diff options
| author | Nick Lewis <nick@puppetlabs.com> | 2011-04-08 16:20:43 -0700 |
|---|---|---|
| committer | Nick Lewis <nick@puppetlabs.com> | 2011-04-12 10:45:41 -0700 |
| commit | cb01221a0f7221dba60bc23c5a0be2a70466bcdc (patch) | |
| tree | b21fcf9ce30afb20843c0e410297ee23a91dd8aa /spec | |
| parent | 87f4e0a1ce60ddb443a5eda459793c5acb7fce1e (diff) | |
| download | puppet-cb01221a0f7221dba60bc23c5a0be2a70466bcdc.tar.gz puppet-cb01221a0f7221dba60bc23c5a0be2a70466bcdc.tar.xz puppet-cb01221a0f7221dba60bc23c5a0be2a70466bcdc.zip | |
(#3360) Add an allow_duplicate_certs option
If this option is true, a certificate request with the same CN as an existing
certificate will override the existing certificate when signed. With the option
false, the new certificate request will be rejected. This option will default
to false.
Paired-With: Max Martin
Diffstat (limited to 'spec')
| -rwxr-xr-x | spec/unit/indirector/certificate_request/ca_spec.rb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/spec/unit/indirector/certificate_request/ca_spec.rb b/spec/unit/indirector/certificate_request/ca_spec.rb index 8c25e40f7..38d8a1bb1 100755 --- a/spec/unit/indirector/certificate_request/ca_spec.rb +++ b/spec/unit/indirector/certificate_request/ca_spec.rb @@ -5,9 +5,28 @@ require File.expand_path(File.dirname(__FILE__) + '/../../../spec_helper') +require 'puppet/ssl/host' +require 'puppet/sslcertificates' +require 'puppet/sslcertificates/ca' require 'puppet/indirector/certificate_request/ca' describe Puppet::SSL::CertificateRequest::Ca do + include PuppetSpec::Files + + before :each do + Puppet[:ssldir] = tmpdir('ssl') + + Puppet::SSL::Host.ca_location = :local + Puppet[:localcacert] = Puppet[:cacert] + Puppet::SSLCertificates::CA.new.mkrootcert + + @ca = Puppet::SSL::CertificateAuthority.new + end + + after :all do + Puppet::SSL::Host.ca_location = :none + end + it "should have documentation" do Puppet::SSL::CertificateRequest::Ca.doc.should be_instance_of(String) end @@ -16,4 +35,30 @@ describe Puppet::SSL::CertificateRequest::Ca do Puppet.settings.expects(:value).with(:csrdir).returns "/request/dir" Puppet::SSL::CertificateRequest::Ca.collection_directory.should == "/request/dir" end + + it "should overwrite the previous certificate request if allow_duplicate_certs is true" do + Puppet[:allow_duplicate_certs] = true + host = Puppet::SSL::Host.new("foo") + host.generate_certificate_request + @ca.sign(host.name) + + Puppet::SSL::Host.indirection.find("foo").generate_certificate_request + + Puppet::SSL::Certificate.indirection.find("foo").name.should == "foo" + Puppet::SSL::CertificateRequest.indirection.find("foo").name.should == "foo" + Puppet::SSL::Host.indirection.find("foo").state.should == "requested" + end + + it "should reject a new certificate request if allow_duplicate_certs is false" do + Puppet[:allow_duplicate_certs] = false + host = Puppet::SSL::Host.new("bar") + host.generate_certificate_request + @ca.sign(host.name) + + expect { Puppet::SSL::Host.indirection.find("bar").generate_certificate_request }.should raise_error(/ignoring certificate request/) + + Puppet::SSL::Certificate.indirection.find("bar").name.should == "bar" + Puppet::SSL::CertificateRequest.indirection.find("bar").should be_nil + Puppet::SSL::Host.indirection.find("bar").state.should == "signed" + end end |