← Back to branch summary

~ubuntu-branches/ubuntu/lucid/puppet/lucid-security

« back to all changes in this revision

Viewing changes to spec/unit/ssl/certificate_authority/interface.rb

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2009-12-23 00:48:10 UTC
  • mfrom: (1.1.10 upstream) (3.1.7 squeeze)
  • Revision ID: james.westby@ubuntu.com-20091223004810-3i4oryds922g5n59
Tags: 0.25.1-3ubuntu1
* Merge from debian testing.  Remaining changes:
  - debian/rules:
    + Don't start puppet when first installing puppet.
  - debian/puppet.conf, lib/puppet/defaults.rb:
    + Move templates to /etc/puppet
  - lib/puppet/defaults.rb:
    + Fix /var/lib/puppet/state ownership.
  - man/man8/puppet.conf.8: 
    + Fix broken URL in manpage.
  - debian/control:
    + Update maintainer accordint to spec.
    + Puppetmaster Recommends -> Suggests
    + Created puppet-testsuite as a seperate. Allow the users to run puppet's 
      testsuite.
  - tests/Rakefile: Fix rakefile so that the testsuite can acutally be ran.

Show diffs side-by-side

added added

removed removed

Lines of Context:
spec/unit/ssl/certificate_authority/interface.rb
 
1
#!/usr/bin/env ruby
 
2
 
 
3
require File.dirname(__FILE__) + '/../../../spec_helper'
 
4
 
 
5
require 'puppet/ssl/certificate_authority'
 
6
 
 
7
describe "a normal interface method", :shared => true do
 
8
    it "should call the method on the CA for each host specified if an array was provided" do
 
9
        @ca.expects(@method).with("host1")
 
10
        @ca.expects(@method).with("host2")
 
11
 
 
12
        @applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, %w{host1 host2})
 
13
 
 
14
        @applier.apply(@ca)
 
15
    end
 
16
 
 
17
    it "should call the method on the CA for all existing certificates if :all was provided" do
 
18
        @ca.expects(:list).returns %w{host1 host2}
 
19
 
 
20
        @ca.expects(@method).with("host1")
 
21
        @ca.expects(@method).with("host2")
 
22
 
 
23
        @applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, :all)
 
24
 
 
25
        @applier.apply(@ca)
 
26
    end
 
27
end
 
28
 
 
29
describe Puppet::SSL::CertificateAuthority::Interface do
 
30
    before do
 
31
        @class = Puppet::SSL::CertificateAuthority::Interface
 
32
    end
 
33
    describe "when initializing" do
 
34
        it "should set its method using its settor" do
 
35
            @class.any_instance.expects(:method=).with(:generate)
 
36
            @class.new(:generate, :all)
 
37
        end
 
38
 
 
39
        it "should set its subjects using the settor" do
 
40
            @class.any_instance.expects(:subjects=).with(:all)
 
41
            @class.new(:generate, :all)
 
42
        end
 
43
    end
 
44
 
 
45
    describe "when setting the method" do
 
46
        it "should set the method" do
 
47
            @class.new(:generate, :all).method.should == :generate
 
48
        end
 
49
 
 
50
        it "should fail if the method isn't a member of the INTERFACE_METHODS array" do
 
51
            Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.expects(:include?).with(:thing).returns false
 
52
 
 
53
            lambda { @class.new(:thing, :all) }.should raise_error(ArgumentError)
 
54
        end
 
55
    end
 
56
 
 
57
    describe "when setting the subjects" do
 
58
        it "should set the subjects" do
 
59
            @class.new(:generate, :all).subjects.should == :all
 
60
        end
 
61
 
 
62
        it "should fail if the subjects setting isn't :all or an array" do
 
63
            lambda { @class.new(:generate, "other") }.should raise_error(ArgumentError)
 
64
        end
 
65
    end
 
66
 
 
67
    it "should have a method for triggering the application" do
 
68
        @class.new(:generate, :all).should respond_to(:apply)
 
69
    end
 
70
 
 
71
    describe "when applying" do
 
72
        before do
 
73
            # We use a real object here, because :verify can't be stubbed, apparently.
 
