puppet.git/spec/unit/network, branch ticket/master/7841 Puppet repo Disable spec tests for unsupported functionality on Windows 2011-08-19T20:52:57+00:00 Josh Cooper josh@puppetlabs.com 2011-07-22T19:34:05+00:00 eaa7d92f4017fcdae54e5f6addf1edd3a72fe384 Ruby does not support creating symlinks on Windows (though Windows does support them), and since the tidy spec test is designed to reproduce a specific bug (as opposed to testing symlink functionality on Windows) it has been disabled. Ruby on Windows also does not support File.chmod, so the inspect spec test has been disabled. The general issue of File.chmod on Windows is something I know needs to be investigated. Also disabled the cron spec test as this functionality will not be supported on Windows (instead there will be task manager support). Re-enable the autoload spec tests as those now pass on Windows (this is probably due to the cacher changes recently made). The inventory ssl spec is not supported on Windows and so is disabled. However, while researching the failure, it was due to Time.now.strftime("%Z") returning "Pacific Daylight Time" on Windows, instead of "PDT" like it does on other platforms. As a result, the split method was sometimes splitting in the wrong place. As far as I can tell, the inventory code is only called from the CA (to keep track of serial numbers for certs that it has issued). But it's something to watch out for on Windows when calling strftime. Webrick, fileserver and CA functionality are not supported on Windows so these spec tests are disabled. Also fix path issue with catalog spec. Also several spec tests were creating tempfiles manually and calling system("rm -rf ..."), these have been replaced with PuppetSpec::Files.tmpdir. Reviewed-by: Jacob Helwig <jacob@puppetlabs.com> (cherry picked from commit 75d2e62cab1de7677463c274892f8920cb7e0cbf) 
Ruby does not support creating symlinks on Windows (though Windows does
support them), and since the tidy spec test is designed to reproduce a
specific bug (as opposed to testing symlink functionality on Windows) it
has been disabled.

Ruby on Windows also does not support File.chmod, so the inspect spec
test has been disabled. The general issue of File.chmod on Windows is
something I know needs to be investigated.

Also disabled the cron spec test as this functionality will not be
supported on Windows (instead there will be task manager support).

Re-enable the autoload spec tests as those now pass on Windows (this is
probably due to the cacher changes recently made).

The inventory ssl spec is not supported on Windows and so is disabled.
However, while researching the failure, it was due to
Time.now.strftime("%Z") returning "Pacific Daylight Time" on Windows,
instead of "PDT" like it does on other platforms. As a result, the split
method was sometimes splitting in the wrong place.

As far as I can tell, the inventory code is only called from the CA (to
keep track of serial numbers for certs that it has issued). But it's
something to watch out for on Windows when calling strftime.

Webrick, fileserver and CA functionality are not supported on Windows so
these spec tests are disabled.

Also fix path issue with catalog spec.

Also several spec tests were creating tempfiles manually and calling
system("rm -rf ..."), these have been replaced with
PuppetSpec::Files.tmpdir.

Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 75d2e62cab1de7677463c274892f8920cb7e0cbf)
Remove Puppet::Network::HttpPool keep_alive handling 2011-08-19T20:50:15+00:00 Nick Lewis nick@puppetlabs.com 2011-07-19T22:19:10+00:00 3093047e07bdc69222c26d11aff50353f64c977d Keep alive has been disabled since 2008, and seems to have caused problems when it was enabled before then. Since there doesn't seem to be any push to get it working again, just remove it to simplify this code. This also allows us to entirely remove the usage of Puppet::Util::Cacher from HttpPool. Paired-With: Jacob Helwig <jacob@puppetlabs.com> (cherry picked from commit 185a666018c0cf0b2c497f655f942a82cd22e49e) 
Keep alive has been disabled since 2008, and seems to have caused problems when
it was enabled before then. Since there doesn't seem to be any push to get it
working again, just remove it to simplify this code.

