Merge branch '2.7.x'

8 files changed, 619 insertions, 43 deletions

diff --git a/spec/unit/face/ca_spec.rb b/spec/unit/face/ca_spec.rb
new file mode 100755
index 000000000..b8c82ce99
--- /dev/null
+++ b/spec/unit/face/ca_spec.rb
@@ -0,0 +1,355 @@
+#!/usr/bin/env rspec
+require 'spec_helper'
+require 'puppet/face'
+
+describe Puppet::Face[:ca, '0.1.0'] do
+  include PuppetSpec::Files
+
+  before :each do
+    Puppet.run_mode.stubs(:master?).returns(true)
+    Puppet[:ca]     = true
+    Puppet[:ssldir] = tmpdir("face-ca-ssldir")
+
+    Puppet::SSL::Host.ca_location = :only
+    Puppet[:certificate_revocation] = true
+
+    # This is way more intimate than I want to be with the implementation, but
+    # there doesn't seem any other way to test this. --daniel 2011-07-18
+    Puppet::SSL::CertificateAuthority.stubs(:instance).returns(
+        # ...and this actually does the directory creation, etc.
+        Puppet::SSL::CertificateAuthority.new
+    )
+  end
+
+  def make_certs(csr_names, crt_names)
+    Array(csr_names).map do |name|
+      Puppet::SSL::Host.new(name).generate_certificate_request
+    end
+
+    Array(crt_names).map do |name|
+      Puppet::SSL::Host.new(name).generate
+    end
+  end
+
+  context "#verify" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:verify) end
+
+    it "should not explode if there is no certificate" do
+      expect {
+        subject.verify('random-host').should == {
+          :host => 'random-host', :valid => false,
+          :error => 'Could not find a certificate for random-host'
+        }
+      }.should_not raise_error
+    end
+
+    it "should not explode if there is only a CSR" do
+      make_certs('random-host', [])
+      expect {
+        subject.verify('random-host').should == {
+          :host => 'random-host', :valid => false,
+          :error => 'Could not find a certificate for random-host'
+        }
+      }.should_not raise_error
+    end
+
+    it "should verify a signed certificate" do
+      make_certs([], 'random-host')
+      subject.verify('random-host').should == {
+        :host => 'random-host', :valid => true
+      }
+    end
+
+    it "should not verify a revoked certificate" do
+      make_certs([], 'random-host')
+      subject.revoke('random-host')
+
+      expect {
+        subject.verify('random-host').should == {
+          :host => 'random-host', :valid => false,
+          :error => 'certificate revoked'
+        }
+      }.should_not raise_error
+    end
+
+    it "should verify a revoked certificate if CRL use was turned off" do
+      make_certs([], 'random-host')
+      subject.revoke('random-host')
+
+      Puppet[:certificate_revocation] = false
+      subject.verify('random-host').should == {
+        :host => 'random-host', :valid => true
+      }
+    end
+  end
+
+  context "#fingerprint" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:fingerprint) end
+
+    it "should have a 'digest' option" do
+      action.should be_option :digest
+    end
+
+    it "should not explode if there is no certificate" do
+      expect {
+        subject.fingerprint('random-host').should be_nil
+      }.should_not raise_error
+    end
+
+    it "should fingerprint a CSR" do
+      make_certs('random-host', [])
+      expect {
+        subject.fingerprint('random-host').should =~ /^[0-9A-F:]+$/
+      }.should_not raise_error
+    end
+
+    it "should fingerprint a certificate" do
+      make_certs([], 'random-host')
+      subject.fingerprint('random-host').should =~ /^[0-9A-F:]+$/
+    end
+
+    %w{md5 MD5 sha1 ShA1 SHA1 RIPEMD160 sha256 sha512}.each do |digest|
+      it "should fingerprint with #{digest.inspect}" do
+        make_certs([], 'random-host')
+        subject.fingerprint('random-host', :digest => digest).should =~ /^[0-9A-F:]+$/
+      end
+
+      it "should fingerprint with #{digest.to_sym} as a symbol" do
+        make_certs([], 'random-host')
+        subject.fingerprint('random-host', :digest => digest.to_sym).
+          should =~ /^[0-9A-F:]+$/
+      end
+    end
+  end
+
+  context "#print" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:print) end
