summaryrefslogtreecommitdiffstats
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rwxr-xr-xspec/unit/indirector/indirection.rb47
-rwxr-xr-xspec/unit/ssl/host.rb76
2 files changed, 48 insertions, 75 deletions
diff --git a/spec/unit/indirector/indirection.rb b/spec/unit/indirector/indirection.rb
index 220aa24fe..ca2a412e3 100755
--- a/spec/unit/indirector/indirection.rb
+++ b/spec/unit/indirector/indirection.rb
@@ -536,7 +536,7 @@ describe Puppet::Indirector::Indirection do
@indirection.expire("/my/key")
end
- it "should log that it is expiring any found instance" do
+ it "should log when expiring a found instance" do
@cache.expects(:find).returns @cached
@cache.stubs(:save)
@@ -545,33 +545,44 @@ describe Puppet::Indirector::Indirection do
@indirection.expire("/my/key")
end
- it "should set the cached instance's expiration to a time in the past" do
- @cache.expects(:find).returns @cached
- @cache.stubs(:save)
+ describe "and the terminus supports removal of cache items with destroy" do
+ it "should destroy the cached instance" do
+ @cache.expects(:find).returns @cached
+ @cache.expects(:destroy).with { |r| r.method == :destroy and r.key == "/my/key" }
+ @cache.expects(:save).never
+ @indirection.expire("/my/key")
+ end
+ end
- @cached.expects(:expiration=).with { |t| t < Time.now }
+ describe "and the terminus does not support removal of cache items with destroy" do
+ it "should set the cached instance's expiration to a time in the past" do
+ @cache.expects(:find).returns @cached
+ @cache.stubs(:save)
- @indirection.expire("/my/key")
- end
+ @cached.expects(:expiration=).with { |t| t < Time.now }
- it "should save the now expired instance back into the cache" do
- @cache.expects(:find).returns @cached
+ @indirection.expire("/my/key")
+ end
- @cached.expects(:expiration=).with { |t| t < Time.now }
+ it "should save the now expired instance back into the cache" do
+ @cache.expects(:find).returns @cached
- @cache.expects(:save)
+ @cached.expects(:expiration=).with { |t| t < Time.now }
- @indirection.expire("/my/key")
- end
+ @cache.expects(:save)
- it "should use a request to save the expired resource to the cache" do
- @cache.expects(:find).returns @cached
+ @indirection.expire("/my/key")
+ end
- @cached.expects(:expiration=).with { |t| t < Time.now }
+ it "should use a request to save the expired resource to the cache" do
+ @cache.expects(:find).returns @cached
- @cache.expects(:save).with { |r| r.is_a?(Puppet::Indirector::Request) and r.instance == @cached and r.method == :save }.returns(@cached)
+ @cached.expects(:expiration=).with { |t| t < Time.now }
- @indirection.expire("/my/key")
+ @cache.expects(:save).with { |r| r.is_a?(Puppet::Indirector::Request) and r.instance == @cached and r.method == :save }.returns(@cached)
+
+ @indirection.expire("/my/key")
+ end
end
end
end
diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb
index 4e4d3f570..9174f2e49 100755
--- a/spec/unit/ssl/host.rb
+++ b/spec/unit/ssl/host.rb
@@ -90,55 +90,6 @@ describe Puppet::SSL::Host do
Puppet::SSL::Host.localhost.should equal(two)
end
- it "should be able to verify its certificate matches its key" do
- Puppet::SSL::Host.new("foo").should respond_to(:certificate_matches_key?)
- end
-
- it "should consider the certificate invalid if it cannot find a key" do
- host = Puppet::SSL::Host.new("foo")
- host.expects(:key).returns nil
-
- host.should_not be_certificate_matches_key
- end
-
- it "should consider the certificate invalid if it cannot find a certificate" do
- host = Puppet::SSL::Host.new("foo")
- host.expects(:key).returns mock("key")
- host.expects(:certificate).returns nil
-
- host.should_not be_certificate_matches_key
- end
-
- it "should consider the certificate invalid if the SSL certificate's key verification fails" do
- host = Puppet::SSL::Host.new("foo")
-
- key = mock 'key', :content => "private_key"
- sslcert = mock 'sslcert'
- certificate = mock 'cert', :content => sslcert
-
- host.stubs(:key).returns key
- host.stubs(:certificate).returns certificate
-
- sslcert.expects(:check_private_key).with("private_key").returns false
-
- host.should_not be_certificate_matches_key
- end
-
- it "should consider the certificate valid if the SSL certificate's key verification succeeds" do
- host = Puppet::SSL::Host.new("foo")
-
- key = mock 'key', :content => "private_key"
- sslcert = mock 'sslcert'
- certificate = mock 'cert', :content => sslcert
-
- host.stubs(:key).returns key
- host.stubs(:certificate).returns certificate
-
- sslcert.expects(:check_private_key).with("private_key").returns true
-
- host.should be_certificate_matches_key
- end
-
describe "when specifying the CA location" do
before do
[Puppet::SSL::Key, Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest, Puppet::SSL::CertificateRevocationList].each do |klass|
@@ -408,10 +359,11 @@ describe Puppet::SSL::Host do
describe "when managing its certificate" do
before do
@realcert = mock 'certificate'
- @cert = stub 'cert', :content => @realcert
+ @realcert.stubs(:check_private_key).with('private key').returns true
+
+ @cert = stub 'cert', :content => @realcert, :expired? => false
- @host.stubs(:key).returns mock("key")
- @host.stubs(:certificate_matches_key?).returns true
+ @host.stubs(:key).returns stub("key",:content => 'private key' )
end
it "should find the CA certificate if it does not have a certificate" do
@@ -459,12 +411,22 @@ describe Puppet::SSL::Host do
@host.certificate.should equal(@cert)
end
- it "should fail if the found certificate does not match the private key" do
- @host.expects(:certificate_matches_key?).returns false
+ it "should immediately expire the cached copy if the found certificate does not match the private key" do
+ @realcert.expects(:check_private_key).with('private key').returns false
Puppet::SSL::Certificate.stubs(:find).returns @cert
+ Puppet::SSL::Certificate.expects(:expire).with("myname")
- lambda { @host.certificate }.should raise_error(Puppet::Error)
+ @host.certificate
+ end
+
+ it "should not return a certificate if it does not match the private key" do
+ @realcert.expects(:check_private_key).with('private key').returns false
+
+ Puppet::SSL::Certificate.stubs(:find).returns @cert
+ Puppet::SSL::Certificate.stubs(:expire).with("myname")
+
+ @host.certificate.should == nil
end
it "should return any previously found certificate" do
@@ -654,14 +616,14 @@ describe Puppet::SSL::Host do
it "should catch and log errors during CSR saving" do
@host.expects(:certificate).times(2).returns(nil).then.returns "foo"
- @host.expects(:generate).raises(RuntimeError)
+ @host.expects(:generate).raises(RuntimeError).then.returns nil
@host.stubs(:sleep)
@host.wait_for_cert(1)
end
it "should sleep and retry after failures saving the CSR if waitforcert is enabled" do
@host.expects(:certificate).times(2).returns(nil).then.returns "foo"
- @host.expects(:generate).raises(RuntimeError)
+ @host.expects(:generate).raises(RuntimeError).then.returns nil
@host.expects(:sleep).with(1)
@host.wait_for_cert(1)
end
generated by cgit (git 2.34.1) at 2026-01-25 23:50:55 +0000