Adding a simple unit test for mongrel, and adding the ability to select the header used to store the client SSL dn.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2558 980ebf18-57e1-0310-9a29-db15c13687c0

6 files changed, 79 insertions, 6 deletions

diff --git a/lib/puppet/configuration.rb b/lib/puppet/configuration.rb
index 5f078d951..02f62bbcb 100644
--- a/lib/puppet/configuration.rb
+++ b/lib/puppet/configuration.rb
@@ -309,7 +309,11 @@ module Puppet
         :ca => [true, "Wether the master should function as a certificate authority."],
         :modulepath => [ "$confdir/modules:/usr/share/puppet/modules",
            "The search path for modules as a colon-separated list of
-            directories." ]
+            directories." ],
+        :ssl_client_header => ["HTTP_X_CLIENT_DN", "The header containing an authenticated
+            client's SSL DN.  Only used with Mongrel.  This header must be set by the proxy
+            to the authenticated client's SSL DN (e.g., ``/CN=puppet.reductivelabs.com``).
+            See the `UsingMongrel`:trac: wiki page for more information."]
     )
 
     self.setdefaults(:puppetd,
diff --git a/lib/puppet/feature/base.rb b/lib/puppet/feature/base.rb
index b3c51cc70..98c285148 100644
--- a/lib/puppet/feature/base.rb
+++ b/lib/puppet/feature/base.rb
@@ -17,4 +17,7 @@ Puppet.features.add(:libshadow, :libs => ["shadow"])
 # We're running as root.
 Puppet.features.add(:root) { require 'puppet/util/suidmanager'; Puppet::Util::SUIDManager.uid == 0 }
 
+# We've got mongrel available
+Puppet.features.add(:mongrel, :libs => %w{rubygems mongrel})
+
 # $Id$
diff --git a/lib/puppet/network/server/mongrel.rb b/lib/puppet/network/server/mongrel.rb
index bfcf0da6f..c42a7fadd 100644
--- a/lib/puppet/network/server/mongrel.rb
+++ b/lib/puppet/network/server/mongrel.rb
@@ -47,8 +47,8 @@ require 'resolv'
 # handler = XmlRpcHandler.new
 # handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
 # </pre>
-module Puppet::Network::Server
-    class MongrelHandler < Mongrel::HttpHandler
+module Puppet::Network
+    class Server::Mongrel < ::Mongrel::HttpHandler
         attr_reader :xmlrpc_server
 
         def initialize(handlers)
@@ -114,7 +114,7 @@ module Puppet::Network::Server
         def client_info(request)
             params = request.params
             ip = params["REMOTE_ADDR"]
-            if dn = params["HTTP_X_CLIENT_DN"]
+            if dn = params[Puppet[:ssl_client_header]]
                 client = dn.sub("/CN=", '')
                 valid = true
             else
diff --git a/sbin/puppetmasterd b/sbin/puppetmasterd
index f290d6f1f..2409df6b4 100755
--- a/sbin/puppetmasterd
+++ b/sbin/puppetmasterd
@@ -250,7 +250,7 @@ begin
         server = Puppet::Network::Server::WEBrick.new(:Handlers => handlers)
     when "mongrel":
         require 'puppet/network/server/mongrel'
-        handler = Puppet::Network::Server::MongrelHandler.new(handlers)
+        handler = Puppet::Network::Server::Mongrel.new(handlers)
         addr = Puppet[:bindaddress]
         if addr == ""
             addr =  "127.0.0.1"
diff --git a/test/network/server/mongrel_test.rb b/test/network/server/mongrel_test.rb
new file mode 100755
index 000000000..992ac6940
--- /dev/null
+++ b/test/network/server/mongrel_test.rb
@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+
+$:.unshift("../../lib") if __FILE__ =~ /\.rb$/
+
+require 'puppettest'
+require 'puppet/network/server/mongrel'
+
+class TestMongrelServer < PuppetTest::TestCase
+    confine "Missing mongrel" => Puppet.features.mongrel?
+
+    include PuppetTest::ServerTest
+
+    def mkserver(handlers = nil)
+        handlers ||= { :Status => nil }
+        mongrel = Puppet::Network::Server::Mongrel.new(handlers)
+    end
+
+    # Make sure client info is correctly extracted.
+    def test_client_info
+        obj = Object.new
+        obj.metaclass.send(:attr_accessor, :params)
+        params = {}
+        obj.params = params
+
+        mongrel = mkserver
+
+        ip = Facter.value(:ipaddress)
+        params["REMOTE_ADDR"] = ip
+        params[Puppet[:ssl_client_header]] = "/CN=host.domain.com"
+
+        info = nil
+        assert_nothing_raised("Could not call client_info") do
+            info = mongrel.send(:client_info, obj)
+        end
+
+        assert(info.authenticated?, "Client info object was not marked valid even though the header was present")
+        assert_equal(ip, info.ip, "Did not copy over ip correctly")
+        assert_equal("host.domain.com", info.name, "Did not copy over hostname correctly")
+
+        # Now try it with a different header name
+        params.delete(Puppet[:ssl_client_header])
+        Puppet[:ssl_client_header] = "header_testing"
+        params["header_testing"] = "/CN=other.domain.com"
+        info = nil
+        assert_nothing_raised("Could not call client_info with other header") do
+            info = mongrel.send(:client_info, obj)
+        end
+
+        assert(info.authenticated?, "Client info object was not marked valid even though the header was present")
+        assert_equal(ip, info.ip, "Did not copy over ip correctly")
+        assert_equal("other.domain.com", info.name, "Did not copy over hostname correctly")
+
+        # Now make sure it's considered invalid without that header
+        params.delete("header_testing")
+        info = nil
+        assert_nothing_raised("Could not call client_info with no header") do
+            info = mongrel.send(:client_info, obj)
+        end
+
+        assert(! info.authenticated?, "Client info object was marked valid without header")
+        assert_equal(ip, info.ip, "Did not copy over ip correctly")
+        assert_equal(Resolv.getname(ip), info.name, "Did not look up hostname correctly")
+    end
+end
+
+# $Id$
diff --git a/test/network/server/webrick.rb b/test/network/server/webrick.rb
index bfa5cc3ef..3404a5089 100755
--- a/test/network/server/webrick.rb
+++ b/test/network/server/webrick.rb
@@ -5,7 +5,7 @@ $:.unshift("../../lib") if __FILE__ =~ /\.rb$/
 require 'puppettest'
 require 'puppet/network/server/webrick'
 
-class TestServer < Test::Unit::TestCase
+class TestWebrickServer < Test::Unit::TestCase
     include PuppetTest::ServerTest
 
     # Make sure we can create a server, and that it knows how to create its