diff options
author | Jeff McCune <jeff@puppetlabs.com> | 2011-10-10 11:52:33 -0700 |
---|---|---|
committer | Jeff McCune <jeff@puppetlabs.com> | 2011-10-10 11:52:33 -0700 |
commit | 9f98d3feaf7e3fee55bc2b7b2e1d8f75b0972672 (patch) | |
tree | c774302c46efde850662da3c3588d93e21e6f570 | |
parent | 14852e0259e1e43371dbcb2675e00c6d6e614f05 (diff) | |
parent | 07b2a3afd996fa367e2e1b3692b5b8eea3273af2 (diff) |
Merge branch 'ticket/master/revert_8925'
* ticket/master/revert_8925:
(#10007) Revert "Merge pull request #13 from kbarber/issue/master/8925-user_ssl_certs"
23 files changed, 0 insertions, 503 deletions
diff --git a/lib/puppet/parser/functions/get_certificate.rb b/lib/puppet/parser/functions/get_certificate.rb deleted file mode 100644 index 66baba6..0000000 --- a/lib/puppet/parser/functions/get_certificate.rb +++ /dev/null @@ -1,89 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:get_certificate, :type => :rvalue, :doc => <<-EOS -Returns the public certificate of the given CN from the local or remote Puppet -CA. - -Usage is: - - get_certificate($cn, $options) - -The first argument $cn is a valid CN for the certificate you wish to -return. A CN is usually the hostname of a machine in Puppet. You can view all available -certificates using the facility: - - puppet cert --list --all - -On the main CA or puppetmaster. - -The second argument $options allows the user to define a hash of options to -pass to the function. - -The options and descriptions are: - -* *conn_timeout*: Adjust timeout for remote CA connectivity (in seconds). Default is 7. - EOS - ) do |arguments| - - # Make sure we have enough arguments - if not (1..2).include?(arguments.size) then - raise(Puppet::ParseError, "get_certificate(): Wrong number of arguments " + - "given (#{arguments.size} for 1 or 2)") - end - - # Obtain arguments and set defaults - cn = arguments[0] - options = arguments[1] ||= {} - options[:conn_timeout] = 7 if !options.has_key?(:conn_timeout) - - # Validation of arguments - if not (cn.is_a?(String) and cn.match(/^[a-zA-Z0-9@_\-\.]+$/)) then - raise(Puppet::ParseError, 'get_certificate(): CN name must be a valid string. Hashes and Arrays are not valid') - end - if not (1..600).include?(options[:conn_timeout]) then - raise(Puppet::ParseError, "get_certificate(): The option 'conn_timeout' must be an integer between 1 and 600") - end - - # Get and return certificate using file or rest - if Puppet[:ca] == true then - # Get the certificate locally if we are acting as a CA - # TODO: wrap: puppet certificate --render-as s --ca-location remote find ken@bob.sh - ssl_cert_path = Puppet[:signeddir] + "/" + cn + ".pem" - if FileTest.exists?(ssl_cert_path) then - cert = File.open(ssl_cert_path,"r") - return cert.read - end - else - # Obtain the certificate from the CA if its remote - # TODO: wrap: puppet certificate --render-as s --ca-location local find ken@bob.sh - require 'net/http' - require 'net/https' - - http = Net::HTTP.new(Puppet[:ca_server], Puppet[:ca_port]) - http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_NONE - - begin - res = timeout(options[:conn_timeout]) do - http.start {|h| - h.get("/production/certificate/#{cn}", { "Accept" => "s" }) - } - end - rescue Timeout::Error - raise(Puppet::Error, "Transaction timed out when