This also allows us to entirely remove the usage of Puppet::Util::Cacher from
HttpPool.

Paired-With: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 185a666018c0cf0b2c497f655f942a82cd22e49e)
Maint: Tagged spec tests that are known to fail on Windows 2011-08-19T20:48:29+00:00 Josh Cooper josh@puppetlabs.com 2011-07-19T06:17:36+00:00 bdc9790b4e3a4312f56cb66cf550f7b98ce910e5 Many spec tests fail on Windows because there are no default providers implemented for Windows yet. Several others are failing due to Puppet::Util::Cacher not working correctly, so for now the tests that are known to fail are marked with :fails_on_windows => true. To skip these tests, you can run: rspec --tag ~fails_on_windows spec Reviewed-by: Jacob Helwig <jacob@puppetlabs.com> (cherry picked from commit 255c5b4663bd389d2c87a2d39ec350034421a6f0) Conflicts: spec/unit/resource/catalog_spec.rb 
Many spec tests fail on Windows because there are no default
providers implemented for Windows yet. Several others are
failing due to Puppet::Util::Cacher not working correctly,
so for now the tests that are known to fail are marked with
:fails_on_windows => true. To skip these tests, you can run:

  rspec --tag ~fails_on_windows spec

Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 255c5b4663bd389d2c87a2d39ec350034421a6f0)

Conflicts:

	spec/unit/resource/catalog_spec.rb
maint: remove inaccurate copyright and license statements. 2011-08-18T18:27:41+00:00 Daniel Pittman daniel@puppetlabs.com 2011-08-18T18:27:41+00:00 fd7332be5ca8ba78ff24a455fddad1713be779b5 For a while Luke, and other authors, injected a created tag, copyright statement, and "All rights reserved" into every new file they added to the Puppet project. This isn't really true, and we have a global license covering the code, so we have now stripped out all those old tags. Signed-off-by: Daniel Pittman <daniel@puppetlabs.com> 
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.

This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
(#8704) Give better errors for invalid fileserver.conf 2011-07-29T19:52:02+00:00 Matt Robinson matt@puppetlabs.com 2011-07-29T19:29:51+00:00 94f0b93b6065d1818f0f3b99d12d651655247c30 If you tried to just put an allow or deny line in the fileserver.conf without a mount point, you got a really confusing error message: lib/puppet/network/handler/fileserver.rb:285:in `readconfig': undefined method `info' for nil:NilClass (NoMethodError) Now instead we give an error saying no mount point was specified. Reviewed-by: Josh Cooper <josh@puppetlabs.com> 
If you tried to just put an allow or deny line in the fileserver.conf
without a mount point, you got a really confusing error message:

    lib/puppet/network/handler/fileserver.rb:285:in `readconfig': undefined method `info' for nil:NilClass (NoMethodError)

Now instead we give an error saying no mount point was specified.

Reviewed-by: Josh Cooper <josh@puppetlabs.com>
Deprecate RestAuthConfig#allowed? in favor of #check_authorization 2011-07-26T21:04:28+00:00 Brice Figureau brice-puppet@daysofwonder.com 2011-05-31T18:01:36+00:00 7e6fc0d80ccd29f206c3b56960ee1eef3afc33a3 #allowed? was a poorly named method since it isn't actually a predicate method. Instead of returning a boolean, this methods throws an exception when the access is denied (in order to keep the full context of what ACE triggered the deny). Given that #allowed? was overriding the behavior from AuthConfig, we leave a version of #allowed? in place that will issue a deprecation warning before delegating to #check_authorization. Once support for XML-RPC agents is removed from the master, we will be able to remove this delegation, since there should no longer be a reason for a distinction between AuthConfig and RestAuthConfig. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com> Signed-off-by: Jacob Helwig <jacob@puppetlabs.com> 
 #allowed? was a poorly named method since it isn't actually a predicate
method. Instead of returning a boolean, this methods throws an
exception when the access is denied (in order to keep the full context
of what ACE triggered the deny).

