Skip to content

Loading…

1.0.0 #17

Merged
merged 9 commits into from

3 participants

@reidmv
Puppet Labs member

See commit messages. Basically, this wraps up two of the outstanding pull request and slaps a real version number on the thing.

ody and others added some commits
@ody ody Remove deprecation notice from Puppet 3.x.
  Before this commit the 3.x series of Puppet would throw a deprecation
  notice for the use of Puppet::Util.execute.  In order to remove this
  warning we will detect for the existence of the new replacement
  method, Puppet::Util::Execution.execute and if it exists we use it.
31e4bc2
@ody ody Fixes all failing unit tests.
  Previously several of the unit tests that were defined for this
  module were broken.  This was discovered while fixing Puppet 3.x
  deprecation warnings.  This patch fixes all tests and adjusts provider
  code where is was causing legitimate failues.
9f2ab43
@reidmv reidmv Merge remote-tracking branch 'ody/puppet_3_deprecation' b10a3d9
@reidmv reidmv Refine general keytool provider execution method 0b2c704
Jens Braeuer Use "-v" in keystore -list. Java 7 will output SHA1 fingerprints by d…
…efault, prior it was MD5. Otherwise certificate is re-imported on every Puppet run.
823833d
Jens Braeuer Explicitly set random file for OpenSSL. Fails otherwise. Grrrr.
Conflicts:

	lib/puppet/provider/java_ks/keytool.rb

Merged by: Reid Vandewiele <reid@puppetlabs.com>

Note: during the merge I took the liberty of modifying the means by which
RANDFILE was set for code execution, so as to avoid leaving the env
variable set in the Puppet process proper
8866ef3
@reidmv reidmv Merge branch 'randfile_openssl' 3e529fc
@reidmv reidmv Modify tests to fit renamed run_keytool_command 05cd118
@reidmv reidmv Update version to 1.0.0
Fixes #6
Fixes #15
310b89b
@haus haus merged commit e19446b into puppetlabs:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 24, 2013
  1. @ody

    Remove deprecation notice from Puppet 3.x.

    ody committed
      Before this commit the 3.x series of Puppet would throw a deprecation
      notice for the use of Puppet::Util.execute.  In order to remove this
      warning we will detect for the existence of the new replacement
      method, Puppet::Util::Execution.execute and if it exists we use it.
Commits on Jan 25, 2013
  1. @ody

    Fixes all failing unit tests.

    ody committed
      Previously several of the unit tests that were defined for this
      module were broken.  This was discovered while fixing Puppet 3.x
      deprecation warnings.  This patch fixes all tests and adjusts provider
      code where is was causing legitimate failues.
Commits on Feb 13, 2013
  1. @reidmv
  2. @reidmv
  3. @reidmv

    Use "-v" in keystore -list. Java 7 will output SHA1 fingerprints by d…

    Jens Braeuer committed with reidmv
    …efault, prior it was MD5. Otherwise certificate is re-imported on every Puppet run.
  4. @reidmv

    Explicitly set random file for OpenSSL. Fails otherwise. Grrrr.

    Jens Braeuer committed with reidmv
    Conflicts:
    
    	lib/puppet/provider/java_ks/keytool.rb
    
    Merged by: Reid Vandewiele <reid@puppetlabs.com>
    
    Note: during the merge I took the liberty of modifying the means by which
    RANDFILE was set for code execution, so as to avoid leaving the env
    variable set in the Puppet process proper
  5. @reidmv

    Merge branch 'randfile_openssl'

