1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
require 'puppet'
require 'puppet/client'
require 'puppet/server'
require 'puppettest'
class TestClient < Test::Unit::TestCase
include PuppetTest::ServerTest
# a single run through of connect, auth, etc.
def test_sslInitWithAutosigningLocalServer
# autosign everything, for simplicity
Puppet[:autosign] = true
# create a server to which to connect
mkserver()
# create our client
client = nil
assert_nothing_raised {
client = Puppet::Client::MasterClient.new(
:Server => "localhost",
:Port => @@port
)
}
# get our certs
assert_nothing_raised {
client.initcerts
}
# make sure all of our cert files exist
certfile = File.join(Puppet[:certdir], [client.fqdn, "pem"].join("."))
keyfile = File.join(Puppet[:privatekeydir], [client.fqdn, "pem"].join("."))
publickeyfile = File.join(Puppet[:publickeydir], [client.fqdn, "pem"].join("."))
assert(File.exists?(keyfile))
assert(File.exists?(certfile))
assert(File.exists?(publickeyfile))
# verify we can retrieve the configuration
assert_nothing_raised("Client could not retrieve configuration") {
client.getconfig
}
# and apply it
assert_nothing_raised("Client could not apply configuration") {
client.apply
}
# and verify that it did what it was supposed to
assert(FileTest.exists?(@createdfile),
"Applied file does not exist")
end
# here we create two servers; we
def test_failureWithUntrustedCerts
Puppet[:autosign] = true
# create a pair of clients with no certs
nonemaster = nil
assert_nothing_raised {
nonemaster = Puppet::Client::MasterClient.new(
:Server => "localhost",
:Port => @@port
)
}
nonebucket = nil
assert_nothing_raised {
nonebucket = Puppet::Client::Dipper.new(
:Server => "localhost",
:Port => @@port
)
}
# create a ca so we can create a set of certs
# make a new ssldir for it
ca = nil
assert_nothing_raised {
ca = Puppet::Client::CA.new(
:CA => true, :Local => true
)
ca.requestcert
}
# initialize our clients with this set of certs
certmaster = nil
assert_nothing_raised {
certmaster = Puppet::Client::MasterClient.new(
:Server => "localhost",
:Port => @@port
)
}
certbucket = nil
assert_nothing_raised {
certbucket = Puppet::Client::Dipper.new(
:Server => "localhost",
:Port => @@port
)
}
# Create a new ssl root.
confdir = tempfile()
Puppet[:ssldir] = confdir
Puppet.config.mkdir(:ssldir)
Puppet.config.clearused
Puppet.config.use(:certificates, :ca)
mkserver
# now verify that our client cannot do non-cert operations
# because its certs are signed by a different CA
assert_raise(Puppet::Error,
"Client was allowed to call getconfig with no certs") {
nonemaster.getconfig
}
assert_raise(Puppet::Error,
"Client was allowed to call getconfig with untrusted certs") {
certmaster.getconfig
}
assert_raise(Puppet::NetworkClientError,
"Client was allowed to call backup with no certs") {
nonebucket.backup("/etc/passwd")
}
assert_raise(Puppet::NetworkClientError,
"Client was allowed to call backup with untrusted certs") {
certbucket.backup("/etc/passwd")
}
end
def test_classfile
manifest = tempfile()
File.open(manifest, "w") do |file|
file.puts "class yaytest {}\n class bootest {}\n include yaytest, bootest"
end
master = client = nil
assert_nothing_raised() {
master = Puppet::Server::Master.new(
:Manifest => manifest,
:UseNodes => false,
:Local => false
)
}
assert_nothing_raised() {
client = Puppet::Client::MasterClient.new(
:Master => master
)
}
# Fake that it's local, so it creates the class file
client.local = false
assert_nothing_raised {
client.getconfig
}
assert(FileTest.exists?(Puppet[:classfile]), "Class file does not exist")
classes = File.read(Puppet[:classfile]).split("\n")
assert_equal(%w{bootest yaytest}, classes.sort)
end
def test_setpidfile
$clientrun = false
newclass = Class.new(Puppet::Client) do
def run
$clientrun = true
end
def initialize
end
end
inst = newclass.new
assert_nothing_raised {
inst.start
}
assert(FileTest.exists?(inst.pidfile),
"PID file was not created")
end
end
# $Id$
|