connecting to #{Puppet[:ca_server]}:#{Puppet[:ca_port]}. Check your CA is running and that your ca_server and ca_port settings are correct on the machine this function ran on.") - rescue Errno::ECONNREFUSED - raise(Puppet::Error, "Connection refused when connecting to #{Puppet[:ca_server]}:#{Puppet[:ca_port]}. Check your CA is running and that your ca_server and ca_port settings are correct on the machine this function ran on.") - end - - case res.code - when "200" - return res.body if res.body - when "404" - return :undef - else - raise(Puppet::Error, "Error with REST call: #{res.code}") - end - end - - :undef - end -end diff --git a/lib/puppet/parser/functions/get_pubkey.rb b/lib/puppet/parser/functions/get_pubkey.rb deleted file mode 100644 index 744b9df..0000000 --- a/lib/puppet/parser/functions/get_pubkey.rb +++ /dev/null @@ -1,25 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:get_pubkey, :type => :rvalue, :doc => <<-EOS -Gets a public key given a CN. This function accepts all the same -parameters as get_certificate(), but instead returns the public -key portion of the certificate. - -See get_certificate() for a more complete list of options available. -EOS - ) do |arguments| - - # Wrap the get_certificate method - method = Puppet::Parser::Functions.function(:get_certificate) - cert_text = send(method, arguments) - - require 'openssl' - - if cert_text == :undef then - return :undef - else - cert = OpenSSL::X509::Certificate.new(cert_text) - pubkey = cert.public_key - return pubkey.to_s - end - end -end diff --git a/spec/fixtures/master_config/.gitignore b/spec/fixtures/master_config/.gitignore deleted file mode 100644 index 7d4e912..0000000 --- a/spec/fixtures/master_config/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -manifests/ -var/ diff --git a/spec/fixtures/master_config/auth.conf b/spec/fixtures/master_config/auth.conf deleted file mode 100644 index aecb32e..0000000 --- a/spec/fixtures/master_config/auth.conf +++ /dev/null @@ -1,4 +0,0 @@ -path /certificate/ -auth no -method find -allow * diff --git a/spec/fixtures/master_config/ssl/ca/ca_crl.pem b/spec/fixtures/master_config/ssl/ca/ca_crl.pem deleted file mode 100644 index 90c7a03..0000000 --- a/spec/fixtures/master_config/ssl/ca/ca_crl.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN X509 CRL----- -MIH5MGQCAQEwDQYJKoZIhvcNAQEFBQAwIjEgMB4GA1UEAwwXUHVwcGV0IENBOiBw -dXBwZXRtYXN0ZXIXDTExMDgxMzIwMDAwOFoXDTE2MDgxMTIwMDAwOFqgDjAMMAoG -A1UdFAQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBACBHLkJD4RvEV75ak8w468Kq7r5p -s87Fzs0Vj2fgqH/3GPoazwBD4R0TvqMb+NUuF0WnipexdQQRjaiERmqX9aIhRjRA -vs4ItdoxAvcgCzWs6cYm/e4SAAqY5lipfJqd+aRlQgzWaj6WDbFMVEKvqMXqM5wU -gGQRYVnXHbohA+/I ------END X509 CRL----- diff --git a/spec/fixtures/master_config/ssl/ca/ca_crt.pem b/spec/fixtures/master_config/ssl/ca/ca_crt.pem deleted file mode 100644 index 7910b2b..0000000 --- a/spec/fixtures/master_config/ssl/ca/ca_crt.