Puppet as a Rack application

This lays the ground: a wrapper for the REST handler, and an application
confirming to the Rack standard. Also includes a base class for Rack
handlers, as RackREST will not stay the only one, and there needs to be
a central place where client authentication data can be checked.

2 files changed, 265 insertions, 0 deletions

diff --git a/spec/unit/network/http/rack.rb b/spec/unit/network/http/rack.rb
new file mode 100755
index 000000000..3d5e4fe63
--- /dev/null
+++ b/spec/unit/network/http/rack.rb
@@ -0,0 +1,71 @@
+#!/usr/bin/env ruby
+
+require File.dirname(__FILE__) + '/../../../spec_helper'
+require 'puppet/network/http/rack'
+
+describe "Puppet::Network::HTTP::Rack" do
+    confine "Rack is not available" => Puppet.features.rack?
+
+    describe "while initializing" do
+
+        it "should require a protocol specification" do
+            Proc.new { Puppet::Network::HTTP::Rack.new({}) }.should raise_error(ArgumentError)
+        end
+
+        it "should not accept imaginary protocols" do
+            Proc.new { Puppet::Network::HTTP::Rack.new({:protocols => [:foo]}) }.should raise_error(ArgumentError)
+        end
+
+        it "should accept the REST protocol" do
+            Proc.new { Puppet::Network::HTTP::Rack.new({:protocols => [:rest]}) }.should_not raise_error(ArgumentError)
+        end
+
+        it "should create a RackREST instance" do
+            Puppet::Network::HTTP::RackREST.expects(:new)
+            Puppet::Network::HTTP::Rack.new({:protocols => [:rest]})
+        end
+
+    end
+
+    describe "when called" do
+
+        before :all do
+            @app = Puppet::Network::HTTP::Rack.new({:protocols => [:rest]})
+            # let's use Rack::Lint to verify that we're OK with the rack specification
+            @linted = Rack::Lint.new(@app)
+        end
+
+        before :each do
+            @env = Rack::MockRequest.env_for('/')
+        end
+
+        it "should create a Request object" do
+            request = Rack::Request.new(@env)
+            Rack::Request.expects(:new).returns request
+            @linted.call(@env)
+        end
+
+        it "should create a Response object" do
+            Rack::Response.expects(:new).returns stub_everything
+            @app.call(@env) # can't lint when Rack::Response is a stub
+        end
+
+        it "should let RackREST process the request" do
+            Puppet::Network::HTTP::RackREST.any_instance.expects(:process).once
+            @linted.call(@env)
+        end
+
+        it "should catch unhandled exceptions from RackREST" do
+            Puppet::Network::HTTP::RackREST.any_instance.expects(:process).raises(ArgumentError, 'test error')
+            Proc.new { @linted.call(@env) }.should_not raise_error
+        end
+
+        it "should finish() the Response" do
+            Rack::Response.any_instance.expects(:finish).once
+            @app.call(@env) # can't lint when finish is a stub
+        end
+
+    end
+
+end
+
diff --git a/spec/unit/network/http/rack/rest.rb b/spec/unit/network/http/rack/rest.rb
new file mode 100755
index 000000000..873483782
--- /dev/null
+++ b/spec/unit/network/http/rack/rest.rb
@@ -0,0 +1,194 @@
+#!/usr/bin/env ruby
+
+require File.dirname(__FILE__) + '/../../../../spec_helper'
+require 'puppet/network/http/rack'
+require 'puppet/network/http/rack/rest'
+
+describe "Puppet::Network::HTTP::RackREST" do
+    confine "Rack is not available" => Puppet.features.rack?
+
+    it "should include the Puppet::Network::HTTP::Handler module" do
+        Puppet::Network::HTTP::RackREST.ancestors.should be_include(Puppet::Network::HTTP::Handler)
+    end
+
+    describe "when initializing" do
+        it "should call the Handler's initialization hook with its provided arguments" do
+            Puppet::Network::HTTP::RackREST.any_instance.expects(:initialize_for_puppet).with(:server => "my", :handler => "arguments")
+            Puppet::Network::HTTP::RackREST.new(:server => "my", :handler => "arguments")
+        end
+    end
+
+    describe "when serving a request" do
+        before :all do
+            @model_class = stub('indirected model class')
+            Puppet::Indirector::Indirection.stubs(:model).with(:foo).returns(@model_class)
+            @handler = Puppet::Network::HTTP::RackREST.new(:handler => :foo)
+        end
+
+        before :each do
+            @response = Rack::Response.new()
+        end
+
+        def mk_req(uri, opts = {})
+            env = Rack::MockRequest.env_for(uri, opts)
+            Rack::Request.new(env)
+        end
+
+        describe "and using the HTTP Handler interface" do
+            it "should return the HTTP_ACCEPT parameter as the accept header" do
+                req = mk_req('/', 'HTTP_ACCEPT' => 'myaccept')
+                @handler.accept_header(req).should == "myaccept"
+            end
+
+            it "should use the REQUEST_METHOD as the http method" do
+                req = mk_req('/', :method => 'mymethod')
+                @handler.http_method(req).should == "mymethod"
+            end
+
+            it "should return the request path as the path" do
+                req = mk_req('/foo/bar')
+                @handler.path(req).should == "/foo/bar"
+            end
+
+            it "should return the request body as the body" do
+                req = mk_req('/foo/bar', :input => 'mybody')
+                @handler.body(req).should == "mybody"
+            end
+
+            it "should set the response's content-type header when setting the content type" do
+                @header = mock 'header'
+                @response.expects(:header).returns @header
+                @header.expects(:[]=).with('Content-Type', "mytype")
+
+                @handler.set_content_type(@response, "mytype")
+            end
+
+            it "should set the status and write the body when setting the response for a request" do
+                @response.expects(:status=).with(400)
+                @response.expects(:write).with("mybody")
+
+                @handler.set_response(@response, "mybody", 400)
