From ea417d60915fcb68aeebaf750abb57cb5604fe6d Mon Sep 17 00:00:00 2001
From: Luke Kanies <luke@madstop.com>
Date: Wed, 19 Aug 2009 17:49:04 -0700
Subject: Fixing #2460 - puppetmasterd can now read the cert and key

This follows on to the previous commits which made Puppet
resilient to the service user being absent.  This just
changes the default owner of all of the cert-related files
to now be the service user, which means that on the server
all of these files will be owned by that user and on
the client, at least when the service user does not exist,
they will be owned by root.

Signed-off-by: Luke Kanies <luke@madstop.com>
---
 spec/integration/defaults.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'spec')

diff --git a/spec/integration/defaults.rb b/spec/integration/defaults.rb
index 35ac3b12b..c38a1a14b 100755
--- a/spec/integration/defaults.rb
+++ b/spec/integration/defaults.rb
@@ -55,6 +55,16 @@ describe "Puppet defaults" do
         Puppet.settings.setting(:rundir).group.should be_nil
     end
 
+    it "should specify that the host private key should be owned by the service user" do
+        Puppet.settings.stubs(:service_user_available?).returns true
+        Puppet.settings.setting(:hostprivkey).owner.should == Puppet.settings[:user]
+    end
+
+    it "should specify that the host certificate should be owned by the service user" do
+        Puppet.settings.stubs(:service_user_available?).returns true
+        Puppet.settings.setting(:hostcert).owner.should == Puppet.settings[:user]
+    end
+
     it "should use a bind address of ''" do
         Puppet.settings[:bindaddress].should == ""
     end
-- 
cgit