4
require 'puppet/ssl/certificate_authority'
6
shared_examples_for "a normal interface method" do
7
it "should call the method on the CA for each host specified if an array was provided" do
8
@ca.expects(@method).with("host1")
9
@ca.expects(@method).with("host2")
11
@applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, :to => %w{host1 host2})
16
it "should call the method on the CA for all existing certificates if :all was provided" do
17
@ca.expects(:list).returns %w{host1 host2}
19
@ca.expects(@method).with("host1")
20
@ca.expects(@method).with("host2")
22
@applier = Puppet::SSL::CertificateAuthority::Interface.new(@method, :to => :all)
28
describe Puppet::SSL::CertificateAuthority::Interface do
30
@class = Puppet::SSL::CertificateAuthority::Interface
32
describe "when initializing" do
33
it "should set its method using its settor" do
34
instance = @class.new(:generate, :to => :all)
35
instance.method.should == :generate
38
it "should set its subjects using the settor" do
39
instance = @class.new(:generate, :to => :all)
40
instance.subjects.should == :all
43
it "should set the digest if given" do
44
interface = @class.new(:generate, :to => :all, :digest => :digest)
45
interface.digest.should == :digest
48
it "should set the digest to md5 if none given" do
49
interface = @class.new(:generate, :to => :all)
50
interface.digest.should == :MD5
54
describe "when setting the method" do
55
it "should set the method" do
56
instance = @class.new(:generate, :to => :all)
57
instance.method = :list
59
instance.method.should == :list
62
it "should fail if the method isn't a member of the INTERFACE_METHODS array" do
63
lambda { @class.new(:thing, :to => :all) }.should raise_error(ArgumentError, /Invalid method thing to apply/)
67
describe "when setting the subjects" do
68
it "should set the subjects" do
69
instance = @class.new(:generate, :to => :all)
70
instance.subjects = :signed
72
instance.subjects.should == :signed
75
it "should fail if the subjects setting isn't :all or an array" do
76
lambda { @class.new(:generate, :to => "other") }.should raise_error(ArgumentError, /Subjects must be an array or :all; not other/)
80
it "should have a method for triggering the application" do
81
@class.new(:generate, :to => :all).should respond_to(:apply)
84
describe "when applying" do
86
# We use a real object here, because :verify can't be stubbed, apparently.
90
it "should raise InterfaceErrors" do
91
@applier = @class.new(:revoke, :to => :all)
93
@ca.expects(:list).raises Puppet::SSL::CertificateAuthority::Interface::InterfaceError
95
lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError)
98
it "should log non-Interface failures rather than failing" do
99
@applier = @class.new(:revoke, :to => :all)
101
@ca.expects(:list).raises ArgumentError
105
lambda { @applier.apply(@ca) }.should_not raise_error
108
describe "with an empty array specified and the method is not list" do
110
@applier = @class.new(:sign, :to => [])
111
lambda { @applier.apply(@ca) }.should raise_error(ArgumentError)
115
describe ":generate" do
116
it "should fail if :all was specified" do
117
@applier = @class.new(:generate, :to => :all)
118
lambda { @applier.apply(@ca) }.should raise_error(ArgumentError)
121
it "should call :generate on the CA for each host specified" do
122
@applier = @class.new(:generate, :to => %w{host1 host2})
124
@ca.expects(:generate).with("host1", {})
125
@ca.expects(:generate).with("host2", {})
131
describe ":verify" do
132
before { @method = :verify }
133
#it_should_behave_like "a normal interface method"
135
it "should call the method on the CA for each host specified if an array was provided" do
136
# LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life.
139
it "should call the method on the CA for all existing certificates if :all was provided" do
