File: host_spec.rb

package info (click to toggle)
puppet 5.5.22-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 21,316 kB
  • sloc: ruby: 254,925; sh: 1,608; xml: 219; makefile: 153; sql: 103
file content (80 lines) | stat: -rw-r--r-- 2,486 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
require 'spec_helper'

require 'puppet/ssl/host'

describe Puppet::SSL::Host do
  include PuppetSpec::Files

  before do
    # Get a safe temporary file
    dir = tmpdir("host_integration_testing")

    Puppet.settings[:confdir] = dir
    Puppet.settings[:vardir] = dir

    Puppet::SSL::Host.ca_location = :local

    @host = Puppet::SSL::Host.new("luke.madstop.com")
    @ca = Puppet::SSL::CertificateAuthority.new
  end

  after {
    Puppet::SSL::Host.ca_location = :none
  }

  it "should be considered a CA host if its name is equal to 'ca'" do
    expect(Puppet::SSL::Host.new(Puppet::SSL::CA_NAME)).to be_ca
  end

  describe "when managing its key" do
    it "should be able to generate and save a key" do
      @host.generate_key
    end

    it "should save the key such that the Indirector can find it" do
      @host.generate_key

      expect(Puppet::SSL::Key.indirection.find(@host.name).content.to_s).to eq(@host.key.to_s)
    end

    it "should save the private key into the :privatekeydir" do
      @host.generate_key
      expect(File.read(File.join(Puppet.settings[:privatekeydir], "luke.madstop.com.pem"))).to eq(@host.key.to_s)
    end
  end

  describe "when managing its certificate request" do
    it "should be able to generate and save a certificate request" do
      @host.generate_certificate_request
    end

    it "should save the certificate request such that the Indirector can find it" do
      @host.generate_certificate_request

      expect(Puppet::SSL::CertificateRequest.indirection.find(@host.name).content.to_s).to eq(@host.certificate_request.to_s)
    end

    it "should save the private certificate request into the :privatekeydir" do
      @host.generate_certificate_request
      expect(File.read(File.join(Puppet.settings[:requestdir], "luke.madstop.com.pem"))).to eq(@host.certificate_request.to_s)
    end
  end

  describe "when the CA host" do
    it "should never store its key in the :privatekeydir" do
      Puppet.settings.use(:main, :ssl, :ca)
      @ca = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name)
      @ca.generate_key

      expect(Puppet::FileSystem.exist?(File.join(Puppet[:privatekeydir], "ca.pem"))).to be_falsey
    end
  end

  it "should pass the verification of its own SSL store", :unless => Puppet.features.microsoft_windows? do
    @host.generate
    @ca = Puppet::SSL::CertificateAuthority.new
    @ca.sign(@host.name)

    expect(@host.ssl_store.verify(@host.certificate.content)).to be_truthy
  end
end