1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
#!/usr/bin/env rspec
require 'spec_helper'
require 'net/http'
require 'thread'
require 'fileutils'
describe "the get_certificate function" do
include PuppetSpec::Files
before :all do
@sslcert = File.read("spec/master_config/ssl/ca/signed/bob@mydomain.com.pem")
Puppet::Parser::Functions.autoloader.loadall
end
before :each do
@scope = Puppet::Parser::Scope.new
end
it "should exist" do
Puppet::Parser::Functions.function("get_certificate").should == "function_get_certificate"
end
it "should raise a ParseError if there is less than 1 argument" do
lambda { @scope.function_get_certificate([]) }.should(raise_error(Puppet::ParseError))
end
it "should raise a ParseError if the argument is empty" do
lambda { @scope.function_get_certificate([""]) }.should(raise_error(Puppet::ParseError))
end
it "should raise a ParseError if the argument contains strange characters" do
lambda { @scope.function_get_certificate(["%^&"]) }.should(raise_error(Puppet::ParseError))
end
it "should return a valid certificate if CA is local" do
Puppet[:ca] = true
Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/"
result = @scope.function_get_certificate(["bob@mydomain.com"])
result.should(eq(@sslcert))
end
it "should throw an error if CN is missing and CA is local" do
Puppet[:ca] = true
Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/"
result = @scope.function_get_certificate(["missing@mydomain.com"])
result.should(eq(:undef))
end
it "should return a valid certificate if CA is remote" do
Puppet[:ca] = false
Puppet[:ssldir] = "spec/master_config/ssl"
Puppet[:certname] = "puppetmaster"
# Mock return
require 'ostruct'
http = OpenStruct.new
http.body = @sslcert
http.code = "200"
# Intercept http start call
Net::HTTP.any_instance.expects(:start).returns(http)
result = @scope.function_get_certificate(["bob@mydomain.com"])
result.should(eq(@sslcert))
end
it "should throw an error if CN doesn't exist and CA is remote (stubbed)" do
Puppet[:ca] = false
Puppet[:ssldir] = "spec/master_config/ssl"
Puppet[:certname] = "puppetmaster"
# Mock return
require 'ostruct'
http = OpenStruct.new
http.code = "404"
# Intercept http start call
Net::HTTP.any_instance.expects(:start).returns(http)
result = @scope.function_get_certificate(["missing@mydomain.com"])
result.should(eq(:undef))
end
describe "real puppetmaster" do
before :all do
# Prepare fixture for puppetmaster
@master_tmp = tmpdir("get_certificate") + "/master_config"
FileUtils.cp_r("spec/master_config",@master_tmp)
# Fork and start a puppetmaster
master_config = [
"--config=/dev/null",
"--logdest=#{@master_tmp}/var/log/logfile",
"--confdir=#{@master_tmp}",
"--no-daemonize",
"--masterport=9354",
"--bindaddress=127.0.0.1",
"--vardir=#{@master_tmp}/var",
"--ssldir=#{@master_tmp}/ssl",
"--certname=puppetmaster",
"--user=#{ENV["USER"]}",
# "--debug",
]
@master = Process.fork do
cmd = Puppet::Util::CommandLine.new("master", master_config)
Puppet::Plugins.on_application_intialization(:application_object => cmd)
app = Puppet::Application.find("master").new(cmd)
app.run
end
# Wait 1 second for puppetmatser setup
# TODO: must be a better wait to check if master
# is listening first before proceeding.
sleep 1
Puppet::Parser::Functions.autoloader.loadall
end
before :each do
# Standard puppet setup for each test
Puppet[:ca] = false
Puppet[:ssldir] = "#{@master_tmp}/ssl"
Puppet[:certname] = "puppetmaster"
Puppet[:ca_port] = "9354"
Puppet[:ca_server] = "127.0.0.1"
end
after :all do
# Kill and reap puppetmaster
Process.kill("TERM", @master)
Process.wait(@master)
end
it "should return a valid certificate if CA is remote" do
result = @scope.function_get_certificate(["bob@mydomain.com"])
result.should(eq(@sslcert))
end
it "should throw an error if CN doesn't exist and CA is remote" do
result = @scope.function_get_certificate(["missing@mydomain.com"])
result.should(eq(:undef))
end
it "should throw a connection refused message if CA is not running on port" do
Puppet[:ca_port] = "65111"
lambda { @scope.function_get_certificate(["missing@mydomain.com"]) }.should(raise_error(Puppet::Error))
end
it "should raise an exception if connection to CA times out" do
Puppet[:ca_server] = "10.254.254.254"
lambda { @scope.function_get_certificate(["missing@mydomain.com", { :conn_timeout => 1}]) }.should(raise_error(Puppet::Error))
end
end
end
|