    reidmv committed
  6. @reidmv
  7. @reidmv

    Update version to 1.0.0

    reidmv committed
    Fixes #6
    Fixes #15
View
2 Modulefile
@@ -1,5 +1,5 @@
name 'puppetlabs-java_ks'
-version '0.0.6'
+version '1.0.0'
source 'https://github.com/puppetlabs/puppetlabs-java_ks.git'
author 'puppetlabs'
license 'ASL 2.0'
View
97 lib/puppet/provider/java_ks/keytool.rb
@@ -20,13 +20,21 @@ def to_pkcs12
tmpfile = Tempfile.new("#{@resource[:name]}.")
tmpfile.write(@resource[:password])
tmpfile.flush
- output = Puppet::Util.execute(
- cmd,
- :stdinfile => tmpfile.path,
- :failonfail => true,
- :combine => true
- )
+
+ # To maintain backwards compatibility with Puppet 2.7.x, resort to ugly
+ # code to make sure RANDFILE is passed as an environment variable to the
+ # openssl command but not retained in the Puppet process environment.
+ randfile = Tempfile.new("#{@resource[:name]}.")
+ if Puppet::Util::Execution.respond_to?(:withenv)
+ withenv = Puppet::Util::Execution.method(:withenv)
+ else
+ withenv = Puppet::Util.method(:withenv)
+ end
+ output = withenv.call('RANDFILE' => randfile.path) do
+ run_command(cmd, false, tmpfile)
+ end
tmpfile.close!
+ randfile.close!
return output
end
@@ -50,7 +58,7 @@ def import_ks
tmpfile.write("#{@resource[:password]}\n#{@resource[:password]}\n#{@resource[:password]}")
end
tmpfile.flush
- run_keystore_command(cmd, @resource[:target], tmpfile)
+ run_command(cmd, @resource[:target], tmpfile)
tmppk12.close!
tmpfile.close!
end
@@ -66,12 +74,7 @@ def exists?
tmpfile = Tempfile.new("#{@resource[:name]}.")
tmpfile.write(@resource[:password])
tmpfile.flush
- Puppet::Util.execute(
- cmd,
- :stdinfile => tmpfile.path,
- :failonfail => true,
- :combine => true
- )
+ run_command(cmd, false, tmpfile)
tmpfile.close!
return true
rescue
@@ -86,7 +89,7 @@ def latest
'x509', '-fingerprint', '-md5', '-noout',
'-in', @resource[:certificate]
]
- output = Puppet::Util.execute(cmd)
+ output = run_command(cmd)
latest = output.scan(/MD5 Fingerprint=(.*)/)[0][0]
return latest
end
@@ -96,21 +99,16 @@ def current
output = ''
cmd = [
command(:keytool),
- '-list',
+ '-list', '-v',
'-keystore', @resource[:target],
'-alias', @resource[:name]
]
tmpfile = Tempfile.new("#{@resource[:name]}.")
tmpfile.write(@resource[:password])
tmpfile.flush
- output = Puppet::Util.execute(
- cmd,
- :stdinfile => tmpfile.path,
- :failonfail => true,
- :combine => true
- )
+ output = run_command(cmd, false, tmpfile)
tmpfile.close!
- current = output.scan(/Certificate fingerprint \(MD5\): (.*)/)[0][0]
+ current = output.scan(/Certificate fingerprints:\n\s+MD5: (.*)/)[0][0]
return current
end
@@ -137,7 +135,7 @@ def create
tmpfile.write("#{@resource[:password]}\n#{@resource[:password]}")
end
tmpfile.flush
- run_keystore_command(cmd, @resource[:target], tmpfile)
+ run_command(cmd, @resource[:target], tmpfile)
tmpfile.close!
end
end
@@ -152,12 +150,7 @@ def destroy
tmpfile = Tempfile.new("#{@resource[:name]}.")
tmpfile.write(@resource[:password])
tmpfile.flush
- Puppet::Util.execute(
- cmd,
- :stdinfile => tmpfile.path,
- :failonfail => true,
- :combine => true
- )
+ run_command(cmd, false, tmpfile)
tmpfile.close!
end
@@ -167,38 +160,56 @@ def update
create
end
- def run_keystore_command(cmd, target, stdinfile)
+ def run_command(cmd, target=false, stdinfile=false)
+
+ # The Puppet::Util::Execution.execute method is deparcated in Puppet 3.x
+ # but we need this to work on 2.7.x too.
+ if Puppet::Util::Execution.respond_to?(:execute)
+ exec_method = Puppet::Util::Execution.method(:execute)
+ else
+ exec_method = Puppet::Util.method(:execute)
+ end
+
# the java keytool will not correctly deal with an empty target keystore
# file. If we encounter an empty keystore target file, preserve the mode,
# owner and group, and delete the empty file.
- if File.exists?(target) and File.zero?(target)
