openvox 7.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +15 -0
- data/CODEOWNERS +11 -0
- data/CODE_OF_CONDUCT.md +70 -0
- data/CONTRIBUTING.md +161 -0
- data/Gemfile +82 -0
- data/Guardfile.example +76 -0
- data/LICENSE +202 -0
- data/README.md +68 -0
- data/Rakefile +160 -0
- data/bin/puppet +9 -0
- data/conf/environment.conf +18 -0
- data/conf/fileserver.conf +32 -0
- data/conf/hiera.yaml +11 -0
- data/conf/puppet.conf +6 -0
- data/examples/enc/regexp_nodes/classes/databases +2 -0
- data/examples/enc/regexp_nodes/classes/webservers +2 -0
- data/examples/enc/regexp_nodes/environment/development +2 -0
- data/examples/enc/regexp_nodes/parameters/service/prod +1 -0
- data/examples/enc/regexp_nodes/parameters/service/qa +3 -0
- data/examples/enc/regexp_nodes/parameters/service/sandbox +1 -0
- data/examples/enc/regexp_nodes/regexp_nodes.rb +270 -0
- data/examples/hiera/README.md +91 -0
- data/examples/hiera/etc/hiera.yaml +15 -0
- data/examples/hiera/etc/hieradb/common.yaml +3 -0
- data/examples/hiera/etc/hieradb/dc1.yaml +6 -0
- data/examples/hiera/etc/hieradb/development.yaml +2 -0
- data/examples/hiera/etc/puppet.conf +3 -0
- data/examples/hiera/modules/data/manifests/common.pp +4 -0
- data/examples/hiera/modules/ntp/manifests/config.pp +6 -0
- data/examples/hiera/modules/ntp/manifests/data.pp +4 -0
- data/examples/hiera/modules/ntp/templates/ntp.conf.erb +3 -0
- data/examples/hiera/modules/users/manifests/common.pp +4 -0
- data/examples/hiera/modules/users/manifests/dc1.pp +4 -0
- data/examples/hiera/modules/users/manifests/development.pp +4 -0
- data/examples/hiera/site.pp +3 -0
- data/examples/nagios/check_puppet.rb +123 -0
- data/ext/README.md +13 -0
- data/ext/build_defaults.yaml +18 -0
- data/ext/debian/puppet.default +4 -0
- data/ext/debian/puppet.init +113 -0
- data/ext/hiera/hiera.yaml +15 -0
- data/ext/osx/puppet.plist +32 -0
- data/ext/project_data.yaml +20 -0
- data/ext/redhat/client.init +169 -0
- data/ext/redhat/client.sysconfig +2 -0
- data/ext/solaris/smf/puppet +44 -0
- data/ext/solaris/smf/puppet.xml +46 -0
- data/ext/suse/client.init +141 -0
- data/ext/systemd/puppet.service +26 -0
- data/ext/windows/puppet_interactive.bat +6 -0
- data/ext/windows/puppet_shell.bat +9 -0
- data/ext/windows/run_puppet_interactive.bat +9 -0
- data/ext/windows/service/daemon.bat +6 -0
- data/ext/windows/service/daemon.rb +225 -0
- data/install.rb +499 -0
- data/lib/hiera/puppet_function.rb +84 -0
- data/lib/hiera/scope.rb +90 -0
- data/lib/hiera_puppet.rb +80 -0
- data/lib/puppet/agent/disabler.rb +53 -0
- data/lib/puppet/agent/locker.rb +46 -0
- data/lib/puppet/agent.rb +176 -0
- data/lib/puppet/application/agent.rb +523 -0
- data/lib/puppet/application/apply.rb +428 -0
- data/lib/puppet/application/catalog.rb +4 -0
- data/lib/puppet/application/config.rb +5 -0
- data/lib/puppet/application/describe.rb +253 -0
- data/lib/puppet/application/device.rb +439 -0
- data/lib/puppet/application/doc.rb +233 -0
- data/lib/puppet/application/epp.rb +5 -0
- data/lib/puppet/application/face_base.rb +276 -0
- data/lib/puppet/application/facts.rb +9 -0
- data/lib/puppet/application/filebucket.rb +318 -0
- data/lib/puppet/application/generate.rb +5 -0
- data/lib/puppet/application/help.rb +5 -0
- data/lib/puppet/application/indirection_base.rb +4 -0
- data/lib/puppet/application/lookup.rb +433 -0
- data/lib/puppet/application/module.rb +4 -0
- data/lib/puppet/application/node.rb +4 -0
- data/lib/puppet/application/parser.rb +5 -0
- data/lib/puppet/application/plugin.rb +4 -0
- data/lib/puppet/application/report.rb +4 -0
- data/lib/puppet/application/resource.rb +254 -0
- data/lib/puppet/application/script.rb +264 -0
- data/lib/puppet/application/ssl.rb +323 -0
- data/lib/puppet/application.rb +596 -0
- data/lib/puppet/application_support.rb +68 -0
- data/lib/puppet/coercion.rb +40 -0
- data/lib/puppet/compilable_resource_type.rb +15 -0
- data/lib/puppet/concurrent/lock.rb +16 -0
- data/lib/puppet/concurrent/synchronized.rb +15 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +17 -0
- data/lib/puppet/concurrent.rb +2 -0
- data/lib/puppet/configurer/downloader.rb +85 -0
- data/lib/puppet/configurer/fact_handler.rb +50 -0
- data/lib/puppet/configurer/plugin_handler.rb +59 -0
- data/lib/puppet/configurer.rb +755 -0
- data/lib/puppet/confine/any.rb +26 -0
- data/lib/puppet/confine/boolean.rb +45 -0
- data/lib/puppet/confine/exists.rb +19 -0
- data/lib/puppet/confine/false.rb +25 -0
- data/lib/puppet/confine/feature.rb +17 -0
- data/lib/puppet/confine/true.rb +26 -0
- data/lib/puppet/confine/variable.rb +59 -0
- data/lib/puppet/confine.rb +83 -0
- data/lib/puppet/confine_collection.rb +51 -0
- data/lib/puppet/confiner.rb +46 -0
- data/lib/puppet/context/trusted_information.rb +120 -0
- data/lib/puppet/context.rb +188 -0
- data/lib/puppet/daemon.rb +182 -0
- data/lib/puppet/data_binding.rb +14 -0
- data/lib/puppet/datatypes/error.rb +21 -0
- data/lib/puppet/datatypes/impl/error.rb +40 -0
- data/lib/puppet/datatypes.rb +213 -0
- data/lib/puppet/defaults.rb +2277 -0
- data/lib/puppet/environments.rb +601 -0
- data/lib/puppet/error.rb +138 -0
- data/lib/puppet/etc.rb +180 -0
- data/lib/puppet/external/dot.rb +325 -0
- data/lib/puppet/external/pson/common.rb +374 -0
- data/lib/puppet/external/pson/pure/generator.rb +395 -0
- data/lib/puppet/external/pson/pure/parser.rb +308 -0
- data/lib/puppet/external/pson/pure.rb +15 -0
- data/lib/puppet/external/pson/version.rb +8 -0
- data/lib/puppet/face/catalog/select.rb +49 -0
- data/lib/puppet/face/catalog.rb +165 -0
- data/lib/puppet/face/config.rb +267 -0
- data/lib/puppet/face/epp.rb +566 -0
- data/lib/puppet/face/facts.rb +174 -0
- data/lib/puppet/face/generate.rb +66 -0
- data/lib/puppet/face/help/action.erb +90 -0
- data/lib/puppet/face/help/face.erb +115 -0
- data/lib/puppet/face/help/global.erb +16 -0
- data/lib/puppet/face/help/man.erb +152 -0
- data/lib/puppet/face/help.rb +242 -0
- data/lib/puppet/face/module/changes.rb +43 -0
- data/lib/puppet/face/module/install.rb +146 -0
- data/lib/puppet/face/module/list.rb +272 -0
- data/lib/puppet/face/module/uninstall.rb +89 -0
- data/lib/puppet/face/module/upgrade.rb +87 -0
- data/lib/puppet/face/module.rb +19 -0
- data/lib/puppet/face/node/clean.rb +107 -0
- data/lib/puppet/face/node.rb +43 -0
- data/lib/puppet/face/parser.rb +227 -0
- data/lib/puppet/face/plugin.rb +60 -0
- data/lib/puppet/face/report.rb +54 -0
- data/lib/puppet/face/resource.rb +53 -0
- data/lib/puppet/face.rb +12 -0
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/feature/base.rb +76 -0
- data/lib/puppet/feature/bolt.rb +3 -0
- data/lib/puppet/feature/cfpropertylist.rb +3 -0
- data/lib/puppet/feature/eventlog.rb +5 -0
- data/lib/puppet/feature/hiera_eyaml.rb +3 -0
- data/lib/puppet/feature/hocon.rb +3 -0
- data/lib/puppet/feature/libuser.rb +8 -0
- data/lib/puppet/feature/msgpack.rb +3 -0
- data/lib/puppet/feature/pe_license.rb +4 -0
- data/lib/puppet/feature/selinux.rb +3 -0
- data/lib/puppet/feature/ssh.rb +3 -0
- data/lib/puppet/feature/telnet.rb +9 -0
- data/lib/puppet/feature/zlib.rb +5 -0
- data/lib/puppet/ffi/posix/constants.rb +14 -0
- data/lib/puppet/ffi/posix/functions.rb +24 -0
- data/lib/puppet/ffi/posix.rb +10 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/file_bucket/dipper.rb +174 -0
- data/lib/puppet/file_bucket/file.rb +129 -0
- data/lib/puppet/file_bucket.rb +4 -0
- data/lib/puppet/file_serving/base.rb +86 -0
- data/lib/puppet/file_serving/configuration/parser.rb +113 -0
- data/lib/puppet/file_serving/configuration.rb +113 -0
- data/lib/puppet/file_serving/content.rb +43 -0
- data/lib/puppet/file_serving/fileset.rb +186 -0
- data/lib/puppet/file_serving/http_metadata.rb +62 -0
- data/lib/puppet/file_serving/metadata.rb +171 -0
- data/lib/puppet/file_serving/mount/file.rb +122 -0
- data/lib/puppet/file_serving/mount/locales.rb +35 -0
- data/lib/puppet/file_serving/mount/modules.rb +26 -0
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_serving/mount/plugins.rb +35 -0
- data/lib/puppet/file_serving/mount/scripts.rb +24 -0
- data/lib/puppet/file_serving/mount/tasks.rb +23 -0
- data/lib/puppet/file_serving/mount.rb +38 -0
- data/lib/puppet/file_serving/terminus_helper.rb +31 -0
- data/lib/puppet/file_serving/terminus_selector.rb +31 -0
- data/lib/puppet/file_serving.rb +3 -0
- data/lib/puppet/file_system/file_impl.rb +188 -0
- data/lib/puppet/file_system/jruby.rb +23 -0
- data/lib/puppet/file_system/memory_file.rb +79 -0
- data/lib/puppet/file_system/memory_impl.rb +99 -0
- data/lib/puppet/file_system/path_pattern.rb +93 -0
- data/lib/puppet/file_system/posix.rb +47 -0
- data/lib/puppet/file_system/uniquefile.rb +188 -0
- data/lib/puppet/file_system/windows.rb +213 -0
- data/lib/puppet/file_system.rb +419 -0
- data/lib/puppet/forge/cache.rb +60 -0
- data/lib/puppet/forge/errors.rb +114 -0
- data/lib/puppet/forge/repository.rb +95 -0
- data/lib/puppet/forge.rb +259 -0
- data/lib/puppet/functions/abs.rb +61 -0
- data/lib/puppet/functions/alert.rb +14 -0
- data/lib/puppet/functions/all.rb +104 -0
- data/lib/puppet/functions/annotate.rb +108 -0
- data/lib/puppet/functions/any.rb +109 -0
- data/lib/puppet/functions/assert_type.rb +93 -0
- data/lib/puppet/functions/binary_file.rb +32 -0
- data/lib/puppet/functions/break.rb +47 -0
- data/lib/puppet/functions/call.rb +80 -0
- data/lib/puppet/functions/camelcase.rb +62 -0
- data/lib/puppet/functions/capitalize.rb +61 -0
- data/lib/puppet/functions/ceiling.rb +37 -0
- data/lib/puppet/functions/chomp.rb +57 -0
- data/lib/puppet/functions/chop.rb +67 -0
- data/lib/puppet/functions/compare.rb +125 -0
- data/lib/puppet/functions/contain.rb +55 -0
