diff options
author | Ken Barber <ken@bob.sh> | 2011-08-14 03:47:32 +0200 |
---|---|---|
committer | Ken Barber <ken@bob.sh> | 2011-08-17 16:36:59 +0200 |
commit | 9b912d028fe1a2622ec61a56b1f0774ef3c9f43b (patch) | |
tree | 56c1be57410b1c1e6532b03c42cda4e1602ffd08 /spec/unit | |
parent | 33887f9be50c4fd94bbd08d7c00d9b3d97e29d21 (diff) |
(#8925) Added new function called 'get_certificate' for retrieving
certificates from a CA (or locally).
This function works by either obtaining the file locally
or remotely based on Puppets configuration.
Also added get_pubkey which wraps get_certificate and extracts the
public key.
Diffstat (limited to 'spec/unit')
-rwxr-xr-x | spec/unit/puppet/parser/functions/get_certficiate_spec.rb | 158 | ||||
-rwxr-xr-x | spec/unit/puppet/parser/functions/get_pubkey_spec.rb | 54 |
2 files changed, 212 insertions, 0 deletions
diff --git a/spec/unit/puppet/parser/functions/get_certficiate_spec.rb b/spec/unit/puppet/parser/functions/get_certficiate_spec.rb new file mode 100755 index 0000000..2f5b583 --- /dev/null +++ b/spec/unit/puppet/parser/functions/get_certficiate_spec.rb @@ -0,0 +1,158 @@ +#!/usr/bin/env rspec + +require 'spec_helper' +require 'net/http' +require 'thread' +require 'fileutils' + +describe "the get_certificate function" do + include PuppetSpec::Files + + before :all do + @sslcert = File.read("spec/master_config/ssl/ca/signed/bob@mydomain.com.pem") + + Puppet::Parser::Functions.autoloader.loadall + end + + before :each do + @scope = Puppet::Parser::Scope.new + end + + it "should exist" do + Puppet::Parser::Functions.function("get_certificate").should == "function_get_certificate" + end + + it "should raise a ParseError if there is less than 1 argument" do + lambda { @scope.function_get_certificate([]) }.should(raise_error(Puppet::ParseError)) + end + + it "should raise a ParseError if the argument is empty" do + lambda { @scope.function_get_certificate([""]) }.should(raise_error(Puppet::ParseError)) + end + + it "should raise a ParseError if the argument contains strange characters" do + lambda { @scope.function_get_certificate(["%^&"]) }.should(raise_error(Puppet::ParseError)) + end + + it "should return a valid certificate if CA is local" do + Puppet[:ca] = true + Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" + result = @scope.function_get_certificate(["bob@mydomain.com"]) + result.should(eq(@sslcert)) + end + + it "should throw an error if CN is missing and CA is local" do + Puppet[:ca] = true + Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" + result = @scope.function_get_certificate(["missing@mydomain.com"]) + result.should(eq(:undef)) + end + + it "should return a valid certificate if CA is remote" do + Puppet[:ca] = false + Puppet[:ssldir] = "spec/master_config/ssl" + Puppet[:certname] = "puppetmaster" + + # Mock return + require 'ostruct' + http = OpenStruct.new + http.body = @sslcert + http.code = "200" + + # Intercept http start call + Net::HTTP.any_instance.expects(:start).returns(http) + + result = @scope.function_get_certificate(["bob@mydomain.com"]) + result.should(eq(@sslcert)) + end + + it "should throw an error if CN doesn't exist and CA is remote (stubbed)" do + Puppet[:ca] = false + Puppet[:ssldir] = "spec/master_config/ssl" + Puppet[:certname] = "puppetmaster" + + # Mock return + require 'ostruct' + http = OpenStruct.new + http.code = "404" + + # Intercept http start call + Net::HTTP.any_instance.expects(:start).returns(http) + + result = @scope.function_get_certificate(["missing@mydomain.com"]) + result.should(eq(:undef)) + end + + describe "real puppetmaster" do + before :all do + # Prepare fixture for puppetmaster + @master_tmp = tmpdir("get_certificate") + "/master_config" + FileUtils.cp_r("spec/master_config",@master_tmp) + + # Fork and start a puppetmaster + master_config = [ + "--config=/dev/null", + "--logdest=#{@master_tmp}/var/log/logfile", + "--confdir=#{@master_tmp}", + "--no-daemonize", + "--masterport=9354", + "--bindaddress=127.0.0.1", + "--vardir=#{@master_tmp}/var", + "--ssldir=#{@master_tmp}/ssl", + "--certname=puppetmaster", + "--user=#{ENV["USER"]}", +# "--debug", + ] + @master = Process.fork do + cmd = Puppet::Util::CommandLine.new("master", master_config) + Puppet::Plugins.on_application_intialization(:application_object => cmd) + app = Puppet::Application.find("master").new(cmd) + app.run + end + + # Wait 1 second for puppetmatser setup + # TODO: must be a better wait to check if master + # is listening first before proceeding. + sleep 1 + + Puppet::Parser::Functions.autoloader.loadall + end + + before :each do + # Standard puppet setup for each test + Puppet[:ca] = false + Puppet[:ssldir] = "#{@master_tmp}/ssl" + Puppet[:certname] = "puppetmaster" + Puppet[:ca_port] = "9354" + Puppet[:ca_server] = "127.0.0.1" + end + + after :all do + # Kill and reap puppetmaster + Process.kill("TERM", @master) + Process.wait(@master) + end + + it "should return a valid certificate if CA is remote" do + result = @scope.function_get_certificate(["bob@mydomain.com"]) + result.should(eq(@sslcert)) + end + + it "should throw an error if CN doesn't exist and CA is remote" do + result = @scope.function_get_certificate(["missing@mydomain.com"]) + result.should(eq(:undef)) + end + + it "should throw a connection refused message if CA is not running on port" do + Puppet[:ca_port] = "65111" + lambda { @scope.function_get_certificate(["missing@mydomain.com"]) }.should(raise_error(Puppet::Error)) + end + + it "should raise an exception if connection to CA times out" do + Puppet[:ca_server] = "10.254.254.254" + lambda { @scope.function_get_certificate(["missing@mydomain.com", { :conn_timeout => 1}]) }.should(raise_error(Puppet::Error)) + end + + end + +end diff --git a/spec/unit/puppet/parser/functions/get_pubkey_spec.rb b/spec/unit/puppet/parser/functions/get_pubkey_spec.rb new file mode 100755 index 0000000..e4cdd9f --- /dev/null +++ b/spec/unit/puppet/parser/functions/get_pubkey_spec.rb @@ -0,0 +1,54 @@ +#!/usr/bin/env rspec + +require 'spec_helper' +require 'net/http' +require 'thread' +require 'fileutils' + +describe "the get_pubkey function" do + include PuppetSpec::Files + + before :all do + Puppet::Parser::Functions.autoloader.loadall + end + + before :each do + @scope = Puppet::Parser::Scope.new + end + + it "should exist" do + Puppet::Parser::Functions.function("get_pubkey").should == "function_get_pubkey" + end + + it "should raise a ParseError if there is less than 1 argument" do + lambda { @scope.function_get_pubkey([]) }.should(raise_error(Puppet::ParseError)) + end + + it "should raise a ParseError if the argument is empty" do + lambda { @scope.function_get_pubkey([""]) }.should(raise_error(Puppet::ParseError)) + end + + it "should raise a ParseError if the argument contains strange characters" do + lambda { @scope.function_get_pubkey(["%^&"]) }.should(raise_error(Puppet::ParseError)) + end + + it "should return a valid certificate if CA is local" do + Puppet[:ca] = true + Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" + result = @scope.function_get_pubkey(["bob@mydomain.com"]) + result.should(eq(<<-EOS)) +-----BEGIN RSA PUBLIC KEY----- +MIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY9RalRM5j +Itm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAtOfxDeWmA +un+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMBAAE= +-----END RSA PUBLIC KEY----- +EOS + end + + it "should throw an error if CN is missing and CA is local" do + Puppet[:ca] = true + Puppet[:signeddir] = "spec/master_config/ssl/ca/signed/" + result = @scope.function_get_pubkey(["missing@mydomain.com"]) + result.should(eq(:undef)) + end +end |