| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
rspec2 automatically sets a bunch of load-path stuff we were by hand, so we
can just stop. As a side-effect we can now avoid a whole pile of stupid things
to try and include the spec_helper.rb file...
...and then we can stop protecting spec_helper from evaluating twice, since we
now require it with a consistent name. Yay.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces a new Indirector terminus, certificate_status,
which allows for signing, revoking, listing, and cleaning
SSL certificates over HTTP via REST. Documentation for these new
features can be found in our REST API documentation on the docs site:
http://docs.puppetlabs.com/guides/rest_api.html
This documentation has not been updated as of the writing of this
commit, but will be very soon. Puppet::SSL::Host is now fully integrated
into the Indirector.
Paired-with:Matt Robinson, Jacob Helwig, Jesse Wolfe, Richard Crowley,
Luke Kanies
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
Rakefile
lib/puppet/resource/type_collection.rb
lib/puppet/simple_graph.rb
lib/puppet/transaction.rb
lib/puppet/transaction/report.rb
lib/puppet/util/metric.rb
spec/integration/indirector/report/rest_spec.rb
spec/spec_specs/runnable_spec.rb
spec/unit/configurer_spec.rb
spec/unit/indirector_spec.rb
spec/unit/transaction/change_spec.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The biggest change is that we no longer need to monkey patch rspec to
get confine behavior. Describe blocks can now be conditional like
confine used to be. "describe" blocks with "shared => true" are now
"shared_examples_for".
Paired-With: Nick Lewis
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Doing a require to a relative path can cause files to be required more
than once when they're required from different relative paths. If you
expand the path fully, this won't happen. Ruby 1.9 also requires that
you use expand_path when doing these requires.
Paired-with: Jesse Wolfe
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In commit b67f4c68503ca3abf0a55857da452e46fa75abd5 I fixed one place
that was causing order dependent test failures in
spec/unit/ssl/certificate_request_spec.rb, but missed another case that
was causing a similar failure. To find all the order dependent failures
with that file I ran the following bash script from the spec directory:
for TEST in `find . -name "*.rb" -type f`; do
spec $TEST unit/ssl/certificate_request_spec.rb > /dev/null 2>&1
if [[ $? != 0 ]]; then
echo $TEST
fi
done
Paired-with: Jesse Wolfe
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change replaces calls to <model object>.save with calls to <model
class>.indirection.save(<model object>). This makes the use of the
indirector explicit rather than implicit so that it will be easier to
search for all indirector call sites using grep. This is an
intermediate refactor on the way towards allowing indirector calls to
be explicitly routed to multiple termini.
This patch affects production code.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change replaces calls to <model object>.save with calls to <model
class>.indirection.save(<model object>). This makes the use of the
indirector explicit rather than implicit so that it will be easier to
search for all indirector call sites using grep. This is an
intermediate refactor on the way towards allowing indirector calls to
be explicitly routed to multiple termini.
This patch affects tests only; the next patch will make the
corresponding change to the code.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Autosigning was previously accomplished by overriding
CertificateRequest#save. This meant that it wouldn't work if
certificate requests were saved via a direct call to Indirection#save.
Changed it to use the indirector :extend mechanism, which works no
matter how the save is invoked.
|
| | |
| |
| |
| | |
The first argument was often nil, and the second was mandatory.
|
| |/
|
|
|
|
| |
Replaced uses of the find, search, destroy, and expire methods on
model classes with direct calls to the indirection objects. This
change affects tests only.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 704 occurances of (.*)\b([a-z_]+)\(\) with \1\2
3 Examples:
The code:
ctx = OpenSSL::SSL::SSLContext.new()
becomes:
ctx = OpenSSL::SSL::SSLContext.new
The code:
skip()
becomes:
skip
The code:
path = tempfile()
becomes:
path = tempfile
* Replaced 31 occurances of ^( *)end *#.* with \1end
3 Examples:
The code:
becomes:
The code:
end # Dir.foreach
becomes:
end
The code:
end # def
becomes:
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 163 occurances of
defined\? +([@a-zA-Z_.0-9?=]+)
with
defined?(\1)
This makes detecting subsequent patterns easier.
3 Examples:
The code:
if ! defined? @parse_config
becomes:
if ! defined?(@parse_config)
The code:
return @option_parser if defined? @option_parser
becomes:
return @option_parser if defined?(@option_parser)
The code:
if defined? @local and @local
becomes:
if defined?(@local) and @local
* Eliminate trailing spaces.