- data/lib/puppet/functions/convert_to.rb +34 -0
- data/lib/puppet/functions/crit.rb +14 -0
- data/lib/puppet/functions/debug.rb +14 -0
- data/lib/puppet/functions/defined.rb +159 -0
- data/lib/puppet/functions/dig.rb +67 -0
- data/lib/puppet/functions/downcase.rb +89 -0
- data/lib/puppet/functions/each.rb +167 -0
- data/lib/puppet/functions/emerg.rb +14 -0
- data/lib/puppet/functions/empty.rb +85 -0
- data/lib/puppet/functions/epp.rb +49 -0
- data/lib/puppet/functions/err.rb +14 -0
- data/lib/puppet/functions/eyaml_lookup_key.rb +102 -0
- data/lib/puppet/functions/filter.rb +137 -0
- data/lib/puppet/functions/find_file.rb +44 -0
- data/lib/puppet/functions/find_template.rb +63 -0
- data/lib/puppet/functions/flatten.rb +64 -0
- data/lib/puppet/functions/floor.rb +37 -0
- data/lib/puppet/functions/get.rb +150 -0
- data/lib/puppet/functions/getvar.rb +87 -0
- data/lib/puppet/functions/group_by.rb +62 -0
- data/lib/puppet/functions/hiera.rb +89 -0
- data/lib/puppet/functions/hiera_array.rb +81 -0
- data/lib/puppet/functions/hiera_hash.rb +92 -0
- data/lib/puppet/functions/hiera_include.rb +104 -0
- data/lib/puppet/functions/hocon_data.rb +41 -0
- data/lib/puppet/functions/import.rb +7 -0
- data/lib/puppet/functions/include.rb +53 -0
- data/lib/puppet/functions/index.rb +167 -0
- data/lib/puppet/functions/info.rb +14 -0
- data/lib/puppet/functions/inline_epp.rb +60 -0
- data/lib/puppet/functions/join.rb +56 -0
- data/lib/puppet/functions/json_data.rb +33 -0
- data/lib/puppet/functions/keys.rb +25 -0
- data/lib/puppet/functions/length.rb +44 -0
- data/lib/puppet/functions/lest.rb +55 -0
- data/lib/puppet/functions/lookup.rb +224 -0
- data/lib/puppet/functions/lstrip.rb +58 -0
- data/lib/puppet/functions/map.rb +135 -0
- data/lib/puppet/functions/match.rb +130 -0
- data/lib/puppet/functions/max.rb +183 -0
- data/lib/puppet/functions/min.rb +182 -0
- data/lib/puppet/functions/module_directory.rb +41 -0
- data/lib/puppet/functions/new.rb +1011 -0
- data/lib/puppet/functions/next.rb +33 -0
- data/lib/puppet/functions/notice.rb +14 -0
- data/lib/puppet/functions/partition.rb +62 -0
- data/lib/puppet/functions/reduce.rb +162 -0
- data/lib/puppet/functions/regsubst.rb +101 -0
- data/lib/puppet/functions/require.rb +77 -0
- data/lib/puppet/functions/return.rb +15 -0
- data/lib/puppet/functions/reverse_each.rb +94 -0
- data/lib/puppet/functions/round.rb +24 -0
- data/lib/puppet/functions/rstrip.rb +58 -0
- data/lib/puppet/functions/scanf.rb +44 -0
- data/lib/puppet/functions/size.rb +15 -0
- data/lib/puppet/functions/slice.rb +124 -0
- data/lib/puppet/functions/sort.rb +74 -0
- data/lib/puppet/functions/split.rb +76 -0
- data/lib/puppet/functions/step.rb +98 -0
- data/lib/puppet/functions/strftime.rb +212 -0
- data/lib/puppet/functions/strip.rb +58 -0
- data/lib/puppet/functions/then.rb +77 -0
- data/lib/puppet/functions/tree_each.rb +197 -0
- data/lib/puppet/functions/type.rb +72 -0
- data/lib/puppet/functions/unique.rb +132 -0
- data/lib/puppet/functions/unwrap.rb +59 -0
- data/lib/puppet/functions/upcase.rb +89 -0
- data/lib/puppet/functions/values.rb +25 -0
- data/lib/puppet/functions/versioncmp.rb +40 -0
- data/lib/puppet/functions/warning.rb +14 -0
- data/lib/puppet/functions/with.rb +32 -0
- data/lib/puppet/functions/yaml_data.rb +45 -0
- data/lib/puppet/functions.rb +862 -0
- data/lib/puppet/generate/models/type/property.rb +70 -0
- data/lib/puppet/generate/models/type/type.rb +65 -0
- data/lib/puppet/generate/templates/type/pcore.erb +42 -0
- data/lib/puppet/generate/type.rb +249 -0
- data/lib/puppet/gettext/config.rb +275 -0
- data/lib/puppet/gettext/module_translations.rb +42 -0
- data/lib/puppet/gettext/stubs.rb +11 -0
- data/lib/puppet/graph/key.rb +26 -0
- data/lib/puppet/graph/prioritizer.rb +29 -0
- data/lib/puppet/graph/rb_tree_map.rb +388 -0
- data/lib/puppet/graph/relationship_graph.rb +284 -0
- data/lib/puppet/graph/sequential_prioritizer.rb +31 -0
- data/lib/puppet/graph/simple_graph.rb +546 -0
- data/lib/puppet/graph.rb +9 -0
- data/lib/puppet/http/client.rb +525 -0
- data/lib/puppet/http/dns.rb +159 -0
- data/lib/puppet/http/errors.rb +48 -0
- data/lib/puppet/http/external_client.rb +88 -0
- data/lib/puppet/http/factory.rb +51 -0
- data/lib/puppet/http/pool.rb +172 -0
- data/lib/puppet/http/pool_entry.rb +17 -0
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +85 -0
- data/lib/puppet/http/resolver/server_list.rb +87 -0
- data/lib/puppet/http/resolver/settings.rb +23 -0
- data/lib/puppet/http/resolver/srv.rb +41 -0
- data/lib/puppet/http/resolver.rb +48 -0
- data/lib/puppet/http/response.rb +102 -0
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +77 -0
- data/lib/puppet/http/service/ca.rb +101 -0
- data/lib/puppet/http/service/compiler.rb +353 -0
- data/lib/puppet/http/service/file_server.rb +198 -0
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +64 -0
- data/lib/puppet/http/service.rb +182 -0
- data/lib/puppet/http/session.rb +122 -0
- data/lib/puppet/http/site.rb +42 -0
- data/lib/puppet/http.rb +46 -0
- data/lib/puppet/indirector/catalog/compiler.rb +431 -0
- data/lib/puppet/indirector/catalog/json.rb +40 -0
- data/lib/puppet/indirector/catalog/msgpack.rb +6 -0
- data/lib/puppet/indirector/catalog/rest.rb +49 -0
- data/lib/puppet/indirector/catalog/store_configs.rb +8 -0
- data/lib/puppet/indirector/catalog/yaml.rb +6 -0
- data/lib/puppet/indirector/code.rb +6 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +7 -0
- data/lib/puppet/indirector/data_binding/none.rb +8 -0
- data/lib/puppet/indirector/direct_file_server.rb +17 -0
- data/lib/puppet/indirector/envelope.rb +11 -0
- data/lib/puppet/indirector/errors.rb +5 -0
- data/lib/puppet/indirector/exec.rb +38 -0
- data/lib/puppet/indirector/face.rb +153 -0
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +117 -0
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/memory.rb +9 -0
- data/lib/puppet/indirector/facts/network_device.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +44 -0
- data/lib/puppet/indirector/facts/store_configs.rb +11 -0
- data/lib/puppet/indirector/facts/yaml.rb +29 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +262 -0
- data/lib/puppet/indirector/file_bucket_file/rest.rb +50 -0
- data/lib/puppet/indirector/file_bucket_file/selector.rb +53 -0
- data/lib/puppet/indirector/file_content/file.rb +7 -0
- data/lib/puppet/indirector/file_content/file_server.rb +7 -0
- data/lib/puppet/indirector/file_content/rest.rb +35 -0
- data/lib/puppet/indirector/file_content/selector.rb +30 -0
- data/lib/puppet/indirector/file_content.rb +5 -0
- data/lib/puppet/indirector/file_metadata/file.rb +7 -0
- data/lib/puppet/indirector/file_metadata/file_server.rb +7 -0
- data/lib/puppet/indirector/file_metadata/http.rb +47 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +56 -0
- data/lib/puppet/indirector/file_metadata/selector.rb +30 -0
- data/lib/puppet/indirector/file_metadata.rb +5 -0
- data/lib/puppet/indirector/file_server.rb +54 -0
- data/lib/puppet/indirector/generic_http.rb +5 -0
- data/lib/puppet/indirector/hiera.rb +100 -0
- data/lib/puppet/indirector/indirection.rb +372 -0
- data/lib/puppet/indirector/json.rb +79 -0
- data/lib/puppet/indirector/memory.rb +34 -0
- data/lib/puppet/indirector/msgpack.rb +83 -0
- data/lib/puppet/indirector/node/exec.rb +70 -0
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/memory.rb +10 -0
- data/lib/puppet/indirector/node/msgpack.rb +7 -0
- data/lib/puppet/indirector/node/plain.rb +21 -0
- data/lib/puppet/indirector/node/rest.rb +29 -0
- data/lib/puppet/indirector/node/store_configs.rb +8 -0
- data/lib/puppet/indirector/node/yaml.rb +7 -0
- data/lib/puppet/indirector/none.rb +9 -0
- data/lib/puppet/indirector/plain.rb +9 -0
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/msgpack.rb +11 -0
- data/lib/puppet/indirector/report/processor.rb +60 -0
- data/lib/puppet/indirector/report/rest.rb +42 -0
- data/lib/puppet/indirector/report/yaml.rb +34 -0
- data/lib/puppet/indirector/request.rb +194 -0
- data/lib/puppet/indirector/resource/ral.rb +66 -0
- data/lib/puppet/indirector/resource/store_configs.rb +12 -0
- data/lib/puppet/indirector/resource/validator.rb +8 -0
- data/lib/puppet/indirector/rest.rb +64 -0
- data/lib/puppet/indirector/store_configs.rb +30 -0
- data/lib/puppet/indirector/terminus.rb +176 -0
- data/lib/puppet/indirector/yaml.rb +63 -0
- data/lib/puppet/indirector.rb +61 -0
- data/lib/puppet/info_service/class_information_service.rb +109 -0
- data/lib/puppet/info_service/plan_information_service.rb +36 -0
- data/lib/puppet/info_service/task_information_service.rb +44 -0
- data/lib/puppet/info_service.rb +26 -0
- data/lib/puppet/interface/action.rb +406 -0
- data/lib/puppet/interface/action_builder.rb +161 -0
- data/lib/puppet/interface/action_manager.rb +98 -0
- data/lib/puppet/interface/documentation.rb +357 -0
- data/lib/puppet/interface/face_collection.rb +137 -0
- data/lib/puppet/interface/option.rb +172 -0
- data/lib/puppet/interface/option_builder.rb +105 -0
- data/lib/puppet/interface/option_manager.rb +106 -0
- data/lib/puppet/interface.rb +239 -0
- data/lib/puppet/loaders.rb +30 -0
- data/lib/puppet/metatype/manager.rb +197 -0
- data/lib/puppet/module/plan.rb +159 -0
- data/lib/puppet/module/task.rb +283 -0
- data/lib/puppet/module.rb +475 -0
- data/lib/puppet/module_tool/applications/application.rb +91 -0
- data/lib/puppet/module_tool/applications/checksummer.rb +62 -0
- data/lib/puppet/module_tool/applications/installer.rb +411 -0
- data/lib/puppet/module_tool/applications/uninstaller.rb +119 -0
- data/lib/puppet/module_tool/applications/unpacker.rb +100 -0
- data/lib/puppet/module_tool/applications/upgrader.rb +282 -0