+
+    it "should not explode if there is no certificate" do
+      expect {
+        subject.print('random-host').should be_nil
+      }.should_not raise_error
+    end
+
+    it "should return nothing if there is only a CSR" do
+      make_certs('random-host', [])
+      expect {
+        subject.print('random-host').should be_nil
+      }.should_not raise_error
+    end
+
+    it "should return the certificate content if there is a cert" do
+      make_certs([], 'random-host')
+      text = subject.print('random-host')
+      text.should be_an_instance_of String
+      text.should =~ /^Certificate:/
+      text.should =~ /Issuer: CN=Puppet CA: /
+      text.should =~ /Subject: CN=random-host$/
+    end
+  end
+
+  context "#sign" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:sign) end
+
+    it "should not explode if there is no CSR" do
+      expect {
+        subject.sign('random-host').
+          should == 'Could not find certificate request for random-host'
+      }.should_not raise_error
+    end
+
+    it "should not explode if there is a signed cert" do
+      make_certs([], 'random-host')
+      expect {
+        subject.sign('random-host').
+          should == 'Could not find certificate request for random-host'
+      }.should_not raise_error
+    end
+
+    it "should sign a CSR if one exists" do
+      make_certs('random-host', [])
+      subject.sign('random-host').should be_an_instance_of Puppet::SSL::Certificate
+
+      list = subject.list(:signed => true)
+      list.length.should == 1
+      list.first.name.should == 'random-host'
+    end
+  end
+
+  context "#generate" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:generate) end
+
+    it "should generate a certificate if requested" do
+      subject.list(:all => true).should == []
+
+      subject.generate('random-host')
+
+      list = subject.list(:signed => true)
+      list.length.should == 1
+      list.first.name.should == 'random-host'
+    end
+
+    it "should not explode if a CSR with that name already exists" do
+      make_certs('random-host', [])
+      expect {
+        subject.generate('random-host').should =~ /already has a certificate request/
+      }.should_not raise_error
+    end
+
+    it "should not explode if the certificate with that name already exists" do
+      make_certs([], 'random-host')
+      expect {
+        subject.generate('random-host').should =~ /already has a certificate/
+      }.should_not raise_error
+    end
+  end
+
+  context "#revoke" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:revoke) end
+
+    it "should not explode when asked to revoke something that doesn't exist" do
+      expect { subject.revoke('nonesuch') }.should_not raise_error
+    end
+
+    it "should let the user know what went wrong" do
+      subject.revoke('nonesuch').should == 'Nothing was revoked'
+    end
+
+    it "should revoke a certificate" do
+      make_certs([], 'random-host')
+      found = subject.list(:all => true, :subject => 'random-host')
+      subject.get_action(:list).when_rendering(:console).call(found).
+        should =~ /^\+ random-host/
+
+      subject.revoke('random-host')
+
+      found = subject.list(:all => true, :subject => 'random-host')
+      subject.get_action(:list).when_rendering(:console).call(found).
+        should =~ /^- random-host  \([:0-9A-F]+\) \(certificate revoked\)/
+    end
+  end
+
+  context "#destroy" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:destroy) end
+
+    it "should not explode when asked to delete something that doesn't exist" do
+      expect { subject.destroy('nonesuch') }.should_not raise_error
+    end
+
+    it "should let the user know if nothing was deleted" do
+      subject.destroy('nonesuch').should == "Nothing was deleted"
+    end
+
+    it "should destroy a CSR, if we have one" do
+      make_certs('random-host', [])
+      subject.list(:pending => true, :subject => 'random-host').should_not == []
+
+      subject.destroy('random-host')
+
+      subject.list(:pending => true, :subject => 'random-host').should == []
