RubyGems - bolt - Versions diffs - 0.23.0 → 0.24.0 - Mend

bolt 0.23.0 → 0.24.0

Potentially problematic release.

This version of bolt might be problematic. Click here for more details.

Files changed (192) hide show

data/lib/bolt/catalog/compiler.rb DELETED

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-# This class exists to override evaluate_main and let us inject
-# AST instead of looking for the main manifest. A better option may be to set up the
-# node environment so our AST is in the '' hostclass instead of doing it here.
-module Puppet
-  module Parser
-    class BoltCompiler < Puppet::Parser::Compiler
-      def internal_evaluator
-        @internal_evaluator ||= Puppet::Pops::Parser::EvaluatingParser.new
-      end
-      def dump_ast(ast)
-        Puppet::Pops::Serialization::ToDataConverter.convert(ast, rich_data: true, symbol_to_string: true)
-      end
-      def load_ast(ast_data)
-        Puppet::Pops::Serialization::FromDataConverter.convert(ast_data)
-      end
-      def parse_string(string, file = '')
-        internal_evaluator.parse_string(string, file)
-      end
-      def evaluate_main
-        main = Puppet.lookup(:pal_main)
-        ast = if main.is_a?(String)
-                parse_string(main)
-              else
-                load_ast(main)
-              end
-        bridge = Puppet::Parser::AST::PopsBridge::Program.new(ast)
-        # This is more or less copypaste from the super but we don't use the
-        # original host_class.
-        krt = environment.known_resource_types
-        @main = krt.add(Puppet::Resource::Type.new(:hostclass, '', code: bridge))
-        @topscope.source = @main
-        @main_resource = Puppet::Parser::Resource.new('class', :main, scope: @topscope, source: @main)
-        @topscope.resource = @main_resource
-        add_resource(@topscope, @main_resource)
-        @main_resource.evaluate
-      end
-    end
-  end
-end

data/lib/bolt/catalog/loaders.rb DELETED

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-module Bolt
-  class Catalog
-    class BoltLoaders < Puppet::Pops::Loaders
-      def create_puppet_system_loader
-        parent = super
-        Puppet::Pops::Loader::ModuleLoaders::FileBased.new(
-          parent,
-          self,
-          'boltlib',
-          File.join(__dir__, '../../../bolt-modules/boltlib'),
-          'boltlib_system'
-        )
-      end
-    end
-  end
-end

data/vendored/puppet/lib/puppet/application/ca.rb DELETED

@@ -1,11 +0,0 @@
-require 'puppet/application/face_base'
-require 'puppet/ssl/oids'
-class Puppet::Application::Ca < Puppet::Application::FaceBase
-  run_mode :master
-  def setup
-    Puppet::SSL::Oids.register_puppet_oids
-    super
-  end
-end

data/vendored/puppet/lib/puppet/application/certificate.rb DELETED

@@ -1,17 +0,0 @@
-require 'puppet/application/indirection_base'
-require 'puppet/ssl/oids'
-class Puppet::Application::Certificate < Puppet::Application::IndirectionBase
-  def setup
-    Puppet::SSL::Oids.register_puppet_oids
-    location = Puppet::SSL::Host.ca_location
-    if location == :local && !Puppet::SSL::CertificateAuthority.ca?
-      # I'd prefer if this could be dealt with differently; ideally, run_mode should be set as
-      #  part of a class definition, and should not be modifiable beyond that.  This is one of
-      #  the cases where that isn't currently possible.
-      Puppet.settings.preferred_run_mode = "master"
-    end
-    super
-  end
-end

data/vendored/puppet/lib/puppet/application/certificate_request.rb DELETED

@@ -1,7 +0,0 @@
-require 'puppet/application/indirection_base'
-# NOTE: this is using an "old" naming convention (underscores instead of camel-case), for backwards
-#  compatibility with 2.7.x.  When the old naming convention is officially and publicly deprecated,
-#  this should be changed to camel-case.
-class Puppet::Application::Certificate_request < Puppet::Application::IndirectionBase
-end

data/vendored/puppet/lib/puppet/application/certificate_revocation_list.rb DELETED