+            end
+        end
+
+        describe "and determining the request parameters" do
+            it "should include the HTTP request parameters, with the keys as symbols" do
+                req = mk_req('/?foo=baz&bar=xyzzy')
+                result = @handler.params(req)
+                result[:foo].should == "baz"
+                result[:bar].should == "xyzzy"
+            end
+
+            it "should URI-decode the HTTP parameters" do
+                encoding = URI.escape("foo bar")
+                req = mk_req("/?foo=#{encoding}")
+                result = @handler.params(req)
+                result[:foo].should == "foo bar"
+            end
+
+            it "should convert the string 'true' to the boolean" do
+                req = mk_req("/?foo=true")
+                result = @handler.params(req)
+                result[:foo].should be_true
+            end
+
+            it "should convert the string 'false' to the boolean" do
+                req = mk_req("/?foo=false")
+                result = @handler.params(req)
+                result[:foo].should be_false
+            end
+
+            it "should convert integer arguments to Integers" do
+                req = mk_req("/?foo=15")
+                result = @handler.params(req)
+                result[:foo].should == 15
+            end
+
+            it "should convert floating point arguments to Floats" do
+                req = mk_req("/?foo=1.5")
+                result = @handler.params(req)
+                result[:foo].should == 1.5
+            end
+
+            it "should YAML-load and URI-decode values that are YAML-encoded" do
+                escaping = URI.escape(YAML.dump(%w{one two}))
+                req = mk_req("/?foo=#{escaping}")
+                result = @handler.params(req)
+                result[:foo].should == %w{one two}
+            end
+
+            it "should not allow the client to set the node via the query string" do
+                req = mk_req("/?node=foo")
+                @handler.params(req)[:node].should be_nil
+            end
+
+            it "should not allow the client to set the IP address via the query string" do
+                req = mk_req("/?ip=foo")
+                @handler.params(req)[:ip].should be_nil
+            end
+
+            it "should pass the client's ip address to model find" do
+                req = mk_req("/", 'REMOTE_ADDR' => 'ipaddress')
+                @handler.params(req)[:ip].should == "ipaddress"
+            end
+
+            it "should set 'authenticated' to false if no certificate is present" do
+                req = mk_req('/')
+                @handler.params(req)[:authenticated].should be_false
+            end
+        end
+
+        describe "with pre-validated certificates" do
+
+            it "should use the :ssl_client_header to determine the parameter when looking for the certificate" do
+                Puppet.settings.stubs(:value).returns "eh"
+                Puppet.settings.expects(:value).with(:ssl_client_header).returns "myheader"
+                req = mk_req('/', "myheader" => "/CN=host.domain.com")
+                @handler.params(req)
+            end
+
+            it "should retrieve the hostname by matching the certificate parameter" do
+                Puppet.settings.stubs(:value).returns "eh"
+                Puppet.settings.expects(:value).with(:ssl_client_header).returns "myheader"
+                req = mk_req('/', "myheader" => "/CN=host.domain.com")
+                @handler.params(req)[:node].should == "host.domain.com"
+            end
+
+            it "should use the :ssl_client_header to determine the parameter for checking whether the host certificate is valid" do
+                Puppet.settings.stubs(:value).with(:ssl_client_header).returns "certheader"
+                Puppet.settings.expects(:value).with(:ssl_client_verify_header).returns "myheader"
+                req = mk_req('/', "myheader" => "SUCCESS", "certheader" => "/CN=host.domain.com")
+                @handler.params(req)
+            end
+
+            it "should consider the host authenticated if the validity parameter contains 'SUCCESS'" do
+                Puppet.settings.stubs(:value).with(:ssl_client_header).returns "certheader"
+                Puppet.settings.stubs(:value).with(:ssl_client_verify_header).returns "myheader"
+                req = mk_req('/', "myheader" => "SUCCESS", "certheader" => "/CN=host.domain.com")
+                @handler.params(req)[:authenticated].should be_true
+            end
+
+            it "should consider the host unauthenticated if the validity parameter does not contain 'SUCCESS'" do
+                Puppet.settings.stubs(:value).with(:ssl_client_header).returns "certheader"
+                Puppet.settings.stubs(:value).with(:ssl_client_verify_header).returns "myheader"
+                req = mk_req('/', "myheader" => "whatever", "certheader" => "/CN=host.domain.com")
+                @handler.params(req)[:authenticated].should be_false
+            end
+
+            it "should consider the host unauthenticated if no certificate information is present" do
+                Puppet.settings.stubs(:value).with(:ssl_client_header).returns "certheader"
+                Puppet.settings.stubs(:value).with(:ssl_client_verify_header).returns "myheader"
+                req = mk_req('/', "myheader" => nil, "certheader" => "/CN=host.domain.com")
+                @handler.params(req)[:authenticated].should be_false
+            end
+
+            it "should resolve the node name with an ip address look-up if no certificate is present" do
+                Puppet.settings.stubs(:value).returns "eh"
+                Puppet.settings.expects(:value).with(:ssl_client_header).returns "myheader"
+                req = mk_req('/', "myheader" => nil)
+                @handler.expects(:resolve_node).returns("host.domain.com")
+                @handler.params(req)[:node].should == "host.domain.com"
+            end
+        end
+    end
+end