RubyGems - bolt - Versions diffs - 0.23.0 → 0.24.0 - Mend

bolt 0.23.0 → 0.24.0

Potentially problematic release.

This version of bolt might be problematic. Click here for more details.

Files changed (192) hide show

data/vendored/puppet/lib/puppet/face/certificate_request.rb DELETED

@@ -1,56 +0,0 @@
-require 'puppet/indirector/face'
-Puppet::Indirector::Face.define(:certificate_request, '0.0.1') do
-  copyright "Puppet Inc.", 2011
-  license   "Apache 2 license; see COPYING"
-  summary _("Manage certificate requests.")
-  description <<-EOT
-    This subcommand retrieves and submits certificate signing requests (CSRs).
-  EOT
-  deactivate_action(:destroy)
-  find = get_action(:find)
-  find.summary "Retrieve a single CSR."
-  find.arguments "[<host>]"
-  find.render_as = :s
-  find.returns <<-EOT
-    A single certificate request. When used from the Ruby API, returns a
-    Puppet::SSL::CertificateRequest object.
-    Defaults to the current nodes certname.
-  EOT
-  find.examples <<-EOT
-    Retrieve a single CSR from the puppet master's CA:
-    $ puppet certificate_request find somenode.puppetlabs.lan --terminus rest
-  EOT
-  search = get_action(:search)
-  search.summary "Retrieve all outstanding CSRs."
-  search.arguments "<dummy_text>"
-  search.render_as = :s
-  search.returns <<-EOT
-    A list of certificate requests. When used from the Ruby API, returns an
-    array of Puppet::SSL::CertificateRequest objects.
-  EOT
-  search.short_description <<-EOT
-    Retrieves all outstanding certificate signing requests. Due to a known bug,
-    this action requires a dummy search key, the content of which is irrelevant.
-  EOT
-  search.notes <<-EOT
-    Although this action always returns all CSRs, it requires a dummy search
-    key; this is a known bug.
-  EOT
-  search.examples <<-EOT
-    Retrieve all CSRs from the local CA (similar to 'puppet cert list'):
-    $ puppet certificate_request search x --terminus ca
-  EOT
-  get_action(:save).summary "API only: submit a certificate signing request."
-  get_action(:save).arguments "<x509_CSR>"
-  deprecate
-end

data/vendored/puppet/lib/puppet/face/certificate_revocation_list.rb DELETED

@@ -1,56 +0,0 @@
-require 'puppet/indirector/face'
-Puppet::Indirector::Face.define(:certificate_revocation_list, '0.0.1') do
-  copyright "Puppet Inc.", 2011
-  license   "Apache 2 license; see COPYING"
-  summary _("Manage the list of revoked certificates.")
-  description <<-EOT
-    This subcommand is primarily for retrieving the certificate revocation
-    list from the CA.
-  EOT
-  find = get_action(:find)
-  find.summary "Retrieve the certificate revocation list."
-  find.render_as = :s
-  find.returns <<-EOT
-    The certificate revocation list. When used from the Ruby API: returns an
-    OpenSSL::X509::CRL object.
-  EOT
-  find.short_description <<-EOT
-    Retrieves the certificate revocation list.
-  EOT
-  find.notes <<-EOT
-    Although this action always returns the CRL from the specified terminus.
-  EOT
-  find.examples <<-EXAMPLES
-    Retrieve a copy of the puppet master's CRL:
-    $ puppet certificate_revocation_list find --terminus rest
-  EXAMPLES
-  destroy = get_action(:destroy)
-  destroy.summary "Delete the certificate revocation list."
-  destroy.arguments "<dummy_text>"
-  destroy.returns "Nothing."
-  destroy.description <<-EOT
-    Deletes the certificate revocation list. This cannot be done over REST, but
-    it is possible to delete the locally cached copy or the local CA's copy of
-    the CRL.
-  EOT
-  destroy.short_description <<-EOT
-    Deletes the certificate revocation list. This cannot be done over REST, but
-    it is possible to delete the locally cached copy or the local CA's copy of
-    the CRL. Due to a known bug, this action requires a dummy argument, the
-    content of which is irrelevant.
-  EOT
-  destroy.notes <<-EOT
-    Although this action always deletes the CRL from the specified terminus, it
-    requires a dummy argument; this is a known bug.
-  EOT
-  deactivate_action(:search)
-  deactivate_action(:save)
-  deprecate
-end

