openvox 7.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +15 -0
- data/CODEOWNERS +11 -0
- data/CODE_OF_CONDUCT.md +70 -0
- data/CONTRIBUTING.md +161 -0
- data/Gemfile +82 -0
- data/Guardfile.example +76 -0
- data/LICENSE +202 -0
- data/README.md +68 -0
- data/Rakefile +160 -0
- data/bin/puppet +9 -0
- data/conf/environment.conf +18 -0
- data/conf/fileserver.conf +32 -0
- data/conf/hiera.yaml +11 -0
- data/conf/puppet.conf +6 -0
- data/examples/enc/regexp_nodes/classes/databases +2 -0
- data/examples/enc/regexp_nodes/classes/webservers +2 -0
- data/examples/enc/regexp_nodes/environment/development +2 -0
- data/examples/enc/regexp_nodes/parameters/service/prod +1 -0
- data/examples/enc/regexp_nodes/parameters/service/qa +3 -0
- data/examples/enc/regexp_nodes/parameters/service/sandbox +1 -0
- data/examples/enc/regexp_nodes/regexp_nodes.rb +270 -0
- data/examples/hiera/README.md +91 -0
- data/examples/hiera/etc/hiera.yaml +15 -0
- data/examples/hiera/etc/hieradb/common.yaml +3 -0
- data/examples/hiera/etc/hieradb/dc1.yaml +6 -0
- data/examples/hiera/etc/hieradb/development.yaml +2 -0
- data/examples/hiera/etc/puppet.conf +3 -0
- data/examples/hiera/modules/data/manifests/common.pp +4 -0
- data/examples/hiera/modules/ntp/manifests/config.pp +6 -0
- data/examples/hiera/modules/ntp/manifests/data.pp +4 -0
- data/examples/hiera/modules/ntp/templates/ntp.conf.erb +3 -0
- data/examples/hiera/modules/users/manifests/common.pp +4 -0
- data/examples/hiera/modules/users/manifests/dc1.pp +4 -0
- data/examples/hiera/modules/users/manifests/development.pp +4 -0
- data/examples/hiera/site.pp +3 -0
- data/examples/nagios/check_puppet.rb +123 -0
- data/ext/README.md +13 -0
- data/ext/build_defaults.yaml +18 -0
- data/ext/debian/puppet.default +4 -0
- data/ext/debian/puppet.init +113 -0
- data/ext/hiera/hiera.yaml +15 -0
- data/ext/osx/puppet.plist +32 -0
- data/ext/project_data.yaml +20 -0
- data/ext/redhat/client.init +169 -0
- data/ext/redhat/client.sysconfig +2 -0
- data/ext/solaris/smf/puppet +44 -0
- data/ext/solaris/smf/puppet.xml +46 -0
- data/ext/suse/client.init +141 -0
- data/ext/systemd/puppet.service +26 -0
- data/ext/windows/puppet_interactive.bat +6 -0
- data/ext/windows/puppet_shell.bat +9 -0
- data/ext/windows/run_puppet_interactive.bat +9 -0
- data/ext/windows/service/daemon.bat +6 -0
- data/ext/windows/service/daemon.rb +225 -0
- data/install.rb +499 -0
- data/lib/hiera/puppet_function.rb +84 -0
- data/lib/hiera/scope.rb +90 -0
- data/lib/hiera_puppet.rb +80 -0
- data/lib/puppet/agent/disabler.rb +53 -0
- data/lib/puppet/agent/locker.rb +46 -0
- data/lib/puppet/agent.rb +176 -0
- data/lib/puppet/application/agent.rb +523 -0
- data/lib/puppet/application/apply.rb +428 -0
- data/lib/puppet/application/catalog.rb +4 -0
- data/lib/puppet/application/config.rb +5 -0
- data/lib/puppet/application/describe.rb +253 -0
- data/lib/puppet/application/device.rb +439 -0
- data/lib/puppet/application/doc.rb +233 -0
- data/lib/puppet/application/epp.rb +5 -0
- data/lib/puppet/application/face_base.rb +276 -0
- data/lib/puppet/application/facts.rb +9 -0
- data/lib/puppet/application/filebucket.rb +318 -0
- data/lib/puppet/application/generate.rb +5 -0
- data/lib/puppet/application/help.rb +5 -0
- data/lib/puppet/application/indirection_base.rb +4 -0
- data/lib/puppet/application/lookup.rb +433 -0
- data/lib/puppet/application/module.rb +4 -0
- data/lib/puppet/application/node.rb +4 -0
- data/lib/puppet/application/parser.rb +5 -0
- data/lib/puppet/application/plugin.rb +4 -0
- data/lib/puppet/application/report.rb +4 -0
- data/lib/puppet/application/resource.rb +254 -0
- data/lib/puppet/application/script.rb +264 -0
- data/lib/puppet/application/ssl.rb +323 -0
- data/lib/puppet/application.rb +596 -0
- data/lib/puppet/application_support.rb +68 -0
- data/lib/puppet/coercion.rb +40 -0
- data/lib/puppet/compilable_resource_type.rb +15 -0
- data/lib/puppet/concurrent/lock.rb +16 -0
- data/lib/puppet/concurrent/synchronized.rb +15 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +17 -0
- data/lib/puppet/concurrent.rb +2 -0
- data/lib/puppet/configurer/downloader.rb +85 -0
- data/lib/puppet/configurer/fact_handler.rb +50 -0
- data/lib/puppet/configurer/plugin_handler.rb +59 -0
- data/lib/puppet/configurer.rb +755 -0
- data/lib/puppet/confine/any.rb +26 -0
- data/lib/puppet/confine/boolean.rb +45 -0
- data/lib/puppet/confine/exists.rb +19 -0
- data/lib/puppet/confine/false.rb +25 -0
- data/lib/puppet/confine/feature.rb +17 -0
- data/lib/puppet/confine/true.rb +26 -0
- data/lib/puppet/confine/variable.rb +59 -0
- data/lib/puppet/confine.rb +83 -0
- data/lib/puppet/confine_collection.rb +51 -0
- data/lib/puppet/confiner.rb +46 -0
- data/lib/puppet/context/trusted_information.rb +120 -0
- data/lib/puppet/context.rb +188 -0
- data/lib/puppet/daemon.rb +182 -0
- data/lib/puppet/data_binding.rb +14 -0
- data/lib/puppet/datatypes/error.rb +21 -0
- data/lib/puppet/datatypes/impl/error.rb +40 -0
- data/lib/puppet/datatypes.rb +213 -0
- data/lib/puppet/defaults.rb +2277 -0
- data/lib/puppet/environments.rb +601 -0
- data/lib/puppet/error.rb +138 -0
- data/lib/puppet/etc.rb +180 -0
- data/lib/puppet/external/dot.rb +325 -0
- data/lib/puppet/external/pson/common.rb +374 -0
- data/lib/puppet/external/pson/pure/generator.rb +395 -0
- data/lib/puppet/external/pson/pure/parser.rb +308 -0
- data/lib/puppet/external/pson/pure.rb +15 -0
- data/lib/puppet/external/pson/version.rb +8 -0
- data/lib/puppet/face/catalog/select.rb +49 -0
- data/lib/puppet/face/catalog.rb +165 -0
- data/lib/puppet/face/config.rb +267 -0
- data/lib/puppet/face/epp.rb +566 -0
- data/lib/puppet/face/facts.rb +174 -0
- data/lib/puppet/face/generate.rb +66 -0
- data/lib/puppet/face/help/action.erb +90 -0
- data/lib/puppet/face/help/face.erb +115 -0
- data/lib/puppet/face/help/global.erb +16 -0
- data/lib/puppet/face/help/man.erb +152 -0
- data/lib/puppet/face/help.rb +242 -0
- data/lib/puppet/face/module/changes.rb +43 -0
- data/lib/puppet/face/module/install.rb +146 -0
- data/lib/puppet/face/module/list.rb +272 -0
- data/lib/puppet/face/module/uninstall.rb +89 -0
- data/lib/puppet/face/module/upgrade.rb +87 -0
- data/lib/puppet/face/module.rb +19 -0
- data/lib/puppet/face/node/clean.rb +107 -0
- data/lib/puppet/face/node.rb +43 -0
- data/lib/puppet/face/parser.rb +227 -0
- data/lib/puppet/face/plugin.rb +60 -0
- data/lib/puppet/face/report.rb +54 -0
- data/lib/puppet/face/resource.rb +53 -0
- data/lib/puppet/face.rb +12 -0
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/feature/base.rb +76 -0
- data/lib/puppet/feature/bolt.rb +3 -0
- data/lib/puppet/feature/cfpropertylist.rb +3 -0
- data/lib/puppet/feature/eventlog.rb +5 -0
- data/lib/puppet/feature/hiera_eyaml.rb +3 -0
- data/lib/puppet/feature/hocon.rb +3 -0
- data/lib/puppet/feature/libuser.rb +8 -0
- data/lib/puppet/feature/msgpack.rb +3 -0
- data/lib/puppet/feature/pe_license.rb +4 -0
- data/lib/puppet/feature/selinux.rb +3 -0
- data/lib/puppet/feature/ssh.rb +3 -0
- data/lib/puppet/feature/telnet.rb +9 -0
- data/lib/puppet/feature/zlib.rb +5 -0
- data/lib/puppet/ffi/posix/constants.rb +14 -0
- data/lib/puppet/ffi/posix/functions.rb +24 -0
- data/lib/puppet/ffi/posix.rb +10 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/file_bucket/dipper.rb +174 -0
- data/lib/puppet/file_bucket/file.rb +129 -0
- data/lib/puppet/file_bucket.rb +4 -0
- data/lib/puppet/file_serving/base.rb +86 -0
- data/lib/puppet/file_serving/configuration/parser.rb +113 -0
- data/lib/puppet/file_serving/configuration.rb +113 -0
- data/lib/puppet/file_serving/content.rb +43 -0
- data/lib/puppet/file_serving/fileset.rb +186 -0
- data/lib/puppet/file_serving/http_metadata.rb +62 -0
- data/lib/puppet/file_serving/metadata.rb +171 -0
- data/lib/puppet/file_serving/mount/file.rb +122 -0
- data/lib/puppet/file_serving/mount/locales.rb +35 -0
- data/lib/puppet/file_serving/mount/modules.rb +26 -0
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_serving/mount/plugins.rb +35 -0
- data/lib/puppet/file_serving/mount/scripts.rb +24 -0
- data/lib/puppet/file_serving/mount/tasks.rb +23 -0
- data/lib/puppet/file_serving/mount.rb +38 -0
- data/lib/puppet/file_serving/terminus_helper.rb +31 -0
- data/lib/puppet/file_serving/terminus_selector.rb +31 -0
- data/lib/puppet/file_serving.rb +3 -0
- data/lib/puppet/file_system/file_impl.rb +188 -0
- data/lib/puppet/file_system/jruby.rb +23 -0
- data/lib/puppet/file_system/memory_file.rb +79 -0
- data/lib/puppet/file_system/memory_impl.rb +99 -0
- data/lib/puppet/file_system/path_pattern.rb +93 -0
- data/lib/puppet/file_system/posix.rb +47 -0
- data/lib/puppet/file_system/uniquefile.rb +188 -0
- data/lib/puppet/file_system/windows.rb +213 -0
- data/lib/puppet/file_system.rb +419 -0
- data/lib/puppet/forge/cache.rb +60 -0
- data/lib/puppet/forge/errors.rb +114 -0
- data/lib/puppet/forge/repository.rb +95 -0
- data/lib/puppet/forge.rb +259 -0
- data/lib/puppet/functions/abs.rb +61 -0
- data/lib/puppet/functions/alert.rb +14 -0
- data/lib/puppet/functions/all.rb +104 -0
- data/lib/puppet/functions/annotate.rb +108 -0
- data/lib/puppet/functions/any.rb +109 -0
- data/lib/puppet/functions/assert_type.rb +93 -0
- data/lib/puppet/functions/binary_file.rb +32 -0
- data/lib/puppet/functions/break.rb +47 -0
- data/lib/puppet/functions/call.rb +80 -0
- data/lib/puppet/functions/camelcase.rb +62 -0
- data/lib/puppet/functions/capitalize.rb +61 -0
- data/lib/puppet/functions/ceiling.rb +37 -0
- data/lib/puppet/functions/chomp.rb +57 -0
- data/lib/puppet/functions/chop.rb +67 -0
- data/lib/puppet/functions/compare.rb +125 -0
- data/lib/puppet/functions/contain.rb +55 -0
- data/lib/puppet/functions/convert_to.rb +34 -0
- data/lib/puppet/functions/crit.rb +14 -0
- data/lib/puppet/functions/debug.rb +14 -0
- data/lib/puppet/functions/defined.rb +159 -0
- data/lib/puppet/functions/dig.rb +67 -0
- data/lib/puppet/functions/downcase.rb +89 -0
- data/lib/puppet/functions/each.rb +167 -0
