Fix for #2531; adds tests to confirm problem and related cases,

notes fixes specific issue by eliminating the specal case for
opaque strings which caused them to be strings when everything else
was arrays; adds nots and pending tests where FQDN support could be
added but stops short of a full refactor.

2 files changed, 97 insertions, 1 deletions

diff --git a/lib/puppet/network/authstore.rb b/lib/puppet/network/authstore.rb
index 306e1ba8a..4707f36a5 100755
--- a/lib/puppet/network/authstore.rb
+++ b/lib/puppet/network/authstore.rb
@@ -249,7 +249,7 @@ module Puppet
 
             # Does the name match our pattern?
             def matchname?(name)
-                name = munge_name(name) unless @name == :opaque
+                name = munge_name(name)
                 return true if self.pattern == name
 
                 # If it's an exact match, then just return false, since the
@@ -272,6 +272,7 @@ module Puppet
             # Convert the name to a common pattern.
             def munge_name(name)
                 # LAK:NOTE http://snurl.com/21zf8  [groups_google_com]
+                # Change to x = name.downcase.split(".",-1).reverse for FQDN support
                 x = name.downcase.split(".").reverse
             end
 
@@ -306,6 +307,7 @@ module Puppet
                         raise AuthStoreError, "Invalid IP address pattern %s" % value
                     end
                 when /^([a-zA-Z][-\w]*\.)+[-\w]+$/ # a full hostname
+                    # Change to /^([a-zA-Z][-\w]*\.)+[-\w]+\.?$/ for FQDN support
                     @name = :domain
                     @pattern = munge_name(value)
                 when /^\*(\.([a-zA-Z][-\w]*)){1,}$/ # *.domain.com
diff --git a/spec/unit/network/authstore.rb b/spec/unit/network/authstore.rb
new file mode 100644
index 000000000..224d67130
--- /dev/null
+++ b/spec/unit/network/authstore.rb
@@ -0,0 +1,94 @@
+#!/usr/bin/env ruby
+
+require File.dirname(__FILE__) + '/../../spec_helper'
+
+require 'puppet/network/authconfig'
+
+describe Puppet::Network::AuthStore::Declaration do
+
+    describe "when the pattern is simple numeric IP" do
+        before :each do
+            @ip = '100.101.99.98'
+            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,@ip)
+        end
+        it "should match the specified IP" do
+            @declaration.should be_match('www.testsite.org',@ip)
+        end
+        it "should not match other IPs" do
+            @declaration.should_not be_match('www.testsite.org','200.101.99.98')
+        end
+    end
+
+    describe "when the pattern is a numeric IP with a back reference" do
+        before :each do
+            @ip = '100.101.$1'
+            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,@ip).interpolate('12.34'.match /(.*)/)
+        end
+        it "should match an IP with the apropriate interpolation" do
+            @declaration.should be_match('www.testsite.org',@ip.sub(/\$1/,'12.34'))
+        end
+        it "should not match other IPs" do
+            @declaration.should_not be_match('www.testsite.org',@ip.sub(/\$1/,'66.34'))
+        end
+    end
+
+    describe "when the pattern is a PQDN" do
+        before :each do
+            @host = 'spirit.mars.nasa.gov'
+            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,@host)
+        end
+        it "should match the specified PQDN" do
+            pending "FQDN consensus"
+            @declaration.should be_match(@host,'200.101.99.98')
+        end
+        it "should not match a similar FQDN" do
+            pending "FQDN consensus"
+            @declaration.should_not be_match(@host+'.','200.101.99.98')
+        end
+    end
+
+    describe "when the pattern is a FQDN" do
+        before :each do
+            @host = 'spirit.mars.nasa.gov.'
+            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,@host)
+        end
+        it "should match the specified FQDN" do
+            pending "FQDN consensus"
+            @declaration.should be_match(@host,'200.101.99.98')
+        end
+        it "should not match a similar PQDN" do
+            pending "FQDN consensus"
+            @declaration.should_not be_match(@host[0..-2],'200.101.99.98')
+        end
+    end
+
+
+    describe "when the pattern is an opaque string with a back reference" do
+        before :each do
+            @host = 'c216f41a-f902-4bfb-a222-850dd957bebb'
+            @item = "/catalog/#{@host}"
+            @pattern = %{^/catalog/([^/]+)$}
+            @declaration = Puppet::Network::AuthStore::Declaration.new(:allow,'$1')
+        end
+        it "should match an IP with the apropriate interpolation" do
+            @declaration.interpolate(@item.match(@pattern)).should be_match(@host,'10.0.0.5')
+        end
+    end
+
+    describe "when comparing patterns" do
+        before :each do
+            @ip        = Puppet::Network::AuthStore::Declaration.new(:allow,'127.0.0.1')
+            @host_name = Puppet::Network::AuthStore::Declaration.new(:allow,'www.hard_knocks.edu')
+            @opaque    = Puppet::Network::AuthStore::Declaration.new(:allow,'hey_dude')
+        end
+        it "should consider ip addresses before host names" do
+            (@ip < @host_name).should be_true
+        end
+        it "should consider ip addresses before opaque strings" do
+            (@ip < @opaque).should be_true
+        end
+        it "should consider host_names before opaque strings" do
+            (@host_name < @opaque).should be_true
+        end
+    end
+end