data/vendored/puppet/lib/puppet/graph/random_prioritizer.rb DELETED

@@ -1,16 +0,0 @@
-# Assign a random priority to items.
-#
-# @api private
-class Puppet::Graph::RandomPrioritizer < Puppet::Graph::Prioritizer
-  def generate_priority_for(key)
-    if priority_of(key).nil?
-      record_priority_for(key, SecureRandom.uuid)
-    else
-      priority_of(key)
-    end
-  end
-  def generate_priority_contained_in(container, key)
-    generate_priority_for(key)
-  end
-end

data/vendored/puppet/lib/puppet/graph/title_hash_prioritizer.rb DELETED

@@ -1,16 +0,0 @@
-# Prioritize keys, which must be Puppet::Resources, based on a static hash of
-# the key's ref. This prioritizer does not take containment into account.
-#
-# @api private
-require 'digest/sha1'
-class Puppet::Graph::TitleHashPrioritizer < Puppet::Graph::Prioritizer
-  def generate_priority_for(resource)
-    record_priority_for(resource,
-                        Digest::SHA1.hexdigest("NaCl, MgSO4 (salts) and then #{resource.ref}"))
-  end
-  def generate_priority_contained_in(container, resource)
-    generate_priority_for(resource)
-  end
-end

data/vendored/puppet/lib/puppet/indirector/certificate/ca.rb DELETED

@@ -1,9 +0,0 @@
-require 'puppet/indirector/ssl_file'
-require 'puppet/ssl/certificate'
-class Puppet::SSL::Certificate::Ca < Puppet::Indirector::SslFile
-  desc "Manage the CA collection of signed SSL certificates on disk."
-  store_in :signeddir
-  store_ca_at :cacert
-end

data/vendored/puppet/lib/puppet/indirector/certificate/disabled_ca.rb DELETED

@@ -1,22 +0,0 @@
-require 'puppet/indirector/code'
-require 'puppet/ssl/certificate'
-class Puppet::SSL::Certificate::DisabledCa < Puppet::Indirector::Code
-  desc "Manage SSL certificates on disk, but reject any remote access
-to the SSL data store.  Used when a master has an explicitly disabled
-CA to prevent clients getting confusing 'success' behaviour."
-  def initialize
-    @file = Puppet::SSL::Certificate.indirection.terminus(:file)
-  end
-  [:find, :head, :search, :save, :destroy].each do |name|
-    define_method(name) do |request|
-      if request.remote?
-        raise Puppet::Error, _("this master is not a CA")
-      else
-        @file.send(name, request)
-      end
-    end
-  end
-end

data/vendored/puppet/lib/puppet/indirector/certificate_request/ca.rb DELETED

@@ -1,22 +0,0 @@
-require 'puppet/indirector/ssl_file'
-require 'puppet/ssl/certificate_request'
-class Puppet::SSL::CertificateRequest::Ca < Puppet::Indirector::SslFile
-  desc "Manage the CA collection of certificate requests on disk."
-  store_in :csrdir
-  def save(request)
-    if host = Puppet::SSL::Host.indirection.find(request.key)
-      if Puppet[:allow_duplicate_certs]
-        Puppet.notice _("%{request} already has a %{host} certificate; new certificate will overwrite it") % { request: request.key, host: host.state }
-      else
-        raise _("%{request} already has a %{host} certificate; ignoring certificate request") % { request: request.key, host: host.state }
-      end
-    end
-    result = super
-    Puppet.notice _("%{request} has a waiting certificate request") % { request: request.key }
-    result
-  end
-end

data/vendored/puppet/lib/puppet/indirector/certificate_request/disabled_ca.rb DELETED

