrs].split(/\s*,\s*/) + end + # Process the found entry. We assume that we don't just want the # ldap object. def process(name, entry) @@ -85,6 +106,14 @@ class Puppet::Node::Ldap < Puppet::Indirector::Ldap end } + result[:stacked] = [] + stacked_attributes.each { |attr| + if values = entry.vals(attr) + result[:stacked] = result[:stacked] + values + end + } + + result[:parameters] = entry.to_hash.inject({}) do |hash, ary| if ary[1].length == 1 hash[ary[0]] = ary[1].shift lib/puppet/indirector/node/ldap.rb @@ -3,21 +3,20 @@ require 'uri' # Access objects via REST class Puppet::Indirector::REST < Puppet::Indirector::Terminus - def rest_connection_details { :host => Puppet[:server], :port => Puppet[:masterport].to_i } end def network_fetch(path) - network {|conn| conn.get("/#{path}").body } + network.get("/#{path}").body end def network_delete(path) - network {|conn| conn.delete("/#{path}").body } + network.delete("/#{path}").body end def network_put(path, data) - network {|conn| conn.put("/#{path}", data).body } + network.put("/#{path}", data).body end def find(request) @@ -46,8 +45,8 @@ class Puppet::Indirector::REST < Puppet::Indirector::Terminus private - def network(&block) - Net::HTTP.start(rest_connection_details[:host], rest_connection_details[:port]) {|conn| yield(conn) } + def network + Puppet::Network::HttpPool.http_instance(rest_connection_details[:host], rest_connection_details[:port]) end def exception?(yaml_string) lib/puppet/indirector/rest.rb @@ -45,7 +45,7 @@ class Puppet::Network::Client::CA < Puppet::Network::Client end unless @cert.check_private_key(key) - raise InvalidCertificate, "Certificate does not match private key. Try 'puppetca --clean %s' on the server." % Facter.value(:fqdn) + raise InvalidCertificate, "Certificate does not match private key. Try 'puppetca --clean %s' on the server." % Puppet[:certname] end # Only write the cert out if it passes validating. lib/puppet/network/client/ca.rb @@ -20,7 +20,7 @@ module Puppet::Network::HTTP::Handler private def model - @model + @model end def do_find(request, response) @@ -53,7 +53,7 @@ module Puppet::Network::HTTP::Handler end def save_object(obj) - obj.save + obj.save end def do_exception(request, response, exception, status=404) @@ -85,8 +85,7 @@ module Puppet::Network::HTTP::Handler %r{/#{@handler.to_s}s$}.match(path(request)) end - # methods to be overridden by the including web server class - + # methods to be overridden by the including web server class def register_handler raise NotImplementedError end lib/puppet/network/http/handler.rb @@ -16,6 +16,7 @@ class Puppet::Network::HTTP::Mongrel @protocols = args[:protocols] @handlers = args[:handlers] + @xmlrpc_handlers = args[:xmlrpc_handlers] @server = Mongrel::HttpServer.new(args[:address], args[:port]) setup_handlers @@ -38,12 +39,22 @@ class Puppet::Network::HTTP::Mongrel def setup_handlers @protocols.each do |protocol| + next if protocol == :xmlrpc klass = class_for_protocol(protocol) @handlers.each do |handler| @server.register('/' + handler.to_s, klass.new(:server => @server, :handler => handler)) @server.register('/' + handler.to_s + 's', klass.new(:server => @server, :handler => handler)) end end + + if @protocols.include?(:xmlrpc) and ! @xmlrpc_handlers.empty? + setup_xmlrpc_handlers + end + end + + # Use our existing code to provide the xmlrpc backward compatibility. + def setup_xmlrpc_handlers + @server.register('/RPC2', Puppet::Network::HTTPServer::Mongrel.new(@xmlrpc_handlers)) end def class_for_protocol(protocol) lib/puppet/network/http/mongrel.rb @@ -2,12 +2,12 @@ require 'puppet/network/http/handler' class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler - include Puppet::Network::HTTP::Handler + include Puppet::Network::HTTP::Handler - def initialize(args={}) - super() - initialize_for_puppet(args) - end + def initialize(args={}) + super() + initialize_for_puppet(args) + end private lib/puppet/network/http/mongrel/rest.rb @@ -1,8 +1,12 @@ require 'webrick' require 'webrick/https' require 'puppet/network/http/webrick/rest' +require 'puppet/network/xmlrpc/webrick_servlet' require 'thread' +require 'puppet/ssl/certificate' +require 'puppet/ssl/certificate_revocation_list' + class Puppet::Network::HTTP::WEBrick def initialize(args = {}) @listening = false @@ -22,6 +26,7 @@ class Puppet::Network::HTTP::WEBrick @protocols = args[:protocols] @handlers = args[:handlers] + @xmlrpc_handlers = args[:xmlrpc_handlers] arguments = {:BindAddress => args[:address], :Port => args[:port]} arguments.merge!(setup_logger) @@ -54,7 +59,7 @@ class Puppet::Network::HTTP::WEBrick end end - # Configure out http log file. + # Configure our http log file. def setup_logger # Make sure the settings are all ready for us. Puppet.settings.use(:main, :ssl, Puppet[:name]) @@ -84,51 +89,56 @@ class Puppet::Network::HTTP::WEBrick def setup_ssl results = {} - results[:SSLCertificateStore] = setup_crl if Puppet[:cacrl] != 'false' + host = Puppet::SSL::Host.new + + host.generate unless host.certificate + + raise Puppet::Error, "Could not retrieve certificate for %s and not running on a valid certificate authority" % host.name unless host.certificate - results[:SSLCertificate] = self.cert - results[:SSLPrivateKey] = self.key + results[:SSLPrivateKey] = host.key.content + results[:SSLCertificate] = host.certificate.content results[:SSLStartImmediately] = true results[:SSLEnable] = true - results[:SSLCACertificateFile] = Puppet[:localcacert] - results[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER - results[:SSLCertName] = nil - results - end - - # Create our Certificate revocation list - def setup_crl - nil - if Puppet[:cacrl] == 'false' - # No CRL, no store needed - return nil - end - unless File.exist?(Puppet[:cacrl]) - raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage" - end - crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])) - store = OpenSSL::X509::Store.new - store.purpose = OpenSSL::X509::PURPOSE_ANY - store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK - unless self.ca_cert + unless Puppet::SSL::Certificate.find("ca") raise Puppet::Error, "Could not find CA certificate" end - store.add_file(Puppet[:localcacert]) - store.add_crl(crl) - return store + results[:SSLCACertificateFile] = Puppet[:localcacert] + results[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER + + results[:SSLCertificateStore] = host.ssl_store + + results end private def setup_handlers + # Set up the new-style protocols. @protocols.each do |protocol| + next if protocol == :xmlrpc klass = self.class.class_for_protocol(protocol) @handlers.each do |handler| @server.mount('/' + handler.to_s, klass, handler) @server.mount('/' + handler.to_s + 's', klass, handler) end end + + # And then set up xmlrpc, if configured. + if @protocols.include?(:xmlrpc) and ! @xmlrpc_handlers.empty? + @server.mount("/RPC2", xmlrpc_servlet) + end + end + + # Create our xmlrpc servlet, which provides backward compatibility. + def xmlrpc_servlet + handlers = @xmlrpc_handlers.collect { |handler| + unless hclass = Puppet::Network::Handler.handler(handler) + raise "Invalid xmlrpc handler %s" % handler + end + hclass.new({}) + } + Puppet::Network::XMLRPC::WEBrickServlet.new handlers end end lib/puppet/network/http/webrick.rb @@ -1,11 +1,13 @@ -require 'puppet/sslcertificates/support' +require 'puppet/ssl/host' require 'net/https' +require 'puppet/util/cacher' -module Puppet::Network -end +module Puppet::Network; end # Manage Net::HTTP instances for keep-alive. module Puppet::Network::HttpPool + extend Puppet::Util::Cacher + # 2008/03/23 # LAK:WARNING: Enabling this has a high propability of # causing corrupt files and who knows what else. See #1010. @@ -15,18 +17,18 @@ module Puppet::Network::HttpPool HTTP_KEEP_ALIVE end - # This handles reading in the key and such-like. - extend Puppet::SSLCertificates::Support - @http_cache = {} + # Create an ssl host instance for getting certificate + # information. + def self.ssl_host + attr_cache(:ssl_host) { Puppet::SSL::Host.new } + end # Clear our http cache, closing all connections. def self.clear_http_instances - @http_cache.each do |name, connection| + http_cache.each do |name, connection| connection.finish if connection.started? end - @http_cache.clear - @cert = nil - @key = nil + Puppet::Util::Cacher.invalidate end # Make sure we set the driver up when we read the cert in. @@ -44,17 +46,13 @@ module Puppet::Network::HttpPool # Use cert information from a Puppet client to set up the http object. def self.cert_setup(http) # Just no-op if we don't have certs. - return false unless (defined?(@cert) and @cert) or self.read_cert + return false unless FileTest.exist?(Puppet[:hostcert]) # ssl_host.certificate - store = OpenSSL::X509::Store.new - store.add_file Puppet[:localcacert] - store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT - - http.cert_store = store + http.cert_store = ssl_host.ssl_store http.ca_file = Puppet[:localcacert] - http.cert = self.cert + http.cert = ssl_host.certificate.content http.verify_mode = OpenSSL::SSL::VERIFY_PEER - http.key = self.key + http.key = ssl_host.key.content end # Retrieve a cached http instance of caching is enabled, else return @@ -66,11 +64,11 @@ module Puppet::Network::HttpPool # Return our cached instance if we've got a cache, as long as we're not # resetting the instance. if keep_alive? - return @http_cache[key] if ! reset and @http_cache[key] + return http_cache[key] if ! reset and http_cache[key] # Clean up old connections if we have them. - if http = @http_cache[key] - @http_cache.delete(key) + if http = http_cache[key] + http_cache.delete(key) http.finish if http.started? end end @@ -100,8 +98,15 @@ module Puppet::Network::HttpPool cert_setup(http) - @http_cache[key] = http if keep_alive? + http_cache[key] = http if keep_alive? return http end + + private + + def self.http_cache + # Default to an empty hash. + attr_cache(:http) { Hash.new } + end end lib/puppet/network/http_pool.rb @@ -64,11 +64,11 @@ module Puppet::Network # behaviour and we have to subclass Mongrel::HttpHandler so our handler # works for Mongrel. @xmlrpc_server = Puppet::Network::XMLRPCServer.new - handlers.each do |name, args| + handlers.each do |name| unless handler = Puppet::Network::Handler.handler(name) raise ArgumentError, "Invalid handler %s" % name end - @xmlrpc_server.add_handler(handler.interface, handler.new(args)) + @xmlrpc_server.add_handler(handler.interface, handler.new({})) end end lib/puppet/network/http_server/mongrel.rb @@ -1,26 +1,87 @@ require 'puppet/network/http' +require 'puppet/util/pidlock' class Puppet::Network::Server attr_reader :server_type, :protocols, :address, :port + # Put the daemon into the background. + def daemonize + if pid = fork() + Process.detach(pid) + exit(0) + end + + # Get rid of console logging + Puppet::Util::Log.close(:console) + + Process.setsid + Dir.chdir("/") + begin + $stdin.reopen "/dev/null" + $stdout.reopen "/dev/null", "a" + $stderr.reopen $stdout + Puppet::Util::Log.reopen + rescue => detail + File.open("/tmp/daemonout", "w") { |f| + f.puts "Could not start %s: %s" % [Puppet[:name], detail] + } + raise "Could not start %s: %s" % [Puppet[:name], detail] + end + end + + # Create a pidfile for our daemon, so we can be stopped and others + # don't try to start. + def create_pidfile + Puppet::Util.sync(Puppet[:name]).synchronize(Sync::EX) do + unless Puppet::Util::Pidlock.new(pidfile).lock + raise "Could not create PID file: %s" % [pidfile] + end + end + end + + # Remove the pid file for our daemon. + def remove_pidfile + Puppet::Util.sync(Puppet[:name]).synchronize(Sync::EX) do + locker = Puppet::Util::Pidlock.new(pidfile) + if locker.locked? + locker.unlock or Puppet.err "Could not remove PID file %s" % [pidfile] + end + end + end + + # Provide the path to our pidfile. + def pidfile + Puppet[:pidfile] + end + def initialize(args = {}) @server_type = Puppet[:servertype] or raise "No servertype configuration found." # e.g., WEBrick, Mongrel, etc. http_server_class || raise(ArgumentError, "Could not determine HTTP Server class for server type [#{@server_type}]") - @address = args[:address] || Puppet[:bindaddress] || - raise(ArgumentError, "Must specify :address or configure Puppet :bindaddress.") - @port = args[:port] || Puppet[:masterport] || - raise(ArgumentError, "Must specify :port or configure Puppet :masterport") - @protocols = [ :rest ] + + @address = args[:address] || Puppet[:bindaddress] || raise(ArgumentError, "Must specify :address or configure Puppet :bindaddress.") + @port = args[:port] || Puppet[:masterport] || raise(ArgumentError, "Must specify :port or configure Puppet :masterport") + + @protocols = [ :rest, :xmlrpc ] @listening = false @routes = {} + @xmlrpc_routes = {} self.register(args[:handlers]) if args[:handlers] + self.register_xmlrpc(args[:xmlrpc_handlers]) if args[:xmlrpc_handlers] + + # Make sure we have all of the directories we need to function. + Puppet.settings.use(:main, :ssl, Puppet[:name]) end + # Register handlers for REST networking, based on the Indirector. def register(*indirections) raise ArgumentError, "Indirection names are required." if indirections.empty? - indirections.flatten.each { |i| @routes[i.to_sym] = true } + indirections.flatten.each do |name| + Puppet::Indirector::Indirection.model(name) || raise(ArgumentError, "Cannot locate indirection '#{name}'.") + @routes[name.to_sym] = true + end end + # Unregister Indirector handlers. def unregister(*indirections) raise "Cannot unregister indirections while server is listening." if listening? indirections = @routes.keys if indirections.empty? @@ -34,6 +95,29 @@ class Puppet::Network::Server end end + # Register xmlrpc handlers for backward compatibility. + def register_xmlrpc(*namespaces) + raise ArgumentError, "XMLRPC namespaces are required." if namespaces.empty? + namespaces.flatten.each do |name| + Puppet::Network::Handler.handler(name) || raise(ArgumentError, "Cannot locate XMLRPC handler for namespace '#{name}'.") + @xmlrpc_routes[name.to_sym] = true + end + end + + # Unregister xmlrpc handlers. + def unregister_xmlrpc(*namespaces) + raise "Cannot unregister xmlrpc handlers while server is listening." if listening? + namespaces = @xmlrpc_routes.keys if namespaces.empty? + + namespaces.flatten.each do |i| + raise(ArgumentError, "XMLRPC handler '%s' is unknown." % i) unless @xmlrpc_routes[i.to_sym] + end + + namespaces.flatten.each do |i| + @xmlrpc_routes.delete(i.to_sym) + end + end + def listening? @listening end @@ -41,7 +125,7 @@ class Puppet::Network::Server def listen raise "Cannot listen -- already listening." if listening? @listening = true - http_server.listen(:address => address, :port => port, :handlers => @routes.keys, :protocols => protocols) + http_server.listen(:address => address, :port => port, :handlers => @routes.keys, :xmlrpc_handlers => @xmlrpc_routes.keys, :protocols => protocols) end def unlisten @@ -54,6 +138,16 @@ class Puppet::Network::Server http_server_class_by_type(@server_type) end + def start + create_pidfile + listen + end + + def stop + unlisten + remove_pidfile + end + private def http_server lib/puppet/network/server.rb @@ -51,7 +51,8 @@ module Puppet::Network end ["certificate verify failed", "hostname was not match", "hostname not match"].each do |str| if detail.message.include?(str) - Puppet.warning "Certificate validation failed; considering using the certname configuration option" + Puppet.warning "Certificate validation failed; consider using the certname configuration option" + break end end raise XMLRPCClientError, lib/puppet/network/xmlrpc/client.rb @@ -332,7 +332,7 @@ class Puppet::Parser::Compiler unless remaining.empty? fail Puppet::ParseError, - "Could not find object(s) %s" % remaining.collect { |o| + "Could not find resource(s) %s for overriding" % remaining.collect { |o| o.ref }.join(", ") end lib/puppet/parser/compiler.rb @@ -165,7 +165,7 @@ module Functions type is defined, either as a native type or a defined type, or whether a class is defined. This is useful for checking whether a class is defined and only including it if it is. This function can also test whether a resource has been defined, using resource references - (e.g., ``if defined(File['/tmp/myfile'] { ... }``). This function is unfortunately + (e.g., ``if defined(File['/tmp/myfile']) { ... }``). This function is unfortunately dependent on the parse order of the configuration when testing whether a resource is defined.") do |vals| result = false vals.each do |val| lib/puppet/parser/functions.rb @@ -62,7 +62,7 @@ class Puppet::Parser::Interpreter # exception elsewhere and reuse the parser. If one doesn't # exist, then reraise. if @parsers[environment] - Puppet.err detail + Puppet.err(detail.to_s + "; using previously parsed manifests") else raise detail end lib/puppet/parser/interpreter.rb @@ -20,6 +20,15 @@ class Puppet::Parser::TemplateWrapper end end + # Should return true if a variable is defined, false if it is not + def has_variable?(name) + if @scope.lookupvar(name.to_s, false) != :undefined + true + else + false + end + end + # Ruby treats variables like methods, so we can cheat here and # trap missing vars like they were missing methods. def method_missing(name, *args) lib/puppet/parser/templatewrapper.rb @@ -5,6 +5,10 @@ class Puppet::Provider include Puppet::Util::Warnings extend Puppet::Util::Warnings + require 'puppet/provider/confiner' + + extend Puppet::Provider::Confiner + Puppet::Util.logmethods(self, true) class << self @@ -40,27 +44,13 @@ class Puppet::Provider [name, self.name] end - if command == :missing - return nil - end - - command + return binary(command) end # Define commands that are not optional. def self.commands(hash) optional_commands(hash) do |name, path| - confine :exists => path - end - end - - def self.confine(hash) - hash.each do |p,v| - if v.is_a? Array - @confines[p] += v - else - @confines[p] << v - end + confine :exists => path, :for_binary => true end end @@ -108,10 +98,6 @@ class Puppet::Provider def self.initvars @defaults = {} @commands = {} - @origcommands = {} - @confines = Hash.new do |hash, key| - hash[key] = [] - end end # The method for returning a list of provider instances. Note that it returns providers, preferably with values already @@ -180,16 +166,7 @@ class Puppet::Provider def self.optional_commands(hash) hash.each do |name, path| name = symbolize(name) - @origcommands[name] = path - - # Try to find the full path (or verify already-full paths); otherwise - # store that the command is missing so we know it's defined but absent. - if tmp = binary(path) - path = tmp - @commands[name] = path - else - @commands[name] = :missing - end + @commands[name] = path if block_given? yield(name, path) @@ -208,69 +185,6 @@ class Puppet::Provider @source end - # Check whether this implementation is suitable for our platform. - def self.suitable?(short = true) - # A single false result is sufficient to turn the whole thing down. - # We don't return 'true' until the very end, though, so that every - # confine is tested. - missing = {} - @confines.each do |check, values| - case check - when :exists: - values.each do |value| - unless value and FileTest.exists? value - debug "Not suitable: missing %s" % value - return false if short - missing[:exists] ||= [] - missing[:exists] << value - end - end - when :true: - values.each do |v| - debug "Not suitable: false value" - unless v - return false if short - missing[:true] ||= 0 - missing[:true] += 1 - end - end - when :false: - values.each do |v| - debug "Not suitable: true value" - if v and short - return false if short - missing[:false] ||= 0 - missing[:false] += 1 - end - end - else # Just delegate everything else to facter - if result = Facter.value(check) - result = result.to_s.downcase.intern - - found = values.find do |v| - result == v.to_s.downcase.intern - end - unless found - debug "Not suitable: %s not in %s" % [check, values] - return false if short - missing[:facter] ||= {} - missing[:facter][check] = values - end - else - return false if short - missing[:facter] ||= {} - missing[:facter][check] = values - end - end - end - - if short - return true - else - return missing - end - end - # Does this provider support the specified parameter? def self.supports_parameter?(param) if param.is_a?(Class) @@ -309,8 +223,8 @@ class Puppet::Provider end dochook(:commands) do - if @origcommands.length > 0 - return " Required binaries: " + @origcommands.collect do |n, c| + if @commands.length > 0 + return " Required binaries: " + @commands.collect do |n, c| "``#{c}``" end.join(", ") + "." end lib/puppet/provider.rb @@ -30,7 +30,7 @@ Puppet::Type.type(:cron).provide(:crontab, } crontab = record_line :crontab, :fields => %w{minute hour monthday month weekday command}, - :match => %r{^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.+)$}, + :match => %r{^\s*(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.+)$}, :optional => %w{minute hour weekday month monthday}, :absent => "*" class << crontab lib/puppet/provider/cron/crontab.rb @@ -25,7 +25,7 @@ class ObjectAdd < Puppet::Provider::NameService cmd = [command(:modify), flag(param), value] - if @resource[:allowdupe] == :true + if @resource[:allowdupe] == :true && param == :uid cmd << "-o" end cmd << @resource[:name] lib/puppet/provider/nameservice/objectadd.rb @@ -67,7 +67,7 @@ Puppet::Type.type(:package).provide :rpm, :source => :rpm, :parent => Puppet::Pr end cmd = [command(:rpm), "-q", "--qf", "#{NEVRAFORMAT}\n", "-p", "#{@resource[:source]}"] - h = nevra_to_hash(execfail(cmd, Puppet::Error)) + h = self.class.nevra_to_hash(execfail(cmd, Puppet::Error)) return h[:ensure] end lib/puppet/provider/package/rpm.rb @@ -1,6 +1,6 @@ Puppet::Type.type(:package).provide :urpmi, :parent => :rpm, :source => :rpm do desc "Support via ``urpmi``." - commands :urpmi => "urpmi", :rpm => "rpm" + commands :urpmi => "urpmi", :urpmq => "urpmq", :rpm => "rpm" if command('rpm') confine :true => begin @@ -41,9 +41,9 @@ Puppet::Type.type(:package).provide :urpmi, :parent => :rpm, :source => :rpm do # What's the latest package version available? def latest - output = urpmi "-S", :available, @resource[:name] + output = urpmq "-S", @resource[:name] - if output =~ /^#{@resource[:name]}\S+\s+(\S+)\s/ + if output =~ /^#{@resource[:name]}\s+:\s+.