summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/puppet/defaults.rb1
-rw-r--r--lib/puppet/indirector/certificate/ca_file.rb8
-rw-r--r--lib/puppet/indirector/certificate_request/ca_file.rb8
-rw-r--r--lib/puppet/indirector/certificate_request/file.rb8
-rw-r--r--lib/puppet/ssl/certificate.rb5
-rw-r--r--lib/puppet/ssl/certificate_request.rb2
-rw-r--r--lib/puppet/ssl/key.rb2
-rwxr-xr-xspec/unit/indirector/certificate/ca_file.rb19
-rwxr-xr-xspec/unit/indirector/certificate_request/ca_file.rb19
-rwxr-xr-xspec/unit/indirector/certificate_request/file.rb19
-rwxr-xr-xspec/unit/ssl/certificate.rb4
-rwxr-xr-xspec/unit/ssl/key.rb5
12 files changed, 95 insertions, 5 deletions
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index eed1a00f3..300f9bad4 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -167,6 +167,7 @@ module Puppet
certificate. By default, only the server gets an alias set up, and only for 'puppet'."],
:certdir => ["$ssldir/certs", "The certificate directory."],
:publickeydir => ["$ssldir/public_keys", "The public key directory."],
+ :requestdir => ["$ssldir/public_keys", "The public key directory."],
:privatekeydir => { :default => "$ssldir/private_keys",
:mode => 0750,
:desc => "The private key directory."
diff --git a/lib/puppet/indirector/certificate/ca_file.rb b/lib/puppet/indirector/certificate/ca_file.rb
new file mode 100644
index 000000000..99941c49e
--- /dev/null
+++ b/lib/puppet/indirector/certificate/ca_file.rb
@@ -0,0 +1,8 @@
+require 'puppet/indirector/ssl_file'
+require 'puppet/ssl/certificate'
+
+class Puppet::SSL::Certificate::CaFile < Puppet::Indirector::SslFile
+ desc "Manage the CA collection of signed SSL certificates on disk."
+
+ store_in :signeddir
+end
diff --git a/lib/puppet/indirector/certificate_request/ca_file.rb b/lib/puppet/indirector/certificate_request/ca_file.rb
new file mode 100644
index 000000000..08aa73eaf
--- /dev/null
+++ b/lib/puppet/indirector/certificate_request/ca_file.rb
@@ -0,0 +1,8 @@
+require 'puppet/indirector/ssl_file'
+require 'puppet/ssl/certificate_request'
+
+class Puppet::SSL::CertificateRequest::CaFile < Puppet::Indirector::SslFile
+ desc "Manage the CA collection of certificate requests on disk."
+
+ store_in :csrdir
+end
diff --git a/lib/puppet/indirector/certificate_request/file.rb b/lib/puppet/indirector/certificate_request/file.rb
new file mode 100644
index 000000000..5eb6745fd
--- /dev/null
+++ b/lib/puppet/indirector/certificate_request/file.rb
@@ -0,0 +1,8 @@
+require 'puppet/indirector/ssl_file'
+require 'puppet/ssl/certificate_request'
+
+class Puppet::SSL::CertificateRequest::CaFile < Puppet::Indirector::SslFile
+ desc "Manage the CA collection of certificate requests on disk."
+
+ store_in :requestdir
+end
diff --git a/lib/puppet/ssl/certificate.rb b/lib/puppet/ssl/certificate.rb
index 9a89b4530..d1687e6f0 100644
--- a/lib/puppet/ssl/certificate.rb
+++ b/lib/puppet/ssl/certificate.rb
@@ -1,13 +1,12 @@
require 'puppet/ssl/base'
-# The class that manages all aspects of our SSL certificates --
-# private keys, public keys, requests, etc.
+# Manage certificates themselves.
class Puppet::SSL::Certificate < Puppet::SSL::Base
# This is defined from the base class
wraps OpenSSL::X509::Certificate
extend Puppet::Indirector
- indirects :certificate #, :terminus_class => :file
+ indirects :certificate, :terminus_class => :file
def generate
raise Puppet::DevError, "Cannot generate certificates directly; they must be generated during signing"
diff --git a/lib/puppet/ssl/certificate_request.rb b/lib/puppet/ssl/certificate_request.rb
index 67f0f23c6..fec9e1733 100644
--- a/lib/puppet/ssl/certificate_request.rb
+++ b/lib/puppet/ssl/certificate_request.rb
@@ -1,6 +1,6 @@
require 'puppet/ssl/base'
-# This constant just exists for us to use for adding our request terminii.
+# Manage certificate requests.