@@ -1,7 +0,0 @@
-require 'puppet/application/indirection_base'
-# NOTE: this is using an "old" naming convention (underscores instead of camel-case), for backwards
-#  compatibility with 2.7.x.  When the old naming convention is officially and publicly deprecated,
-#  this should be changed to camel-case.
-class Puppet::Application::Certificate_revocation_list < Puppet::Application::IndirectionBase
-end

data/vendored/puppet/lib/puppet/face/ca.rb DELETED

@@ -1,266 +0,0 @@
-require 'puppet/face'
-Puppet::Face.define(:ca, '0.1.0') do
-  copyright "Puppet Inc.", 2011
-  license   _("Apache 2 license; see COPYING")
-  summary _("Local Puppet Certificate Authority management.")
-  description <<-TEXT
-    This provides local management of the Puppet Certificate Authority.
-    You can use this subcommand to sign outstanding certificate requests, list
-    and manage local certificates, and inspect the state of the CA.
-  TEXT
-  action :list do
-    summary _("List certificates and/or certificate requests.")
-    description <<-TEXT
-      This will list the current certificates and certificate signing requests
-      in the Puppet CA.  You will also get the fingerprint, and any certificate
-      verification failure reported.
-    TEXT
-    option "--[no-]all" do
-      summary _("Include all certificates and requests.")
-    end
-    option "--[no-]pending" do
-      summary _("Include pending certificate signing requests.")
-    end
-    option "--[no-]signed" do
-      summary _("Include signed certificates.")
-    end
-    option "--digest " + _("ALGORITHM") do
-      summary _("The hash algorithm to use when displaying the fingerprint")
-    end
-    option "--subject " + _("PATTERN") do
-      summary _("Only list if the subject matches PATTERN.")
-      description <<-TEXT
-        Only include certificates or requests where subject matches PATTERN.
-        PATTERN is interpreted as a regular expression, allowing complex
-        filtering of the content.
-      TEXT
-    end
-    when_invoked do |options|
-      #TRANSLATORS "CA" stands for "certificate authority"
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        #TRANSLATORS "CA" stands for "certificate authority"
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :only
-      pattern = options[:subject].nil? ? nil :
-        Regexp.new(options[:subject], Regexp::IGNORECASE)
-      pending = options[:pending].nil? ? options[:all] : options[:pending]
-      signed  = options[:signed].nil?  ? options[:all] : options[:signed]
-      # By default we list pending, so if nothing at all was requested...
-      unless pending or signed then pending = true end
-      hosts = []
-      pending and hosts += ca.waiting?
-      signed  and hosts += ca.list
-      pattern and hosts = hosts.select {|hostname| pattern.match hostname }
-      hosts.sort.map {|host| Puppet::SSL::Host.new(host) }
-    end
-    when_rendering :console do |hosts, options|
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        raise _("Unable to fetch the CA")
-      end
-      length = hosts.map{|x| x.name.length }.max.to_i + 1
-      hosts.map do |host|
-        name = host.name.ljust(length)
-        if host.certificate_request then
-          "  #{name} #{host.certificate_request.digest(options[:digest])}"
-        else
-          begin
-            ca.verify(host.name)
-            "+ #{name} #{host.certificate.digest(options[:digest])}"
-          rescue Puppet::SSL::CertificateAuthority::CertificateVerificationError => e
-            "- #{name} #{host.certificate.digest(options[:digest])} (#{e.to_s})"
-          end
-        end
-      end.join("\n")
-    end
-  end
-  action :destroy do
-    summary _("Destroy named certificate or pending certificate request.")
-    when_invoked do |host, options|
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :local
-      ca.destroy host
-    end
-  end
-  action :revoke do
-    summary _("Add certificate to certificate revocation list.")
-    when_invoked do |host, options|
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :only
-      begin
-        ca.revoke host
-      rescue ArgumentError => e