- data/lib/puppet/functions/emerg.rb +14 -0
- data/lib/puppet/functions/empty.rb +85 -0
- data/lib/puppet/functions/epp.rb +49 -0
- data/lib/puppet/functions/err.rb +14 -0
- data/lib/puppet/functions/eyaml_lookup_key.rb +102 -0
- data/lib/puppet/functions/filter.rb +137 -0
- data/lib/puppet/functions/find_file.rb +44 -0
- data/lib/puppet/functions/find_template.rb +63 -0
- data/lib/puppet/functions/flatten.rb +64 -0
- data/lib/puppet/functions/floor.rb +37 -0
- data/lib/puppet/functions/get.rb +150 -0
- data/lib/puppet/functions/getvar.rb +87 -0
- data/lib/puppet/functions/group_by.rb +62 -0
- data/lib/puppet/functions/hiera.rb +89 -0
- data/lib/puppet/functions/hiera_array.rb +81 -0
- data/lib/puppet/functions/hiera_hash.rb +92 -0
- data/lib/puppet/functions/hiera_include.rb +104 -0
- data/lib/puppet/functions/hocon_data.rb +41 -0
- data/lib/puppet/functions/import.rb +7 -0
- data/lib/puppet/functions/include.rb +53 -0
- data/lib/puppet/functions/index.rb +167 -0
- data/lib/puppet/functions/info.rb +14 -0
- data/lib/puppet/functions/inline_epp.rb +60 -0
- data/lib/puppet/functions/join.rb +56 -0
- data/lib/puppet/functions/json_data.rb +33 -0
- data/lib/puppet/functions/keys.rb +25 -0
- data/lib/puppet/functions/length.rb +44 -0
- data/lib/puppet/functions/lest.rb +55 -0
- data/lib/puppet/functions/lookup.rb +224 -0
- data/lib/puppet/functions/lstrip.rb +58 -0
- data/lib/puppet/functions/map.rb +135 -0
- data/lib/puppet/functions/match.rb +130 -0
- data/lib/puppet/functions/max.rb +183 -0
- data/lib/puppet/functions/min.rb +182 -0
- data/lib/puppet/functions/module_directory.rb +41 -0
- data/lib/puppet/functions/new.rb +1011 -0
- data/lib/puppet/functions/next.rb +33 -0
- data/lib/puppet/functions/notice.rb +14 -0
- data/lib/puppet/functions/partition.rb +62 -0
- data/lib/puppet/functions/reduce.rb +162 -0
- data/lib/puppet/functions/regsubst.rb +101 -0
- data/lib/puppet/functions/require.rb +77 -0
- data/lib/puppet/functions/return.rb +15 -0
- data/lib/puppet/functions/reverse_each.rb +94 -0
- data/lib/puppet/functions/round.rb +24 -0
- data/lib/puppet/functions/rstrip.rb +58 -0
- data/lib/puppet/functions/scanf.rb +44 -0
- data/lib/puppet/functions/size.rb +15 -0
- data/lib/puppet/functions/slice.rb +124 -0
- data/lib/puppet/functions/sort.rb +74 -0
- data/lib/puppet/functions/split.rb +76 -0
- data/lib/puppet/functions/step.rb +98 -0
- data/lib/puppet/functions/strftime.rb +212 -0
- data/lib/puppet/functions/strip.rb +58 -0
- data/lib/puppet/functions/then.rb +77 -0
- data/lib/puppet/functions/tree_each.rb +197 -0
- data/lib/puppet/functions/type.rb +72 -0
- data/lib/puppet/functions/unique.rb +132 -0
- data/lib/puppet/functions/unwrap.rb +59 -0
- data/lib/puppet/functions/upcase.rb +89 -0
- data/lib/puppet/functions/values.rb +25 -0
- data/lib/puppet/functions/versioncmp.rb +40 -0
- data/lib/puppet/functions/warning.rb +14 -0
- data/lib/puppet/functions/with.rb +32 -0
- data/lib/puppet/functions/yaml_data.rb +45 -0
- data/lib/puppet/functions.rb +862 -0
- data/lib/puppet/generate/models/type/property.rb +70 -0
- data/lib/puppet/generate/models/type/type.rb +65 -0
- data/lib/puppet/generate/templates/type/pcore.erb +42 -0
- data/lib/puppet/generate/type.rb +249 -0
- data/lib/puppet/gettext/config.rb +275 -0
- data/lib/puppet/gettext/module_translations.rb +42 -0
- data/lib/puppet/gettext/stubs.rb +11 -0
- data/lib/puppet/graph/key.rb +26 -0
- data/lib/puppet/graph/prioritizer.rb +29 -0
- data/lib/puppet/graph/rb_tree_map.rb +388 -0
- data/lib/puppet/graph/relationship_graph.rb +284 -0
- data/lib/puppet/graph/sequential_prioritizer.rb +31 -0
- data/lib/puppet/graph/simple_graph.rb +546 -0
- data/lib/puppet/graph.rb +9 -0
- data/lib/puppet/http/client.rb +525 -0
- data/lib/puppet/http/dns.rb +159 -0
- data/lib/puppet/http/errors.rb +48 -0
- data/lib/puppet/http/external_client.rb +88 -0
- data/lib/puppet/http/factory.rb +51 -0
- data/lib/puppet/http/pool.rb +172 -0
- data/lib/puppet/http/pool_entry.rb +17 -0
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +85 -0
- data/lib/puppet/http/resolver/server_list.rb +87 -0
- data/lib/puppet/http/resolver/settings.rb +23 -0
- data/lib/puppet/http/resolver/srv.rb +41 -0
- data/lib/puppet/http/resolver.rb +48 -0
- data/lib/puppet/http/response.rb +102 -0
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +77 -0
- data/lib/puppet/http/service/ca.rb +101 -0
- data/lib/puppet/http/service/compiler.rb +353 -0
- data/lib/puppet/http/service/file_server.rb +198 -0
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +64 -0
- data/lib/puppet/http/service.rb +182 -0
- data/lib/puppet/http/session.rb +122 -0
- data/lib/puppet/http/site.rb +42 -0
- data/lib/puppet/http.rb +46 -0
- data/lib/puppet/indirector/catalog/compiler.rb +431 -0
- data/lib/puppet/indirector/catalog/json.rb +40 -0
- data/lib/puppet/indirector/catalog/msgpack.rb +6 -0
- data/lib/puppet/indirector/catalog/rest.rb +49 -0
- data/lib/puppet/indirector/catalog/store_configs.rb +8 -0
- data/lib/puppet/indirector/catalog/yaml.rb +6 -0
- data/lib/puppet/indirector/code.rb +6 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +7 -0
- data/lib/puppet/indirector/data_binding/none.rb +8 -0
- data/lib/puppet/indirector/direct_file_server.rb +17 -0
- data/lib/puppet/indirector/envelope.rb +11 -0
- data/lib/puppet/indirector/errors.rb +5 -0
- data/lib/puppet/indirector/exec.rb +38 -0
- data/lib/puppet/indirector/face.rb +153 -0
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +117 -0
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/memory.rb +9 -0
- data/lib/puppet/indirector/facts/network_device.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +44 -0
- data/lib/puppet/indirector/facts/store_configs.rb +11 -0
- data/lib/puppet/indirector/facts/yaml.rb +29 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +262 -0
- data/lib/puppet/indirector/file_bucket_file/rest.rb +50 -0
- data/lib/puppet/indirector/file_bucket_file/selector.rb +53 -0
- data/lib/puppet/indirector/file_content/file.rb +7 -0
- data/lib/puppet/indirector/file_content/file_server.rb +7 -0
- data/lib/puppet/indirector/file_content/rest.rb +35 -0
- data/lib/puppet/indirector/file_content/selector.rb +30 -0
- data/lib/puppet/indirector/file_content.rb +5 -0
- data/lib/puppet/indirector/file_metadata/file.rb +7 -0
- data/lib/puppet/indirector/file_metadata/file_server.rb +7 -0
- data/lib/puppet/indirector/file_metadata/http.rb +47 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +56 -0
- data/lib/puppet/indirector/file_metadata/selector.rb +30 -0
- data/lib/puppet/indirector/file_metadata.rb +5 -0
- data/lib/puppet/indirector/file_server.rb +54 -0
- data/lib/puppet/indirector/generic_http.rb +5 -0
- data/lib/puppet/indirector/hiera.rb +100 -0
- data/lib/puppet/indirector/indirection.rb +372 -0
- data/lib/puppet/indirector/json.rb +79 -0
- data/lib/puppet/indirector/memory.rb +34 -0
- data/lib/puppet/indirector/msgpack.rb +83 -0
- data/lib/puppet/indirector/node/exec.rb +70 -0
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/memory.rb +10 -0
- data/lib/puppet/indirector/node/msgpack.rb +7 -0
- data/lib/puppet/indirector/node/plain.rb +21 -0
- data/lib/puppet/indirector/node/rest.rb +29 -0
- data/lib/puppet/indirector/node/store_configs.rb +8 -0
- data/lib/puppet/indirector/node/yaml.rb +7 -0
- data/lib/puppet/indirector/none.rb +9 -0
- data/lib/puppet/indirector/plain.rb +9 -0
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/msgpack.rb +11 -0
- data/lib/puppet/indirector/report/processor.rb +60 -0
- data/lib/puppet/indirector/report/rest.rb +42 -0
- data/lib/puppet/indirector/report/yaml.rb +34 -0
- data/lib/puppet/indirector/request.rb +194 -0
- data/lib/puppet/indirector/resource/ral.rb +66 -0
- data/lib/puppet/indirector/resource/store_configs.rb +12 -0
- data/lib/puppet/indirector/resource/validator.rb +8 -0
- data/lib/puppet/indirector/rest.rb +64 -0
- data/lib/puppet/indirector/store_configs.rb +30 -0
- data/lib/puppet/indirector/terminus.rb +176 -0
- data/lib/puppet/indirector/yaml.rb +63 -0
- data/lib/puppet/indirector.rb +61 -0
- data/lib/puppet/info_service/class_information_service.rb +109 -0
- data/lib/puppet/info_service/plan_information_service.rb +36 -0
- data/lib/puppet/info_service/task_information_service.rb +44 -0
- data/lib/puppet/info_service.rb +26 -0
- data/lib/puppet/interface/action.rb +406 -0
- data/lib/puppet/interface/action_builder.rb +161 -0
- data/lib/puppet/interface/action_manager.rb +98 -0
- data/lib/puppet/interface/documentation.rb +357 -0
- data/lib/puppet/interface/face_collection.rb +137 -0
- data/lib/puppet/interface/option.rb +172 -0
- data/lib/puppet/interface/option_builder.rb +105 -0
- data/lib/puppet/interface/option_manager.rb +106 -0
- data/lib/puppet/interface.rb +239 -0
- data/lib/puppet/loaders.rb +30 -0
- data/lib/puppet/metatype/manager.rb +197 -0
- data/lib/puppet/module/plan.rb +159 -0
- data/lib/puppet/module/task.rb +283 -0
- data/lib/puppet/module.rb +475 -0
- data/lib/puppet/module_tool/applications/application.rb +91 -0
- data/lib/puppet/module_tool/applications/checksummer.rb +62 -0
- data/lib/puppet/module_tool/applications/installer.rb +411 -0
- data/lib/puppet/module_tool/applications/uninstaller.rb +119 -0
- data/lib/puppet/module_tool/applications/unpacker.rb +100 -0
- data/lib/puppet/module_tool/applications/upgrader.rb +282 -0
- data/lib/puppet/module_tool/applications.rb +12 -0
- data/lib/puppet/module_tool/checksums.rb +49 -0
- data/lib/puppet/module_tool/contents_description.rb +89 -0
- data/lib/puppet/module_tool/dependency.rb +41 -0
- data/lib/puppet/module_tool/errors/base.rb +15 -0
- data/lib/puppet/module_tool/errors/installer.rb +93 -0
- data/lib/puppet/module_tool/errors/shared.rb +227 -0
- data/lib/puppet/module_tool/errors/uninstaller.rb +50 -0
- data/lib/puppet/module_tool/errors/upgrader.rb +63 -0
- data/lib/puppet/module_tool/errors.rb +11 -0
- data/lib/puppet/module_tool/install_directory.rb +45 -0