- data/lib/puppet/module_tool/applications.rb +12 -0
- data/lib/puppet/module_tool/checksums.rb +49 -0
- data/lib/puppet/module_tool/contents_description.rb +89 -0
- data/lib/puppet/module_tool/dependency.rb +41 -0
- data/lib/puppet/module_tool/errors/base.rb +15 -0
- data/lib/puppet/module_tool/errors/installer.rb +93 -0
- data/lib/puppet/module_tool/errors/shared.rb +227 -0
- data/lib/puppet/module_tool/errors/uninstaller.rb +50 -0
- data/lib/puppet/module_tool/errors/upgrader.rb +63 -0
- data/lib/puppet/module_tool/errors.rb +11 -0
- data/lib/puppet/module_tool/install_directory.rb +45 -0
- data/lib/puppet/module_tool/installed_modules.rb +96 -0
- data/lib/puppet/module_tool/local_tarball.rb +90 -0
- data/lib/puppet/module_tool/metadata.rb +221 -0
- data/lib/puppet/module_tool/shared_behaviors.rb +181 -0
- data/lib/puppet/module_tool/tar/gnu.rb +19 -0
- data/lib/puppet/module_tool/tar/mini.rb +116 -0
- data/lib/puppet/module_tool/tar.rb +18 -0
- data/lib/puppet/module_tool.rb +194 -0
- data/lib/puppet/network/authconfig.rb +7 -0
- data/lib/puppet/network/authorization.rb +19 -0
- data/lib/puppet/network/client_request.rb +29 -0
- data/lib/puppet/network/format.rb +110 -0
- data/lib/puppet/network/format_handler.rb +108 -0
- data/lib/puppet/network/format_support.rb +139 -0
- data/lib/puppet/network/formats.rb +329 -0
- data/lib/puppet/network/http/api/indirected_routes.rb +277 -0
- data/lib/puppet/network/http/api/indirection_type.rb +32 -0
- data/lib/puppet/network/http/api/master/v3/environments.rb +3 -0
- data/lib/puppet/network/http/api/master/v3.rb +3 -0
- data/lib/puppet/network/http/api/master.rb +3 -0
- data/lib/puppet/network/http/api/server/v3/environments.rb +48 -0
- data/lib/puppet/network/http/api/server/v3.rb +39 -0
- data/lib/puppet/network/http/api/server.rb +10 -0
- data/lib/puppet/network/http/api.rb +39 -0
- data/lib/puppet/network/http/connection.rb +286 -0
- data/lib/puppet/network/http/error.rb +73 -0
- data/lib/puppet/network/http/handler.rb +215 -0
- data/lib/puppet/network/http/issues.rb +12 -0
- data/lib/puppet/network/http/memory_response.rb +13 -0
- data/lib/puppet/network/http/request.rb +71 -0
- data/lib/puppet/network/http/response.rb +23 -0
- data/lib/puppet/network/http/route.rb +101 -0
- data/lib/puppet/network/http.rb +28 -0
- data/lib/puppet/network/http_pool.rb +77 -0
- data/lib/puppet/network/uri.rb +18 -0
- data/lib/puppet/network.rb +3 -0
- data/lib/puppet/node/environment.rb +635 -0
- data/lib/puppet/node/facts.rb +165 -0
- data/lib/puppet/node/server_facts.rb +46 -0
- data/lib/puppet/node.rb +256 -0
- data/lib/puppet/pal/catalog_compiler.rb +108 -0
- data/lib/puppet/pal/compiler.rb +222 -0
- data/lib/puppet/pal/function_signature.rb +52 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +71 -0
- data/lib/puppet/pal/pal_api.rb +15 -0
- data/lib/puppet/pal/pal_impl.rb +590 -0
- data/lib/puppet/pal/plan_signature.rb +71 -0
- data/lib/puppet/pal/script_compiler.rb +73 -0
- data/lib/puppet/pal/task_signature.rb +58 -0
- data/lib/puppet/parameter/boolean.rb +15 -0
- data/lib/puppet/parameter/package_options.rb +31 -0
- data/lib/puppet/parameter/path.rb +57 -0
- data/lib/puppet/parameter/value.rb +91 -0
- data/lib/puppet/parameter/value_collection.rb +212 -0
- data/lib/puppet/parameter.rb +589 -0
- data/lib/puppet/parser/abstract_compiler.rb +36 -0
- data/lib/puppet/parser/ast/block_expression.rb +15 -0
- data/lib/puppet/parser/ast/branch.rb +19 -0
- data/lib/puppet/parser/ast/hostclass.rb +27 -0
- data/lib/puppet/parser/ast/leaf.rb +81 -0
- data/lib/puppet/parser/ast/node.rb +17 -0
- data/lib/puppet/parser/ast/pops_bridge.rb +245 -0
- data/lib/puppet/parser/ast/resource.rb +66 -0
- data/lib/puppet/parser/ast/resource_instance.rb +10 -0
- data/lib/puppet/parser/ast/resourceparam.rb +31 -0
- data/lib/puppet/parser/ast/top_level_construct.rb +4 -0
- data/lib/puppet/parser/ast.rb +61 -0
- data/lib/puppet/parser/catalog_compiler.rb +56 -0
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +39 -0
- data/lib/puppet/parser/compiler/catalog_validator.rb +33 -0
- data/lib/puppet/parser/compiler.rb +615 -0
- data/lib/puppet/parser/e4_parser_adapter.rb +60 -0
- data/lib/puppet/parser/files.rb +93 -0
- data/lib/puppet/parser/functions/assert_type.rb +60 -0
- data/lib/puppet/parser/functions/binary_file.rb +24 -0
- data/lib/puppet/parser/functions/break.rb +39 -0
- data/lib/puppet/parser/functions/contain.rb +30 -0
- data/lib/puppet/parser/functions/create_resources.rb +110 -0
- data/lib/puppet/parser/functions/defined.rb +107 -0
- data/lib/puppet/parser/functions/dig.rb +38 -0
- data/lib/puppet/parser/functions/digest.rb +5 -0
- data/lib/puppet/parser/functions/each.rb +104 -0
- data/lib/puppet/parser/functions/epp.rb +39 -0
- data/lib/puppet/parser/functions/fail.rb +11 -0
- data/lib/puppet/parser/functions/file.rb +33 -0
- data/lib/puppet/parser/functions/filter.rb +79 -0
- data/lib/puppet/parser/functions/find_file.rb +28 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +44 -0
- data/lib/puppet/parser/functions/generate.rb +37 -0
- data/lib/puppet/parser/functions/hiera.rb +103 -0
- data/lib/puppet/parser/functions/hiera_array.rb +92 -0
- data/lib/puppet/parser/functions/hiera_hash.rb +102 -0
- data/lib/puppet/parser/functions/hiera_include.rb +101 -0
- data/lib/puppet/parser/functions/include.rb +34 -0
- data/lib/puppet/parser/functions/inline_epp.rb +51 -0
- data/lib/puppet/parser/functions/inline_template.rb +26 -0
- data/lib/puppet/parser/functions/lest.rb +49 -0
- data/lib/puppet/parser/functions/lookup.rb +132 -0
- data/lib/puppet/parser/functions/map.rb +76 -0
- data/lib/puppet/parser/functions/match.rb +43 -0
- data/lib/puppet/parser/functions/md5.rb +5 -0
- data/lib/puppet/parser/functions/new.rb +991 -0
- data/lib/puppet/parser/functions/next.rb +38 -0
- data/lib/puppet/parser/functions/realize.rb +20 -0
- data/lib/puppet/parser/functions/reduce.rb +137 -0
- data/lib/puppet/parser/functions/regsubst.rb +62 -0
- data/lib/puppet/parser/functions/require.rb +40 -0
- data/lib/puppet/parser/functions/return.rb +92 -0
- data/lib/puppet/parser/functions/reverse_each.rb +83 -0
- data/lib/puppet/parser/functions/scanf.rb +38 -0
- data/lib/puppet/parser/functions/sha1.rb +5 -0
- data/lib/puppet/parser/functions/sha256.rb +5 -0
- data/lib/puppet/parser/functions/shellquote.rb +61 -0
- data/lib/puppet/parser/functions/slice.rb +39 -0
- data/lib/puppet/parser/functions/split.rb +28 -0
- data/lib/puppet/parser/functions/sprintf.rb +61 -0
- data/lib/puppet/parser/functions/step.rb +84 -0
- data/lib/puppet/parser/functions/strftime.rb +185 -0
- data/lib/puppet/parser/functions/tag.rb +12 -0
- data/lib/puppet/parser/functions/tagged.rb +21 -0
- data/lib/puppet/parser/functions/template.rb +39 -0
- data/lib/puppet/parser/functions/then.rb +73 -0
- data/lib/puppet/parser/functions/type.rb +53 -0
- data/lib/puppet/parser/functions/versioncmp.rb +30 -0
- data/lib/puppet/parser/functions/with.rb +28 -0
- data/lib/puppet/parser/functions.rb +321 -0
- data/lib/puppet/parser/parser_factory.rb +30 -0
- data/lib/puppet/parser/relationship.rb +84 -0
- data/lib/puppet/parser/resource/param.rb +35 -0
- data/lib/puppet/parser/resource.rb +351 -0
- data/lib/puppet/parser/scope.rb +1127 -0
- data/lib/puppet/parser/script_compiler.rb +123 -0
- data/lib/puppet/parser/templatewrapper.rb +104 -0
- data/lib/puppet/parser/type_loader.rb +150 -0
- data/lib/puppet/parser.rb +20 -0
- data/lib/puppet/plugins/configuration.rb +29 -0
- data/lib/puppet/plugins/syntax_checkers.rb +98 -0
- data/lib/puppet/plugins.rb +9 -0
- data/lib/puppet/pops/adaptable.rb +197 -0
- data/lib/puppet/pops/adapters.rb +156 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +719 -0
- data/lib/puppet/pops/evaluator/callable_signature.rb +107 -0
- data/lib/puppet/pops/evaluator/closure.rb +375 -0
- data/lib/puppet/pops/evaluator/collector_transformer.rb +234 -0
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +86 -0
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +29 -0
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +70 -0
- data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +38 -0
- data/lib/puppet/pops/evaluator/compare_operator.rb +254 -0
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +225 -0
- data/lib/puppet/pops/evaluator/epp_evaluator.rb +120 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +1317 -0
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +46 -0
- data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +82 -0
- data/lib/puppet/pops/evaluator/literal_evaluator.rb +100 -0
- data/lib/puppet/pops/evaluator/puppet_proc.rb +69 -0
- data/lib/puppet/pops/evaluator/relationship_operator.rb +185 -0
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +221 -0
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
- data/lib/puppet/pops/evaluator/runtime3_support.rb +535 -0
- data/lib/puppet/pops/functions/dispatch.rb +107 -0
- data/lib/puppet/pops/functions/dispatcher.rb +75 -0
- data/lib/puppet/pops/functions/function.rb +139 -0
- data/lib/puppet/pops/issue_reporter.rb +137 -0
- data/lib/puppet/pops/issues.rb +928 -0
- data/lib/puppet/pops/label_provider.rb +90 -0
- data/lib/puppet/pops/loader/base_loader.rb +178 -0
- data/lib/puppet/pops/loader/dependency_loader.rb +91 -0
- data/lib/puppet/pops/loader/gem_support.rb +51 -0
- data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
- data/lib/puppet/pops/loader/loader.rb +221 -0
- data/lib/puppet/pops/loader/loader_paths.rb +412 -0
- data/lib/puppet/pops/loader/module_loaders.rb +556 -0
- data/lib/puppet/pops/loader/predefined_loader.rb +28 -0
