code/environments/production/modules/certregen/spec/acceptance/ca_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

require 'spec_helper_acceptance'

describe "puppet certregen ca" do
  if hosts_with_role(hosts, 'master').length>0 then
    context 'regen ca on master' do

      context 'C99811 - without --ca_serial' do
        it 'should provide ca serial id via stderr' do
          on(master, puppet("certregen ca"), :acceptable_exit_codes => 1) do |result|
            expect(result.stderr).to match(/rerun this command with --ca_serial ([0-9a-fA-F]+)/)
          end
        end
      end

      context "C99815 - 'puppet certregen ca --ca_serial'" do
        before(:all) do
          serial = get_ca_serial_id_on(master)
          today = get_time_on(master)
          @future = today + 5*YEAR
          @regen_result = on(master, "puppet certregen ca --ca_serial #{serial}")
        end
        it 'should output the updated CA expiration date' do
          expect(@regen_result.stdout).to match( /CA expiration is now #{@future.utc.strftime('%Y-%m-%d')}/ )
        end
        it 'should update CA cert enddate' do
          enddate = get_ca_enddate_time_on(master)
          expect(enddate - @future).to be < 10.0
        end
      end

      context 'C99816 - invalid ca_serial id' do
        it 'should yield an error' do
          on(master, puppet("certregen ca --ca_serial FD"), :acceptable_exit_codes => 1) do |result|
            expect(result.stderr).to match(/The serial number of the current CA certificate .* does not match the serial number given on the command line \(FD\)/)
            expect(result.stderr).to match(/rerun this command with --ca_serial ([0-9a-fA-F]+)/)
          end
        end
      end

      context "C99817 - 'puppet certregen ca --ca_serial --ca_ttl 1d'" do
        before(:all) do
          today = get_time_on(master)
          @tomorrow = today + 1*DAY

          serial = get_ca_serial_id_on(master)
          @regen_result = on(master, "puppet certregen ca --ca_serial #{serial} --ca_ttl 1d")
        end

        it 'should output the updated CA expiration date' do
          expect(@regen_result.stdout).to match( /CA expiration is now #{@tomorrow.utc.strftime('%Y-%m-%d')}/ )
        end
        it 'should update CA cert enddate' do
          enddate = get_ca_enddate_time_on(master)
          expect(enddate - @tomorrow).to be < 10.0
        end
      end

    end
  end
end