1 require 'spec_helper_acceptance'
3 describe "puppet certregen ca" do
4 if hosts_with_role(hosts, 'master').length>0 then
5 context 'regen ca on master' do
7 context 'C99811 - without --ca_serial' do
8 it 'should provide ca serial id via stderr' do
9 on(master, puppet("certregen ca"), :acceptable_exit_codes => 1) do |result|
10 expect(result.stderr).to match(/rerun this command with --ca_serial ([0-9a-fA-F]+)/)
15 context "C99815 - 'puppet certregen ca --ca_serial'" do
17 serial = get_ca_serial_id_on(master)
18 today = get_time_on(master)
19 @future = today + 5*YEAR
20 @regen_result = on(master, "puppet certregen ca --ca_serial #{serial}")
22 it 'should output the updated CA expiration date' do
23 expect(@regen_result.stdout).to match( /CA expiration is now #{@future.utc.strftime('%Y-%m-%d')}/ )
25 it 'should update CA cert enddate' do
26 enddate = get_ca_enddate_time_on(master)
27 expect(enddate - @future).to be < 10.0
31 context 'C99816 - invalid ca_serial id' do
32 it 'should yield an error' do
33 on(master, puppet("certregen ca --ca_serial FD"), :acceptable_exit_codes => 1) do |result|
34 expect(result.stderr).to match(/The serial number of the current CA certificate .* does not match the serial number given on the command line \(FD\)/)
35 expect(result.stderr).to match(/rerun this command with --ca_serial ([0-9a-fA-F]+)/)
40 context "C99817 - 'puppet certregen ca --ca_serial --ca_ttl 1d'" do
42 today = get_time_on(master)
43 @tomorrow = today + 1*DAY
45 serial = get_ca_serial_id_on(master)
46 @regen_result = on(master, "puppet certregen ca --ca_serial #{serial} --ca_ttl 1d")
49 it 'should output the updated CA expiration date' do
50 expect(@regen_result.stdout).to match( /CA expiration is now #{@tomorrow.utc.strftime('%Y-%m-%d')}/ )
52 it 'should update CA cert enddate' do
53 enddate = get_ca_enddate_time_on(master)
54 expect(enddate - @tomorrow).to be < 10.0