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICMzCCAZygAwIBAgIBATANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw -ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw -MDhaMCIxIDAeBgNVBAMMF1B1cHBldCBDQTogcHVwcGV0bWFzdGVyMIGfMA0GCSqG -SIb3DQEBAQUAA4GNADCBiQKBgQDA6rbkI3p/YmrjE5ZNwuCPRfqUtywnBHqClp2o -nBgqrBZiKitxAmdEH4lidGA9AbiNnBiMh0fC4s5sKAUZUjPjv1I7VBqrueYWKnKP -1IBuggaJDoUQysj73XxPUnfFiuBuDVO+FEjLCrbB7WCfdli3KuueUJjHbcLyUh0n -o2ceMwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNT -TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQUB14U4FLr4JVibAmnV+n+kw85ck4wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB -BQUAA4GBAAZ3wF7R8DDhhT31OGQ/A+/F3L59nStqvW7AD7EabrTDPPNOVcvt/las -oi4MXiBuGPgS/xg+n4YBREaaYoF8BcGx5YMPY1XOPS0DItnDl44Wd+eHraD69kLl -l/4pPMlE5PQ21o82dph3i6B1E5zwLxhMXzh1mfvDcCIMmRdVobQm ------END CERTIFICATE----- diff --git a/spec/fixtures/master_config/ssl/ca/ca_key.pem b/spec/fixtures/master_config/ssl/ca/ca_key.pem deleted file mode 100644 index d073e22..0000000 --- a/spec/fixtures/master_config/ssl/ca/ca_key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDA6rbkI3p/YmrjE5ZNwuCPRfqUtywnBHqClp2onBgqrBZiKitx -AmdEH4lidGA9AbiNnBiMh0fC4s5sKAUZUjPjv1I7VBqrueYWKnKP1IBuggaJDoUQ -ysj73XxPUnfFiuBuDVO+FEjLCrbB7WCfdli3KuueUJjHbcLyUh0no2ceMwIDAQAB -AoGAdJRieXNHL3uWBCtuBQfjFDHBv+UBdYKrVgcWtzG9GOxtilzZa618Ihq8txaE -odlMYacW3rVRlF/jRlDY4/hdChKO0PwffYzMmMklora8knG4Epi3LbMsVYCpbmvr -AYNKkvAnTbSF/PQMq8hTRnRf8cL8KU6e0uFFiOfx0pc+YyECQQDyod+VtRiOxWM1 -/FE2eZpihibAiB0HV9VJuXW23WwKh2fIqHs2oQXzjvzjiDV+LiZu51L21hQQcAeH -hMrNWRI/AkEAy4ulVjGybS0FqCvOX8UllJZBkN2z266HRag5a90TG0a0PEb0L+5Y -3rokNTZAzxdrCxkHaLRXQ9PE7b3c/1CPDQJAWNeW491swZJbMoBSSG0cb6kJdYQh -hPfPXHBxPuUy02QjR2ERxL4PTNB1nubYF3zUi9VeFo3qyN4Mk722+Jv9xwJADK8j -Gn/2Un9fvt8b+TPb56qFY3WtY584psqY6XPZYPXC/Y6eYO5Fc3u+DeLXnxAih4qD -v66dUYi82OPgBbkLcQJBAIFwHWNgrDZqSp8KBOldRUdwt2MkG3QzRiMziP8DczXF -xvdxH+AHPWl7yzOLas/kgx23ozQZcTzNqFjDmnSrJZQ= ------END RSA PRIVATE KEY----- diff --git a/spec/fixtures/master_config/ssl/ca/ca_pub.pem b/spec/fixtures/master_config/ssl/ca/ca_pub.pem deleted file mode 100644 index 2ba33aa..0000000 --- a/spec/fixtures/master_config/ssl/ca/ca_pub.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBAMDqtuQjen9iauMTlk3C4I9F+pS3LCcEeoKWnaicGCqsFmIqK3ECZ0Qf -iWJ0YD0BuI2cGIyHR8LizmwoBRlSM+O/UjtUGqu55hYqco/UgG6CBokOhRDKyPvd -fE9Sd8WK4G4NU74USMsKtsHtYJ92WLcq655QmMdtwvJSHSejZx4zAgMBAAE= ------END RSA PUBLIC KEY----- diff --git a/spec/fixtures/master_config/ssl/ca/inventory.txt b/spec/fixtures/master_config/ssl/ca/inventory.txt deleted file mode 100644 index 51ed4af..0000000 --- a/spec/fixtures/master_config/ssl/ca/inventory.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Inventory of signed certificates -# SERIAL NOT_BEFORE NOT_AFTER SUBJECT -0x0001 2011-08-12T20:00:08GMT 2016-08-10T20:00:08GMT /CN=Puppet CA: puppetmaster -0x0002 2011-08-12T20:00:08GMT 2016-08-10T20:00:08GMT /CN=puppetmaster -0x0003 2011-08-12T20:01:09GMT 2016-08-10T20:01:09GMT /CN=bob@mydomain.com diff --git a/spec/fixtures/master_config/ssl/ca/private/ca.pass b/spec/fixtures/master_config/ssl/ca/private/ca.pass deleted file mode 100644 index 234a5b9..0000000 --- a/spec/fixtures/master_config/ssl/ca/private/ca.pass +++ /dev/null @@ -1 +0,0 @@ -[Ie3rqTiZfur`@gLW5<P
\ No newline at end of file diff --git a/spec/fixtures/master_config/ssl/ca/serial b/spec/fixtures/master_config/ssl/ca/serial deleted file mode 100644 index 9df46a8..0000000 --- a/spec/fixtures/master_config/ssl/ca/serial +++ /dev/null @@ -1 +0,0 @@ -0004
