Skip to content

Commit

Permalink
(PUP-3650) Remove CA routes
Browse files Browse the repository at this point in the history 
Some limited knowledge of the ca routes remains so that the agent can talk to
puppetserver which still implements these.
  • Loading branch information
@pcarlisle
pcarlisle committed Apr 18, 2018
1 parent 5dca4d6 commit 5533c26
Show file tree
Hide file tree
Showing 8 changed files with 1 addition and 94 deletions.
13 changes: 0 additions & 13 deletions lib/puppet/network/authconfig.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,6 @@ def self.master_url_prefix
Puppet::Network::HTTP::MASTER_URL_PREFIX
end

def self.ca_url_prefix
Puppet::Network::HTTP::CA_URL_PREFIX
end

def self.default_acl
[
# Master API V3
Expand All @@ -28,15 +24,6 @@ def self.default_acl
{ :acl => "#{master_url_prefix}/v3/file" },

{ :acl => "#{master_url_prefix}/v3/status", :method => [:find], :authenticated => true },

# CA API V1
{ :acl => "#{ca_url_prefix}/v1/certificate_revocation_list/ca", :method => :find, :authenticated => true },

# These allow `auth any`, because if you can do them anonymously you
# should probably also be able to do them when trusted.
{ :acl => "#{ca_url_prefix}/v1/certificate/ca", :method => :find, :authenticated => :any },
{ :acl => "#{ca_url_prefix}/v1/certificate/", :method => :find, :authenticated => :any },
{ :acl => "#{ca_url_prefix}/v1/certificate_request", :method => [:find, :save], :authenticated => :any },
]
end

Expand Down
2 changes: 0 additions & 2 deletions lib/puppet/network/http.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@ module Puppet::Network::HTTP
require 'puppet/network/http/error'
require 'puppet/network/http/route'
require 'puppet/network/http/api'
require 'puppet/network/http/api/ca'
require 'puppet/network/http/api/ca/v1'
require 'puppet/network/http/api/master'
require 'puppet/network/http/api/master/v3'
require 'puppet/network/http/handler'
Expand Down
11 changes: 1 addition & 10 deletions lib/puppet/network/http/api.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ def self.not_found_upgrade
"or point them to a server running Puppet 3.\n\n" +
"Master Info:\n" +
" Puppet version: #{Puppet.version}\n" +
" Supported /puppet API versions: #{Puppet::Network::HTTP::MASTER_URL_VERSIONS}\n" +
" Supported /puppet-ca API versions: #{Puppet::Network::HTTP::CA_URL_VERSIONS}",
" Supported /puppet API versions: #{Puppet::Network::HTTP::MASTER_URL_VERSIONS}\n",
Puppet::Network::HTTP::Issues::HANDLER_NOT_FOUND)
end)
end
Expand All @@ -33,12 +32,4 @@ def self.master_routes
chain(Puppet::Network::HTTP::API::Master::V3.routes,
Puppet::Network::HTTP::API.not_found)
end

def self.ca_routes
ca_prefix = Regexp.new("^#{Puppet::Network::HTTP::CA_URL_PREFIX}/")
Puppet::Network::HTTP::Route.path(ca_prefix).
any.
chain(Puppet::Network::HTTP::API::CA::V1.routes,
Puppet::Network::HTTP::API.not_found)
end
end
2 changes: 0 additions & 2 deletions lib/puppet/network/http/api/ca.rb
View file

This file was deleted.

11 changes: 0 additions & 11 deletions lib/puppet/network/http/api/ca/v1.rb
View file

This file was deleted.

26 changes: 0 additions & 26 deletions spec/unit/network/http/api/ca/v1_spec.rb
View file

This file was deleted.

4 changes: 0 additions & 4 deletions spec/unit/network/http/api/indirected_routes_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,6 @@
expect(lambda { handler.uri2indirection("GET", "#{master_url_prefix}/certificate/foo", params) }).to raise_error(bad_request_error)
end

it "should fail if the indirection does not have the correct version" do
expect(lambda { handler.uri2indirection("GET", "#{Puppet::Network::HTTP::CA_URL_PREFIX}/v3/certificate/foo", params) }).to raise_error(bad_request_error)
end

it "should not pass a buck_path parameter through (See Bugs #13553, #13518, #13511)" do
expect(handler.uri2indirection("GET", "#{master_url_prefix}/node/bar",
{ :environment => "env",
Expand Down
26 changes: 0 additions & 26 deletions spec/unit/network/http/api_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,9 @@ def respond(text)

describe "Puppet API" do
let(:handler) { PuppetSpec::Handler.new(Puppet::Network::HTTP::API.master_routes,
Puppet::Network::HTTP::API.ca_routes,
Puppet::Network::HTTP::API.not_found_upgrade) }

let(:master_prefix) { Puppet::Network::HTTP::MASTER_URL_PREFIX }
let(:ca_prefix) { Puppet::Network::HTTP::CA_URL_PREFIX }

it "raises a not-found error for non-CA or master routes and suggests an upgrade" do
req = Puppet::Network::HTTP::Request.from_hash(:path => "/unknown")
Expand All @@ -61,7 +59,6 @@ def respond(text)
expect(res[:status]).to eq(404)
expect(res[:body]).to include("Puppet version: #{Puppet.version}")
expect(res[:body]).to include("Supported /puppet API versions: #{Puppet::Network::HTTP::MASTER_URL_VERSIONS}")
expect(res[:body]).to include("Supported /puppet-ca API versions: #{Puppet::Network::HTTP::CA_URL_VERSIONS}")
end

it "gives an upgrade message for CA routes" do
Expand All @@ -71,7 +68,6 @@ def respond(text)
expect(res[:status]).to eq(404)
expect(res[:body]).to include("Puppet version: #{Puppet.version}")
expect(res[:body]).to include("Supported /puppet API versions: #{Puppet::Network::HTTP::MASTER_URL_VERSIONS}")
expect(res[:body]).to include("Supported /puppet-ca API versions: #{Puppet::Network::HTTP::CA_URL_VERSIONS}")
end
end

Expand Down Expand Up @@ -101,27 +97,5 @@ def respond(text)
expect(res[:body]).not_to include("Puppet version: #{Puppet.version}")
end
end

describe "when processing CA routes" do
it "responds to v1 indirector requests" do
Puppet::SSL::Certificate.indirection.stubs(:find).returns "foo"
req = Puppet::Network::HTTP::Request.from_hash(:path => "#{ca_prefix}/v1/certificate/foo",
:params => {:environment => "production"},
:headers => {'accept' => "s"})
res = {}
handler.process(req, res)
expect(res[:body]).to eq("foo")
expect(res[:status]).to eq(200)
end

it "responds with a not found error to non-v1 requests and does not suggest an upgrade" do
req = Puppet::Network::HTTP::Request.from_hash(:path => "#{ca_prefix}/unknown")
res = {}
handler.process(req, res)
expect(res[:status]).to eq(404)
expect(res[:body]).to include("No route for GET #{ca_prefix}/unknown")
expect(res[:body]).not_to include("Puppet version: #{Puppet.version}")
end
end
end
end

0 comments on commit 5533c26

Please sign in to comment.