11 files changed, 200 insertions, 54 deletions

diff --git a/acceptance/pending/ticket_3360_allow_duplicate_csr_with_option_set.rb b/acceptance/pending/ticket_3360_allow_duplicate_csr_with_option_set.rb
deleted file mode 100644
index ba02227ea..000000000
--- a/acceptance/pending/ticket_3360_allow_duplicate_csr_with_option_set.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-test_name "#3360: Allow duplicate CSR when allow_duplicate_certs is on"
-
-agent_hostnames = agents.map {|a| a.to_s}
-
-# Kill running Puppet Master -- should not be running at this point
-step "Master: kill running Puppet Master"
-on master, "ps -U puppet | awk '/puppet/ { print \$1 }' | xargs kill || echo \"Puppet Master not running\""
-
-step "Master: Start Puppet Master"
-on master, puppet_master("--allow_duplicate_certs --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --noop")
-
-step "Generate a certificate request for the agent"
-on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}"
-
-step "Collect the original certs"
-on master, puppet_cert("--sign --all")
-original_certs = on master, puppet_cert("--list --all")
-
-old_certs = {}
-original_certs.stdout.each_line do |line|
-  if line =~ /^\+ (\S+) \((.+)\)$/
-    old_certs[$1] = $2
-    puts "old cert: #{$1} #{$2}"
-  end
-end
-
-step "Make another request with the same certname"
-on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}"
-
-step "Collect the new certs"
-
-on master, puppet_cert("--sign --all")
-new_cert_list = on master, puppet_cert("--list --all")
-
-new_certs = {}
-new_cert_list.stdout.each_line do |line|
-  if line =~ /^\+ (\S+) \((.+)\)$/
-    new_certs[$1] = $2
-    puts "new cert: #{$1} #{$2}"
-  end
-end
-
-step "Verify the certs have changed"
-# using the agent name as the key may cause errors;
-# agent name from cfg file is likely to have short name
-# where certs might be signed with long names.
-old_certs.each_key { |key|
-  next if key.include? master # skip the masters cert, only care about agents
-  fail_test("#{key} does not have a new signed certificate") if old_certs[key] == new_certs[key]
-}
diff --git a/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb
new file mode 100644
index 000000000..c3b5b6795
--- /dev/null
+++ b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb
@@ -0,0 +1,12 @@
+test_name "generate a helpful error message when hostname doesn't match server certificate"
+
+step "Clear any existing SSL directories"
+on(hosts, "rm -r #{config['puppetpath']}/ssl")
+
+# Start the master with a certname not matching its hostname
+with_master_running_on(master, "--certname foobar_not_my_hostname --certdnsnames one_cert:two_cert:red_cert:blue_cert --autosign true") do
+  run_agent_on(agents, "--no-daemonize --verbose --onetime --server #{master}", :acceptable_exit_codes => (1..255)) do
+    msg = "Server hostname '#{master}' did not match server certificate; expected one of foobar_not_my_hostname, one_cert, two_cert, red_cert, blue_cert"
+    assert_match(msg, stdout)
+  end
+end
diff --git a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb
new file mode 100644
index 000000000..a34a3e718
--- /dev/null
+++ b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb
@@ -0,0 +1,48 @@
+test_name "#3360: Allow duplicate CSR when allow_duplicate_certs is on"
+
+agent_hostnames = agents.map {|a| a.to_s}
+
+step "Remove existing SSL directory for hosts"
+on hosts, "rm -r #{config['puppetpath']}/ssl"
+
+with_master_running_on master, "--allow_duplicate_certs --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --noop" do
+  step "Generate a certificate request for the agent"
+  on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}"
+
+  step "Collect the original certs"
+  on master, puppet_cert("--sign --all")
+  original_certs = on master, puppet_cert("--list --all")
+
+  old_certs = {}
+  original_certs.stdout.each_line do |line|
+    if line =~ /^\+ (\S+) \((.+)\)$/
