puppet.git/spec/integration/network, branch master Puppet repo Merge branch '2.7.x' 2011-07-26T23:15:38+00:00 Jacob Helwig jacob@puppetlabs.com 2011-07-26T23:15:38+00:00 5b167eba2b602f5c6c6c224790fa1eb56b239ad4 * 2.7.x: Deprecate RestAuthConfig#allowed? in favor of #check_authorization Fix #6026 - security file should support inline comments Fix #5010 - Allow leading whitespace in auth.conf Fix #5777 - rule interpolation broke auth.conf CIDR rules 
* 2.7.x:
  Deprecate RestAuthConfig#allowed? in favor of #check_authorization
  Fix #6026 - security file should support inline comments
  Fix #5010 - Allow leading whitespace in auth.conf
  Fix #5777 - rule interpolation broke auth.conf CIDR rules
Disable spec tests for unsupported functionality on Windows 2011-07-26T21:54:53+00:00 Josh Cooper josh@puppetlabs.com 2011-07-22T19:34:05+00:00 75d2e62cab1de7677463c274892f8920cb7e0cbf Ruby does not support creating symlinks on Windows (though Windows does support them), and since the tidy spec test is designed to reproduce a specific bug (as opposed to testing symlink functionality on Windows) it has been disabled. Ruby on Windows also does not support File.chmod, so the inspect spec test has been disabled. The general issue of File.chmod on Windows is something I know needs to be investigated. Also disabled the cron spec test as this functionality will not be supported on Windows (instead there will be task manager support). Re-enable the autoload spec tests as those now pass on Windows (this is probably due to the cacher changes recently made). The inventory ssl spec is not supported on Windows and so is disabled. However, while researching the failure, it was due to Time.now.strftime("%Z") returning "Pacific Daylight Time" on Windows, instead of "PDT" like it does on other platforms. As a result, the split method was sometimes splitting in the wrong place. As far as I can tell, the inventory code is only called from the CA (to keep track of serial numbers for certs that it has issued). But it's something to watch out for on Windows when calling strftime. Webrick, fileserver and CA functionality are not supported on Windows so these spec tests are disabled. Also fix path issue with catalog spec. Also several spec tests were creating tempfiles manually and calling system("rm -rf ..."), these have been replaced with PuppetSpec::Files.tmpdir. Reviewed-by: Jacob Helwig <jacob@puppetlabs.com> 
Ruby does not support creating symlinks on Windows (though Windows does
support them), and since the tidy spec test is designed to reproduce a
specific bug (as opposed to testing symlink functionality on Windows) it
has been disabled.

Ruby on Windows also does not support File.chmod, so the inspect spec
test has been disabled. The general issue of File.chmod on Windows is
something I know needs to be investigated.

Also disabled the cron spec test as this functionality will not be
supported on Windows (instead there will be task manager support).

Re-enable the autoload spec tests as those now pass on Windows (this is
probably due to the cacher changes recently made).

The inventory ssl spec is not supported on Windows and so is disabled.
However, while researching the failure, it was due to
Time.now.strftime("%Z") returning "Pacific Daylight Time" on Windows,
instead of "PDT" like it does on other platforms. As a result, the split
method was sometimes splitting in the wrong place.

As far as I can tell, the inventory code is only called from the CA (to
keep track of serial numbers for certs that it has issued). But it's
something to watch out for on Windows when calling strftime.

Webrick, fileserver and CA functionality are not supported on Windows so
these spec tests are disabled.

Also fix path issue with catalog spec.

Also several spec tests were creating tempfiles manually and calling
system("rm -rf ..."), these have been replaced with
PuppetSpec::Files.tmpdir.

Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
Deprecate RestAuthConfig#allowed? in favor of #check_authorization 2011-07-26T21:04:28+00:00 Brice Figureau brice-puppet@daysofwonder.com 2011-05-31T18:01:36+00:00 7e6fc0d80ccd29f206c3b56960ee1eef3afc33a3 #allowed? was a poorly named method since it isn't actually a predicate method. Instead of returning a boolean, this methods throws an exception when the access is denied (in order to keep the full context of what ACE triggered the deny). Given that #allowed? was overriding the behavior from AuthConfig, we leave a version of #allowed? in place that will issue a deprecation warning before delegating to #check_authorization. Once support for XML-RPC agents is removed from the master, we will be able to remove this delegation, since there should no longer be a reason for a distinction between AuthConfig and RestAuthConfig. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com> Signed-off-by: Jacob Helwig <jacob@puppetlabs.com> 
 #allowed? was a poorly named method since it isn't actually a predicate
method. Instead of returning a boolean, this methods throws an
exception when the access is denied (in order to keep the full context
of what ACE triggered the deny).

