← Back to branch summary

~lynxman/ubuntu/precise/puppet/puppetlabsfixbug12844

« back to all changes in this revision

Viewing changes to .pc/CVE-2011-3872.patch/spec/integration/defaults_spec.rb

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2011-10-24 15:05:12 UTC
  • Revision ID: james.westby@ubuntu.com-20111024150512-yxqwfdp6hcs6of5l
Tags: 2.7.1-1ubuntu3.2
* SECURITY UPDATE: puppet master impersonation via incorrect certificates
  - debian/patches/CVE-2011-3872.patch: refactor certificate handling.
  - Thanks to upstream for providing the patch.
  - CVE-2011-3872

Show diffs side-by-side

added added

removed removed

Lines of Context:
.pc/CVE-2011-3872.patch/spec/integration/defaults_spec.rb
 
1
#!/usr/bin/env rspec
 
2
require 'spec_helper'
 
3
 
 
4
require 'puppet/defaults'
 
5
require 'puppet/rails'
 
6
 
 
7
describe "Puppet defaults" do
 
8
    include Puppet::Util::Execution
 
9
  after { Puppet.settings.clear }
 
10
 
 
11
  describe "when setting the :factpath" do
 
12
    it "should add the :factpath to Facter's search paths" do
 
13
      Facter.expects(:search).with("/my/fact/path")
 
14
 
 
15
      Puppet.settings[:factpath] = "/my/fact/path"
 
16
    end
 
17
  end
 
18
 
 
19
  describe "when setting the :certname" do
 
20
    it "should fail if the certname is not downcased" do
 
21
      lambda { Puppet.settings[:certname] = "Host.Domain.Com" }.should raise_error(ArgumentError)
 
22
    end
 
23
  end
 
24
 
 
25
  describe "when configuring the :crl" do
 
26
    it "should warn if :cacrl is set to false" do
 
27
      Puppet.expects(:warning)
 
28
      Puppet.settings[:cacrl] = 'false'
 
29
    end
 
30
  end
 
31
 
 
32
  describe "when setting the :catalog_format" do
 
33
    it "should log a deprecation notice" do
 
34
      Puppet.expects(:warning)
 
35
      Puppet.settings[:catalog_format] = 'marshal'
 
36
    end
 
37
    it "should copy the value to :preferred_serialization_format" do
 
38
      Puppet.settings[:catalog_format] = 'marshal'
 
39
      Puppet.settings[:preferred_serialization_format].should == 'marshal'
 
40
    end
 
41
  end
 
42
 
 
43
  it "should have a clientyamldir setting" do
 
44
    Puppet.settings[:clientyamldir].should_not be_nil
 
45
  end
 
46
 
 
47
  it "should have different values for the yamldir and clientyamldir" do
 
48
    Puppet.settings[:yamldir].should_not == Puppet.settings[:clientyamldir]
 
49
  end
 
50
 
 
51
  it "should have a client_datadir setting" do
 
52
    Puppet.settings[:client_datadir].should_not be_nil
 
53
  end
 
54
 
 
55
  it "should have different values for the server_datadir and client_datadir" do
 
56
    Puppet.settings[:server_datadir].should_not == Puppet.settings[:client_datadir]
 
57
  end
 
58
 
 
59
  # See #1232
 
60
  it "should not specify a user or group for the clientyamldir" do
 
61
    Puppet.settings.setting(:clientyamldir).owner.should be_nil
 
62
    Puppet.settings.setting(:clientyamldir).group.should be_nil
 
63
  end
 
64
 
 
65
  it "should use the service user and group for the yamldir" do
 
66
    Puppet.settings.stubs(:service_user_available?).returns true
 
67
    Puppet.settings.setting(:yamldir).owner.should == Puppet.settings[:user]
 
68
    Puppet.settings.setting(:yamldir).group.should == Puppet.settings[:group]
 
69
  end
 
70
 
 
71
  # See #1232
 
72
  it "should not specify a user or group for the rundir" do
 
73
    Puppet.settings.setting(:rundir).owner.should be_nil
 
74
    Puppet.settings.setting(:rundir).group.should be_nil
 
75
  end
 
76
 
 
77
  it "should specify that the host private key should be owned by the service user" do
 