- data/lib/puppet/module_tool/installed_modules.rb +96 -0
- data/lib/puppet/module_tool/local_tarball.rb +90 -0
- data/lib/puppet/module_tool/metadata.rb +221 -0
- data/lib/puppet/module_tool/shared_behaviors.rb +181 -0
- data/lib/puppet/module_tool/tar/gnu.rb +19 -0
- data/lib/puppet/module_tool/tar/mini.rb +116 -0
- data/lib/puppet/module_tool/tar.rb +18 -0
- data/lib/puppet/module_tool.rb +194 -0
- data/lib/puppet/network/authconfig.rb +7 -0
- data/lib/puppet/network/authorization.rb +19 -0
- data/lib/puppet/network/client_request.rb +29 -0
- data/lib/puppet/network/format.rb +110 -0
- data/lib/puppet/network/format_handler.rb +108 -0
- data/lib/puppet/network/format_support.rb +139 -0
- data/lib/puppet/network/formats.rb +329 -0
- data/lib/puppet/network/http/api/indirected_routes.rb +277 -0
- data/lib/puppet/network/http/api/indirection_type.rb +32 -0
- data/lib/puppet/network/http/api/master/v3/environments.rb +3 -0
- data/lib/puppet/network/http/api/master/v3.rb +3 -0
- data/lib/puppet/network/http/api/master.rb +3 -0
- data/lib/puppet/network/http/api/server/v3/environments.rb +48 -0
- data/lib/puppet/network/http/api/server/v3.rb +39 -0
- data/lib/puppet/network/http/api/server.rb +10 -0
- data/lib/puppet/network/http/api.rb +39 -0
- data/lib/puppet/network/http/connection.rb +286 -0
- data/lib/puppet/network/http/error.rb +73 -0
- data/lib/puppet/network/http/handler.rb +215 -0
- data/lib/puppet/network/http/issues.rb +12 -0
- data/lib/puppet/network/http/memory_response.rb +13 -0
- data/lib/puppet/network/http/request.rb +71 -0
- data/lib/puppet/network/http/response.rb +23 -0
- data/lib/puppet/network/http/route.rb +101 -0
- data/lib/puppet/network/http.rb +28 -0
- data/lib/puppet/network/http_pool.rb +77 -0
- data/lib/puppet/network/uri.rb +18 -0
- data/lib/puppet/network.rb +3 -0
- data/lib/puppet/node/environment.rb +635 -0
- data/lib/puppet/node/facts.rb +165 -0
- data/lib/puppet/node/server_facts.rb +46 -0
- data/lib/puppet/node.rb +256 -0
- data/lib/puppet/pal/catalog_compiler.rb +108 -0
- data/lib/puppet/pal/compiler.rb +222 -0
- data/lib/puppet/pal/function_signature.rb +52 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +71 -0
- data/lib/puppet/pal/pal_api.rb +15 -0
- data/lib/puppet/pal/pal_impl.rb +590 -0
- data/lib/puppet/pal/plan_signature.rb +71 -0
- data/lib/puppet/pal/script_compiler.rb +73 -0
- data/lib/puppet/pal/task_signature.rb +58 -0
- data/lib/puppet/parameter/boolean.rb +15 -0
- data/lib/puppet/parameter/package_options.rb +31 -0
- data/lib/puppet/parameter/path.rb +57 -0
- data/lib/puppet/parameter/value.rb +91 -0
- data/lib/puppet/parameter/value_collection.rb +212 -0
- data/lib/puppet/parameter.rb +589 -0
- data/lib/puppet/parser/abstract_compiler.rb +36 -0
- data/lib/puppet/parser/ast/block_expression.rb +15 -0
- data/lib/puppet/parser/ast/branch.rb +19 -0
- data/lib/puppet/parser/ast/hostclass.rb +27 -0
- data/lib/puppet/parser/ast/leaf.rb +81 -0
- data/lib/puppet/parser/ast/node.rb +17 -0
- data/lib/puppet/parser/ast/pops_bridge.rb +245 -0
- data/lib/puppet/parser/ast/resource.rb +66 -0
- data/lib/puppet/parser/ast/resource_instance.rb +10 -0
- data/lib/puppet/parser/ast/resourceparam.rb +31 -0
- data/lib/puppet/parser/ast/top_level_construct.rb +4 -0
- data/lib/puppet/parser/ast.rb +61 -0
- data/lib/puppet/parser/catalog_compiler.rb +56 -0
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +39 -0
- data/lib/puppet/parser/compiler/catalog_validator.rb +33 -0
- data/lib/puppet/parser/compiler.rb +615 -0
- data/lib/puppet/parser/e4_parser_adapter.rb +60 -0
- data/lib/puppet/parser/files.rb +93 -0
- data/lib/puppet/parser/functions/assert_type.rb +60 -0
- data/lib/puppet/parser/functions/binary_file.rb +24 -0
- data/lib/puppet/parser/functions/break.rb +39 -0
- data/lib/puppet/parser/functions/contain.rb +30 -0
- data/lib/puppet/parser/functions/create_resources.rb +110 -0
- data/lib/puppet/parser/functions/defined.rb +107 -0
- data/lib/puppet/parser/functions/dig.rb +38 -0
- data/lib/puppet/parser/functions/digest.rb +5 -0
- data/lib/puppet/parser/functions/each.rb +104 -0
- data/lib/puppet/parser/functions/epp.rb +39 -0
- data/lib/puppet/parser/functions/fail.rb +11 -0
- data/lib/puppet/parser/functions/file.rb +33 -0
- data/lib/puppet/parser/functions/filter.rb +79 -0
- data/lib/puppet/parser/functions/find_file.rb +28 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +44 -0
- data/lib/puppet/parser/functions/generate.rb +37 -0
- data/lib/puppet/parser/functions/hiera.rb +103 -0
- data/lib/puppet/parser/functions/hiera_array.rb +92 -0
- data/lib/puppet/parser/functions/hiera_hash.rb +102 -0
- data/lib/puppet/parser/functions/hiera_include.rb +101 -0
- data/lib/puppet/parser/functions/include.rb +34 -0
- data/lib/puppet/parser/functions/inline_epp.rb +51 -0
- data/lib/puppet/parser/functions/inline_template.rb +26 -0
- data/lib/puppet/parser/functions/lest.rb +49 -0
- data/lib/puppet/parser/functions/lookup.rb +132 -0
- data/lib/puppet/parser/functions/map.rb +76 -0
- data/lib/puppet/parser/functions/match.rb +43 -0
- data/lib/puppet/parser/functions/md5.rb +5 -0
- data/lib/puppet/parser/functions/new.rb +991 -0
- data/lib/puppet/parser/functions/next.rb +38 -0
- data/lib/puppet/parser/functions/realize.rb +20 -0
- data/lib/puppet/parser/functions/reduce.rb +137 -0
- data/lib/puppet/parser/functions/regsubst.rb +62 -0
- data/lib/puppet/parser/functions/require.rb +40 -0
- data/lib/puppet/parser/functions/return.rb +92 -0
- data/lib/puppet/parser/functions/reverse_each.rb +83 -0
- data/lib/puppet/parser/functions/scanf.rb +38 -0
- data/lib/puppet/parser/functions/sha1.rb +5 -0
- data/lib/puppet/parser/functions/sha256.rb +5 -0
- data/lib/puppet/parser/functions/shellquote.rb +61 -0
- data/lib/puppet/parser/functions/slice.rb +39 -0
- data/lib/puppet/parser/functions/split.rb +28 -0
- data/lib/puppet/parser/functions/sprintf.rb +61 -0
- data/lib/puppet/parser/functions/step.rb +84 -0
- data/lib/puppet/parser/functions/strftime.rb +185 -0
- data/lib/puppet/parser/functions/tag.rb +12 -0
- data/lib/puppet/parser/functions/tagged.rb +21 -0
- data/lib/puppet/parser/functions/template.rb +39 -0
- data/lib/puppet/parser/functions/then.rb +73 -0
- data/lib/puppet/parser/functions/type.rb +53 -0
- data/lib/puppet/parser/functions/versioncmp.rb +30 -0
- data/lib/puppet/parser/functions/with.rb +28 -0
- data/lib/puppet/parser/functions.rb +321 -0
- data/lib/puppet/parser/parser_factory.rb +30 -0
- data/lib/puppet/parser/relationship.rb +84 -0
- data/lib/puppet/parser/resource/param.rb +35 -0
- data/lib/puppet/parser/resource.rb +351 -0
- data/lib/puppet/parser/scope.rb +1127 -0
- data/lib/puppet/parser/script_compiler.rb +123 -0
- data/lib/puppet/parser/templatewrapper.rb +104 -0
- data/lib/puppet/parser/type_loader.rb +150 -0
- data/lib/puppet/parser.rb +20 -0
- data/lib/puppet/plugins/configuration.rb +29 -0
- data/lib/puppet/plugins/syntax_checkers.rb +98 -0
- data/lib/puppet/plugins.rb +9 -0
- data/lib/puppet/pops/adaptable.rb +197 -0
- data/lib/puppet/pops/adapters.rb +156 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +719 -0
- data/lib/puppet/pops/evaluator/callable_signature.rb +107 -0
- data/lib/puppet/pops/evaluator/closure.rb +375 -0
- data/lib/puppet/pops/evaluator/collector_transformer.rb +234 -0
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +86 -0
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +29 -0
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +70 -0
- data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +38 -0
- data/lib/puppet/pops/evaluator/compare_operator.rb +254 -0
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +225 -0
- data/lib/puppet/pops/evaluator/epp_evaluator.rb +120 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +1317 -0
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +46 -0
- data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +82 -0
- data/lib/puppet/pops/evaluator/literal_evaluator.rb +100 -0
- data/lib/puppet/pops/evaluator/puppet_proc.rb +69 -0
- data/lib/puppet/pops/evaluator/relationship_operator.rb +185 -0
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +221 -0
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
- data/lib/puppet/pops/evaluator/runtime3_support.rb +535 -0
- data/lib/puppet/pops/functions/dispatch.rb +107 -0
- data/lib/puppet/pops/functions/dispatcher.rb +75 -0
- data/lib/puppet/pops/functions/function.rb +139 -0
- data/lib/puppet/pops/issue_reporter.rb +137 -0
- data/lib/puppet/pops/issues.rb +928 -0
- data/lib/puppet/pops/label_provider.rb +90 -0
- data/lib/puppet/pops/loader/base_loader.rb +178 -0
- data/lib/puppet/pops/loader/dependency_loader.rb +91 -0
- data/lib/puppet/pops/loader/gem_support.rb +51 -0
- data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
- data/lib/puppet/pops/loader/loader.rb +221 -0
- data/lib/puppet/pops/loader/loader_paths.rb +412 -0
- data/lib/puppet/pops/loader/module_loaders.rb +556 -0
- data/lib/puppet/pops/loader/predefined_loader.rb +28 -0
- data/lib/puppet/pops/loader/puppet_function_instantiator.rb +84 -0
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +93 -0
- data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +79 -0
- data/lib/puppet/pops/loader/ruby_data_type_instantiator.rb +39 -0
- data/lib/puppet/pops/loader/ruby_function_instantiator.rb +45 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +120 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +103 -0
- data/lib/puppet/pops/loader/simple_environment_loader.rb +20 -0
- data/lib/puppet/pops/loader/static_loader.rb +131 -0
- data/lib/puppet/pops/loader/task_instantiator.rb +44 -0
- data/lib/puppet/pops/loader/type_definition_instantiator.rb +100 -0
- data/lib/puppet/pops/loader/typed_name.rb +54 -0
- data/lib/puppet/pops/loader/uri_helper.rb +22 -0
- data/lib/puppet/pops/loaders.rb +546 -0
- data/lib/puppet/pops/lookup/configured_data_provider.rb +93 -0
- data/lib/puppet/pops/lookup/context.rb +199 -0