*\(\s+(\S+)\s+\)/ return $1 else # urpmi didn't find updates, pretend the current lib/puppet/provider/package/urpmi.rb @@ -1,10 +1,10 @@ Puppet::Type.type(:service).provide :base do desc "The simplest form of service support. You have to specify enough about your service for this to work; the minimum you can specify - is a binary for starting the process, and this same binary will be searched - for in the process table to stop the service. It is preferable to - specify start, stop, and status commands, akin to how you would do - so using ``init``." + is a binary for starting the process, and this same binary will be + searched for in the process table to stop the service. It is + preferable to specify start, stop, and status commands, akin to how you + would do so using ``init``." commands :kill => "kill" lib/puppet/provider/service/base.rb @@ -2,9 +2,9 @@ # customizations of this module. Puppet::Type.type(:service).provide :init, :parent => :base do desc "Standard init service management. This provider assumes that the - init script has not ``status`` command, because so few scripts do, - so you need to either provide a status command or specify via ``hasstatus`` - that one already exists in the init script." + init script has no ``status`` command, because so few scripts do, + so you need to either provide a status command or specify via + ``hasstatus`` that one already exists in the init script." class << self attr_accessor :defpath lib/puppet/provider/service/init.rb @@ -1,11 +1,11 @@ -# Manage debian services. Start/stop is the same as InitSvc, but enable/disable -# is special. +# Manage Red Hat services. Start/stop uses /sbin/service and enable/disable uses chkconfig + Puppet::Type.type(:service).provide :redhat, :parent => :init do desc "Red Hat's (and probably many others) form of ``init``-style service management; uses ``chkconfig`` for service enabling and disabling." - commands :chkconfig => "/sbin/chkconfig" - + commands :chkconfig => "/sbin/chkconfig", :service => "/sbin/service" + defaultfor :operatingsystem => [:redhat, :fedora, :suse, :centos] def self.defpath @@ -16,7 +16,6 @@ Puppet::Type.type(:service).provide :redhat, :parent => :init do def disable begin output = chkconfig(@resource[:name], :off) - output += chkconfig("--del", @resource[:name]) rescue Puppet::ExecutionFailure raise Puppet::Error, "Could not disable %s: %s" % [self.name, output] @@ -43,12 +42,28 @@ Puppet::Type.type(:service).provide :redhat, :parent => :init do # in the init scripts. def enable begin - output = chkconfig("--add", @resource[:name]) - output += chkconfig(@resource[:name], :on) + output = chkconfig(@resource[:name], :on) rescue Puppet::ExecutionFailure => detail raise Puppet::Error, "Could not enable %s: %s" % [self.name, detail] end end + + def restart + if @resource[:hasrestart] == true + service(@resource[:name], "restart") + else + return false + end + end + + def start + service(@resource[:name], "start") + end + + def stop + service(@resource[:name], "stop") + end + end lib/puppet/provider/service/redhat.rb @@ -71,6 +71,8 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider details += " - Got %s true tests that should have been false\n" % values when :false: details += " - Got %s false tests that should have been true\n" % values + when :feature: + details += " - Missing features %s\n" % values.collect { |f| f.to_s }.join(",") end end notes << details lib/puppet/reference/providers.rb @@ -1,5 +1,6 @@ require 'puppet/ssl/host' require 'puppet/ssl/certificate_request' +require 'puppet/util/cacher' # The class that knows how to sign certificates. It creates # a 'special' SSL::Host whose name is 'ca', thus indicating @@ -14,141 +15,84 @@ class Puppet::SSL::CertificateAuthority require 'puppet/ssl/inventory' require 'puppet/ssl/certificate_revocation_list' - # This class is basically a hidden class that knows how to act - # on the CA. It's only used by the 'puppetca' executable, and its - # job is to provide a CLI-like interface to the CA class. - class Interface - INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify] + require 'puppet/ssl/certificate_authority/interface' - class InterfaceError < ArgumentError; end + extend Puppet::Util::Cacher - attr_reader :method, :subjects + def self.ca? + return false unless Puppet[:ca] + return false unless Puppet[:name] == "puppetmasterd" + return true + end - # Actually perform the work. - def apply(ca) - unless subjects or method == :list - raise ArgumentError, "You must provide hosts or :all when using %s" % method - end + # If this process can function as a CA, then return a singleton + # instance. + def self.instance + return nil unless ca? - begin - if respond_to?(method) - return send(method, ca) - end - - (subjects == :all ? ca.list : subjects).each do |host| - ca.send(method, host) - end - rescue InterfaceError - raise - rescue => detail - puts detail.backtrace if Puppet[:trace] - Puppet.err "Could not call %s: %s" % [method, detail] - end - end - - def generate(ca) - raise InterfaceError, "It makes no sense to generate all hosts; you must specify a list" if subjects == :all + attr_cache(:instance) { new } + end - subjects.each do |host| - ca.generate(host) - end - end + attr_reader :name, :host - def initialize(method, subjects) - self.method = method - self.subjects = subjects + # Create and run an applicator. I wanted to build an interface where you could do + # something like 'ca.apply(:generate).to(:all) but I don't think it's really possible. + def apply(method, options) + unless options[:to] + raise ArgumentError, "You must specify the hosts to apply to; valid values are an array or the symbol :all" end + applier = Interface.new(method, options[:to]) - # List the hosts. - def list(ca) - unless subjects - puts ca.waiting?.join("\n") - return nil - end - - signed = ca.list - requests = ca.waiting? - - if subjects == :all - hosts = [signed, requests].flatten - else - hosts = subjects - end + applier.apply(self) + end - hosts.uniq.sort.each do |host| - if signed.include?(host) - puts "+ " + host - else - puts host - end - end - end + # If autosign is configured, then autosign all CSRs that match our configuration. + def autosign + return unless auto = autosign? - # Set the method to apply. - def method=(method) - raise ArgumentError, "Invalid method %s to apply" % method unless INTERFACE_METHODS.include?(method) - @method = method + store = nil + if auto != true + store = autosign_store(auto) end - # Print certificate information. - def print(ca) - (subjects == :all ? ca.list : subjects).each do |host| - if value = ca.print(host) - puts value - else - Puppet.err "Could not find certificate for %s" % host - end - end - end - - # Sign a given certificate. - def sign(ca) - list = subjects == :all ? ca.waiting? : subjects - raise InterfaceError, "No waiting certificate requests to sign" if list.empty? - list.each do |host| - ca.sign(host) - end + Puppet::SSL::CertificateRequest.search("*").each do |csr| + sign(csr.name) if auto == true or store.allowed?(csr.name, "127.1.1.1") end + end - # Set the list of hosts we're operating on. Also supports keywords. - def subjects=(value) - unless value == :all or value.is_a?(Array) - raise ArgumentError, "Subjects must be an array or :all; not %s" % value - end + # Do we autosign? This returns true, false, or a filename. + def autosign? + auto = Puppet[:autosign] + return false if ['false', false].include?(auto) + return true if ['true', true].include?(auto) - if value.is_a?(Array) and value.empty? - value = nil - end - - @subjects = value + raise ArgumentError, "The autosign configuration '%s' must be a fully qualified file" % auto unless auto =~ /^\// + if FileTest.exist?(auto) + return auto + else + return false end end - attr_reader :name, :host - - # Create and run an applicator. I wanted to build an interface where you could do - # something like 'ca.apply(:generate).to(:all) but I don't think it's really possible. - def apply(method, options) - unless options[:to] - raise ArgumentError, "You must specify the hosts to apply to; valid values are an array or the symbol :all" + # Create an AuthStore for autosigning. + def autosign_store(file) + auth = Puppet::Network::AuthStore.new + File.readlines(file).each do |line| + next if line =~ /^\s*#/ + next if line =~ /^\s*$/ + auth.allow(line.chomp) end - applier = Interface.new(method, options[:to]) - applier.apply(self) + auth end # Retrieve (or create, if necessary) the certificate revocation list. def crl unless defined?(@crl) - # The crl is disabled. - if ["false", false].include?(Puppet[:cacrl]) - @crl = nil - return @crl - end - - unless @crl = Puppet::SSL::CertificateRevocationList.find("whatever") - @crl = Puppet::SSL::CertificateRevocationList.new("whatever") - @crl.generate(host.certificate.content) + unless @crl = Puppet::SSL::CertificateRevocationList.find("ca") + @crl = Puppet::SSL::CertificateRevocationList.new("ca") + @crl.generate(host.certificate.content, host.key.content) + @crl.save end end @crl @@ -183,6 +127,9 @@ class Puppet::SSL::CertificateAuthority # Create a self-signed certificate. @certificate = sign(host.name, :ca, request) + + # And make sure we initialize our CRL. + crl() end def initialize @@ -191,6 +138,8 @@ class Puppet::SSL::CertificateAuthority @name = Puppet[:certname] @host = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name) + + setup() end # Retrieve (or create, if necessary) our inventory manager. @@ -226,11 +175,17 @@ class Puppet::SSL::CertificateAuthority # file so this one is considered used. def next_serial serial = nil + + # This is slightly odd. If the file doesn't exist, our readwritelock creates + # it, but with a mode we can't actually read in some cases. So, use + # a default before the lock. + unless FileTest.exist?(Puppet[:serial]) + serial = 0x0 + end + Puppet.settings.readwritelock(:serial) { |f| if FileTest.exist?(Puppet[:serial]) - serial = File.read(Puppet.settings[:serial]).chomp.hex - else - serial = 0x0 + serial ||= File.read(Puppet.settings[:serial]).chomp.hex end # We store the next valid serial, not the one we just used. @@ -266,6 +221,14 @@ class Puppet::SSL::CertificateAuthority crl.revoke(serial, host.key.content) end + # This initializes our CA so it actually works. This should be a private + # method, except that you can't any-instance stub private methods, which is + # *awesome*. This method only really exists to provide a stub-point during + # testing. + def setup + generate_ca_certificate unless @host.certificate + end + # Sign a given certificate request. def sign(hostname, cert_type = :server, self_signing_csr = nil) # This is a self-signed certificate @@ -273,8 +236,6 @@ class Puppet::SSL::CertificateAuthority csr = self_signing_csr issuer = csr.content else - generate_ca_certificate unless host.certificate - unless csr = Puppet::SSL::CertificateRequest.find(hostname) raise ArgumentError, "Could not find certificate request for %s" % hostname end lib/puppet/ssl/certificate_authority.rb @@ -115,7 +115,7 @@ class Puppet::SSL::CertificateFactory dnsnames = Puppet[:certdnsnames] name = @name.to_s.sub(%r{/CN=},'') if dnsnames != "" - dnsnames.split(':').each { |d| subject_alt_name << 'DNS:' + d } + dnsnames.split(':').each { |d| @subject_alt_name << 'DNS:' + d } @subject_alt_name << 'DNS:' + name # Add the fqdn as an alias elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server @subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias lib/puppet/ssl/certificate_factory.rb @@ -24,4 +24,13 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base @content = csr end + + def save + super() + + # Try to autosign the CSR. + if ca = Puppet::SSL::CertificateAuthority.instance + ca.autosign + end + end end lib/puppet/ssl/certificate_request.rb @@ -9,12 +9,23 @@ class Puppet::SSL::CertificateRevocationList < Puppet::SSL::Base indirects :certificate_revocation_list, :terminus_class => :file # Knows how to create a CRL with our system defaults. - def generate(cert) + def generate(cert, cakey) Puppet.info "Creating a new certificate revocation list" @content = wrapped_class.new @content.issuer = cert.subject @content.version = 1 + # Init the CRL number. + crlNum = OpenSSL::ASN1::Integer(0) + @content.extensions = [OpenSSL::X509::Extension.new("crlNumber", crlNum)] + + # Set last/next update + @content.last_update = Time.now + # Keep CRL valid for 5 years + @content.next_update = Time.now + 5 * 365*24*60*60 + + @content.sign(cakey, OpenSSL::Digest::SHA1.new) + @content end lib/puppet/ssl/certificate_revocation_list.rb @@ -141,8 +141,21 @@ class Puppet::SSL::Host @certificate end - def initialize(name) - @name = name + # Generate all necessary parts of our ssl host. + def generate + generate_key unless key + generate_certificate_request unless certificate_request + + # If we can get a CA instance, then we're a valid CA, and we + # should use it to sign our request; else, just try to read + # the cert. + if ! certificate() and ca = Puppet::SSL::CertificateAuthority.instance + ca.sign(self.name) + end + end + + def initialize(name = nil) + @name = name || Puppet[:certname] @key = @certificate = @certificate_request = nil @ca = (name == self.class.ca_name) end @@ -151,4 +164,22 @@ class Puppet::SSL::Host def public_key key.content.public_key end + + # Create/return a store that uses our SSL info to validate + # connections. + def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY) + store = OpenSSL::X509::Store.new + store.purpose = purpose + + store.add_file(Puppet[:localcacert]) + + # If there's a CRL, add it to our store. + if crl = Puppet::SSL::CertificateRevocationList.find("ca") + store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK + store.add_crl(crl.content) + end + return store + end end + +require 'puppet/ssl/certificate_authority' lib/puppet/ssl/host.rb @@ -796,7 +796,6 @@ module Puppet # a wrapper method to make sure the file exists before doing anything def retrieve unless stat = self.stat(true) - self.debug "File does not exist" # If the file doesn't exist but we have a source, then call # retrieve on that property lib/puppet/type/file.rb @@ -141,7 +141,9 @@ module Puppet newproperty(:dump) do desc "Whether to dump the mount. Not all platforms - support this." + support this. Valid values are ``1`` or ``0``. Default is ``0``." + + newvalue(%r{(0|1)}) { } defaultto { if @resource.managed? lib/puppet/type/mount.rb @@ -39,6 +39,8 @@ class Puppet::Util::Settings end @values[:memory][param] = value @cache.clear + + clearused end return value @@ -121,7 +123,7 @@ class Puppet::Util::Settings if pval = self.value(varname) pval else - raise Puppet::DevError, "Could not find value for %s" % parent + raise Puppet::DevError, "Could not find value for %s" % value end end @@ -574,7 +576,7 @@ Generated on #{Time.now}. catalog = bucket.to_catalog rescue => detail puts detail.backtrace if Puppet[:trace] - Puppet.err "Could not create resources for managing Puppet's files and directories: %s" % detail + Puppet.err "Could not create resources for managing Puppet's files and directories in sections %s: %s" % [sections.inspect, detail] # We need some way to get rid of any resources created during the catalog creation # but not cleaned up. @@ -585,7 +587,12 @@ Generated on #{Time.now}. catalog.host_config = false catalog.apply do |transaction| if failures = transaction.any_failed? - raise "Could not configure for running; got %s failure(s)" % failures + # LAK:NOTE We should do something like this for some cases, + # since it can otherwise be hard to know what failed. + #transaction.report.logs.find_all { |log| log.level == :err }.each do |log| + # puts log.message + #end + raise "Could not configure myself; got %s failure(s)" % failures end end end @@ -692,13 +699,19 @@ Generated on #{Time.now}. [file] end - writesub(default, tmpfile, *args, &bloc) + # If there's a failure, remove our tmpfile + begin + writesub(default, tmpfile, *args, &bloc) + rescue + File.unlink(tmpfile) if FileTest.exist?(tmpfile) + raise + end begin File.rename(tmpfile, file) rescue => detail - Puppet.err "Could not rename %s to %s: %s" % - [file, tmpfile, detail] + Puppet.err "Could not rename %s to %s: %s" % [file, tmpfile, detail] + File.unlink(tmpfile) if FileTest.exist?(tmpfile) end end end lib/puppet/util/settings.rb @@ -6,6 +6,10 @@ class Puppet::Util::Storage include Singleton include Puppet::Util + def self.state + return @@state + end + def initialize self.class.load end lib/puppet/util/storage.rb @@ -112,5 +112,5 @@ Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/filebucket.8 @@ -30,5 +30,5 @@ Only list parameters without detail Include metaparams -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/pi.8 @@ -73,5 +73,5 @@ Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/puppet.8 @@ -4,7 +4,7 @@ Configuration Reference \- .\" Man page generated from reStructeredText. This page is autogenerated; any changes will get overwritten -.I (last generated on Sat Mar 22 17:46:15 +1100 2008) +.I (last generated on Mon May 05 09:33:01 +1000 2008) @@ -691,7 +691,7 @@ puppetmasterd .TP 2 \(bu -Default: development +Default: production .SS environments @@ -1739,9 +1739,9 @@ Default: $vardir/yaml .ce 0 .sp -.I This page autogenerated on Sat Mar 22 17:46:15 +1100 2008 +.I This page autogenerated on Mon May 05 09:33:01 +1000 2008 -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/puppet.conf.8 @@ -42,8 +42,8 @@ configuration options can also be generated by running puppetca with .TP -.B all: Operate on all outstanding requests. Only makes sense with -\'\-\-sign\', or \'\-\-list\'. +.B all: Operate on all items. Currently only makes sense with +\'\-\-sign\', \'\-\-clean\', or \'\-\-list\'. .TP @@ -51,7 +51,9 @@ configuration options can also be generated by running puppetca with This is useful when rebuilding hosts, since new certificate signing requests will only be honored if puppetca does not have a copy of a signed certificate for that host. The -certificate of the host remains valid. +certificate of the host remains valid. If \'\-\-all\' is specified +then all host certificates, both signed and unsigned, will be +removed. debug: Enable full debugging. @@ -112,5 +114,5 @@ Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/puppetca.8 @@ -180,5 +180,5 @@ Copyright (c) 2005, 2006 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/puppetd.8 @@ -58,5 +58,5 @@ Copyright (c) 2005\-2007 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/puppetdoc.8 @@ -83,5 +83,5 @@ Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/puppetmasterd.8 @@ -147,5 +147,5 @@ Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/puppetrun.8 @@ -111,29 +111,16 @@ luke .nf $ ralsh user luke -.fi - -.\" visit_block_quote - -.TP -.B user { \'luke\': -home => \'/home/luke\', -uid => \'100\', -ensure => \'present\', -comment => \'Luke Kanies,,,\', -gid => \'1000\', -shell => \'/bin/bash\', -groups => [\'sysadmin\',\'audio\',\'video\',\'puppet\'] - -\.SH system-message -System Message: WARNING/2 (./ralsh.rst:, line 87) -Definition list ends without a blank line; unexpected unindent. - - +user { \'luke\': + home => \'/home/luke\', + uid => \'100\', + ensure => \'present\', + comment => \'Luke Kanies,,,\', + gid => \'1000\', + shell => \'/bin/bash\', + groups => [\'sysadmin\',\'audio\',\'video\',\'puppet\'] } - - -.\" depart_block_quote +.fi .SH AUTHOR Luke Kanies @@ -144,5 +131,5 @@ Copyright (c) 2005\-2007 Reductive Labs, LLC Licensed under the GNU Public License -.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" Generated by docutils manpage writer on 2008-05-05 09:33. .\" man/man8/ralsh.8 @@ -10,7 +10,7 @@ require 'puppet/file_serving/configuration' describe Puppet::FileServing::Configuration, " when finding files with Puppet::FileServing::Mount" do before do # Just in case it already exists. - Puppet::FileServing::Configuration.clear_cache + Puppet::Util::Cacher.invalidate @mount = Puppet::FileServing::Mount.new("mymount") FileTest.stubs(:exists?).with("/my/path").returns(true) @@ -38,6 +38,6 @@ describe Puppet::FileServing::Configuration, " when finding files with Puppet::F end after do - Puppet::FileServing::Configuration.clear_cache + Puppet::Util::Cacher.invalidate end end spec/integration/file_serving/configuration.rb @@ -1,3 +1,5 @@ +#!/usr/bin/env ruby + require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/network/server' require 'puppet/indirector' @@ -5,460 +7,476 @@ require 'puppet/indirector/rest' # a fake class that will be indirected via REST class Puppet::TestIndirectedFoo - extend Puppet::Indirector - indirects :test_indirected_foo, :terminus_setting => :test_indirected_foo_terminus - - attr_reader :value - - def initialize(value = 0) - @value = value - end - - def self.from_yaml(yaml) - YAML.load(yaml) - end - - def name - "bob" - end + extend Puppet::Indirector + indirects :test_indirected_foo, :terminus_setting => :test_indirected_foo_terminus + + attr_reader :value + + def initialize(value = 0) + @value = value + end + + def self.from_yaml(yaml) + YAML.load(yaml) + end + + def name + "bob" + end end # empty Terminus class -- this would normally have to be in a directory findable by the autoloader, but we short-circuit that below class Puppet::TestIndirectedFoo::Rest < Puppet::Indirector::REST end +# This way the retrieval of the class by name works. +Puppet::Indirector::Terminus.register_terminus_class(Puppet::TestIndirectedFoo::Rest) describe Puppet::Indirector::REST do - describe "when using webrick" do - before :each do - Puppet[:servertype] = 'webrick' - @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :test_indirected_foo ] } - @server = Puppet::Network::Server.new(@params) - - # LAK:NOTE For now, stub out the certificate setup. This will need to be undone when the client side expects - # to speak ssl, also. - Puppet::Network::HTTP::WEBrick.any_instance.stubs(:setup_ssl).returns({}) + before do + Puppet[:masterport] = 34343 + Puppet[:server] = "localhost" + + # Get a safe temporary file + @tmpfile = Tempfile.new("webrick_integration_testing") + @dir = @tmpfile.path + "_dir" - @server.listen + Puppet.settings[:confdir] = @dir + Puppet.settings[:vardir] = @dir + Puppet.settings[:http_enable_post_connection_check] = false - Puppet::Indirector::Terminus.stubs(:terminus_class).returns(Puppet::TestIndirectedFoo::Rest) - Puppet::TestIndirectedFoo.indirection.stubs(:terminus_class).returns :rest + Puppet::SSL::Host.ca_location = :local - # Stub the connection information. - Puppet::TestIndirectedFoo.indirection.terminus(:rest).stubs(:rest_connection_details).returns(:host => "localhost", :port => 34343) + Puppet::TestIndirectedFoo.terminus_class = :rest + Puppet::TestIndirectedFoo.indirection.terminus.stubs(:rest_connection_details).returns(:host => "127.0.0.1", :port => "34343") end - - describe "when finding a model instance over REST" do - describe "when a matching model instance can be found" do - before :each do - @model_instance = Puppet::TestIndirectedFoo.new(23) - @mock_model = stub('faked model', :find => @model_instance) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should not fail" do - Puppet::TestIndirectedFoo.find('bar') - lambda { Puppet::TestIndirectedFoo.find('bar') }.should_not raise_error - end - - it 'should return an instance of the model class' do - Puppet::TestIndirectedFoo.find('bar').class.should == Puppet::TestIndirectedFoo - end - - it 'should return the instance of the model class associated with the provided lookup key' do - Puppet::TestIndirectedFoo.find('bar').value.should == @model_instance.value - end - - it 'should set an expiration on model instance' do - Puppet::TestIndirectedFoo.find('bar').expiration.should_not be_nil - end - end - - describe "when no matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :find => nil) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should return nil" do - Puppet::TestIndirectedFoo.find('bar').should be_nil - end - end - - describe "when an exception is encountered in looking up a model instance" do - before :each do - @mock_model = stub('faked model') - @mock_model.stubs(:find).raises(RuntimeError) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should raise an exception" do - lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) - end - end + + after do + Puppet::Network::HttpPool.instance_variable_set("@ssl_host", nil) end - describe "when searching for model instances over REST" do - describe "when matching model instances can be found" do + describe "when using webrick" do before :each do - @model_instances = [ Puppet::TestIndirectedFoo.new(23), Puppet::TestIndirectedFoo.new(24) ] - @mock_model = stub('faked model', :search => @model_instances) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should not fail" do - lambda { Puppet::TestIndirectedFoo.search('bar') }.should_not raise_error - end - - it 'should return all matching results' do - Puppet::TestIndirectedFoo.search('bar').length.should == @model_instances.length - end - - it 'should return model instances' do - Puppet::TestIndirectedFoo.search('bar').each do |result| - result.class.should == Puppet::TestIndirectedFoo - end + Puppet::Util::Cacher.invalidate + + Puppet[:servertype] = 'webrick' + Puppet[:server] = '127.0.0.1' + Puppet[:certname] = '127.0.0.1' + + ca = Puppet::SSL::CertificateAuthority.new + ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) + + @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :test_indirected_foo ], :xmlrpc_handlers => [ :status ] } + @server = Puppet::Network::Server.new(@params) + @server.listen end - - it 'should return the instance of the model class associated with the provided lookup key' do - Puppet::TestIndirectedFoo.search('bar').collect(&:value).should == @model_instances.collect(&:value) + + after do + @server.unlisten + @tmpfile.delete + Puppet.settings.clear + Puppet::Util::Cacher.invalidate end - - it 'should set a version timestamp on model instances' do - pending("Luke looking at why this version magic might not be