diff options
| -rw-r--r-- | lib/puppet/indirector/catalog/compiler.rb | 12 | ||||
| -rwxr-xr-x | spec/unit/indirector/catalog/compiler_spec.rb | 17 |
2 files changed, 17 insertions, 12 deletions
diff --git a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb index c50022fff..6375e801f 100644 --- a/lib/puppet/indirector/catalog/compiler.rb +++ b/lib/puppet/indirector/catalog/compiler.rb @@ -107,10 +107,14 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code return node end - # If the request is authenticated, then the 'node' info will - # be available; if not, then we use the passed-in key. We rely - # on our authorization system to determine whether this is allowed. - name = request.node || request.key + # We rely on our authorization system to determine whether the connected + # node is allowed to compile the catalog's node referenced by key. + # By default the REST authorization system makes sure only the connected node + # can compile his catalog. + # This allows for instance monitoring systems or puppet-load to check several + # node's catalog with only one certificate and a modification to auth.conf + # If no key is provided we can only compile the currently connected node. + name = request.key || request.node if node = find_node(name) return node end diff --git a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb index 2ae5f6ff3..6c950b626 100755 --- a/spec/unit/indirector/catalog/compiler_spec.rb +++ b/spec/unit/indirector/catalog/compiler_spec.rb @@ -6,6 +6,7 @@ require File.dirname(__FILE__) + '/../../../spec_helper' require 'puppet/indirector/catalog/compiler' +require 'puppet/rails' describe Puppet::Resource::Catalog::Compiler do before do @@ -33,8 +34,8 @@ describe Puppet::Resource::Catalog::Compiler do Puppet::Node.stubs(:find).with('node1').returns(node1) Puppet::Node.stubs(:find).with('node2').returns(node2) - compiler.find(stub('request', :node => 'node1', :options => {})) - compiler.find(stub('node2request', :node => 'node2', :options => {})) + compiler.find(stub('request', :key => 'node1', :node => 'node1', :options => {})) + compiler.find(stub('node2request', :key => 'node2', :node => 'node2', :options => {})) end it "should provide a method for determining if the catalog is networked" do @@ -70,7 +71,7 @@ describe Puppet::Resource::Catalog::Compiler do @node = Puppet::Node.new @name @node.stubs(:merge) Puppet::Node.stubs(:find).returns @node - @request = stub 'request', :key => "does not matter", :node => @name, :options => {} + @request = stub 'request', :key => @name, :node => @name, :options => {} end it "should directly use provided nodes" do @@ -80,14 +81,14 @@ describe Puppet::Resource::Catalog::Compiler do @compiler.find(@request) end - it "should use the request's node name if no explicit node is provided" do + it "should use the authenticated node name if no request key is provided" do + @request.stubs(:key).returns(nil) Puppet::Node.expects(:find).with(@name).returns(@node) @compiler.expects(:compile).with(@node) @compiler.find(@request) end - it "should use the provided node name if no explicit node is provided and no authenticated node information is available" do - @request.expects(:node).returns nil + it "should use the provided node name by default" do @request.expects(:key).returns "my_node" Puppet::Node.expects(:find).with("my_node").returns @node @@ -198,7 +199,7 @@ describe Puppet::Resource::Catalog::Compiler do @compiler = Puppet::Resource::Catalog::Compiler.new @name = "me" @node = mock 'node' - @request = stub 'request', :node => @name, :options => {} + @request = stub 'request', :key => @name, :options => {} @compiler.stubs(:compile) end @@ -217,7 +218,7 @@ describe Puppet::Resource::Catalog::Compiler do @compiler = Puppet::Resource::Catalog::Compiler.new @name = "me" @node = mock 'node' - @request = stub 'request', :node => @name, :options => {} + @request = stub 'request', :key => @name, :options => {} @compiler.stubs(:compile) Puppet::Node.stubs(:find).with(@name).returns(@node) end |