\ No newline at end of file diff --git a/spec/fixtures/master_config/ssl/ca/signed/bob@mydomain.com.pem b/spec/fixtures/master_config/ssl/ca/signed/bob@mydomain.com.pem deleted file mode 100644 index a649c8d..0000000 --- a/spec/fixtures/master_config/ssl/ca/signed/bob@mydomain.com.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICVDCCAb2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw -ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAxMDlaFw0xNjA4MTAyMDAx -MDlaMBsxGTAXBgNVBAMMEGJvYkBteWRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEB -BQADgY0AMIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY -9RalRM5jItm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAt -OfxDeWmAun+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMB -AAGjgaAwgZ0wOAYJYIZIAYb4QgENBCsWKVB1cHBldCBSdWJ5L09wZW5TU0wgR2Vu -ZXJhdGVkIENlcnRpZmljYXRlMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFyA8pjL -+VkeCZHDRYCzKjzT4Cr9MAsGA1UdDwQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcD -AQYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4GBAExa0zqinr4P -6ZmYOYxNtS1d+8YQdzjJXOnlXUURhERHfKMjvvJ125MO9i4TRF/isetRKz2w0OfO -Vfsdio9PSJf2Fh+/1V2r5eSvLbVenRwFnvyv/u/39ukQNbX5YSwXsl9QcWhqwtwF -dL1eEwuy2xmfxX6ZZRPDFDrideAtTEJy ------END CERTIFICATE----- diff --git a/spec/fixtures/master_config/ssl/ca/signed/puppetmaster.pem b/spec/fixtures/master_config/ssl/ca/signed/puppetmaster.pem deleted file mode 100644 index df900fc..0000000 --- a/spec/fixtures/master_config/ssl/ca/signed/puppetmaster.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw -ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw -MDhaMBcxFTATBgNVBAMMDHB1cHBldG1hc3RlcjCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAzxm4O4OlcihWLbNHboKEmQ9cGlsG1vs0nkFtjLeF6eyi4cV6n8Af -1OacZV9aqzK8MrBQvYrpbpap2/kFSWx3vbhUVDz5ynsNzhu2Jt914XaJEcDmpDMU -UwQ+pg7JCSHocW2JilofAZdC1HrefLc570yYwxS//U/cw6N5MnskS2ECAwEAAaOB -oDCBnTA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNTTCBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYSrVz684wuDJ -3awwcfFxMZGPkNQwCwYDVR0PBAQDAgWgMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr -BgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADgYEAEL5ZXS5TVzaI56HH -RhcGFLnvfl2BldsPuVuE5H6fqegRUyLpH7mXHCBt1Zn3IlUUdMLHOump4UHVjw/B -QPk6ihVjWcBTCU8xu4hKj54MixZFFIo2sJveMVdfIJ3lTQTmRpTHpIU7hYHwP46q -hLWywdpCBvhCxpK0YSi4FSDiYQ8= ------END CERTIFICATE----- diff --git a/spec/fixtures/master_config/ssl/certs/bob@mydomain.com.pem b/spec/fixtures/master_config/ssl/certs/bob@mydomain.com.pem deleted file mode 100644 index a649c8d..0000000 --- a/spec/fixtures/master_config/ssl/certs/bob@mydomain.com.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICVDCCAb2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw -ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAxMDlaFw0xNjA4MTAyMDAx -MDlaMBsxGTAXBgNVBAMMEGJvYkBteWRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEB -BQADgY0AMIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY -9RalRM5jItm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAt -OfxDeWmAun+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMB -AAGjgaAwgZ0wOAYJYIZIAYb4QgENBCsWKVB1cHBldCBSdWJ5L09wZW5TU0wgR2Vu -ZXJhdGVkIENlcnRpZmljYXRlMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFyA8pjL -+VkeCZHDRYCzKjzT4Cr9MAsGA1UdDwQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcD -AQYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4GBAExa0zqinr4P -6ZmYOYxNtS1d+8YQdzjJXOnlXUURhERHfKMjvvJ125MO9i4TRF/isetRKz2w0OfO -Vfsdio9PSJf2Fh+/1V2r5eSvLbVenRwFnvyv/u/39ukQNbX5YSwXsl9QcWhqwtwF -dL1eEwuy2xmfxX6ZZRPDFDrideAtTEJy ------END CERTIFICATE----- diff --git a/spec/fixtures/master_config/ssl/certs/ca.pem b/spec/fixtures/master_config/ssl/certs/ca.pem deleted file mode 100644 index 7910b2b..0000000 --- a/spec/fixtures/master_config/ssl/certs/ca.