diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-02-15 21:52:01 +0100 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-02-15 21:52:01 +0100 |
| commit | 77301e8a2accf45c1e9cd55b60e9caf720a20155 (patch) | |
| tree | a63b8bd07590b0f0b3655f851ed3b1f65c5d2241 /code/environments/production/modules/certregen/spec/spec_helper_local.rb | |
| parent | 40236de30e742094fa7e8fbaaac34995121f6466 (diff) | |
| download | puppet.FWSECK-master.tar.gz puppet.FWSECK-master.tar.bz2 puppet.FWSECK-master.zip | |
Diffstat (limited to 'code/environments/production/modules/certregen/spec/spec_helper_local.rb')
| -rw-r--r-- | code/environments/production/modules/certregen/spec/spec_helper_local.rb | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/code/environments/production/modules/certregen/spec/spec_helper_local.rb b/code/environments/production/modules/certregen/spec/spec_helper_local.rb new file mode 100644 index 0000000..3dfb8aa --- /dev/null +++ b/code/environments/production/modules/certregen/spec/spec_helper_local.rb @@ -0,0 +1,52 @@ +RSpec.configure do |c| + c.include PuppetlabsSpec::Files + c.mock_with :rspec + + c.before(:each) do + # Suppress cert fingerprint logging + allow_any_instance_of(Puppet::SSL::CertificateAuthority).to receive(:puts) + + # remove the stub that causes puppet to believe it is + # always being run as root. + # See https://github.com/puppetlabs/puppetlabs_spec_helper/blob/master/lib/puppetlabs_spec_helper/module_spec_helper.rb#L29 + Puppet.features.unstub(:root?) + + Puppet[:vardir] = tmpdir('var') + Puppet[:confdir] = tmpdir('conf') + end + + def backdate_certificate(ca, cert, not_before, not_after) + cert.content.not_before = not_before + cert.content.not_after = not_after + signer = Puppet::SSL::CertificateSigner.new + signer.sign(cert.content, ca.host.key.content) + cert + end + + def make_certificate(name, not_before, not_after) + ca = Puppet::SSL::CertificateAuthority.new + cert = ca.generate(name) + backdate_certificate(ca, cert, not_before, not_after) + end +end + +RSpec.shared_context "Initialize CA" do + # PKI generation is done by initializing a CertificateAuthority object, which has the effect of + # applying the settings catalog, generating a RSA keypair, and generating a CA certificate. + # Since we're regenerating the CA state between each test we need to create a new + # CertificateAuthority object instead of using CertificateAuthority.instance, since that will + # memoize a single instance and will not generate the ca folder structure and PKI files. + def generate_pki + Puppet::SSL::CertificateAuthority.new + end + + before(:each) do + Puppet::SSL::Host.ca_location = :only + Puppet.settings.preferred_run_mode = "master" + + Puppet[:ca] = true + Puppet[:ca_name] = 'Puppet CA: foo' + + generate_pki + end +end |