4
require 'puppet/network/rest_authconfig'
6
describe Puppet::Network::RestAuthConfig do
8
DEFAULT_ACL = Puppet::Network::RestAuthConfig::DEFAULT_ACL
11
FileTest.stubs(:exists?).returns(true)
12
File.stubs(:stat).returns(stub('stat', :ctime => :now))
13
Time.stubs(:now).returns Time.now
15
@authconfig = Puppet::Network::RestAuthConfig.new("dummy", false)
16
@authconfig.stubs(:read)
18
@acl = stub_everything 'rights'
19
@authconfig.rights = @acl
22
it "should use the puppet default rest authorization file" do
23
Puppet.expects(:[]).with(:rest_authconfig).returns("dummy")
25
Puppet::Network::RestAuthConfig.new(nil, false)
28
it "should ask for authorization to the ACL subsystem" do
29
params = {:ip => "127.0.0.1", :node => "me", :environment => :env, :authenticated => true}
30
@acl.expects(:is_request_forbidden_and_why?).with("path", :save, "to/resource", params).returns(nil)
32
@authconfig.check_authorization("path", :save, "to/resource", params)
35
describe "when defining an acl with mk_acl" do
36
it "should create a new right for each default acl" do
37
@acl.expects(:newright).with(:path)
38
@authconfig.mk_acl(:acl => :path)
41
it "should allow everyone for each default right" do
42
@acl.expects(:allow).with(:path, "*")
43
@authconfig.mk_acl(:acl => :path)
46
it "should restrict the ACL to a method" do
47
@acl.expects(:restrict_method).with(:path, :method)
48
@authconfig.mk_acl(:acl => :path, :method => :method)
51
it "should restrict the ACL to a specific authentication state" do
52
@acl.expects(:restrict_authenticated).with(:path, :authentication)
53
@authconfig.mk_acl(:acl => :path, :authenticated => :authentication)
57
describe "when parsing the configuration file" do
58
it "should check for missing ACL after reading the authconfig file" do
61
@authconfig.expects(:insert_default_acl)
67
DEFAULT_ACL.each do |acl|
68
it "should insert #{acl[:acl]} if not present" do
69
@authconfig.rights.stubs(:[]).returns(true)
70
@authconfig.rights.stubs(:[]).with(acl[:acl]).returns(nil)
72
@authconfig.expects(:mk_acl).with { |h| h[:acl] == acl[:acl] }
74
@authconfig.insert_default_acl
77
it "should not insert #{acl[:acl]} if present" do
78
@authconfig.rights.stubs(:[]).returns(true)
79
@authconfig.rights.stubs(:[]).with(acl).returns(true)
81
@authconfig.expects(:mk_acl).never
83
@authconfig.insert_default_acl
87
it "should create default ACL entries if no file have been read" do
88
Puppet::Network::RestAuthConfig.any_instance.stubs(:exists?).returns(false)
90
Puppet::Network::RestAuthConfig.any_instance.expects(:insert_default_acl)
92
Puppet::Network::RestAuthConfig.main
95
describe "when adding default ACLs" do
97
DEFAULT_ACL.each do |acl|
98
it "should create a default right for #{acl[:acl]}" do
99
@authconfig.stubs(:mk_acl)
100
@authconfig.expects(:mk_acl).with(acl)
101
@authconfig.insert_default_acl
105
it "should log at info loglevel" do
106
Puppet.expects(:info).at_least_once
107
@authconfig.insert_default_acl
110
it "should create a last catch-all deny all rule" do
111
@authconfig.stubs(:mk_acl)
112
@acl.expects(:newright).with("/")
113
@authconfig.insert_default_acl
116
it "should create a last catch-all deny all rule for any authenticated request state" do
117
@authconfig.stubs(:mk_acl)
118
@acl.stubs(:newright).with("/")
120
@acl.expects(:restrict_authenticated).with("/", :any)
122
@authconfig.insert_default_acl