@@ -1,22 +0,0 @@
-require 'puppet/indirector/code'
-require 'puppet/ssl/certificate_request'
-class Puppet::SSL::CertificateRequest::DisabledCa < Puppet::Indirector::Code
-  desc "Manage SSL certificate requests on disk, but reject any remote access
-to the SSL data store. Used when a master has an explicitly disabled CA to
-prevent clients getting confusing 'success' behaviour."
-  def initialize
-    @file = Puppet::SSL::CertificateRequest.indirection.terminus(:file)
-  end
-  [:find, :head, :search, :save, :destroy].each do |name|
-    define_method(name) do |request|
-      if request.remote?
-        raise Puppet::Error, _("this master is not a CA")
-      else
-        @file.send(name, request)
-      end
-    end
-  end
-end

data/vendored/puppet/lib/puppet/indirector/certificate_revocation_list/ca.rb DELETED

@@ -1,8 +0,0 @@
-require 'puppet/indirector/ssl_file'
-require 'puppet/ssl/certificate_revocation_list'
-class Puppet::SSL::CertificateRevocationList::Ca < Puppet::Indirector::SslFile
-  desc "Manage the CA collection of certificate requests on disk."
-  store_at :cacrl
-end

data/vendored/puppet/lib/puppet/indirector/certificate_revocation_list/disabled_ca.rb DELETED

@@ -1,22 +0,0 @@
-require 'puppet/indirector/code'
-require 'puppet/ssl/certificate_revocation_list'
-class Puppet::SSL::CertificateRevocationList::DisabledCa < Puppet::Indirector::Code
-  desc "Manage SSL certificate revocation lists, but reject any remote access
-to the SSL data store. Used when a master has an explicitly disabled CA to
-prevent clients getting confusing 'success' behaviour."
-  def initialize
-    @file = Puppet::SSL::CertificateRevocationList.indirection.terminus(:file)
-  end
-  [:find, :head, :search, :save, :destroy].each do |name|
-    define_method(name) do |request|
-      if request.remote?
-        raise Puppet::Error, _("this master is not a CA")
-      else
-        @file.send(name, request)
-      end
-    end
-  end
-end

data/vendored/puppet/lib/puppet/indirector/certificate_revocation_list/file.rb DELETED

@@ -1,8 +0,0 @@
-require 'puppet/indirector/ssl_file'
-require 'puppet/ssl/certificate_revocation_list'
-class Puppet::SSL::CertificateRevocationList::File < Puppet::Indirector::SslFile
-  desc "Manage the global certificate revocation list."
-  store_at :hostcrl
-end

data/vendored/puppet/lib/puppet/indirector/certificate_revocation_list/rest.rb DELETED

@@ -1,11 +0,0 @@
-require 'puppet/ssl/certificate_revocation_list'
-require 'puppet/indirector/rest'
-class Puppet::SSL::CertificateRevocationList::Rest < Puppet::Indirector::REST
-  desc "Find and save certificate revocation lists over HTTP via REST."
-  use_server_setting(:ca_server)
-  use_port_setting(:ca_port)
-  use_srv_service(:ca)
-end

data/vendored/puppet/lib/puppet/indirector/certificate_status.rb DELETED

@@ -1,4 +0,0 @@
-require 'puppet/indirector'
-class Puppet::Indirector::CertificateStatus
-end

