| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | |
| |
| |
| |
| |
| | |
This idiom is only functional when you have
Rails loaded, which is why it was failing for others
but not me.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
CHANGELOG
spec/integration/defaults.rb
spec/integration/node/catalog.rb
spec/unit/rails.rb
spec/unit/type/mount.rb
|
| | | |
|
| | |
| |
| |
| |
| | |
Facter to load facts there if a new enough version of
Facter is used.
|
| | | |
|
| | |
| |
| |
| |
| | |
This directory only existed as an organizational method,
and the code never matched it, so I'm fixing it.
|
| | |
| |
| |
| |
| | |
This provides a single, global bit for determining whether
a given piece of cached data is still valid.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, you had to configure whether you wanted the CRL or not,
which resulted in errors all the time when it was configured but
unavailable.
Now, Puppet will always create and try to use it, but you won't
get failures if it's unavailable.
|
| | |
| |
| |
| |
| |
| | |
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We can't have the HttpPool class use the Indirector to see
if it has a cert available, because it might be being used to
try to download one, which would cause it to make an http instance,
which would cause it to... Well, you get the idea.
Adding and fixing a few other tests I ran into on the way.
|
| | |
| |
| |
| |
| |
| |
| | |
I don't think the whole thing is done, but at least the
basic flows are in place. Now it's just a question of
doing real-world tests and fleshing out the unit tests
as necessary.
|
| | |
| |
| |
| | |
SSL code.
|
| | |
| |
| |
| | |
This requires less setup and configuration on the part of the user.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
responsibilities to the SSL::Host class.
I was previously saving invalid CRLs unless they'd had a revocation
done in them; this commit fixes them so that they're always valid.
Also, I've added to SSL::Host the ability to generate a valid
SSL Store, suitable for validation. This is now used by
Webrick and can be used by the http clients, too.
This should have been two commits, but I'm kind of down the
rabbit hole ATM.
|
| | |
| |
| |
| |
| |
| |
| | |
I realized that it never made sense to have a CA
that didn't know how to initialize itself, so we
now have a singleton method for the CA, and it also
automatically initializes itself.
|
| | | |
|
| | |
| |
| |
| |
| | |
This provides the backward compatibility for webrick,
and only Mongrel is left.
|
| | |
| |
| |
| |
| | |
Now I just need to get xmlrpc working alongside REST in
both mongrel and webrick.
|
| | | |
|
| | |
| |
| |
| |
| | |
It looks like it's not taking the CRL into account, so
I can't seem to actually get a cert to fail verification.
|
| | |
| |
| |
| |
| |
| | |
Certificate revocation now works, the CA knows how
to generate the CRL, and the SSL::Host class knows
how to configure the CRL class for indirection.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Without this, then you could end up duplicating your CA
key into the normal directory depending on how caching
was set up.
Again, this design aspect isn't the most straightforward,
but at least it's functional now.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, the class was returning OpenSSL instances
(e.g, OpenSSL::X509::Certificate) instead of Puppet instances
(e.g., Puppet::SSL::Certificate). This made some things
easier, but it made them asymmetric (e.g., you assigned the
key as a Puppet instance but got back an OpenSSL instance), and
it also reduced your flexibility and introspectiveness.
|
| | |
| |
| |
| |
| | |
This flushed out some problems, and things mostly look good
now, but I don't think we're quite there yet.
|
| | |
| |
| |
| |
| |
| | |
It previously was a subclass of Host, but this should make it
easier to separate between the thing doing the signing and the
thing managing the necessary files.
|
| | |
| |
| |
| | |
from my partial support for ssl in webrick.
|
| |/
|
|
|
|
| |
broken by my incomplete cert support in webrick. I just
stubbed out the cert usage for now; once all the cert stuff is done
we'll need to go back and unstub it.
|
| |
|
|
| |
the connection information.
|
| |
|
|
|
| |
to work with the current state of the indirection work,
including using a request object and an expiration date.
|
| |
|
|
| |
in that area now need to be updated.
|
| |
|
|
|
|
|
|
| |
on both webrick & mongrel).
Added pending specs for the trivialities in the REST network_fetch and network_delete methods.
Refactored YAML exception detection out into a private helper method.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
re-raised (integration-tested)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REST-related code. Two specs are failing related to how Mongrel is initialized for REST; will fix those shortly.
REST indirector now supports find, with deserialization. Network code in indirector now. Will still need to un-hardwire address/port for outbound connections. Will still need to urlencode path parameters.
Code for search, destroy, update is coming, should be similar to find.
Reworked how the Handler module is used. Needed to be included, rather than inherited. Needed to sidestep initializers for actual web servers (webrick, mongrel), needed to be possible to have handler-including class be used as a class (aka servlet) instead of as an instance.
Webrick handler registration is now abstracted to "above" the servlet.
Provided a #model method to use instead of @model in handler module. This allows neutering during testing.
Brought class_for_protocol up into http/webrick class as a (tested) class method.
Integration tests for rest indirection. Split server integration tests into mongrel and webrick tests.
Got Node/REST working properly wrt the crazy-ass autoloader thing.
We're now actually passing traffic w/ webrick, fwiw.
|
| |
|
|
| |
has a remote shot at working; will need to be upgraded to actually be useful
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and stoppable via Puppet::Network::Server.
Added a network/server integration spec, testing startup, shutdown, reachability, and collision of webrick and mongrel servers in the new network code.
Converted Puppet::Network::HTTP::Handler class to a module, as mongrel Handler should be subclassed; converting subclasses to include the module instead.
Mongrel will actually stop if you .stop it, graceful_shutdown didn't seem quite so reliable.
Webrick requires running in its own Thread to avoid hanging the entire process; this requires introduction of a Mutex to make things safe.
We're only supporting the REST protocol. Made this explicit.
Fixed http server setup args, w/ specs, ah the glory of integration testing.
|
| |
|
|
|
|
| |
internally), and fixing the Facts class so it
auto-expires any associated cached nodes when facts
are saved.
|
| |
|
|
|
|
| |
class instead of the Indirector module. Also, added
an 'expire' method to the indirector, so there's an easy way
to expire cached instances.
|
| |
|
|
| |
expecting requests instead of having a random interface.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a Request instance into the indirection,
pushing it all the way to the terminus instances. It's
a big commit because it requires modifying every terminus class.
There are still some thorny design issues. In particular, who
should be responsible for making the request object? I've tried
having both the indirection class and the Indirector module creating
it, and both have their issues.
Also, the Catalog class previously allowed passing Node instances
directly to the find method, which is now no longer possible because
the Request class would treat the node as the instance being found.
We need the request class to have two modes, one when it's passed an
instance and one when it's passed a key.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
fileserver.conf actually exists.
|
| |
|
|
| |
after the test.
|