+    end
+
+    it "should destroy a certificate, if we have one" do
+      make_certs([], 'random-host')
+      subject.list(:signed => true, :subject => 'random-host').should_not == []
+
+      subject.destroy('random-host')
+
+      subject.list(:signed => true, :subject => 'random-host').should == []
+    end
+
+    it "should tell the user something was deleted" do
+      make_certs([], 'random-host')
+      subject.list(:signed => true, :subject => 'random-host').should_not == []
+      subject.destroy('random-host').
+        should == "Deleted for random-host: Puppet::SSL::Certificate, Puppet::SSL::Key"
+    end
+  end
+
+  context "#list" do
+    let :action do Puppet::Face[:ca, '0.1.0'].get_action(:list) end
+
+    context "options" do
+      subject { Puppet::Face[:ca, '0.1.0'].get_action(:list) }
+      it { should be_option :pending }
+      it { should be_option :signed  }
+      it { should be_option :all     }
+      it { should be_option :subject }
+    end
+
+    context "with no hosts in CA" do
+      [:pending, :signed, :all].each do |type|
+        it "should return nothing for #{type}" do
+          subject.list(type => true).should == []
+        end
+
+        it "should not fail when a matcher is passed" do
+          expect {
+            subject.list(type => true, :subject => '.').should == []
+          }.should_not raise_error
+        end
+      end
+    end
+
+    context "with some hosts" do
+      csr_names = (1..3).map {|n| "csr-#{n}" }
+      crt_names = (1..3).map {|n| "crt-#{n}" }
+      all_names = csr_names + crt_names
+
+      {
+        {}                                    => csr_names,
+        { :pending => true                  } => csr_names,
+
+        { :signed  => true                  } => crt_names,
+
+        { :all     => true                  } => all_names,
+        { :pending => true, :signed => true } => all_names,
+      }.each do |input, expect|
+        it "should map #{input.inspect} to #{expect.inspect}" do
+          make_certs(csr_names, crt_names)
+          subject.list(input).map(&:name).should =~ expect
+        end
+
+        ['', '.', '2', 'none'].each do |pattern|
+          filtered = expect.select {|x| Regexp.new(pattern).match(x) }
+
+          it "should filter all hosts matching #{pattern.inspect} to #{filtered.inspect}" do
+            make_certs(csr_names, crt_names)
+            subject.list(input.merge :subject => pattern).map(&:name).should =~ filtered
+          end
+        end
+      end
+
+      context "when_rendering :console" do
+        { [["csr1.local"], []] => '^  csr1.local ',
+          [[], ["crt1.local"]] => '^\+ crt1.local ',
+          [["csr2"], ["crt2"]] => ['^  csr2 ', '^\+ crt2 ']
+        }.each do |input, pattern|
+          it "should render #{input.inspect} to match #{pattern.inspect}" do
+            make_certs(*input)
+            text = action.when_rendering(:console).call(subject.list(:all => true))
+            Array(pattern).each do |item|
+              text.should =~ Regexp.new(item)
+            end
+          end
+        end
+      end
+    end
+  end
+
+  actions = %w{destroy list revoke generate sign print verify fingerprint}
+  actions.each do |action|
+    it { should be_action action }
+    it "should fail #{action} when not a CA" do
+      Puppet[:ca] = false
+      expect {
+        case subject.method(action).arity
+        when -1 then subject.send(action)
+        when -2 then subject.send(action, 'dummy')
+        else
+          raise "#{action} has arity #{subject.method(action).arity}"
+        end
+      }.should raise_error(/Not a CA/)
+    end
+  end
+end
diff --git a/spec/unit/indirector/certificate_status/file_spec.rb b/spec/unit/indirector/certificate_status/file_spec.rb
index 897fe0716..c5d4e283f 100755
--- a/spec/unit/indirector/certificate_status/file_spec.rb
+++ b/spec/unit/indirector/certificate_status/file_spec.rb
@@ -7,6 +7,10 @@ require 'tempfile'
 describe "Puppet::Indirector::CertificateStatus::File", :fails_on_windows => true do
   include PuppetSpec::Files
 