Replaced 428 occurances of ^(.*?) +$ with \1
1 file was skipped.
test/ral/providers/host/parsed.rb because 0
* Replace leading tabs with an appropriate number of spaces.
Replaced 306 occurances of ^(\t+)(.*) with
Tabs are not consistently expanded in all environments.
* Don't arbitrarily wrap on sprintf (%) operator.
Replaced 143 occurances of
(.*['"] *%)
+(.*)
with
Splitting the line does nothing to aid clarity and hinders further refactorings.
3 Examples:
The code:
raise Puppet::Error, "Cannot create %s: basedir %s is a file" %
[dir, File.join(path)]
becomes:
raise Puppet::Error, "Cannot create %s: basedir %s is a file" % [dir, File.join(path)]
The code:
Puppet.err "Will not start without authorization file %s" %
Puppet[:authconfig]
becomes:
Puppet.err "Will not start without authorization file %s" % Puppet[:authconfig]
The code:
$stderr.puts "Could not find host for PID %s with status %s" %
[pid, $?.exitstatus]
becomes:
$stderr.puts "Could not find host for PID %s with status %s" % [pid, $?.exitstatus]
* Don't break short arrays/parameter list in two.
Replaced 228 occurances of
(.*)
+(.*)
with
3 Examples:
The code:
puts @format.wrap(type.provider(prov).doc,
:indent => 4, :scrub => true)
becomes:
puts @format.wrap(type.provider(prov).doc, :indent => 4, :scrub => true)
The code:
assert(FileTest.exists?(daily),
"Did not make daily graph for %s" % type)
becomes:
assert(FileTest.exists?(daily), "Did not make daily graph for %s" % type)
The code:
assert(prov.target_object(:first).read !~ /^notdisk/,
"Did not remove thing from disk")
becomes:
assert(prov.target_object(:first).read !~ /^notdisk/, "Did not remove thing from disk")
* If arguments must wrap, treat them all equally
Replaced 510 occurances of
lines ending in things like ...(foo, or ...(bar(1,3),
with
\1
\2
3 Examples:
The code:
midscope.to_hash(false),
becomes:
assert_equal(
The code:
botscope.to_hash(true),
becomes:
# bottomscope, then checking that we see the right stuff.
The code:
:path => link,
becomes:
* Replaced 4516 occurances of ^( *)(.*) with
The present code base is supposed to use four-space indentation. In some places we failed
to maintain that standard. These should be fixed regardless of the 2 vs. 4 space question.
15 Examples:
The code:
def run_comp(cmd)
puts cmd
results = []
old_sync = $stdout.sync
$stdout.sync = true
line = []
begin
open("| #{cmd}", "r") do |f|
until f.eof? do
c = f.getc
becomes:
def run_comp(cmd)
puts cmd
results = []
old_sync = $stdout.sync
$stdout.sync = true
line = []
begin
open("| #{cmd}", "r") do |f|
until f.eof? do
c = f.getc
The code:
s.gsub!(/.{4}/n, '\\\\u\&')
}
string.force_encoding(Encoding::UTF_8)
string
rescue Iconv::Failure => e
raise GeneratorError, "Caught #{e.class}: #{e}"
end
else
def utf8_to_pson(string) # :nodoc:
string = string.gsub(/["\\\x0-\x1f]/) { MAP[$&] }
string.gsub!(/(
becomes:
s.gsub!(/.{4}/n, '\\\\u\&')
}
string.force_encoding(Encoding::UTF_8)
string
rescue Iconv::Failure => e
raise GeneratorError, "Caught #{e.class}: #{e}"
end
else
def utf8_to_pson(string) # :nodoc:
string = string.gsub(/["\\\x0-\x1f]/) { MAP[$&] }
string.gsub!(/(
The code:
end
}
rvalues: rvalue
| rvalues comma rvalue {
if val[0].instance_of?(AST::ASTArray)
result = val[0].push(val[2])
else
result = ast AST::ASTArray, :children => [val[0],val[2]]
end
}
becomes:
end
}
rvalues: rvalue
| rvalues comma rvalue {
if val[0].instance_of?(AST::ASTArray)
result = val[0].push(val[2])
else
result = ast AST::ASTArray, :children => [val[0],val[2]]
end
}
The code:
#passwdproc = proc { @password }
keytext = @key.export(
OpenSSL::Cipher::DES.new(:EDE3, :CBC),
@password
)
File.open(@keyfile, "w", 0400) { |f|
f << keytext
}
becomes:
# passwdproc = proc { @password }
keytext = @key.export(
OpenSSL::Cipher::DES.new(:EDE3, :CBC),
@password
)
File.open(@keyfile, "w", 0400) { |f|
f << keytext
}
The code:
end
def to_manifest
"%s { '%s':\n%s\n}" % [self.type.to_s, self.name,
@params.collect { |p, v|
if v.is_a? Array
" #{p} => [\'#{v.join("','")}\']"
else
" #{p} => \'#{v}\'"
end
}.join(",\n")
becomes:
end
def to_manifest
"%s { '%s':\n%s\n}" % [self.type.to_s, self.name,
@params.collect { |p, v|
if v.is_a? Array
" #{p} => [\'#{v.join("','")}\']"
else
" #{p} => \'#{v}\'"
end
}.join(",\n")
The code:
via the augeas tool.