78
    Puppet.settings.stubs(:service_user_available?).returns true
 
79
    Puppet.settings.setting(:hostprivkey).owner.should == Puppet.settings[:user]
 
80
  end
 
81
 
 
82
  it "should specify that the host certificate should be owned by the service user" do
 
83
    Puppet.settings.stubs(:service_user_available?).returns true
 
84
    Puppet.settings.setting(:hostcert).owner.should == Puppet.settings[:user]
 
85
  end
 
86
 
 
87
  it "should use a bind address of ''" do
 
88
    Puppet.settings.clear
 
89
    Puppet.settings[:bindaddress].should == ""
 
90
  end
 
91
 
 
92
  [:factdest].each do |setting|
 
93
    it "should force the :factdest to be a directory" do
 
94
      Puppet.settings[setting].should =~ /\/$/
 
95
    end
 
96
  end
 
97
 
 
98
  [:modulepath, :factpath].each do |setting|
 
99
    it "should configure '#{setting}' not to be a file setting, so multi-directory settings are acceptable" do
 
100
      Puppet.settings.setting(setting).should be_instance_of(Puppet::Util::Settings::Setting)
 
101
    end
 
102
  end
 
103
 
 
104
  it "should add /usr/sbin and /sbin to the path if they're not there" do
 
105
    withenv("PATH" => "/usr/bin:/usr/local/bin") do
 
106
      Puppet.settings[:path] = "none" # this causes it to ignore the setting
 
107
      ENV["PATH"].split(File::PATH_SEPARATOR).should be_include("/usr/sbin")
 
108
      ENV["PATH"].split(File::PATH_SEPARATOR).should be_include("/sbin")
 
109
    end
 
110
  end
 
111
 
 
112
  it "should default to pson for the preferred serialization format" do
 
113
    Puppet.settings.value(:preferred_serialization_format).should == "pson"
 
114
  end
 
115
 
 
116
  describe "when enabling storeconfigs" do
 
117
    before do
 
118
      Puppet::Resource::Catalog.indirection.stubs(:cache_class=)
 
119
      Puppet::Node::Facts.indirection.stubs(:cache_class=)
 
120
      Puppet::Node.indirection.stubs(:cache_class=)
 
121
 
 
122
      Puppet.features.stubs(:rails?).returns true
 
123
    end
 
124
 
 
125
    it "should set the Catalog cache class to :active_record" do
 
126
      Puppet::Resource::Catalog.indirection.expects(:cache_class=).with(:active_record)
 
127
      Puppet.settings[:storeconfigs] = true
 
128
    end
 
129
 
 
130
    it "should not set the Catalog cache class to :active_record if asynchronous storeconfigs is enabled" do
 
