1 require 'spec_helper_acceptance'
5 describe "puppet certregen healthcheck" do
6 if hosts_with_role(hosts, 'master').length>0 then
8 context 'C99803 - cert with more than 10 percent of life' do
10 serial = get_ca_serial_id_on(master)
11 on(master, "puppet certregen ca --ca_serial #{serial}")
13 it 'should not produce a health warning' do
14 on(master, "puppet certregen healthcheck") do |result|
15 expect(result.stderr).to be_empty
16 expect(result.stdout).to match(/No certificates are approaching expiration/)
21 context 'C99804 - cert with less than 10 percent of life' do
23 serial = get_ca_serial_id_on(master)
24 # patch puppet to defeat copywrite date check when generating historical CA
25 patch_puppet_date_check_on(master)
26 @today = get_time_on(master)
27 # set back the clock in order to create a CA that will be approaching its EOL
28 past = @today - (5*YEAR - 20*DAY)
29 on(master, "date #{past.strftime('%m%d%H%M%Y')}")
31 on(master, "puppet certregen ca --ca_serial #{serial}")
32 # update to current time
33 on(master, "date #{@today.strftime('%m%d%H%M%Y')}")
34 # revert patch to defeat copywrite date check
35 patch_puppet_date_check_on(master, 'reverse')
38 it 'system should have current date' do
39 today = get_time_on(master)
40 expect(today.utc.strftime('%Y-%m-%d')).to eq @today.utc.strftime('%Y-%m-%d')
43 it 'should warn about pending expiration' do
44 enddate = get_ca_enddate_time_on(master)
45 on(master, "puppet certregen healthcheck") do |result|
46 expect(result.stdout).to match(/Status:\s+expiring/)
47 expect(result.stdout).to match(/Expiration date:\s+#{enddate.utc.strftime('%Y-%m-%d')}/)
53 context 'C99805 - expired cert' do
55 serial = get_ca_serial_id_on(master)
56 on(master, "puppet certregen ca --ca_serial #{serial} --ca_ttl 1s")
59 it 'should produce a health warning' do
60 on(master, "puppet certregen healthcheck") do |result|
61 expect(result.stdout.gsub("\n", " ")).to match(/ca.*Status: expired/)
66 context '--all flag' do
68 context 'C99806 --all' do
70 on(master, puppet("cert list --all")) do |result|
71 @certs = result.stdout.scan(/\) ([A-F0-9:]+) /)
73 @result = on(master, "puppet certregen healthcheck --all")
75 it 'should contain expiration data for ca cert' do
76 expect(@result.stdout).to match(/"ca".*\n\s*Status:\s*[Ee]xpir/)
78 it 'should contain expiration data for all node certs' do
80 expect(@result.stdout).to include cert[0]
85 context '--render-as flag' do
87 context 'C99808 - --render-as yaml' do
89 on(master, puppet("cert list --all")) do |result|
90 @certs = result.stdout.scan(/\) ([A-F0-9:]+) /)
92 @result = on(master, "puppet certregen healthcheck --all --render-as yaml")
93 @yaml = YAML.load(@result.stdout)
95 it 'should return valid yaml' do
96 expect(YAML.parse(@result.stdout)).to be_instance_of(Psych::Nodes::Document)
98 it 'should contain expiration data for ca cert' do
99 ca = @yaml.find { |record| record[:name] == 'ca' }
100 expect(ca).not_to be nil
101 expect(ca[:expiry][:status]).to eq(:expired)
103 it 'should contain expiration data for all node certs' do
104 @certs.each do |cert|
105 expect(@yaml.find { |record| record[:digest] =~ /#{cert[0]}/ }).not_to be nil
110 context 'C99809 - --render-as json prints valid json containing expiration data' do
112 on(master, puppet("cert list --all")) do |result|
113 @certs = result.stdout.scan(/\) ([A-F0-9:]+) /)
115 @json = JSON.parse(on(master, "puppet certregen healthcheck --all --render-as json").stdout)
117 it 'should return valid json' do
118 expect(@json).not_to be nil
120 it 'should contain expiration data for ca cert' do
121 ca = @json.find { |record| record['name'] == 'ca' }
122 expect(ca).not_to be nil
124 it 'should contain expiration data for all node certs' do
125 @certs.each do |cert|
126 expect(@json.find { |record| record['digest'] =~ /#{cert[0]}/ }).not_to be nil