| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This directory only existed as an organizational method,
and the code never matched it, so I'm fixing it.
|
| | | |
| | |
| | |
| | | |
It was causing exceptions when run as part of the whole suite.
|
| | |/
| |
| |
| | |
This fixes #1179.
|
| | |
| |
| |
| | |
Also slightly modified the wording of some of the tests.
|
| | | |
|
| | |\ |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
These providers use posixAccount and posixGroup.
This is a collapsed merge, fwiw.
|
| | | | |
|
| | |/ |
|
| | |
| |
| |
| |
| | |
This provides a single, global bit for determining whether
a given piece of cached data is still valid.
|
| | |
| |
| |
| |
| |
| |
| | |
I keep having issues with integration tests keeping
cached values around, and this module should hopefully
give us a single place to invalidate all caches, thus
making testing this much easier.
|
| | |
| |
| |
| |
| |
| |
| | |
The HttpPool module now removes its cached ssl_host instance
when clearing its cache. This is really only useful
for testing, but it correctly causes the pool to use
new certificates when they're available.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, you had to configure whether you wanted the CRL or not,
which resulted in errors all the time when it was configured but
unavailable.
Now, Puppet will always create and try to use it, but you won't
get failures if it's unavailable.
|
| | |
| |
| |
| |
| |
| | |
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
|
| | |
| |
| |
| | |
class.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We can't have the HttpPool class use the Indirector to see
if it has a cert available, because it might be being used to
try to download one, which would cause it to make an http instance,
which would cause it to... Well, you get the idea.
Adding and fixing a few other tests I ran into on the way.
|
| | | |
|
| | |
| |
| |
| |
| | |
Now the CSR class triggers autosigning when any CSR is
saved, if it's running on a CA host.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
...as far as I can tell. The client, however, is broken,
since it used the old http_pool/ssl_support stuff, which
no longer works.
I have to port puppetd over to using the new ssl stuff,
then I'll at least be able to verify that the master can
still speak xmlrpc.
|
| | |
| |
| |
| |
| |
| |
| | |
I don't think the whole thing is done, but at least the
basic flows are in place. Now it's just a question of
doing real-world tests and fleshing out the unit tests
as necessary.
|
| | |
| |
| |
| | |
This requires less setup and configuration on the part of the user.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes is so that if you, for instance, reset the vardir,
then the next time an initialization call is made, we reuse
any previously used sections, thus (hopefully) correctly
creating any newly needed directories.
This is mostly helpful during testing.
|
| | |
| |
| |
| |
| | |
It uses an instance of SSL::Host for getting its certificate
and ssl store.
|
| | |
| |
| |
| | |
These were still writing to ~.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
responsibilities to the SSL::Host class.
I was previously saving invalid CRLs unless they'd had a revocation
done in them; this commit fixes them so that they're always valid.
Also, I've added to SSL::Host the ability to generate a valid
SSL Store, suitable for validation. This is now used by
Webrick and can be used by the http clients, too.
This should have been two commits, but I'm kind of down the
rabbit hole ATM.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
appropriate.
It uses the CA singleton method to determine
whether it's on valid CA host, and if so, uses
the CA instance to sign its generated CSR.
|
| | |
| |
| |
| |
| |
| |
| | |
I realized that it never made sense to have a CA
that didn't know how to initialize itself, so we
now have a singleton method for the CA, and it also
automatically initializes itself.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The code is much cleaner, and it seems to be mostly
functional, but we have to pick a strategy for signing
the host's certificate on first startup. Also, I haven't
actually done end-to-end testing yet, which needs the certs
working first.
|
| | | |
|
| | |
| |
| |
| |
| | |
This provides the backward compatibility for webrick,
and only Mongrel is left.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This provides the interface for configuring backward compatibility
in the new-style server code. It requires a completely different
configuration step, in that REST and xmlrpc handlers are configured
separately, rather than using the same handler names, but this was
considered less evil than having a large abstraction layer for specifying
how the handlers are related.
|
| | |
| |
| |
| |
| | |
Now I just need to get xmlrpc working alongside REST in
both mongrel and webrick.
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
bin/puppetca
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
saves to the :localcacert instead of :cacert.
This way the :ca terminus saves to :cacert and the :file
terminus saves to :localcacert.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The CRL was not correctly being added to the Store used
for verification.
It does not appear to be working, though, since revoked
certificates still pass verification.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This class provides all of the semantics from puppetca,
and appears to entirely duplicate the behaviour of the existing
executable, with basically all of the code in a library
file, instead of the executable.
As such, I've deleted the test for the executable. We should have
one, but it's not nearly as important.
|
| | |
| |
| |
| | |
rather than an instance method.
|
| | |
| |
| |
| |
| |
| |
| | |
This commit adds 'list' and 'print' support to the CA.
They're mostly delegator methods, but now the CA should be
the sole interface for puppetca.
|
| | |
| |
| |
| |
| |
| | |
Certificate revocation now works, the CA knows how
to generate the CRL, and the SSL::Host class knows
how to configure the CRL class for indirection.
|
| | |
| |
| |
| |
| | |
The new-style CA now keeps track of all of its signed
certificates in its inventory file.
|
| | | |
|
| | |
| |
| |
| | |
first cert is added, so it's easier to test.
|