-        # This is a bit naff, but it makes the behaviour consistent with the
-        # destroy action.  The underlying tools could be nicer for that sort
-        # of thing; they have fairly inconsistent reporting of failures.
-        raise unless e.to_s =~ /Could not find a serial number for /
-        _("Nothing was revoked")
-      end
-    end
-  end
-  action :generate do
-    summary _("Generate a certificate for a named client.")
-    option "--dns-alt-names " + _("NAMES") do
-      summary _("Additional DNS names to add to the certificate request")
-      description Puppet.settings.setting(:dns_alt_names).desc
-    end
-    when_invoked do |host, options|
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :local
-      begin
-        ca.generate(host, :dns_alt_names => options[:dns_alt_names])
-      rescue RuntimeError => e
-        if e.to_s =~ /already has a requested certificate/
-          _("%{host} already has a certificate request; use sign instead") % { host: host }
-        else
-          raise
-        end
-      rescue ArgumentError => e
-        if e.to_s =~ /A Certificate already exists for /
-          _("%{host} already has a certificate") % { host: host }
-        else
-          raise
-        end
-      end
-    end
-  end
-  action :sign do
-    summary _("Sign an outstanding certificate request.")
-    option("--[no-]allow-dns-alt-names") do
-      summary _("Whether or not to accept DNS alt names in the certificate request")
-    end
-    when_invoked do |host, options|
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :only
-      begin
-        signing_options = options.select { |k,_|
-          [:allow_dns_alt_names, :allow_authorization_extensions].include?(k)
-        }
-        ca.sign(host, signing_options)
-      rescue ArgumentError => e
-        if e.to_s =~ /Could not find certificate request/
-          e.to_s
-        else
-          raise
-        end
-      end
-    end
-  end
-  action :print do
-    summary _("Print the full-text version of a host's certificate.")
-    when_invoked do |host, options|
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :only
-      ca.print host
-    end
-  end
-  action :fingerprint do
-    #TRANSLATORS "DIGEST" refers to a hash algorithm
-    summary _("Print the DIGEST (defaults to the signing algorithm) fingerprint of a host's certificate.")
-    option "--digest " + _("ALGORITHM") do
-      summary _("The hash algorithm to use when displaying the fingerprint")
-    end
-    when_invoked do |host, options|
-      #TRANSLATORS "CA" stands for "certificate authority"
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless Puppet::SSL::CertificateAuthority.instance
-        #TRANSLATORS "CA" stands for "certificate authority"
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :only
-      if cert = (Puppet::SSL::Certificate.indirection.find(host) || Puppet::SSL::CertificateRequest.indirection.find(host))
-        cert.digest(options[:digest]).to_s
-      else
-        nil
-      end
-    end
-  end
-  action :verify do
-    summary "Verify the named certificate against the local CA certificate."
-    when_invoked do |host, options|
-      #TRANSLATORS "CA" stands for "certificate authority"
-      raise _("Not a CA") unless Puppet::SSL::CertificateAuthority.ca?
-      unless ca = Puppet::SSL::CertificateAuthority.instance
-        #TRANSLATORS "CA" stands for "certificate authority"
-        raise _("Unable to fetch the CA")
-      end
-      Puppet::SSL::Host.ca_location = :only
-      begin
-        ca.verify host
-        { :host => host, :valid => true }
-      rescue ArgumentError => e
-        raise unless e.to_s =~ /Could not find a certificate for/
-        { :host => host, :valid => false, :error => e.to_s }
-      rescue Puppet::SSL::CertificateAuthority::CertificateVerificationError => e
-        { :host => host, :valid => false, :error => e.to_s }
-      end
-    end
-    when_rendering :console do |value|
-      if value[:valid]
-        nil
-      else
-        _("Could not verify %{host}: %{error}") % { host: value[:host], error: value[:error] }
-      end
-    end
-  end
-  deprecate
-end

