diff options
Diffstat (limited to 'acceptance')
-rw-r--r-- | acceptance/pending/ticket_3360_allow_duplicate_csr_with_option_set.rb | 50 | ||||
-rw-r--r-- | acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb | 12 | ||||
-rw-r--r-- | acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb | 48 | ||||
-rw-r--r-- | acceptance/tests/ticket_3961_puppet_ca_should_produce_certs.rb | 29 | ||||
-rw-r--r-- | acceptance/tests/ticket_5027_warn_on_dynamic_scope.rb | 28 | ||||
-rw-r--r-- | acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb | 5 | ||||
-rw-r--r-- | acceptance/tests/ticket_6734_6256_5530_5503.rb | 2 | ||||
-rw-r--r-- | acceptance/tests/ticket_6928_puppet_master_parse_fails.rb | 35 | ||||
-rw-r--r-- | acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb | 27 | ||||
-rw-r--r-- | acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rb (renamed from acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rm) | 0 | ||||
-rw-r--r-- | acceptance/tests/ticket_7728_don't_log_whits_on_failure.rb | 18 |
11 files changed, 200 insertions, 54 deletions
diff --git a/acceptance/pending/ticket_3360_allow_duplicate_csr_with_option_set.rb b/acceptance/pending/ticket_3360_allow_duplicate_csr_with_option_set.rb deleted file mode 100644 index ba02227ea..000000000 --- a/acceptance/pending/ticket_3360_allow_duplicate_csr_with_option_set.rb +++ /dev/null @@ -1,50 +0,0 @@ -test_name "#3360: Allow duplicate CSR when allow_duplicate_certs is on" - -agent_hostnames = agents.map {|a| a.to_s} - -# Kill running Puppet Master -- should not be running at this point -step "Master: kill running Puppet Master" -on master, "ps -U puppet | awk '/puppet/ { print \$1 }' | xargs kill || echo \"Puppet Master not running\"" - -step "Master: Start Puppet Master" -on master, puppet_master("--allow_duplicate_certs --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --noop") - -step "Generate a certificate request for the agent" -on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}" - -step "Collect the original certs" -on master, puppet_cert("--sign --all") -original_certs = on master, puppet_cert("--list --all") - -old_certs = {} -original_certs.stdout.each_line do |line| - if line =~ /^\+ (\S+) \((.+)\)$/ - old_certs[$1] = $2 - puts "old cert: #{$1} #{$2}" - end -end - -step "Make another request with the same certname" -on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}" - -step "Collect the new certs" - -on master, puppet_cert("--sign --all") -new_cert_list = on master, puppet_cert("--list --all") - -new_certs = {} -new_cert_list.stdout.each_line do |line| - if line =~ /^\+ (\S+) \((.+)\)$/ - new_certs[$1] = $2 - puts "new cert: #{$1} #{$2}" - end -end - -step "Verify the certs have changed" -# using the agent name as the key may cause errors; -# agent name from cfg file is likely to have short name -# where certs might be signed with long names. -old_certs.each_key { |key| - next if key.include? master # skip the masters cert, only care about agents - fail_test("#{key} does not have a new signed certificate") if old_certs[key] == new_certs[key] -} diff --git a/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb new file mode 100644 index 000000000..c3b5b6795 --- /dev/null +++ b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb @@ -0,0 +1,12 @@ +test_name "generate a helpful error message when hostname doesn't match server certificate" + +step "Clear any existing SSL directories" +on(hosts, "rm -r #{config['puppetpath']}/ssl") + +# Start the master with a certname not matching its hostname +with_master_running_on(master, "--certname foobar_not_my_hostname --certdnsnames one_cert:two_cert:red_cert:blue_cert --autosign true") do + run_agent_on(agents, "--no-daemonize --verbose --onetime --server #{master}", :acceptable_exit_codes => (1..255)) do + msg = "Server hostname '#{master}' did not match server certificate; expected one of foobar_not_my_hostname, one_cert, two_cert, red_cert, blue_cert" + assert_match(msg, stdout) + end +end diff --git a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb new file mode 100644 index 000000000..a34a3e718 --- /dev/null +++ b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb @@ -0,0 +1,48 @@ +test_name "#3360: Allow duplicate CSR when allow_duplicate_certs is on" + +agent_hostnames = agents.map {|a| a.to_s} + +step "Remove existing SSL directory for hosts" +on hosts, "rm -r #{config['puppetpath']}/ssl" + +with_master_running_on master, "--allow_duplicate_certs --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --noop" do + step "Generate a certificate request for the agent" + on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}" + + step "Collect the original certs" + on master, puppet_cert("--sign --all") + original_certs = on master, puppet_cert("--list --all") + + old_certs = {} + original_certs.stdout.each_line do |line| + if line =~ /^\+ (\S+) \((.