- data/lib/puppet/pops/loader/puppet_function_instantiator.rb +84 -0
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +93 -0
- data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +79 -0
- data/lib/puppet/pops/loader/ruby_data_type_instantiator.rb +39 -0
- data/lib/puppet/pops/loader/ruby_function_instantiator.rb +45 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +120 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +103 -0
- data/lib/puppet/pops/loader/simple_environment_loader.rb +20 -0
- data/lib/puppet/pops/loader/static_loader.rb +131 -0
- data/lib/puppet/pops/loader/task_instantiator.rb +44 -0
- data/lib/puppet/pops/loader/type_definition_instantiator.rb +100 -0
- data/lib/puppet/pops/loader/typed_name.rb +54 -0
- data/lib/puppet/pops/loader/uri_helper.rb +22 -0
- data/lib/puppet/pops/loaders.rb +546 -0
- data/lib/puppet/pops/lookup/configured_data_provider.rb +93 -0
- data/lib/puppet/pops/lookup/context.rb +199 -0
- data/lib/puppet/pops/lookup/data_adapter.rb +27 -0
- data/lib/puppet/pops/lookup/data_dig_function_provider.rb +145 -0
- data/lib/puppet/pops/lookup/data_hash_function_provider.rb +126 -0
- data/lib/puppet/pops/lookup/data_provider.rb +92 -0
- data/lib/puppet/pops/lookup/environment_data_provider.rb +35 -0
- data/lib/puppet/pops/lookup/explainer.rb +595 -0
- data/lib/puppet/pops/lookup/function_provider.rb +110 -0
- data/lib/puppet/pops/lookup/global_data_provider.rb +75 -0
- data/lib/puppet/pops/lookup/hiera_config.rb +775 -0
- data/lib/puppet/pops/lookup/interpolation.rb +155 -0
- data/lib/puppet/pops/lookup/invocation.rb +268 -0
- data/lib/puppet/pops/lookup/key_recorder.rb +18 -0
- data/lib/puppet/pops/lookup/location_resolver.rb +99 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +528 -0
- data/lib/puppet/pops/lookup/lookup_key.rb +99 -0
- data/lib/puppet/pops/lookup/lookup_key_function_provider.rb +92 -0
- data/lib/puppet/pops/lookup/module_data_provider.rb +89 -0
- data/lib/puppet/pops/lookup/sub_lookup.rb +92 -0
- data/lib/puppet/pops/lookup.rb +97 -0
- data/lib/puppet/pops/merge_strategy.rb +441 -0
- data/lib/puppet/pops/migration/migration_checker.rb +58 -0
- data/lib/puppet/pops/model/ast.pp +669 -0
- data/lib/puppet/pops/model/ast.rb +4675 -0
- data/lib/puppet/pops/model/ast_transformer.rb +131 -0
- data/lib/puppet/pops/model/factory.rb +1155 -0
- data/lib/puppet/pops/model/model_label_provider.rb +134 -0
- data/lib/puppet/pops/model/model_tree_dumper.rb +445 -0
- data/lib/puppet/pops/model/pn_transformer.rb +385 -0
- data/lib/puppet/pops/model/tree_dumper.rb +59 -0
- data/lib/puppet/pops/parser/code_merger.rb +29 -0
- data/lib/puppet/pops/parser/egrammar.ra +889 -0
- data/lib/puppet/pops/parser/eparser.rb +3184 -0
- data/lib/puppet/pops/parser/epp_parser.rb +51 -0
- data/lib/puppet/pops/parser/epp_support.rb +265 -0
- data/lib/puppet/pops/parser/evaluating_parser.rb +162 -0
- data/lib/puppet/pops/parser/heredoc_support.rb +153 -0
- data/lib/puppet/pops/parser/interpolation_support.rb +249 -0
- data/lib/puppet/pops/parser/lexer2.rb +777 -0
- data/lib/puppet/pops/parser/lexer_support.rb +221 -0
- data/lib/puppet/pops/parser/locatable.rb +23 -0
- data/lib/puppet/pops/parser/locator.rb +357 -0
- data/lib/puppet/pops/parser/parser_support.rb +251 -0
- data/lib/puppet/pops/parser/pn_parser.rb +317 -0
- data/lib/puppet/pops/parser/slurp_support.rb +118 -0
- data/lib/puppet/pops/patterns.rb +60 -0
- data/lib/puppet/pops/pcore.rb +135 -0
- data/lib/puppet/pops/pn.rb +236 -0
- data/lib/puppet/pops/puppet_stack.rb +61 -0
- data/lib/puppet/pops/resource/param.rb +55 -0
- data/lib/puppet/pops/resource/resource_type_impl.rb +294 -0
- data/lib/puppet/pops/resource/resource_type_set.pcore +22 -0
- data/lib/puppet/pops/semantic_error.rb +29 -0
- data/lib/puppet/pops/serialization/abstract_reader.rb +180 -0
- data/lib/puppet/pops/serialization/abstract_writer.rb +222 -0
- data/lib/puppet/pops/serialization/deserializer.rb +80 -0
- data/lib/puppet/pops/serialization/extension.rb +158 -0
- data/lib/puppet/pops/serialization/from_data_converter.rb +224 -0
- data/lib/puppet/pops/serialization/instance_reader.rb +19 -0
- data/lib/puppet/pops/serialization/instance_writer.rb +14 -0
- data/lib/puppet/pops/serialization/json.rb +297 -0
- data/lib/puppet/pops/serialization/json_path.rb +127 -0
- data/lib/puppet/pops/serialization/object.rb +70 -0
- data/lib/puppet/pops/serialization/serializer.rb +140 -0
- data/lib/puppet/pops/serialization/time_factory.rb +67 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +313 -0
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
- data/lib/puppet/pops/serialization.rb +43 -0
- data/lib/puppet/pops/time/timespan.rb +716 -0
- data/lib/puppet/pops/time/timestamp.rb +160 -0
- data/lib/puppet/pops/types/annotatable.rb +36 -0
- data/lib/puppet/pops/types/annotation.rb +71 -0
- data/lib/puppet/pops/types/class_loader.rb +132 -0
- data/lib/puppet/pops/types/implementation_registry.rb +134 -0
- data/lib/puppet/pops/types/iterable.rb +365 -0
- data/lib/puppet/pops/types/p_binary_type.rb +232 -0
- data/lib/puppet/pops/types/p_init_type.rb +238 -0
- data/lib/puppet/pops/types/p_meta_type.rb +94 -0
- data/lib/puppet/pops/types/p_object_type.rb +1117 -0
- data/lib/puppet/pops/types/p_object_type_extension.rb +228 -0
- data/lib/puppet/pops/types/p_runtime_type.rb +115 -0
- data/lib/puppet/pops/types/p_sem_ver_range_type.rb +190 -0
- data/lib/puppet/pops/types/p_sem_ver_type.rb +155 -0
- data/lib/puppet/pops/types/p_sensitive_type.rb +83 -0
- data/lib/puppet/pops/types/p_timespan_type.rb +192 -0
- data/lib/puppet/pops/types/p_timestamp_type.rb +73 -0
- data/lib/puppet/pops/types/p_type_set_type.rb +387 -0
- data/lib/puppet/pops/types/p_uri_type.rb +190 -0
- data/lib/puppet/pops/types/puppet_object.rb +40 -0
- data/lib/puppet/pops/types/recursion_guard.rb +136 -0
- data/lib/puppet/pops/types/ruby_generator.rb +472 -0
- data/lib/puppet/pops/types/ruby_method.rb +31 -0
- data/lib/puppet/pops/types/string_converter.rb +1134 -0
- data/lib/puppet/pops/types/tree_iterators.rb +254 -0
- data/lib/puppet/pops/types/type_acceptor.rb +25 -0
- data/lib/puppet/pops/types/type_asserter.rb +47 -0
- data/lib/puppet/pops/types/type_assertion_error.rb +27 -0
- data/lib/puppet/pops/types/type_calculator.rb +822 -0
- data/lib/puppet/pops/types/type_conversion_error.rb +15 -0
- data/lib/puppet/pops/types/type_factory.rb +631 -0
- data/lib/puppet/pops/types/type_formatter.rb +801 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1096 -0
- data/lib/puppet/pops/types/type_parser.rb +683 -0
- data/lib/puppet/pops/types/type_set_reference.rb +59 -0
- data/lib/puppet/pops/types/type_with_members.rb +43 -0
- data/lib/puppet/pops/types/types.rb +3633 -0
- data/lib/puppet/pops/utils.rb +119 -0
- data/lib/puppet/pops/validation/checker4_0.rb +1148 -0
- data/lib/puppet/pops/validation/tasks_checker.rb +93 -0
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +45 -0
- data/lib/puppet/pops/validation.rb +459 -0
- data/lib/puppet/pops/visitable.rb +6 -0
- data/lib/puppet/pops/visitor.rb +122 -0
- data/lib/puppet/pops.rb +121 -0
- data/lib/puppet/property/boolean.rb +7 -0
- data/lib/puppet/property/ensure.rb +106 -0
- data/lib/puppet/property/keyvalue.rb +158 -0
- data/lib/puppet/property/list.rb +70 -0
- data/lib/puppet/property/ordered_list.rb +29 -0
- data/lib/puppet/property.rb +611 -0
- data/lib/puppet/provider/aix_object.rb +485 -0
- data/lib/puppet/provider/command.rb +25 -0
- data/lib/puppet/provider/confine.rb +6 -0
- data/lib/puppet/provider/exec/posix.rb +60 -0
- data/lib/puppet/provider/exec/shell.rb +25 -0
- data/lib/puppet/provider/exec/windows.rb +55 -0
- data/lib/puppet/provider/exec.rb +105 -0
- data/lib/puppet/provider/file/posix.rb +144 -0
- data/lib/puppet/provider/file/windows.rb +152 -0
- data/lib/puppet/provider/group/aix.rb +99 -0
- data/lib/puppet/provider/group/directoryservice.rb +22 -0
- data/lib/puppet/provider/group/groupadd.rb +174 -0
- data/lib/puppet/provider/group/ldap.rb +48 -0
- data/lib/puppet/provider/group/pw.rb +51 -0
- data/lib/puppet/provider/group/windows_adsi.rb +113 -0
- data/lib/puppet/provider/ldap.rb +141 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +512 -0
- data/lib/puppet/provider/nameservice/objectadd.rb +22 -0
- data/lib/puppet/provider/nameservice/pw.rb +21 -0
- data/lib/puppet/provider/nameservice.rb +293 -0
- data/lib/puppet/provider/network_device.rb +74 -0
- data/lib/puppet/provider/package/aix.rb +169 -0
- data/lib/puppet/provider/package/appdmg.rb +111 -0
- data/lib/puppet/provider/package/apple.rb +47 -0
- data/lib/puppet/provider/package/apt.rb +262 -0
- data/lib/puppet/provider/package/aptitude.rb +35 -0
- data/lib/puppet/provider/package/aptrpm.rb +83 -0
- data/lib/puppet/provider/package/blastwave.rb +112 -0
- data/lib/puppet/provider/package/dnf.rb +50 -0
- data/lib/puppet/provider/package/dnfmodule.rb +141 -0
- data/lib/puppet/provider/package/dpkg.rb +192 -0
- data/lib/puppet/provider/package/fink.rb +97 -0
- data/lib/puppet/provider/package/freebsd.rb +47 -0
- data/lib/puppet/provider/package/gem.rb +293 -0
- data/lib/puppet/provider/package/hpux.rb +44 -0
- data/lib/puppet/provider/package/macports.rb +110 -0
- data/lib/puppet/provider/package/nim.rb +291 -0
- data/lib/puppet/provider/package/openbsd.rb +260 -0
- data/lib/puppet/provider/package/opkg.rb +82 -0
- data/lib/puppet/provider/package/pacman.rb +273 -0
- data/lib/puppet/provider/package/pip.rb +346 -0
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pip3.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +295 -0
- data/lib/puppet/provider/package/pkgdmg.rb +153 -0
- data/lib/puppet/provider/package/pkgin.rb +87 -0
