Move all SSL related stuff from the master puppet executable to the server auth plugin.
Signed-off-by: Brice Figureau <[email protected]> --- lib/puppet/application/master.rb | 19 +------- lib/puppet/auth/server/ssl.rb | 23 +++++++++++ spec/unit/application/master_spec.rb | 63 +++-------------------------- spec/unit/auth/server/ssl_spec.rb | 73 ++++++++++++++++++++++++++++++++++ 4 files changed, 106 insertions(+), 72 deletions(-) create mode 100644 lib/puppet/auth/server/ssl.rb create mode 100644 spec/unit/auth/server/ssl_spec.rb diff --git a/lib/puppet/application/master.rb b/lib/puppet/application/master.rb index fde4749..e8aa40b 100644 --- a/lib/puppet/application/master.rb +++ b/lib/puppet/application/master.rb @@ -1,4 +1,5 @@ require 'puppet/application' +require 'puppet/auth' class Puppet::Application::Master < Puppet::Application @@ -82,13 +83,6 @@ class Puppet::Application::Master < Puppet::Application xmlrpc_handlers << :CA if Puppet[:ca] - # Make sure we've got a localhost ssl cert - Puppet::SSL::Host.localhost - - # And now configure our server to *only* hit the CA for data, because that's - # all it will have write access to. - Puppet::SSL::Host.ca_location = :only if Puppet::SSL::CertificateAuthority.ca? - if Puppet.features.root? begin Puppet::Util.chuser @@ -136,18 +130,11 @@ class Puppet::Application::Master < Puppet::Application exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs? - Puppet.settings.use :main, :master, :ssl + Puppet.settings.use :main, :master # Cache our nodes in yaml. Currently not configurable. Puppet::Node.cache_class = :yaml - # Configure all of the SSL stuff. - if Puppet::SSL::CertificateAuthority.ca? - Puppet::SSL::Host.ca_location = :local - Puppet.settings.use :ca - Puppet::SSL::CertificateAuthority.instance - else - Puppet::SSL::Host.ca_location = :none - end + Puppet::Auth.server.init end end diff --git a/lib/puppet/auth/server/ssl.rb b/lib/puppet/auth/server/ssl.rb new file mode 100644 index 0000000..826aae3 --- /dev/null +++ b/lib/puppet/auth/server/ssl.rb @@ -0,0 +1,23 @@ + +Puppet::Auth.new_server(:ssl) do + + def self.init + # Configure all of the SSL stuff. + Puppet.settings.use :ssl + if Puppet::SSL::CertificateAuthority.ca? + Puppet::SSL::Host.ca_location = :local + Puppet.settings.use :ca + Puppet::SSL::CertificateAuthority.instance + else + Puppet::SSL::Host.ca_location = :none + end + + # Make sure we've got a localhost ssl cert + Puppet::SSL::Host.localhost + + # And now configure our server to *only* hit the CA for data, because that's + # all it will have write access to. + Puppet::SSL::Host.ca_location = :only if Puppet::SSL::CertificateAuthority.ca? + end + +end \ No newline at end of file diff --git a/spec/unit/application/master_spec.rb b/spec/unit/application/master_spec.rb index e657445..18bb263 100644 --- a/spec/unit/application/master_spec.rb +++ b/spec/unit/application/master_spec.rb @@ -116,9 +116,9 @@ describe Puppet::Application::Master do Puppet::Log.stubs(:newdestination) Puppet.stubs(:settraps) Puppet::Log.stubs(:level=) - Puppet::SSL::CertificateAuthority.stubs(:instance) - Puppet::SSL::CertificateAuthority.stubs(:ca?) Puppet.settings.stubs(:use) + @server = stub_everything 'auth server' + Puppet::Auth.stubs(:server).returns(@server) @master.options.stubs(:[]).with(any_parameters) end @@ -176,8 +176,8 @@ describe Puppet::Application::Master do lambda { @master.setup }.should raise_error(SystemExit) end - it "should tell Puppet.settings to use :main,:ssl and :master category" do - Puppet.settings.expects(:use).with(:main,:master,:ssl) + it "should tell Puppet.settings to use :main and :master category" do + Puppet.settings.expects(:use).with(:main,:master) @master.setup