+)\)$/ + old_certs[$1] = $2 + puts "old cert: #{$1} #{$2}" + end + end + + step "Make another request with the same certname" + on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}" + + step "Collect the new certs" + + on master, puppet_cert("--sign --all") + new_cert_list = on master, puppet_cert("--list --all") + + new_certs = {} + new_cert_list.stdout.each_line do |line| + if line =~ /^\+ (\S+) \((.+)\)$/ + new_certs[$1] = $2 + puts "new cert: #{$1} #{$2}" + end + end + + step "Verify the certs have changed" + # using the agent name as the key may cause errors; + # agent name from cfg file is likely to have short name + # where certs might be signed with long names. + old_certs.each_key { |key| + next if key.include? master # skip the masters cert, only care about agents + assert_not_equal(old_certs[key], new_certs[key], "Expected #{key} to have a changed key") + } +end diff --git a/acceptance/tests/ticket_3961_puppet_ca_should_produce_certs.rb b/acceptance/tests/ticket_3961_puppet_ca_should_produce_certs.rb new file mode 100644 index 000000000..22a5b4b92 --- /dev/null +++ b/acceptance/tests/ticket_3961_puppet_ca_should_produce_certs.rb @@ -0,0 +1,29 @@ +test_name "#3961: puppet ca should produce certs spec" + +scratch = "/tmp/puppet-ssl-3961" +target = "working3961.example.org" + +options = { :confdir => scratch, :vardir => scratch } + +expect = ['notice: Signed certificate request for ca', + 'notice: Rebuilding inventory file', + 'notice: working3961.example.org has a waiting certificate request', + 'notice: Signed certificate request for working3961.example.org', + 'notice: Removing file Puppet::SSL::CertificateRequest working3961.example.org'] + + +step "removing the SSL scratch directory..." +on agents, "rm -vrf #{scratch}" + +step "generate a certificate in #{scratch}" +on(agents,puppet_cert('--trace', '--generate', target, options)) do + expect.each do |line| + stdout.index(line) or fail_test("missing line in output: #{line}") + end +end + +step "verify the certificate for #{target} exists" +on agents, "test -f #{scratch}/ssl/certs/#{target}.pem" + +step "verify the private key for #{target} exists" +on agents, "grep -q 'BEGIN RSA PRIVATE KEY' #{scratch}/ssl/private_keys/#{target}.pem" diff --git a/acceptance/tests/ticket_5027_warn_on_dynamic_scope.rb b/acceptance/tests/ticket_5027_warn_on_dynamic_scope.rb new file mode 100644 index 000000000..a918f0788 --- /dev/null +++ b/acceptance/tests/ticket_5027_warn_on_dynamic_scope.rb @@ -0,0 +1,28 @@ +test_name "#5027: Issue warnings when using dynamic scope" + +step "Apply dynamic scoping manifest on agents" +apply_manifest_on agents, %q{ + $foo = 'foo_value' + + class a { + $bar = 'bar_value' + + include b + } + + class b inherits c { + notify { $baz: } # should not generate a warning -- inherited from class c + notify { $bar: } # should generate a warning -- uses dynamic scoping + notify { $foo: } # should not generate a warning -- comes from top scope + } + + class c { + $baz = 'baz_value' + } + + include a +} + +step "Verify deprecation warning" +fail_test "Deprecation warning not issued" unless + stdout.include? 'warning: Dynamic lookup' diff --git a/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb b/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb index e57b268ef..f774eca05 100644 --- a/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb +++ b/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb @@ -13,7 +13,7 @@ on master, "rm -f #{manifest_file}" with_master_running_on(master, "--manifest #{manifest_file} --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --filetimeout 1") do # Run test on Agents step "Agent: agent --test" - on agents, puppet_agent("--test") + on agents, puppet_agent("--test --server #{master}") # Create a new site.pp step "Master: create basic site.pp file" @@ -24,8 +24,9 @@ with_master_running_on(master, "--manifest #{manifest_file} --certdnsnames=\"pup sleep 3 step "Agent: puppet agent --test" + agents.each do |host| - on(host, puppet_agent("--test"), :acceptable_exit_codes => [2]) do + on(host, puppet_agent("--test --server #{master}"), :acceptable_exit_codes => [2]) do assert_match(/ticket_5477_notify/, stdout, "#{host}: Site.pp not detected on Puppet Master") end end diff --git a/acceptance/tests/ticket_6734_6256_5530_5503.rb b/acceptance/tests/ticket_6734_6256_5530_5503.rb index a59ac13ab..b5d7aaaf3 100644 --- a/acceptance/tests/ticket_6734_6256_5530_5503.rb +++ b/acceptance/tests/ticket_6734_6256_5530_5503.rb @@ -4,9 +4,7 @@ test_name "Tickets 6734 6256 5530 5503i Puppet Master fails to start" -# Kill running Puppet Master with_master_running_on(master) do - step "Check permissions on puppet/rrd/" on master, "ls -l /var/lib/puppet | grep rrd | awk '{print $3\" \"$4}'" do assert_match(/puppet puppet/, stdout, "puppet/rrd does not exist/wrong permissions") diff --git a/acceptance/tests/ticket_6928_puppet_master_parse_fails.rb b/acceptance/tests/ticket_6928_puppet_master_parse_fails.rb new file mode 100644 index 000000000..155e91d3f --- /dev/null +++ b/acceptance/tests/ticket_6928_puppet_master_parse_fails.rb @@ -0,0 +1,35 @@ +test_name "#6928: Puppet --parseonly should return deprication message" + +# Create good and bad formatted manifests +step "Master: create valid, invalid formatted manifests" +create_remote_file(master, '/tmp/good.pp', %w{notify{good:}} ) +create_remote_file(master, '/tmp/bad.pp', 'notify{bad:') + +step "Master: use --parseonly on an invalid manifest, should return 1 and issue deprecation warning" +on master, puppet_master( %w{--parseonly /tmp/bad.pp} ), :acceptable_exit_codes => [ 1 ] + assert_match(/--parseonly has been removed. Please use \'puppet parser validate <manifest>\'/, stdout, "Deprecation warning not issued for --parseonly on #{master}" ) + +step "Agents: create valid, invalid formatted manifests" +agents.each do |host| + create_remote_file(host, '/tmp/good.pp', %w{notify{good:}} ) + create_remote_file(host, '/tmp/bad.pp', 'notify{bad:') +end + +step "Agents: use --parseonly on an invalid manifest, should return 1 and issue deprecation warning" +agents.each do |host| + on(host, "puppet --parseonly /tmp/bad.pp}", :acceptable_exit_codes => [ 1 ]) do + assert_match(/--parseonly has been removed. Please use \'puppet parser validate <manifest>\'/, stdout, "Deprecation warning not issued for --parseonly on #{host}" ) + end +end + +step "Test Face for ‘parser validate’ with good manifest -- should pass" +agents.each do |host| + on(host, "puppet parser validate /tmp/good.pp", :acceptable_exit_codes => [ 0 ]) +end + +step "Test Faces for ‘parser validate’ with bad manifest -- should fail" +agents.each do |host| + on(host, "puppet parser validate /tmp/bad.pp", :acceptable_exit_codes => [ 1 ]) do + assert_match(/err: Could not parse for environment production/, stdout, "Bad manifest detection failed on #{host}" ) + end +end diff --git a/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb new file mode 100644 index 000000000..5eeb2f749 --- /dev/null +++ b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb @@ -0,0 +1,27 @@ +test_name "#7117 Broke the environment criteria in auth.conf" + +# add to auth.conf +add_2_authconf = %q{ +path / +environment override +auth any +allow * +} + +step "Create a temp auth.conf" +create_remote_file master, "/tmp/auth.conf-7117", add_2_authconf + +on master, "chmod 644 /tmp/auth.conf-7117" + +with_master_running_on(master, "--certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --rest_authconfig /tmp/auth.conf-7117 --verbose --autosign true") do + # Run test on Agents + step "Run agent to upload facts" + on agents, puppet_agent("--test --server #{master}") + + step "Fetch agent facts from Puppet Master" + agents.each do |host| + on(host, "curl -k -H \"Accept: yaml\" https://#{master}:8140/override/facts/\`hostname -f\`") do + assert_match(/--- !ruby\/object:Puppet::Node::Facts/, stdout, "Agent Facts not returned for #{host}") + end + end +end diff --git a/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rm b/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rb index f773ba17c..f773ba17c 100644 --- a/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rm +++ b/acceptance/tests/ticket_7139_puppet_resource_file_qualified_paths.rb diff --git a/acceptance/tests/ticket_7728_don't_log_whits_on_failure.rb b/acceptance/tests/ticket_7728_don't_log_whits_on_failure.rb new file mode 100644 index 000000000..eaa95ff55 --- /dev/null +++ b/acceptance/tests/ticket_7728_don't_log_whits_on_failure.rb @@ -0,0 +1,18 @@ +test_name "#7728: Don't log whits on resource failure" + +manifest = %Q{ + class foo { + exec { "test": command => "false", path => ['/bin', '/usr/bin'] } + + notify { "before": before => Exec["test"] } + notify { "after": require => Exec["test"] } + } + + include foo +} + +apply_manifest_on(agents, manifest) do + assert_match(Regexp.new(Regexp.quote('notice: /Stage[main]/Foo/Notify[after]: Dependency Exec[test] has failures: true')), stdout, "the after dependency must be reported") + assert_no_match(Regexp.new(Regexp.quote('Class[Foo]')), stdout, 'the class should not be mentioned') + assert_no_match(Regexp.new(Regexp.quote('Stage[Main]')), stdout, 'the class should not be mentioned') +end |