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICMzCCAZygAwIBAgIBATANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw -ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw -MDhaMCIxIDAeBgNVBAMMF1B1cHBldCBDQTogcHVwcGV0bWFzdGVyMIGfMA0GCSqG -SIb3DQEBAQUAA4GNADCBiQKBgQDA6rbkI3p/YmrjE5ZNwuCPRfqUtywnBHqClp2o -nBgqrBZiKitxAmdEH4lidGA9AbiNnBiMh0fC4s5sKAUZUjPjv1I7VBqrueYWKnKP -1IBuggaJDoUQysj73XxPUnfFiuBuDVO+FEjLCrbB7WCfdli3KuueUJjHbcLyUh0n -o2ceMwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNT -TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQUB14U4FLr4JVibAmnV+n+kw85ck4wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB -BQUAA4GBAAZ3wF7R8DDhhT31OGQ/A+/F3L59nStqvW7AD7EabrTDPPNOVcvt/las -oi4MXiBuGPgS/xg+n4YBREaaYoF8BcGx5YMPY1XOPS0DItnDl44Wd+eHraD69kLl -l/4pPMlE5PQ21o82dph3i6B1E5zwLxhMXzh1mfvDcCIMmRdVobQm ------END CERTIFICATE----- diff --git a/spec/fixtures/master_config/ssl/certs/puppetmaster.pem b/spec/fixtures/master_config/ssl/certs/puppetmaster.pem deleted file mode 100644 index df900fc..0000000 --- a/spec/fixtures/master_config/ssl/certs/puppetmaster.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw -ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw -MDhaMBcxFTATBgNVBAMMDHB1cHBldG1hc3RlcjCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAzxm4O4OlcihWLbNHboKEmQ9cGlsG1vs0nkFtjLeF6eyi4cV6n8Af -1OacZV9aqzK8MrBQvYrpbpap2/kFSWx3vbhUVDz5ynsNzhu2Jt914XaJEcDmpDMU -UwQ+pg7JCSHocW2JilofAZdC1HrefLc570yYwxS//U/cw6N5MnskS2ECAwEAAaOB -oDCBnTA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNTTCBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYSrVz684wuDJ -3awwcfFxMZGPkNQwCwYDVR0PBAQDAgWgMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr -BgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADgYEAEL5ZXS5TVzaI56HH -RhcGFLnvfl2BldsPuVuE5H6fqegRUyLpH7mXHCBt1Zn3IlUUdMLHOump4UHVjw/B -QPk6ihVjWcBTCU8xu4hKj54MixZFFIo2sJveMVdfIJ3lTQTmRpTHpIU7hYHwP46q -hLWywdpCBvhCxpK0YSi4FSDiYQ8= ------END CERTIFICATE----- diff --git a/spec/fixtures/master_config/ssl/crl.pem b/spec/fixtures/master_config/ssl/crl.pem deleted file mode 100644 index 90c7a03..0000000 --- a/spec/fixtures/master_config/ssl/crl.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN X509 CRL----- -MIH5MGQCAQEwDQYJKoZIhvcNAQEFBQAwIjEgMB4GA1UEAwwXUHVwcGV0IENBOiBw -dXBwZXRtYXN0ZXIXDTExMDgxMzIwMDAwOFoXDTE2MDgxMTIwMDAwOFqgDjAMMAoG -A1UdFAQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBACBHLkJD4RvEV75ak8w468Kq7r5p -s87Fzs0Vj2fgqH/3GPoazwBD4R0TvqMb+NUuF0WnipexdQQRjaiERmqX9aIhRjRA -vs4ItdoxAvcgCzWs6cYm/e4SAAqY5lipfJqd+aRlQgzWaj6WDbFMVEKvqMXqM5wU -gGQRYVnXHbohA+/I ------END X509 CRL----- diff --git a/spec/fixtures/master_config/ssl/private_keys/bob@mydomain.com.pem b/spec/fixtures/master_config/ssl/private_keys/bob@mydomain.com.pem deleted file mode 100644 index dcf753a..0000000 --- a/spec/fixtures/master_config/ssl/private_keys/bob@mydomain.com.