| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| | |
This models the existing Inventory module in the sslcertificates/
directory, but does so as an instance, rather than a module.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Without this, then you could end up duplicating your CA
key into the normal directory depending on how caching
was set up.
Again, this design aspect isn't the most straightforward,
but at least it's functional now.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, the class was returning OpenSSL instances
(e.g, OpenSSL::X509::Certificate) instead of Puppet instances
(e.g., Puppet::SSL::Certificate). This made some things
easier, but it made them asymmetric (e.g., you assigned the
key as a Puppet instance but got back an OpenSSL instance), and
it also reduced your flexibility and introspectiveness.
|
| | |
| |
| |
| | |
cert.
|
| | |
| |
| |
| |
| | |
This flushed out some problems, and things mostly look good
now, but I don't think we're quite there yet.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was necessary because when the Indirector is used, there
isn't necessarily enough context available to know when a
password file should be used (e.g., when reading a Key from disk,
you don't know if that key was encrypted).
Now, the Key class automatically uses the right password file, and
only tries to use those files that actually exist.
This isn't very flexible, in that it only allows one CA file and
one non-CA file, but no one really uses anything but
the CA file anyway.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
terminus classes, rather than the normal :file classes.
This is unfortunately complicated, and it means that the Key
:ca_file is only ever actually used for retrieving the CA key
itself.
|
| | |
| |
| |
| |
| | |
cache classes. Also, defaulting to the :file terminus
for all of the SSL classes.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
It previously was a subclass of Host, but this should make it
easier to separate between the thing doing the signing and the
thing managing the necessary files.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a kind of weird design situation. For instance, we've got a
collection of certificates in the :certdir, but then there's a special
CA certificate off by itself. Rather than build a whole separate
infrastructure for managing those separate files (cert and key, at least),
I decided to add special support for specifying where to find the CA-specific
bits, and then code for handling them when necessary.
This requires that we have a standard way of knowing whether we should be
managing the CA bits or normal host files. The Puppet::SSL::Host class now has
a 'ca_name' method that returns the string we're using for the CA name; this
name is currently 'ca'. We have to use a name, because the name is the only
thing that all methods have access to (e.g., when trying to 'find' the right
cert, we only have the name available).
What this means is that if you want access to the CA key or cert, then create
a Puppet::SSL::Host instance with the name 'ca'.
You'll still get the CA cert created with the host's :certname; it will just
be stored in a different location.
|
| | |
| |
| |
| | |
now returns false on missing files, rather than failing.
|
| | | |
|
| | |
| |
| |
| |
| | |
a terminus. Also, getting rid of some metaprogramming
that wasn't really helping.
|
| | |
| |
| |
| |
| | |
specifying the terminus class. The individual ssl
classes now work, but the ssl host class doesn't yet.
|
| | |
| |
| |
| | |
thing to readable human text.
|
| | | |
|
| | |
| |
| |
| | |
revocation list.
|
| | |
| |
| |
| | |
and the SSL::Host class.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
requests and return certificates. There's still plenty
more work to do, but I'm probably not much more than a
day away from redoing puppetca to use this code.
|
| | |
| |
| |
| |
| |
| | |
I probably am going to skip the tests for the rest, since
the code is unlikely to ever change, and it's going to be
a royal pain to test.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
The tests are basically entirely absent still, but
the structure is all there.
|
| | |
| |
| |
| |
| |
| |
| | |
keys, certificates, and requests now work, including
talking to the certificate authority. Now we just
need the authority itself, along with the necessary
REST terminii.
|
| | |
| |
| |
| | |
classes, finally including the certificate requests.
|
| | |
| |
| |
| |
| | |
with the existing cert/key store. Certificate requests
are not yet handled, nor are the ca-specific collections.
|
| | |
| |
| |
| |
| | |
indirection terminii are done. I need to move most of
the test code to a shared behaviour now.
|
| | | |
|
| | |
| |
| |
| | |
functionally connected to any kind of indirection.
|
| | | |
|
| | |
| |
| |
| | |
keys kind of work.
|
| | |
| |
| |
| |
| | |
ssl. The tests can't be completed until the certificate work
is all done.
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
spec/unit/network/server.rb
|
| | |
| |
| |
| | |
the connection information.
|
| | |
| |
| |
| |
| | |
to work with the current state of the indirection work,
including using a request object and an expiration date.
|
| | |
| |
| |
| |
| | |
the results of destroying, so they can return true
or false.
|
| | | |
|
| | |
| |
| |
| | |
overridden to lookup the real connection details
|
| | |
| |
| |
| | |
pending specs
|
| | |
| |
| |
| | |
REST save functionality
|
| | |
| |
| |
| | |
in that area now need to be updated.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
on both webrick & mongrel).
Added pending specs for the trivialities in the REST network_fetch and network_delete methods.
Refactored YAML exception detection out into a private helper method.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Refactored specs to put some of the lower-level find/save/search/destroy unit tests under their own contexts.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
REST-related code. Two specs are failing related to how Mongrel is initialized for REST; will fix those shortly.
REST indirector now supports find, with deserialization. Network code in indirector now. Will still need to un-hardwire address/port for outbound connections. Will still need to urlencode path parameters.
Code for search, destroy, update is coming, should be similar to find.
Reworked how the Handler module is used. Needed to be included, rather than inherited. Needed to sidestep initializers for actual web servers (webrick, mongrel), needed to be possible to have handler-including class be used as a class (aka servlet) instead of as an instance.
Webrick handler registration is now abstracted to "above" the servlet.
Provided a #model method to use instead of @model in handler module. This allows neutering during testing.
Brought class_for_protocol up into http/webrick class as a (tested) class method.
Integration tests for rest indirection. Split server integration tests into mongrel and webrick tests.
Got Node/REST working properly wrt the crazy-ass autoloader thing.
We're now actually passing traffic w/ webrick, fwiw.
|