- data/lib/puppet/provider/package/pkgng.rb +173 -0
- data/lib/puppet/provider/package/pkgutil.rb +187 -0
- data/lib/puppet/provider/package/portage.rb +310 -0
- data/lib/puppet/provider/package/ports.rb +91 -0
- data/lib/puppet/provider/package/portupgrade.rb +240 -0
- data/lib/puppet/provider/package/puppet_gem.rb +34 -0
- data/lib/puppet/provider/package/puppetserver_gem.rb +171 -0
- data/lib/puppet/provider/package/rpm.rb +250 -0
- data/lib/puppet/provider/package/rug.rb +51 -0
- data/lib/puppet/provider/package/sun.rb +133 -0
- data/lib/puppet/provider/package/sunfreeware.rb +9 -0
- data/lib/puppet/provider/package/tdnf.rb +28 -0
- data/lib/puppet/provider/package/up2date.rb +40 -0
- data/lib/puppet/provider/package/urpmi.rb +55 -0
- data/lib/puppet/provider/package/windows/exe_package.rb +106 -0
- data/lib/puppet/provider/package/windows/msi_package.rb +70 -0
- data/lib/puppet/provider/package/windows/package.rb +110 -0
- data/lib/puppet/provider/package/windows.rb +130 -0
- data/lib/puppet/provider/package/yum.rb +387 -0
- data/lib/puppet/provider/package/zypper.rb +206 -0
- data/lib/puppet/provider/package.rb +59 -0
- data/lib/puppet/provider/package_targetable.rb +69 -0
- data/lib/puppet/provider/parsedfile.rb +490 -0
- data/lib/puppet/provider/service/base.rb +139 -0
- data/lib/puppet/provider/service/bsd.rb +51 -0
- data/lib/puppet/provider/service/daemontools.rb +193 -0
- data/lib/puppet/provider/service/debian.rb +75 -0
- data/lib/puppet/provider/service/freebsd.rb +143 -0
- data/lib/puppet/provider/service/gentoo.rb +45 -0
- data/lib/puppet/provider/service/init.rb +192 -0
- data/lib/puppet/provider/service/launchd.rb +384 -0
- data/lib/puppet/provider/service/openbsd.rb +100 -0
- data/lib/puppet/provider/service/openrc.rb +71 -0
- data/lib/puppet/provider/service/openwrt.rb +36 -0
- data/lib/puppet/provider/service/rcng.rb +51 -0
- data/lib/puppet/provider/service/redhat.rb +72 -0
- data/lib/puppet/provider/service/runit.rb +106 -0
- data/lib/puppet/provider/service/service.rb +68 -0
- data/lib/puppet/provider/service/smf.rb +317 -0
- data/lib/puppet/provider/service/src.rb +147 -0
- data/lib/puppet/provider/service/systemd.rb +232 -0
- data/lib/puppet/provider/service/upstart.rb +385 -0
- data/lib/puppet/provider/service/windows.rb +182 -0
- data/lib/puppet/provider/user/aix.rb +361 -0
- data/lib/puppet/provider/user/directoryservice.rb +680 -0
- data/lib/puppet/provider/user/hpux.rb +95 -0
- data/lib/puppet/provider/user/ldap.rb +132 -0
- data/lib/puppet/provider/user/openbsd.rb +77 -0
- data/lib/puppet/provider/user/pw.rb +108 -0
- data/lib/puppet/provider/user/user_role_add.rb +239 -0
- data/lib/puppet/provider/user/useradd.rb +406 -0
- data/lib/puppet/provider/user/windows_adsi.rb +172 -0
- data/lib/puppet/provider.rb +612 -0
- data/lib/puppet/reference/configuration.rb +97 -0
- data/lib/puppet/reference/function.rb +17 -0
- data/lib/puppet/reference/indirection.rb +71 -0
- data/lib/puppet/reference/metaparameter.rb +33 -0
- data/lib/puppet/reference/providers.rb +117 -0
- data/lib/puppet/reference/report.rb +20 -0
- data/lib/puppet/reference/type.rb +109 -0
- data/lib/puppet/relationship.rb +84 -0
- data/lib/puppet/reports/http.rb +44 -0
- data/lib/puppet/reports/log.rb +14 -0
- data/lib/puppet/reports/store.rb +68 -0
- data/lib/puppet/reports.rb +93 -0
- data/lib/puppet/resource/catalog.rb +654 -0
- data/lib/puppet/resource/status.rb +229 -0
- data/lib/puppet/resource/type.rb +425 -0
- data/lib/puppet/resource/type_collection.rb +231 -0
- data/lib/puppet/resource.rb +663 -0
- data/lib/puppet/runtime.rb +65 -0
- data/lib/puppet/scheduler/job.rb +53 -0
- data/lib/puppet/scheduler/scheduler.rb +44 -0
- data/lib/puppet/scheduler/splay_job.rb +32 -0
- data/lib/puppet/scheduler/timer.rb +13 -0
- data/lib/puppet/scheduler.rb +16 -0
- data/lib/puppet/settings/alias_setting.rb +37 -0
- data/lib/puppet/settings/array_setting.rb +17 -0
- data/lib/puppet/settings/autosign_setting.rb +22 -0
- data/lib/puppet/settings/base_setting.rb +223 -0
- data/lib/puppet/settings/boolean_setting.rb +32 -0
- data/lib/puppet/settings/certificate_revocation_setting.rb +21 -0
- data/lib/puppet/settings/config_file.rb +146 -0
- data/lib/puppet/settings/directory_setting.rb +18 -0
- data/lib/puppet/settings/duration_setting.rb +32 -0
- data/lib/puppet/settings/enum_setting.rb +16 -0
- data/lib/puppet/settings/environment_conf.rb +224 -0
- data/lib/puppet/settings/errors.rb +11 -0
- data/lib/puppet/settings/file_or_directory_setting.rb +40 -0
- data/lib/puppet/settings/file_setting.rb +241 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/settings/ini_file.rb +226 -0
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/path_setting.rb +8 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +43 -0
- data/lib/puppet/settings/server_list_setting.rb +29 -0
- data/lib/puppet/settings/string_setting.rb +9 -0
- data/lib/puppet/settings/symbolic_enum_setting.rb +17 -0
- data/lib/puppet/settings/terminus_setting.rb +14 -0
- data/lib/puppet/settings/ttl_setting.rb +51 -0
- data/lib/puppet/settings/value_translator.rb +14 -0
- data/lib/puppet/settings.rb +1642 -0
- data/lib/puppet/ssl/base.rb +149 -0
- data/lib/puppet/ssl/certificate.rb +96 -0
- data/lib/puppet/ssl/certificate_request.rb +324 -0
- data/lib/puppet/ssl/certificate_request_attributes.rb +37 -0
- data/lib/puppet/ssl/certificate_signer.rb +39 -0
- data/lib/puppet/ssl/digest.rb +20 -0
- data/lib/puppet/ssl/error.rb +26 -0
- data/lib/puppet/ssl/oids.rb +197 -0
- data/lib/puppet/ssl/openssl_loader.rb +24 -0
- data/lib/puppet/ssl/ssl_context.rb +25 -0
- data/lib/puppet/ssl/ssl_provider.rb +350 -0
- data/lib/puppet/ssl/state_machine.rb +474 -0
- data/lib/puppet/ssl/verifier.rb +142 -0
- data/lib/puppet/ssl.rb +23 -0
- data/lib/puppet/syntax_checkers/base64.rb +40 -0
- data/lib/puppet/syntax_checkers/epp.rb +34 -0
- data/lib/puppet/syntax_checkers/json.rb +35 -0
- data/lib/puppet/syntax_checkers/pp.rb +34 -0
- data/lib/puppet/syntax_checkers.rb +3 -0
- data/lib/puppet/test/test_helper.rb +265 -0
- data/lib/puppet/thread_local.rb +4 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +220 -0
- data/lib/puppet/transaction/event.rb +168 -0
- data/lib/puppet/transaction/event_manager.rb +179 -0
- data/lib/puppet/transaction/persistence.rb +119 -0
- data/lib/puppet/transaction/report.rb +504 -0
- data/lib/puppet/transaction/resource_harness.rb +323 -0
- data/lib/puppet/transaction.rb +491 -0
- data/lib/puppet/trusted_external.rb +41 -0
- data/lib/puppet/type/component.rb +89 -0
- data/lib/puppet/type/exec.rb +720 -0
- data/lib/puppet/type/file/checksum.rb +50 -0
- data/lib/puppet/type/file/checksum_value.rb +54 -0
- data/lib/puppet/type/file/content.rb +176 -0
- data/lib/puppet/type/file/ctime.rb +21 -0
- data/lib/puppet/type/file/data_sync.rb +98 -0
- data/lib/puppet/type/file/ensure.rb +195 -0
- data/lib/puppet/type/file/group.rb +48 -0
- data/lib/puppet/type/file/mode.rb +189 -0
- data/lib/puppet/type/file/mtime.rb +19 -0
- data/lib/puppet/type/file/owner.rb +51 -0
- data/lib/puppet/type/file/selcontext.rb +142 -0
- data/lib/puppet/type/file/source.rb +379 -0
- data/lib/puppet/type/file/target.rb +88 -0
- data/lib/puppet/type/file/type.rb +20 -0
- data/lib/puppet/type/file.rb +1133 -0
- data/lib/puppet/type/filebucket.rb +121 -0
- data/lib/puppet/type/group.rb +237 -0
- data/lib/puppet/type/notify.rb +47 -0
- data/lib/puppet/type/package.rb +713 -0
- data/lib/puppet/type/resources.rb +187 -0
- data/lib/puppet/type/schedule.rb +441 -0
- data/lib/puppet/type/service.rb +309 -0
- data/lib/puppet/type/stage.rb +27 -0
- data/lib/puppet/type/tidy.rb +376 -0
- data/lib/puppet/type/user.rb +859 -0
- data/lib/puppet/type/whit.rb +34 -0
- data/lib/puppet/type.rb +2676 -0
- data/lib/puppet/util/at_fork/noop.rb +18 -0
- data/lib/puppet/util/at_fork/solaris.rb +160 -0
- data/lib/puppet/util/at_fork.rb +35 -0
- data/lib/puppet/util/autoload.rb +215 -0
- data/lib/puppet/util/backups.rb +86 -0
- data/lib/puppet/util/character_encoding.rb +80 -0
- data/lib/puppet/util/checksums.rb +376 -0
- data/lib/puppet/util/classgen.rb +228 -0
- data/lib/puppet/util/colors.rb +100 -0
- data/lib/puppet/util/command_line/puppet_option_parser.rb +87 -0
- data/lib/puppet/util/command_line/trollop.rb +825 -0
- data/lib/puppet/util/command_line.rb +196 -0
- data/lib/puppet/util/constant_inflector.rb +24 -0
- data/lib/puppet/util/diff.rb +81 -0
- data/lib/puppet/util/docs.rb +128 -0
- data/lib/puppet/util/errors.rb +159 -0
- data/lib/puppet/util/execution.rb +424 -0
- data/lib/puppet/util/execution_stub.rb +26 -0
- data/lib/puppet/util/feature.rb +129 -0
- data/lib/puppet/util/file_watcher.rb +28 -0
- data/lib/puppet/util/fileparsing.rb +408 -0
- data/lib/puppet/util/filetype.rb +358 -0
- data/lib/puppet/util/http_proxy.rb +4 -0
- data/lib/puppet/util/inifile.rb +340 -0
- data/lib/puppet/util/instance_loader.rb +66 -0
- data/lib/puppet/util/json.rb +92 -0
- data/lib/puppet/util/json_lockfile.rb +44 -0
- data/lib/puppet/util/ldap/connection.rb +73 -0
- data/lib/puppet/util/ldap/generator.rb +42 -0
- data/lib/puppet/util/ldap/manager.rb +284 -0
- data/lib/puppet/util/ldap.rb +2 -0
- data/lib/puppet/util/libuser.conf +15 -0
- data/lib/puppet/util/libuser.rb +12 -0
- data/lib/puppet/util/limits.rb +12 -0
- data/lib/puppet/util/lockfile.rb +66 -0
- data/lib/puppet/util/log/destination.rb +49 -0
- data/lib/puppet/util/log/destinations.rb +253 -0
- data/lib/puppet/util/log.rb +427 -0
- data/lib/puppet/util/logging.rb +300 -0
- data/lib/puppet/util/metaid.rb +21 -0
- data/lib/puppet/util/metric.rb +65 -0
- data/lib/puppet/util/monkey_patches.rb +122 -0
