diff options
author | Luke Kanies <luke@madstop.com> | 2008-08-07 17:39:13 -0700 |
---|---|---|
committer | Luke Kanies <luke@madstop.com> | 2008-08-07 17:39:13 -0700 |
commit | 113d74aaa630f499c8b7989aac6680e22e8e38c8 (patch) | |
tree | 250783a4ef765ca37b70f98d6df6782f986d99ba /spec/integration/indirector | |
parent | 2cad30a18c5e0e4fb93603ab422c290a62d45131 (diff) | |
download | puppet-113d74aaa630f499c8b7989aac6680e22e8e38c8.tar.gz puppet-113d74aaa630f499c8b7989aac6680e22e8e38c8.tar.xz puppet-113d74aaa630f499c8b7989aac6680e22e8e38c8.zip |
Certificates now work over REST.
All of the format work is done, they all
support plaintext successfully, and I've got
integration tests that demonstrate that it
actually works.
Signed-off-by: Luke Kanies <luke@madstop.com>
Diffstat (limited to 'spec/integration/indirector')
3 files changed, 223 insertions, 0 deletions
diff --git a/spec/integration/indirector/certificate/rest.rb b/spec/integration/indirector/certificate/rest.rb new file mode 100755 index 000000000..0f14998d5 --- /dev/null +++ b/spec/integration/indirector/certificate/rest.rb @@ -0,0 +1,66 @@ +#!/usr/bin/env ruby + +Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } + +require 'puppet/ssl/certificate' +require 'puppet/network/server' +require 'puppet/network/http/webrick/rest' + +describe "Certificate REST Terminus" do + before do + Puppet[:masterport] = 34343 + Puppet[:server] = "localhost" + + # Get a safe temporary file + @tmpfile = Tempfile.new("webrick_integration_testing") + @dir = @tmpfile.path + "_dir" + + Puppet.settings[:confdir] = @dir + Puppet.settings[:vardir] = @dir + Puppet.settings[:server] = "127.0.0.1" + Puppet.settings[:masterport] = "34343" + Puppet.settings[:http_enable_post_connection_check] = false + + Puppet::Util::Cacher.invalidate + + Puppet[:servertype] = 'webrick' + Puppet[:server] = '127.0.0.1' + Puppet[:certname] = '127.0.0.1' + + # Generate the certificate with a local CA + Puppet::SSL::Host.ca_location = :local + ca = Puppet::SSL::CertificateAuthority.new + ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) + ca.generate("foo.madstop.com") unless Puppet::SSL::Certificate.find(Puppet[:certname]) + + @host = Puppet::SSL::Host.new(Puppet[:certname]) + + @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :certificate ] } + @server = Puppet::Network::Server.new(@params) + @server.listen + + # Then switch to a remote CA, so that we go through REST. + Puppet::SSL::Host.ca_location = :remote + + # LAK:NOTE We need to have a fake model here so that our indirected methods get + # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate + # return. + @mock_model = stub('faked model', :name => "certificate") + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + after do + Puppet::Network::HttpPool.instance_variable_set("@ssl_host", nil) + Puppet.settings.clear + @server.unlisten + end + + it "should be able to retrieve a remote certificate" do + @mock_model.expects(:find).returns @host.certificate + result = Puppet::SSL::Certificate.find('bar') + + # There's no good '==' method on certs. + result.content.to_s.should == @host.certificate.content.to_s + result.name.should == @host.certificate.name + end +end diff --git a/spec/integration/indirector/certificate_request/rest.rb b/spec/integration/indirector/certificate_request/rest.rb new file mode 100755 index 000000000..decd971dc --- /dev/null +++ b/spec/integration/indirector/certificate_request/rest.rb @@ -0,0 +1,86 @@ +#!/usr/bin/env ruby + +Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } + +require 'puppet/ssl/certificate_request' +require 'puppet/network/server' +require 'puppet/network/http/webrick/rest' + +describe "Certificate Request REST Terminus" do + before do + Puppet::Util::Cacher.invalidate + + Puppet[:masterport] = 34343 + Puppet[:server] = "localhost" + + # Get a safe temporary file + @tmpfile = Tempfile.new("webrick_integration_testing") + @dir = @tmpfile.path + "_dir" + + Puppet.settings[:confdir] = @dir + Puppet.settings[:vardir] = @dir + Puppet.settings[:server] = "127.0.0.1" + Puppet.settings[:masterport] = "34343" + Puppet.settings[:http_enable_post_connection_check] = false + + Puppet[:servertype] = 'webrick' + Puppet[:server] = '127.0.0.1' + Puppet[:certname] = '127.0.0.1' + + # Generate the certificate with a local CA + Puppet::SSL::Host.ca_location = :local + ca = Puppet::SSL::CertificateAuthority.new + ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) + + # Create the CSR and write it to disk + @host = Puppet::SSL::Host.new("foo.madstop.com") + @host.generate_certificate_request + + # Now remove the cached csr + Puppet::SSL::Host.ca_location = :none + Puppet::SSL::Host.destroy("foo.madstop.com") + + @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :certificate_request ] } + @server = Puppet::Network::Server.new(@params) + @server.listen + + # Then switch to a remote CA, so that we go through REST. + Puppet::SSL::Host.ca_location = :remote + + # LAK:NOTE We need to have a fake model here so that our indirected methods get + # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate + # return. + @mock_model = stub('faked model', :name => "certificate request") + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + after do + Puppet::Network::HttpPool.instance_variable_set("@ssl_host", nil) + Puppet.settings.clear + @server.unlisten + end + + it "should be able to save a certificate request to the CA" do + key = Puppet::SSL::Key.new("bar.madstop.com") + key.generate + + csr = Puppet::SSL::CertificateRequest.new("bar.madstop.com") + csr.generate(key.content) + + server_csr = mock 'csr' + server_csr.expects(:save) + @mock_model.expects(:convert_from).with("s", csr.content.to_s).returns server_csr + + csr.save + end + + it "should be able to retrieve a remote certificate request" do + # We're finding the cached value :/ + @mock_model.expects(:find).returns @host.certificate_request + result = Puppet::SSL::CertificateRequest.find('foo.madstop.com') + + # There's no good '==' method on certs. + result.content.to_s.should == @host.certificate_request.content.to_s + result.name.should == @host.certificate_request.name + end +end diff --git a/spec/integration/indirector/certificate_revocation_list/rest.rb b/spec/integration/indirector/certificate_revocation_list/rest.rb new file mode 100755 index 000000000..64c366d38 --- /dev/null +++ b/spec/integration/indirector/certificate_revocation_list/rest.rb @@ -0,0 +1,71 @@ +#!/usr/bin/env ruby + +Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } + +require 'puppet/ssl/certificate' +require 'puppet/network/server' +require 'puppet/network/http/webrick/rest' + +describe "Certificate REST Terminus" do + before do + Puppet[:masterport] = 34343 + Puppet[:server] = "localhost" + + # Get a safe temporary file + @tmpfile = Tempfile.new("webrick_integration_testing") + @dir = @tmpfile.path + "_dir" + + Puppet.settings[:confdir] = @dir + Puppet.settings[:vardir] = @dir + Puppet.settings[:server] = "127.0.0.1" + Puppet.settings[:masterport] = "34343" + Puppet.settings[:http_enable_post_connection_check] = false + + Puppet::Util::Cacher.invalidate + + Puppet[:servertype] = 'webrick' + Puppet[:server] = '127.0.0.1' + Puppet[:certname] = '127.0.0.1' + + # Generate the certificate with a local CA + Puppet::SSL::Host.ca_location = :local + ca = Puppet::SSL::CertificateAuthority.new + ca.generate(Puppet[:certname]) unless Puppet::SSL::Certificate.find(Puppet[:certname]) + + @params = { :address => "127.0.0.1", :port => 34343, :handlers => [ :certificate_revocation_list ] } + @server = Puppet::Network::Server.new(@params) + @server.listen + + # And make sure we've generated the CRL + @crl = ca.crl + + # Now remove the cached crl + Puppet::SSL::Host.ca_location = :none + Puppet::SSL::CertificateRevocationList.destroy("ca") + + puts Puppet::Network::HttpPool.ssl_host.ssl_store + + # Then switch to a remote CA, so that we go through REST. + Puppet::SSL::Host.ca_location = :remote + + # LAK:NOTE We need to have a fake model here so that our indirected methods get + # passed through REST; otherwise we'd be stubbing 'find', which would cause an immediate + # return. + @mock_model = stub('faked model', :name => "certificate") + Puppet::Network::HTTP::WEBrickREST.any_instance.stubs(:model).returns(@mock_model) + end + + after do + Puppet::Util::Cacher.invalidate + Puppet.settings.clear + @server.unlisten + end + + it "should be able to retrieve a remote CRL" do + @mock_model.expects(:find).returns @crl + result = Puppet::SSL::CertificateRevocationList.find('bar') + + # There's no good '==' method on certs. + result.content.to_s.should == @crl.content.to_s + end +end |