working") do - Puppet::TestIndirectedFoo.search('bar').each do |result| - result.version.should_not be_nil + + describe "when finding a model instance over REST" do + describe "when a matching model instance can be found" do + before :each do + @model_instance = Puppet::TestIndirectedFoo.new(23) + @mock_model = stub('faked model', :find => @model_instance) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should not fail" do + Puppet::TestIndirectedFoo.find('bar') + lambda { Puppet::TestIndirectedFoo.find('bar') }.should_not raise_error + end + + it 'should return an instance of the model class' do + Puppet::TestIndirectedFoo.find('bar').class.should == Puppet::TestIndirectedFoo + end + + it 'should return the instance of the model class associated with the provided lookup key' do + Puppet::TestIndirectedFoo.find('bar').value.should == @model_instance.value + end + + it 'should set an expiration on model instance' do + Puppet::TestIndirectedFoo.find('bar').expiration.should_not be_nil + end + end + + describe "when no matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :find => nil) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should return nil" do + Puppet::TestIndirectedFoo.find('bar').should be_nil + end + end + + describe "when an exception is encountered in looking up a model instance" do + before :each do + @mock_model = stub('faked model') + @mock_model.stubs(:find).raises(RuntimeError) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should raise an exception" do + lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) + end end - end end - end + + describe "when searching for model instances over REST" do + describe "when matching model instances can be found" do + before :each do + @model_instances = [ Puppet::TestIndirectedFoo.new(23), Puppet::TestIndirectedFoo.new(24) ] + @mock_model = stub('faked model', :search => @model_instances) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should not fail" do + lambda { Puppet::TestIndirectedFoo.search('bar') }.should_not raise_error + end - describe "when no matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :find => nil) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should return nil" do - Puppet::TestIndirectedFoo.find('bar').should be_nil - end - end + it 'should return all matching results' do + Puppet::TestIndirectedFoo.search('bar').length.should == @model_instances.length + end - describe "when an exception is encountered in looking up a model instance" do - before :each do - @mock_model = stub('faked model') - @mock_model.stubs(:find).raises(RuntimeError) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should raise an exception" do - lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) + it 'should return model instances' do + Puppet::TestIndirectedFoo.search('bar').each do |result| + result.class.should == Puppet::TestIndirectedFoo + end + end + + it 'should return the instance of the model class associated with the provided lookup key' do + Puppet::TestIndirectedFoo.search('bar').collect(&:value).should == @model_instances.collect(&:value) + end + end + + describe "when no matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :find => nil) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should return nil" do + Puppet::TestIndirectedFoo.find('bar').should be_nil + end + end + + describe "when an exception is encountered in looking up a model instance" do + before :each do + @mock_model = stub('faked model') + @mock_model.stubs(:find).raises(RuntimeError) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should raise an exception" do + lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) + end + end end - end - end - describe "when destroying a model instance over REST" do - describe "when a matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :destroy => true) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should not fail" do - lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should_not raise_error - end - - it 'should return success' do - Puppet::TestIndirectedFoo.destroy('bar').should == true - end - end + describe "when destroying a model instance over REST" do + describe "when a matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :destroy => true) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should not fail" do + lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should_not raise_error + end - describe "when no matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :destroy => false) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should return failure" do - Puppet::TestIndirectedFoo.destroy('bar').should == false + it 'should return success' do + Puppet::TestIndirectedFoo.destroy('bar').should == true + end + end + + describe "when no matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :destroy => false) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should return failure" do + Puppet::TestIndirectedFoo.destroy('bar').should == false + end + end + + describe "when an exception is encountered in destroying a model instance" do + before :each do + @mock_model = stub('faked model') + @mock_model.stubs(:destroy).raises(RuntimeError) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should raise an exception" do + lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should raise_error(RuntimeError) + end + end end - end + + describe "when saving a model instance over REST" do + before :each do + @instance = Puppet::TestIndirectedFoo.new(42) + @mock_model = stub('faked model', :from_yaml => @instance) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).returns(@instance) + end + + describe "when a successful save can be performed" do + before :each do + end + + it "should not fail" do + lambda { @instance.save }.should_not raise_error + end - describe "when an exception is encountered in destroying a model instance" do - before :each do - @mock_model = stub('faked model') - @mock_model.stubs(:destroy).raises(RuntimeError) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should raise an exception" do - lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should raise_error(RuntimeError) + it 'should return an instance of the model class' do + @instance.save.class.should == Puppet::TestIndirectedFoo + end + + it 'should return a matching instance of the model class' do + @instance.save.value.should == @instance.value + end + end + + describe "when a save cannot be completed" do + before :each do + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).returns(false) + end + + it "should return failure" do + @instance.save.should == false + end + end + + describe "when an exception is encountered in performing a save" do + before :each do + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).raises(RuntimeError) + end + + it "should raise an exception" do + lambda { @instance.save }.should raise_error(RuntimeError) + end + end end - end end - describe "when saving a model instance over REST" do - before :each do - @instance = Puppet::TestIndirectedFoo.new(42) - @mock_model = stub('faked model', :from_yaml => @instance) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).returns(@instance) - end - - describe "when a successful save can be performed" do + describe "when using mongrel" do + confine "Mongrel is not available" => Puppet.features.mongrel? + before :each do - end - - it "should not fail" do - lambda { @instance.save }.should_not raise_error - end - - it 'should return an instance of the model class' do - @instance.save.class.should == Puppet::TestIndirectedFoo - end - - it 'should return a matching instance of the model class' do - @instance.save.value.should == @instance.value - end - end - - describe "when a save cannot be completed" do - before :each do - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).returns(false) - end - - it "should return failure" do - @instance.save.should == false - end - end - - describe "when an exception is encountered in performing a save" do - before :each do - Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:save_object).raises(RuntimeError) - end - - it "should raise an exception" do - lambda { @instance.save }.should raise_error(RuntimeError) - end - end - end + Puppet[:servertype] = 'mongrel' + @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :test_indirected_foo ] } - after :each do - @server.unlisten - end - end - - describe "when using mongrel" do - confine "Mongrel is not available" => Puppet.features.mongrel? - - before :each do - Puppet[:servertype] = 'mongrel' - @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :test_indirected_foo ] } - @server = Puppet::Network::Server.new(@params) - @server.listen + # Make sure we never get a cert, since mongrel can't speak ssl + Puppet::SSL::Certificate.stubs(:find).returns nil - # the autoloader was clearly not written test-first. We subvert the integration test to get around its bullshit. - Puppet::Indirector::Terminus.stubs(:terminus_class).returns(Puppet::TestIndirectedFoo::Rest) - Puppet::TestIndirectedFoo.indirection.stubs(:terminus_class).returns :rest + # We stub ssl to be off, since mongrel can't speak ssl + Net::HTTP.any_instance.stubs(:use_ssl?).returns false - # Stub the connection information. - Puppet::TestIndirectedFoo.indirection.terminus(:rest).stubs(:rest_connection_details).returns(:host => "localhost", :port => 34343) - end - - describe "when finding a model instance over REST" do - describe "when a matching model instance can be found" do - before :each do - @model_instance = Puppet::TestIndirectedFoo.new(23) - @mock_model = stub('faked model', :find => @model_instance) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should not fail" do - lambda { Puppet::TestIndirectedFoo.find('bar') }.should_not raise_error - end - - it 'should return an instance of the model class' do - Puppet::TestIndirectedFoo.find('bar').class.should == Puppet::TestIndirectedFoo + @server = Puppet::Network::Server.new(@params) + @server.listen end - - it 'should return the instance of the model class associated with the provided lookup key' do - Puppet::TestIndirectedFoo.find('bar').value.should == @model_instance.value - end - - it 'should set an expiration on model instance' do - Puppet::TestIndirectedFoo.find('bar').expiration.should_not be_nil + + after :each do + @server.unlisten end - end - describe "when no matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :find => nil) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should return nil" do - Puppet::TestIndirectedFoo.find('bar').should be_nil - end - end + describe "when finding a model instance over REST" do + describe "when a matching model instance can be found" do + before :each do + @model_instance = Puppet::TestIndirectedFoo.new(23) + @mock_model = stub('faked model', :find => @model_instance) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should not fail" do + lambda { Puppet::TestIndirectedFoo.find('bar') }.should_not raise_error + end - describe "when an exception is encountered in looking up a model instance" do - before :each do - @mock_model = stub('faked model') - @mock_model.stubs(:find).raises(RuntimeError) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should raise an exception" do - lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) - end - end - end - - describe "when searching for model instances over REST" do - describe "when matching model instances can be found" do - before :each do - @model_instances = [ Puppet::TestIndirectedFoo.new(23), Puppet::TestIndirectedFoo.new(24) ] - @mock_model = stub('faked model', :search => @model_instances) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should not fail" do - lambda { Puppet::TestIndirectedFoo.search('bar') }.should_not raise_error - end - - it 'should return all matching results' do - Puppet::TestIndirectedFoo.search('bar').length.should == @model_instances.length - end - - it 'should return model instances' do - Puppet::TestIndirectedFoo.search('bar').each do |result| - result.class.should == Puppet::TestIndirectedFoo - end - end - - it 'should return the instance of the model class associated with the provided lookup key' do - Puppet::TestIndirectedFoo.search('bar').collect(&:value).should == @model_instances.collect(&:value) - end - - it 'should set an expiration on model instances' do - Puppet::TestIndirectedFoo.search('bar').each do |result| - result.expiration.should_not be_nil - end - end - end + it 'should return an instance of the model class' do + Puppet::TestIndirectedFoo.find('bar').class.should == Puppet::TestIndirectedFoo + end - describe "when no matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :find => nil) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should return nil" do - Puppet::TestIndirectedFoo.find('bar').should be_nil - end - end + it 'should return the instance of the model class associated with the provided lookup key' do + Puppet::TestIndirectedFoo.find('bar').value.should == @model_instance.value + end - describe "when an exception is encountered in looking up a model instance" do - before :each do - @mock_model = stub('faked model') - @mock_model.stubs(:find).raises(RuntimeError) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should raise an exception" do - lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) + it 'should set an expiration on model instance' do + Puppet::TestIndirectedFoo.find('bar').expiration.should_not be_nil + end + end + + describe "when no matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :find => nil) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should return nil" do + Puppet::TestIndirectedFoo.find('bar').should be_nil + end + end + + describe "when an exception is encountered in looking up a model instance" do + before :each do + @mock_model = stub('faked model') + @mock_model.stubs(:find).raises(RuntimeError) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should raise an exception" do + lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) + end + end end - end - end - describe "when destroying a model instance over REST" do - describe "when a matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :destroy => true) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should not fail" do - lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should_not raise_error - end - - it 'should return success' do - Puppet::TestIndirectedFoo.destroy('bar').should == true - end - end + describe "when searching for model instances over REST" do + describe "when matching model instances can be found" do + before :each do + @model_instances = [ Puppet::TestIndirectedFoo.new(23), Puppet::TestIndirectedFoo.new(24) ] + @mock_model = stub('faked model', :search => @model_instances) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should not fail" do + lambda { Puppet::TestIndirectedFoo.search('bar') }.should_not raise_error + end - describe "when no matching model instance can be found" do - before :each do - @mock_model = stub('faked model', :destroy => false) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should return failure" do - Puppet::TestIndirectedFoo.destroy('bar').should == false - end - end + it 'should return all matching results' do + Puppet::TestIndirectedFoo.search('bar').length.should == @model_instances.length + end - describe "when an exception is encountered in destroying a model instance" do - before :each do - @mock_model = stub('faked model') - @mock_model.stubs(:destroy).raises(RuntimeError) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - end - - it "should raise an exception" do - lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should raise_error(RuntimeError) + it 'should return model instances' do + Puppet::TestIndirectedFoo.search('bar').each do |result| + result.class.should == Puppet::TestIndirectedFoo + end + end + + it 'should return the instance of the model class associated with the provided lookup key' do + Puppet::TestIndirectedFoo.search('bar').collect(&:value).should == @model_instances.collect(&:value) + end + + it 'should set an expiration on model instances' do + Puppet::TestIndirectedFoo.search('bar').each do |result| + result.expiration.should_not be_nil + end + end + end + + describe "when no matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :find => nil) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should return nil" do + Puppet::TestIndirectedFoo.find('bar').should be_nil + end + end + + describe "when an exception is encountered in looking up a model instance" do + before :each do + @mock_model = stub('faked model') + @mock_model.stubs(:find).raises(RuntimeError) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should raise an exception" do + lambda { Puppet::TestIndirectedFoo.find('bar') }.should raise_error(RuntimeError) + end + end end - end - end - describe "when saving a model instance over REST" do - before :each do - @instance = Puppet::TestIndirectedFoo.new(42) - @mock_model = stub('faked model', :from_yaml => @instance) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).returns(@instance) - end - - describe "when a successful save can be performed" do - before :each do - end - - it "should not fail" do - lambda { @instance.save }.should_not raise_error - end - - it 'should return an instance of the model class' do - @instance.save.class.should == Puppet::TestIndirectedFoo - end - - it 'should return a matching instance of the model class' do - @instance.save.value.should == @instance.value - end - end - - describe "when a save cannot be completed" do - before :each do - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).returns(false) - end - - it "should return failure" do - @instance.save.should == false - end - end - - describe "when an exception is encountered in performing a save" do - before :each do - Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).raises(RuntimeError) - end - - it "should raise an exception" do - lambda { @instance.save }.should raise_error(RuntimeError) + describe "when destroying a model instance over REST" do + describe "when a matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :destroy => true) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should not fail" do + lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should_not raise_error + end + + it 'should return success' do + Puppet::TestIndirectedFoo.destroy('bar').should == true + end + end + + describe "when no matching model instance can be found" do + before :each do + @mock_model = stub('faked model', :destroy => false) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should return failure" do + Puppet::TestIndirectedFoo.destroy('bar').should == false + end + end + + describe "when an exception is encountered in destroying a model instance" do + before :each do + @mock_model = stub('faked model') + @mock_model.stubs(:destroy).raises(RuntimeError) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + end + + it "should raise an exception" do + lambda { Puppet::TestIndirectedFoo.destroy('bar') }.should raise_error(RuntimeError) + end + end end - end - end - after :each do - @server.unlisten + describe "when saving a model instance over REST" do + before :each do + @instance = Puppet::TestIndirectedFoo.new(42) + @mock_model = stub('faked model', :from_yaml => @instance) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:model).returns(@mock_model) + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).returns(@instance) + end + + describe "when a successful save can be performed" do + before :each do + end + + it "should not fail" do + lambda { @instance.save }.should_not raise_error + end + + it 'should return an instance of the model class' do + @instance.save.class.should == Puppet::TestIndirectedFoo + end + + it 'should return a matching instance of the model class' do + @instance.save.value.should == @instance.value + end + end + + describe "when a save cannot be completed" do + before :each do + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).returns(false) + end + + it "should return failure" do + @instance.save.should == false + end + end + + describe "when an exception is encountered in performing a save" do + before :each do + Puppet::Network::HTTP::MongrelREST.any_instance.stubs(:save_object).raises(RuntimeError) + end + + it "should raise an exception" do + lambda { @instance.save }.should raise_error(RuntimeError) + end + end + end end - end end spec/integration/indirector/rest.rb @@ -8,7 +8,7 @@ describe Puppet::Network::Server do before :each do Puppet[:servertype] = 'mongrel' - @params = { :address => "127.0.0.1", :port => 34346, :handlers => [ :node ] } + @params = { :address => "127.0.0.1", :port => 34346, :handlers => [ :node ], :xmlrpc_handlers => [ :status ] } @server = Puppet::Network::Server.new(@params) end spec/integration/network/server/mongrel.rb @@ -1,50 +1,70 @@ +#!