Given that #allowed? was overriding the behavior from AuthConfig, we
leave a version of #allowed? in place that will issue a deprecation
warning before delegating to #check_authorization.  Once support for
XML-RPC agents is removed from the master, we will be able to remove
this delegation, since there should no longer be a reason for a
distinction between AuthConfig and RestAuthConfig.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
Fix #6026 - security file should support inline comments 2011-07-26T21:04:28+00:00 Brice Figureau brice-puppet@daysofwonder.com 2011-05-30T18:31:14+00:00 6401dfe5602fd39cc59ec1f1b3822110e4ad864a Auth.conf, namespaceauth.conf and fileserver.conf were not supporting trailing inlined comments. Also this commit fixes some indentation and error management. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com> 
Auth.conf, namespaceauth.conf and fileserver.conf were not supporting
trailing inlined comments.
Also this commit fixes some indentation and error management.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Fix #5010 - Allow leading whitespace in auth.conf 2011-07-26T21:04:28+00:00 Brice Figureau brice-puppet@daysofwonder.com 2011-05-30T18:17:11+00:00 0c385f1fb436ab6f667693d347f711470305a019 The regex used to detect ACE is too lax and would allow trailing spaces to sneak in, which in turn would confuse the ACE parser. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com> 
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Fix #5777 - rule interpolation broke auth.conf CIDR rules 2011-07-26T21:04:28+00:00 Brice Figureau brice-puppet@daysofwonder.com 2011-05-30T18:08:19+00:00 8da0486c36e095e9a08b6f5a79abf3cabeba6603 Due to the interpolation performed to support regex back-references, various type of rules (mainly IP CIDR notations and wildcard hosts) were not working anymore. This patch adds an auth.conf integration test that covers most of the various rules types. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com> 
Due to the interpolation performed to support regex back-references,
various type of rules (mainly IP CIDR notations and wildcard hosts)
were not working anymore.

This patch adds an auth.conf integration test that covers most
of the various rules types.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Rework Puppet::Util::Cacher to only expire using TTLs 2011-07-22T03:10:28+00:00 Nick Lewis nick@puppetlabs.com 2011-07-21T18:53:06+00:00 d198fedf65e472b384666fc9ae3bef487852068a We have removed every usage of cached_attr in which the attribute needs to be manually expired. Thus, the only meaningful behavior provided by Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the cacher to only support that behavior. Rather than accepting an options hash, of which :ttl is the only available option, cached_attr now requires a second argument, which is the TTL. TTLs are now used to compute expirations, which are stored and used for expiring values. Previously, we stored a timestamp and used it and the TTL to determine whether the attribute was expired. This had the potentially undesirable side effect that the lifetime of a cached attribute could be extended after its insertion by modifying the TTL setting for the cache. Now, the lifetime of an attribute is determined when it is set, and is thereafter immutable, aside from deliberately re-setting the expiration for that particular attribute. Reviewed-By: Jacob Helwig <jacob@puppetlabs.com> 
We have removed every usage of cached_attr in which the attribute needs to be
manually expired. Thus, the only meaningful behavior provided by
Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the
cacher to only support that behavior.

Rather than accepting an options hash, of which :ttl is the only available
option, cached_attr now requires a second argument, which is the TTL.

TTLs are now used to compute expirations, which are stored and used for
expiring values. Previously, we stored a timestamp and used it and the TTL to
determine whether the attribute was expired. This had the potentially
undesirable side effect that the lifetime of a cached attribute could be
extended after its insertion by modifying the TTL setting for the cache. Now,
the lifetime of an attribute is determined when it is set, and is thereafter
immutable, aside from deliberately re-setting the expiration for that
particular attribute.

Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(#7507) Add ability to filter Ruby 1.9 spec failures 2011-05-17T16:57:26+00:00 Matt Robinson matt@puppetlabs.com 2011-05-16T23:10:21+00:00 9da1454e71b8330e929ac5616eefa44388c90832 By running: rspec spec --tag ~@fails_on_ruby_1.9.2 We can now just run the specs that pass under Ruby 1.9. Obviously in the long term we want to have all the specs passing, but until then we need notification when we regress. From now on new code will be required to pass under Ruby 1.9, and Jenkins will give us email notification if it doesn't or if we break something that was already working. Reviewed-by: Daniel Pittman <daniel@puppetlabs.com> 
By running:

    rspec spec --tag ~@fails_on_ruby_1.9.2

We can now just run the specs that pass under Ruby 1.9.  Obviously in
the long term we want to have all the specs passing, but until then we
need notification when we regress.  From now on new code will be
required to pass under Ruby 1.9, and Jenkins will give us email
notification if it doesn't or if we break something that was already
working.

Reviewed-by: Daniel Pittman <daniel@puppetlabs.com>
maint: clean up the spec test headers in bulk. 2011-04-13T07:36:38+00:00 Daniel Pittman daniel@puppetlabs.com 2011-04-13T07:35:11+00:00 db11770718c61f9ee3d5fcd703c5c0c7c05227ca We now use a shebang of: #!/usr/bin/env rspec This enables the direct execution of spec tests again, which was lost earlier during the transition to more directly using the rspec2 runtime environment. 
We now use a shebang of: #!/usr/bin/env rspec

This enables the direct execution of spec tests again, which was lost earlier
during the transition to more directly using the rspec2 runtime environment.
maint: just require 'spec_helper', thanks rspec2 2011-04-08T23:06:57+00:00 Daniel Pittman daniel@puppetlabs.com 2011-04-08T23:06:57+00:00 6ed00515e8614233160d74b1c32b75fab27ac722 rspec2 automatically sets a bunch of load-path stuff we were by hand, so we can just stop. As a side-effect we can now avoid a whole pile of stupid things to try and include the spec_helper.rb file... ...and then we can stop protecting spec_helper from evaluating twice, since we now require it with a consistent name. Yay. Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com> 
rspec2 automatically sets a bunch of load-path stuff we were by hand, so we
can just stop. As a side-effect we can now avoid a whole pile of stupid things
to try and include the spec_helper.rb file...

...and then we can stop protecting spec_helper from evaluating twice, since we
now require it with a consistent name.  Yay.

Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>