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC+/iHW3fnqIcQl1V3CAr6NSGqgM8o3s1sX8TMaAReJo3b8GPUW -pUTOYyLZvU4VcCzHs3CEmEjTyONmO9PvVyCv93+jsZ0jKAe5Ayl/TL3G2ZEQLTn8 -Q3lpgLp/j17h/O1Tda+7FYkUkgdnSMQd6oxdRzYQJtKHJklvrGd3rpdpaQIDAQAB -AoGAWlPwhyFWd9/eV5JQlFgd7M3J99hmk+9Ubr9ZTrwjeKoBtPrMtxgUsZN7QQVh -74us8gmwdlVbZCZHPeufsTtAroYX9lru3he0oopn82Revc9OYll8hHoXjpLlhJyz -G40e1DQ5wO0z1WKxAiMvR06i56z03nCgJYp5RzVIx6As0bECQQD1HHuEHZU69C64 -NnDLlokoCMxs/zgjO/oFJbuit63vOc/Ua6oCciEt6xaxUUzVUcOK4VEcjwBKifiK -ua2Z7ZANAkEAx3owTktjSU2RleIE6aZq7gfgC2ZAjHiIwtFRq573dfCfbj1b2wKk -8GBudLsXNLZEEgJwJofljjXPAcPAebSLzQJBAM0hVCGCHITlHEBgl09aoViW3HaP -tSyPojMym/CWpgMiL9OHcxVu7GOgbjJhZtrT/cE5xgcPil/XTeDTefzrevUCQEW0 -X+7sDwzNa0M50Meo3JLC87poB8ROVlPleymCiiyPYdbO4Cs+2E4bFF38Bpbn3g+B -BJmiQUgZa3XNZpPg0D0CQGJocWKoiWBUcZSbEAaJtBCG+CO+Z8QQP62RpiiYck4W -VMn3s3fSS8cLdl65jSLM/dXA6YWZlwT/7Vl46ooGdDQ= ------END RSA PRIVATE KEY----- diff --git a/spec/fixtures/master_config/ssl/private_keys/puppetmaster.pem b/spec/fixtures/master_config/ssl/private_keys/puppetmaster.pem deleted file mode 100644 index 4de4dd2..0000000 --- a/spec/fixtures/master_config/ssl/private_keys/puppetmaster.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDPGbg7g6VyKFYts0dugoSZD1waWwbW+zSeQW2Mt4Xp7KLhxXqf -wB/U5pxlX1qrMrwysFC9iululqnb+QVJbHe9uFRUPPnKew3OG7Ym33XhdokRwOak -MxRTBD6mDskJIehxbYmKWh8Bl0LUet58tznvTJjDFL/9T9zDo3kyeyRLYQIDAQAB -AoGAIseQ9v2uxTMc9ePLtTVaC1JXB14OEgBx37nhKeaQKK7C0+OUKkvbjKeF0Ehp -M6L7lA+kH5C6jwXiVLzHNINwwDAqgx+n2O73BjKbqXSVNmdwirX+7nlqVKP6lR+E -xGYn3MMQhZe956qGJffHbEPQB3dx0mzIcvXSWCTwWaPfTgECQQD4gbARjcSiirGi -1GA8hMGzdkozt9yb2hbiF79NMGN/wbdYe4FxrmnzGkKXEBvkUFPlGu7GkEwNDtkF -3MqpsBbxAkEA1VhnLYoPpIDxupJRclwBFxEOBFQ3pkgA5/kxayoeAYLoiMRU6mfE -bhtA8lWoV9BFNvzVCSFS3Yvb1sXLgWrbcQJAfuu9wTlm9J1hnIhbno0vYTlJLKD7 -S55XkaIPUp0kNFv8CHUL58Ps2PzQhdb0Z+ee8aSPz1pjfUfYD+Z0m7YUAQJBAIvn -ohnB/MoS6PJBe3m0Dd7zhy6dj7TSaQ22Y4r0HqM9FoKBxXHGRJEz/B4uv+t+H7WU -jZukJ7QzQCISqYaf7XECQQCbmDO/lv8qdmLfApN2v1H7t9R7tXhEm8jK7OLZsoAT -QAwCPYh7YRnhpFE0gMUncg+lVu3CTrXtlBRDRgF68Lhx ------END RSA PRIVATE KEY----- diff --git a/spec/fixtures/master_config/ssl/public_keys/bob@mydomain.com.pem b/spec/fixtures/master_config/ssl/public_keys/bob@mydomain.com.pem deleted file mode 100644 index 3d46da5..0000000 --- a/spec/fixtures/master_config/ssl/public_keys/bob@mydomain.com.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY9RalRM5j -Itm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAtOfxDeWmA -un+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMBAAE= ------END RSA PUBLIC KEY----- diff --git a/spec/fixtures/master_config/ssl/public_keys/puppetmaster.pem b/spec/fixtures/master_config/ssl/public_keys/puppetmaster.pem deleted file mode 100644 index 24c6361..0000000 --- a/spec/fixtures/master_config/ssl/public_keys/puppetmaster.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBAM8ZuDuDpXIoVi2zR26ChJkPXBpbBtb7NJ5BbYy3hensouHFep/AH9Tm -nGVfWqsyvDKwUL2K6W6Wqdv5BUlsd724VFQ8+cp7Dc4btibfdeF2iRHA5qQzFFME -PqYOyQkh6HFtiYpaHwGXQtR63ny3Oe9MmMMUv/1P3MOjeTJ7JEthAgMBAAE= ------END RSA PUBLIC KEY----- diff --git a/spec/unit/puppet/parser/functions/get_certficiate_spec.rb b/spec/unit/puppet/parser/functions/get_certficiate_spec.rb deleted file mode 100755 index 2f5b583..0000000 --- a/spec/unit/puppet/parser/functions/get_certficiate_spec.rb +++ /dev/null @@ -1,158 +0,0 @@ -#!