data/vendored/puppet/lib/puppet/indirector/certificate_status/file.rb DELETED

@@ -1,91 +0,0 @@
-require 'puppet'
-require 'puppet/indirector/certificate_status'
-require 'puppet/ssl/certificate'
-require 'puppet/ssl/certificate_authority'
-require 'puppet/ssl/certificate_request'
-require 'puppet/ssl/host'
-require 'puppet/ssl/key'
-class Puppet::Indirector::CertificateStatus::File < Puppet::Indirector::Code
-  desc "Manipulate certificate status on the local filesystem. Only functional
-    on the CA."
-  def ca
-    raise ArgumentError, _("This process is not configured as a certificate authority") unless Puppet::SSL::CertificateAuthority.ca?
-    Puppet::SSL::CertificateAuthority.new
-  end
-  def destroy(request)
-    deleted = []
-    [
-      Puppet::SSL::Certificate,
-      Puppet::SSL::CertificateRequest,
-      Puppet::SSL::Key,
-    ].collect do |part|
-      if part.indirection.destroy(request.key)
-        deleted << "#{part}"
-      end
-    end
-    return _("Nothing was deleted") if deleted.empty?
-    _("Deleted for %{request}: %{deleted}") % { request: request.key, deleted: deleted.join(", ") }
-  end
-  def save(request)
-    if request.instance.desired_state == "signed"
-      certificate_request = Puppet::SSL::CertificateRequest.indirection.find(request.key)
-      raise Puppet::Error, _("Cannot sign for host %{request} without a certificate request") % { request: request.key } unless certificate_request
-      ca.sign(request.key)
-    elsif request.instance.desired_state == "revoked"
-      certificate = Puppet::SSL::Certificate.indirection.find(request.key)
-      raise Puppet::Error, _("Cannot revoke host %{request} because has it doesn't have a signed certificate") % { request: request.key } unless certificate
-      ca.revoke(request.key)
-    else
-      raise Puppet::Error, _("State %{state} invalid; Must specify desired state of 'signed' or 'revoked' for host %{request}") % { state: request.instance.desired_state, request: request.key }
-    end
-  end
-  def search(request)
-    # Support historic interface wherein users provide classes to filter
-    # the search.  When used via the REST API, the arguments must be
-    # a Symbol or an Array containing Symbol objects.
-    klasses = case request.options[:for]
-    when Class
-      [request.options[:for]]
-    when nil
-      [
-        Puppet::SSL::Certificate,
-        Puppet::SSL::CertificateRequest,
-        Puppet::SSL::Key,
-      ]
-    else
-      [request.options[:for]].flatten.map do |klassname|
-        indirection.class.model(klassname.to_sym)
-      end
-    end
-    klasses.collect do |klass|
-      klass.indirection.search(request.key, request.options)
-    end.flatten.collect do |result|
-      result.name
-    end.uniq.collect(&Puppet::SSL::Host.method(:new))
-  end
-  def find(request)
-    ssl_host = Puppet::SSL::Host.new(request.key)
-    public_key = Puppet::SSL::Certificate.indirection.find(request.key)
-    if ssl_host.certificate_request || public_key
-      ssl_host
-    else
-      nil
-    end
-  end
-  def validate_key(request)
-    # We only use desired_state from the instance and use request.key
-    # otherwise, so the name does not need to match
-  end
-end

data/vendored/puppet/lib/puppet/indirector/certificate_status/rest.rb DELETED

@@ -1,11 +0,0 @@
-require 'puppet/ssl/host'
-require 'puppet/indirector/rest'
-require 'puppet/indirector/certificate_status'
-class Puppet::Indirector::CertificateStatus::Rest < Puppet::Indirector::REST
-  desc "Sign, revoke, search for, or clean certificates & certificate requests over HTTP."
-  use_server_setting(:ca_server)
-  use_port_setting(:ca_port)
-  use_srv_service(:ca)
-end

data/vendored/puppet/lib/puppet/indirector/key/ca.rb DELETED

@@ -1,16 +0,0 @@
-require 'puppet/indirector/ssl_file'
-require 'puppet/ssl/key'
-class Puppet::SSL::Key::Ca < Puppet::Indirector::SslFile
-  desc "Manage the CA's private key on disk. This terminus works with the
-    CA key *only*, because that's the only key that the CA ever interacts
-    with."
-  store_in :privatekeydir
-  store_ca_at :cakey
-  def allow_remote_requests?
-    false
-  end
-end