140
# LAK:NOTE Mocha apparently doesn't allow you to mock :verify, but I'm confident this works in real life.
144
describe ":destroy" do
145
before { @method = :destroy }
146
it_should_behave_like "a normal interface method"
149
describe ":revoke" do
150
before { @method = :revoke }
151
it_should_behave_like "a normal interface method"
155
describe "and an array of names was provided" do
156
let(:applier) { @class.new(:sign, @options.merge(:to => %w{host1 host2})) }
158
it "should sign the specified waiting certificate requests" do
159
@options = {:allow_dns_alt_names => false}
161
@ca.expects(:sign).with("host1", false)
162
@ca.expects(:sign).with("host2", false)
167
it "should sign the certificate requests with alt names if specified" do
168
@options = {:allow_dns_alt_names => true}
170
@ca.expects(:sign).with("host1", true)
171
@ca.expects(:sign).with("host2", true)
177
describe "and :all was provided" do
178
it "should sign all waiting certificate requests" do
179
@ca.stubs(:waiting?).returns(%w{cert1 cert2})
181
@ca.expects(:sign).with("cert1", nil)
182
@ca.expects(:sign).with("cert2", nil)
184
@applier = @class.new(:sign, :to => :all)
188
it "should fail if there are no waiting certificate requests" do
189
@ca.stubs(:waiting?).returns([])
191
@applier = @class.new(:sign, :to => :all)
192
lambda { @applier.apply(@ca) }.should raise_error(Puppet::SSL::CertificateAuthority::Interface::InterfaceError)
199
@cert = Puppet::SSL::Certificate.new 'foo'
200
@csr = Puppet::SSL::CertificateRequest.new 'bar'
202
@cert.stubs(:subject_alt_names).returns []
203
@csr.stubs(:subject_alt_names).returns []
205
Puppet::SSL::Certificate.indirection.stubs(:find).returns @cert
206
Puppet::SSL::CertificateRequest.indirection.stubs(:find).returns @csr
208
@ca.expects(:waiting?).returns %w{host1 host2 host3}
209
@ca.expects(:list).returns %w{host4 host5 host6}
210
@ca.stubs(:fingerprint).returns "fingerprint"
214
describe "and an empty array was provided" do
215
it "should print all certificate requests" do
216
applier = @class.new(:list, :to => [])
218
applier.expects(:puts).with(<<-OUTPUT.chomp)
228
describe "and :all was provided" do
229
it "should print a string containing all certificate requests and certificates" do
230
@ca.stubs(:verify).with("host4").raises(Puppet::SSL::CertificateAuthority::CertificateVerificationError.new(23), "certificate revoked")
232
applier = @class.new(:list, :to => :all)
234
applier.expects(:puts).with(<<-OUTPUT.chomp)
238
+ host5 (fingerprint)
239
+ host6 (fingerprint)
240
- host4 (fingerprint) (certificate revoked)
247
describe "and :signed was provided" do
248
it "should print a string containing all signed certificate requests and certificates" do
249
applier = @class.new(:list, :to => :signed)
251
applier.expects(:puts).with(<<-OUTPUT.chomp)
252
+ host4 (fingerprint)
253
+ host5 (fingerprint)
254
+ host6 (fingerprint)
260
it "should include subject alt names if they are on the certificate request" do
261
@csr.stubs(:subject_alt_names).returns ["DNS:foo", "DNS:bar"]
263
applier = @class.new(:list, :to => ['host1'])
265
applier.expects(:puts).with(<<-OUTPUT.chomp)
266
host1 (fingerprint) (alt names: DNS:foo, DNS:bar)
273
describe "and an array of names was provided" do
274
it "should print all named hosts" do
275
applier = @class.new(:list, :to => %w{host1 host2 host4 host5})
277
applier.expects(:puts).with(<<-OUTPUT.chomp)
280
+ host4 (fingerprint)
281
+ host5 (fingerprint)
290
describe "and :all was provided" do
291
it "should print all certificates" do
292
@ca.expects(:list).returns %w{host1 host2}
294
@applier = @class.new(:print, :to => :all)
296
@ca.expects(:print).with("host1").returns "h1"
297
@applier.expects(:puts).with "h1"
299
@ca.expects(:print).with("host2").returns "h2"
300
@applier.expects(:puts).with "h2"
306
describe "and an array of names was provided" do
307
it "should print each named certificate if found" do
308
@applier = @class.new(:print, :to => %w{host1 host2})
310
@ca.expects(:print).with("host1").returns "h1"
311
@applier.expects(:puts).with "h1"
313
@ca.expects(:print).with("host2").returns "h2"
314
@applier.expects(:puts).with "h2"
319
it "should log any named but not found certificates" do
320
@applier = @class.new(:print, :to => %w{host1 host2})
322
@ca.expects(:print).with("host1").returns "h1"
323
@applier.expects(:puts).with "h1"
325
@ca.expects(:print).with("host2").returns nil
326
Puppet.expects(:err).with { |msg| msg.include?("host2") }
333
describe ":fingerprint" do
334
it "should fingerprint with the set digest algorithm" do
335
@applier = @class.new(:fingerprint, :to => %w{host1}, :digest => :digest)
337
@ca.expects(:fingerprint).with("host1", :digest).returns "fingerprint1"
338
@applier.expects(:puts).with "host1 fingerprint1"
343
describe "and :all was provided" do
344
it "should fingerprint all certificates (including waiting ones)" do
345
@ca.expects(:list).returns %w{host1}
346
@ca.expects(:waiting?).returns %w{host2}
348
@applier = @class.new(:fingerprint, :to => :all)
350
@ca.expects(:fingerprint).with("host1", :MD5).returns "fingerprint1"
351
@applier.expects(:puts).with "host1 fingerprint1"
353
@ca.expects(:fingerprint).with("host2", :MD5).returns "fingerprint2"
354
@applier.expects(:puts).with "host2 fingerprint2"
360
describe "and an array of names was provided" do
361
it "should print each named certificate if found" do
362
@applier = @class.new(:fingerprint, :to => %w{host1 host2})
364
@ca.expects(:fingerprint).with("host1", :MD5).returns "fingerprint1"
365
@applier.expects(:puts).with "host1 fingerprint1"
367
@ca.expects(:fingerprint).with("host2", :MD5).returns "fingerprint2"
368
@applier.expects(:puts).with "host2 fingerprint2"