/usr/bin/env rspec - -require 'spec_helper' -require 'net/http' -require 'thread' -require 'fileutils' - -describe "the get_certificate function" do - include PuppetSpec::Files - - before :all do - @sslcert = File.read("spec/master_config/ssl/ca/signed/bob@mydomain.com.pem") - - Puppet::Parser::Functions.autoloader.loadall - end - - before :each do - @scope = Puppet::Parser::Scope.new - end - - it "should exist" do - Puppet::Parser::Functions.function("get_certificate").should == "function_get_certificate" - end - - it "should raise a ParseError if there is less than 1 argument" do - lambda { @scope.function_get_certificate([]) }.should(raise_error(Puppet::ParseError)) - end - - it "should raise a ParseError if the argument is empty" do - lambda { @scope.function_get_certificate([""]) }.should(raise_error(Puppet::ParseError)) - end - - it "should raise a ParseError if the argument contains strange characters" do - lambda { @scope.function_get_certificate(["%^&"]) }.should(raise_error(Puppet::ParseError)) - end - - it "should return a valid certificate if CA is local" do - Puppet[:ca] = true - Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" - result = @scope.function_get_certificate(["bob@mydomain.com"]) - result.should(eq(@sslcert)) - end - - it "should throw an error if CN is missing and CA is local" do - Puppet[:ca] = true - Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" - result = @scope.function_get_certificate(["missing@mydomain.com"]) - result.should(eq(:undef)) - end - - it "should return a valid certificate if CA is remote" do - Puppet[:ca] = false - Puppet[:ssldir] = "spec/master_config/ssl" - Puppet[:certname] = "puppetmaster" - - # Mock return - require 'ostruct' - http = OpenStruct.new - http.body = @sslcert - http.code = "200" - - # Intercept http start call - Net::HTTP.any_instance.expects(:start).returns(http) - - result = @scope.function_get_certificate(["bob@mydomain.com"]) - result.should(eq(@sslcert)) - end - - it "should throw an error if CN doesn't exist and CA is remote (stubbed)" do - Puppet[:ca] = false - Puppet[:ssldir] = "spec/master_config/ssl" - Puppet[:certname] = "puppetmaster" - - # Mock return - require 'ostruct' - http = OpenStruct.new - http.code = "404" - - # Intercept http start call - Net::HTTP.any_instance.expects(:start).returns(http) - - result = @scope.function_get_certificate(["missing@mydomain.com"]) - result.should(eq(:undef)) - end - - describe "real puppetmaster" do - before :all do - # Prepare fixture for puppetmaster - @master_tmp = tmpdir("get_certificate") + "/master_config" - FileUtils.cp_r("spec/master_config",@master_tmp) - - # Fork and start a puppetmaster - master_config = [ - "--config=/dev/null", - "--logdest=#{@master_tmp}/var/log/logfile", - "--confdir=#{@master_tmp}", - "--no-daemonize", - "--masterport=9354", - "--bindaddress=127.0.0.1", - "--vardir=#{@master_tmp}/var", - "--ssldir=#{@master_tmp}/ssl", - "--certname=puppetmaster", - "--user=#{ENV["USER"]}", -# "--debug", - ] - @master = Process.fork do - cmd = Puppet::Util::CommandLine.new("master", master_config) - Puppet::Plugins.on_application_intialization(:application_object => cmd) - app = Puppet::Application.find("master").new(cmd) - app.run - end - - # Wait 1 second for puppetmatser setup - # TODO: must be a better wait to check if master - # is listening first before proceeding. - sleep 1 - - Puppet::Parser::Functions.autoloader.loadall - end - - before :each do - # Standard puppet setup for each test - Puppet[:ca] = false - Puppet[:ssldir] = "#{@master_tmp}/ssl" - Puppet[:certname] = "puppetmaster" - Puppet[:ca_port] = "9354" - Puppet[:ca_server] = "127.0.0.1" - end - - after :all do - # Kill and reap puppetmaster - Process.kill("TERM", @master) - Process.wait(@master) - end - - it "should return a valid certificate if CA is remote" do - result = @scope.function_get_certificate(["bob@mydomain.com"]) - result.should(eq(@sslcert)) - end - - it "should throw an error if CN doesn't exist and CA is remote" do - result = @scope.function_get_certificate(["missing@mydomain.com"]) - result.should(eq(:undef)) - end - - it "should throw a connection refused message if CA is not running on port" do - Puppet[:ca_port] = "65111" - lambda { @scope.function_get_certificate(["missing@mydomain.com"]) }.should(raise_error(Puppet::Error)) - end - - it "should raise an exception if connection to CA times out" do - Puppet[:ca_server] = "10.254.254.254" - lambda { @scope.function_get_certificate(["missing@mydomain.com", { :conn_timeout => 1}]) }.should(raise_error(Puppet::Error)) - end - - end - -end diff --git a/spec/unit/puppet/parser/functions/get_pubkey_spec.rb b/spec/unit/puppet/parser/functions/get_pubkey_spec.rb deleted file mode 100755 index e4cdd9f..0000000 --- a/spec/unit/puppet/parser/functions/get_pubkey_spec.rb +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env rspec - -require 'spec_helper' -require 'net/http' -require 'thread' -require 'fileutils' - -describe "the get_pubkey function" do - include PuppetSpec::Files - - before :all do - Puppet::Parser::Functions.autoloader.loadall - end - - before :each do - @scope = Puppet::Parser::Scope.new - end - - it "should exist" do - Puppet::Parser::Functions.function("get_pubkey").should == "function_get_pubkey" - end - - it "should raise a ParseError if there is less than 1 argument" do - lambda { @scope.function_get_pubkey([]) }.should(raise_error(Puppet::ParseError)) - end - - it "should raise a ParseError if the argument is empty" do - lambda { @scope.function_get_pubkey([""]) }.should(raise_error(Puppet::ParseError)) - end - - it "should raise a ParseError if the argument contains strange characters" do - lambda { @scope.function_get_pubkey(["%^&"]) }.should(raise_error(Puppet::ParseError)) - end - - it "should return a valid certificate if CA is local" do - Puppet[:ca] = true - Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" - result = @scope.function_get_pubkey(["bob@mydomain.com"]) - result.should(eq(<<-EOS)) ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY9RalRM5j -Itm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAtOfxDeWmA -un+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMBAAE= ------END RSA PUBLIC KEY----- -EOS - end - - it "should throw an error if CN is missing and CA is local" do - Puppet[:ca] = true - Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" - result = @scope.function_get_pubkey(["missing@mydomain.com"]) - result.should(eq(:undef)) - end -end |