It allows with a single puppet settings (auth) to setup a complete different authentication scheme.
Currently an authentication scheme is made of 3 components: * a client part for agent initialization and http client setup * a server part for master initialization * a network handler part running on the master for client authentication At this stage, no valid authentication system has been defined. Signed-off-by: Brice Figureau <[email protected]> --- lib/puppet/auth.rb | 53 ++++++++++++++++++++++++++++ lib/puppet/auth/client.rb | 3 ++ lib/puppet/auth/handler.rb | 3 ++ lib/puppet/auth/server.rb | 3 ++ lib/puppet/defaults.rb | 1 + spec/unit/auth_spec.rb | 83 ++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 146 insertions(+), 0 deletions(-) create mode 100644 lib/puppet/auth.rb create mode 100644 lib/puppet/auth/client.rb create mode 100644 lib/puppet/auth/handler.rb create mode 100644 lib/puppet/auth/server.rb create mode 100644 spec/unit/auth_spec.rb diff --git a/lib/puppet/auth.rb b/lib/puppet/auth.rb new file mode 100644 index 0000000..168dfc5 --- /dev/null +++ b/lib/puppet/auth.rb @@ -0,0 +1,53 @@ +require 'puppet/util/instance_loader' +require 'puppet/util/classgen' + +class Puppet::Auth + extend Puppet::Util::ClassGen + extend Puppet::Util::InstanceLoader + + # One for the clients + instance_load :client_auth, 'puppet/auth/client' + + # One for the servers + instance_load :server_auth, 'puppet/auth/server' + + # And one to rule them all + instance_load :handler_webrick_auth, 'puppet/auth/handler/webrick' + instance_load :handler_mongrel_auth, 'puppet/auth/handler/mongrel' + instance_load :handler_rack_auth, 'puppet/auth/handler/rack' + + # Add a new auth type. + def self.new_client(name, options = {}, &block) + name = symbolize(name) + genclass(name, :parent => Puppet::Auth::Client, :prefix => "Client",:hash => instance_hash(:client_auth), :block => block) + end + + def self.new_server(name, options = {}, &block) + name = symbolize(name) + genclass(name, :parent => Puppet::Auth::Server, :prefix => "Server", :hash => instance_hash(:server_auth), :block => block) + end + + def self.new_handler(name, type, options = {}, &block) + name = symbolize(name) + genmodule(name, :parent => Puppet::Auth::Handler, :prefix => type.to_s.capitalize, :hash => instance_hash("handler_#{type}_auth".to_sym), :block => block) + end + + def self.client + raise "No auth plugin defined, I think you should care about security" unless Puppet[:auth] + client_auth(Puppet[:auth]) + end + + def self.server + raise "No auth plugin defined, I think you should care about security" unless Puppet[:auth] + server_auth(Puppet[:auth]) + end + + def self.handler(type) + raise "No auth plugin defined, I think you should care about security" unless Puppet[:auth] + send("handler_#{type}_auth", Puppet[:auth]) + end + + require 'puppet/auth/server' + require 'puppet/auth/client' + require 'puppet/auth/handler' +end \ No newline at end of file diff --git a/lib/puppet/auth/client.rb b/lib/puppet/auth/client.rb new file mode 100644 index 0000000..bc3dd71 --- /dev/null +++ b/lib/puppet/auth/client.rb @@ -0,0 +1,3 @@ + +class Puppet::Auth::Client +end \ No newline at end of file diff --git a/lib/puppet/auth/handler.rb b/lib/puppet/auth/handler.rb new file mode 100644 index 0000000..25ac450 --- /dev/null +++ b/lib/puppet/auth/handler.rb @@ -0,0 +1,3 @@ + +module Puppet::Auth::Handler +end \ No newline at end of file diff --git a/lib/puppet/auth/server.rb b/lib/puppet/auth/server.rb new file mode 100644 index 0000000..4b7158d --- /dev/null +++ b/lib/puppet/auth/server.rb @@ -0,0 +1,3 @@ + +class Puppet::Auth::Server +end \ No newline at end of file diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 7ae5538..9bb55a4 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -195,6 +195,7 @@ module Puppet Puppet.setdefaults( :main, + :auth => ["ssl", "What auth plugin to use. The only valid settings is ssl."], # We have to downcase the fqdn, because the current ssl stuff (as oppsed to in master) doesn't have good facilities for # manipulating naming. :certname => {:default => fqdn.downcase, :desc => "The name to use when handling certificates. Defaults diff --git a/spec/unit/auth_spec.rb b/spec/unit/auth_spec.rb new file mode 100644 index 0000000..095197a --- /dev/null +++ b/spec/unit/auth_spec.rb @@ -0,0 +1,83 @@ +#!/usr/bin/env ruby + +require File.dirname(__FILE__) + '/../spec_helper' + +require 'puppet/auth' + +describe Puppet::Auth do + before(:each) do + Puppet[:auth] = "myauth" + end + + %w{ client server }.each do |mode| + describe "for #{mode}s" do + it "should instance-load #{mode} auth types" do + Puppet::Auth.instance_loader("#{mode}_auth".to_sym).should be_instance_of(Puppet::Util::Autoload) + end + + it "should have a method for creating a new #{mode}" do + Puppet::Auth.should respond_to("new_#{mode}".to_sym) + end + + it "should have a method for retrieving auth #{mode} types by name" do + Puppet::Auth.should respond_to(mode.to_sym) + end + end + + describe "when loading auth #{mode} types" do + it "should use the instance loader to retrieve auth types" do + Puppet::Auth.expects(:loaded_instance).with("#{mode}_auth".to_sym, "myauth") + Puppet::Auth.send("#{mode}") + end + end + + describe "when registering auth #{mode} types" do + it "should evaluate the supplied block as code for a class" do + Puppet::Auth.expects(:genclass).returns(Class.new) + Puppet::Auth.send("new_#{mode}", :testing) { } + end + + it "should mangle the class name with the #{mode} prefix" do + Puppet::Auth.expects(:genclass).with{ |n,o| o[:prefix] == mode.capitalize }.returns(Class.new) + Puppet::Auth.send("new_#{mode}", :testing) { } + end + end + end + + describe "when dealing with handler" do + %w{webrick rack mongrel}.each do |network| + describe "for #{network}" do + it "should instance-load handler auth types" do + Puppet::Auth.instance_loader("handler_#{network}_auth".to_sym).should be_instance_of(Puppet::Util::Autoload) + end + end + + describe "when loading" do + it "should use the instance loader to retrieve the #{network} auth type" do + Puppet::Auth.expects(:loaded_instance).with("handler_#{network}_auth".to_sym, "myauth") + Puppet::Auth.handler(network) + end + end + + describe "when registering #{network} auth handler" do + it "should evaluate the supplied block as code for a module" do + Puppet::Auth.expects(:genmodule).returns(Module.new) + Puppet::Auth.new_handler(:testing, network) { } + end + + it "should mangle the class name with the #{network} prefix" do + Puppet::Auth.expects(:genmodule).with{ |n,o| o[:prefix] == network.capitalize }.returns(Class.new) + Puppet::Auth.new_handler(:testing, network) { } + end + end + end + + it "should have a method for creating a new handler" do + Puppet::Auth.should respond_to(:new_handler) + end + + it "should have a method for retrieving auth handler types by name" do + Puppet::Auth.should respond_to(:handler) + end + end +end -- 1.7.2.1 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