- data/lib/puppet/pops/lookup/data_adapter.rb +27 -0
- data/lib/puppet/pops/lookup/data_dig_function_provider.rb +145 -0
- data/lib/puppet/pops/lookup/data_hash_function_provider.rb +126 -0
- data/lib/puppet/pops/lookup/data_provider.rb +92 -0
- data/lib/puppet/pops/lookup/environment_data_provider.rb +35 -0
- data/lib/puppet/pops/lookup/explainer.rb +595 -0
- data/lib/puppet/pops/lookup/function_provider.rb +110 -0
- data/lib/puppet/pops/lookup/global_data_provider.rb +75 -0
- data/lib/puppet/pops/lookup/hiera_config.rb +775 -0
- data/lib/puppet/pops/lookup/interpolation.rb +155 -0
- data/lib/puppet/pops/lookup/invocation.rb +268 -0
- data/lib/puppet/pops/lookup/key_recorder.rb +18 -0
- data/lib/puppet/pops/lookup/location_resolver.rb +99 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +528 -0
- data/lib/puppet/pops/lookup/lookup_key.rb +99 -0
- data/lib/puppet/pops/lookup/lookup_key_function_provider.rb +92 -0
- data/lib/puppet/pops/lookup/module_data_provider.rb +89 -0
- data/lib/puppet/pops/lookup/sub_lookup.rb +92 -0
- data/lib/puppet/pops/lookup.rb +97 -0
- data/lib/puppet/pops/merge_strategy.rb +441 -0
- data/lib/puppet/pops/migration/migration_checker.rb +58 -0
- data/lib/puppet/pops/model/ast.pp +669 -0
- data/lib/puppet/pops/model/ast.rb +4675 -0
- data/lib/puppet/pops/model/ast_transformer.rb +131 -0
- data/lib/puppet/pops/model/factory.rb +1155 -0
- data/lib/puppet/pops/model/model_label_provider.rb +134 -0
- data/lib/puppet/pops/model/model_tree_dumper.rb +445 -0
- data/lib/puppet/pops/model/pn_transformer.rb +385 -0
- data/lib/puppet/pops/model/tree_dumper.rb +59 -0
- data/lib/puppet/pops/parser/code_merger.rb +29 -0
- data/lib/puppet/pops/parser/egrammar.ra +889 -0
- data/lib/puppet/pops/parser/eparser.rb +3184 -0
- data/lib/puppet/pops/parser/epp_parser.rb +51 -0
- data/lib/puppet/pops/parser/epp_support.rb +265 -0
- data/lib/puppet/pops/parser/evaluating_parser.rb +162 -0
- data/lib/puppet/pops/parser/heredoc_support.rb +153 -0
- data/lib/puppet/pops/parser/interpolation_support.rb +249 -0
- data/lib/puppet/pops/parser/lexer2.rb +777 -0
- data/lib/puppet/pops/parser/lexer_support.rb +221 -0
- data/lib/puppet/pops/parser/locatable.rb +23 -0
- data/lib/puppet/pops/parser/locator.rb +357 -0
- data/lib/puppet/pops/parser/parser_support.rb +251 -0
- data/lib/puppet/pops/parser/pn_parser.rb +317 -0
- data/lib/puppet/pops/parser/slurp_support.rb +118 -0
- data/lib/puppet/pops/patterns.rb +60 -0
- data/lib/puppet/pops/pcore.rb +135 -0
- data/lib/puppet/pops/pn.rb +236 -0
- data/lib/puppet/pops/puppet_stack.rb +61 -0
- data/lib/puppet/pops/resource/param.rb +55 -0
- data/lib/puppet/pops/resource/resource_type_impl.rb +294 -0
- data/lib/puppet/pops/resource/resource_type_set.pcore +22 -0
- data/lib/puppet/pops/semantic_error.rb +29 -0
- data/lib/puppet/pops/serialization/abstract_reader.rb +180 -0
- data/lib/puppet/pops/serialization/abstract_writer.rb +222 -0
- data/lib/puppet/pops/serialization/deserializer.rb +80 -0
- data/lib/puppet/pops/serialization/extension.rb +158 -0
- data/lib/puppet/pops/serialization/from_data_converter.rb +224 -0
- data/lib/puppet/pops/serialization/instance_reader.rb +19 -0
- data/lib/puppet/pops/serialization/instance_writer.rb +14 -0
- data/lib/puppet/pops/serialization/json.rb +297 -0
- data/lib/puppet/pops/serialization/json_path.rb +127 -0
- data/lib/puppet/pops/serialization/object.rb +70 -0
- data/lib/puppet/pops/serialization/serializer.rb +140 -0
- data/lib/puppet/pops/serialization/time_factory.rb +67 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +313 -0
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
- data/lib/puppet/pops/serialization.rb +43 -0
- data/lib/puppet/pops/time/timespan.rb +716 -0
- data/lib/puppet/pops/time/timestamp.rb +160 -0
- data/lib/puppet/pops/types/annotatable.rb +36 -0
- data/lib/puppet/pops/types/annotation.rb +71 -0
- data/lib/puppet/pops/types/class_loader.rb +132 -0
- data/lib/puppet/pops/types/implementation_registry.rb +134 -0
- data/lib/puppet/pops/types/iterable.rb +365 -0
- data/lib/puppet/pops/types/p_binary_type.rb +232 -0
- data/lib/puppet/pops/types/p_init_type.rb +238 -0
- data/lib/puppet/pops/types/p_meta_type.rb +94 -0
- data/lib/puppet/pops/types/p_object_type.rb +1117 -0
- data/lib/puppet/pops/types/p_object_type_extension.rb +228 -0
- data/lib/puppet/pops/types/p_runtime_type.rb +115 -0
- data/lib/puppet/pops/types/p_sem_ver_range_type.rb +190 -0
- data/lib/puppet/pops/types/p_sem_ver_type.rb +155 -0
- data/lib/puppet/pops/types/p_sensitive_type.rb +83 -0
- data/lib/puppet/pops/types/p_timespan_type.rb +192 -0
- data/lib/puppet/pops/types/p_timestamp_type.rb +73 -0
- data/lib/puppet/pops/types/p_type_set_type.rb +387 -0
- data/lib/puppet/pops/types/p_uri_type.rb +190 -0
- data/lib/puppet/pops/types/puppet_object.rb +40 -0
- data/lib/puppet/pops/types/recursion_guard.rb +136 -0
- data/lib/puppet/pops/types/ruby_generator.rb +472 -0
- data/lib/puppet/pops/types/ruby_method.rb +31 -0
- data/lib/puppet/pops/types/string_converter.rb +1134 -0
- data/lib/puppet/pops/types/tree_iterators.rb +254 -0
- data/lib/puppet/pops/types/type_acceptor.rb +25 -0
- data/lib/puppet/pops/types/type_asserter.rb +47 -0
- data/lib/puppet/pops/types/type_assertion_error.rb +27 -0
- data/lib/puppet/pops/types/type_calculator.rb +822 -0
- data/lib/puppet/pops/types/type_conversion_error.rb +15 -0
- data/lib/puppet/pops/types/type_factory.rb +631 -0
- data/lib/puppet/pops/types/type_formatter.rb +801 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1096 -0
- data/lib/puppet/pops/types/type_parser.rb +683 -0
- data/lib/puppet/pops/types/type_set_reference.rb +59 -0
- data/lib/puppet/pops/types/type_with_members.rb +43 -0
- data/lib/puppet/pops/types/types.rb +3633 -0
- data/lib/puppet/pops/utils.rb +119 -0
- data/lib/puppet/pops/validation/checker4_0.rb +1148 -0
- data/lib/puppet/pops/validation/tasks_checker.rb +93 -0
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +45 -0
- data/lib/puppet/pops/validation.rb +459 -0
- data/lib/puppet/pops/visitable.rb +6 -0
- data/lib/puppet/pops/visitor.rb +122 -0
- data/lib/puppet/pops.rb +121 -0
- data/lib/puppet/property/boolean.rb +7 -0
- data/lib/puppet/property/ensure.rb +106 -0
- data/lib/puppet/property/keyvalue.rb +158 -0
- data/lib/puppet/property/list.rb +70 -0
- data/lib/puppet/property/ordered_list.rb +29 -0
- data/lib/puppet/property.rb +611 -0
- data/lib/puppet/provider/aix_object.rb +485 -0
- data/lib/puppet/provider/command.rb +25 -0
- data/lib/puppet/provider/confine.rb +6 -0
- data/lib/puppet/provider/exec/posix.rb +60 -0
- data/lib/puppet/provider/exec/shell.rb +25 -0
- data/lib/puppet/provider/exec/windows.rb +55 -0
- data/lib/puppet/provider/exec.rb +105 -0
- data/lib/puppet/provider/file/posix.rb +144 -0
- data/lib/puppet/provider/file/windows.rb +152 -0
- data/lib/puppet/provider/group/aix.rb +99 -0
- data/lib/puppet/provider/group/directoryservice.rb +22 -0
- data/lib/puppet/provider/group/groupadd.rb +174 -0
- data/lib/puppet/provider/group/ldap.rb +48 -0
- data/lib/puppet/provider/group/pw.rb +51 -0
- data/lib/puppet/provider/group/windows_adsi.rb +113 -0
- data/lib/puppet/provider/ldap.rb +141 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +512 -0
- data/lib/puppet/provider/nameservice/objectadd.rb +22 -0
- data/lib/puppet/provider/nameservice/pw.rb +21 -0
- data/lib/puppet/provider/nameservice.rb +293 -0
- data/lib/puppet/provider/network_device.rb +74 -0
- data/lib/puppet/provider/package/aix.rb +169 -0
- data/lib/puppet/provider/package/appdmg.rb +111 -0
- data/lib/puppet/provider/package/apple.rb +47 -0
- data/lib/puppet/provider/package/apt.rb +262 -0
- data/lib/puppet/provider/package/aptitude.rb +35 -0
- data/lib/puppet/provider/package/aptrpm.rb +83 -0
- data/lib/puppet/provider/package/blastwave.rb +112 -0
- data/lib/puppet/provider/package/dnf.rb +50 -0
- data/lib/puppet/provider/package/dnfmodule.rb +141 -0
- data/lib/puppet/provider/package/dpkg.rb +192 -0
- data/lib/puppet/provider/package/fink.rb +97 -0
- data/lib/puppet/provider/package/freebsd.rb +47 -0
- data/lib/puppet/provider/package/gem.rb +293 -0
- data/lib/puppet/provider/package/hpux.rb +44 -0
- data/lib/puppet/provider/package/macports.rb +110 -0
- data/lib/puppet/provider/package/nim.rb +291 -0
- data/lib/puppet/provider/package/openbsd.rb +260 -0
- data/lib/puppet/provider/package/opkg.rb +82 -0
- data/lib/puppet/provider/package/pacman.rb +273 -0
- data/lib/puppet/provider/package/pip.rb +346 -0
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pip3.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +295 -0
- data/lib/puppet/provider/package/pkgdmg.rb +153 -0
- data/lib/puppet/provider/package/pkgin.rb +87 -0
- data/lib/puppet/provider/package/pkgng.rb +173 -0
- data/lib/puppet/provider/package/pkgutil.rb +187 -0
- data/lib/puppet/provider/package/portage.rb +310 -0
- data/lib/puppet/provider/package/ports.rb +91 -0
- data/lib/puppet/provider/package/portupgrade.rb +240 -0
- data/lib/puppet/provider/package/puppet_gem.rb +34 -0
- data/lib/puppet/provider/package/puppetserver_gem.rb +171 -0
- data/lib/puppet/provider/package/rpm.rb +250 -0
- data/lib/puppet/provider/package/rug.rb +51 -0
- data/lib/puppet/provider/package/sun.rb +133 -0
- data/lib/puppet/provider/package/sunfreeware.rb +9 -0
- data/lib/puppet/provider/package/tdnf.rb +28 -0
- data/lib/puppet/provider/package/up2date.rb +40 -0
- data/lib/puppet/provider/package/urpmi.rb +55 -0
- data/lib/puppet/provider/package/windows/exe_package.rb +106 -0
- data/lib/puppet/provider/package/windows/msi_package.rb +70 -0
- data/lib/puppet/provider/package/windows/package.rb +110 -0
- data/lib/puppet/provider/package/windows.rb +130 -0
- data/lib/puppet/provider/package/yum.rb +387 -0
- data/lib/puppet/provider/package/zypper.rb +206 -0
- data/lib/puppet/provider/package.rb +59 -0
- data/lib/puppet/provider/package_targetable.rb +69 -0
- data/lib/puppet/provider/parsedfile.rb +490 -0