/usr/bin/env ruby + require File.dirname(__FILE__) + '/../../../spec_helper' require 'puppet/network/server' +require 'puppet/ssl/certificate_authority' require 'socket' describe Puppet::Network::Server do - describe "when using webrick" do - before :each do - Puppet[:servertype] = 'webrick' - @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :node ] } - - # LAK:NOTE (4/08) Stub the ssl support for now; we'll remove it once it's actually - # functional. - Puppet::Network::HTTP::WEBrick.any_instance.stubs(:setup_ssl).returns({}) - end - - describe "before listening" do - it "should not be reachable at the specified address and port" do - lambda { TCPSocket.new('127.0.0.1', 34343) }.should raise_error - end - end - - describe "when listening" do - it "should be reachable on the specified address and port" do - @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) - @server.listen - lambda { TCPSocket.new('127.0.0.1', 34343) }.should_not raise_error - end - - it "should not allow multiple servers to listen on the same address and port" do - @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) - @server.listen - @server2 = Puppet::Network::Server.new(@params.merge(:port => 34343)) - lambda { @server2.listen }.should raise_error - end - - after :each do - @server.unlisten if @server.listening? - end - end - - describe "after unlistening" do - it "should not be reachable on the port and address assigned" do - @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) - @server.listen - @server.unlisten - lambda { TCPSocket.new('127.0.0.1', 34343) }.should raise_error(Errno::ECONNREFUSED) - end + describe "when using webrick" do + before :each do + Puppet[:servertype] = 'webrick' + @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :node ], :xmlrpc_handlers => [ :status ] } + + # Get a safe temporary file + @tmpfile = Tempfile.new("webrick_integration_testing") + @dir = @tmpfile.path + "_dir" + + Puppet.settings[:confdir] = @dir + Puppet.settings[:vardir] = @dir + + Puppet::SSL::Host.ca_location = :local + + ca = Puppet::SSL::CertificateAuthority.new + ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) + end + + after do + @tmpfile.delete + Puppet.settings.clear + + system("rm -rf %s" % @dir) + + Puppet::Util::Cacher.invalidate + end + + describe "before listening" do + it "should not be reachable at the specified address and port" do + lambda { TCPSocket.new('127.0.0.1', 34343) }.should raise_error + end + end + + describe "when listening" do + it "should be reachable on the specified address and port" do + @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) + @server.listen + lambda { TCPSocket.new('127.0.0.1', 34343) }.should_not raise_error + end + + it "should not allow multiple servers to listen on the same address and port" do + @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) + @server.listen + @server2 = Puppet::Network::Server.new(@params.merge(:port => 34343)) + lambda { @server2.listen }.should raise_error + end + + after :each do + @server.unlisten if @server.listening? + end + end + + describe "after unlistening" do + it "should not be reachable on the port and address assigned" do + @server = Puppet::Network::Server.new(@params.merge(:port => 34343)) + @server.listen + @server.unlisten + lambda { TCPSocket.new('127.0.0.1', 34343) }.should raise_error(Errno::ECONNREFUSED) + end + end end - end end spec/integration/network/server/webrick.rb @@ -7,7 +7,13 @@ require File.dirname(__FILE__) + '/../../spec_helper' describe Puppet::Node::Catalog do describe "when using the indirector" do - after { Puppet::Node::Catalog.indirection.clear_cache } + after { Puppet::Util::Cacher.invalidate } + before do + # This is so the tests work w/out networking. + Facter.stubs(:to_hash).returns({"hostname" => "foo.domain.com"}) + Facter.stubs(:value).returns("eh") + end + it "should be able to delegate to the :yaml terminus" do Puppet::Node::Catalog.indirection.stubs(:terminus_class).returns :yaml spec/integration/node/catalog.rb @@ -7,13 +7,15 @@ require File.dirname(__FILE__) + '/../../spec_helper' describe Puppet::Node::Facts do describe "when using the indirector" do - after { Puppet::Node::Facts.indirection.clear_cache } + after { Puppet::Util::Cacher.invalidate } it "should expire any cached node instances when it is saved" do Puppet::Node::Facts.indirection.stubs(:terminus_class).returns :yaml + + Puppet::Node::Facts.indirection.terminus(:yaml).should equal(Puppet::Node::Facts.indirection.terminus(:yaml)) terminus = Puppet::Node::Facts.indirection.terminus(:yaml) + terminus.stubs :save - terminus.expects(:save) Puppet::Node.expects(:expire).with("me") facts = Puppet::Node::Facts.new("me") spec/integration/node/facts.rb @@ -11,7 +11,7 @@ require 'tempfile' describe Puppet::SSL::CertificateAuthority do before do # Get a safe temporary file - file = Tempfile.new("host_integration_testing") + file = Tempfile.new("ca_integration_testing") @dir = file.path file.delete @@ -28,10 +28,9 @@ describe Puppet::SSL::CertificateAuthority do system("rm -rf %s" % @dir) Puppet.settings.clear - # This is necessary so the terminus instances don't lie around. - Puppet::SSL::Key.indirection.clear_cache - Puppet::SSL::Certificate.indirection.clear_cache - Puppet::SSL::CertificateRequest.indirection.clear_cache + Puppet::Util::Cacher.invalidate + + Puppet::SSL::CertificateAuthority.instance_variable_set("@instance", nil) } it "should create a CA host" do @@ -60,6 +59,20 @@ describe Puppet::SSL::CertificateAuthority do end end + it "should have a CRL" do + @ca.generate_ca_certificate + @ca.crl.should_not be_nil + end + + it "should be able to read in a previously created CRL" do + @ca.generate_ca_certificate + + # Create it to start with. + @ca.crl + + Puppet::SSL::CertificateAuthority.new.crl.should_not be_nil + end + describe "when signing certificates" do before do @host = Puppet::SSL::Host.new("luke.madstop.com") spec/integration/ssl/certificate_authority.rb @@ -8,13 +8,15 @@ require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/ssl/certificate_request' require 'tempfile' -describe Puppet::SSL::Host do +describe Puppet::SSL::CertificateRequest do before do # Get a safe temporary file file = Tempfile.new("csr_integration_testing") @dir = file.path file.delete + Puppet.settings.clear + Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir @@ -23,13 +25,13 @@ describe Puppet::SSL::Host do @key = OpenSSL::PKey::RSA.new(512) end - after { + after do system("rm -rf %s" % @dir) Puppet.settings.clear # This is necessary so the terminus instances don't lie around. - Puppet::SSL::CertificateRequest.indirection.clear_cache - } + Puppet::Util::Cacher.invalidate + end it "should be able to generate CSRs" do @csr.generate(@key) spec/integration/ssl/certificate_request.rb @@ -18,16 +18,18 @@ describe Puppet::SSL::Host do Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet::SSL::Host.ca_location = :local + @host = Puppet::SSL::Host.new("luke.madstop.com") + @ca = Puppet::SSL::CertificateAuthority.new end after { + Puppet::SSL::Host.ca_location = :none + system("rm -rf %s" % @dir) Puppet.settings.clear - - # This is necessary so the terminus instances don't lie around. - Puppet::SSL::Key.indirection.clear_cache - Puppet::SSL::CertificateRequest.indirection.clear_cache + Puppet::Util::Cacher.invalidate } it "should be considered a CA host if its name is equal to 'ca'" do @@ -77,4 +79,12 @@ describe Puppet::SSL::Host do FileTest.should_not be_exist(File.join(Puppet[:privatekeydir], "ca.pem")) end end + + it "should pass the verification of its own SSL store" do + @host.generate + @ca = Puppet::SSL::CertificateAuthority.new + @ca.sign(@host.name) + + @host.ssl_store.verify(@host.certificate.content).should be_true + end end spec/integration/ssl/host.rb @@ -7,7 +7,7 @@ require File.dirname(__FILE__) + '/../../spec_helper' describe Puppet::Transaction::Report do describe "when using the indirector" do - after { Puppet::Transaction::Report.indirection.clear_cache } + after { Puppet::Util::Cacher.invalidate } it "should be able to delegate to the :processor terminus" do Puppet::Transaction::Report.indirection.stubs(:terminus_class).returns :processor spec/integration/transaction/report.rb @@ -7,7 +7,7 @@ describe "Puppet::Indirector::FileServerTerminus", :shared => true do # This only works if the shared behaviour is included before # the 'before' block in the including context. before do - Puppet::FileServing::Configuration.clear_cache + Puppet::Util::Cacher.invalidate FileTest.stubs(:exists?).with(Puppet[:fileserverconfig]).returns(true) FileTest.stubs(:exists?).with("/my/mount/path").returns(true) FileTest.stubs(:directory?).with("/my/mount/path").returns(true) spec/shared_behaviours/file_server_terminus.rb @@ -15,12 +15,12 @@ describe Puppet::FileServing::Configuration do it "should have a method for removing the current configuration instance" do old = Puppet::FileServing::Configuration.create - Puppet::FileServing::Configuration.clear_cache + Puppet::Util::Cacher.invalidate Puppet::FileServing::Configuration.create.should_not equal(old) end after do - Puppet::FileServing::Configuration.clear_cache + Puppet::Util::Cacher.invalidate end end @@ -32,7 +32,7 @@ describe Puppet::FileServing::Configuration do end after :each do - Puppet::FileServing::Configuration.clear_cache + Puppet::Util::Cacher.invalidate end describe Puppet::FileServing::Configuration, " when initializing" do spec/unit/file_serving/configuration.rb @@ -12,9 +12,9 @@ end describe Puppet::FileServing::Mount do it "should provide a method for clearing its cached host information" do - Puppet::FileServing::Mount.new("whatever").send(:localmap) - Puppet::FileServing::Mount.clear_cache - Puppet::FileServing::Mount.send(:class_variable_get, "@@localmap").should be_nil + old = Puppet::FileServing::Mount.localmap + Puppet::Util::Cacher.invalidate + Puppet::FileServing::Mount.localmap.should_not equal(old) end end @@ -106,7 +106,7 @@ describe Puppet::FileServing::Mount, " when finding files" do end after do - Puppet::FileServing::Mount.clear_cache + Puppet::Util::Cacher.invalidate end end spec/unit/file_serving/mount.rb @@ -87,6 +87,9 @@ describe "Delegation Authorizer", :shared => true do end describe Puppet::Indirector::Indirection do + after do + Puppet::Util::Cacher.invalidate + end describe "when initializing" do # (LAK) I've no idea how to test this, really. it "should store a reference to itself before it consumes its options" do @@ -494,7 +497,7 @@ describe Puppet::Indirector::Indirection do after :each do @indirection.delete - Puppet::Indirector::Indirection.clear_cache + Puppet::Util::Cacher.invalidate end end @@ -615,15 +618,6 @@ describe Puppet::Indirector::Indirection do @indirection.terminus(:foo).should equal(@terminus) end - it "should allow the clearance of cached terminus instances" do - terminus1 = mock 'terminus1' - terminus2 = mock 'terminus2' - @terminus_class.stubs(:new).returns(terminus1, terminus2, ArgumentError) - @indirection.terminus(:foo).should equal(terminus1) - @indirection.class.clear_cache - @indirection.terminus(:foo).should equal(terminus2) - end - # Make sure it caches the terminus. it "should return the same terminus instance each time for a given name" do @terminus_class.stubs(:new).returns(@terminus) @@ -638,7 +632,6 @@ describe Puppet::Indirector::Indirection do after do @indirection.delete - Puppet::Indirector::Indirection.clear_cache end end @@ -675,7 +668,6 @@ describe Puppet::Indirector::Indirection do after do @indirection.delete - Puppet::Indirector::Indirection.clear_cache end end @@ -706,15 +698,6 @@ describe Puppet::Indirector::Indirection do @indirection.cache.should equal(@cache) @indirection.cache.should equal(@cache) end - - it "should remove the cache terminus when all other terminus instances are cleared" do - cache2 = mock 'cache2' - @cache_class.stubs(:new).returns(@cache, cache2) - @indirection.cache_class = :cache_terminus - @indirection.cache.should equal(@cache) - @indirection.clear_cache - @indirection.cache.should equal(cache2) - end end describe "and saving" do @@ -725,7 +708,6 @@ describe Puppet::Indirector::Indirection do after :each do @indirection.delete - Puppet::Indirector::Indirection.clear_cache end end end spec/unit/indirector/indirection.rb @@ -17,6 +17,7 @@ describe Puppet::Node::Ldap do @searcher.stubs(:connection).returns(@connection) @searcher.stubs(:class_attributes).returns([]) @searcher.stubs(:parent_attribute).returns(nil) + @searcher.stubs(:stacked_attributes).returns([]) @searcher.stubs(:search_base).returns(:yay) @searcher.stubs(:search_filter).returns(:filter) @@ -195,6 +196,96 @@ describe Puppet::Node::Ldap do proc { @searcher.find(@request) }.should raise_error(ArgumentError) end end + + describe "and a puppet variable is specified" do + before do + @searcher.stubs(:stacked_attributes).returns(['puppetvar']) + end + + it "should add the variable to the node parameters" do + @entry.stubs(:vals).with("puppetvar").returns(%w{one=two}) + @entry.stubs(:to_hash).returns({}) + @node.expects(:parameters=).with("one" => "two") + @searcher.find(@request) + end + + it "should not overwrite node parameters specified as ldap object attribute" do + @entry.stubs(:vals).with("puppetvar").returns(%w{one=two}) + @entry.stubs(:to_hash).returns("one" => "three") + @node.expects(:parameters=).with("one" => "three") + @searcher.find(@request) + end + + it "should set entries without an equal sign to nil" do + @entry.stubs(:vals).with("puppetvar").returns(%w{one}) + @entry.stubs(:to_hash).returns({}) + @node.expects(:parameters=).with("one" => nil) + @searcher.find(@request) + end + + it "should ignore empty entries" do + @entry.stubs(:vals).with("puppetvar").returns(%w{}) + @entry.stubs(:to_hash).returns({}) + @searcher.find(@request) + end + end + describe "and a puppet variable as well as a parent node are specified" do + before do + @parent = mock 'parent' + + @searcher.meta_def(:search_filter) do |name| + return name + end + @connection.stubs(:search).with { |*args| args[2] == @name }.yields(@entry) + @connection.stubs(:search).with { |*args| args[2] == 'parent' }.yields(@parent) + + @searcher.stubs(:stacked_attributes).returns(['puppetvar']) + @searcher.stubs(:parent_attribute).returns(:parent) + end + + it "should add parent node variables to the child node parameters" do + @parent.stubs(:to_hash).returns({}) + @parent.stubs(:vals).with("puppetvar").returns(%w{one=two}) + @parent.stubs(:vals).with(:parent).returns(nil) + + @entry.stubs(:to_hash).returns({}) + @entry.stubs(:vals).with("puppetvar").returns(%w{}) + @entry.stubs(:vals).with(:parent).returns(%w{parent}) + + @node.expects(:parameters=).with("one" => "two") + + @searcher.find(@request) + end + + it "should overwrite parent node variables with child node parameters" do + @parent.stubs(:to_hash).returns({}) + @parent.stubs(:vals).with("puppetvar").returns(%w{one=two}) + @parent.stubs(:vals).with(:parent).returns(nil) + + @entry.stubs(:to_hash).returns({}) + @entry.stubs(:vals).with("puppetvar").returns(%w{one=three}) + @entry.stubs(:vals).with(:parent).returns(%w{parent}) + + @node.expects(:parameters=).with("one" => "three") + + @searcher.find(@request) + end + + it "should not overwrite parent node parameters specified as ldap object attribute" do + @parent.stubs(:to_hash).returns("one" => "three") + @parent.stubs(:vals).with("puppetvar").returns(%w{}) + @parent.stubs(:vals).with(:parent).returns(nil) + + @entry.stubs(:vals).with("puppetvar").returns(%w{one=two}) + @entry.stubs(:to_hash).returns({}) + @entry.stubs(:vals).with(:parent).returns(%w{parent}) + + @node.expects(:parameters=).with("one" => "three") + + @searcher.find(@request) + end + + end end end spec/unit/indirector/node/ldap.rb @@ -3,6 +3,39 @@ require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/indirector/rest' +describe "a REST http call", :shared => true do + it "should accept a path" do + lambda { @search.send(@method, *@arguments) }.should_not raise_error(ArgumentError) + end + + it "should require a path" do + lambda { @searcher.send(@method) }.should raise_error(ArgumentError) + end + + it "should use the Http Pool with the remote server and port looked up from the REST terminus" do + @searcher.expects(:rest_connection_details).returns(@details) + + conn = mock 'connection' + result = stub 'result', :body => "body" + conn.stubs(:put).returns result + conn.stubs(:delete).returns result + conn.stubs(:get).returns result + Puppet::Network::HttpPool.expects(:http_instance).with(@details[:host], @details[:port]).returns conn + @searcher.send(@method, *@arguments) + end + + it "should return the results of the request" do + conn = mock 'connection' + result = stub 'result', :body => "result" + conn.stubs(:put).returns result + conn.stubs(:delete).returns result + conn.stubs(:get).returns result + Puppet::Network::HttpPool.stubs(:http_instance).returns conn + + @searcher.send(@method, *@arguments).should == 'result' + end +end + describe Puppet::Indirector::REST do before do Puppet::Indirector::Terminus.stubs(:register_terminus_class) @@ -19,354 +52,280 @@ describe Puppet::Indirector::REST do @searcher = @rest_class.new end - - describe "when locating the REST connection" do - before do - Puppet.settings.stubs(:value).returns("whatever") - end - - it "should return the :server setting as the host" do - Puppet.settings.expects(:value).with(:server).returns "myserver" - @searcher.rest_connection_details[:host].should == "myserver" - end - - it "should return the :masterport (as an Integer) as the port" do - Puppet.settings.expects(:value).with(:masterport).returns "1234" - @searcher.rest_connection_details[:port].should == 1234 - end + + describe "when configuring the REST http call" do + before do + Puppet.settings.stubs(:value).returns("rest_testing") + end + + it "should return the :server setting as the host" do + Puppet.settings.expects(:value).with(:server).returns "myserver" + @searcher.rest_connection_details[:host].should == "myserver" + end + + it "should return the :masterport (as an Integer) as the port" do + Puppet.settings.expects(:value).with(:masterport).returns "1234" + @searcher.rest_connection_details[:port].should == 1234 + end end - + describe "when doing a network fetch" do - before :each do - Net::HTTP.stubs(:start).returns('result') - @details = { :host => '127.0.0.1', :port => 34343 } - @searcher.stubs(:rest_connection_details).returns(@details) - end - - it "should accept a path" do - lambda { @search.network_fetch('foo') }.should_not raise_error(ArgumentError) - end - - it "should require a path" do - lambda { @searcher.network_fetch }.should raise_error(ArgumentError) - end - - it "should look up connection details" do - @searcher.expects(:rest_connection_details).returns(@details) - @searcher.network_fetch('foo') - end - - it "should use the GET http method" do - @mock_result = stub('mock result', :body => 'result') - @mock_connection = mock('mock http connection', :get => @mock_result) - @searcher.stubs(:network).yields(@mock_connection) - @searcher.network_fetch('foo') - end - - it "should use the appropriate remote server" do - Net::HTTP.expects(:start).with {|host, port| host == @details[:host] } - @searcher.network_fetch('foo') - end - - it "should use the appropriate remote port" do - Net::HTTP.expects(:start).with {|host, port| port == @details[:port] } - @searcher.network_fetch('foo') - end - - it "should use the provided path" do - @mock_result = stub('mock result', :body => 'result') - @mock_connection = stub('mock http connection') - @mock_connection.expects(:get).with('/foo').returns(@mock_result) - @searcher.stubs(:network).yields(@mock_connection) - @searcher.network_fetch('foo') - end - - it "should return the results of the GET request" do - @searcher.network_fetch('foo').should == 'result' - end + before :each do + Net::HTTP.stubs(:start).returns('result') + @details = { :host => '127.0.0.1', :port => 34343 } + @searcher.stubs(:rest_connection_details).returns(@details) + + @method = :network_fetch + @arguments = "foo" + end + + it_should_behave_like "a REST http call" + + it "should use the GET http method" do + @mock_result = stub('mock result', :body => 'result') + @mock_connection = mock('mock http connection', :get => @mock_result) + @searcher.stubs(:network).returns(@mock_connection) + @searcher.network_fetch('foo') + end + + it "should use the provided path" do + @mock_result = stub('mock result', :body => 'result') + @mock_connection = stub('mock http connection') + @mock_connection.expects(:get).with('/foo').returns(@mock_result) + @searcher.stubs(:network).returns(@mock_connection) + @searcher.network_fetch('foo') + end end describe "when doing a network delete" do - before :each do - Net::HTTP.stubs(:start).returns('result') - @details = { :host => '127.0.0.1', :port => 34343 } - @searcher.stubs(:rest_connection_details).returns(@details) - end - - it "should accept a path" do - lambda { @search.network_delete('foo') }.should_not raise_error(ArgumentError) - end - - it "should require a path" do - lambda { @searcher.network_delete }.should raise_error(ArgumentError) - end - - it "should look up connection details" do - @searcher.expects(:rest_connection_details).returns(@details) - @searcher.network_delete('foo') - end - - it "should use the DELETE http method" do - @mock_result = stub('mock result', :body => 'result') - @mock_connection = mock('mock http connection', :delete => @mock_result) - @searcher.stubs(:network).yields(@mock_connection) - @searcher.network_delete('foo') - end - - it "should use the appropriate remote server" do - Net::HTTP.expects(:start).with {|host, port| host == @details[:host] } - @searcher.network_delete('foo') - end - - it "should use the appropriate remote port" do - Net::HTTP.expects(:start).with {|host, port| port == @details[:port] } - @searcher.network_delete('foo') - end - - it "should use the provided path" do - @mock_result = stub('mock result', :body => 'result') - @mock_connection = stub('mock http connection') - @mock_connection.expects(:delete).with('/foo').returns(@mock_result) - @searcher.stubs(:network).yields(@mock_connection) - @searcher.network_delete('foo') - end - - it "should return the results of the DELETE request" do - @searcher.network_delete('foo').should == 'result' - end + before :each do + Net::HTTP.stubs(:start).returns('result') + @details = { :host => '127.0.0.1', :port => 34343 } + @searcher.stubs(:rest_connection_details).returns(@details) + + @method = :network_delete + @arguments = "foo" + end + + it_should_behave_like "a REST http call" + + it "should use the DELETE http method" do + @mock_result = stub('mock result', :body => 'result') + @mock_connection = mock('mock http connection', :delete => @mock_result) + @searcher.stubs(:network).returns(@mock_connection) + @searcher.network_delete('foo') + end end - + describe "when doing a network put" do - before :each do - Net::HTTP.stubs(:start).returns('result') - @details = { :host => '127.0.0.1', :port => 34343 } - @data = { :foo => 'bar' } - @searcher.stubs(:rest_connection_details).returns(@details) - end - - it "should accept a path and data" do - lambda { @search.network_put('foo', @data) }.should_not raise_error(ArgumentError) - end - - it "should require a path and data" do - lambda { @searcher.network_put('foo') }.should raise_error(ArgumentError) - end - - it "should look up connection details" do - @searcher.expects(:rest_connection_details).returns(@details) - @searcher.network_put('foo', @data) - end - - it "should use the appropriate remote server" do - Net::HTTP.expects(:start).with {|host, port| host == @details[:host] } - @searcher.network_put('foo', @data) - end - - it "should use the appropriate remote port" do - Net::HTTP.expects(:start).with {|host, port| port == @details[:port] } - @searcher.network_put('foo', @data) - end - - it "should use the PUT http method" do - @mock_result = stub('mock result', :body => 'result') - @mock_connection = mock('mock http connection', :put => @mock_result) - @searcher.stubs(:network).yields(@mock_connection) - @searcher.network_put('foo', @data) - end - - it "should use the provided path" do - @mock_result = stub('mock result', :body => 'result') - @mock_connection = stub('mock http connection') - @mock_connection.expects(:put).with {|path, data| path == '/foo' }.returns(@mock_result) - @searcher.stubs(:network).yields(@mock_connection) - @searcher.network_put('foo', @data) - end - - it "should use the provided data" do - @mock_result = stub('mock result', :body => 'result') - @mock_connection = stub('mock http connection') - @mock_connection.expects(:put).with {|path, data| data == @data }.returns(@mock_result) - @searcher.stubs(:network).yields(@mock_connection) - @searcher.network_put('foo', @data) - end - - it "should return the results of the PUT request" do - @searcher.network_put('foo', @data).should == 'result' - end + before :each do + Net::HTTP.stubs(:start).returns('result') + @details = { :host => '127.0.0.1', :port => 34343 } + @data = { :foo => 'bar' } + @searcher.stubs(:rest_connection_details).returns(@details) + + @method = :network_put + @arguments = ["foo", @data] + end + + it_should_behave_like "a REST http call" + + it "should use the PUT http method" do + @mock_result = stub('mock result', :body => 'result') + @mock_connection = mock('mock http connection', :put => @mock_result) + @searcher.stubs(:network).returns(@mock_connection) + @searcher.network_put('foo', @data) + end + + it "should use the provided path" do + @mock_result = stub('mock result', :body => 'result') + @mock_connection = stub('mock http connection') + @mock_connection.expects(:put).with {|path, data| path == '/foo' }.returns(@mock_result) + @searcher.stubs(:network).returns(@mock_connection) + @searcher.network_put('foo', @data) + end + + it "should use the provided data" do + @mock_result = stub('mock result', :body => 'result') + @mock_connection = stub('mock http connection') + @mock_connection.expects(:put).with {|path, data| data == @data }.returns(@mock_result) + @searcher.stubs(:network).returns(@mock_connection) + @searcher.network_put('foo', @data) + end end describe "when doing a find" do - before :each do - @result = { :foo => 'bar'}.to_yaml - @searcher.stubs(:network_fetch).returns(@result) # neuter the network connection - @model.stubs(:from_yaml).returns(@instance) - - @request = stub 'request', :key => 'foo' - end - - it "should look up the model instance over the network" do - @searcher.expects(:network_fetch).returns(@result) - @searcher.find(@request) - end - - it "should look up the model instance using the named indirection" do - @searcher.expects(:network_fetch).with {|path| path =~ %r{^#{@indirection.name.to_s}/} }.returns(@result) - @searcher.find(@request) - end - - it "should look up the model instance using the provided key" do - @searcher.expects(:network_fetch).with {|path| path =~ %r{/foo$} }.returns(@result) - @searcher.find(@request) - end - - it "should deserialize result data to a Model instance" do - @model.expects(:from_yaml) - @searcher.find(@request) - end - - it "should return the deserialized Model instance" do - @searcher.find(@request).should == @instance - end - - it "should return nil when deserialized model instance is nil" do - @model.stubs(:from_yaml).returns(nil) - @searcher.find(@request).should be_nil - end - - it "should generate an error when result data deserializes improperly" do - @model.stubs(:from_yaml).raises(ArgumentError) - lambda { @searcher.find(@request) }.should raise_error(ArgumentError) - end - - it "should generate an error when result data specifies an error" do - @searcher.stubs(:network_fetch).returns(RuntimeError.new("bogus").to_yaml) - lambda { @searcher.find(@request) }.should raise_error(RuntimeError) - end + before :each do + @result = { :foo => 'bar'}.to_yaml + @searcher.stubs(:network_fetch).returns(@result) # neuter the network connection + @model.stubs(:from_yaml).returns(@instance) + + @request = stub 'request', :key => 'foo' + end + + it "should look up the model instance over the network" do + @searcher.expects(:network_fetch).returns(@result) + @searcher.find(@request) + end + + it "should look up the model instance using the named indirection" do + @searcher.expects(:network_fetch).with {|path| path =~ %r{^#{@indirection.name.to_s}/} }.returns(@result) + @searcher.find(@request) + end + + it "should look up the model instance using the provided key" do + @searcher.expects(:network_fetch).with {|path| path =~ %r{/foo$} }.returns(@result) + @searcher.find(@request) + end + + it "should deserialize result data to a Model instance" do + @model.expects(:from_yaml) + @searcher.find(@request) + end + + it "should return the deserialized Model instance" do + @searcher.find(@request).should == @instance + end + + it "should return nil when deserialized model instance is nil" do + @model.stubs(:from_yaml).returns(nil) + @searcher.find(@request).should be_nil + end + + it "should generate an error when result data deserializes improperly" do + @model.stubs(:from_yaml).raises(ArgumentError) + lambda { @searcher.find(@request) }.should raise_error(ArgumentError) + end + + it "should generate an error when result data specifies an error" do + @searcher.stubs(:network_fetch).returns(RuntimeError.new("bogus").to_yaml) + lambda { @searcher.find(@request) }.should raise_error(RuntimeError) + end end describe "when doing a search" do - before :each do - @result = [1, 2].to_yaml - @searcher.stubs(:network_fetch).returns(@result) - @model.stubs(:from_yaml).returns(@instance) - - @request = stub 'request', :key => 'foo' - end - - it "should look up the model data over the network" do - @searcher.expects(:network_fetch).returns(@result) - @searcher.search(@request) - end - - it "should look up the model instance using the named indirection" do - @searcher.expects(:network_fetch).with {|path| path =~ %r{^#{@indirection.name.to_s}s/} }.returns(@result) - @searcher.search(@request) - end - - it "should look up the model instance using the provided key" do - @searcher.expects(:network_fetch).with {|path| path =~ %r{/foo$} }.returns(@result) - @searcher.search(@request) - end - - it "should deserialize result data into a list of Model instances" do - @model.expects(:from_yaml).at_least(2) - @searcher.search(@request) - end - - it "should generate an error when result data deserializes improperly" do - @model.stubs(:from_yaml).raises(ArgumentError) - lambda { @searcher.search(@request) }.should raise_error(ArgumentError) - end - - it "should generate an error when result data specifies an error" do - @searcher.stubs(:network_fetch).returns(RuntimeError.new("bogus").to_yaml) - lambda { @searcher.search(@request) }.should raise_error(RuntimeError) - end - end - + before :each do + @result = [1, 2].to_yaml + @searcher.stubs(:network_fetch).returns(@result) + @model.stubs(:from_yaml).returns(@instance) + + @request = stub 'request', :key => 'foo' + end + + it "should look up the model data over the network" do + @searcher.expects(:network_fetch).returns(@result) + @searcher.search(@request) + end + + it "should look up the model instance using the plural of the named indirection" do + @searcher.expects(:network_fetch).with {|path| path =~ %r{^#{@indirection.name.to_s}s/} }.returns(@result) + @searcher.search(@request) + end + + it "should look up the model instance using the provided key" do + @searcher.expects(:network_fetch).with {|path| path =~ %r{/foo$} }.returns(@result) + @searcher.search(@request) + end + + it "should deserialize result data into a list of Model instances" do + @model.expects(:from_yaml).at_least(2) + @searcher.search(@request) + end + + it "should generate an error when result data deserializes improperly" do + @model.stubs(:from_yaml).raises(ArgumentError) + lambda { @searcher.search(@request) }.should raise_error(ArgumentError) + end + + it "should generate an error when result data specifies an error" do + @searcher.stubs(:network_fetch).returns(RuntimeError.new("bogus").to_yaml) + lambda { @searcher.search(@request) }.should raise_error(RuntimeError) + end + end + describe "when doing a destroy" do - before :each do - @result = true.to_yaml - @searcher.stubs(:network_delete).returns(@result) # neuter the network connection - @model.stubs(:from_yaml).returns(@instance) - - @request = stub 'request', :key => 'foo' - end - - it "should look up the model instance over the network" do - @searcher.expects(:network_delete).returns(@result) - @searcher.destroy(@request) - end - - it "should look up the model instance using the named indirection" do - @searcher.expects(:network_delete).with {|path| path =~ %r{^#{@indirection.name.to_s}/} }.returns(@result) - @searcher.destroy(@request) - end - - it "should look up the model instance using the provided key" do - @searcher.expects(:network_delete).with {|path| path =~ %r{/foo$} }.returns(@result) - @searcher.destroy(@request) - end - - it "should deserialize result data" do - YAML.expects(:load).with(@result) - @searcher.destroy(@request) - end - - it "should return deserialized result data" do - @searcher.destroy(@request).should == true - end - - it "should generate an error when result data specifies an error" do - @searcher.stubs(:network_delete).returns(RuntimeError.new("bogus").to_yaml) - lambda { @searcher.destroy(@request) }.should raise_error(RuntimeError) - end + before :each do + @result = true.to_yaml + @searcher.stubs(:network_delete).returns(@result) # neuter the network connection + @model.stubs(:from_yaml).returns(@instance) + + @request = stub 'request', :key => 'foo' + end + + it "should look up the model instance over the network" do + @searcher.expects(:network_delete).returns(@result) + @searcher.destroy(@request) + end + + it "should look up the model instance using the named indirection" do + @searcher.expects(:network_delete).with {|path| path =~ %r{^#{@indirection.name.to_s}/} }.returns(@result) + @searcher.destroy(@request) + end + + it "should look up the model instance using the provided key" do + @searcher.expects(:network_delete).with {|path| path =~ %r{/foo$} }.returns(@result) + @searcher.destroy(@request) + end + + it "should deserialize result data" do + YAML.expects(:load).with(@result) + @searcher.destroy(@request) + end + + it "should return deserialized result data" do + @searcher.destroy(@request).should == true + end + + it "should generate an error when result data specifies an error" do + @searcher.stubs(:network_delete).returns(RuntimeError.new("bogus").to_yaml) + lambda { @searcher.destroy(@request) }.should raise_error(RuntimeError) + end end describe "when doing a save" do - before :each do - @result = { :foo => 'bar'}.to_yaml - @searcher.stubs(:network_put).returns(@result) # neuter the network connection - @model.stubs(:from_yaml).returns(@instance) - - @request = stub 'request', :instance => @instance - end - - it "should save the model instance over the network" do - @searcher.expects(:network_put).returns(@result) - @searcher.save(@request) - end - - it "should save the model instance using the named indirection" do - @searcher.expects(:network_put).with do |path, data| - path =~ %r{^#{@indirection.name.to_s}/} and - data == @instance.to_yaml - end.returns(@result) - @searcher.save(@request) - end - - it "should deserialize result data to a Model instance" do - @model.expects(:from_yaml) - @searcher.save(@request) - end - - it "should return the resulting deserialized Model instance" do - @searcher.save(@request).should == @instance - end - - it "should return nil when deserialized model instance is nil" do - @model.stubs(:from_yaml).returns(nil) - @searcher.save(@request).should be_nil - end - - it "should generate an error when result data deserializes improperly" do - @model.stubs(:from_yaml).raises(ArgumentError) - lambda { @searcher.save(@request) }.should raise_error(ArgumentError) - end - - it "should generate an error when result data specifies an error" do - @searcher.stubs(:network_put).returns(RuntimeError.new("bogus").to_yaml) - lambda { @searcher.save(@request) }.should raise_error(RuntimeError) - end + before :each do + @result = { :foo => 'bar'}.to_yaml + @searcher.stubs(:network_put).returns(@result) # neuter the network connection + @model.stubs(:from_yaml).returns(@instance) + + @request = stub 'request', :instance => @instance + end + + it "should save the model instance over the network" do + @searcher.expects(:network_put).returns(@result) + @searcher.save(@request) + end + + it "should save the model instance using the named indirection" do + @searcher.expects(:network_put).with do |path, data| + path =~ %r{^#{@indirection.name.to_s}/} and + data == @instance.to_yaml + end.returns(@result) + @searcher.save(@request) + end + + it "should deserialize result data to a Model instance" do + @model.expects(:from_yaml) + @searcher.save(@request) + end + + it "should return the resulting deserialized Model instance" do + @searcher.save(@request).should == @instance + end + + it "should return nil when deserialized model instance is nil" do + @model.stubs(:from_yaml).returns(nil) + @searcher.save(@request).should be_nil + end + + it "should generate an error when result data deserializes improperly" do + @model.stubs(:from_yaml).raises(ArgumentError) + lambda { @searcher.save(@request) }.should raise_error(ArgumentError) + end + + it "should generate an error when result data specifies an error" do + @searcher.stubs(:network_put).returns(RuntimeError.new("bogus").to_yaml) + lambda { @searcher.save(@request) }.should raise_error(RuntimeError) + end end end spec/unit/indirector/rest.rb @@ -23,7 +23,14 @@ describe Puppet::Network::HTTP::Mongrel, "when turning on listening" do @mock_mongrel.stubs(:run) @mock_mongrel.stubs(:register) Mongrel::HttpServer.stubs(:new).returns(@mock_mongrel) - @listen_params = { :address => "127.0.0.1", :port => 31337, :handlers => [ :node, :catalog ], :protocols => [ :rest ] } + + @mock_puppet_mongrel = mock('puppet_mongrel') + Puppet::Network::HTTPServer::Mongrel.stubs(:new).returns(@mock_puppet_mongrel) + + @listen_params = { :address => "127.0.0.1", :port => 31337, + :handlers => [ :node, :catalog ], :protocols => [ :rest, :xmlrpc ], + :xmlrpc_handlers => [ :status, :fileserver ] + } end it "should fail if already listening" do @@ -63,18 +70,38 @@ describe Puppet::Network::HTTP::Mongrel, "when turning on listening" do @server.should be_listening end - it "should instantiate a handler for each protocol+handler pair to configure web server routing" do - @listen_params[:protocols].each do |protocol| - @listen_params[:handlers].each do |handler| - @mock_mongrel.expects(:register) + describe "when providing REST services" do + it "should instantiate a handler for each protocol+handler pair to configure web server routing" do + @listen_params[:protocols].each do |protocol| + @listen_params[:handlers].each do |handler| + @mock_mongrel.expects(:register) + end end + @server.listen(@listen_params) + end + + it "should use a Mongrel + REST class to configure Mongrel when REST services are requested" do + @server.expects(:class_for_protocol).with(:rest).at_least_once.returns(Puppet::Network::HTTP::MongrelREST) + @server.listen(@listen_params) end - @server.listen(@listen_params) end - - it "should use a Mongrel + REST class to configure Mongrel when REST services are requested" do - @server.expects(:class_for_protocol).with(:rest).at_least_once.returns(Puppet::Network::HTTP::MongrelREST) - @server.listen(@listen_params) + + describe "when providing XMLRPC services" do + it "should do nothing if no xmlrpc handlers have been provided" do + Puppet::Network::HTTPServer::Mongrel.expects(:new).never + @server.listen(@listen_params.merge(:xmlrpc_handlers => [])) + end + + it "should create an instance of the existing Mongrel http server with the right handlers" do + Puppet::Network::HTTPServer::Mongrel.expects(:new).with([:status, :master]).returns(@mock_puppet_mongrel) + @server.listen(@listen_params.merge(:xmlrpc_handlers => [:status, :master])) + end + + it "should register the Mongrel server instance at /RPC2" do + @mock_mongrel.expects(:register).with("/RPC2", @mock_puppet_mongrel) + + @server.listen(@listen_params.merge(:xmlrpc_handlers => [:status, :master])) + end end it "should fail if services from an unknown protocol are requested" do spec/unit/network/http/mongrel.rb @@ -19,18 +19,20 @@ describe Puppet::Network::HTTP::WEBrick, "when turning on listening" do WEBrick::HTTPServer.stubs(:new).returns(@mock_webrick) @server = Puppet::Network::HTTP::WEBrick.new [:setup_logger, :setup_ssl].each {|meth| @server.stubs(meth).returns({})} # the empty hash is required because of how we're merging - @listen_params = { :address => "127.0.0.1", :port => 31337, :handlers => [ :node, :catalog ], :protocols => [ :rest ] } + @listen_params = { :address => "127.0.0.1", :port => 31337, + :handlers => [ :node, :catalog ], :xmlrpc_handlers => [], :protocols => [ :rest ] + } end - + it "should fail if already listening" do @server.listen(@listen_params) Proc.new { @server.listen(@listen_params) }.should raise_error(RuntimeError) end - + it "should require at least one handler" do Proc.new { @server.listen(@listen_params.delete_if {|k,v| :handlers == k}) }.should raise_error(ArgumentError) end - + it "should require at least one protocol" do Proc.new { @server.listen(@listen_params.delete_if {|k,v| :protocols == k}) }.should raise_error(ArgumentError) end @@ -38,7 +40,7 @@ describe Puppet::Network::HTTP::WEBrick, "when turning on listening" do it "should require a listening address to be specified" do Proc.new { @server.listen(@listen_params.delete_if {|k,v| :address == k})}.should raise_error(ArgumentError) end - + it "should require a listening port to be specified" do Proc.new { @server.listen(@listen_params.delete_if {|k,v| :port == k})}.should raise_error(ArgumentError) end @@ -47,7 +49,7 @@ describe Puppet::Network::HTTP::WEBrick, "when turning on listening" do @mock_webrick.expects(:start) @server.listen(@listen_params) end - + it "should tell webrick to listen on the specified address and port" do WEBrick::HTTPServer.expects(:new).with {|args| args[:Port] == 31337 and args[:BindAddress] == "127.0.0.1" @@ -74,28 +76,80 @@ describe Puppet::Network::HTTP::WEBrick, "when turning on listening" do @server.listen(@listen_params) end - + it "should be listening" do @server.listen(@listen_params) @server.should be_listening end - - it "should instantiate a handler for each protocol+handler pair to configure web server routing" do - @listen_params[:protocols].each do |protocol| - mock_handler = mock("handler instance for [#{protocol}]") - mock_handler_class = mock("handler class for [#{protocol}]") - @listen_params[:handlers].each do |handler| - @mock_webrick.expects(:mount) + + describe "when the REST protocol is requested" do + it "should use a WEBrick + REST class to configure WEBrick" do + Puppet::Network::HTTP::WEBrick.expects(:class_for_protocol).with(:rest).at_least_once + @server.listen(@listen_params.merge(:protocols => [:rest])) + end + + it "should instantiate a handler for each protocol+handler pair to configure web server routing" do + @listen_params[:protocols].each do |protocol| + @listen_params[:handlers].each do |handler| + @mock_webrick.expects(:mount) + end end + @server.listen(@listen_params) end - @server.listen(@listen_params) end - it "should use a WEBrick + REST class to configure WEBrick when REST services are requested" do - Puppet::Network::HTTP::WEBrick.expects(:class_for_protocol).with(:rest).at_least_once - @server.listen(@listen_params.merge(:protocols => [:rest])) + describe "when the XMLRPC protocol is requested" do + before do + @servlet = mock 'servlet' + + Puppet::Network::XMLRPC::WEBrickServlet.stubs(:new).returns @servlet + + @master_handler = mock('master_handler') + @file_handler = mock('file_handler') + + @master = mock 'master' + @file = mock 'file' + @master_handler.stubs(:new).returns @master + @file_handler.stubs(:new).returns @file + + Puppet::Network::Handler.stubs(:handler).with(:master).returns @master_handler + Puppet::Network::Handler.stubs(:handler).with(:fileserver).returns @file_handler + end + + it "should do nothing if no xmlrpc handlers have been specified" do + Puppet::Network::Handler.expects(:handler).never + + @server.listen(@listen_params.merge(:protocols => [:xmlrpc], :xmlrpc_handlers => [])) + end + + it "should look the handler classes up via their base class" do + Puppet::Network::Handler.expects(:handler).with(:master).returns @master_handler + Puppet::Network::Handler.expects(:handler).with(:fileserver).returns @file_handler + + @server.listen(@listen_params.merge(:protocols => [:xmlrpc], :xmlrpc_handlers => [:master, :fileserver])) + end + + it "should create an instance for each requested xmlrpc handler" do + @master_handler.expects(:new).returns @master + @file_handler.expects(:new).returns @file + + @server.listen(@listen_params.merge(:protocols => [:xmlrpc], :xmlrpc_handlers => [:master, :fileserver])) + end + + it "should create a webrick servlet with the xmlrpc handler instances" do + Puppet::Network::XMLRPC::WEBrickServlet.expects(:new).with([@master, @file]).returns @servlet + + @server.listen(@listen_params.merge(:protocols => [:xmlrpc], :xmlrpc_handlers => [:master, :fileserver])) + end + + it "should mount the webrick servlet at /RPC2" do + @mock_webrick.stubs(:mount) + @mock_webrick.expects(:mount).with("/RPC2", @servlet) + + @server.listen(@listen_params.merge(:protocols => [:xmlrpc], :xmlrpc_handlers => [:master, :fileserver])) + end end - + it "should fail if services from an unknown protocol are requested" do Proc.new { @server.listen(@listen_params.merge(:protocols => [ :foo ]))}.should raise_error end @@ -103,21 +157,21 @@ end describe Puppet::Network::HTTP::WEBrick, "when looking up the class to handle a protocol" do - it "should require a protocol" do - lambda { Puppet::Network::HTTP::WEBrick.class_for_protocol }.should raise_error(ArgumentError) - end - - it "should accept a protocol" do - lambda { Puppet::Network::HTTP::WEBrick.class_for_protocol("bob") }.should_not raise_error(ArgumentError) - end - - it "should use a WEBrick + REST class when a REST protocol is specified" do - Puppet::Network::HTTP::WEBrick.class_for_protocol("rest").should == Puppet::Network::HTTP::WEBrickREST - end - - it "should fail when an unknown protocol is specified" do - lambda { Puppet::Network::HTTP::WEBrick.class_for_protocol("abcdefg") }.should raise_error - end + it "should require a protocol" do + lambda { Puppet::Network::HTTP::WEBrick.class_for_protocol }.should raise_error(ArgumentError) + end + + it "should accept a protocol" do + lambda { Puppet::Network::HTTP::WEBrick.class_for_protocol("bob") }.should_not raise_error(ArgumentError) + end + + it "should use a WEBrick + REST class when a REST protocol is specified" do + Puppet::Network::HTTP::WEBrick.class_for_protocol("rest").should == Puppet::Network::HTTP::WEBrickREST + end + + it "should fail when an unknown protocol is specified" do + lambda { Puppet::Network::HTTP::WEBrick.class_for_protocol("abcdefg") }.should raise_error + end end describe Puppet::Network::HTTP::WEBrick, "when turning off listening" do @@ -129,17 +183,17 @@ describe Puppet::Network::HTTP::WEBrick, "when turning off listening" do [:setup_logger, :setup_ssl].each {|meth| @server.stubs(meth).returns({})} # the empty hash is required because of how we're merging @listen_params = { :address => "127.0.0.1", :port => 31337, :handlers => [ :node, :catalog ], :protocols => [ :rest ] } end - + it "should fail unless listening" do Proc.new { @server.unlisten }.should raise_error(RuntimeError) end - + it "should order webrick server to stop" do @mock_webrick.expects(:shutdown) @server.listen(@listen_params) @server.unlisten end - + it "should no longer be listening" do @server.listen(@listen_params) @server.unlisten @@ -154,20 +208,6 @@ describe Puppet::Network::HTTP::WEBrick do WEBrick::HTTPServer.stubs(:new).returns(@mock_webrick) @server = Puppet::Network::HTTP::WEBrick.new end - - describe "when configuring an x509 store" do - it "should add the CRL to the store" - - it "should create a new x509 store" - - it "should add the CA certificate to the store" - - it "should set the store's flags to 'OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK'" - - it "should set the store's purpose to 'OpenSSL::X509::PURPOSE_ANY'" - - it "should return the store" - end describe "when configuring an http logger" do before do @@ -250,22 +290,72 @@ describe Puppet::Network::HTTP::WEBrick do end describe "when configuring ssl" do - it "should add an x509 store if the CRL is enabled" + before do + @key = stub 'key', :content => "mykey" + @cert = stub 'cert', :content => "mycert" + @host = stub 'host', :key => @key, :certificate => @cert, :name => "yay", :ssl_store => "mystore" - it "should not add an x509 store if the CRL is disabled" + Puppet::SSL::Certificate.stubs(:find).with('ca').returns @cert - it "should configure the certificate" + Puppet::SSL::Host.stubs(:new).returns @host + end - it "should configure the private key" + it "should use the key from an SSL::Host instance created with the default name" do + Puppet::SSL::Host.expects(:new).returns @host + @host.expects(:key).returns @key - it "should start ssl immediately" + @server.setup_ssl[:SSLPrivateKey].should == "mykey" + end + + it "should generate its files if no certificate can be found" do + @host.expects(:certificate).times(2).returns(nil).then.returns(@cert) - it "should enable ssl" + @host.expects(:generate) - it "should specify the path to the CA certificate" + @server.setup_ssl + end - it "should configure the verification method as 'OpenSSL::SSL::VERIFY_PEER'" + it "should configure the certificate" do + @server.setup_ssl[:SSLCertificate].should == "mycert" + end - it "should set the certificate name to 'nil'" + it "should fail if no CA certificate can be found" do + Puppet::SSL::Certificate.stubs(:find).with('ca').returns nil + + lambda { @server.setup_ssl }.should raise_error(Puppet::Error) + end + + it "should specify the path to the CA certificate" do + Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).with(:hostcrl).returns 'false' + Puppet.settings.stubs(:value).with(:localcacert).returns '/ca/crt' + + @server.setup_ssl[:SSLCACertificateFile].should == "/ca/crt" + end + + it "should start ssl immediately" do + @server.setup_ssl[:SSLStartImmediately].should be_true + end + + it "should enable ssl" do + @server.setup_ssl[:SSLEnable].should be_true + end + + it "should configure the verification method as 'OpenSSL::SSL::VERIFY_PEER'" do + @server.setup_ssl[:SSLVerifyClient].should == OpenSSL::SSL::VERIFY_PEER + end + + it "should add an x509 store" do + Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).with(:hostcrl).returns '/my/crl' + + @host.expects(:ssl_store).returns "mystore" + + @server.setup_ssl[:SSLCertificateStore].should == "mystore" + end + + it "should set the certificate name to 'nil'" do + @server.setup_ssl[:SSLCertName].should be_nil + end end end spec/unit/network/http/webrick.rb @@ -6,105 +6,28 @@ require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/network/http_pool' -describe Puppet::Network::HttpPool, " when adding certificate information to http instances" do - before do - @http = mock 'http' - [:cert_store=, :verify_mode=, :ca_file=, :cert=, :key=].each { |m| @http.stubs(m) } - @store = stub 'store' - [:add_file,:purpose=].each { |m| @store.stubs(m) } +describe Puppet::Network::HttpPool do + after do + Puppet::Util::Cacher.invalidate + Puppet::Network::HttpPool.clear_http_instances + Puppet::Network::HttpPool.instance_variable_set("@ssl_host", nil) end it "should have keep-alive disabled" do Puppet::Network::HttpPool::HTTP_KEEP_ALIVE.should be_false end - it "should do nothing if no certificate is available" do - Puppet::Network::HttpPool.expects(:read_cert).returns(false) - @http.expects(:cert=).never - Puppet::Network::HttpPool.cert_setup(@http) - end - - it "should add a certificate store" do - Puppet::Network::HttpPool.stubs(:read_cert).returns(true) - Puppet::Network::HttpPool.stubs(:key).returns(:mykey) - OpenSSL::X509::Store.expects(:new).returns(@store) - @http.expects(:cert_store=).with(@store) - - Puppet::Network::HttpPool.cert_setup(@http) - end - - it "should add the local CA cert to the certificate store" do - Puppet::Network::HttpPool.stubs(:read_cert).returns(true) - OpenSSL::X509::Store.expects(:new).returns(@store) - Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file") - Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file") - @store.expects(:add_file).with("/some/file") - - Puppet::Network::HttpPool.stubs(:key).returns(:whatever) - - Puppet::Network::HttpPool.cert_setup(@http) - end - - it "should set the purpose of the cert store to OpenSSL::X509::PURPOSE_SSL_CLIENT" do - Puppet::Network::HttpPool.stubs(:read_cert).returns(true) - Puppet::Network::HttpPool.stubs(:key).returns(:mykey) - OpenSSL::X509::Store.expects(:new).returns(@store) - - @store.expects(:purpose=).with(OpenSSL::X509::PURPOSE_SSL_CLIENT) - - Puppet::Network::HttpPool.cert_setup(@http) - end - - it "should add the client certificate" do - Puppet::Network::HttpPool.stubs(:read_cert).returns(true) - Puppet::Network::HttpPool.stubs(:cert).returns(:mycert) - Puppet::Network::HttpPool.stubs(:key).returns(:mykey) - OpenSSL::X509::Store.expects(:new).returns(@store) - - @http.expects(:cert=).with(:mycert) - - Puppet::Network::HttpPool.cert_setup(@http) - end - - it "should add the client key" do - Puppet::Network::HttpPool.stubs(:read_cert).returns(true) - Puppet::Network::HttpPool.stubs(:key).returns(:mykey) - OpenSSL::X509::Store.expects(:new).returns(@store) - - @http.expects(:key=).with(:mykey) - - Puppet::Network::HttpPool.cert_setup(@http) + it "should use an SSL::Host instance to get its certificate information" do + host = mock 'host' + Puppet::SSL::Host.expects(:new).with().returns host + Puppet::Network::HttpPool.ssl_host.should equal(host) end - it "should set the verify mode to OpenSSL::SSL::VERIFY_PEER" do - Puppet::Network::HttpPool.stubs(:read_cert).returns(true) - Puppet::Network::HttpPool.stubs(:key).returns(:mykey) - OpenSSL::X509::Store.expects(:new).returns(@store) - - @http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) - - Puppet::Network::HttpPool.cert_setup(@http) - end - - it "should set the ca file" do - Puppet::Network::HttpPool.stubs(:read_cert).returns(true) - Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file") - OpenSSL::X509::Store.expects(:new).returns(@store) - - @http.expects(:ca_file=).with("/some/file") - - Puppet::Network::HttpPool.stubs(:key).returns(:whatever) - - Puppet::Network::HttpPool.cert_setup(@http) - end - - it "should set up certificate information when creating http instances" do - Puppet::Network::HttpPool.expects(:cert_setup).with { |i| i.is_a?