summaryrefslogtreecommitdiffstats
path: root/lib/puppet
Commit message (Collapse)AuthorAgeFilesLines
...
* | Changing the Inventory class to rebuild when theLuke Kanies2008-04-181-2/+3
| | | | | | | | first cert is added, so it's easier to test.
* | Adding a comment to the inventory class.Luke Kanies2008-04-181-1/+1
| |
* | Adding an SSl::Inventory class for managing the ssl inventory.Luke Kanies2008-04-181-0/+38
| | | | | | | | | | This models the existing Inventory module in the sslcertificates/ directory, but does so as an instance, rather than a module.
* | All SSL terminus classes now force the CA information into the right place.Luke Kanies2008-04-182-0/+2
| | | | | | | | | | | | | | | | | | Without this, then you could end up duplicating your CA key into the normal directory depending on how caching was set up. Again, this design aspect isn't the most straightforward, but at least it's functional now.
* | Switching the SSL::Host class to return Puppet instances.Luke Kanies2008-04-173-13/+14
| | | | | | | | | | | | | | | | | | Previously, the class was returning OpenSSL instances (e.g, OpenSSL::X509::Certificate) instead of Puppet instances (e.g., Puppet::SSL::Certificate). This made some things easier, but it made them asymmetric (e.g., you assigned the key as a Puppet instance but got back an OpenSSL instance), and it also reduced your flexibility and introspectiveness.
* | Setting the expiration date of certificate objects to the expiry of the actualLuke Kanies2008-04-171-0/+5
| | | | | | | | cert.
* | Adding integration tests for a lot of the SSL code.Luke Kanies2008-04-174-5/+6
| | | | | | | | | | This flushed out some problems, and things mostly look good now, but I don't think we're quite there yet.
* | Moving the password file handling into the SSL::Key class.Luke Kanies2008-04-174-15/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This was necessary because when the Indirector is used, there isn't necessarily enough context available to know when a password file should be used (e.g., when reading a Key from disk, you don't know if that key was encrypted). Now, the Key class automatically uses the right password file, and only tries to use those files that actually exist. This isn't very flexible, in that it only allows one CA file and one non-CA file, but no one really uses anything but the CA file anyway.
* | Moving all of the ca-specific settings to the ca_fileLuke Kanies2008-04-174-2/+21
| | | | | | | | | | | | | | | | terminus classes, rather than the normal :file classes. This is unfortunately complicated, and it means that the Key :ca_file is only ever actually used for retrieving the CA key itself.
* | Adding SSL::Host-level support for managing the terminus andLuke Kanies2008-04-176-21/+66
| | | | | | | | | | cache classes. Also, defaulting to the :file terminus for all of the SSL classes.
* | Fixing the CA so it actually automatically generates its certificate.Luke Kanies2008-04-171-7/+8
| |
* | The certificate authority now uses a Host instance named 'ca'.Luke Kanies2008-04-171-65/+26
| | | | | | | | | | | | It previously was a subclass of Host, but this should make it easier to separate between the thing doing the signing and the thing managing the necessary files.
* | Changing all of the SSL terminus classes to treat CA files specially.Luke Kanies2008-04-178-53/+139
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a kind of weird design situation. For instance, we've got a collection of certificates in the :certdir, but then there's a special CA certificate off by itself. Rather than build a whole separate infrastructure for managing those separate files (cert and key, at least), I decided to add special support for specifying where to find the CA-specific bits, and then code for handling them when necessary. This requires that we have a standard way of knowing whether we should be managing the CA bits or normal host files. The Puppet::SSL::Host class now has a 'ca_name' method that returns the string we're using for the CA name; this name is currently 'ca'. We have to use a name, because the name is the only thing that all methods have access to (e.g., when trying to 'find' the right cert, we only have the name available). What this means is that if you want access to the CA key or cert, then create a Puppet::SSL::Host instance with the name 'ca'. You'll still get the CA cert created with the host's :certname; it will just be stored in a different location.
* | The 'destroy' method for the ssl_file terminus base classLuke Kanies2008-04-161-1/+1
| | | | | | | | now returns false on missing files, rather than failing.
* | Removing all the cases where the ssl host specifiesLuke Kanies2008-04-161-70/+18
| | | | | | | | | | a terminus. Also, getting rid of some metaprogramming that wasn't really helping.
* | Making the first pass at using requests instead ofLuke Kanies2008-04-158-64/+30
| | | | | | | | | | specifying the terminus class. The individual ssl classes now work, but the ssl host class doesn't yet.
* | Adding a :to_text method that will convert the containedLuke Kanies2008-04-151-0/+6
| | | | | | | | thing to readable human text.
* | Actually signing the certificates in the CA.Luke Kanies2008-04-151-0/+1
| |
* | Adding the first attempt at managing the certificateLuke Kanies2008-04-151-0/+72
| | | | | | | | revocation list.
* | Adding a :search method to the ssl_file terminus typeLuke Kanies2008-04-152-0/+31
| | | | | | | | and the SSL::Host class.