+  before :all do
+    Puppet::SSL::Host.configure_indirection(:file)
+  end
+
   before do
     Puppet::SSL::CertificateAuthority.stubs(:ca?).returns true
     @terminus = Puppet::SSL::Host.indirection.terminus(:file)
diff --git a/spec/unit/interface/action_spec.rb b/spec/unit/interface/action_spec.rb
index cf8d61d51..23216e7b4 100755
--- a/spec/unit/interface/action_spec.rb
+++ b/spec/unit/interface/action_spec.rb
@@ -171,6 +171,16 @@ describe Puppet::Interface::Action do
       face.get_action(:foo).options.should =~ [:bar]
     end
 
+    it "should only list options and not aliases" do
+      face = Puppet::Interface.new(:action_level_options, '0.0.1') do
+        action :foo do
+          when_invoked do |options| true end
+          option "--bar", "-b", "--foo-bar"
+        end
+      end
+      face.get_action(:foo).options.should =~ [:bar]
+    end
+
     describe "with both face and action options" do
       let :face do
         Puppet::Interface.new(:action_level_options, '0.0.1') do
diff --git a/spec/unit/interface/face_collection_spec.rb b/spec/unit/interface/face_collection_spec.rb
index 4ad8787c5..98887a778 100755
--- a/spec/unit/interface/face_collection_spec.rb
+++ b/spec/unit/interface/face_collection_spec.rb
@@ -25,39 +25,9 @@ describe Puppet::Interface::FaceCollection do
     @original_required.each {|f| $".push f unless $".include? f }
   end
 
-  describe "::prefix_match?" do
-    #   want     have
-    { ['1.0.0', '1.0.0'] => true,
-      ['1.0',   '1.0.0'] => true,
-      ['1',     '1.0.0'] => true,
-      ['1.0.0', '1.1.0'] => false,
-      ['1.0',   '1.1.0'] => false,
-      ['1',     '1.1.0'] => true,
-      ['1.0.1', '1.0.0'] => false,
-    }.each do |data, result|
-      it "should return #{result.inspect} for prefix_match?(#{data.join(', ')})" do
-        subject.prefix_match?(*data).should == result
-      end
-    end
-  end
-
-  describe "::validate_version" do
-    { '10.10.10'     => true,
-      '1.2.3.4'      => false,
-      '10.10.10beta' => true,
-      '10.10'        => false,
-      '123'          => false,
-      'v1.1.1'       => false,
-    }.each do |input, result|
-      it "should#{result ? '' : ' not'} permit #{input.inspect}" do
-        subject.validate_version(input).should(result ? be_true : be_false)
-      end
-    end
-  end
-
   describe "::[]" do
     before :each do
-      subject.instance_variable_get("@faces")[:foo]['0.0.1'] = 10
+      subject.instance_variable_get("@faces")[:foo][SemVer.new('0.0.1')] = 10
     end
 
     it "should return the face with the given name" do
@@ -75,13 +45,13 @@ describe Puppet::Interface::FaceCollection do
     end
 
     it "should return true if the face specified is registered" do
-      subject.instance_variable_get("@faces")[:foo]['0.0.1'] = 10
+      subject.instance_variable_get("@faces")[:foo][SemVer.new('0.0.1')] = 10
       subject["foo", '0.0.1'].should == 10
     end
 
     it "should attempt to require the face if it is not registered" do
       subject.expects(:require).with do |file|
-        subject.instance_variable_get("@faces")[:bar]['0.0.1'] = true
+        subject.instance_variable_get("@faces")[:bar][SemVer.new('0.0.1')] = true
         file == 'puppet/face/bar'
       end
       subject["bar", '0.0.1'].should be_true
@@ -131,7 +101,9 @@ describe Puppet::Interface::FaceCollection do
     it "should store the face by name" do
       face = Puppet::Face.new(:my_face, '0.0.1')
       subject.register(face)
-      subject.instance_variable_get("@faces").should == {:my_face => {'0.0.1' => face}}
+      subject.instance_variable_get("@faces").should == {
+        :my_face => { face.version => face }
+      }
     end
   end
 