74
            @ca = Object.new
 
75
        end
 
76
 
 
77
        it "should raise InterfaceErrors" do
 
78
            @applier = @class.new(:revoke, :all)
 
79
 
 
80
            @ca.expects(:list).raises Puppet::SSL::CertificateAuthority::Interface::InterfaceError
 
81
 
 
82
            lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError)
 
83
        end
 
84
 
 
85
        it "should log non-Interface failures rather than failing" do
 
86
            @applier = @class.new(:revoke, :all)
 
87
 
 
88
            @ca.expects(:list).raises ArgumentError
 
89
 
 
90
            Puppet.expects(:err)
 
91
 
 
92
            lambda { @applier.apply(@ca) }.should_not raise_error
 
93
        end
 
94
 
 
95
        describe "with an empty array specified and the method is not list" do
 
96
            it "should fail" do
 
97
                @applier = @class.new(:sign, [])
 
98
                lambda { @applier.apply(@ca) }.should raise_error(ArgumentError)
 
99
            end
 
100
        end
 
101
 
 
102
        describe ":generate" do
 
103
            it "should fail if :all was specified" do
 
104
                @applier = @class.new(:generate, :all)
 
105
                lambda { @applier.apply(@ca) }.should raise_error(ArgumentError)
 
106
            end
 
107
 
 
108
            it "should call :generate on the CA for each host specified" do
 
109
                @applier = @class.new(:generate, %w{host1 host2})
 
110
 
 
111
                @ca.expects(:generate).with("host1")
 
112
                @ca.expects(:generate).with("host2")
 
113
 
 
114
                @applier.apply(@ca)
 
115
            end
 
116
        end
 
117
 
 
118
        describe ":verify" do
 
119
            before { @method = :verify }
 
120
            #it_should_behave_like "a normal interface method"
 
121
 
 
122
            it "should call the method on the CA for each host specified if an array was provided" do
 
123
                # LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life.
 
124
            end
 
125
 
 
126
            it "should call the method on the CA for all existing certificates if :all was provided" do
 
127
                # LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life.
 
128
            end
 
129
        end
 
130
 
 
131
        describe ":destroy" do
 
132
            before { @method = :destroy }
 
133
            it_should_behave_like "a normal interface method"
 
134
        end
 
135
 
 
136
        describe ":revoke" do
 
137
            before { @method = :revoke }
 
138
            it_should_behave_like "a normal interface method"
 
139
        end
 
140
 
 
141
        describe ":sign" do
 
142
            describe "and an array of names was provided" do
 
143
                before do
 
144
                    @applier = @class.new(:sign, %w{host1 host2})
 
145
                end
 
146
 
 
147
                it "should sign the specified waiting certificate requests" do
 
148
                    @ca.expects(:sign).with("host1")
 
149
                    @ca.expects(:sign).with("host2")
 
150
 
 
151
                    @applier.apply(@ca)
 
152
                end
 
153
            end
 
154
 
 
155
            describe "and :all was provided" do
 
156
                it "should sign all waiting certificate requests" do
 
157
                    @ca.stubs(:waiting?).returns(%w{cert1 cert2})
 
158
 
 
159
                    @ca.expects(:sign).with("cert1")
 
160
                    @ca.expects(:sign).with("cert2")
 
161
 
 
162
                    @applier = @class.new(:sign, :all)
 
163
                    @applier.apply(@ca)
 
164
                end
 
165
 
 
166
                it "should fail if there are no waiting certificate requests" do
 
167
                    @ca.stubs(:waiting?).returns([])
 
168
 
 
169
                    @applier = @class.new(:sign, :all)
 
170
                    lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError)
 
171
                end
 
172
            end
 
173
        end
 
174
 
 
175
        describe ":list" do
 
176
            describe "and an empty array was provided" do
 
177
                it "should print a string containing all certificate requests" do
 