data/vendored/puppet/lib/puppet/face/certificate.rb DELETED

@@ -1,167 +0,0 @@
-require 'puppet/indirector/face'
-require 'puppet/ssl/host'
-Puppet::Indirector::Face.define(:certificate, '0.0.1') do
-  copyright "Puppet Inc.", 2011
-  license   _("Apache 2 license; see COPYING")
-  summary _("Provide access to the CA for certificate management.")
-  description <<-EOT
-    This subcommand interacts with a local or remote Puppet certificate
-    authority. Currently, its behavior is not a full superset of `puppet
-    cert`; specifically, it is unable to mimic puppet cert's "clean" option,
-    and its "generate" action submits a CSR rather than creating a
-    signed certificate.
-  EOT
-  option "--ca-location " + _("LOCATION") do
-    required
-    summary _("Which certificate authority to use (local or remote).")
-    description <<-EOT
-      Whether to act on the local certificate authority or one provided by a
-      remote puppet master. Allowed values are 'local' and 'remote.'
-      This option is required.
-    EOT
-    before_action do |action, args, options|
-      unless [:remote, :local, :only].include? options[:ca_location].to_sym
-        raise ArgumentError, _("Valid values for ca-location are 'remote', 'local', 'only'.")
-      end
-      Puppet::SSL::Host.ca_location = options[:ca_location].to_sym
-    end
-  end
-  action :generate do
-    summary _("Generate a new certificate signing request.")
-    arguments _("<host>")
-    returns "Nothing."
-    description <<-EOT
-      Generates and submits a certificate signing request (CSR) for the
-      specified host. This CSR will then have to be signed by a user
-      with the proper authorization on the certificate authority.
-      Puppet agent usually handles CSR submission automatically. This action is
-      primarily useful for requesting certificates for individual users and
-      external applications.
-    EOT
-    examples <<-EOT
-      Request a certificate for "somenode" from the site's CA:
-      $ puppet certificate generate somenode.puppetlabs.lan --ca-location remote
-    EOT
-    # Duplicate the option here explicitly to distinguish if it was passed arg
-    # us vs. set in the config file.
-    option "--dns-alt-names "+ _("NAMES") do
-      summary _("Additional DNS names to add to the certificate request")
-      description Puppet.settings.setting(:dns_alt_names).desc
-    end
-    when_invoked do |name, options|
-      host = Puppet::SSL::Host.new(name)
-      # We have a weird case where we have --dns_alt_names from Puppet, but
-      # this option is --dns-alt-names. Until we can get rid of --dns-alt-names
-      # or do a global tr('-', '_'), we have to support both.
-      # In supporting both, we'll use Puppet[:dns_alt_names] if specified on
-      # command line. We'll use options[:dns_alt_names] if specified on
-      # command line. If both specified, we'll fail.
-      # jeffweiss 17 april 2012
-      global_setting_from_cli = Puppet.settings.set_by_cli?(:dns_alt_names) == true
-      raise ArgumentError, _("Can't specify both --dns_alt_names and --dns-alt-names") if options[:dns_alt_names] and global_setting_from_cli
-      options[:dns_alt_names] = Puppet[:dns_alt_names] if global_setting_from_cli
-      # If dns_alt_names are specified via the command line, we will always add
-      # them. Otherwise, they will default to the config file setting iff this
-      # cert is for the host we're running on.
-      unless Puppet::FileSystem.exist?(Puppet[:hostcert])
-        Puppet.push_context({:ssl_host => host})
-      end
-      host.generate_certificate_request(:dns_alt_names => options[:dns_alt_names])
-    end
-  end
-  action :list do
-    summary _("List all certificate signing requests.")
-    returns <<-EOT
-      An array of #inspect output from CSR objects. This output is
-      currently messy, but does contain the names of nodes requesting
-      certificates. This action returns #inspect strings even when used
-      from the Ruby API.
-    EOT
-    when_invoked do |options|
-      Puppet::SSL::Host.indirection.search("*", {
-        :for => :certificate_request,
-      }).map { |h| h.inspect }
-    end
-  end
-  action :sign do
-    summary _("Sign a certificate signing request for HOST.")
-    arguments _("<host>")
-    returns <<-EOT
-      A string that appears to be (but isn't) an x509 certificate.
-    EOT
-    examples <<-EOT
-      Sign somenode.puppetlabs.lan's certificate:
-      $ puppet certificate sign somenode.puppetlabs.lan --ca-location remote
-    EOT
-    option("--[no-]allow-dns-alt-names") do
-      summary _("Whether or not to accept DNS alt names in the certificate request")
-    end
-    when_invoked do |name, options|
-      host = Puppet::SSL::Host.new(name)
-      if Puppet::SSL::Host.ca_location == :remote
-        if options[:allow_dns_alt_names]
-          raise ArgumentError, _("--allow-dns-alt-names may not be specified with a remote CA")
-        end
-        host.desired_state = 'signed'
-        Puppet::SSL::Host.indirection.save(host)
-      else
-        # We have to do this case manually because we need to specify
-        # allow_dns_alt_names.
-        unless ca = Puppet::SSL::CertificateAuthority.instance
-          raise ArgumentError, _("This process is not configured as a certificate authority")
-        end
-        signing_options = {allow_dns_alt_names: options[:allow_dns_alt_names]}
-        ca.sign(name, signing_options)
-      end
-    end
-  end
-  # Indirector action doc overrides
-  find = get_action(:find)
-  find.summary _("Retrieve a certificate.")
-  find.arguments _("<host>")
-  find.render_as = :s
-  find.returns <<-EOT
-    An x509 SSL certificate.
-    Note that this action has a side effect of caching a copy of the
-    certificate in Puppet's `ssldir`.
-  EOT
-  destroy = get_action(:destroy)
-  destroy.summary _("Delete a certificate.")
-  destroy.arguments _("<host>")
-  destroy.returns "Nothing."
-  destroy.description <<-EOT
-    Deletes a certificate. This action currently only works on the local CA.
-  EOT
-  deactivate_action(:search)
-  deactivate_action(:save)
-  deprecate
-end