(Net::HTTP) } - Puppet::Network::HttpPool.http_instance("one", "two") - end - - after do - Puppet::Network::HttpPool.clear_http_instances + it "should reuse the same host instance" do + host = mock 'host' + Puppet::SSL::Host.expects(:new).with().once.returns host + Puppet::Network::HttpPool.ssl_host.should equal(host) + Puppet::Network::HttpPool.ssl_host.should equal(host) end describe "when managing http instances" do @@ -115,7 +38,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt end before do - # All of hte cert stuff is tested elsewhere + # All of the cert stuff is tested elsewhere Puppet::Network::HttpPool.stubs(:cert_setup) end @@ -152,7 +75,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt Puppet::Network::HttpPool.http_instance("me", 54321).open_timeout.should == 120 end - describe "when http keep-alive is enabled" do + describe "and http keep-alive is enabled" do before do Puppet::Network::HttpPool.stubs(:keep_alive?).returns true end @@ -201,9 +124,19 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt one.expects(:finish).never Puppet::Network::HttpPool.clear_http_instances end + + it "should reset its ssl host when clearing the cache" do + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true, :certname => "a" + one = Puppet::Network::HttpPool.http_instance("me", 54321) + one.expects(:started?).returns(false) + one.expects(:finish).never + id = Puppet::Network::HttpPool.ssl_host.object_id + Puppet::Network::HttpPool.clear_http_instances + Puppet::Network::HttpPool.ssl_host.object_id.should_not == id + end end - describe "when http keep-alive is disabled" do + describe "and http keep-alive is disabled" do before do Puppet::Network::HttpPool.stubs(:keep_alive?).returns false end @@ -215,26 +148,73 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt end end - # We mostly have to do this for testing, since in real life people - # won't change certs within a single process. - it "should remove its loaded certificate when clearing the cache" do - Puppet::Network::HttpPool.instance_variable_set("@cert", :yay) + after do Puppet::Network::HttpPool.clear_http_instances - # Can't use the accessor, because it will read the cert in - Puppet::Network::HttpPool.instance_variable_get("@cert").should be_nil end + end - # We mostly have to do this for testing, since in real life people - # won't change certs within a single process. - it "should remove its loaded key when clearing the cache" do - Puppet::Network::HttpPool.instance_variable_set("@key", :yay) - Puppet::Network::HttpPool.clear_http_instances - # Can't use the accessor, because it will read the cert in - Puppet::Network::HttpPool.instance_variable_get("@key").should be_nil + describe "when adding certificate information to http instances" do + before do + @http = mock 'http' + [:cert_store=, :verify_mode=, :ca_file=, :cert=, :key=].each { |m| @http.stubs(m) } + @store = stub 'store' + + @cert = stub 'cert', :content => "real_cert" + @key = stub 'key', :content => "real_key" + @host = stub 'host', :certificate => @cert, :key => @key, :ssl_store => @store + + Puppet[:confdir] = "/sometthing/else" + Puppet.settings.stubs(:value).returns "/some/file" + Puppet.settings.stubs(:value).with(:hostcert).returns "/host/cert" + + FileTest.stubs(:exist?).with("/host/cert").returns true + + Puppet::Network::HttpPool.stubs(:ssl_host).returns @host end - after do - Puppet::Network::HttpPool.clear_http_instances + it "should do nothing if no certificate is on disk" do + FileTest.expects(:exist?).with("/host/cert").returns false + @http.expects(:cert=).never + Puppet::Network::HttpPool.cert_setup(@http) + end + + it "should add a certificate store from the ssl host" do + @http.expects(:cert_store=).with(@store) + + Puppet::Network::HttpPool.cert_setup(@http) + end + + it "should add the client certificate" do + @http.expects(:cert=).with("real_cert") + + Puppet::Network::HttpPool.cert_setup(@http) + end + + it "should add the client key" do + @http.expects(:key=).with("real_key") + + Puppet::Network::HttpPool.cert_setup(@http) + end + + it "should set the verify mode to OpenSSL::SSL::VERIFY_PEER" do + @http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) + + Puppet::Network::HttpPool.cert_setup(@http) + end + + it "should set the ca file" do + Puppet.settings.stubs(:value).returns "/some/file" + FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns true + + Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file" + @http.expects(:ca_file=).with("/ca/cert/file") + + Puppet::Network::HttpPool.cert_setup(@http) + end + + it "should set up certificate information when creating http instances" do + Puppet::Network::HttpPool.expects(:cert_setup).with { |i| i.is_a?(Net::HTTP) } + Puppet::Network::HttpPool.http_instance("one", "two") end end end spec/unit/network/http_pool.rb @@ -6,311 +6,527 @@ require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/network/server' -describe Puppet::Network::Server, "when initializing" do +describe Puppet::Network::Server do before do @mock_http_server_class = mock('http server class') - Puppet.stubs(:[]).with(:servertype).returns(:suparserver) + Puppet.settings.stubs(:use) + Puppet.settings.stubs(:value).with(:name).returns("me") + Puppet.settings.stubs(:value).with(:servertype).returns(:suparserver) Puppet::Network::HTTP.stubs(:server_class_by_type).returns(@mock_http_server_class) - end - - it "should allow specifying a listening address" do - Puppet.stubs(:[]).with(:masterport).returns('') - @server = Puppet::Network::Server.new(:address => "127.0.0.1") - @server.address.should == "127.0.0.1" + Puppet.settings.stubs(:value).with(:servertype).returns(:suparserver) + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) end - it "should allow specifying a listening port" do - Puppet.stubs(:[]).with(:bindaddress).returns('') - @server = Puppet::Network::Server.new(:port => 31337) - @server.port.should == 31337 - end - - it "should use the Puppet configurator to find a default listening address" do - Puppet.stubs(:[]).with(:masterport).returns('') - Puppet.expects(:[]).with(:bindaddress).returns("10.0.0.1") - @server = Puppet::Network::Server.new - @server.address.should == "10.0.0.1" - end + describe "when initializing" do + before do + Puppet::Indirector::Indirection.stubs(:model).returns mock('indirection') + Puppet::Network::Handler.stubs(:handler).returns mock('xmlrpc_handler') + end - it "should use the Puppet configurator to find a default listening port" do - Puppet.stubs(:[]).with(:bindaddress).returns('') - Puppet.expects(:[]).with(:masterport).returns(6667) - @server = Puppet::Network::Server.new - @server.port.should == 6667 - end + it "should allow specifying a listening address" do + Puppet.settings.stubs(:value).with(:masterport).returns('') + @server = Puppet::Network::Server.new(:address => "127.0.0.1") + @server.address.should == "127.0.0.1" + end - it "should fail to initialize if no listening address can be found" do - Puppet.stubs(:[]).with(:masterport).returns(6667) - Puppet.stubs(:[]).with(:bindaddress).returns(nil) - Proc.new { Puppet::Network::Server.new }.should raise_error(ArgumentError) - end - - it "should fail to initialize if no listening port can be found" do - Puppet.stubs(:[]).with(:bindaddress).returns("127.0.0.1") - Puppet.stubs(:[]).with(:masterport).returns(nil) - Proc.new { Puppet::Network::Server.new }.should raise_error(ArgumentError) - end + it "should allow specifying a listening port" do + Puppet.settings.stubs(:value).with(:bindaddress).returns('') + @server = Puppet::Network::Server.new(:port => 31337) + @server.port.should == 31337 + end - it "should use the Puppet configurator to determine which HTTP server will be used to provide access to clients" do - Puppet.expects(:[]).with(:servertype).returns(:suparserver) - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) - @server.server_type.should == :suparserver - end - - it "should fail to initialize if there is no HTTP server known to the Puppet configurator" do - Puppet.expects(:[]).with(:servertype).returns(nil) - Proc.new { Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) }.should raise_error - end - - it "should ask the Puppet::Network::HTTP class to fetch the proper HTTP server class" do - Puppet::Network::HTTP.expects(:server_class_by_type).with(:suparserver).returns(@mock_http_server_class) - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) - end - - it "should fail if the HTTP server class is unknown" do - Puppet::Network::HTTP.stubs(:server_class_by_type).returns(nil) - Proc.new { Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) }.should raise_error(ArgumentError) - end - - it "should allow registering indirections" do - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337, :handlers => [ :foo, :bar, :baz]) - Proc.new { @server.unregister(:foo, :bar, :baz) }.should_not raise_error - end - - it "should not be listening after initialization" do - Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337).should_not be_listening - end -end + it "should use the Puppet configurator to find a default listening address" do + Puppet.settings.stubs(:value).with(:masterport).returns('') + Puppet.settings.expects(:value).with(:bindaddress).returns("10.0.0.1") + @server = Puppet::Network::Server.new + @server.address.should == "10.0.0.1" + end -describe Puppet::Network::Server, "in general" do - before do - @mock_http_server_class = mock('http server class') - Puppet::Network::HTTP.stubs(:server_class_by_type).returns(@mock_http_server_class) - Puppet.stubs(:[]).with(:servertype).returns(:suparserver) - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) - end - - it "should allow registering an indirection for client access by specifying its indirection name" do - Proc.new { @server.register(:foo) }.should_not raise_error - end - - it "should require at least one indirection name when registering indirections for client access" do - Proc.new { @server.register }.should raise_error(ArgumentError) - end - - it "should allow for numerous indirections to be registered at once for client access" do - Proc.new { @server.register(:foo, :bar, :baz) }.should_not raise_error - end + it "should use the Puppet configurator to find a default listening port" do + Puppet.settings.stubs(:value).with(:bindaddress).returns('') + Puppet.settings.expects(:value).with(:masterport).returns(6667) + @server = Puppet::Network::Server.new + @server.port.should == 6667 + end + + it "should fail to initialize if no listening address can be found" do + Puppet.settings.stubs(:value).with(:masterport).returns(6667) + Puppet.settings.stubs(:value).with(:bindaddress).returns(nil) + lambda { Puppet::Network::Server.new }.should raise_error(ArgumentError) + end + + it "should fail to initialize if no listening port can be found" do + Puppet.settings.stubs(:value).with(:bindaddress).returns("127.0.0.1") + Puppet.settings.stubs(:value).with(:masterport).returns(nil) + lambda { Puppet::Network::Server.new }.should raise_error(ArgumentError) + end + + it "should use the Puppet configurator to determine which HTTP server will be used to provide access to clients" do + Puppet.settings.expects(:value).with(:servertype).returns(:suparserver) + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) + @server.server_type.should == :suparserver + end - it "should allow the use of indirection names to specify which indirections are to be no longer accessible to clients" do - @server.register(:foo) - Proc.new { @server.unregister(:foo) }.should_not raise_error + it "should fail to initialize if there is no HTTP server known to the Puppet configurator" do + Puppet.settings.expects(:value).with(:servertype).returns(nil) + lambda { Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) }.should raise_error + end + + it "should ask the Puppet::Network::HTTP class to fetch the proper HTTP server class" do + Puppet::Network::HTTP.expects(:server_class_by_type).with(:suparserver).returns(@mock_http_server_class) + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) + end + + it "should fail if the HTTP server class is unknown" do + Puppet::Network::HTTP.stubs(:server_class_by_type).returns(nil) + lambda { Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) }.should raise_error(ArgumentError) + end + + it "should allow registering REST handlers" do + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337, :handlers => [ :foo, :bar, :baz]) + lambda { @server.unregister(:foo, :bar, :baz) }.should_not raise_error + end + + it "should allow registering XMLRPC handlers" do + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337, :xmlrpc_handlers => [ :foo, :bar, :baz]) + lambda { @server.unregister_xmlrpc(:foo, :bar, :baz) }.should_not raise_error + end + + it "should not be listening after initialization" do + Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337).should_not be_listening + end + + it "should use the :main setting section" do + Puppet.settings.expects(:use).with { |args| args.include?(:main) } + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337, :xmlrpc_handlers => [ :foo, :bar, :baz]) + end + + it "should use the Puppet[:name] setting section" do + Puppet.settings.expects(:value).with(:name).returns "me" + Puppet.settings.expects(:use).with { |args| args.include?("me") } + + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337, :xmlrpc_handlers => [ :foo, :bar, :baz]) + end end - it "should leave other indirections accessible to clients when turning off indirections" do - @server.register(:foo, :bar) - @server.unregister(:foo) - Proc.new { @server.unregister(:bar)}.should_not raise_error + # We don't test the method, because it's too much of a Unix-y pain. + it "should be able to daemonize" do + @server.should respond_to(:daemonize) end - - it "should allow specifying numerous indirections which are to be no longer accessible to clients" do - @server.register(:foo, :bar) - Proc.new { @server.unregister(:foo, :bar) }.should_not raise_error + + describe "when being started" do + before do + @server.stubs(:listen) + @server.stubs(:create_pidfile) + end + + it "should listen" do + @server.expects(:listen) + @server.start + end + + it "should create its PID file" do + @server.expects(:create_pidfile) + @server.start + end end - - it "should not turn off any indirections if given unknown indirection names to turn off" do - @server.register(:foo, :bar) - Proc.new { @server.unregister(:foo, :bar, :baz) }.should raise_error(ArgumentError) - Proc.new { @server.unregister(:foo, :bar) }.should_not raise_error + + describe "when being stopped" do + before do + @server.stubs(:unlisten) + @server.stubs(:remove_pidfile) + end + + it "should unlisten" do + @server.expects(:unlisten) + @server.stop + end + + it "should remove its PID file" do + @server.expects(:remove_pidfile) + @server.stop + end end - - it "should not allow turning off unknown indirection names" do - @server.register(:foo, :bar) - Proc.new { @server.unregister(:baz) }.should raise_error(ArgumentError) + + describe "when creating its pidfile" do + it "should use an exclusive mutex" do + Puppet.settings.expects(:value).with(:name).returns "me" + + sync = mock 'sync' + Puppet::Util.expects(:sync).with("me").returns sync + + sync.expects(:synchronize).with(Sync::EX) + @server.create_pidfile + end + + it "should lock the pidfile using the Pidlock class" do + pidfile = mock 'pidfile' + + Puppet.settings.stubs(:value).with(:name).returns "eh" + Puppet.settings.expects(:value).with(:pidfile).returns "/my/file" + + Puppet::Util::Pidlock.expects(:new).with("/my/file").returns pidfile + + pidfile.expects(:lock).returns true + @server.create_pidfile + end + + it "should fail if it cannot lock" do + pidfile = mock 'pidfile' + + Puppet.settings.stubs(:value).with(:name).returns "eh" + Puppet.settings.stubs(:value).with(:pidfile).returns "/my/file" + + Puppet::Util::Pidlock.expects(:new).with("/my/file").returns pidfile + + pidfile.expects(:lock).returns false + + lambda { @server.create_pidfile }.should raise_error + end end - - it "should disable client access immediately when turning off indirections" do - @server.register(:foo, :bar) - @server.unregister(:foo) - Proc.new { @server.unregister(:foo) }.should raise_error(ArgumentError) + + describe "when removing its pidfile" do + it "should use an exclusive mutex" do + Puppet.settings.expects(:value).with(:name).returns "me" + + sync = mock 'sync' + Puppet::Util.expects(:sync).with("me").returns sync + + sync.expects(:synchronize).with(Sync::EX) + @server.remove_pidfile + end + + it "should do nothing if the pidfile is not present" do + pidfile = mock 'pidfile', :locked? => false + Puppet::Util::Pidlock.expects(:new).with("/my/file").returns pidfile + + Puppet.settings.stubs(:value).with(:name).returns "eh" + Puppet.settings.stubs(:value).with(:pidfile).returns "/my/file" + + pidfile.expects(:unlock).never + @server.remove_pidfile + end + + it "should unlock the pidfile using the Pidlock class" do + pidfile = mock 'pidfile', :locked? => true + Puppet::Util::Pidlock.expects(:new).with("/my/file").returns pidfile + pidfile.expects(:unlock).returns true + + Puppet.settings.stubs(:value).with(:name).returns "eh" + Puppet.settings.stubs(:value).with(:pidfile).returns "/my/file" + + @server.remove_pidfile + end + + it "should warn if it cannot remove the pidfile" do + pidfile = mock 'pidfile', :locked? => true + Puppet::Util::Pidlock.expects(:new).with("/my/file").returns pidfile + pidfile.expects(:unlock).returns false + + Puppet.settings.stubs(:value).with(:name).returns "eh" + Puppet.settings.stubs(:value).with(:pidfile).returns "/my/file" + + Puppet.expects :err + @server.remove_pidfile + end end - - it "should allow turning off all indirections at once" do - @server.register(:foo, :bar) - @server.unregister - [ :foo, :bar, :baz].each do |indirection| - Proc.new { @server.unregister(indirection) }.should raise_error(ArgumentError) + + describe "when managing indirection registrations" do + before do + Puppet::Indirector::Indirection.stubs(:model).returns mock('indirection') + end + + it "should allow registering an indirection for client access by specifying its indirection name" do + lambda { @server.register(:foo) }.should_not raise_error + end + + it "should require that the indirection be valid" do + Puppet::Indirector::Indirection.expects(:model).with(:foo).returns nil + lambda { @server.register(:foo) }.should raise_error(ArgumentError) + end + + it "should require at least one indirection name when registering indirections for client access" do + lambda { @server.register }.should raise_error(ArgumentError) + end + + it "should allow for numerous indirections to be registered at once for client access" do + lambda { @server.register(:foo, :bar, :baz) }.should_not raise_error + end + + it "should allow the use of indirection names to specify which indirections are to be no longer accessible to clients" do + @server.register(:foo) + lambda { @server.unregister(:foo) }.should_not raise_error + end + + it "should leave other indirections accessible to clients when turning off indirections" do + @server.register(:foo, :bar) + @server.unregister(:foo) + lambda { @server.unregister(:bar)}.should_not raise_error + end + + it "should allow specifying numerous indirections which are to be no longer accessible to clients" do + @server.register(:foo, :bar) + lambda { @server.unregister(:foo, :bar) }.should_not raise_error + end + + it "should not turn off any indirections if given unknown indirection names to turn off" do + @server.register(:foo, :bar) + lambda { @server.unregister(:foo, :bar, :baz) }.should raise_error(ArgumentError) + lambda { @server.unregister(:foo, :bar) }.should_not raise_error + end + + it "should not allow turning off unknown indirection names" do + @server.register(:foo, :bar) + lambda { @server.unregister(:baz) }.should raise_error(ArgumentError) + end + + it "should disable client access immediately when turning off indirections" do + @server.register(:foo, :bar) + @server.unregister(:foo) + lambda { @server.unregister(:foo) }.should raise_error(ArgumentError) + end + + it "should allow turning off all indirections at once" do + @server.register(:foo, :bar) + @server.unregister + [ :foo, :bar, :baz].each do |indirection| + lambda { @server.unregister(indirection) }.should raise_error(ArgumentError) + end end end - + it "should provide a means of determining whether it is listening" do @server.should respond_to(:listening?) end - + it "should provide a means of determining which HTTP server will be used to provide access to clients" do @server.server_type.should == :suparserver end - - it "should allow for multiple configurations, each handling different indirections" do - @server2 = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) - @server.register(:foo, :bar) - @server2.register(:foo, :xyzzy) - @server.unregister(:foo, :bar) - @server2.unregister(:foo, :xyzzy) - Proc.new { @server.unregister(:xyzzy) }.should raise_error(ArgumentError) - Proc.new { @server2.unregister(:bar) }.should raise_error(ArgumentError) - end it "should provide a means of determining which protocols are in use" do @server.should respond_to(:protocols) end - - it "should only support the REST protocol at this time" do - @server.protocols.should == [ :rest ] + + it "should set the protocols to :rest and :xmlrpc" do + @server.protocols.should == [ :rest, :xmlrpc ] end - + it "should provide a means of determining the listening address" do @server.address.should == "127.0.0.1" end - + it "should provide a means of determining the listening port" do @server.port.should == 31337 end -end -describe Puppet::Network::Server, "when listening is off" do - before do - @mock_http_server_class = mock('http server class') - Puppet::Network::HTTP.stubs(:server_class_by_type).returns(@mock_http_server_class) - Puppet.stubs(:[]).with(:servertype).returns(:suparserver) - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) - @mock_http_server = mock('http server') - @mock_http_server.stubs(:listen) - @server.stubs(:http_server).returns(@mock_http_server) - end + it "should allow for multiple configurations, each handling different indirections" do + Puppet::Indirector::Indirection.stubs(:model).returns mock('indirection') - it "should indicate that it is not listening" do - @server.should_not be_listening + @server2 = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) + @server.register(:foo, :bar) + @server2.register(:foo, :xyzzy) + @server.unregister(:foo, :bar) + @server2.unregister(:foo, :xyzzy) + lambda { @server.unregister(:xyzzy) }.should raise_error(ArgumentError) + lambda { @server2.unregister(:bar) }.should raise_error(ArgumentError) end - - it "should not allow listening to be turned off" do - Proc.new { @server.unlisten }.should raise_error(RuntimeError) - end - - it "should allow listening to be turned on" do - Proc.new { @server.listen }.should_not raise_error - end - -end -describe Puppet::Network::Server, "when listening is on" do - before do - @mock_http_server_class = mock('http server class') - Puppet::Network::HTTP.stubs(:server_class_by_type).returns(@mock_http_server_class) - Puppet.stubs(:[]).with(:servertype).returns(:suparserver) - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) - @mock_http_server = mock('http server') - @mock_http_server.stubs(:listen) - @mock_http_server.stubs(:unlisten) - @server.stubs(:http_server).returns(@mock_http_server) - @server.listen - end - - it "should indicate that it is listening" do - @server.should be_listening - end - - it "should not allow listening to be turned on" do - Proc.new { @server.listen }.should raise_error(RuntimeError) - end - - it "should allow listening to be turned off" do - Proc.new { @server.unlisten }.should_not raise_error - end -end - -describe Puppet::Network::Server, "when listening is being turned on" do - before do - @mock_http_server_class = mock('http server class') - Puppet::Network::HTTP.stubs(:server_class_by_type).returns(@mock_http_server_class) - Puppet.stubs(:[]).with(:servertype).returns(:suparserver) - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337, :handlers => [:node]) - @mock_http_server = mock('http server') - @mock_http_server.stubs(:listen) - end + describe "when managing xmlrpc registrations" do + before do + Puppet::Network::Handler.stubs(:handler).returns mock('xmlrpc_handler') + end - it "should fetch an instance of an HTTP server" do - @server.stubs(:http_server_class).returns(@mock_http_server_class) - @mock_http_server_class.expects(:new).returns(@mock_http_server) - @server.listen - end + it "should allow registering an xmlrpc handler by specifying its namespace" do + lambda { @server.register_xmlrpc(:foo) }.should_not raise_error + end - it "should cause the HTTP server to listen" do - @server.stubs(:http_server).returns(@mock_http_server) - @mock_http_server.expects(:listen) - @server.listen - end - - it "should pass the listening address to the HTTP server" do - @server.stubs(:http_server).returns(@mock_http_server) - @mock_http_server.expects(:listen).with do |args| - args[:address] == '127.0.0.1' - end - @server.listen - end - - it "should pass the listening port to the HTTP server" do - @server.stubs(:http_server).returns(@mock_http_server) - @mock_http_server.expects(:listen).with do |args| - args[:port] == 31337 - end - @server.listen - end - - it "should pass a list of handlers to the HTTP server" do - @server.stubs(:http_server).returns(@mock_http_server) - @mock_http_server.expects(:listen).with do |args| - args[:handlers] == [ :node ] - end - @server.listen + it "should require that the xmlrpc namespace be valid" do + Puppet::Network::Handler.stubs(:handler).returns nil + + lambda { @server.register_xmlrpc(:foo) }.should raise_error(ArgumentError) + end + + it "should require at least one namespace" do + lambda { @server.register_xmlrpc() }.should raise_error(ArgumentError) + end + + it "should allow multiple namespaces to be registered at once" do + lambda { @server.register_xmlrpc(:foo, :bar) }.should_not raise_error + end + + it "should allow the use of namespaces to specify which are no longer accessible to clients" do + @server.register_xmlrpc(:foo, :bar) + end + + it "should leave other namespaces accessible to clients when turning off xmlrpc namespaces" do + @server.register_xmlrpc(:foo, :bar) + @server.unregister_xmlrpc(:foo) + lambda { @server.unregister_xmlrpc(:bar)}.should_not raise_error + end + + it "should allow specifying numerous namespaces which are to be no longer accessible to clients" do + @server.register_xmlrpc(:foo, :bar) + lambda { @server.unregister_xmlrpc(:foo, :bar) }.should_not raise_error + end + + it "should not turn off any indirections if given unknown namespaces to turn off" do + @server.register_xmlrpc(:foo, :bar) + lambda { @server.unregister_xmlrpc(:foo, :bar, :baz) }.should raise_error(ArgumentError) + lambda { @server.unregister_xmlrpc(:foo, :bar) }.should_not raise_error + end + + it "should not allow turning off unknown namespaces" do + @server.register_xmlrpc(:foo, :bar) + lambda { @server.unregister_xmlrpc(:baz) }.should raise_error(ArgumentError) + end + + it "should disable client access immediately when turning off namespaces" do + @server.register_xmlrpc(:foo, :bar) + @server.unregister_xmlrpc(:foo) + lambda { @server.unregister_xmlrpc(:foo) }.should raise_error(ArgumentError) + end + + it "should allow turning off all namespaces at once" do + @server.register_xmlrpc(:foo, :bar) + @server.unregister_xmlrpc + [ :foo, :bar, :baz].each do |indirection| + lambda { @server.unregister_xmlrpc(indirection) }.should raise_error(ArgumentError) + end + end end - - it "should pass a list of protocols to the HTTP server" do - @server.stubs(:http_server).returns(@mock_http_server) - @mock_http_server.expects(:listen).with do |args| - args[:protocols] == [ :rest ] - end - @server.listen + + describe "when listening is off" do + before do + @mock_http_server = mock('http server') + @mock_http_server.stubs(:listen) + @server.stubs(:http_server).returns(@mock_http_server) + end + + it "should indicate that it is not listening" do + @server.should_not be_listening + end + + it "should not allow listening to be turned off" do + lambda { @server.unlisten }.should raise_error(RuntimeError) + end + + it "should allow listening to be turned on" do + lambda { @server.listen }.should_not raise_error + end + end -end -describe Puppet::Network::Server, "when listening is being turned off" do - before do - @mock_http_server_class = mock('http server class') - Puppet::Network::HTTP.stubs(:server_class_by_type).returns(@mock_http_server_class) - Puppet.stubs(:[]).with(:servertype).returns(:suparserver) - @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337) - @mock_http_server = mock('http server') - @mock_http_server.stubs(:listen) - @server.stubs(:http_server).returns(@mock_http_server) - @server.listen + describe "when listening is on" do + before do + @mock_http_server = mock('http server') + @mock_http_server.stubs(:listen) + @mock_http_server.stubs(:unlisten) + @server.stubs(:http_server).returns(@mock_http_server) + @server.listen + end + + it "should indicate that it is listening" do + @server.should be_listening + end + + it "should not allow listening to be turned on" do + lambda { @server.listen }.should raise_error(RuntimeError) + end + + it "should allow listening to be turned off" do + lambda { @server.unlisten }.should_not raise_error + end end - it "should cause the HTTP server to stop listening" do - @mock_http_server.expects(:unlisten) - @server.unlisten + describe "when listening is being turned on" do + before do + Puppet::Indirector::Indirection.stubs(:model).returns mock('indirection') + Puppet::Network::Handler.stubs(:handler).returns mock('xmlrpc_handler') + + @server = Puppet::Network::Server.new(:address => "127.0.0.1", :port => 31337, :handlers => [:node], :xmlrpc_handlers => [:master]) + @mock_http_server = mock('http server') + @mock_http_server.stubs(:listen) + end + + it "should fetch an instance of an HTTP server" do + @server.stubs(:http_server_class).returns(@mock_http_server_class) + @mock_http_server_class.expects(:new).returns(@mock_http_server) + @server.listen + end + + it "should cause the HTTP server to listen" do + @server.stubs(:http_server).returns(@mock_http_server) + @mock_http_server.expects(:listen) + @server.listen + end + + it "should pass the listening address to the HTTP server" do + @server.stubs(:http_server).returns(@mock_http_server) + @mock_http_server.expects(:listen).with do |args| + args[:address] == '127.0.0.1' + end + @server.listen + end + + it "should pass the listening port to the HTTP server" do + @server.stubs(:http_server).returns(@mock_http_server) + @mock_http_server.expects(:listen).with do |args| + args[:port] == 31337 + end + @server.listen + end + + it "should pass a list of REST handlers to the HTTP server" do + @server.stubs(:http_server).returns(@mock_http_server) + @mock_http_server.expects(:listen).with do |args| + args[:handlers] == [ :node ] + end + @server.listen + end + + it "should pass a list of XMLRPC handlers to the HTTP server" do + @server.stubs(:http_server).returns(@mock_http_server) + @mock_http_server.expects(:listen).with do |args| + args[:xmlrpc_handlers] == [ :master ] + end + @server.listen + end + + it "should pass a list of protocols to the HTTP server" do + @server.stubs(:http_server).returns(@mock_http_server) + @mock_http_server.expects(:listen).with do |args| + args[:protocols] == [ :rest, :xmlrpc ] + end + @server.listen + end end - it "should not allow for indirections to be turned off" do - @server.register(:foo) - Proc.new { @server.unregister(:foo) }.should raise_error(RuntimeError) + describe "when listening is being turned off" do + before do + @mock_http_server = mock('http server') + @mock_http_server.stubs(:listen) + @server.stubs(:http_server).returns(@mock_http_server) + @server.listen + end + + it "should cause the HTTP server to stop listening" do + @mock_http_server.expects(:unlisten) + @server.unlisten + end + + it "should not allow for indirections to be turned off" do + Puppet::Indirector::Indirection.stubs(:model).returns mock('indirection') + + @server.register(:foo) + lambda { @server.unregister(:foo) }.should raise_error(RuntimeError) + end end -end - -describe Class.new, "put these somewhere" do - it "should have the ability to use a class-level from_ hook (from_yaml, from_text, etc.) that can be called, based on content-type header, to allow for different deserializations of an object" - it "should allow from_* on the inbound :data packet (look at its content_type) when doing a PUT/.new.save" - it "should prepend a rest version number on the path (w00t)" - it "should ... on server side, .save should from_yaml, then foo.save(args) instead of just Foo.new.save(args)" + + describe Class.new, "put these somewhere" do + it "should have the ability to use a class-level from_ hook (from_yaml, from_text, etc.) that can be called, based on content-type header, to allow for different deserializations of an object" + it "should allow from_* on the inbound :data packet (look at its content_type) when doing a PUT/.new.save" + it "should prepend a rest version number on the path (w00t)" + it "should ... on server side, .save should from_yaml, then foo.save(args) instead of just Foo.new.save(args)" + end end spec/unit/network/server.rb @@ -148,7 +148,7 @@ describe Puppet::Node, " when indirecting" do end after do - Puppet::Indirector::Indirection.clear_cache + Puppet::Util::Cacher.invalidate end end spec/unit/node.rb @@ -578,6 +578,7 @@ describe Puppet::Node::Catalog do # super() doesn't work in the setup method for some reason before do @catalog.host_config = true + Puppet::Util::Storage.stubs(:store) end it "should send a report if reporting is enabled" do @@ -796,7 +797,7 @@ describe Puppet::Node::Catalog, " when indirecting" do before do @indirection = stub 'indirection', :name => :catalog - Puppet::Indirector::Indirection.clear_cache + Puppet::Util::Cacher.invalidate end it "should redirect to the indirection for retrieval" do @@ -810,8 +811,7 @@ describe Puppet::Node::Catalog, " when indirecting" do end after do - mocha_verify - Puppet::Indirector::Indirection.clear_cache + Puppet::Util::Cacher.invalidate end end spec/unit/node/catalog.rb @@ -10,7 +10,8 @@ describe Puppet::Node::Facts, " when indirecting" do # We have to clear the cache so that the facts ask for our indirection stub, # instead of anything that might be cached. - Puppet::Indirector::Indirection.clear_cache + Puppet::Util::Cacher.invalidate + @facts = Puppet::Node::Facts.new("me", "one" => "two") end @@ -29,11 +30,6 @@ describe Puppet::Node::Facts, " when indirecting" do it "should default to the 'facter' terminus" do Puppet::Node::Facts.indirection.terminus_class.should == :facter end - - after do - mocha_verify - Puppet::Indirector::Indirection.clear_cache - end end describe Puppet::Node::Facts, " when storing and retrieving" do spec/unit/node/facts.rb @@ -6,6 +6,14 @@ require 'puppet/rails' describe Puppet::Rails, "when initializing any connection" do confine Puppet.features.rails? => "Cannot test without ActiveRecord" + before do + @logger = stub 'logger', :level= => nil + @logger.stub_everything + Logger.stubs(:new).returns(@logger) + + ActiveRecord::Base.stubs(:logger).returns(@logger) + end + it "should use settings" do Puppet.settings.expects(:use).with(:main, :rails, :puppetmasterd) spec/unit/rails.rb @@ -4,41 +4,76 @@ require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/ssl/certificate_authority' -describe "a normal interface method", :shared => true do - it "should call the method on the CA for each host specified if an array was provided" do - @ca.expects(@method).with("host1") - @ca.expects(@method).with("host2") - - @applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, %w{host1 host2}) +describe Puppet::SSL::CertificateAuthority do + after do + # Clear out the var, yay unit tests. + Puppet::SSL::CertificateAuthority.instance_variable_set("@instance", nil) + Puppet.settings.clearused + end - @applier.apply(@ca) + it "should have a class method for returning a singleton instance" do + Puppet::SSL::CertificateAuthority.should respond_to(:instance) end - it "should call the method on the CA for all existing certificates if :all was provided" do - @ca.expects(:list).returns %w{host1 host2} + describe "when finding an existing instance" do + describe "and the host is a CA host and the proces name is 'puppetmasterd'" do + before do + Puppet.settings.stubs(:value).with(:ca).returns true + Puppet.settings.stubs(:value).with(:name).returns "puppetmasterd" + + @ca = mock('ca') + Puppet::SSL::CertificateAuthority.stubs(:new).returns @ca + end + + after do + # Clear out the var, yay unit tests. + Puppet::SSL::CertificateAuthority.instance_variable_set("@instance", nil) + end - @ca.expects(@method).with("host1") - @ca.expects(@method).with("host2") + it "should return an instance" do + Puppet::SSL::CertificateAuthority.instance.should equal(@ca) + end - @applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, :all) + it "should always return the same instance" do + Puppet::SSL::CertificateAuthority.instance.should equal(Puppet::SSL::CertificateAuthority.instance) + end + end - @applier.apply(@ca) + describe "and the host is not a CA host" do + it "should return nil" do + Puppet.settings.stubs(:value).with(:ca).returns false + Puppet.settings.stubs(:value).with(:name).returns "puppetmasterd" + + ca = mock('ca') + Puppet::SSL::CertificateAuthority.expects(:new).never + Puppet::SSL::CertificateAuthority.instance.should be_nil + end + end + + describe "and the process name is not 'puppetmasterd'" do + it "should return nil" do + Puppet.settings.stubs(:value).with(:ca).returns true + Puppet.settings.stubs(:value).with(:name).returns "puppetd" + + ca = mock('ca') + Puppet::SSL::CertificateAuthority.expects(:new).never + Puppet::SSL::CertificateAuthority.instance.should be_nil + end + end end -end -describe Puppet::SSL::CertificateAuthority do describe "when initializing" do before do Puppet.settings.stubs(:use) - Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).returns "ca_testing" - Puppet::SSL::CertificateAuthority.any_instance.stubs(:generate_ca_certificate) + Puppet::SSL::CertificateAuthority.any_instance.stubs(:setup) end it "should always set its name to the value of :certname" do - Puppet.settings.expects(:value).with(:certname).returns "whatever" + Puppet.settings.expects(:value).with(:certname).returns "ca_testing" - Puppet::SSL::CertificateAuthority.new.name.should == "whatever" + Puppet::SSL::CertificateAuthority.new.name.should == "ca_testing" end it "should create an SSL::Host instance whose name is the 'ca_name'" do @@ -60,72 +95,73 @@ describe Puppet::SSL::CertificateAuthority do Puppet::SSL::CertificateAuthority.new.inventory.should == "inventory" end - end - describe "when retrieving the certificate revocation list" do - before do - Puppet.settings.stubs(:use) - Puppet.settings.stubs(:value).returns "whatever" + it "should make sure the CA is set up" do + Puppet::SSL::CertificateAuthority.any_instance.expects(:setup) - Puppet::SSL::CertificateAuthority.any_instance.stubs(:generate_ca_certificate) - @ca = Puppet::SSL::CertificateAuthority.new + Puppet::SSL::CertificateAuthority.new end + end - describe "and the CRL is disabled" do - it "should return nil when the :cacrl is false" do - Puppet.settings.stubs(:value).with(:cacrl).returns false - - Puppet::SSL::CertificateRevocationList.expects(:new).never - - @ca.crl.should be_nil - end + describe "when setting itself up" do + it "should generate the CA certificate if it does not have one" do + Puppet.settings.stubs :use - it "should return nil when the :cacrl is 'false'" do - Puppet.settings.stubs(:value).with(:cacrl).returns 'false' + host = stub 'host' + Puppet::SSL::Host.stubs(:new).returns host - Puppet::SSL::CertificateRevocationList.expects(:new).never + host.expects(:certificate).returns nil - @ca.crl.should be_nil - end + Puppet::SSL::CertificateAuthority.any_instance.expects(:generate_ca_certificate) + Puppet::SSL::CertificateAuthority.new end + end - describe "and the CRL is enabled" do - before do - Puppet.settings.stubs(:value).with(:cacrl).returns "/my/crl" + describe "when retrieving the certificate revocation list" do + before do + Puppet.settings.stubs(:use) + Puppet.settings.stubs(:value).returns "ca_testing" + Puppet.settings.stubs(:value).with(:cacrl).returns "/my/crl" - cert = stub("certificate", :content => "real_cert") - @host = stub 'host', :certificate => cert, :name => "hostname" + cert = stub("certificate", :content => "real_cert") + key = stub("key", :content => "real_key") + @host = stub 'host', :certificate => cert, :name => "hostname", :key => key - @ca.stubs(:host).returns @host - end + Puppet::SSL::CertificateAuthority.any_instance.stubs(:setup) + @ca = Puppet::SSL::CertificateAuthority.new - it "should return any found CRL instance" do - crl = mock 'crl' - Puppet::SSL::CertificateRevocationList.expects(:find).returns crl - @ca.crl.should equal(crl) - end + @ca.stubs(:host).returns @host + end - it "should create and generate a new CRL instance of no CRL can be found" do - crl = mock 'crl' - Puppet::SSL::CertificateRevocationList.expects(:find).returns nil + it "should return any found CRL instance" do + crl = mock 'crl' + Puppet::SSL::CertificateRevocationList.expects(:find).returns crl + @ca.crl.should equal(crl) + end - Puppet::SSL::CertificateRevocationList.expects(:new).returns crl + it "should create, generate, and save a new CRL instance of no CRL can be found" do + crl = mock 'crl' + Puppet::SSL::CertificateRevocationList.expects(:find).returns nil - crl.expects(:generate).with(@ca.host.certificate.content) + Puppet::SSL::CertificateRevocationList.expects(:new).returns crl - @ca.crl.should equal(crl) - end + crl.expects(:generate).with(@ca.host.certificate.content, @ca.host.key.content) + crl.expects(:save) + + @ca.crl.should equal(crl) end end describe "when generating a self-signed CA certificate" do before do Puppet.settings.stubs(:use) - Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).returns "ca_testing" + Puppet::SSL::CertificateAuthority.any_instance.stubs(:setup) + Puppet::SSL::CertificateAuthority.any_instance.stubs(:crl) @ca = Puppet::SSL::CertificateAuthority.new - @host = stub 'host', :key => mock("key"), :name => "hostname" + @host = stub 'host', :key => mock("key"), :name => "hostname", :certificate => mock('certificate') Puppet::SSL::CertificateRequest.any_instance.stubs(:generate) @@ -168,6 +204,18 @@ describe Puppet::SSL::CertificateAuthority do @ca.generate_ca_certificate end + + it "should generate its CRL" do + @ca.stubs :generate_password + @ca.stubs :sign + + @ca.host.expects(:key).returns nil + @ca.host.expects(:generate_key) + + @ca.expects(:crl) + + @ca.generate_ca_certificate + end end describe "when signing" do @@ -222,7 +270,7 @@ describe Puppet::SSL::CertificateAuthority do end it "should return the current content of the serial file" do - FileTest.expects(:exist?).with(@path).returns true + FileTest.stubs(:exist?).with(@path).returns true File.expects(:read).with(@path).returns "0002" @ca.next_serial.should == 2 @@ -297,15 +345,6 @@ describe Puppet::SSL::CertificateAuthority do @cert.stubs :save end - it "should generate a self-signed certificate if its Host instance has no certificate" do - cert = stub 'ca_certificate', :content => "mock_cert" - - @ca.host.expects(:certificate).times(2).returns(nil).then.returns cert - @ca.expects(:generate_ca_certificate) - - @ca.sign(@name) - end - it "should use a certificate type of :server" do Puppet::SSL::CertificateFactory.expects(:new).with do |*args| args[0] == :server @@ -375,18 +414,98 @@ describe Puppet::SSL::CertificateAuthority do end it "should return the certificate instance" do + @ca.stubs(:next_serial).returns @serial Puppet::SSL::CertificateRequest.stubs(:find).with(@name).returns @request @cert.stubs :save @ca.sign(@name).should equal(@cert) end it "should add the certificate to its inventory" do + @ca.stubs(:next_serial).returns @serial @inventory.expects(:add).with(@cert) Puppet::SSL::CertificateRequest.stubs(:find).with(@name).returns @request @cert.stubs :save @ca.sign(@name) end + + it "should have a method for triggering autosigning of available CSRs" do + @ca.should respond_to(:autosign) + end + + describe "when autosigning certificates" do + it "should do nothing if autosign is disabled" do + Puppet.settings.expects(:value).with(:autosign).returns 'false' + + Puppet::SSL::CertificateRequest.expects(:search).never + @ca.autosign + end + + it "should do nothing if no autosign.conf