- data/lib/puppet/util/multi_match.rb +51 -0
- data/lib/puppet/util/network_device/base.rb +23 -0
- data/lib/puppet/util/network_device/config.rb +105 -0
- data/lib/puppet/util/network_device/transport/base.rb +26 -0
- data/lib/puppet/util/network_device/transport.rb +5 -0
- data/lib/puppet/util/network_device.rb +17 -0
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/package.rb +40 -0
- data/lib/puppet/util/pidlock.rb +102 -0
- data/lib/puppet/util/platform.rb +70 -0
- data/lib/puppet/util/plist.rb +161 -0
- data/lib/puppet/util/posix.rb +203 -0
- data/lib/puppet/util/profiler/aggregate.rb +85 -0
- data/lib/puppet/util/profiler/around_profiler.rb +67 -0
- data/lib/puppet/util/profiler/logging.rb +48 -0
- data/lib/puppet/util/profiler/object_counts.rb +17 -0
- data/lib/puppet/util/profiler/wall_clock.rb +35 -0
- data/lib/puppet/util/profiler.rb +53 -0
- data/lib/puppet/util/provider_features.rb +179 -0
- data/lib/puppet/util/psych_support.rb +30 -0
- data/lib/puppet/util/rdoc/code_objects.rb +295 -0
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +912 -0
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +1085 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +259 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
- data/lib/puppet/util/rdoc/parser.rb +12 -0
- data/lib/puppet/util/rdoc.rb +53 -0
- data/lib/puppet/util/reference.rb +119 -0
- data/lib/puppet/util/resource_template.rb +61 -0
- data/lib/puppet/util/retry_action.rb +46 -0
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/rubygems.rb +67 -0
- data/lib/puppet/util/run_mode.rb +122 -0
- data/lib/puppet/util/selinux.rb +297 -0
- data/lib/puppet/util/skip_tags.rb +13 -0
- data/lib/puppet/util/splayer.rb +18 -0
- data/lib/puppet/util/storage.rb +100 -0
- data/lib/puppet/util/suidmanager.rb +166 -0
- data/lib/puppet/util/symbolic_file_mode.rb +156 -0
- data/lib/puppet/util/tag_set.rb +27 -0
- data/lib/puppet/util/tagging.rb +132 -0
- data/lib/puppet/util/terminal.rb +16 -0
- data/lib/puppet/util/user_attr.rb +21 -0
- data/lib/puppet/util/warnings.rb +31 -0
- data/lib/puppet/util/watched_file.rb +37 -0
- data/lib/puppet/util/watcher/change_watcher.rb +33 -0
- data/lib/puppet/util/watcher/periodic_watcher.rb +37 -0
- data/lib/puppet/util/watcher/timer.rb +19 -0
- data/lib/puppet/util/watcher.rb +17 -0
- data/lib/puppet/util/windows/access_control_entry.rb +84 -0
- data/lib/puppet/util/windows/access_control_list.rb +113 -0
- data/lib/puppet/util/windows/adsi.rb +654 -0
- data/lib/puppet/util/windows/com.rb +225 -0
- data/lib/puppet/util/windows/daemon.rb +343 -0
- data/lib/puppet/util/windows/error.rb +84 -0
- data/lib/puppet/util/windows/eventlog.rb +187 -0
- data/lib/puppet/util/windows/file.rb +355 -0
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +201 -0
- data/lib/puppet/util/windows/process.rb +364 -0
- data/lib/puppet/util/windows/registry.rb +441 -0
- data/lib/puppet/util/windows/root_certs.rb +108 -0
- data/lib/puppet/util/windows/security.rb +907 -0
- data/lib/puppet/util/windows/security_descriptor.rb +62 -0
- data/lib/puppet/util/windows/service.rb +696 -0
- data/lib/puppet/util/windows/sid.rb +289 -0
- data/lib/puppet/util/windows/string.rb +15 -0
- data/lib/puppet/util/windows/user.rb +550 -0
- data/lib/puppet/util/windows.rb +51 -0
- data/lib/puppet/util/yaml.rb +65 -0
- data/lib/puppet/util.rb +808 -0
- data/lib/puppet/vendor/require_vendored.rb +4 -0
- data/lib/puppet/vendor.rb +57 -0
- data/lib/puppet/version.rb +95 -0
- data/lib/puppet/x509/cert_provider.rb +369 -0
- data/lib/puppet/x509/pem_store.rb +55 -0
- data/lib/puppet/x509.rb +11 -0
- data/lib/puppet.rb +345 -0
- data/lib/puppet_pal.rb +8 -0
- data/lib/puppet_x.rb +14 -0
- data/locales/config.yaml +29 -0
- data/locales/en/puppet.po +19 -0
- data/locales/puppet.pot +20 -0
- data/man/man5/puppet.conf.5 +2198 -0
- data/man/man8/puppet-agent.8 +203 -0
- data/man/man8/puppet-apply.8 +100 -0
- data/man/man8/puppet-catalog.8 +291 -0
- data/man/man8/puppet-config.8 +151 -0
- data/man/man8/puppet-describe.8 +51 -0
- data/man/man8/puppet-device.8 +119 -0
- data/man/man8/puppet-doc.8 +46 -0
- data/man/man8/puppet-epp.8 +377 -0
- data/man/man8/puppet-facts.8 +234 -0
- data/man/man8/puppet-filebucket.8 +166 -0
- data/man/man8/puppet-generate.8 +84 -0
- data/man/man8/puppet-help.8 +67 -0
- data/man/man8/puppet-lookup.8 +107 -0
- data/man/man8/puppet-module.8 +325 -0
- data/man/man8/puppet-node.8 +163 -0
- data/man/man8/puppet-parser.8 +130 -0
- data/man/man8/puppet-plugin.8 +73 -0
- data/man/man8/puppet-report.8 +127 -0
- data/man/man8/puppet-resource.8 +88 -0
- data/man/man8/puppet-script.8 +70 -0
- data/man/man8/puppet-ssl.8 +63 -0
- data/man/man8/puppet.8 +28 -0
- data/tasks/benchmark.rake +180 -0
- data/tasks/ci.rake +24 -0
- data/tasks/generate_ast_model.rake +90 -0
- data/tasks/generate_cert_fixtures.rake +194 -0
- data/tasks/manpages.rake +67 -0
- data/tasks/memwalk.rake +195 -0
- data/tasks/parallel.rake +410 -0
- data/tasks/parser.rake +22 -0
- data/tasks/yard.rake +59 -0
- metadata +1324 -0
@@ -0,0 +1,197 @@
|
|
1
|
+
require_relative '../../puppet/ssl'
|
2
|
+
|
3
|
+
# This module defines OIDs for use within Puppet.
|
4
|
+
#
|
5
|
+
# # ASN.1 Definition
|
6
|
+
#
|
7
|
+
# The following is the formal definition of OIDs specified in this file.
|
8
|
+
#
|
9
|
+
# ```
|
10
|
+
# puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
|
11
|
+
# dod(6) internet(1) private(4) enterprise(1) 34380 1}
|
12
|
+
#
|
13
|
+
# -- the tree under registeredExtensions 'belongs' to puppetlabs
|
14
|
+
# -- privateExtensions can be extended by enterprises to suit their own needs
|
15
|
+
# registeredExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 1 }
|
16
|
+
# privateExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 2 }
|
17
|
+
# authorizationExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 3 }
|
18
|
+
#
|
19
|
+
# -- subtree of common registered extensions
|
20
|
+
# -- The short names for these OIDs are intentionally lowercased and formatted
|
21
|
+
# -- since they may be exposed inside the Puppet DSL as variables.
|
22
|
+
# pp_uuid OBJECT IDENTIFIER ::= { registeredExtensions 1 }
|
23
|
+
# pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
|
24
|
+
# pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
|
25
|
+
# pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
|
26
|
+
# ```
|
27
|
+
#
|
28
|
+
# @api private
|
29
|
+
module Puppet::SSL::Oids
|
30
|
+
|
31
|
+
# Note: When updating the following OIDs make sure to also update the OID
|
32
|
+
# definitions here:
|
33
|
+
# https://github.com/puppetlabs/puppetserver/blob/master/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L122-L159
|
34
|
+
|
35
|
+
PUPPET_OIDS = [
|
36
|
+
["1.3.6.1.4.1.34380", 'puppetlabs', 'Puppet Labs'],
|
37
|
+
["1.3.6.1.4.1.34380.1", 'ppCertExt', 'Puppet Certificate Extension'],
|
38
|
+
|
39
|
+
["1.3.6.1.4.1.34380.1.1", 'ppRegCertExt', 'Puppet Registered Certificate Extension'],
|
40
|
+
|
41
|
+
["1.3.6.1.4.1.34380.1.1.1", 'pp_uuid', 'Puppet Node UUID'],
|
42
|
+
["1.3.6.1.4.1.34380.1.1.2", 'pp_instance_id', 'Puppet Node Instance ID'],
|
43
|
+
["1.3.6.1.4.1.34380.1.1.3", 'pp_image_name', 'Puppet Node Image Name'],
|
44
|
+
["1.3.6.1.4.1.34380.1.1.4", 'pp_preshared_key', 'Puppet Node Preshared Key'],
|
45
|
+
["1.3.6.1.4.1.34380.1.1.5", 'pp_cost_center', 'Puppet Node Cost Center Name'],
|
46
|
+
["1.3.6.1.4.1.34380.1.1.6", 'pp_product', 'Puppet Node Product Name'],
|
47
|
+
["1.3.6.1.4.1.34380.1.1.7", 'pp_project', 'Puppet Node Project Name'],
|
48
|
+
["1.3.6.1.4.1.34380.1.1.8", 'pp_application', 'Puppet Node Application Name'],
|
49
|
+
["1.3.6.1.4.1.34380.1.1.9", 'pp_service', 'Puppet Node Service Name'],
|
50
|
+
["1.3.6.1.4.1.34380.1.1.10", 'pp_employee', 'Puppet Node Employee Name'],
|
51
|
+
["1.3.6.1.4.1.34380.1.1.11", 'pp_created_by', 'Puppet Node created_by Tag'],
|
52
|
+
["1.3.6.1.4.1.34380.1.1.12", 'pp_environment', 'Puppet Node Environment Name'],
|
53
|
+
["1.3.6.1.4.1.34380.1.1.13", 'pp_role', 'Puppet Node Role Name'],
|
54
|
+
["1.3.6.1.4.1.34380.1.1.14", 'pp_software_version', 'Puppet Node Software Version'],
|
55
|
+
["1.3.6.1.4.1.34380.1.1.15", 'pp_department', 'Puppet Node Department Name'],
|
56
|
+
["1.3.6.1.4.1.34380.1.1.16", 'pp_cluster', 'Puppet Node Cluster Name'],
|
57
|
+
["1.3.6.1.4.1.34380.1.1.17", 'pp_provisioner', 'Puppet Node Provisioner Name'],
|
58
|
+
["1.3.6.1.4.1.34380.1.1.18", 'pp_region', 'Puppet Node Region Name'],
|
59
|
+
["1.3.6.1.4.1.34380.1.1.19", 'pp_datacenter', 'Puppet Node Datacenter Name'],
|
60
|
+
["1.3.6.1.4.1.34380.1.1.20", 'pp_zone', 'Puppet Node Zone Name'],
|
61
|
+
["1.3.6.1.4.1.34380.1.1.21", 'pp_network', 'Puppet Node Network Name'],
|
62
|
+
["1.3.6.1.4.1.34380.1.1.22", 'pp_securitypolicy', 'Puppet Node Security Policy Name'],
|
63
|
+
["1.3.6.1.4.1.34380.1.1.23", 'pp_cloudplatform', 'Puppet Node Cloud Platform Name'],
|
64
|
+
["1.3.6.1.4.1.34380.1.1.24", 'pp_apptier', 'Puppet Node Application Tier'],
|
65
|
+
["1.3.6.1.4.1.34380.1.1.25", 'pp_hostname', 'Puppet Node Hostname'],
|
66
|
+
["1.3.6.1.4.1.34380.1.1.26", 'pp_owner', 'Puppet Node Owner'],
|
67
|
+
|
68
|
+
["1.3.6.1.4.1.34380.1.2", 'ppPrivCertExt', 'Puppet Private Certificate Extension'],
|
69
|
+
|
70
|
+
["1.3.6.1.4.1.34380.1.3", 'ppAuthCertExt', 'Puppet Certificate Authorization Extension'],
|
71
|
+
|
72
|
+
["1.3.6.1.4.1.34380.1.3.1", 'pp_authorization', 'Certificate Extension Authorization'],
|
73
|
+
["1.3.6.1.4.1.34380.1.3.13", 'pp_auth_role', 'Puppet Node Role Name for Authorization'],
|
74
|
+
["1.3.6.1.4.1.34380.1.3.39", 'pp_cli_auth', 'Puppetserver CA CLI Authorization'],
|
75
|
+
]