end @@ -188,43 +188,10 @@ describe Puppet::Application::Master do @master.setup end - describe "with no ca" do - - it "should set the ca_location to none" do - Puppet::SSL::Host.expects(:ca_location=).with(:none) - - @master.setup - end - - end - - describe "with a ca configured" do - - before :each do - Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(true) - end - - it "should set the ca_location to local" do - Puppet::SSL::Host.expects(:ca_location=).with(:local) - - @master.setup - end - - it "should tell Puppet.settings to use :ca category" do - Puppet.settings.expects(:use).with(:ca) - - @master.setup - end - - it "should instantiate the CertificateAuthority singleton" do - Puppet::SSL::CertificateAuthority.expects(:instance) - - @master.setup - end - - + it "should init the auth server plugin" do + @server.expects(:init) + @master.setup end - end describe "when running" do @@ -341,8 +308,6 @@ describe Puppet::Application::Master do @server = stub_everything 'server' Puppet::Network::Server.stubs(:new).returns(@server) @app = stub_everything 'app' - Puppet::SSL::Host.stubs(:localhost) - Puppet::SSL::CertificateAuthority.stubs(:ca?) Process.stubs(:uid).returns(1000) Puppet.stubs(:service) Puppet.stubs(:[]) @@ -375,20 +340,6 @@ describe Puppet::Application::Master do @master.main end - it "should generate a SSL cert for localhost" do - Puppet::SSL::Host.expects(:localhost) - - @master.main - end - - it "should make sure to *only* hit the CA for data" do - Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(true) - - Puppet::SSL::Host.expects(:ca_location=).with(:only) - - @master.main - end - it "should drop privileges if running as root" do Puppet.features.stubs(:root?).returns true diff --git a/spec/unit/auth/server/ssl_spec.rb b/spec/unit/auth/server/ssl_spec.rb new file mode 100644 index 0000000..ecc708a --- /dev/null +++ b/spec/unit/auth/server/ssl_spec.rb @@ -0,0 +1,73 @@ +#!/usr/bin/env ruby + +require File.dirname(__FILE__) + '/../../../spec_helper' + +require 'puppet/auth' +require 'puppet/ssl/host' + +describe Puppet::Auth, "ssl master" do + before(:each) do + Puppet[:auth] = "ssl" + end + + describe "when initializing" do + before(:each) do + Puppet::SSL::Host.stubs(:localhost) + Puppet::SSL::CertificateAuthority.stubs(:instance) + Puppet::SSL::CertificateAuthority.stubs(:ca?) + Puppet::SSL::Host.stubs(:ca_location=) + Puppet.settings.stubs(:use) + end + + it "should use ssl" do + Puppet.settings.expects(:use).with(:ssl) + Puppet::Auth.server.init + end + + describe "with no ca" do + it "should set the ca_location to none" do + Puppet::SSL::Host.expects(:ca_location=).with(:none) + + Puppet::Auth.server.init + end + end + + describe "with a ca configured" do + before :each do + Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(true) + end + + it "should set the ca_location to local" do + Puppet::SSL::Host.expects(:ca_location=).with(:local) + + Puppet::Auth.server.init + end + + it "should tell Puppet.settings to use :ca category" do + Puppet.settings.expects(:use).with(:ca) + + Puppet::Auth.server.init + end + + it "should instantiate the CertificateAuthority singleton" do + Puppet::SSL::CertificateAuthority.expects(:instance) + + Puppet::Auth.server.init + end + end + + it "should generate a SSL cert for localhost" do + Puppet::SSL::Host.expects(:localhost) + + Puppet::Auth.server.init + end + + it "should make sure to *only* hit the CA for data" do + Puppet::SSL::CertificateAuthority.stubs(:ca?).returns(true) + + Puppet::SSL::Host.expects(:ca_location=).with(:only) + + Puppet::Auth.server.init + end + end +end -- 1.7.2.1 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