Requires:
- augeas to be installed (http://www.augeas.net)
- ruby-augeas bindings
Sample usage with a string::
augeas{\"test1\" :
context => \"/files/etc/sysconfig/firstboot\",
changes => \"set RUN_FIRSTBOOT YES\",
becomes:
via the augeas tool.
Requires:
- augeas to be installed (http://www.augeas.net)
- ruby-augeas bindings
Sample usage with a string::
augeas{\"test1\" :
context => \"/files/etc/sysconfig/firstboot\",
changes => \"set RUN_FIRSTBOOT YES\",
The code:
names.should_not be_include("root")
end
describe "when generating a purgeable resource" do
it "should be included in the generated resources" do
Puppet::Type.type(:host).stubs(:instances).returns [@purgeable_resource]
@resources.generate.collect { |r| r.ref }.should include(@purgeable_resource.ref)
end
end
describe "when the instance's do not have an ensure property" do
becomes:
names.should_not be_include("root")
end
describe "when generating a purgeable resource" do
it "should be included in the generated resources" do
Puppet::Type.type(:host).stubs(:instances).returns [@purgeable_resource]
@resources.generate.collect { |r| r.ref }.should include(@purgeable_resource.ref)
end
end
describe "when the instance's do not have an ensure property" do
The code:
describe "when the instance's do not have an ensure property" do
it "should not be included in the generated resources" do
@no_ensure_resource = Puppet::Type.type(:exec).new(:name => '/usr/bin/env echo')
Puppet::Type.type(:host).stubs(:instances).returns [@no_ensure_resource]
@resources.generate.collect { |r| r.ref }.should_not include(@no_ensure_resource.ref)
end
end
describe "when the instance's ensure property does not accept absent" do
it "should not be included in the generated resources" do
@no_absent_resource = Puppet::Type.type(:service).new(:name => 'foobar')
becomes:
describe "when the instance's do not have an ensure property" do
it "should not be included in the generated resources" do
@no_ensure_resource = Puppet::Type.type(:exec).new(:name => '/usr/bin/env echo')
Puppet::Type.type(:host).stubs(:instances).returns [@no_ensure_resource]
@resources.generate.collect { |r| r.ref }.should_not include(@no_ensure_resource.ref)
end
end
describe "when the instance's ensure property does not accept absent" do
it "should not be included in the generated resources" do
@no_absent_resource = Puppet::Type.type(:service).new(:name => 'foobar')
The code:
func = nil
assert_nothing_raised do
func = Puppet::Parser::AST::Function.new(
:name => "template",
:ftype => :rvalue,
:arguments => AST::ASTArray.new(
:children => [stringobj(template)]
)
becomes:
func = nil
assert_nothing_raised do
func = Puppet::Parser::AST::Function.new(
:name => "template",
:ftype => :rvalue,
:arguments => AST::ASTArray.new(
:children => [stringobj(template)]
)
The code:
assert(
@store.allowed?("hostname.madstop.com", "192.168.1.50"),
"hostname not allowed")
assert(
! @store.allowed?("name.sub.madstop.com", "192.168.0.50"),
"subname name allowed")
becomes:
assert(
@store.allowed?("hostname.madstop.com", "192.168.1.50"),
"hostname not allowed")
assert(
! @store.allowed?("name.sub.madstop.com", "192.168.0.50"),
"subname name allowed")
The code:
assert_nothing_raised {
server = Puppet::Network::Handler.fileserver.new(
:Local => true,
:Config => false
)
}
becomes:
assert_nothing_raised {
server = Puppet::Network::Handler.fileserver.new(
:Local => true,
:Config => false
)
}
The code:
'yay',
{ :failonfail => false,
:uid => @user.uid,
:gid => @user.gid }
).returns('output')
output = Puppet::Util::SUIDManager.run_and_capture 'yay',
@user.uid,
@user.gid
becomes:
'yay',
{ :failonfail => false,
:uid => @user.uid,