+      old_certs[$1] = $2
+      puts "old cert: #{$1} #{$2}"
+    end
+  end
+
+  step "Make another request with the same certname"
+  on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}"
+
+  step "Collect the new certs"
+
+  on master, puppet_cert("--sign --all")
+  new_cert_list = on master, puppet_cert("--list --all")
+
+  new_certs = {}
+  new_cert_list.stdout.each_line do |line|
+    if line =~ /^\+ (\S+) \((.+)\)$/
+      new_certs[$1] = $2
+      puts "new cert: #{$1} #{$2}"
+    end
+  end
+
+  step "Verify the certs have changed"
+  # using the agent name as the key may cause errors;
+  # agent name from cfg file is likely to have short name
+  # where certs might be signed with long names.
+  old_certs.each_key { |key|
+    next if key.include? master # skip the masters cert, only care about agents
+    assert_not_equal(old_certs[key], new_certs[key], "Expected #{key} to have a changed key")
+  }
+end
diff --git a/acceptance/tests/ticket_3961_puppet_ca_should_produce_certs.rb b/acceptance/tests/ticket_3961_puppet_ca_should_produce_certs.rb
new file mode 100644
index 000000000..22a5b4b92
--- /dev/null
+++ b/acceptance/tests/ticket_3961_puppet_ca_should_produce_certs.rb
@@ -0,0 +1,29 @@
+test_name "#3961: puppet ca should produce certs spec"
+
+scratch = "/tmp/puppet-ssl-3961"
+target  = "working3961.example.org"
+
+options = { :confdir => scratch, :vardir => scratch }
+
+expect = ['notice: Signed certificate request for ca',
+          'notice: Rebuilding inventory file',
+          'notice: working3961.example.org has a waiting certificate request',
+          'notice: Signed certificate request for working3961.example.org',
+          'notice: Removing file Puppet::SSL::CertificateRequest working3961.example.org']
+
+
+step "removing the SSL scratch directory..."
+on agents, "rm -vrf #{scratch}"
+
+step "generate a certificate in #{scratch}"
+on(agents,puppet_cert('--trace', '--generate', target, options)) do
+  expect.each do |line|
+    stdout.index(line) or fail_test("missing line in output: #{line}")
+  end
+end
+
+step "verify the certificate for #{target} exists"
+on agents, "test -f #{scratch}/ssl/certs/#{target}.pem"
+
+step "verify the private key for #{target} exists"
+on agents, "grep -q 'BEGIN RSA PRIVATE KEY' #{scratch}/ssl/private_keys/#{target}.pem"
diff --git a/acceptance/tests/ticket_5027_warn_on_dynamic_scope.rb b/acceptance/tests/ticket_5027_warn_on_dynamic_scope.rb
new file mode 100644
index 000000000..a918f0788
--- /dev/null
+++ b/acceptance/tests/ticket_5027_warn_on_dynamic_scope.rb
@@ -0,0 +1,28 @@
+test_name "#5027: Issue warnings when using dynamic scope"
+
+step "Apply dynamic scoping manifest on agents"
+apply_manifest_on agents, %q{
+  $foo = 'foo_value'
+
+  class a {
+      $bar = 'bar_value'
+
+      include b
+  }
+
+  class b inherits c {
+      notify { $baz: } # should not generate a warning -- inherited from class c
+      notify { $bar: } # should generate a warning -- uses dynamic scoping
+      notify { $foo: } # should not generate a warning -- comes from top scope
+  }
+
+  class c {
+      $baz = 'baz_value'
+  }
+
+  include a
+}
+
+step "Verify deprecation warning"
+fail_test "Deprecation warning not issued" unless
+  stdout.include? 'warning: Dynamic lookup'
diff --git a/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb b/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb
index e57b268ef..f774eca05 100644
--- a/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb
+++ b/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb
@@ -13,7 +13,7 @@ on master, "rm -f #{manifest_file}"
 with_master_running_on(master, "--manifest #{manifest_file} --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --filetimeout 1") do
   # Run test on Agents
   step "Agent: agent --test"
-  on agents, puppet_agent("--test")
+  on agents, puppet_agent("--test --server #{master}")
 