- data/lib/puppet/provider/service/base.rb +139 -0
- data/lib/puppet/provider/service/bsd.rb +51 -0
- data/lib/puppet/provider/service/daemontools.rb +193 -0
- data/lib/puppet/provider/service/debian.rb +75 -0
- data/lib/puppet/provider/service/freebsd.rb +143 -0
- data/lib/puppet/provider/service/gentoo.rb +45 -0
- data/lib/puppet/provider/service/init.rb +192 -0
- data/lib/puppet/provider/service/launchd.rb +384 -0
- data/lib/puppet/provider/service/openbsd.rb +100 -0
- data/lib/puppet/provider/service/openrc.rb +71 -0
- data/lib/puppet/provider/service/openwrt.rb +36 -0
- data/lib/puppet/provider/service/rcng.rb +51 -0
- data/lib/puppet/provider/service/redhat.rb +72 -0
- data/lib/puppet/provider/service/runit.rb +106 -0
- data/lib/puppet/provider/service/service.rb +68 -0
- data/lib/puppet/provider/service/smf.rb +317 -0
- data/lib/puppet/provider/service/src.rb +147 -0
- data/lib/puppet/provider/service/systemd.rb +232 -0
- data/lib/puppet/provider/service/upstart.rb +385 -0
- data/lib/puppet/provider/service/windows.rb +182 -0
- data/lib/puppet/provider/user/aix.rb +361 -0
- data/lib/puppet/provider/user/directoryservice.rb +680 -0
- data/lib/puppet/provider/user/hpux.rb +95 -0
- data/lib/puppet/provider/user/ldap.rb +132 -0
- data/lib/puppet/provider/user/openbsd.rb +77 -0
- data/lib/puppet/provider/user/pw.rb +108 -0
- data/lib/puppet/provider/user/user_role_add.rb +239 -0
- data/lib/puppet/provider/user/useradd.rb +406 -0
- data/lib/puppet/provider/user/windows_adsi.rb +172 -0
- data/lib/puppet/provider.rb +612 -0
- data/lib/puppet/reference/configuration.rb +97 -0
- data/lib/puppet/reference/function.rb +17 -0
- data/lib/puppet/reference/indirection.rb +71 -0
- data/lib/puppet/reference/metaparameter.rb +33 -0
- data/lib/puppet/reference/providers.rb +117 -0
- data/lib/puppet/reference/report.rb +20 -0
- data/lib/puppet/reference/type.rb +109 -0
- data/lib/puppet/relationship.rb +84 -0
- data/lib/puppet/reports/http.rb +44 -0
- data/lib/puppet/reports/log.rb +14 -0
- data/lib/puppet/reports/store.rb +68 -0
- data/lib/puppet/reports.rb +93 -0
- data/lib/puppet/resource/catalog.rb +654 -0
- data/lib/puppet/resource/status.rb +229 -0
- data/lib/puppet/resource/type.rb +425 -0
- data/lib/puppet/resource/type_collection.rb +231 -0
- data/lib/puppet/resource.rb +663 -0
- data/lib/puppet/runtime.rb +65 -0
- data/lib/puppet/scheduler/job.rb +53 -0
- data/lib/puppet/scheduler/scheduler.rb +44 -0
- data/lib/puppet/scheduler/splay_job.rb +32 -0
- data/lib/puppet/scheduler/timer.rb +13 -0
- data/lib/puppet/scheduler.rb +16 -0
- data/lib/puppet/settings/alias_setting.rb +37 -0
- data/lib/puppet/settings/array_setting.rb +17 -0
- data/lib/puppet/settings/autosign_setting.rb +22 -0
- data/lib/puppet/settings/base_setting.rb +223 -0
- data/lib/puppet/settings/boolean_setting.rb +32 -0
- data/lib/puppet/settings/certificate_revocation_setting.rb +21 -0
- data/lib/puppet/settings/config_file.rb +146 -0
- data/lib/puppet/settings/directory_setting.rb +18 -0
- data/lib/puppet/settings/duration_setting.rb +32 -0
- data/lib/puppet/settings/enum_setting.rb +16 -0
- data/lib/puppet/settings/environment_conf.rb +224 -0
- data/lib/puppet/settings/errors.rb +11 -0
- data/lib/puppet/settings/file_or_directory_setting.rb +40 -0
- data/lib/puppet/settings/file_setting.rb +241 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/settings/ini_file.rb +226 -0
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/path_setting.rb +8 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +43 -0
- data/lib/puppet/settings/server_list_setting.rb +29 -0
- data/lib/puppet/settings/string_setting.rb +9 -0
- data/lib/puppet/settings/symbolic_enum_setting.rb +17 -0
- data/lib/puppet/settings/terminus_setting.rb +14 -0
- data/lib/puppet/settings/ttl_setting.rb +51 -0
- data/lib/puppet/settings/value_translator.rb +14 -0
- data/lib/puppet/settings.rb +1642 -0
- data/lib/puppet/ssl/base.rb +149 -0
- data/lib/puppet/ssl/certificate.rb +96 -0
- data/lib/puppet/ssl/certificate_request.rb +324 -0
- data/lib/puppet/ssl/certificate_request_attributes.rb +37 -0
- data/lib/puppet/ssl/certificate_signer.rb +39 -0
- data/lib/puppet/ssl/digest.rb +20 -0
- data/lib/puppet/ssl/error.rb +26 -0
- data/lib/puppet/ssl/oids.rb +197 -0
- data/lib/puppet/ssl/openssl_loader.rb +24 -0
- data/lib/puppet/ssl/ssl_context.rb +25 -0
- data/lib/puppet/ssl/ssl_provider.rb +350 -0
- data/lib/puppet/ssl/state_machine.rb +474 -0
- data/lib/puppet/ssl/verifier.rb +142 -0
- data/lib/puppet/ssl.rb +23 -0
- data/lib/puppet/syntax_checkers/base64.rb +40 -0
- data/lib/puppet/syntax_checkers/epp.rb +34 -0
- data/lib/puppet/syntax_checkers/json.rb +35 -0
- data/lib/puppet/syntax_checkers/pp.rb +34 -0
- data/lib/puppet/syntax_checkers.rb +3 -0
- data/lib/puppet/test/test_helper.rb +265 -0
- data/lib/puppet/thread_local.rb +4 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +220 -0
- data/lib/puppet/transaction/event.rb +168 -0
- data/lib/puppet/transaction/event_manager.rb +179 -0
- data/lib/puppet/transaction/persistence.rb +119 -0
- data/lib/puppet/transaction/report.rb +504 -0
- data/lib/puppet/transaction/resource_harness.rb +323 -0
- data/lib/puppet/transaction.rb +491 -0
- data/lib/puppet/trusted_external.rb +41 -0
- data/lib/puppet/type/component.rb +89 -0
- data/lib/puppet/type/exec.rb +720 -0
- data/lib/puppet/type/file/checksum.rb +50 -0
- data/lib/puppet/type/file/checksum_value.rb +54 -0
- data/lib/puppet/type/file/content.rb +176 -0
- data/lib/puppet/type/file/ctime.rb +21 -0
- data/lib/puppet/type/file/data_sync.rb +98 -0
- data/lib/puppet/type/file/ensure.rb +195 -0
- data/lib/puppet/type/file/group.rb +48 -0
- data/lib/puppet/type/file/mode.rb +189 -0
- data/lib/puppet/type/file/mtime.rb +19 -0
- data/lib/puppet/type/file/owner.rb +51 -0
- data/lib/puppet/type/file/selcontext.rb +142 -0
- data/lib/puppet/type/file/source.rb +379 -0
- data/lib/puppet/type/file/target.rb +88 -0
- data/lib/puppet/type/file/type.rb +20 -0
- data/lib/puppet/type/file.rb +1133 -0
- data/lib/puppet/type/filebucket.rb +121 -0
- data/lib/puppet/type/group.rb +237 -0
- data/lib/puppet/type/notify.rb +47 -0
- data/lib/puppet/type/package.rb +713 -0
- data/lib/puppet/type/resources.rb +187 -0
- data/lib/puppet/type/schedule.rb +441 -0
- data/lib/puppet/type/service.rb +309 -0
- data/lib/puppet/type/stage.rb +27 -0
- data/lib/puppet/type/tidy.rb +376 -0
- data/lib/puppet/type/user.rb +859 -0
- data/lib/puppet/type/whit.rb +34 -0
- data/lib/puppet/type.rb +2676 -0
- data/lib/puppet/util/at_fork/noop.rb +18 -0
- data/lib/puppet/util/at_fork/solaris.rb +160 -0
- data/lib/puppet/util/at_fork.rb +35 -0
- data/lib/puppet/util/autoload.rb +215 -0
- data/lib/puppet/util/backups.rb +86 -0
- data/lib/puppet/util/character_encoding.rb +80 -0
- data/lib/puppet/util/checksums.rb +376 -0
- data/lib/puppet/util/classgen.rb +228 -0
- data/lib/puppet/util/colors.rb +100 -0
- data/lib/puppet/util/command_line/puppet_option_parser.rb +87 -0
- data/lib/puppet/util/command_line/trollop.rb +825 -0
- data/lib/puppet/util/command_line.rb +196 -0
- data/lib/puppet/util/constant_inflector.rb +24 -0
- data/lib/puppet/util/diff.rb +81 -0
- data/lib/puppet/util/docs.rb +128 -0
- data/lib/puppet/util/errors.rb +159 -0
- data/lib/puppet/util/execution.rb +424 -0
- data/lib/puppet/util/execution_stub.rb +26 -0
- data/lib/puppet/util/feature.rb +129 -0
- data/lib/puppet/util/file_watcher.rb +28 -0
- data/lib/puppet/util/fileparsing.rb +408 -0
- data/lib/puppet/util/filetype.rb +358 -0
- data/lib/puppet/util/http_proxy.rb +4 -0
- data/lib/puppet/util/inifile.rb +340 -0
- data/lib/puppet/util/instance_loader.rb +66 -0
- data/lib/puppet/util/json.rb +92 -0
- data/lib/puppet/util/json_lockfile.rb +44 -0
- data/lib/puppet/util/ldap/connection.rb +73 -0
- data/lib/puppet/util/ldap/generator.rb +42 -0
- data/lib/puppet/util/ldap/manager.rb +284 -0
- data/lib/puppet/util/ldap.rb +2 -0
- data/lib/puppet/util/libuser.conf +15 -0
- data/lib/puppet/util/libuser.rb +12 -0
- data/lib/puppet/util/limits.rb +12 -0
- data/lib/puppet/util/lockfile.rb +66 -0
- data/lib/puppet/util/log/destination.rb +49 -0
- data/lib/puppet/util/log/destinations.rb +253 -0
- data/lib/puppet/util/log.rb +427 -0
- data/lib/puppet/util/logging.rb +300 -0
- data/lib/puppet/util/metaid.rb +21 -0
- data/lib/puppet/util/metric.rb +65 -0
- data/lib/puppet/util/monkey_patches.rb +122 -0
- data/lib/puppet/util/multi_match.rb +51 -0
- data/lib/puppet/util/network_device/base.rb +23 -0
- data/lib/puppet/util/network_device/config.rb +105 -0
- data/lib/puppet/util/network_device/transport/base.rb +26 -0
- data/lib/puppet/util/network_device/transport.rb +5 -0
- data/lib/puppet/util/network_device.rb +17 -0
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/package.rb +40 -0
- data/lib/puppet/util/pidlock.rb +102 -0
- data/lib/puppet/util/platform.rb +70 -0
- data/lib/puppet/util/plist.rb +161 -0
- data/lib/puppet/util/posix.rb +203 -0
- data/lib/puppet/util/profiler/aggregate.rb +85 -0
- data/lib/puppet/util/profiler/around_profiler.rb +67 -0
- data/lib/puppet/util/profiler/logging.rb +48 -0
- data/lib/puppet/util/profiler/object_counts.rb +17 -0
- data/lib/puppet/util/profiler/wall_clock.rb +35 -0
- data/lib/puppet/util/profiler.rb +53 -0
- data/lib/puppet/util/provider_features.rb +179 -0
- data/lib/puppet/util/psych_support.rb +30 -0
- data/lib/puppet/util/rdoc/code_objects.rb +295 -0
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +912 -0
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +1085 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +259 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
- data/lib/puppet/util/rdoc/parser.rb +12 -0
- data/lib/puppet/util/rdoc.rb +53 -0
- data/lib/puppet/util/reference.rb +119 -0
- data/lib/puppet/util/resource_template.rb +61 -0
- data/lib/puppet/util/retry_action.rb +46 -0
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/rubygems.rb +67 -0
