(#6972) Handle ca-location in the certificate string.

This ports the existing certificate location configuration to be a string
option, and then uses that to change the configuration.  This will leak state
between calls, which is somewhat unavoidable, but should at least get the
basic stuff right for the CLI.

We eventually need the CA string to be supported by a stateless internal CA
implementation that allows us to do the right thing  overall.

Reviewed-By: Dan Bode <dan@puppetlabs.com>

4 files changed, 41 insertions, 21 deletions

diff --git a/lib/puppet/application/certificate.rb b/lib/puppet/application/certificate.rb
index f4b13ffe0..eacb830b2 100644
--- a/lib/puppet/application/certificate.rb
+++ b/lib/puppet/application/certificate.rb
@@ -1,18 +1,10 @@
 require 'puppet/application/indirection_base'
 
 class Puppet::Application::Certificate < Puppet::Application::IndirectionBase
-
-  # Luke used to call this --ca but that's taken by the global boolean --ca.
-  # Since these options map CA terminology to indirector terminology, it's
-  # now called --ca-location.
-  option "--ca-location CA_LOCATION" do |arg|
-    Puppet::SSL::Host.ca_location = arg.to_sym
-  end
-
   def setup
-
-    unless Puppet::SSL::Host.ca_location
-      raise ArgumentError, "You must have a CA location specified; use --ca-location to specify the location (remote, local, only)"
+    unless options[:ca_location]
+      raise ArgumentError, "You must have a CA location specified;\n" +
+        "use --ca-location to specify the location (remote, local, only)"
     end
 
     location = Puppet::SSL::Host.ca_location
@@ -23,5 +15,4 @@ class Puppet::Application::Certificate < Puppet::Application::IndirectionBase
 
     super
   end
-
 end
diff --git a/lib/puppet/string/certificate.rb b/lib/puppet/string/certificate.rb
index b231cafb1..fdb0bc9f4 100644
--- a/lib/puppet/string/certificate.rb
+++ b/lib/puppet/string/certificate.rb
@@ -2,9 +2,24 @@ require 'puppet/string/indirector'
 require 'puppet/ssl/host'
 
 Puppet::String::Indirector.define(:certificate, '0.0.1') do
+  # REVISIT: This should use a pre-invoke hook to run the common code that
+  # needs to happen before we invoke any action; that would be much nicer than
+  # the "please repeat yourself" stuff found in here right now.
+  #
+  # option "--ca-location LOCATION" do
+  #   type [:whatever, :location, :symbols]
+  #   hook :before do |value|
+  #     Puppet::SSL::Host.ca_location = value
+  #   end
+  # end
+  #
+  # ...but should I pass the arguments as well?
+  # --daniel 2011-04-05
+  option "--ca-location LOCATION"
 
   action :generate do
     when_invoked do |name, options|
+      Puppet::SSL::Host.ca_location = options[:ca_location].to_sym
       host = Puppet::SSL::Host.new(name)
       host.generate_certificate_request
       host.certificate_request.class.indirection.save(host.certificate_request)
@@ -13,6 +28,7 @@ Puppet::String::Indirector.define(:certificate, '0.0.1') do
 
   action :list do
     when_invoked do |options|
+      Puppet::SSL::Host.ca_location = options[:ca_location].to_sym
       Puppet::SSL::Host.indirection.search("*", {
         :for => :certificate_request,
       }).map { |h| h.inspect }
@@ -21,6 +37,7 @@ Puppet::String::Indirector.define(:certificate, '0.0.1') do
 
   action :sign do
     when_invoked do |name, options|
+      Puppet::SSL::Host.ca_location = options[:ca_location].to_sym
       host = Puppet::SSL::Host.new(name)
       host.desired_state = 'signed'
       Puppet::SSL::Host.indirection.save(host)
diff --git a/spec/unit/application/certificate_spec.rb b/spec/unit/application/certificate_spec.rb
index 6666f54f7..3d2215ded 100755
--- a/spec/unit/application/certificate_spec.rb
+++ b/spec/unit/application/certificate_spec.rb
@@ -4,13 +4,17 @@ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper.rb')
 require 'puppet/application/certificate'
 
 describe Puppet::Application::Certificate do
-  it "should be a subclass of Puppet::Application::IndirectionBase" do
-    Puppet::Application::Certificate.superclass.should equal(
-      Puppet::Application::IndirectionBase
-    )
+  it "should have a 'ca-location' option" do
+    # REVISIT: This is delegated from the string, and we will have a test
+    # there, so is this actually a valuable test?
+    subject.command_line.stubs(:args).returns %w{list}
+    subject.preinit
+    subject.should respond_to(:handle_ca_location)
   end
 
-  it "should have a 'ca' option" do
-    Puppet::Application::Certificate.new.should respond_to(:handle_ca_location)
+  it "should accept the ca-location option" do
+    subject.command_line.stubs(:args).returns %w{--ca-location local list}
+    subject.preinit and subject.parse_options and subject.setup
+    subject.arguments.should == [{ :ca_location => "local" }]
   end
 end
diff --git a/spec/unit/string/certificate_spec.rb b/spec/unit/string/certificate_spec.rb
index f6d53688b..4afd581bf 100755
--- a/spec/unit/string/certificate_spec.rb
+++ b/spec/unit/string/certificate_spec.rb
@@ -1,6 +1,14 @@
-#!/usr/bin/env ruby
-
-require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper.rb')
+require 'puppet/ssl/host'
 
 describe Puppet::String[:certificate, '0.0.1'] do
+  it "should have a ca-location option" do
+    subject.should be_option :ca_location
+  end
+
+  it "should set the ca location when invoked" do
+    pending "The string itself is broken in this release."
+    Puppet::SSL::Host.expects(:ca_location=).with(:foo)
+    Puppet::SSL::Host.indirection.expects(:search)
+    subject.list :ca_location => :foo
+  end
 end