   # Create a new site.pp
   step "Master: create basic site.pp file"
@@ -24,8 +24,9 @@ with_master_running_on(master, "--manifest #{manifest_file} --certdnsnames=\"pup
   sleep 3
 
   step "Agent: puppet agent --test"
+
   agents.each do |host|
-    on(host, puppet_agent("--test"), :acceptable_exit_codes => [2]) do
+    on(host, puppet_agent("--test --server #{master}"), :acceptable_exit_codes => [2]) do
       assert_match(/ticket_5477_notify/, stdout, "#{host}: Site.pp not detected on Puppet Master")
     end
   end
diff --git a/acceptance/tests/ticket_6734_6256_5530_5503.rb b/acceptance/tests/ticket_6734_6256_5530_5503.rb
index a59ac13ab..b5d7aaaf3 100644
--- a/acceptance/tests/ticket_6734_6256_5530_5503.rb
+++ b/acceptance/tests/ticket_6734_6256_5530_5503.rb
@@ -4,9 +4,7 @@
  
 test_name "Tickets 6734 6256 5530 5503i Puppet Master fails to start"
 
-# Kill running Puppet Master
 with_master_running_on(master) do
-
   step "Check permissions on puppet/rrd/"
   on master, "ls -l /var/lib/puppet | grep rrd | awk '{print $3\" \"$4}'" do
     assert_match(/puppet puppet/, stdout, "puppet/rrd does not exist/wrong permissions")
diff --git a/acceptance/tests/ticket_6928_puppet_master_parse_fails.rb b/acceptance/tests/ticket_6928_puppet_master_parse_fails.rb
new file mode 100644
index 000000000..155e91d3f
--- /dev/null
+++ b/acceptance/tests/ticket_6928_puppet_master_parse_fails.rb
@@ -0,0 +1,35 @@
+test_name "#6928: Puppet --parseonly should return deprication message"
+
+# Create good and bad formatted manifests
+step "Master: create valid, invalid formatted manifests"
+create_remote_file(master, '/tmp/good.pp', %w{notify{good:}} )
+create_remote_file(master, '/tmp/bad.pp', 'notify{bad:')
+
+step "Master: use --parseonly on an invalid manifest, should return 1 and issue deprecation warning"
+on master, puppet_master( %w{--parseonly /tmp/bad.pp} ), :acceptable_exit_codes => [ 1 ]
+  assert_match(/--parseonly has been removed. Please use \'puppet parser validate <manifest>\'/, stdout, "Deprecation warning not issued for --parseonly on #{master}" )
+
+step "Agents: create valid, invalid formatted manifests"
+agents.each do |host|
+  create_remote_file(host, '/tmp/good.pp', %w{notify{good:}} )
+  create_remote_file(host, '/tmp/bad.pp', 'notify{bad:')
+end
+
+step "Agents: use --parseonly on an invalid manifest, should return 1 and issue deprecation warning"
+agents.each do |host|
+  on(host, "puppet --parseonly /tmp/bad.pp}", :acceptable_exit_codes => [ 1 ]) do
+    assert_match(/--parseonly has been removed. Please use \'puppet parser validate <manifest>\'/, stdout, "Deprecation warning not issued for --parseonly on #{host}" )
+  end
+end
+
+step "Test Face for ‘parser validate’ with good manifest -- should pass"
+agents.each do |host|
+  on(host, "puppet parser validate /tmp/good.pp", :acceptable_exit_codes => [ 0 ])
+end
+
+step "Test Faces for ‘parser validate’ with bad manifest -- should fail"
+agents.each do |host|
+  on(host, "puppet parser validate /tmp/bad.pp", :acceptable_exit_codes => [ 1 ]) do
+    assert_match(/err: Could not parse for environment production/, stdout, "Bad manifest detection failed on #{host}" )
+  end
+end
diff --git a/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb
new file mode 100644
index 000000000..5eeb2f749
--- /dev/null
+++ b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb
@@ -0,0 +1,27 @@
+test_name "#7117 Broke the environment criteria in auth.conf"
+
+# add to auth.conf
+add_2_authconf = %q{
+path /
+environment override
+auth any
+allow *
+}
+
+step "Create a temp auth.conf"
+create_remote_file master, "/tmp/auth.conf-7117", add_2_authconf
+
+on master, "chmod 644 /tmp/auth.conf-7117"
+
+with_master_running_on(master, "--certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --rest_authconfig /tmp/auth.conf-7117 --verbose --autosign true") do
+  # Run test on Agents
+  step "Run agent to upload facts"
+  on agents, puppet_agent("--test --server #{master}")
+
+  step "Fetch agent facts from Puppet Master"
+  agents.each do |host|
+    on(host, "curl -k -H \"Accept: yaml\" https://#{master}:8140/override/facts/\`hostname -f\`") do
+      assert_match(/--- !ruby\/object:Puppet::Node::Facts/, stdout, "Agent Facts not returned for #{host}")
+    end
+  end
+end
diff --git a/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rm b/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rb
index f773ba17c..f773ba17c 100644
--- a/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rm
+++ b/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rb
diff --git a/acceptance/tests/ticket_7728_don't_log_whits_on_failure.rb b/acceptance/tests/ticket_7728_don't_log_whits_on_failure.rb
new file mode 100644
index 000000000..eaa95ff55
--- /dev/null
+++ b/acceptance/tests/ticket_7728_don't_log_whits_on_failure.rb
@@ -0,0 +1,18 @@
+test_name "#7728: Don't log whits on resource failure"
+
+manifest = %Q{
+  class foo {
+    exec { "test": command => "false", path => ['/bin', '/usr/bin'] }
+
+    notify { "before": before  => Exec["test"] }
+    notify { "after":  require => Exec["test"] }
+  }
+
+  include foo
+}
+
+apply_manifest_on(agents, manifest) do
+  assert_match(Regexp.new(Regexp.quote('notice: /Stage[main]/Foo/Notify[after]: Dependency Exec[test] has failures: true')), stdout, "the after dependency must be reported")
+  assert_no_match(Regexp.new(Regexp.quote('Class[Foo]')), stdout, 'the class should not be mentioned')
+  assert_no_match(Regexp.new(Regexp.quote('Stage[Main]')), stdout, 'the class should not be mentioned')
+end