diff --git a/spec/unit/interface_spec.rb b/spec/unit/interface_spec.rb
index 8bbbcc857..4cb1f8743 100755
--- a/spec/unit/interface_spec.rb
+++ b/spec/unit/interface_spec.rb
@@ -174,6 +174,14 @@ describe Puppet::Interface do
       face.get_action(:foo).options.should =~ [:quux]
       face.get_action(:bar).options.should =~ [:quux]
     end
+
+    it "should only list options and not aliases" do
+      face = subject.new(:face_options, '0.0.1') do
+        option "--bar", "-b", "--foo-bar"
+      end
+      face.options.should =~ [:bar]
+    end
+
   end
 
   describe "with inherited options" do
diff --git a/spec/unit/module_spec.rb b/spec/unit/module_spec.rb
index d1d01a1aa..a0f64c6d3 100755
--- a/spec/unit/module_spec.rb
+++ b/spec/unit/module_spec.rb
@@ -505,12 +505,38 @@ describe Puppet::Module do
     mod.metadata_file.should == mod.metadata_file
   end
 
-  it "should know if it has a metadata file" do
+  it "should have metadata if it has a metadata file and its data is not empty" do
     FileTest.expects(:exist?).with(@module.metadata_file).returns true
+    File.stubs(:read).with(@module.metadata_file).returns "{\"foo\" : \"bar\"}"
 
     @module.should be_has_metadata
   end
 
+  it "should have metadata if it has a metadata file and its data is not empty" do
+    FileTest.expects(:exist?).with(@module.metadata_file).returns true
+    File.stubs(:read).with(@module.metadata_file).returns "{\"foo\" : \"bar\"}"
+
+    @module.should be_has_metadata
+  end
+
+  it "should not have metadata if has a metadata file and its data is empty" do
+    FileTest.expects(:exist?).with(@module.metadata_file).returns true
+    File.stubs(:read).with(@module.metadata_file).returns "/*
++-----------------------------------------------------------------------+
+|                                                                       |
+|                    ==> DO NOT EDIT THIS FILE! <==                     |
+|                                                                       |
+|   You should edit the `Modulefile` and run `puppet-module build`      |
+|   to generate the `metadata.json` file for your releases.             |
+|                                                                       |
++-----------------------------------------------------------------------+
+*/
+
+{}"
+
+    @module.should_not be_has_metadata
+  end
+
   it "should know if it is missing a metadata file" do
     FileTest.expects(:exist?).with(@module.metadata_file).returns false
 
@@ -528,16 +554,16 @@ describe Puppet::Module do
     Puppet::Module.new("yay")
   end
 
-  describe "when loading the medatada file", :if => Puppet.features.json? do
+  describe "when loading the medatada file", :if => Puppet.features.pson? do
     before do
       @data = {
-        :license => "GPL2",
-        :author => "luke",
-        :version => "1.0",
-        :source => "http://foo/",
+        :license       => "GPL2",
+        :author        => "luke",
+        :version       => "1.0",
+        :source        => "http://foo/",
         :puppetversion => "0.25"
       }
-      @text = @data.to_json
+      @text = @data.to_pson
 