* | We have a basically functional CA -- it can signLuke Kanies2008-04-157-19/+54
| | | | | | | | | | | | requests and return certificates. There's still plenty more work to do, but I'm probably not much more than a day away from redoing puppetca to use this code.
* | Adding tests for the easy bits of the CertificateFactory.Luke Kanies2008-04-151-5/+14
| | | | | | | | | | | | I probably am going to skip the tests for the rest, since the code is unlikely to ever change, and it's going to be a royal pain to test.
* | Adding tests for the certificate serial numbersLuke Kanies2008-04-151-10/+10
| |
* | The certificate authority is now functional and tested.Luke Kanies2008-04-152-26/+27
| |
* | This is a first pass at the certificate authority.Luke Kanies2008-04-154-48/+356
| | | | | | | | | | The tests are basically entirely absent still, but the structure is all there.
* | It looks like all of the new ssl classes for managingLuke Kanies2008-04-157-20/+105
| | | | | | | | | | | | | | keys, certificates, and requests now work, including talking to the certificate authority. Now we just need the authority itself, along with the necessary REST terminii.
* | Adding he last of the indirection classes for the sslLuke Kanies2008-04-157-5/+29
| | | | | | | | classes, finally including the certificate requests.
* | The certificate and key are now correctly interactingLuke Kanies2008-04-153-26/+30
| | | | | | | | | | with the existing cert/key store. Certificate requests are not yet handled, nor are the ca-specific collections.
* | Removing obsolete indirection classesLuke Kanies2008-04-152-38/+0
| |
* | The basics for the certificate and certificate requestLuke Kanies2008-04-157-38/+127
| | | | | | | | | | indirection terminii are done. I need to move most of the test code to a shared behaviour now.
* | The new SSL classes basically work, but they're notLuke Kanies2008-04-155-1/+90
| | | | | | | | functionally connected to any kind of indirection.
* | Finished the certificate request wrapper class.Luke Kanies2008-04-151-0/+27
| |
* | First stage of cert refactoring: PrivateLuke Kanies2008-04-152-0/+72
| | | | | | | | keys kind of work.
* | Fixing whitespace problems.Luke Kanies2008-04-151-18/+18
| |
* | Adding the necessary tests for webrick to have logging andLuke Kanies2008-04-151-1/+73
| | | | | | | | | | ssl. The tests can't be completed until the certificate work is all done.
* | Merge branch '0.24.x'Luke Kanies2008-04-1111-88/+156
|\| | | | | | | | | | | Conflicts: spec/unit/network/server.rb
| * Fixishing some pending tests, including filling inLuke Kanies2008-04-111-2/+2
| | | | | | | | the connection information.
| * Making the changes necessary to get the REST supportLuke Kanies2008-04-111-8/+8
| | | | | | | | | | to work with the current state of the indirection work, including using a request object and an expiration date.
| * The 'destroy' method in the indirection now returnsLuke Kanies2008-04-111-2/+2
| | | | | | | | | | the results of destroying, so they can return true or false.
| * fill out specs for network_* methods; refactor lowest-level network hooksRick Bradley2008-04-111-4/+8
| |
| * adding rest_connection_details helper to Indirector::REST -- will need to be ↵Rick Bradley2008-04-111-0/+5
| | | | | | | | overridden to lookup the real connection details
| * removed a debugging helper from the Indirector::Rest#save methodRick Bradley2008-04-111-3/+1
| |
| * adding REST save support, with integration tests. A handful of unit tests ↵Rick Bradley2008-04-112-18/+21
| | | | | | | | in that area now need to be updated.
| * disabling caching for Puppet::Indirector::Indirection as it was causing ↵Rick Bradley2008-04-111-1/+0
| | | | | | | | hella problems with testing save without caching; judging my luke's blog this is going to be rewritten somehow anyway
| * work-in-progress; playing with refactoring network_* methods inside ↵Rick Bradley2008-04-111-2/+11
| | | | | | | | Indirector::REST
| * Added support for destroy/DELETE over REST (including units & integrations ↵Rick Bradley2008-04-111-8/+27
| | | | | | | | | | | | | | | | on both webrick & mongrel). Added pending specs for the trivialities in the REST network_fetch and network_delete methods. Refactored YAML exception detection out into a private helper method.
| * making search work over REST, w/ unit & integration specsRick Bradley2008-04-112-4/+2
| |
| * unit specs and implementation for Indirector::REST#search methodRick Bradley2008-04-111-0/+8
| |
| * Make mongrel happy like WEBrick.Rick Bradley2008-04-112-7/+4
| | | | | | | | Refactored specs to put some of the lower-level find/save/search/destroy unit tests under their own contexts.
| * exceptions on remote end now properly passed to local end via REST and ↵Rick Bradley2008-04-111-1/+1
| | | | | | | | re-raised (integration-tested)
generated by cgit (git 2.34.1) at 2025-10-01 23:08:43 +0000