|
76
|
+
|
77
|
+
@did_register_puppet_oids = false
|
78
|
+
|
79
|
+
# Register our custom Puppet OIDs with OpenSSL so they can be used as CSR
|
80
|
+
# extensions. Without registering these OIDs, OpenSSL will fail when it
|
81
|
+
# encounters such an extension in a CSR.
|
82
|
+
def self.register_puppet_oids()
|
83
|
+
if !@did_register_puppet_oids
|
84
|
+
PUPPET_OIDS.each do |oid_defn|
|
85
|
+
OpenSSL::ASN1::ObjectId.register(*oid_defn)
|
86
|
+
end
|
87
|
+
|
88
|
+
@did_register_puppet_oids = true
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
# Parse custom OID mapping file that enables custom OIDs to be resolved
|
93
|
+
# into user-friendly names.
|
94
|
+
#
|
95
|
+
# @param custom_oid_file [String] File to obtain custom OIDs mapping from
|
96
|
+
# @param map_key [String] Hash key in which custom OIDs mapping is stored
|
97
|
+
#
|
98
|
+
# @example Custom OID mapping file
|
99
|
+
# ---
|
100
|
+
# oid_mapping:
|
101
|
+
# '1.3.6.1.4.1.34380.1.2.1.1':
|
102
|
+
# shortname : 'myshortname'
|
103
|
+
# longname : 'Long name'
|
104
|
+
# '1.3.6.1.4.1.34380.1.2.1.2':
|
105
|
+
# shortname: 'myothershortname'
|
106
|
+
# longname: 'Other Long name'
|
107
|
+
def self.parse_custom_oid_file(custom_oid_file, map_key='oid_mapping')
|
108
|
+
if File.exist?(custom_oid_file) && File.readable?(custom_oid_file)
|
109
|
+
mapping = nil
|
110
|
+
begin
|
111
|
+
mapping = Puppet::Util::Yaml.safe_load_file(custom_oid_file, [Symbol])
|
112
|
+
rescue => err
|
113
|
+
raise Puppet::Error, _("Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': %{err}") % { custom_oid_file: custom_oid_file, err: err }, err.backtrace
|
114
|
+
end
|
115
|
+
|
116
|
+
unless mapping.has_key?(map_key)
|
117
|
+
raise Puppet::Error, _("Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': no such index '%{map_key}'") % { custom_oid_file: custom_oid_file, map_key: map_key }
|
118
|
+
end
|
119
|
+
|
120
|
+
unless mapping[map_key].is_a?(Hash)
|
121
|
+
raise Puppet::Error, _("Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': data under index '%{map_key}' must be a Hash") % { custom_oid_file: custom_oid_file, map_key: map_key }
|
122
|
+
end
|
123
|
+
|
124
|
+
oid_defns = []
|
125
|
+
mapping[map_key].keys.each do |oid|
|
126
|
+
shortname, longname = mapping[map_key][oid].values_at("shortname","longname")
|
127
|
+
if shortname.nil? || longname.nil?
|
128
|
+
raise Puppet::Error, _("Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': incomplete definition of oid '%{oid}'") % { custom_oid_file: custom_oid_file, oid: oid }
|
129
|
+
end
|
130
|
+
oid_defns << [oid, shortname, longname]
|
131
|
+
end
|
132
|
+
|
133
|
+
oid_defns
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
# Load custom OID mapping file that enables custom OIDs to be resolved
|
138
|
+
# into user-friendly names.
|
139
|
+
#
|
140
|
+
# @param custom_oid_file [String] File to obtain custom OIDs mapping from
|
141
|
+
# @param map_key [String] Hash key in which custom OIDs mapping is stored
|
142
|
+
#
|
143
|
+
# @example Custom OID mapping file
|
144
|
+
# ---
|
145
|
+
# oid_mapping:
|
146
|
+
# '1.3.6.1.4.1.34380.1.2.1.1':
|
147
|
+
# shortname : 'myshortname'
|
148
|
+
# longname : 'Long name'
|
149
|
+
# '1.3.6.1.4.1.34380.1.2.1.2':
|
150
|
+
# shortname: 'myothershortname'
|
151
|
+
# longname: 'Other Long name'
|
152
|
+
def self.load_custom_oid_file(custom_oid_file, map_key='oid_mapping')
|
153
|
+
oid_defns = parse_custom_oid_file(custom_oid_file, map_key)
|
154
|
+
unless oid_defns.nil?
|
155
|
+
begin
|
156
|
+
oid_defns.each do |oid_defn|
|
157
|
+
OpenSSL::ASN1::ObjectId.register(*oid_defn)
|
158
|
+
end
|
159
|
+
rescue => err
|
160
|
+
raise ArgumentError, _("Error registering ssl custom OIDs mapping from file '%{custom_oid_file}': %{err}") % { custom_oid_file: custom_oid_file, err: err }, err.backtrace
|
161
|
+
end
|
162
|
+
end
|
163
|
+
end
|
164
|
+
|
165
|
+
# Determine if the first OID contains the second OID
|
166
|
+
#
|
167
|
+
# @param first [String] The containing OID, in dotted form or as the short name
|
168
|
+
# @param second [String] The contained OID, in dotted form or as the short name
|
169
|
+
# @param exclusive [true, false] If an OID should not be considered as a subtree of itself
|
170
|
+
#
|
171
|
+
# @example Comparing two dotted OIDs
|
172
|
+
# Puppet::SSL::Oids.subtree_of?('1.3.6.1', '1.3.6.1.4.1') #=> true
|
173
|
+
# Puppet::SSL::Oids.subtree_of?('1.3.6.1', '1.3.6') #=> false
|
174
|
+
#
|
175
|
+
# @example Comparing an OID short name with a dotted OID
|
176
|
+
# Puppet::SSL::Oids.subtree_of?('IANA', '1.3.6.1.4.1') #=> true
|
177
|
+
# Puppet::SSL::Oids.subtree_of?('1.3.6.1', 'enterprises') #=> true
|
178
|
+
#
|
179
|
+
# @example Comparing an OID against itself
|
180
|
+
# Puppet::SSL::Oids.subtree_of?('IANA', 'IANA') #=> true
|
181
|
+
# Puppet::SSL::Oids.subtree_of?('IANA', 'IANA', true) #=> false
|
182
|
+
#
|
183
|
+
# @return [true, false]
|
184
|
+
def self.subtree_of?(first, second, exclusive = false)
|
185
|
+
first_oid = OpenSSL::ASN1::ObjectId.new(first).oid
|
186
|
+
second_oid = OpenSSL::ASN1::ObjectId.new(second).oid
|
187
|
+
|
188
|
+
|
189
|
+
if exclusive and first_oid == second_oid
|
190
|
+
false
|
191
|
+
else
|
192
|
+
second_oid.index(first_oid) == 0
|
193
|
+
end
|
194
|
+
rescue OpenSSL::ASN1::ASN1Error, TypeError
|
195
|
+
false
|
196
|
+
end
|
197
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require_relative '../../puppet/util/platform'
|
2
|
+
|
3
|
+
# This file should be required instead of writing `require 'openssl'`
|
4
|
+
# or any library that loads openssl like `net/https`. This allows the
|
5
|
+
# core Puppet code to load correctly in JRuby environments that do not
|
6
|
+
# have a functioning openssl (eg a FIPS enabled one).
|
7
|
+
|
8
|
+
unless Puppet::Util::Platform.jruby_fips?
|
9
|
+
require 'openssl'
|
10
|
+
require 'net/https'
|
11
|
+
else
|
12
|
+
# Even in JRuby we need to define the constants that are wrapped in
|
13
|
+
# Indirections: Puppet::SSL::{Key, Certificate, CertificateRequest}
|
14
|
+
module OpenSSL
|
15
|
+
module PKey
|
16
|
+
class RSA; end
|
17
|
+
end
|
18
|
+
|
19
|
+
module X509
|
20
|
+
class Request; end
|
21
|
+
class Certificate; end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require_relative '../../puppet/ssl'
|
2
|
+
|
3
|
+
module Puppet::SSL
|
4
|
+
# The `keyword_init: true` option is no longer needed in Ruby >= 3.2
|
5
|
+
SSLContext = Struct.new(
|
6
|
+
:store,
|
7
|
+
:cacerts,
|
8
|
+
:crls,
|
9
|
+
:private_key,
|
10
|
+
:client_cert,
|
11
|
+
:client_chain,
|
12
|
+
:revocation,
|
13
|
+
:verify_peer,
|
14
|
+
keyword_init: true
|
15
|
+
) do
|
16
|
+
def initialize(*)
|
17
|
+
super
|
18
|
+
self[:cacerts] ||= []
|
19
|
+
self[:crls] ||= []
|
20
|
+
self[:client_chain] ||= []
|
21
|
+
self[:revocation] = true if self[:revocation].nil?
|
22
|
+
self[:verify_peer] = true if self[:verify_peer].nil?
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,350 @@
|
|
1
|
+
require_relative '../../puppet/ssl'
|
2
|
+
|
3
|
+
# SSL Provider creates `SSLContext` objects that can be used to create
|
4
|
+
# secure connections.
|
5
|
+
#
|
6
|
+
# @example To load an SSLContext from an existing private key and related certs/crls:
|
7
|
+
# ssl_context = provider.load_context
|
8
|
+
#
|
9
|
+
# @example To load an SSLContext from an existing password-protected private key and related certs/crls:
|
10
|
+
# ssl_context = provider.load_context(password: 'opensesame')
|
11
|
+
#
|
12
|
+
# @example To create an SSLContext from in-memory certs and keys:
|
13
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
14
|
+
# crls = [<OpenSSL::X509::CRL>]
|
15
|
+
# key = <OpenSSL::X509::PKey>
|
16
|
+
# cert = <OpenSSL::X509::Certificate>
|
17
|
+
# ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
|
18
|
+
#
|
19
|
+
# @example To create an SSLContext to connect to non-puppet HTTPS servers:
|
20
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
21
|
+
# ssl_context = provider.create_root_context(cacerts: cacerts)
|
22
|
+
#
|
23
|
+
# @api private
|
24
|
+
class Puppet::SSL::SSLProvider
|
25
|
+
# Create an insecure `SSLContext`. Connections made from the returned context
|
26
|
+
# will not authenticate the server, i.e. `VERIFY_NONE`, and are vulnerable to
|
27
|
+
# MITM. Do not call this method.
|
28
|
+
#
|
29
|
+
# @return [Puppet::SSL::SSLContext] A context to use to create connections
|
30
|
+
# @api private
|
31
|
+
def create_insecure_context
|
32
|
+
store = create_x509_store([], [], false)
|
33
|
+
|
34
|
+
Puppet::SSL::SSLContext.new(store: store, verify_peer: false).freeze
|
35
|
+
end
|
36
|
+
|
37
|
+
# Create an `SSLContext` using the trusted `cacerts` and optional `crls`.
|
38
|
+
# Connections made from the returned context will authenticate the server,
|
39
|
+
# i.e. `VERIFY_PEER`, but will not use a client certificate.
|
40
|
+
#
|
41
|
+
# The `crls` parameter must contain CRLs corresponding to each CA in `cacerts`
|
42
|
+
# depending on the `revocation` mode. See {#create_context}.
|
43
|
+
#
|
44
|
+
# @param cacerts [Array<OpenSSL::X509::Certificate>] Array of trusted CA certs
|
45
|
+
# @param crls [Array<OpenSSL::X509::CRL>] Array of CRLs
|
46
|
+
# @param revocation [:chain, :leaf, false] revocation mode
|
47
|
+
# @return [Puppet::SSL::SSLContext] A context to use to create connections
|
48
|
+
# @raise (see #create_context)
|
49
|
+
# @api private
|
50
|
+
def create_root_context(cacerts:, crls: [], revocation: Puppet[:certificate_revocation])
|
51
|
+
store = create_x509_store(cacerts, crls, revocation)
|
52
|
+
|
53
|
+
Puppet::SSL::SSLContext.new(store: store, cacerts: cacerts, crls: crls, revocation: revocation).freeze