       @module = Puppet::Module.new("foo")
       @module.stubs(:metadata_file).returns "/my/file"
@@ -552,9 +578,12 @@ describe Puppet::Module do
 
       it "should fail if #{attr} is not present in the metadata file" do
         @data.delete(attr.to_sym)
-        @text = @data.to_json
+        @text = @data.to_pson
         File.stubs(:read).with("/my/file").returns @text
-        lambda { @module.load_metadata }.should raise_error(Puppet::Module::MissingMetadata)
+        lambda { @module.load_metadata }.should raise_error(
+          Puppet::Module::MissingMetadata,
+          "No #{attr} module metadata provided for foo"
+        )
       end
     end
 
diff --git a/spec/unit/semver_spec.rb b/spec/unit/semver_spec.rb
new file mode 100644
index 000000000..0e0457b6e
--- /dev/null
+++ b/spec/unit/semver_spec.rb
@@ -0,0 +1,187 @@
+require 'spec_helper'
+require 'semver'
+
+describe SemVer do
+  describe '::valid?' do
+    it 'should validate basic version strings' do
+      %w[ 0.0.0 999.999.999 v0.0.0 v999.999.999 ].each do |vstring|
+        SemVer.valid?(vstring).should be_true
+      end
+    end
+
+    it 'should validate special version strings' do
+      %w[ 0.0.0foo 999.999.999bar v0.0.0a v999.999.999beta ].each do |vstring|
+        SemVer.valid?(vstring).should be_true
+      end
+    end
+
+    it 'should fail to validate invalid version strings' do
+      %w[ nope 0.0foo 999.999 x0.0.0 z.z.z 1.2.3-beta 1.x.y ].each do |vstring|
+        SemVer.valid?(vstring).should be_false
+      end
+    end
+  end
+
+  describe '::find_matching' do
+    before :all do
+      @versions = %w[
+        0.0.1
+        0.0.2
+        1.0.0rc1
+        1.0.0rc2
+        1.0.0
+        1.0.1
+        1.1.0
+        1.1.1
+        1.1.2
+        1.1.3
+        1.1.4
+        1.2.0
+        1.2.1
+        2.0.0rc1
+      ].map { |v| SemVer.new(v) }
+    end
+
+    it 'should match exact versions by string' do
+      @versions.each do |version|
+        SemVer.find_matching(version, @versions).should == version
+      end
+    end
+
+    it 'should return nil if no versions match' do
+      %w[ 3.0.0 2.0.0rc2 1.0.0alpha ].each do |v|
+        SemVer.find_matching(v, @versions).should be_nil
+      end
+    end
+
+    it 'should find the greatest match for partial versions' do
+      SemVer.find_matching('1.0', @versions).should == 'v1.0.1'
+      SemVer.find_matching('1.1', @versions).should == 'v1.1.4'
+      SemVer.find_matching('1', @versions).should   == 'v1.2.1'
+      SemVer.find_matching('2', @versions).should   == 'v2.0.0rc1'
+      SemVer.find_matching('2.1', @versions).should == nil
+    end
+
+
+    it 'should find the greatest match for versions with placeholders' do
+      SemVer.find_matching('1.0.x', @versions).should == 'v1.0.1'
+      SemVer.find_matching('1.1.x', @versions).should == 'v1.1.4'
+      SemVer.find_matching('1.x', @versions).should   == 'v1.2.1'
+      SemVer.find_matching('1.x.x', @versions).should == 'v1.2.1'
+      SemVer.find_matching('2.x', @versions).should   == 'v2.0.0rc1'
+      SemVer.find_matching('2.x.x', @versions).should == 'v2.0.0rc1'
+      SemVer.find_matching('2.1.x', @versions).should == nil
+    end
+  end
+
+  describe 'instantiation' do
+    it 'should raise an exception when passed an invalid version string' do
+      expect { SemVer.new('invalidVersion') }.to raise_exception ArgumentError
+    end
+
+    it 'should populate the appropriate fields for a basic version string' do
+      version = SemVer.new('1.2.3')
+      version.major.should   == 1
+      version.minor.should   == 2
+      version.tiny.should    == 3
+      version.special.should == ''
+    end
+
