X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fcertregen%2Fspec%2Facceptance%2Fhelpers.rb;fp=3rdparty%2Fmodules%2Fcertregen%2Fspec%2Facceptance%2Fhelpers.rb;h=dba7d810f1ce067242d617d7141a6d97c6440a8b;hb=8c20cc97eaf30a0aaf9abfba2f33d5b5f9f06ae2;hp=0000000000000000000000000000000000000000;hpb=1f80b78f88d98160faf661374fc8e760252d131b;p=mirror%2Fdsa-puppet.git diff --git a/3rdparty/modules/certregen/spec/acceptance/helpers.rb b/3rdparty/modules/certregen/spec/acceptance/helpers.rb new file mode 100644 index 000000000..dba7d810f --- /dev/null +++ b/3rdparty/modules/certregen/spec/acceptance/helpers.rb @@ -0,0 +1,83 @@ +require 'openssl' + +# Time constants in seconds +HOUR = 60 * 60 +DAY = 24 * HOUR +YEAR = 365 * DAY + +# Retrieve CA Certificate from the given host +# +# @param [Host] host single Beaker::Host +# +# @return [OpenSSL::X509::Certificate] Certificate object +def get_ca_cert_on(host) + if host[:roles].include? 'master' then + dir = on(host, puppet('config', 'print', 'cadir')).stdout.chomp + ca_path = "#{dir}/ca_crt.pem" + else + dir = on(host, puppet('config', 'print', 'certdir')).stdout.chomp + ca_path = "#{dir}/ca.pem" + end + on(host, "cat #{ca_path}") do |result| + cert = OpenSSL::X509::Certificate.new(result.stdout) + return cert + end +end + +# Execute `date` command on host with optional arguments +# and get back a Ruby Time object +# +# @param [Host] host single Beaker::Host to run the command on +# @param [Array] args Array of arguments to be appended to the +# `date` command +# @return [Time] Ruby Time object +def get_time_on(host, args = []) + arg_string = args.join(' ') + date = on(host, "date #{arg_string}").stdout.chomp + return Time.parse(date) +end + +# Retrieve the CA enddate on a given host as a Ruby time object +# +# @param [Host] host single Beaker::Host to get CA enddate from +# +# @return [Time] Ruby Time object, or nil if error +def get_ca_enddate_time_on(host) + cert = get_ca_cert_on(host) + return cert.not_after if cert + return nil +end + +# Retrieve the current ca_serial value for `puppet certgen ca` on a given host +# +# @param [Host] host single Beaker::Host to get ca_serial from +# +# @return [String] ca_serial in hexadecimal, or nil if error +def get_ca_serial_id_on(host) + cert = get_ca_cert_on(host) + return cert.serial.to_s(16) if cert + return nil +end + +# Patch puppet to get around the date check validation. +# +# This method is used to patch puppet in order to prevent it from failing to +# create a CA if the system clock is turned back in time by years. The same +# method is used to reverse the patch with the `reverse` parameter. +# +# @param [Host] host single Beaker::Host to run the command on +# @param [String] reverse causes the patch to be reversed +def patch_puppet_date_check_on(host, reverse=nil) + reverse = '--reverse' if reverse + apply_manifest_on(host, 'package { "patch": ensure => present}') + interface_documentation_file = "/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/interface/documentation.rb" + patch =< #raise ArgumentError, "copyright with a year \#{fault} is very strange; did you accidentally add or subtract two years?" +EOF + patch_file = host.tmpfile('iface_doc_patch') + create_remote_file(host, patch_file, patch) + on(host, "patch #{reverse} #{interface_documentation_file} < #{patch_file}", :acceptable_exit_codes => [0,1]) +end