Given that #allowed? was overriding the behavior from AuthConfig, we
leave a version of #allowed? in place that will issue a deprecation
warning before delegating to #check_authorization.  Once support for
XML-RPC agents is removed from the master, we will be able to remove
this delegation, since there should no longer be a reason for a
distinction between AuthConfig and RestAuthConfig.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
Fix #6026 - security file should support inline comments 2011-07-26T21:04:28+00:00 Brice Figureau brice-puppet@daysofwonder.com 2011-05-30T18:31:14+00:00 6401dfe5602fd39cc59ec1f1b3822110e4ad864a Auth.conf, namespaceauth.conf and fileserver.conf were not supporting trailing inlined comments. Also this commit fixes some indentation and error management. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com> 
Auth.conf, namespaceauth.conf and fileserver.conf were not supporting
trailing inlined comments.
Also this commit fixes some indentation and error management.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Fix #5010 - Allow leading whitespace in auth.conf 2011-07-26T21:04:28+00:00 Brice Figureau brice-puppet@daysofwonder.com 2011-05-30T18:17:11+00:00 0c385f1fb436ab6f667693d347f711470305a019 The regex used to detect ACE is too lax and would allow trailing spaces to sneak in, which in turn would confuse the ACE parser. Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com> 
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
maint: Fix order dependent test failure 2011-05-31T17:34:14+00:00 Josh Cooper josh@puppetlabs.com 2011-05-31T17:34:14+00:00 2f8bc2688ee5a612e5a7f6381ba181f49857cc03 When running spec/unit/network/rights_spec.rb prior to spec/unit/network/authstore_spec.rb, test failures occur due to the AuthStore storing Declarations in current thread state. This is a temporary fix (explicitly clearing thread state for each test run) until the AuthStore can be modified to not rely on thread state. This commit is a follow up to 9834dcdd. Paired-with: Jacob Helwig <jacob@puppetlabs.com> 
When running spec/unit/network/rights_spec.rb prior to
spec/unit/network/authstore_spec.rb, test failures occur due to the
AuthStore storing Declarations in current thread state. This is a
temporary fix (explicitly clearing thread state for each test run) until
the AuthStore can be modified to not rely on thread state. This commit
is a follow up to 9834dcdd.

Paired-with: Jacob Helwig <jacob@puppetlabs.com>
(#5966) Add support for hostname regular expressions in auth.conf 2011-05-31T16:12:15+00:00 Siim Põder siim.poder@skype.net 2011-01-21T12:26:37+00:00 c02126df4804b42ecaca2cdff675be9c4e24aa54 When hosting multiple applications (especially with different security levels), you may not want to allow every client to read all the files required for every other client. Currently it is possible to do this when your host and domain names reasonably reflect that grouping, ex: hostXYZ.someapp.domain.com. However, if you have a more flat naming convention, it is difficult to write these ACLs. This patch adds support for matching hostnames with regular expressions, thus extending the ACLs to allow: path /file_content/secrets/appserver allow /appserver[0-9]+.example.com$/ path /file_content/secrets/otherservice allow /^(test-)crazy[0-9]+.pattern.(com|net)$/ Signed-off-by: Josh Cooper <josh@puppetlabs.com> Reviewed-by: Jacob Helwig <jacob@puppetlabs.com> 
When hosting multiple applications (especially with different security levels),
you may not want to allow every client to read all the files required for
every other client. Currently it is possible to do this when your host and
domain names reasonably reflect that grouping, ex: hostXYZ.someapp.domain.com.

However, if you have a more flat naming convention, it is difficult to write
these ACLs. This patch adds support for matching hostnames with regular
expressions, thus extending the ACLs to allow:

path /file_content/secrets/appserver
allow /appserver[0-9]+.example.com$/

path /file_content/secrets/otherservice
allow /^(test-)crazy[0-9]+.pattern.(com|net)$/

Signed-off-by: Josh Cooper <josh@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>