+ if target and (File.exists?(target) and File.zero?(target))
stat = File.stat(target)
File.delete(target)
end
- # There's a problem in IBM java wherein stdin cannot be used (trivially)
- # pass in the keystore passwords. This makes the provider work on SLES
- # with minimal effort.
+ # There's a problem in IBM java keytool wherein stdin cannot be used
+ # (trivially) to pass in the keystore passwords. The below hack makes the
+ # provider work on SLES with minimal effort at the cost of letting the
+ # passphrase to the keystore show up in the process list as an argument.
+ # From a best practice standpoint the keystore should be protected by file
+ # permissions and not just the passphrase so "making it work on SLES"
+ # trumps.
if Facter.value('osfamily') == 'Suse' and @resource[:password]
- cmd << '-srcstorepass' << @resource[:password]
- cmd << '-deststorepass' << @resource[:password]
+ cmd_to_run = cmd.is_a?(String) ? cmd.split(/\s/).first : cmd.first
+ if cmd_to_run == command(:keytool)
+ cmd << '-srcstorepass' << @resource[:password]
+ cmd << '-deststorepass' << @resource[:password]
+ end
end
# Now run the command
- Puppet::Util.execute(
- cmd,
- :stdinfile => stdinfile.path,
- :failonfail => true,
- :combine => true
- )
+ options = { :failonfail => true, :combine => true }
+ output = if stdinfile
+ exec_method.call(cmd, options.merge(:stdinfile => stdinfile.path))
+ else
+ exec_method.call(cmd, options)
+ end
# for previously empty files, restore the mode, owner and group. The funky
# double-take check is because on Suse defined? doesn't seem to behave
# quite the same as on Debian, RedHat
- if defined? stat and stat
+ if target and (defined? stat and stat)
File.chmod(stat.mode, target)
File.chown(stat.uid, stat.gid, target)
end
+
+ return output
end
end
View
19 spec/spec_helper.rb
@@ -1,18 +1 @@
-require 'pathname'
-dir = Pathname.new(__FILE__).parent
-$LOAD_PATH.unshift(dir, dir + 'lib', dir + '../lib')
-
-require 'mocha'
-require 'puppet'
-gem 'rspec', '>=2.0.0'
-require 'rspec/expectations'
-
-RSpec.configure do |config|
- config.mock_with :mocha
-end
-
-# We need this because the RAL uses 'should' as a method. This
-# allows us the same behaviour but with a different method name.
-class Object
- alias :must :should
-end
+require 'puppetlabs_spec_helper/module_spec_helper'
View
8 spec/provider/java_ks/keytool_spec.rb → ...t/puppet/provider/java_ks/keytool_spec.rb
@@ -47,7 +47,7 @@
describe 'when importing a private key and certifcate' do
it 'should execute openssl and keytool with specific options' do
- Puppet::Util.expects(:execute).with do |args|
+ provider.expects(:run_command).with do |*args|
args[0] == [
'myopenssl', 'pkcs12', '-export', '-passout', 'stdin',
'-in', resource[:certificate],
@@ -55,7 +55,7 @@
'-name', resource[:name]
]
end
- Puppet::Util.expects(:execute).with do |args|
+ provider.expects(:run_command).with do |*args|
args[0] == [
'mykeytool', '-importkeystore', '-srcstoretype', 'PKCS12',
'-destkeystore', resource[:target],
@@ -76,7 +76,7 @@
it 'should call keytool with specific options if only certificate is provided' do
no_pk = resource.dup
no_pk.delete(:private_key)
- Puppet::Util.expects(:execute).with do |args|
+ provider.expects(:run_command).with do |*args|
args[0] == [
'mykeytool', '-importcert', '-noprompt',
'-alias', no_pk[:name],
@@ -91,7 +91,7 @@
describe 'when removing entries from keytool' do
it 'should execute keytool with a specific set of options' do
- Puppet::Util.expects(:execute).with do |args|
+ provider.expects(:run_command).with do |*args|
args[0] == [
'mykeytool', '-delete',
'-alias', resource[:name],
View
0 spec/type/java_ks_spec.rb → spec/unit/puppet/type/java_ks_spec.rb
File renamed without changes.
Something went wrong with that request. Please try again.