exists" do + Puppet.settings.expects(:value).with(:autosign).returns '/auto/sign' + FileTest.expects(:exist?).with("/auto/sign").returns false + + Puppet::SSL::CertificateRequest.expects(:search).never + @ca.autosign + end + + describe "and autosign is enabled and the autosign.conf file exists" do + before do + Puppet.settings.stubs(:value).with(:autosign).returns '/auto/sign' + FileTest.stubs(:exist?).with("/auto/sign").returns true + File.stubs(:readlines).with("/auto/sign").returns ["one\n", "two\n"] + + Puppet::SSL::CertificateRequest.stubs(:search).returns [] + + @store = stub 'store', :allow => nil + Puppet::Network::AuthStore.stubs(:new).returns @store + end + + describe "when creating the AuthStore instance to verify autosigning" do + it "should create an AuthStore with each line in the configuration file allowed to be autosigned" do + Puppet::Network::AuthStore.expects(:new).returns @store + + @store.expects(:allow).with("one") + @store.expects(:allow).with("two") + + @ca.autosign + end + + it "should reparse the autosign configuration on each call" do + Puppet::Network::AuthStore.expects(:new).times(2).returns @store + + @ca.autosign + @ca.autosign + end + + it "should ignore comments" do + File.stubs(:readlines).with("/auto/sign").returns ["one\n", "#two\n"] + + @store.expects(:allow).with("one") + @ca.autosign + end + + it "should ignore blank lines" do + File.stubs(:readlines).with("/auto/sign").returns ["one\n", "\n"] + + @store.expects(:allow).with("one") + @ca.autosign + end + end + + it "should sign all CSRs whose hostname matches the autosign configuration" do + csr1 = mock 'csr1' + csr2 = mock 'csr2' + Puppet::SSL::CertificateRequest.stubs(:search).returns [csr1, csr2] + end + + it "should not sign CSRs whose hostname does not match the autosign configuration" do + csr1 = mock 'csr1' + csr2 = mock 'csr2' + Puppet::SSL::CertificateRequest.stubs(:search).returns [csr1, csr2] + end + end + end end describe "when managing certificate clients" do @@ -398,7 +517,9 @@ describe Puppet::SSL::CertificateAuthority do # Set up the CA @key = mock 'key' @key.stubs(:content).returns "cakey" - Puppet::SSL::CertificateAuthority.any_instance.stubs(:key).returns @key + @host = stub 'host', :key => @key + Puppet::SSL::CertificateAuthority.any_instance.stubs(:host).returns @host + @cacert = mock 'certificate' @cacert.stubs(:content).returns "cacertificate" @ca = Puppet::SSL::CertificateAuthority.new @@ -422,7 +543,7 @@ describe Puppet::SSL::CertificateAuthority do applier = stub('applier') applier.expects(:apply).with(@ca) Puppet::SSL::CertificateAuthority::Interface.expects(:new).returns applier - @ca.apply(:generate, :to => :whatever) + @ca.apply(:generate, :to => :ca_testing) end end @@ -533,12 +654,19 @@ describe Puppet::SSL::CertificateAuthority do before do @crl = mock 'crl' @ca.stubs(:crl).returns @crl + + @ca.stubs(:next_serial).returns 10 + + @real_cert = stub 'real_cert', :serial => 15 + @cert = stub 'cert', :content => @real_cert + Puppet::SSL::Certificate.stubs(:find).returns @cert + end it "should fail if the certificate revocation list is disabled" do @ca.stubs(:crl).returns false - lambda { @ca.revoke('whatever') }.should raise_error(ArgumentError) + lambda { @ca.revoke('ca_testing') }.should raise_error(ArgumentError) end @@ -549,12 +677,10 @@ describe Puppet::SSL::CertificateAuthority do end it "should get the serial number from the local certificate if it exists" do - real_cert = stub 'real_cert', :serial => 15 - cert = stub 'cert', :content => real_cert - Puppet::SSL::Certificate.expects(:find).with("host").returns cert - @ca.crl.expects(:revoke).with { |serial, key| serial == 15 } + Puppet::SSL::Certificate.expects(:find).with("host").returns @cert + @ca.revoke('host') end @@ -609,241 +735,3 @@ describe Puppet::SSL::CertificateAuthority do end end end - -describe Puppet::SSL::CertificateAuthority::Interface do - before do - @class = Puppet::SSL::CertificateAuthority::Interface - end - describe "when initializing" do - it "should set its method using its settor" do - @class.any_instance.expects(:method=).with(:generate) - @class.new(:generate, :all) - end - - it "should set its subjects using the settor" do - @class.any_instance.expects(:subjects=).with(:all) - @class.new(:generate, :all) - end - end - - describe "when setting the method" do - it "should set the method" do - @class.new(:generate, :all).method.should == :generate - end - - it "should fail if the method isn't a member of the INTERFACE_METHODS array" do - Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.expects(:include?).with(:thing).returns false - - lambda { @class.new(:thing, :all) }.should raise_error(ArgumentError) - end - end - - describe "when setting the subjects" do - it "should set the subjects" do - @class.new(:generate, :all).subjects.should == :all - end - - it "should fail if the subjects setting isn't :all or an array" do - lambda { @class.new(:generate, "other") }.should raise_error(ArgumentError) - end - end - - it "should have a method for triggering the application" do - @class.new(:generate, :all).should respond_to(:apply) - end - - describe "when applying" do - before do - # We use a real object here, because :verify can't be stubbed, apparently. - @ca = Object.new - end - - it "should raise InterfaceErrors" do - @applier = @class.new(:revoke, :all) - - @ca.expects(:list).raises Puppet::SSL::CertificateAuthority::Interface::InterfaceError - - lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError) - end - - it "should log non-Interface failures rather than failing" do - @applier = @class.new(:revoke, :all) - - @ca.expects(:list).raises ArgumentError - - Puppet.expects(:err) - - lambda { @applier.apply(@ca) }.should_not raise_error - end - - describe "with an empty array specified and the method is not list" do - it "should fail" do - @applier = @class.new(:sign, []) - lambda { @applier.apply(@ca) }.should raise_error(ArgumentError) - end - end - - describe ":generate" do - it "should fail if :all was specified" do - @applier = @class.new(:generate, :all) - lambda { @applier.apply(@ca) }.should raise_error(ArgumentError) - end - - it "should call :generate on the CA for each host specified" do - @applier = @class.new(:generate, %w{host1 host2}) - - @ca.expects(:generate).with("host1") - @ca.expects(:generate).with("host2") - - @applier.apply(@ca) - end - end - - describe ":verify" do - before { @method = :verify } - #it_should_behave_like "a normal interface method" - - it "should call the method on the CA for each host specified if an array was provided" do - # LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life. - end - - it "should call the method on the CA for all existing certificates if :all was provided" do - # LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life. - end - end - - describe ":destroy" do - before { @method = :destroy } - it_should_behave_like "a normal interface method" - end - - describe ":revoke" do - before { @method = :revoke } - it_should_behave_like "a normal interface method" - end - - describe ":sign" do - describe "and an array of names was provided" do - before do - @applier = @class.new(:sign, %w{host1 host2}) - end - - it "should sign the specified waiting certificate requests" do - @ca.expects(:sign).with("host1") - @ca.expects(:sign).with("host2") - - @applier.apply(@ca) - end - end - - describe "and :all was provided" do - it "should sign all waiting certificate requests" do - @ca.stubs(:waiting?).returns(%w{cert1 cert2}) - - @ca.expects(:sign).with("cert1") - @ca.expects(:sign).with("cert2") - - @applier = @class.new(:sign, :all) - @applier.apply(@ca) - end - - it "should fail if there are no waiting certificate requests" do - @ca.stubs(:waiting?).returns([]) - - @applier = @class.new(:sign, :all) - lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError) - end - end - end - - describe ":list" do - describe "and an empty array was provided" do - it "should print a string containing all certificate requests" do - @ca.expects(:waiting?).returns %w{host1 host2} - - @applier = @class.new(:list, []) - - @applier.expects(:puts).with "host1\nhost2" - - @applier.apply(@ca) - end - end - - describe "and :all was provided" do - it "should print a string containing all certificate requests and certificates" do - @ca.expects(:waiting?).returns %w{host1 host2} - @ca.expects(:list).returns %w{host3 host4} - - @applier = @class.new(:list, :all) - - @applier.expects(:puts).with "host1" - @applier.expects(:puts).with "host2" - @applier.expects(:puts).with "+ host3" - @applier.expects(:puts).with "+ host4" - - @applier.apply(@ca) - end - end - - describe "and an array of names was provided" do - it "should print a string of all named hosts that have a waiting request" do - @ca.expects(:waiting?).returns %w{host1 host2} - @ca.expects(:list).returns %w{host3 host4} - - @applier = @class.new(:list, %w{host1 host2 host3 host4}) - - @applier.expects(:puts).with "host1" - @applier.expects(:puts).with "host2" - @applier.expects(:puts).with "+ host3" - @applier.expects(:puts).with "+ host4" - - @applier.apply(@ca) - end - end - end - - describe ":print" do - describe "and :all was provided" do - it "should print all certificates" do - @ca.expects(:list).returns %w{host1 host2} - - @applier = @class.new(:print, :all) - - @ca.expects(:print).with("host1").returns "h1" - @applier.expects(:puts).with "h1" - - @ca.expects(:print).with("host2").returns "h2" - @applier.expects(:puts).with "h2" - - @applier.apply(@ca) - end - end - - describe "and an array of names was provided" do - it "should print each named certificate if found" do - @applier = @class.new(:print, %w{host1 host2}) - - @ca.expects(:print).with("host1").returns "h1" - @applier.expects(:puts).with "h1" - - @ca.expects(:print).with("host2").returns "h2" - @applier.expects(:puts).with "h2" - - @applier.apply(@ca) - end - - it "should log any named but not found certificates" do - @applier = @class.new(:print, %w{host1 host2}) - - @ca.expects(:print).with("host1").returns "h1" - @applier.expects(:puts).with "h1" - - @ca.expects(:print).with("host2").returns nil - Puppet.expects(:err).with { |msg| msg.include?("host2") } - - @applier.apply(@ca) - end - end - end - end -end spec/unit/ssl/certificate_authority.rb @@ -139,4 +139,29 @@ describe Puppet::SSL::CertificateRequest do @instance.content.should equal(@request) end end + + describe "when a CSR is saved" do + describe "and a CA is available" do + it "should save the CSR and trigger autosigning" do + ca = mock 'ca', :autosign + Puppet::SSL::CertificateAuthority.expects(:instance).returns ca + + csr = Puppet::SSL::CertificateRequest.new("me") + Puppet::SSL::CertificateRequest.indirection.expects(:save).with(csr) + + csr.save + end + end + + describe "and a CA is not available" do + it "should save the CSR" do + Puppet::SSL::CertificateAuthority.expects(:instance).returns nil + + csr = Puppet::SSL::CertificateRequest.new("me") + Puppet::SSL::CertificateRequest.indirection.expects(:save).with(csr) + + csr.save + end + end + end end spec/unit/ssl/certificate_request.rb @@ -7,6 +7,7 @@ require 'puppet/ssl/certificate_revocation_list' describe Puppet::SSL::CertificateRevocationList do before do @cert = stub 'cert', :subject => "mysubject" + @key = stub 'key', :private? => true @class = Puppet::SSL::CertificateRevocationList end @@ -58,28 +59,50 @@ describe Puppet::SSL::CertificateRevocationList do it "should set its issuer to the subject of the passed certificate" do @real_crl.expects(:issuer=).with(@cert.subject) - @crl.generate(@cert) + @crl.generate(@cert, @key) end it "should set its version to 1" do @real_crl.expects(:version=).with(1) - @crl.generate(@cert) + @crl.generate(@cert, @key) end it "should create an instance of OpenSSL::X509::CRL" do OpenSSL::X509::CRL.expects(:new).returns(@real_crl) - @crl.generate(@cert) + @crl.generate(@cert, @key) + end + + # The next three tests aren't good, but at least they + # specify the behaviour. + it "should add an extension for the CRL number" do + @real_crl.expects(:extensions=) + @crl.generate(@cert, @key) + end + + it "should set the last update time" do + @real_crl.expects(:last_update=) + @crl.generate(@cert, @key) + end + + it "should set the next update time" do + @real_crl.expects(:next_update=) + @crl.generate(@cert, @key) + end + + it "should sign the CRL" do + @real_crl.expects(:sign).with { |key, digest| key == @key } + @crl.generate(@cert, @key) end it "should set the content to the generated crl" do - @crl.generate(@cert) + @crl.generate(@cert, @key) @crl.content.should equal(@real_crl) end it "should return the generated crl" do - @crl.generate(@cert).should equal(@real_crl) + @crl.generate(@cert, @key).should equal(@real_crl) end end @@ -88,9 +111,10 @@ describe Puppet::SSL::CertificateRevocationList do describe "when revoking a certificate" do before do @class.wrapped_class.any_instance.stubs(:issuer=) + @class.wrapped_class.any_instance.stubs(:sign) @crl = @class.new("crl") - @crl.generate(@cert) + @crl.generate(@cert, @key) @crl.content.stubs(:sign) @crl.stubs :save spec/unit/ssl/certificate_revocation_list.rb @@ -155,6 +155,19 @@ describe Puppet::SSL::Host do end end + describe "when initializing" do + it "should default its name to the :certname setting" do + Puppet.settings.expects(:value).with(:certname).returns "myname" + + Puppet::SSL::Host.new.name.should == "myname" + end + + it "should indicate that it is a CA host if its name matches the ca_name constant" do + Puppet::SSL::Host.stubs(:ca_name).returns "myca" + Puppet::SSL::Host.new("myca").should be_ca + end + end + describe "when managing its private key" do before do @realkey = "mykey" @@ -314,4 +327,105 @@ describe Puppet::SSL::Host do end end end + + it "should have a method for generating all necessary files" do + Puppet::SSL::Host.new("me").should respond_to(:generate) + end + + describe "when generating files" do + before do + @host = Puppet::SSL::Host.new("me") + @host.stubs(:generate_key) + @host.stubs(:generate_certificate_request) + end + + it "should generate a key if one is not present" do + @host.expects(:key).returns nil + @host.expects(:generate_key) + + @host.generate + end + + it "should generate a certificate request if one is not present" do + @host.expects(:certificate_request).returns nil + @host.expects(:generate_certificate_request) + + @host.generate + end + + describe "and it can create a certificate authority" do + before do + @ca = mock 'ca' + Puppet::SSL::CertificateAuthority.stubs(:instance).returns @ca + end + + it "should use the CA to sign its certificate request if it does not have a certificate" do + @host.expects(:certificate).returns nil + + @ca.expects(:sign).with(@host.name) + + @host.generate + end + end + + describe "and it cannot create a certificate authority" do + before do + Puppet::SSL::CertificateAuthority.stubs(:instance).returns nil + end + + it "should seek its certificate" do + @host.expects(:certificate) + + @host.generate + end + end + end + + it "should have a method for creating an SSL store" do + Puppet::SSL::Host.new("me").should respond_to(:ssl_store) + end + + describe "when creating an SSL store" do + before do + @host = Puppet::SSL::Host.new("me") + @store = mock 'store' + @store.stub_everything + OpenSSL::X509::Store.stubs(:new).returns @store + + Puppet.settings.stubs(:value).returns "ssl_host_testing" + end + + it "should accept a purpose" do + @store.expects(:purpose=).with "my special purpose" + @host.ssl_store("my special purpose") + end + + it "should default to OpenSSL::X509::PURPOSE_ANY as the purpose" do + @store.expects(:purpose=).with OpenSSL::X509::PURPOSE_ANY + @host.ssl_store + end + + it "should add the local CA cert file" do + Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file" + @store.expects(:add_file).with "/ca/cert/file" + @host.ssl_store + end + + describe "and a CRL is available" do + before do + @crl = stub 'crl', :content => "real_crl" + Puppet::SSL::CertificateRevocationList.stubs(:find).returns @crl + end + + it "should add the CRL" do + @store.expects(:add_crl).with "real_crl" + @host.ssl_store + end + + it "should set the flags to OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK" do + @store.expects(:flags=).with OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK + @host.ssl_store + end + end + end end spec/unit/ssl/host.rb @@ -35,6 +35,6 @@ describe Puppet::Transaction::Report, " when being indirect" do end after do - Puppet::Indirector::Indirection.clear_cache + Puppet::Util::Cacher.invalidate end end spec/unit/transaction/report.rb @@ -93,6 +93,11 @@ describe Puppet::Util::Settings, " when setting values" do @settings[:myval].should == "yay" end + it "should clear the list of used sections" do + @settings.expects(:clearused) + @settings[:myval] = "yay" + end + it "should call passed blocks when values are set" do values = [] @settings.setdefaults(:section, :hooker => {:default => "yay", :desc => "boo", :hook => lambda { |v| values << v }}) spec/unit/util/settings.rb @@ -58,7 +58,6 @@ module PuppetTest::ExeTest args += " --masterport %s" % @@port args += " --user %s" % Puppet::Util::SUIDManager.uid args += " --group %s" % Puppet::Util::SUIDManager.gid - args += " --nonodes" args += " --autosign true" #if Puppet[:debug] test/lib/puppettest/exetest.rb @@ -35,6 +35,7 @@ class TestClientCA < Test::Unit::TestCase Puppet.settings.stubs(:value).with(:http_proxy_host).returns(nil) Puppet.settings.stubs(:value).with(:http_proxy_port).returns(nil) Puppet.settings.stubs(:value).with(:http_keepalive).returns(false) + Puppet.settings.stubs(:value).with(:configtimeout).returns(180) # Just throw an error; the important thing is the values, not what happens next. Net::HTTP.stubs(:new).with("myca", 321, nil, nil).raises(ArgumentError) test/network/client/ca.rb @@ -67,7 +67,7 @@ class TestWebrickServer < Test::Unit::TestCase end # Test that a client whose cert has been revoked really can't connect - def test_certificate_revocation + def test_xcertificate_revocation Puppet[:autosign] = true serverpid, server = mk_status_server test/network/server/webrick.rb @@ -599,5 +599,33 @@ class TestCronParsedProvider < Test::Unit::TestCase result = target.read assert_equal("# Puppet Name: test\n* 4 * * * /bin/echo yay\n", result, "Did not write out environment setting") end + + # Testing #1216 + def test_strange_lines + @provider.stubs(:filetype).returns(Puppet::Util::FileType.filetype(:ram)) + text = " 5 \t\t 1,2 * 1 0 /bin/echo funtest" + + records = nil + assert_nothing_raised { + records = @provider.parse(text) + } + + should = { + :minute => %w{5}, + :hour => %w{1 2}, + :monthday => :absent, + :month => %w{1}, + :weekday => %w{0}, + :command => "/bin/echo funtest" + } + + is = records.shift + assert(is, "Did not get record") + + should.each do |p, v| + assert_equal(v, is[p], "did not parse %s correctly" % p) + end + end + end test/ral/providers/cron/crontab.rb @@ -37,12 +37,13 @@ class TestProvider < Test::Unit::TestCase cleanup { Puppet::Type.rmtype(:provider_test) } end - def test_confine - provider = newprovider + def test_confine_defaults_to_suitable - assert(provider.suitable?, - "Marked unsuitable with no confines") + provider = newprovider + assert(provider.suitable?, "Marked unsuitable with no confines") + end + def test_confine_results { {:true => true} => true, {:true => false} => false, @@ -54,6 +55,8 @@ class TestProvider < Test::Unit::TestCase {:exists => echo} => true, {:exists => "/this/file/does/not/exist"} => false, }.each do |hash, result| + provider = newprovider + # First test :true hash.each do |test, val| assert_nothing_raised do @@ -61,19 +64,25 @@ class TestProvider < Test::Unit::TestCase end end - assert_equal(result, provider.suitable?, - "Failed for %s" % [hash.inspect]) + assert_equal(result, provider.suitable?, "Failed for %s" % [hash.inspect]) provider.initvars end + end + + def test_multiple_confines_do_not_override + provider = newprovider # Make sure multiple confines don't overwrite each other provider.confine :true => false assert(! provider.suitable?) provider.confine :true => true assert(! provider.suitable?) + end - provider.initvars + def test_one_failed_confine_is_sufficient + + provider = newprovider # Make sure we test multiple of them, and that a single false wins provider.confine :true => true, :false => false @@ -82,6 +91,18 @@ class TestProvider < Test::Unit::TestCase assert(! provider.suitable?) end + # #1197 - the binary should not be + def test_command_checks_for_binaries_each_time + provider = newprovider + + provider.commands :testing => "/no/such/path" + + provider.stubs(:binary).returns "/no/such/path" + + provider.command(:testing) + assert_equal("/no/such/path", provider.command(:testing), "Did not return correct binary path") + end + def test_command {:echo => "echo", :echo_with_path => echo, :missing => "nosuchcommand", :missing_qualified => "/path/to/nosuchcommand"}.each do |name, command| provider = newprovider test/ral/providers/provider.rb @@ -525,107 +525,6 @@ class TestFileSources < Test::Unit::TestCase return file end - def test_NetworkSources - server = nil - mounts = { - "/" => "root" - } - - fileserverconf = mkfileserverconf(mounts) - - Puppet[:autosign] = true - - Puppet[:masterport] = 8762 - Puppet[:name] = "puppetmasterd" - Puppet[:certdnsnames] = "localhost" - - serverpid = nil - assert_nothing_raised() { - server = Puppet::Network::HTTPServer::WEBrick.new( - :Handlers => { - :CA => {}, # so that certs autogenerate - :FileServer => { - :Config => fileserverconf - } - } - ) - - } - serverpid = fork { - assert_nothing_raised() { - #trap(:INT) { server.shutdown; Kernel.exit! } - trap(:INT) { server.shutdown } - server.start - } - } - @@tmppids << serverpid - - sleep(1) - - fromdir, todir = run_complex_sources("root") - assert_trees_equal(fromdir,todir) - recursive_source_test(fromdir, todir) - assert_trees_equal(fromdir,todir) - - assert_nothing_raised { - system("kill -INT %s" % serverpid) - } - end - - def test_unmountedNetworkSources - server = nil - mounts = { - "/" => "root", - "/noexistokay" => "noexist" - } - - fileserverconf = mkfileserverconf(mounts) - - Puppet[:autosign] = true - Puppet[:masterport] = @port - Puppet[:certdnsnames] = "localhost" - - serverpid = nil - assert_nothing_raised("Could not start on port %s" % @port) { - server = Puppet::Network::HTTPServer::WEBrick.new( - :Port => @port, - :Handlers => { - :CA => {}, # so that certs autogenerate - :FileServer => { - :Config => fileserverconf - } - } - ) - - } - - serverpid = fork { - assert_nothing_raised() { - #trap(:INT) { server.shutdown; Kernel.exit! } - trap(:INT) { server.shutdown } - server.start - } - } - @@tmppids << serverpid - - sleep(1) - - name = File.join(tmpdir(), "nosourcefile") - file = Puppet.type(:file).create( - :source => "puppet://localhost/noexist/file", - :name => name - ) - - assert_nothing_raised { - file.retrieve - } - - comp = mk_catalog(file) - comp.apply - - assert(!FileTest.exists?(name), "File with no source exists anyway") - end - def test_alwayschecksum from = tempfile() to = tempfile() test/ral/type/filesources.rb lib/puppet/util/variables.rb spec/integration/ral/types/package.rb spec/unit/ral/provider/interface/redhat.rb spec/unit/ral/provider/interface/sunos.rb spec/unit/ral/provider/mount.rb spec/unit/ral/provider/mount/parsed.rb spec/unit/ral/type.rb spec/unit/ral/type/exec.rb spec/unit/ral/type/file.rb spec/unit/ral/type/interface.rb spec/unit/ral/type/mount.rb spec/unit/ral/type/nagios.rb spec/unit/ral/type/noop_metaparam.rb spec/unit/ral/type/package.rb spec/unit/ral/type/schedule.rb spec/unit/ral/type/service.rb spec/unit/ral/type/user.rb test/executables/puppetmasterd.rb 46785b34f3f662d660f2135a7c3256da059e5094 fe157f239a301abb52f81c62719355c8e50c970c Blake Barnett shadoi@dre.gs http://github.com/shadoi/puppet/commit/e3ffa70b9c2ca838ec4c9b62ecb60ba1848c2bfc e3ffa70b9c2ca838ec4c9b62ecb60ba1848c2bfc 2008-05-21T15:37:26-07:00 2008-05-21T15:37:26-07:00 Merge branch 'master' of git://reductivelabs.com/puppet 818ffff40fa204bc7931b915c4f69c88838d34f4 Blake Barnett shadoi@dre.gs