- data/lib/puppet/util/run_mode.rb +122 -0
- data/lib/puppet/util/selinux.rb +297 -0
- data/lib/puppet/util/skip_tags.rb +13 -0
- data/lib/puppet/util/splayer.rb +18 -0
- data/lib/puppet/util/storage.rb +100 -0
- data/lib/puppet/util/suidmanager.rb +166 -0
- data/lib/puppet/util/symbolic_file_mode.rb +156 -0
- data/lib/puppet/util/tag_set.rb +27 -0
- data/lib/puppet/util/tagging.rb +132 -0
- data/lib/puppet/util/terminal.rb +16 -0
- data/lib/puppet/util/user_attr.rb +21 -0
- data/lib/puppet/util/warnings.rb +31 -0
- data/lib/puppet/util/watched_file.rb +37 -0
- data/lib/puppet/util/watcher/change_watcher.rb +33 -0
- data/lib/puppet/util/watcher/periodic_watcher.rb +37 -0
- data/lib/puppet/util/watcher/timer.rb +19 -0
- data/lib/puppet/util/watcher.rb +17 -0
- data/lib/puppet/util/windows/access_control_entry.rb +84 -0
- data/lib/puppet/util/windows/access_control_list.rb +113 -0
- data/lib/puppet/util/windows/adsi.rb +654 -0
- data/lib/puppet/util/windows/com.rb +225 -0
- data/lib/puppet/util/windows/daemon.rb +343 -0
- data/lib/puppet/util/windows/error.rb +84 -0
- data/lib/puppet/util/windows/eventlog.rb +187 -0
- data/lib/puppet/util/windows/file.rb +355 -0
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +201 -0
- data/lib/puppet/util/windows/process.rb +364 -0
- data/lib/puppet/util/windows/registry.rb +441 -0
- data/lib/puppet/util/windows/root_certs.rb +108 -0
- data/lib/puppet/util/windows/security.rb +907 -0
- data/lib/puppet/util/windows/security_descriptor.rb +62 -0
- data/lib/puppet/util/windows/service.rb +696 -0
- data/lib/puppet/util/windows/sid.rb +289 -0
- data/lib/puppet/util/windows/string.rb +15 -0
- data/lib/puppet/util/windows/user.rb +550 -0
- data/lib/puppet/util/windows.rb +51 -0
- data/lib/puppet/util/yaml.rb +65 -0
- data/lib/puppet/util.rb +808 -0
- data/lib/puppet/vendor/require_vendored.rb +4 -0
- data/lib/puppet/vendor.rb +57 -0
- data/lib/puppet/version.rb +95 -0
- data/lib/puppet/x509/cert_provider.rb +369 -0
- data/lib/puppet/x509/pem_store.rb +55 -0
- data/lib/puppet/x509.rb +11 -0
- data/lib/puppet.rb +345 -0
- data/lib/puppet_pal.rb +8 -0
- data/lib/puppet_x.rb +14 -0
- data/locales/config.yaml +29 -0
- data/locales/en/puppet.po +19 -0
- data/locales/puppet.pot +20 -0
- data/man/man5/puppet.conf.5 +2198 -0
- data/man/man8/puppet-agent.8 +203 -0
- data/man/man8/puppet-apply.8 +100 -0
- data/man/man8/puppet-catalog.8 +291 -0
- data/man/man8/puppet-config.8 +151 -0
- data/man/man8/puppet-describe.8 +51 -0
- data/man/man8/puppet-device.8 +119 -0
- data/man/man8/puppet-doc.8 +46 -0
- data/man/man8/puppet-epp.8 +377 -0
- data/man/man8/puppet-facts.8 +234 -0
- data/man/man8/puppet-filebucket.8 +166 -0
- data/man/man8/puppet-generate.8 +84 -0
- data/man/man8/puppet-help.8 +67 -0
- data/man/man8/puppet-lookup.8 +107 -0
- data/man/man8/puppet-module.8 +325 -0
- data/man/man8/puppet-node.8 +163 -0
- data/man/man8/puppet-parser.8 +130 -0
- data/man/man8/puppet-plugin.8 +73 -0
- data/man/man8/puppet-report.8 +127 -0
- data/man/man8/puppet-resource.8 +88 -0
- data/man/man8/puppet-script.8 +70 -0
- data/man/man8/puppet-ssl.8 +63 -0
- data/man/man8/puppet.8 +28 -0
- data/tasks/benchmark.rake +180 -0
- data/tasks/ci.rake +24 -0
- data/tasks/generate_ast_model.rake +90 -0
- data/tasks/generate_cert_fixtures.rake +194 -0
- data/tasks/manpages.rake +67 -0
- data/tasks/memwalk.rake +195 -0
- data/tasks/parallel.rake +410 -0
- data/tasks/parser.rake +22 -0
- data/tasks/yard.rake +59 -0
- metadata +1324 -0
@@ -0,0 +1,149 @@
|
|
1
|
+
require_relative '../../puppet/ssl/openssl_loader'
|
2
|
+
require_relative '../../puppet/ssl'
|
3
|
+
require_relative '../../puppet/ssl/digest'
|
4
|
+
|
5
|
+
# The base class for wrapping SSL instances.
|
6
|
+
class Puppet::SSL::Base
|
7
|
+
# For now, use the YAML separator.
|
8
|
+
SEPARATOR = "\n---\n"
|
9
|
+
|
10
|
+
# Only allow printing ascii characters, excluding /
|
11
|
+
VALID_CERTNAME = /\A[ -.0-~]+\Z/
|
12
|
+
|
13
|
+
def self.from_multiple_s(text)
|
14
|
+
text.split(SEPARATOR).collect { |inst| from_s(inst) }
|
15
|
+
end
|
16
|
+
|
17
|
+
def self.to_multiple_s(instances)
|
18
|
+
instances.collect { |inst| inst.to_s }.join(SEPARATOR)
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.wraps(klass)
|
22
|
+
@wrapped_class = klass
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.wrapped_class
|
26
|
+
raise(Puppet::DevError, _("%{name} has not declared what class it wraps") % { name: self }) unless defined?(@wrapped_class)
|
27
|
+
@wrapped_class
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.validate_certname(name)
|
31
|
+
raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
|
32
|
+
end
|
33
|
+
|
34
|
+
attr_accessor :name, :content
|
35
|
+
|
36
|
+
def generate
|
37
|
+
raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class }
|
38
|
+
end
|
39
|
+
|
40
|
+
def initialize(name)
|
41
|
+
@name = name.to_s.downcase
|
42
|
+
self.class.validate_certname(@name)
|
43
|
+
end
|
44
|
+
|
45
|
+
##
|
46
|
+
# name_from_subject extracts the common name attribute from the subject of an
|
47
|
+
# x.509 certificate certificate
|
48
|
+
#
|
49
|
+
# @api private
|
50
|
+
#
|
51
|
+
# @param [OpenSSL::X509::Name] subject The full subject (distinguished name) of the x.509
|
52
|
+
# certificate.
|
53
|
+
#
|
54
|
+
# @return [String] the name (CN) extracted from the subject.
|
55
|
+
def self.name_from_subject(subject)
|
56
|
+
if subject.respond_to? :to_a
|
57
|
+
(subject.to_a.assoc('CN') || [])[1]
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
# Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
|
62
|
+
def self.from_instance(instance, name = nil)
|
63
|
+
unless instance.is_a?(wrapped_class)
|
64
|
+
raise ArgumentError, _("Object must be an instance of %{class_name}, %{actual_class} given") %
|
65
|
+
{ class_name: wrapped_class, actual_class: instance.class }
|
66
|
+
end
|
67
|
+
if name.nil? and !instance.respond_to?(:subject)
|
68
|
+
raise ArgumentError, _("Name must be supplied if it cannot be determined from the instance")
|
69
|
+
end
|
70
|
+
|
71
|
+
name ||= name_from_subject(instance.subject)
|
72
|
+
result = new(name)
|
73
|
+
result.content = instance
|
74
|
+
result
|
75
|
+
end
|
76
|
+
|
77
|
+
# Convert a string into an instance
|
78
|
+
def self.from_s(string, name = nil)
|
79
|
+
instance = wrapped_class.new(string)
|
80
|
+
from_instance(instance, name)
|
81
|
+
end
|
82
|
+
|
83
|
+
# Read content from disk appropriately.
|
84
|
+
def read(path)
|
85
|
+
# applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
|
86
|
+
# nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
|
87
|
+
# Puppet::Indirector::CertificateStatus::File (.indirection.find)
|
88
|
+
# Puppet::Network::HTTP::WEBrick (.indirection.find)
|
89
|
+
# Puppet::Network::HTTP::RackREST (.from_instance)
|
90
|
+
# Puppet::Network::HTTP::WEBrickREST (.from_instance)
|
91
|
+
# Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
|
92
|
+
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
|
93
|
+
end
|
94
|
+
|
95
|
+
# Convert our thing to pem.
|
96
|
+
def to_s
|
97
|
+
return "" unless content
|
98
|
+
content.to_pem
|
99
|
+
end
|
100
|
+
|
101
|
+
def to_data_hash
|
102
|
+
to_s
|
103
|
+
end
|
104
|
+
|
105
|
+
# Provide the full text of the thing we're dealing with.
|
106
|
+
def to_text
|
107
|
+
return "" unless content
|
108
|
+
content.to_text
|
109
|
+
end
|
110
|
+
|
111
|
+
def fingerprint(md = :SHA256)
|
112
|
+
mds = md.to_s.upcase
|
113
|
+
digest(mds).to_hex
|
114
|
+
end
|
115
|
+
|
116
|
+
def digest(algorithm=nil)
|
117
|
+
unless algorithm
|
118
|
+
algorithm = digest_algorithm
|
119
|
+
end
|
120
|
+
|
121
|
+
Puppet::SSL::Digest.new(algorithm, content.to_der)
|
122
|
+
end
|
123
|
+
|
124
|
+
def digest_algorithm
|
125
|
+
# The signature_algorithm on the X509 cert is a combination of the digest
|
126
|
+
# algorithm and the encryption algorithm
|
127
|
+
# e.g. md5WithRSAEncryption, sha256WithRSAEncryption
|
128
|
+
# Unfortunately there isn't a consistent pattern
|
129
|
+
# See RFCs 3279, 5758
|
130
|
+
digest_re = Regexp.union(
|
131
|
+
/ripemd160/i,
|
132
|
+
/md[245]/i,
|
133
|
+
/sha\d*/i
|
134
|
+
)
|
135
|
+
ln = content.signature_algorithm
|
136
|
+
match = digest_re.match(ln)
|
137
|
+
if match
|
138
|
+
match[0].downcase
|
139
|
+
else
|
140
|
+
raise Puppet::Error, _("Unknown signature algorithm '%{ln}'") % { ln: ln }
|
141
|
+
end
|
142
|
+
end
|
143
|
+
|
144
|
+
private
|
145
|
+
|
146
|
+
def wrapped_class
|
147
|
+
self.class.wrapped_class
|
148
|
+
end
|
149
|
+
end
|
@@ -0,0 +1,96 @@
|
|
1
|
+
require_relative '../../puppet/ssl/base'
|
2
|
+
|
3
|
+
# Manage certificates themselves. This class has no
|
4
|
+
# 'generate' method because the CA is responsible
|
5
|
+
# for turning CSRs into certificates; we can only
|
6
|
+
# retrieve them from the CA (or not, as is often
|
7
|
+
# the case).
|
8
|
+
#
|
9
|
+
# @deprecated Use {Puppet::SSL::SSLProvider} instead.
|
10
|
+
class Puppet::SSL::Certificate < Puppet::SSL::Base
|
11
|
+
# This is defined from the base class
|
12
|
+
wraps OpenSSL::X509::Certificate
|
13
|
+
|
14
|
+
# Because of how the format handler class is included, this
|
15
|
+
# can't be in the base class.
|
16
|
+
def self.supported_formats
|
17
|
+
[:s]
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.subject_alt_names_for(cert)
|
21
|
+
alts = cert.extensions.find{|ext| ext.oid == "subjectAltName"}
|
22
|
+
return [] unless alts
|
23
|
+
alts.value.split(/\s*,\s*/)
|
24
|
+
end
|
25
|
+
|
26
|
+
def subject_alt_names
|
27
|
+
self.class.subject_alt_names_for(content)
|
28
|
+
end
|
29
|
+
|
30
|
+
def expiration
|
31
|
+
return nil unless content
|
32
|
+
content.not_after
|
33
|
+
end
|
34
|
+
|
35
|
+
# This name is what gets extracted from the subject before being passed
|
36
|
+
# to the constructor, so it's not downcased
|
37
|
+
def unmunged_name
|
38
|
+
self.class.name_from_subject(content.subject.to_utf8)