178
                    @ca.expects(:waiting?).returns %w{host1 host2}
 
179
                    @ca.stubs(:verify)
 
180
 
 
181
                    @applier = @class.new(:list, [])
 
182
 
 
183
                    @applier.expects(:puts).with "host1\nhost2"
 
184
 
 
185
                    @applier.apply(@ca)
 
186
                end
 
187
            end
 
188
 
 
189
            describe "and :all was provided" do
 
190
                it "should print a string containing all certificate requests and certificates" do
 
191
                    @ca.expects(:waiting?).returns %w{host1 host2}
 
192
                    @ca.expects(:list).returns %w{host3 host4}
 
193
                    @ca.stubs(:verify)
 
194
                    @ca.expects(:verify).with("host3").raises(Puppet::SSL::CertificateAuthority::CertificateVerificationError.new(23), "certificate revoked")
 
195
 
 
196
                    @applier = @class.new(:list, :all)
 
197
 
 
198
                    @applier.expects(:puts).with "host1"
 
199
                    @applier.expects(:puts).with "host2"
 
200
                    @applier.expects(:puts).with "- host3 (certificate revoked)"
 
201
                    @applier.expects(:puts).with "+ host4"
 
202
 
 
203
                    @applier.apply(@ca)
 
204
                end
 
205
            end
 
206
 
 
207
            describe "and an array of names was provided" do
 
208
                it "should print a string of all named hosts that have a waiting request" do
 
209
                    @ca.expects(:waiting?).returns %w{host1 host2}
 
210
                    @ca.expects(:list).returns %w{host3 host4}
 
211
                    @ca.stubs(:verify)
 
212
 
 
213
                    @applier = @class.new(:list, %w{host1 host2 host3 host4})
 
214
 
 
215
                    @applier.expects(:puts).with "host1"
 
216
                    @applier.expects(:puts).with "host2"
 
217
                    @applier.expects(:puts).with "+ host3"
 
218
                    @applier.expects(:puts).with "+ host4"
 
219
 
 
220
                    @applier.apply(@ca)
 
221
                end
 
222
            end
 
223
        end
 
224
 
 
225
        describe ":print" do
 
226
            describe "and :all was provided" do
 
227
                it "should print all certificates" do
 
228
                    @ca.expects(:list).returns %w{host1 host2}
 
229
 
 
230
                    @applier = @class.new(:print, :all)
 
231
 
 
232
                    @ca.expects(:print).with("host1").returns "h1"
 
233
                    @applier.expects(:puts).with "h1"
 
234
 
 
235
                    @ca.expects(:print).with("host2").returns "h2"
 
236
                    @applier.expects(:puts).with "h2"
 
237
 
 
238
                    @applier.apply(@ca)
 
239
                end
 
240
            end
 
241
 
 
242
            describe "and an array of names was provided" do
 
243
                it "should print each named certificate if found" do
 
244
                    @applier = @class.new(:print, %w{host1 host2})
 
245
 
 
246
                    @ca.expects(:print).with("host1").returns "h1"
 
247
                    @applier.expects(:puts).with "h1"
 
248
 
 
249
                    @ca.expects(:print).with("host2").returns "h2"
 
250
                    @applier.expects(:puts).with "h2"
 
251
 
 
252
                    @applier.apply(@ca)
 
253
                end
 
254
 
 
255
                it "should log any named but not found certificates" do
 
256
                    @applier = @class.new(:print, %w{host1 host2})
 
257
 
 
258
                    @ca.expects(:print).with("host1").returns "h1"
 
259
                    @applier.expects(:puts).with "h1"
 
260
 
 
261
                    @ca.expects(:print).with("host2").returns nil
 
262
                    Puppet.expects(:err).with { |msg| msg.include?("host2") }
 
263
 
 
264
                    @applier.apply(@ca)
 
265
                end
 
266
            end
 
267
        end
 
268
    end
 
269
end