diff options
| author | Nick Lewis <nick@puppetlabs.com> | 2011-04-12 10:46:12 -0700 |
|---|---|---|
| committer | Nick Lewis <nick@puppetlabs.com> | 2011-04-12 10:46:12 -0700 |
| commit | 665fabdb3e468d1ef38d689b9cb0d75b9d788f88 (patch) | |
| tree | 132493c5e8c01e240e34492ee5b06773e69ed906 /spec/unit | |
| parent | dce851cac79393f86950f4ebfc48b9ac67dcd8f7 (diff) | |
| parent | cb01221a0f7221dba60bc23c5a0be2a70466bcdc (diff) | |
| download | puppet-665fabdb3e468d1ef38d689b9cb0d75b9d788f88.tar.gz puppet-665fabdb3e468d1ef38d689b9cb0d75b9d788f88.tar.xz puppet-665fabdb3e468d1ef38d689b9cb0d75b9d788f88.zip | |
Merge branch 'ticket/next/3360' into next
Diffstat (limited to 'spec/unit')
| -rwxr-xr-x | spec/unit/indirector/certificate_request/ca_spec.rb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/spec/unit/indirector/certificate_request/ca_spec.rb b/spec/unit/indirector/certificate_request/ca_spec.rb index 508d187c1..08055e08b 100755 --- a/spec/unit/indirector/certificate_request/ca_spec.rb +++ b/spec/unit/indirector/certificate_request/ca_spec.rb @@ -5,9 +5,28 @@ require 'spec_helper' +require 'puppet/ssl/host' +require 'puppet/sslcertificates' +require 'puppet/sslcertificates/ca' require 'puppet/indirector/certificate_request/ca' describe Puppet::SSL::CertificateRequest::Ca do + include PuppetSpec::Files + + before :each do + Puppet[:ssldir] = tmpdir('ssl') + + Puppet::SSL::Host.ca_location = :local + Puppet[:localcacert] = Puppet[:cacert] + Puppet::SSLCertificates::CA.new.mkrootcert + + @ca = Puppet::SSL::CertificateAuthority.new + end + + after :all do + Puppet::SSL::Host.ca_location = :none + end + it "should have documentation" do Puppet::SSL::CertificateRequest::Ca.doc.should be_instance_of(String) end @@ -16,4 +35,30 @@ describe Puppet::SSL::CertificateRequest::Ca do Puppet.settings.expects(:value).with(:csrdir).returns "/request/dir" Puppet::SSL::CertificateRequest::Ca.collection_directory.should == "/request/dir" end + + it "should overwrite the previous certificate request if allow_duplicate_certs is true" do + Puppet[:allow_duplicate_certs] = true + host = Puppet::SSL::Host.new("foo") + host.generate_certificate_request + @ca.sign(host.name) + + Puppet::SSL::Host.indirection.find("foo").generate_certificate_request + + Puppet::SSL::Certificate.indirection.find("foo").name.should == "foo" + Puppet::SSL::CertificateRequest.indirection.find("foo").name.should == "foo" + Puppet::SSL::Host.indirection.find("foo").state.should == "requested" + end + + it "should reject a new certificate request if allow_duplicate_certs is false" do + Puppet[:allow_duplicate_certs] = false + host = Puppet::SSL::Host.new("bar") + host.generate_certificate_request + @ca.sign(host.name) + + expect { Puppet::SSL::Host.indirection.find("bar").generate_certificate_request }.should raise_error(/ignoring certificate request/) + + Puppet::SSL::Certificate.indirection.find("bar").name.should == "bar" + Puppet::SSL::CertificateRequest.indirection.find("bar").should be_nil + Puppet::SSL::Host.indirection.find("bar").state.should == "signed" + end end |