|
39
|
+
end
|
40
|
+
|
41
|
+
# Any extensions registered with custom OIDs as defined in module
|
42
|
+
# Puppet::SSL::Oids may be looked up here.
|
43
|
+
#
|
44
|
+
# A cert with a 'pp_uuid' extension having the value 'abcd' would return:
|
45
|
+
#
|
46
|
+
# [{ 'oid' => 'pp_uuid', 'value' => 'abcd'}]
|
47
|
+
#
|
48
|
+
# @return [Array<Hash{String => String}>] An array of two element hashes,
|
49
|
+
# with key/value pairs for the extension's oid, and its value.
|
50
|
+
def custom_extensions
|
51
|
+
custom_exts = content.extensions.select do |ext|
|
52
|
+
Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
|
53
|
+
Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid) or
|
54
|
+
Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', ext.oid)
|
55
|
+
end
|
56
|
+
|
57
|
+
custom_exts.map do |ext|
|
58
|
+
{'oid' => ext.oid, 'value' => get_ext_val(ext.oid)}
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
private
|
63
|
+
|
64
|
+
|
65
|
+
# Extract the extensions sequence from the wrapped certificate's raw ASN.1 form
|
66
|
+
def exts_seq
|
67
|
+
# See RFC-2459 section 4.1 (https://tools.ietf.org/html/rfc2459#section-4.1)
|
68
|
+
# to see where this is defined. Essentially this is saying "in the first
|
69
|
+
# sequence in the certificate, find the item that's tagged with 3. This
|
70
|
+
# is where the extensions are stored."
|
71
|
+
@extensions_tag ||= 3
|
72
|
+
|
73
|
+
@exts_seq ||= OpenSSL::ASN1.decode(content.to_der).value[0].value.find do |data|
|
74
|
+
(data.tag == @extensions_tag) && (data.tag_class == :CONTEXT_SPECIFIC)
|
75
|
+
end.value[0]
|
76
|
+
end
|
77
|
+
|
78
|
+
# Get the DER parsed value of an X.509 extension by it's OID, or short name
|
79
|
+
# if one has been registered with OpenSSL.
|
80
|
+
def get_ext_val(oid)
|
81
|
+
ext_obj = exts_seq.value.find do |ext_seq|
|
82
|
+
ext_seq.value[0].value == oid
|
83
|
+
end
|
84
|
+
|
85
|
+
raw_val = ext_obj.value.last.value
|
86
|
+
|
87
|
+
begin
|
88
|
+
OpenSSL::ASN1.decode(raw_val).value
|
89
|
+
rescue OpenSSL::ASN1::ASN1Error
|
90
|
+
# This is required to maintain backward compatibility with the previous
|
91
|
+
# way trusted facts were signed. See PUP-3560
|
92
|
+
raw_val
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
end
|
@@ -0,0 +1,324 @@
|
|
1
|
+
require_relative '../../puppet/ssl/base'
|
2
|
+
require_relative '../../puppet/ssl/certificate_signer'
|
3
|
+
|
4
|
+
# This class creates and manages X509 certificate signing requests.
|
5
|
+
#
|
6
|
+
# ## CSR attributes
|
7
|
+
#
|
8
|
+
# CSRs may contain a set of attributes that includes supplementary information
|
9
|
+
# about the CSR or information for the signed certificate.
|
10
|
+
#
|
11
|
+
# PKCS#9/RFC 2985 section 5.4 formally defines the "Challenge password",
|
12
|
+
# "Extension request", and "Extended-certificate attributes", but this
|
13
|
+
# implementation only handles the "Extension request" attribute. Other
|
14
|
+
# attributes may be defined on a CSR, but the RFC doesn't define behavior for
|
15
|
+
# any other attributes so we treat them as only informational.
|
16
|
+
#
|
17
|
+
# ## CSR Extension request attribute
|
18
|
+
#
|
19
|
+
# CSRs may contain an optional set of extension requests, which allow CSRs to
|
20
|
+
# include additional information that may be included in the signed
|
21
|
+
# certificate. Any additional information that should be copied from the CSR
|
22
|
+
# to the signed certificate MUST be included in this attribute.
|
23
|
+
#
|
24
|
+
# This behavior is dictated by PKCS#9/RFC 2985 section 5.4.2.
|
25
|
+
#
|
26
|
+
# @see https://tools.ietf.org/html/rfc2985 "RFC 2985 Section 5.4.2 Extension request"
|
27
|
+
#
|
28
|
+
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
29
|
+
wraps OpenSSL::X509::Request
|
30
|
+
|
31
|
+
# Because of how the format handler class is included, this
|
32
|
+
# can't be in the base class.
|
33
|
+
def self.supported_formats
|
34
|
+
[:s]
|
35
|
+
end
|
36
|
+
|
37
|
+
def extension_factory
|
38
|
+
@ef ||= OpenSSL::X509::ExtensionFactory.new
|
39
|
+
end
|
40
|
+
|
41
|
+
# Create a certificate request with our system settings.
|
42
|
+
#
|
43
|
+
# @param key [OpenSSL::X509::Key] The private key associated with this CSR.
|
44
|
+
# @param options [Hash]
|
45
|
+
# @option options [String] :dns_alt_names A comma separated list of
|
46
|
+
# Subject Alternative Names to include in the CSR extension request.
|
47
|
+
# @option options [Hash<String, String, Array<String>>] :csr_attributes A hash
|
48
|
+
# of OIDs and values that are either a string or array of strings.
|
49
|
+
# @option options [Array<String, String>] :extension_requests A hash of
|
50
|
+
# certificate extensions to add to the CSR extReq attribute, excluding
|
51
|
+
# the Subject Alternative Names extension.
|
52
|
+
#
|
53
|
+
# @raise [Puppet::Error] If the generated CSR signature couldn't be verified
|
54
|
+
#
|
55
|
+
# @return [OpenSSL::X509::Request] The generated CSR
|
56
|
+
def generate(key, options = {})
|
57
|
+
Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
|
58
|
+
|
59
|
+
# If we're a CSR for the CA, then use the real ca_name, rather than the
|
60
|
+
# fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
|
61
|
+
# but it's also just a good idea.
|
62
|
+
common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name
|
63
|
+
|
64
|
+
csr = OpenSSL::X509::Request.new
|
65
|
+
csr.version = 0
|
66
|
+
csr.subject = OpenSSL::X509::Name.new([["CN", common_name]])
|
67
|
+
|
68
|
+
csr.public_key = if key.is_a?(OpenSSL::PKey::EC)
|
69
|
+
# EC#public_key doesn't follow the PKey API,
|
70
|
+
# see https://github.com/ruby/openssl/issues/29
|
71
|
+
point = key.public_key
|
72
|
+
pubkey = OpenSSL::PKey::EC.new(point.group)
|
73
|
+
pubkey.public_key = point
|
74
|
+
pubkey
|
75
|
+
else
|
76
|
+
key.public_key
|
77
|
+
end
|
78
|
+
|
79
|
+
if options[:csr_attributes]
|
80
|
+
add_csr_attributes(csr, options[:csr_attributes])
|
81
|
+
end
|
82
|
+
|
83
|
+
if (ext_req_attribute = extension_request_attribute(options))
|
84
|
+
csr.add_attribute(ext_req_attribute)
|
85
|
+
end
|
86
|
+
|
87
|
+
signer = Puppet::SSL::CertificateSigner.new
|
88
|
+
signer.sign(csr, key)
|
89
|
+
|
90
|
+
raise Puppet::Error, _("CSR sign verification failed; you need to clean the certificate request for %{name} on the server") % { name: name } unless csr.verify(csr.public_key)
|
91
|
+
|
92
|
+
@content = csr
|
93
|
+
|
94
|
+
# we won't be able to get the digest on jruby
|
95
|
+
if @content.signature_algorithm
|
96
|
+
Puppet.info _("Certificate Request fingerprint (%{digest}): %{hex_digest}") % { digest: digest.name, hex_digest: digest.to_hex }
|
97
|
+
end
|
98
|
+
@content
|
99
|
+
end
|
100
|
+
|
101
|
+
def ext_value_to_ruby_value(asn1_arr)
|
102
|
+
# A list of ASN1 types than can't be directly converted to a Ruby type
|
103
|
+
@non_convertible ||= [OpenSSL::ASN1::EndOfContent,
|
104
|
+
OpenSSL::ASN1::BitString,
|
105
|
+
OpenSSL::ASN1::Null,
|
106
|
+
OpenSSL::ASN1::Enumerated,
|
107
|
+
OpenSSL::ASN1::UTCTime,
|
108
|
+
OpenSSL::ASN1::GeneralizedTime,
|
109
|
+
OpenSSL::ASN1::Sequence,
|
110
|
+
OpenSSL::ASN1::Set]
|
111
|
+
|
112
|
+
begin
|
113
|
+
# Attempt to decode the extension's DER data located in the original OctetString
|
114
|
+
asn1_val = OpenSSL::ASN1.decode(asn1_arr.last.value)
|
115
|
+
rescue OpenSSL::ASN1::ASN1Error
|
116
|
+
# This is to allow supporting the old-style of not DER encoding trusted facts
|
117
|
+
return asn1_arr.last.value
|
118
|
+
end
|
119
|
+
|
120
|
+
# If the extension value can not be directly converted to an atomic Ruby
|
121
|
+
# type, use the original ASN1 value. This is needed to work around a bug
|
122
|
+
# in Ruby's OpenSSL library which doesn't convert the value of unknown
|
123
|
+
# extension OIDs properly. See PUP-3560
|
124
|
+
if @non_convertible.include?(asn1_val.class) then
|
125
|
+
# Allows OpenSSL to take the ASN1 value and turn it into something Ruby understands
|
126
|
+
OpenSSL::X509::Extension.new(asn1_arr.first.value, asn1_val.to_der).value
|
127
|
+
else
|
128
|
+
asn1_val.value
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
# Return the set of extensions requested on this CSR, in a form designed to
|
133
|
+
# be useful to Ruby: an array of hashes. Which, not coincidentally, you can pass
|
134
|
+
# successfully to the OpenSSL constructor later, if you want.
|
135
|
+
#
|
136
|
+
# @return [Array<Hash{String => String}>] An array of two or three element
|
137
|
+
# hashes, with key/value pairs for the extension's oid, its value, and
|
138
|
+
# optionally its critical state.
|
139
|
+
def request_extensions
|
140
|
+
raise Puppet::Error, _("CSR needs content to extract fields") unless @content
|
141
|
+
|
142
|
+
# Prefer the standard extReq, but accept the Microsoft specific version as
|
143
|
+
# a fallback, if the standard version isn't found.
|
144
|
+
attribute = @content.attributes.find {|x| x.oid == "extReq" }
|
145
|
+
attribute ||= @content.attributes.find {|x| x.oid == "msExtReq" }
|
146
|
+
return [] unless attribute
|
147
|
+
|
148
|
+
extensions = unpack_extension_request(attribute)
|
149
|
+
|
150
|
+
index = -1
|
151
|
+
extensions.map do |ext_values|
|
152
|
+
index += 1
|
153
|
+
|
154
|
+
value = ext_value_to_ruby_value(ext_values)
|
155
|
+
|
156
|
+
# OK, turn that into an extension, to unpack the content. Lovely that
|
157
|
+
# we have to swap the order of arguments to the underlying method, or
|
158
|
+
# perhaps that the ASN.1 representation chose to pack them in a
|
159
|
+
# strange order where the optional component comes *earlier* than the
|
160
|
+
# fixed component in the sequence.
|
161
|
+
case ext_values.length
|
162
|
+
when 2
|
163
|
+
{"oid" => ext_values[0].value, "value" => value}
|
164
|
+
when 3
|
165
|
+
{"oid" => ext_values[0].value, "value" => value, "critical" => ext_values[1].value}
|
166
|
+
else
|
167
|
+
raise Puppet::Error, _("In %{attr}, expected extension record %{index} to have two or three items, but found %{count}") % { attr: attribute.oid, index: index, count: ext_values.length }
|
168
|
+
end
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
def subject_alt_names
|
173
|
+
@subject_alt_names ||= request_extensions.
|
174
|
+
select {|x| x["oid"] == "subjectAltName" }.
|
175
|
+
map {|x| x["value"].split(/\s*,\s*/) }.
|
176
|
+
flatten.
|
177
|
+
sort.
