diff options
| author | Luke Kanies <luke@madstop.com> | 2009-01-23 16:10:58 -0600 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2009-02-06 18:08:41 -0600 |
| commit | b672790ff04022c043c9dc10d47ac82787ce5632 (patch) | |
| tree | 7e01363797184cac401f0edb388a694a9c725a3e | |
| parent | f78a5653ae1c0fe3931c4102ce32f640c80db158 (diff) | |
| download | puppet-b672790ff04022c043c9dc10d47ac82787ce5632.tar.gz puppet-b672790ff04022c043c9dc10d47ac82787ce5632.tar.xz puppet-b672790ff04022c043c9dc10d47ac82787ce5632.zip | |
Cleaning up SSL instances that can't be saved
If the SSL Host couldn't save a CSR or key, it would still
keep them in memory; this meant that, for instance, a CSR
that couldn't be saved to the server was never resent.
This commit removes in-memory instances that couldn't be saved,
thus forcing regeneration.
Signed-off-by: Luke Kanies <luke@madstop.com>
| -rw-r--r-- | lib/puppet/ssl/host.rb | 15 | ||||
| -rwxr-xr-x | spec/unit/ssl/host.rb | 23 |
2 files changed, 36 insertions, 2 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb index e8a98e9b8..ccb405f64 100644 --- a/lib/puppet/ssl/host.rb +++ b/lib/puppet/ssl/host.rb @@ -128,7 +128,12 @@ class Puppet::SSL::Host def generate_key @key = Key.new(name) @key.generate - @key.save + begin + @key.save + rescue + @key = nil + raise + end true end @@ -142,7 +147,13 @@ class Puppet::SSL::Host generate_key unless key @certificate_request = CertificateRequest.new(name) @certificate_request.generate(key.content) - @certificate_request.save + begin + @certificate_request.save + rescue + @certificate_request = nil + raise + end + return true end diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb index 0e06ae687..6a64daed7 100755 --- a/spec/unit/ssl/host.rb +++ b/spec/unit/ssl/host.rb @@ -267,6 +267,16 @@ describe Puppet::SSL::Host do @host.key.should equal(@key) end + it "should not retain keys that could not be saved" do + Puppet::SSL::Key.expects(:new).with("myname").returns(@key) + + @key.stubs(:generate) + @key.expects(:save).raises "eh" + + lambda { @host.generate_key }.should raise_error + @host.key.should be_nil + end + it "should return any previously found key without requerying" do Puppet::SSL::Key.expects(:find).with("myname").returns(@key).once @host.key.should equal(@key) @@ -323,6 +333,19 @@ describe Puppet::SSL::Host do @host.certificate_request.should equal(@request) @host.certificate_request.should equal(@request) end + + it "should not keep its certificate request in memory if the request cannot be saved" do + Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns @request + + key = stub 'key', :public_key => mock("public_key"), :content => "mycontent" + @host.stubs(:key).returns(key) + @request.stubs(:generate) + @request.expects(:save).raises "eh" + + lambda { @host.generate_certificate_request }.should raise_error + + @host.certificate_request.should be_nil + end end describe "when managing its certificate" do |