:gid => @user.gid }
).returns('output')
output = Puppet::Util::SUIDManager.run_and_capture 'yay',
@user.uid,
@user.gid
The code:
).times(1)
pkg.provider.expects(
:aptget
).with(
'-y',
'-q',
'remove',
'faff'
becomes:
).times(1)
pkg.provider.expects(
:aptget
).with(
'-y',
'-q',
'remove',
'faff'
The code:
johnny one two
billy three four\n"
# Just parse and generate, to make sure it's isomorphic.
assert_nothing_raised do
assert_equal(text, @parser.to_file(@parser.parse(text)),
"parsing was not isomorphic")
end
end
def test_valid_attrs
becomes:
johnny one two
billy three four\n"
# Just parse and generate, to make sure it's isomorphic.
assert_nothing_raised do
assert_equal(text, @parser.to_file(@parser.parse(text)),
"parsing was not isomorphic")
end
end
def test_valid_attrs
The code:
"testing",
:onboolean => [true, "An on bool"],
:string => ["a string", "A string arg"]
)
result = []
should = []
assert_nothing_raised("Add args failed") do
@config.addargs(result)
end
@config.each do |name, element|
becomes:
"testing",
:onboolean => [true, "An on bool"],
:string => ["a string", "A string arg"]
)
result = []
should = []
assert_nothing_raised("Add args failed") do
@config.addargs(result)
end
@config.each do |name, element|
|
| |
|
|
|
|
|
| |
RunMode is only created once instead of every time it's called
Got lots of unpredictable test failures, presumably because a new
RunMode was being created every time we accessed the RunMode.
|
| |
|
|
|
|
|
|
| |
Mode is a terribly overused word. Files use it, puppetdoc uses it, and
certs use it, and those are just the places that I happened to
stumble upon. It makes reading code very confusing and finding things
in code difficult. I know namespacing allows us to reuse words for
method and variable names, but that doesn't mean we should.
|
| |
|
|
| |
Part 2 re-did the change on the spec files, which it shouldn't have.
|
| |
|
|
|
|
|
|
|
| |
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
| |
|
|
|
|
|
|
|
| |
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
| |
|
|
|
|
|
|
|
|
|
|
| |
deprecation warnings from Rails ActiveSupport
The metaid.rb file came straight from why the lucky stiff's "seeing
metaclasses clearly" article. Rails used this too, but they recently
deprecated the name metaclass in favor of singleton_class to match what
ruby-core decided to do. meta, eigen and singlton class were all
suggested and in the end singleton was agreed upon.
http://redmine.ruby-lang.org/issues/show/1082
|
| |
|
|
|
|
|
| |
Use a predicate function on the Mode object instead of comparing with
the executable name everywhere
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
| |
A minor api change and an even less significant variable name change in earlier
commits broke two test.
|
| |
|
|
| |
Adds a --signed option to the --list feature that only displays signed certificates
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This patch reverts the semantically significant parts of #2890 due to the
issues discussed on #3360 (security concerns when used with autosign,
inconsistency between REST & XMLRPC semantics) but leaves the semantically
neutral changes (code cleanup, added tests) in place.
This patch is intended for 0.25.x, but may also be applied as a step in the
resolution of #3450 (refactored #2890, add "remove_certs" flag) in Rolwf.
|
| |
|
|
|
|
| |
This change to the REST branch restores some sanity by explicitly
allowing a destination URL for indirector save() calls,
removing a hack that I was using to accomplish this.
|
| |
|
|
|
|
| |
New code was calling a mocked method that was stubbed too broadly,
causing the whole thing to act strangely.