|
178
|
+
uniq
|
179
|
+
end
|
180
|
+
|
181
|
+
# Return all user specified attributes attached to this CSR as a hash. IF an
|
182
|
+
# OID has a single value it is returned as a string, otherwise all values are
|
183
|
+
# returned as an array.
|
184
|
+
#
|
185
|
+
# The format of CSR attributes is specified in PKCS#10/RFC 2986
|
186
|
+
#
|
187
|
+
# @see https://tools.ietf.org/html/rfc2986 "RFC 2986 Certification Request Syntax Specification"
|
188
|
+
#
|
189
|
+
# @api public
|
190
|
+
#
|
191
|
+
# @return [Hash<String, String>]
|
192
|
+
def custom_attributes
|
193
|
+
x509_attributes = @content.attributes.reject do |attr|
|
194
|
+
PRIVATE_CSR_ATTRIBUTES.include? attr.oid
|
195
|
+
end
|
196
|
+
|
197
|
+
x509_attributes.map do |attr|
|
198
|
+
{"oid" => attr.oid, "value" => attr.value.value.first.value}
|
199
|
+
end
|
200
|
+
end
|
201
|
+
|
202
|
+
private
|
203
|
+
|
204
|
+
# Exclude OIDs that may conflict with how Puppet creates CSRs.
|
205
|
+
#
|
206
|
+
# We only have nominal support for Microsoft extension requests, but since we
|
207
|
+
# ultimately respect that field when looking for extension requests in a CSR
|
208
|
+
# we need to prevent that field from being written to directly.
|
209
|
+
PRIVATE_CSR_ATTRIBUTES = [
|
210
|
+
'extReq', '1.2.840.113549.1.9.14',
|
211
|
+
'msExtReq', '1.3.6.1.4.1.311.2.1.14',
|
212
|
+
]
|
213
|
+
|
214
|
+
def add_csr_attributes(csr, csr_attributes)
|
215
|
+
csr_attributes.each do |oid, value|
|
216
|
+
begin
|
217
|
+
if PRIVATE_CSR_ATTRIBUTES.include? oid
|
218
|
+
raise ArgumentError, _("Cannot specify CSR attribute %{oid}: conflicts with internally used CSR attribute") % { oid: oid }
|
219
|
+
end
|
220
|
+
|
221
|
+
encoded = OpenSSL::ASN1::PrintableString.new(value.to_s)
|
222
|
+
|
223
|
+
attr_set = OpenSSL::ASN1::Set.new([encoded])
|
224
|
+
csr.add_attribute(OpenSSL::X509::Attribute.new(oid, attr_set))
|
225
|
+
Puppet.debug("Added csr attribute: #{oid} => #{attr_set.inspect}")
|
226
|
+
rescue OpenSSL::X509::AttributeError => e
|
227
|
+
raise Puppet::Error, _("Cannot create CSR with attribute %{oid}: %{message}") % { oid: oid, message: e.message }, e.backtrace
|
228
|
+
end
|
229
|
+
end
|
230
|
+
end
|
231
|
+
|
232
|
+
PRIVATE_EXTENSIONS = [
|
233
|
+
'subjectAltName', '2.5.29.17',
|
234
|
+
]
|
235
|
+
|
236
|
+
# @api private
|
237
|
+
def extension_request_attribute(options)
|
238
|
+
extensions = []
|
239
|
+
|
240
|
+
if options[:extension_requests]
|
241
|
+
options[:extension_requests].each_pair do |oid, value|
|
242
|
+
begin
|
243
|
+
if PRIVATE_EXTENSIONS.include? oid
|
244
|
+
raise Puppet::Error, _("Cannot specify CSR extension request %{oid}: conflicts with internally used extension request") % { oid: oid }
|
245
|
+
end
|
246
|
+
|
247
|
+
ext = OpenSSL::X509::Extension.new(oid, OpenSSL::ASN1::UTF8String.new(value.to_s).to_der, false)
|
248
|
+
extensions << ext
|
249
|
+
rescue OpenSSL::X509::ExtensionError => e
|
250
|
+
raise Puppet::Error, _("Cannot create CSR with extension request %{oid}: %{message}") % { oid: oid, message: e.message }, e.backtrace
|
251
|
+
end
|
252
|
+
end
|
253
|
+
end
|
254
|
+
|
255
|
+
if options[:dns_alt_names]
|
256
|
+
raw_names = options[:dns_alt_names].split(/\s*,\s*/).map(&:strip) + [name]
|
257
|
+
|
258
|
+
parsed_names = raw_names.map do |name|
|
259
|
+
if !name.start_with?("IP:") && !name.start_with?("DNS:")
|
260
|
+
"DNS:#{name}"
|
261
|
+
else
|
262
|
+
name
|
263
|
+
end
|
264
|
+
end.sort.uniq.join(", ")
|
265
|
+
|
266
|
+
alt_names_ext = extension_factory.create_extension("subjectAltName", parsed_names, false)
|
267
|
+
|
268
|
+
extensions << alt_names_ext
|
269
|
+
end
|
270
|
+
|
271
|
+
unless extensions.empty?
|
272
|
+
seq = OpenSSL::ASN1::Sequence(extensions)
|
273
|
+
ext_req = OpenSSL::ASN1::Set([seq])
|
274
|
+
OpenSSL::X509::Attribute.new("extReq", ext_req)
|
275
|
+
end
|
276
|
+
end
|
277
|
+
|
278
|
+
# Unpack the extReq attribute into an array of Extensions.
|
279
|
+
#
|
280
|
+
# The extension request attribute is structured like
|
281
|
+
# `Set[Sequence[Extensions]]` where the outer Set only contains a single
|
282
|
+
# sequence.
|
283
|
+
#
|
284
|
+
# In addition the Ruby implementation of ASN1 requires that all ASN1 values
|
285
|
+
# contain a single value, so Sets and Sequence have to contain an array
|
286
|
+
# that in turn holds the elements. This is why we have to unpack an array
|
287
|
+
# every time we unpack a Set/Seq.
|
288
|
+
#
|
289
|
+
# @see https://tools.ietf.org/html/rfc2985#ref-10 5.4.2 CSR Extension Request structure
|
290
|
+
# @see https://tools.ietf.org/html/rfc5280 4.1 Certificate Extension structure
|
291
|
+
#
|
292
|
+
# @api private
|
293
|
+
#
|
294
|
+
# @param attribute [OpenSSL::X509::Attribute] The X509 extension request
|
295
|
+
#
|
296
|
+
# @return [Array<Array<Object>>] A array of arrays containing the extension
|
297
|
+
# OID the critical state if present, and the extension value.
|
298
|
+
def unpack_extension_request(attribute)
|
299
|
+
|
300
|
+
unless attribute.value.is_a? OpenSSL::ASN1::Set
|
301
|
+
raise Puppet::Error, _("In %{attr}, expected Set but found %{klass}") % { attr: attribute.oid, klass: attribute.value.class }
|
302
|
+
end
|
303
|
+
|
304
|
+
unless attribute.value.value.is_a? Array
|
305
|
+
raise Puppet::Error, _("In %{attr}, expected Set[Array] but found %{klass}") % { attr: attribute.oid, klass: attribute.value.value.class }
|
306
|
+
end
|
307
|
+
|
308
|
+
unless attribute.value.value.size == 1
|
309
|
+
raise Puppet::Error, _("In %{attr}, expected Set[Array] with one value but found %{count} elements") % { attr: attribute.oid, count: attribute.value.value.size }
|
310
|
+
end
|
311
|
+
|
312
|
+
unless attribute.value.value.first.is_a? OpenSSL::ASN1::Sequence
|
313
|
+
raise Puppet::Error, _("In %{attr}, expected Set[Array[Sequence[...]]], but found %{klass}") % { attr: attribute.oid, klass: extension.class }
|
314
|
+
end
|
315
|
+
|
316
|
+
unless attribute.value.value.first.value.is_a? Array
|
317
|
+
raise Puppet::Error, _("In %{attr}, expected Set[Array[Sequence[Array[...]]]], but found %{klass}") % { attr: attribute.oid, klass: extension.value.class }
|
318
|
+
end
|
319
|
+
|
320
|
+
extensions = attribute.value.value.first.value
|
321
|
+
|
322
|
+
extensions.map(&:value)
|
323
|
+
end
|
324
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require_relative '../../puppet/ssl'
|
2
|
+
require_relative '../../puppet/util/yaml'
|
3
|
+
|
4
|
+
# This class transforms simple key/value pairs into the equivalent ASN1
|
5
|
+
# structures. Values may be strings or arrays of strings.
|
6
|
+
#
|
7
|
+
# @api private
|
8
|
+
class Puppet::SSL::CertificateRequestAttributes
|
9
|
+
|
10
|
+
attr_reader :path, :custom_attributes, :extension_requests
|
11
|
+
|
12
|
+
def initialize(path)
|
13
|
+
@path = path
|
14
|
+
@custom_attributes = {}
|
15
|
+
@extension_requests = {}
|
16
|
+
end
|
17
|
+
|
18
|
+
# Attempt to load a yaml file at the given @path.
|
19
|
+
# @return true if we are able to load the file, false otherwise
|
20
|
+
# @raise [Puppet::Error] if there are unexpected attribute keys
|
21
|
+
def load
|
22
|
+
Puppet.info(_("csr_attributes file loading from %{path}") % { path: path })
|
23
|
+
if Puppet::FileSystem.exist?(path)
|
24
|
+
hash = Puppet::Util::Yaml.safe_load_file(path, [Symbol]) || {}
|
25
|
+
if ! hash.is_a?(Hash)
|
26
|
+
raise Puppet::Error, _("invalid CSR attributes, expected instance of Hash, received instance of %{klass}") % { klass: hash.class }
|
27
|
+
end
|
28
|
+
@custom_attributes = hash.delete('custom_attributes') || {}
|
29
|
+
@extension_requests = hash.delete('extension_requests') || {}
|
30
|
+
if not hash.keys.empty?
|
31
|
+
raise Puppet::Error, _("unexpected attributes %{keys} in %{path}") % { keys: hash.keys.inspect, path: @path.inspect }
|
32
|
+
end
|
33
|
+
return true
|
34
|
+
end
|
35
|
+
return false
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# Take care of signing a certificate in a FIPS 140-2 compliant manner.
|
2
|
+
#
|
3
|
+
# @see https://projects.puppetlabs.com/issues/17295
|
4
|
+
#
|
5
|
+
# @api private
|
6
|
+
class Puppet::SSL::CertificateSigner
|
7
|
+
|
8
|
+
# @!attribute [r] digest
|
9
|
+
# @return [OpenSSL::Digest]
|
10
|
+
attr_reader :digest
|
11
|
+
|
12
|
+
def initialize
|
13
|
+
if OpenSSL::Digest.const_defined?('SHA256')
|
14
|
+
@digest = OpenSSL::Digest::SHA256
|
15
|
+
elsif OpenSSL::Digest.const_defined?('SHA1')
|
16
|
+
@digest = OpenSSL::Digest::SHA1
|
17
|
+
elsif OpenSSL::Digest.const_defined?('SHA512')
|
18
|
+
@digest = OpenSSL::Digest::SHA512
|
19
|
+
elsif OpenSSL::Digest.const_defined?('SHA384')
|
20
|
+
@digest = OpenSSL::Digest::SHA384
|
21
|
+
elsif OpenSSL::Digest.const_defined?('SHA224')
|
22
|
+
@digest = OpenSSL::Digest::SHA224
|
23
|
+
else
|
24
|
+
raise Puppet::Error,
|
25
|
+
"No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
|
26
|
+
end
|
27
|
+
@digest
|
28
|
+
end
|
29
|
+
|
30
|
+
# Sign a certificate signing request (CSR) with a private key.
|
31
|
+
#
|
32
|
+
# @param [OpenSSL::X509::Request] content The CSR to sign
|
33
|
+
# @param [OpenSSL::X509::PKey] key The private key to sign with
|
34
|
+
#
|
35
|
+
# @api private
|
36
|
+
def sign(content, key)
|
37
|
+
content.sign(key, @digest.new)
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
class Puppet::SSL::Digest
|
2
|
+
attr_reader :digest
|
3
|
+
|
4
|
+
def initialize(algorithm, content)
|
5
|
+
algorithm ||= 'SHA256'
|
6
|
+
@digest = OpenSSL::Digest.new(algorithm, content)
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
"(#{name}) #{to_hex}"
|
11
|
+
end
|
12
|
+
|
13
|
+
def to_hex
|
14
|
+
@digest.hexdigest.scan(/../).join(':').upcase
|
15
|
+
end
|
16
|
+
|
17
|
+
def name
|
18
|
+
@digest.name.upcase
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module Puppet::SSL
|
2
|
+
class SSLError < Puppet::Error; end
|
3
|
+
|
4
|
+
class CertVerifyError < Puppet::SSL::SSLError
|
5
|
+
attr_reader :code, :cert
|
6
|
+
def initialize(message, code, cert)
|
7
|
+
super(message)
|
8
|
+
@code = code
|
9
|
+
@cert = cert
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
class CertMismatchError < Puppet::SSL::SSLError
|
14
|
+
def initialize(peer_cert, host)
|
15
|
+
valid_certnames = [peer_cert.subject.to_utf8.sub(/.*=/, ''),
|
16
|
+
*Puppet::SSL::Certificate.subject_alt_names_for(peer_cert)].uniq
|
17
|
+
if valid_certnames.size > 1
|
18
|
+
expected_certnames = _("expected one of %{certnames}") % { certnames: valid_certnames.join(', ') }
|
19
|
+
else
|
20
|
+
expected_certnames = _("expected %{certname}") % { certname: valid_certnames.first }
|
21
|
+
end
|
22
|
+
|
23
|
+
super(_("Server hostname '%{host}' did not match server certificate; %{expected_certnames}") % { host: host, expected_certnames: expected_certnames })
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|