data/vendored/puppet/lib/puppet/indirector/key/disabled_ca.rb DELETED

@@ -1,22 +0,0 @@
-require 'puppet/indirector/code'
-require 'puppet/ssl/key'
-class Puppet::SSL::Key::DisabledCa < Puppet::Indirector::Code
-  desc "Manage the CA private key, but reject any remote access
-to the SSL data store. Used when a master has an explicitly disabled CA to
-prevent clients getting confusing 'success' behaviour."
-  def initialize
-    @file = Puppet::SSL::Key.indirection.terminus(:file)
-  end
-  [:find, :head, :search, :save, :destroy].each do |name|
-    define_method(name) do |request|
-      if request.remote?
-        raise Puppet::Error, _("this master is not a CA")
-      else
-        @file.send(name, request)
-      end
-    end
-  end
-end

data/vendored/puppet/lib/puppet/indirector/ldap.rb DELETED

@@ -1,86 +0,0 @@
-require 'puppet/indirector/terminus'
-require 'puppet/util/ldap/connection'
-class Puppet::Indirector::Ldap < Puppet::Indirector::Terminus
-  def initialize
-    #TRANSLATORS 'Puppet::Indirector::Ldap' is a class and should not be translated
-    Puppet.deprecation_warning(_("Puppet::Indirector::Ldap is deprecated and will be removed in a future release of Puppet."));
-    super
-  end
-  # Perform our ldap search and process the result.
-  def find(request)
-    ldapsearch(search_filter(request.key)) { |entry| return process(entry) } || nil
-  end
-  # Process the found entry.  We assume that we don't just want the
-  # ldap object.
-  def process(entry)
-    raise Puppet::DevError, _("The 'process' method has not been overridden for the LDAP terminus for %{name}") % { name: self.name }
-  end
-  # Default to all attributes.
-  def search_attributes
-    nil
-  end
-  def search_base
-    Puppet[:ldapbase]
-  end
-  # The ldap search filter to use.
-  def search_filter(name)
-    raise Puppet::DevError, _("No search string set for LDAP terminus for %{name}") % { name: self.name }
-  end
-  # Find the ldap node, return the class list and parent node specially,
-  # and everything else in a parameter hash.
-  def ldapsearch(filter)
-    raise ArgumentError.new(_("You must pass a block to ldapsearch")) unless block_given?
-    found = false
-    count = 0
-    begin
-      connection.search(search_base, 2, filter, search_attributes) do |entry|
-        found = true
-        yield entry
-      end
-    rescue SystemExit,NoMemoryError
-      raise
-    rescue Exception => detail
-      if count == 0
-        # Try reconnecting to ldap if we get an exception and we haven't yet retried.
-        count += 1
-        @connection = nil
-        Puppet.warning _("Retrying LDAP connection")
-        retry
-      else
-        error = Puppet::Error.new(_("LDAP Search failed"))
-        error.set_backtrace(detail.backtrace)
-        raise error
-      end
-    end
-    found
-  end
-  # Create an ldap connection.
-  def connection
-    unless @connection
-      #TRANSLATORS "ruby/ldap libraries" are code dependencies
-      raise Puppet::Error, _("Could not set up LDAP Connection: Missing ruby/ldap libraries") unless Puppet.features.ldap?
-      begin
-        conn = Puppet::Util::Ldap::Connection.instance
-        conn.start
-        @connection = conn.connection
-      rescue => detail
-        message = _("Could not connect to LDAP: %{detail}") % { detail: detail }
-        Puppet.log_exception(detail, message)
-        raise Puppet::Error, message, detail.backtrace
-      end
-    end
-    @connection
-  end
-end