I've tightened the existing stub and stubbed the new method call.
|
| |
|
|
|
|
|
|
| |
OpenSSL::Digest.hexdigest is not available on older ruby versions.
This patch accesses directly to the digest instead (which hopefully
support hexdigest).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds several things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
* a --fingerprint puppetd option to display client certificates
* each time a CSR is generated, its fingerprint is displayed in the log
It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
| |
This reverts commit a9fb82b0026e75a670fec553b17de3b0f091c2a5.
An older branch was pulled
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds two things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates
It is also possible to use --digest to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch implements the two-part suggestion from the ticket;
1) a client that receives a certificate that doesn't match its current
private key does not accept, store or use the certificate--instead it
removes any locally cached copies and acts as if the certificate had
never been found.
2) a puppetmaster that receives a csr from a client for whom it already
has a signed certificate now honors the request and considers it to
supercede any previously signed certificates.
In order to make the cache expiration work as expected, I changed a few
assumptions in the caching system:
* The expiration of a cached certificate is the earlier of the envelope
expiration and the certificate's expiration, as opposed to just overriding
the cache value
* Telling the cache to expire an item now removes it from the cache if
possible, rather than just setting an expiration date in the past and
hoping that somebody notices.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The fix for #2661 changed the behavior of Puppet::SSL::Host enough to
confuse these mocks.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppetd.rb
lib/puppet/parser/ast/leaf.rb
lib/puppet/util/rdoc/parser.rb
|
| | |
| |
| |
| |
| |
| | |
This was deprecated in commit 1cfb0215 and was keeping puppetd from starting in listen mode.
Signed-off-by: John A. Barbuto <jbarbuto@corp.sourceforge.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows one to specify the name to use in the
CA certificate. It defaults to the :certname,
but for those stuck using mod_ssl it can be changed.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |/
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This patch does two things:
* it enhance puppetca to list revoked certificates (prefixed by -)
* it fixes the ca crl verification which was broken
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
|
| |
|
|
| |
requires certificate serial number to be strictly positive.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit includes multiple, related changes, all
in one commit because the whole thing was necessary to
reach a functional tree again:
* The URI starts with the environment, so:
/production/certificate/foo
/development/file_content/path/to/your/file
* All REST handling is done by a single instance mounted
at / for webrick and Mongrel, rather than having individual
instances mounted at, say, /certificate.
* All REST URI translation is done by an API module. Currently
only the 'v1' module exists with no support for additional modules,
but it's well-separated and will be easy to expand as we need it.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem was that the server had a certificate
for the client. Initially the client just didn't have a
key, because it assumed that if it had a certificate then
it had a key. Upon fixing it to create the key, the key then
did not match the found certificate.
This commit fixes both of those: The key is always found
before the certificate, and when the certificate is found
it's verified against the private key and an exception
is thrown if they don't match.
It's always a failure, so this just makes the failure
more informative.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
It wasn't a terribly useful test anyway, since
no one depends on that individual configuration.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This is important because puppetmasterd changes its configurations
a couple of times, and we need to disable any previously-created
caches.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the SSL Host couldn't save a CSR or key, it would still
keep them in memory; this meant that, for instance, a CSR
that couldn't be saved to the server was never resent.
This commit removes in-memory instances that couldn't be saved,
thus forcing regeneration.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
| |
The main aspect of this solution is to create a site-wide
Puppet::SSL::Host instance to cache ssl key and certificate,
so that by the time we've switched UIDs, we've got the key and
cert in memory. Then webrick just uses that, rather than creating
a new Host instance.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
bin/puppetca
lib/puppet/type/group.rb
lib/puppet/type/tidy.rb
lib/puppet/util/settings.rb
Also edited the following files so tests will pass:
lib/puppet/type/component.rb
spec/unit/ssl/certificate_request.rb
spec/unit/type/computer.rb
spec/unit/type/mcx.rb
spec/unit/type/resources.rb
spec/unit/util/settings.rb
spec/unit/util/storage.rb
test/ral/type/zone.rb
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We have to have a CA cert first, because the host will
start using the client cert as soon as it's available,
but it's not functional without a CA cert.
Also removing extra stupid stuff from wait_for_cert --
the connection is now always recycled, which is much simpler.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