+    it 'should populate the appropriate fields for a special version string' do
+      version = SemVer.new('3.4.5beta6')
+      version.major.should   == 3
+      version.minor.should   == 4
+      version.tiny.should    == 5
+      version.special.should == 'beta6'
+    end
+  end
+
+  describe '#matched_by?' do
+    subject { SemVer.new('v1.2.3beta') }
+
+    describe 'should match against' do
+      describe 'literal version strings' do
+        it { should be_matched_by('1.2.3beta') }
+
+        it { should_not be_matched_by('1.2.3alpha') }
+        it { should_not be_matched_by('1.2.4beta') }
+        it { should_not be_matched_by('1.3.3beta') }
+        it { should_not be_matched_by('2.2.3beta') }
+      end
+
+      describe 'partial version strings' do
+        it { should be_matched_by('1.2.3') }
+        it { should be_matched_by('1.2') }
+        it { should be_matched_by('1') }
+      end
+
+      describe 'version strings with placeholders' do
+        it { should be_matched_by('1.2.x') }
+        it { should be_matched_by('1.x.3') }
+        it { should be_matched_by('1.x.x') }
+        it { should be_matched_by('1.x') }
+      end
+    end
+  end
+
+  describe 'comparisons' do
+    describe 'against a string' do
+      it 'should just work' do
+        SemVer.new('1.2.3').should == '1.2.3'
+      end
+    end
+
+    describe 'against a symbol' do
+      it 'should just work' do
+        SemVer.new('1.2.3').should == :'1.2.3'
+      end
+    end
+
+    describe 'on a basic version (v1.2.3)' do
+      subject { SemVer.new('v1.2.3') }
+
+      it { should == SemVer.new('1.2.3') }
+
+      # Different major versions
+      it { should > SemVer.new('0.2.3') }
+      it { should < SemVer.new('2.2.3') }
+
+      # Different minor versions
+      it { should > SemVer.new('1.1.3') }
+      it { should < SemVer.new('1.3.3') }
+
+      # Different tiny versions
+      it { should > SemVer.new('1.2.2') }
+      it { should < SemVer.new('1.2.4') }
+
+      # Against special versions
+      it { should > SemVer.new('1.2.3beta') }
+      it { should < SemVer.new('1.2.4beta') }
+    end
+
+    describe 'on a special version (v1.2.3beta)' do
+      subject { SemVer.new('v1.2.3beta') }
+
+      it { should == SemVer.new('1.2.3beta') }
+
+      # Same version, final release
+      it { should < SemVer.new('1.2.3') }
+
+      # Different major versions
+      it { should > SemVer.new('0.2.3') }
+      it { should < SemVer.new('2.2.3') }
+
+      # Different minor versions
+      it { should > SemVer.new('1.1.3') }
+      it { should < SemVer.new('1.3.3') }
+
+      # Different tiny versions
+      it { should > SemVer.new('1.2.2') }
+      it { should < SemVer.new('1.2.4') }
+
+      # Against special versions
+      it { should > SemVer.new('1.2.3alpha') }
+      it { should < SemVer.new('1.2.3beta2') }
+    end
+  end
+end
diff --git a/spec/unit/util/settings_spec.rb b/spec/unit/util/settings_spec.rb
index efe2be443..f7cb19936 100755
--- a/spec/unit/util/settings_spec.rb
+++ b/spec/unit/util/settings_spec.rb
@@ -1,5 +1,6 @@
 #!/usr/bin/env rspec
 require 'spec_helper'
+require 'ostruct'
 
 describe Puppet::Util::Settings do
   include PuppetSpec::Files
@@ -1108,4 +1109,14 @@ describe Puppet::Util::Settings do
 
     it "should cache the result"
   end
+
+  describe "#writesub" do
+    it "should only pass valid arguments to File.open" do
+      settings = Puppet::Util::Settings.new
+      settings.stubs(:get_config_file_default).with(:privatekeydir).returns(OpenStruct.new(:mode => "750"))
+
+      File.expects(:open).with("/path/to/keydir", "w", 750).returns true
+      settings.writesub(:privatekeydir, "/path/to/keydir")
+    end
+  end
 end