On Jul 19, 2009, at 6:43 AM, Brice Figureau wrote:
>
> The REST SSL terminus was never setup to use the ca_server if
> one was setup.
>
> Signed-off-by: Brice Figureau <[email protected]>
> ---
> lib/puppet/ssl/host.rb | 11 +++++++++++
> spec/unit/ssl/host.rb | 17 +++++++++++++++++
> 2 files changed, 28 insertions(+), 0 deletions(-)
>
> diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb
> index 29b947e..407a0bb 100644
> --- a/lib/puppet/ssl/host.rb
> +++ b/lib/puppet/ssl/host.rb
> @@ -47,6 +47,17 @@ class Puppet::SSL::Host
> CertificateRequest.terminus_class = terminus
> CertificateRevocationList.terminus_class = terminus
>
> + # make sure we can contact the CA server
> + if terminus == :rest
> +
> Certificate.indirection.terminus.class.use_server_setting(:ca_server)
> +
> CertificateRequest
> .indirection.terminus.class.use_server_setting(:ca_server)
> +
> CertificateRevocationList
> .indirection.terminus.class.use_server_setting(:ca_server)
> +
> +
> Certificate.indirection.terminus.class.use_port_setting(:ca_port)
> +
> CertificateRequest
> .indirection.terminus.class.use_port_setting(:ca_port)
> +
> CertificateRevocationList
> .indirection.terminus.class.use_port_setting(:ca_port)
> + end
> +
I think this is the best approach given the current implementation,
but it seems like it should be easy to do this in the indirection-
specific subclasses rather than in SSL::Host. I think it's a flaw in
the indirector that that's not the case.
>
> if cache
> # This is weird; we don't actually cache our keys, we
> # use what would otherwise be the cache as our normal
> diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb
> index 38a1f3e..43ff649 100755
> --- a/spec/unit/ssl/host.rb
> +++ b/spec/unit/ssl/host.rb
> @@ -144,6 +144,11 @@ describe Puppet::SSL::Host do
> [Puppet::SSL::Key, Puppet::SSL::Certificate,
> Puppet::SSL::CertificateRequest,
> Puppet::SSL::CertificateRevocationList].each do |klass|
> klass.stubs(:terminus_class=)
> klass.stubs(:cache_class=)
> +
> + @terminus_class = stub_everything 'terminus_class'
> + terminus = stub 'terminus', :class => @terminus_class
> + indirection = stub 'indirection', :terminus =>
> terminus
> + klass.stubs(:indirection).returns(indirection)
> end
> end
>
> @@ -213,6 +218,18 @@ describe Puppet::SSL::Host do
>
> Puppet::SSL::Host.ca_location = :remote
> end
> +
> + it "should setup the REST terminus to use ca_server" do
> +
> @terminus_class.expects(:use_server_setting).with(:ca_server)
> +
> + Puppet::SSL::Host.ca_location = :remote
> + end
> +
> + it "should setup the REST terminus to use ca_port" do
> +
> @terminus_class.expects(:use_port_setting).with(:ca_port)
> +
> + Puppet::SSL::Host.ca_location = :remote
> + end
> end
>
> describe "as 'only'" do
> --
> 1.6.0.2
>
>
> >
--
Finn's Law:
Uncertainty is the final test of innovation.
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