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
wraps OpenSSL::X509::Request
diff --git a/lib/puppet/ssl/key.rb b/lib/puppet/ssl/key.rb
index 18bf2a4cb..a9c8717f8 100644
--- a/lib/puppet/ssl/key.rb
+++ b/lib/puppet/ssl/key.rb
@@ -6,7 +6,7 @@ class Puppet::SSL::Key < Puppet::SSL::Base
wraps OpenSSL::PKey::RSA
extend Puppet::Indirector
- indirects :key #, :terminus_class => :file
+ indirects :key, :terminus_class => :file
# Knows how to create keys with our system defaults.
def generate
diff --git a/spec/unit/indirector/certificate/ca_file.rb b/spec/unit/indirector/certificate/ca_file.rb
new file mode 100755
index 000000000..98075170d
--- /dev/null
+++ b/spec/unit/indirector/certificate/ca_file.rb
@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+#
+# Created by Luke Kanies on 2008-3-7.
+# Copyright (c) 2007. All rights reserved.
+
+require File.dirname(__FILE__) + '/../../../spec_helper'
+
+require 'puppet/indirector/certificate/ca_file'
+
+describe Puppet::SSL::Certificate::CaFile do
+ it "should have documentation" do
+ Puppet::SSL::Certificate::CaFile.doc.should be_instance_of(String)
+ end
+
+ it "should use the :signeddir as the collection directory" do
+ Puppet.settings.expects(:value).with(:signeddir).returns "/cert/dir"
+ Puppet::SSL::Certificate::CaFile.collection_directory.should == "/cert/dir"
+ end
+end
diff --git a/spec/unit/indirector/certificate_request/ca_file.rb b/spec/unit/indirector/certificate_request/ca_file.rb
new file mode 100755
index 000000000..7b264fefb
--- /dev/null
+++ b/spec/unit/indirector/certificate_request/ca_file.rb
@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+#
+# Created by Luke Kanies on 2008-3-7.
+# Copyright (c) 2007. All rights reserved.
+
+require File.dirname(__FILE__) + '/../../../spec_helper'
+
+require 'puppet/indirector/certificate_request/ca_file'
+
+describe Puppet::SSL::CertificateRequest::CaFile do
+ it "should have documentation" do
+ Puppet::SSL::CertificateRequest::CaFile.doc.should be_instance_of(String)
+ end
+
+ it "should use the :csrdir as the collection directory" do
+ Puppet.settings.expects(:value).with(:csrdir).returns "/request/dir"
+ Puppet::SSL::CertificateRequest::CaFile.collection_directory.should == "/request/dir"
+ end
+end
diff --git a/spec/unit/indirector/certificate_request/file.rb b/spec/unit/indirector/certificate_request/file.rb
new file mode 100755
index 000000000..c4595b932
--- /dev/null
+++ b/spec/unit/indirector/certificate_request/file.rb
@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+#
+# Created by Luke Kanies on 2008-3-7.
+# Copyright (c) 2007. All rights reserved.
+
+require File.dirname(__FILE__) + '/../../../spec_helper'
+
+require 'puppet/indirector/certificate_request/file'
+
+describe Puppet::SSL::CertificateRequest::CaFile do
+ it "should have documentation" do
+ Puppet::SSL::CertificateRequest::CaFile.doc.should be_instance_of(String)
+ end
+
+ it "should use the :requestdir as the collection directory" do
+ Puppet.settings.expects(:value).with(:requestdir).returns "/request/dir"
+ Puppet::SSL::CertificateRequest::CaFile.collection_directory.should == "/request/dir"
+ end
+end
diff --git a/spec/unit/ssl/certificate.rb b/spec/unit/ssl/certificate.rb
index 69f4e1fa1..1df9c42e1 100755
--- a/spec/unit/ssl/certificate.rb
+++ b/spec/unit/ssl/certificate.rb
@@ -17,6 +17,10 @@ describe Puppet::SSL::Certificate do
@class.indirection.name.should == :certificate
end
+ it "should default to the :file terminus class" do
+ @class.indirection.terminus_class.should == :file
+ end
+
describe "when managing instances" do
before do
@certificate = @class.new("myname")
diff --git a/spec/unit/ssl/key.rb b/spec/unit/ssl/key.rb
index e580bbc55..d6cdc8266 100755
--- a/spec/unit/ssl/key.rb
+++ b/spec/unit/ssl/key.rb
@@ -8,6 +8,7 @@ describe Puppet::SSL::Key do
before do
@class = Puppet::SSL::Key
end
+
it "should be extended with the Indirector module" do
@class.metaclass.should be_include(Puppet::Indirector)
end
@@ -16,6 +17,10 @@ describe Puppet::SSL::Key do
@class.indirection.name.should == :key
end
+ it "should default to the :file terminus class" do
+ @class.indirection.terminus_class.should == :file
+ end
+
describe "when managing instances" do
before do
@key = @class.new("myname")
generated by cgit (git 2.34.1) at 2025-10-17 23:51:20 +0000