131
      Puppet::Resource::Catalog.indirection.expects(:cache_class=).with(:active_record).never
 
132
      Puppet.settings.expects(:value).with(:async_storeconfigs).returns true
 
133
      Puppet.settings[:storeconfigs] = true
 
134
    end
 
135
 
 
136
    it "should set the Facts cache class to :active_record" do
 
137
      Puppet::Node::Facts.indirection.expects(:cache_class=).with(:active_record)
 
138
      Puppet.settings[:storeconfigs] = true
 
139
    end
 
140
 
 
141
    it "should set the Node cache class to :active_record" do
 
142
      Puppet::Node.indirection.expects(:cache_class=).with(:active_record)
 
143
      Puppet.settings[:storeconfigs] = true
 
144
    end
 
145
 
 
146
    it "should fail if rails is not available" do
 
147
      Puppet.features.stubs(:rails?).returns false
 
148
      lambda { Puppet.settings[:storeconfigs] = true }.should raise_error
 
149
    end
 
150
  end
 
151
 
 
152
  describe "when enabling asynchronous storeconfigs" do
 
153
    before do
 
154
      Puppet::Resource::Catalog.indirection.stubs(:cache_class=)
 
155
      Puppet::Node::Facts.indirection.stubs(:cache_class=)
 
156
      Puppet::Node.indirection.stubs(:cache_class=)
 
157
      Puppet.features.stubs(:rails?).returns true
 
158
    end
 
159
 
 
160
    it "should set storeconfigs to true" do
 
161
      Puppet.settings[:async_storeconfigs] = true
 
162
      Puppet.settings[:storeconfigs].should be_true
 
163
    end
 
164
 
 
165
    it "should set the Catalog cache class to :queue" do
 
166
      Puppet::Resource::Catalog.indirection.expects(:cache_class=).with(:queue)
 
167
      Puppet.settings[:async_storeconfigs] = true
 
168
    end
 
169
 
 
170
    it "should set the Facts cache class to :active_record" do
 
171
      Puppet::Node::Facts.indirection.expects(:cache_class=).with(:active_record)
 
172
      Puppet.settings[:storeconfigs] = true
 
173
    end
 
174
 
 
175
    it "should set the Node cache class to :active_record" do
 
176
      Puppet::Node.indirection.expects(:cache_class=).with(:active_record)
 
177
      Puppet.settings[:storeconfigs] = true
 
178
    end
 
179
  end
 
180
 
 
181
  describe "when enabling thin storeconfigs" do
 
182
    before do
 
183
      Puppet::Resource::Catalog.indirection.stubs(:cache_class=)
 
184
      Puppet::Node::Facts.indirection.stubs(:cache_class=)
 
185
      Puppet::Node.indirection.stubs(:cache_class=)
 
186
      Puppet.features.stubs(:rails?).returns true
 
187
    end
 
188
 
 
189
    it "should set storeconfigs to true" do
 
190
      Puppet.settings[:thin_storeconfigs] = true
 
191
      Puppet.settings[:storeconfigs].should be_true
 
192
    end
 
193
  end
 
194
 
 
195
  it "should have a setting for determining the configuration version and should default to an empty string" do
 
196
    Puppet.settings[:config_version].should == ""
 
197
  end
 
198
 
 
199
  describe "when enabling reports" do
 
200
    it "should use the default server value when report server is unspecified" do
 
201
      Puppet.settings[:server] = "server"
 
202
      Puppet.settings[:report_server].should == "server"
 
203
    end
 
204
 
 
205
    it "should use the default masterport value when report port is unspecified" do
 
206
      Puppet.settings[:masterport] = "1234"
 
207
      Puppet.settings[:report_port].should == "1234"
 
208
    end
 
209
 
 
210
    it "should set report_server when reportserver is set" do
 
211
      Puppet.settings[:reportserver] = "reportserver"
 
212
      Puppet.settings[:report_server].should == "reportserver"
 
213
    end
 
214
 
 
215
    it "should use report_port when set" do
 
216
      Puppet.settings[:masterport] = "1234"
 
217
      Puppet.settings[:report_port] = "5678"
 
218
      Puppet.settings[:report_port].should == "5678"
 
219
    end
 
220
 
 
221
    it "should prefer report_server over reportserver" do
 
222
      Puppet.settings[:reportserver] = "reportserver"
 
223
      Puppet.settings[:report_server] = "report_server"
 
224
      Puppet.settings[:report_server].should == "report_server"
 
225
    end
 
226
  end
 
227
 
 
228
  it "should have a :caname setting that defaults to the cert name" do
 
229
    Puppet.settings[:certname] = "foo"
 
230
    Puppet.settings[:ca_name].should == "Puppet CA: foo"
 
231
  end
 
232
 
 
233
  it "should have a 'prerun_command' that defaults to the empty string" do
 
234
    Puppet.settings[:prerun_command].should == ""
 
235
  end
 
236
 
 
237
  it "should have a 'postrun_command' that defaults to the empty string" do
 
238
    Puppet.settings[:postrun_command].should == ""
 
239
  end
 
240
 
 
241
  it "should have a 'certificate_revocation' setting that defaults to true" do
 
242
    Puppet.settings[:certificate_revocation].should be_true
 
243
  end
 
244
 
 
245
  it "should have an http_compression setting that defaults to false" do
 
246
    Puppet.settings[:http_compression].should be_false
 
247
  end
 
248
 
 
249
  describe "reportdir" do
 
250
    subject { Puppet.settings[:reportdir] }
 
251
    it { should == "#{Puppet[:vardir]}/reports" }
 
252
  end
 
253
 
 
254
  describe "reporturl" do
 
255
    subject { Puppet.settings[:reporturl] }
 
256
    it { should == "http://localhost:3000/reports" }
 
257
  end
 
258
end