|
54
|
+
end
|
55
|
+
|
56
|
+
# Create an `SSLContext` using the trusted `cacerts` and any certs in OpenSSL's
|
57
|
+
# default verify path locations. When running puppet as a gem, the location is
|
58
|
+
# system dependent. When running puppet from puppet-agent packages, the location
|
59
|
+
# refers to the cacerts bundle in the puppet-agent package.
|
60
|
+
#
|
61
|
+
# Connections made from the returned context will authenticate the server,
|
62
|
+
# i.e. `VERIFY_PEER`, but will not use a client certificate (unless requested)
|
63
|
+
# and will not perform revocation checking.
|
64
|
+
#
|
65
|
+
# @param cacerts [Array<OpenSSL::X509::Certificate>] Array of trusted CA certs
|
66
|
+
# @param path [String, nil] A file containing additional trusted CA certs.
|
67
|
+
# @param include_client_cert [true, false] If true, the client cert will be added to the context
|
68
|
+
# allowing mutual TLS authentication. The default is false. If the client cert doesn't exist
|
69
|
+
# then the option will be ignored.
|
70
|
+
# @return [Puppet::SSL::SSLContext] A context to use to create connections
|
71
|
+
# @raise (see #create_context)
|
72
|
+
# @api private
|
73
|
+
def create_system_context(cacerts:, path: Puppet[:ssl_trust_store], include_client_cert: false)
|
74
|
+
store = create_x509_store(cacerts, [], false, include_system_store: true)
|
75
|
+
|
76
|
+
if path
|
77
|
+
stat = Puppet::FileSystem.stat(path)
|
78
|
+
if stat
|
79
|
+
if stat.ftype == 'file'
|
80
|
+
# don't add empty files as ruby/openssl will raise
|
81
|
+
if stat.size > 0
|
82
|
+
begin
|
83
|
+
store.add_file(path)
|
84
|
+
rescue => e
|
85
|
+
Puppet.err(_("Failed to add '%{path}' as a trusted CA file: %{detail}" % { path: path, detail: e.message }, e))
|
86
|
+
end
|
87
|
+
end
|
88
|
+
else
|
89
|
+
Puppet.warning(_("The 'ssl_trust_store' setting does not refer to a file and will be ignored: '%{path}'" % { path: path }))
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
if include_client_cert
|
95
|
+
cert_provider = Puppet::X509::CertProvider.new
|
96
|
+
private_key = cert_provider.load_private_key(Puppet[:certname], required: false)
|
97
|
+
unless private_key
|
98
|
+
Puppet.warning("Private key for '#{Puppet[:certname]}' does not exist")
|
99
|
+
end
|
100
|
+
|
101
|
+
client_cert = cert_provider.load_client_cert(Puppet[:certname], required: false)
|
102
|
+
unless client_cert
|
103
|
+
Puppet.warning("Client certificate for '#{Puppet[:certname]}' does not exist")
|
104
|
+
end
|
105
|
+
|
106
|
+
if private_key && client_cert
|
107
|
+
client_chain = resolve_client_chain(store, client_cert, private_key)
|
108
|
+
|
109
|
+
return Puppet::SSL::SSLContext.new(
|
110
|
+
store: store, cacerts: cacerts, crls: [],
|
111
|
+
private_key: private_key, client_cert: client_cert, client_chain: client_chain,
|
112
|
+
revocation: false
|
113
|
+
).freeze
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
Puppet::SSL::SSLContext.new(store: store, cacerts: cacerts, crls: [], revocation: false).freeze
|
118
|
+
end
|
119
|
+
|
120
|
+
# Create an `SSLContext` using the trusted `cacerts`, `crls`, `private_key`,
|
121
|
+
# `client_cert`, and `revocation` mode. Connections made from the returned
|
122
|
+
# context will be mutually authenticated.
|
123
|
+
#
|
124
|
+
# The `crls` parameter must contain CRLs corresponding to each CA in `cacerts`
|
125
|
+
# depending on the `revocation` mode:
|
126
|
+
#
|
127
|
+
# * `:chain` - `crls` must contain a CRL for every CA in `cacerts`
|
128
|
+
# * `:leaf` - `crls` must contain (at least) the CRL for the leaf CA in `cacerts`
|
129
|
+
# * `false` - `crls` can be empty
|
130
|
+
#
|
131
|
+
# The `private_key` and public key from the `client_cert` must match.
|
132
|
+
#
|
133
|
+
# @param cacerts [Array<OpenSSL::X509::Certificate>] Array of trusted CA certs
|
134
|
+
# @param crls [Array<OpenSSL::X509::CRL>] Array of CRLs
|
135
|
+
# @param private_key [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] client's private key
|
136
|
+
# @param client_cert [OpenSSL::X509::Certificate] client's cert whose public
|
137
|
+
# key matches the `private_key`
|
138
|
+
# @param revocation [:chain, :leaf, false] revocation mode
|
139
|
+
# @param include_system_store [true, false] Also trust system CA
|
140
|
+
# @return [Puppet::SSL::SSLContext] A context to use to create connections
|
141
|
+
# @raise [Puppet::SSL::CertVerifyError] There was an issue with
|
142
|
+
# one of the certs or CRLs.
|
143
|
+
# @raise [Puppet::SSL::SSLError] There was an issue with the
|
144
|
+
# `private_key`.
|
145
|
+
# @api private
|
146
|
+
def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Puppet[:certificate_revocation], include_system_store: false)
|
147
|
+
raise ArgumentError, _("CA certs are missing") unless cacerts
|
148
|
+
raise ArgumentError, _("CRLs are missing") unless crls
|
149
|
+
raise ArgumentError, _("Private key is missing") unless private_key
|
150
|
+
raise ArgumentError, _("Client cert is missing") unless client_cert
|
151
|
+
|
152
|
+
store = create_x509_store(cacerts, crls, revocation, include_system_store: include_system_store)
|
153
|
+
client_chain = resolve_client_chain(store, client_cert, private_key)
|
154
|
+
|
155
|
+
Puppet::SSL::SSLContext.new(
|
156
|
+
store: store, cacerts: cacerts, crls: crls,
|
157
|
+
private_key: private_key, client_cert: client_cert, client_chain: client_chain,
|
158
|
+
revocation: revocation
|
159
|
+
).freeze
|
160
|
+
end
|
161
|
+
|
162
|
+
# Load an `SSLContext` using available certs and keys. An exception is raised
|
163
|
+
# if any component is missing or is invalid, such as a mismatched client cert
|
164
|
+
# and private key. Connections made from the returned context will be mutually
|
165
|
+
# authenticated.
|
166
|
+
#
|
167
|
+
# @param certname [String] Which cert & key to load
|
168
|
+
# @param revocation [:chain, :leaf, false] revocation mode
|
169
|
+
# @param password [String, nil] If the private key is encrypted, decrypt
|
170
|
+
# it using the password. If the key is encrypted, but a password is
|
171
|
+
# not specified, then the key cannot be loaded.
|
172
|
+
# @param include_system_store [true, false] Also trust system CA
|
173
|
+
# @return [Puppet::SSL::SSLContext] A context to use to create connections
|
174
|
+
# @raise [Puppet::SSL::CertVerifyError] There was an issue with
|
175
|
+
# one of the certs or CRLs.
|
176
|
+
# @raise [Puppet::Error] There was an issue with one of the required components.
|
177
|
+
# @api private
|
178
|
+
def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_revocation], password: nil, include_system_store: false)
|
179
|
+
cert = Puppet::X509::CertProvider.new
|
180
|
+
cacerts = cert.load_cacerts(required: true)
|
181
|
+
crls = case revocation
|
182
|
+
when :chain, :leaf
|
183
|
+
cert.load_crls(required: true)
|
184
|
+
else
|
185
|
+
[]
|
186
|
+
end
|
187
|
+
private_key = cert.load_private_key(certname, required: true, password: password)
|
188
|
+
client_cert = cert.load_client_cert(certname, required: true)
|
189
|
+
|
190
|
+
create_context(cacerts: cacerts, crls: crls, private_key: private_key, client_cert: client_cert, revocation: revocation, include_system_store: include_system_store)
|
191
|
+
rescue OpenSSL::PKey::PKeyError => e
|
192
|
+
raise Puppet::SSL::SSLError.new(_("Failed to load private key for host '%{name}': %{message}") % { name: certname, message: e.message }, e)
|
193
|
+
end
|
194
|
+
|
195
|
+
# Verify the `csr` was signed with a private key corresponding to the
|
196
|
+
# `public_key`. This ensures the CSR was signed by someone in possession
|
197
|
+
# of the private key, and that it hasn't been tampered with since.
|
198
|
+
#
|
199
|
+
# @param csr [OpenSSL::X509::Request] certificate signing request
|
200
|
+
# @param public_key [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] public key
|
201
|
+
# @raise [Puppet::SSL:SSLError] The private_key for the given `public_key` was
|
202
|
+
# not used to sign the CSR.
|
203
|
+
# @api private
|
204
|
+
def verify_request(csr, public_key)
|
205
|
+
unless csr.verify(public_key)
|
206
|
+
raise Puppet::SSL::SSLError, _("The CSR for host '%{name}' does not match the public key") % { name: subject(csr) }
|
207
|
+
end
|
208
|
+
|
209
|
+
csr
|
210
|
+
end
|
211
|
+
|
212
|
+
def print(ssl_context, alg = 'SHA256')
|
213
|
+
if Puppet::Util::Log.sendlevel?(:debug)
|
214
|
+
chain = ssl_context.client_chain
|
215
|
+
# print from root to client
|
216
|
+
chain.reverse.each_with_index do |cert, i|
|
217
|
+
digest = Puppet::SSL::Digest.new(alg, cert.to_der)
|
218
|
+
if i == chain.length - 1
|
219
|
+
Puppet.debug(_("Verified client certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_utf8, digest: digest})
|
220
|
+
else
|
221
|
+
Puppet.debug(_("Verified CA certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_utf8, digest: digest})
|
222
|
+
end
|
223
|
+
end
|
224
|
+
ssl_context.crls.each do |crl|
|
225
|
+
oid_values = Hash[crl.extensions.map { |ext| [ext.oid, ext.value] }]
|
226
|
+
crlNumber = oid_values['crlNumber'] || 'unknown'
|
227
|
+
authKeyId = (oid_values['authorityKeyIdentifier'] || 'unknown').chomp!
|
228
|
+
Puppet.debug("Using CRL '#{crl.issuer.to_utf8}' authorityKeyIdentifier '#{authKeyId}' crlNumber '#{crlNumber }'")
|
229
|
+
end
|
230
|
+
end
|
231
|
+
end
|
232
|
+
|
233
|
+
private
|
234
|
+
|
235
|
+
def default_flags
|
236
|
+
# checking the signature of the self-signed cert doesn't add any security,
|
237
|
+
# but it's a sanity check to make sure the cert isn't corrupt. This option
|
238
|
+
# is only available in openssl 1.1+
|
239
|
+
if defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE)
|
240
|
+
OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE
|
241
|
+
else
|
242
|
+
0
|
243
|
+
end
|
244
|
+
end
|
245
|
+
|
246
|
+
def create_x509_store(roots, crls, revocation, include_system_store: false)
|
247
|
+
store = OpenSSL::X509::Store.new
|
248
|
+
store.purpose = OpenSSL::X509::PURPOSE_ANY
|
249
|
+
store.flags = default_flags | revocation_mode(revocation)
|
250
|
+
|
251
|
+
roots.each { |cert| store.add_cert(cert) }
|
252
|
+
crls.each { |crl| store.add_crl(crl) }
|
253
|
+
|
254
|
+
store.set_default_paths if include_system_store
|
255
|
+
|
256
|
+
store
|
257
|
+
end
|
258
|
+
|
259
|
+
def subject(x509)
|
260
|
+
x509.subject.to_utf8
|
261
|
+
end
|
262
|
+
|
263
|
+
def issuer(x509)
|
264
|
+
x509.issuer.to_utf8
|
265
|
+
end
|
266
|
+
|
267
|
+
def revocation_mode(mode)
|
268
|
+
case mode
|
269
|
+
when false
|
270
|
+
0
|
271
|
+
when :leaf
|
272
|
+
OpenSSL::X509::V_FLAG_CRL_CHECK
|
273
|
+
else
|
274
|
+
# :chain is the default
|
275
|
+
OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
276
|
+
end
|
277
|
+
end
|
278
|
+
|
279
|
+
def resolve_client_chain(store, client_cert, private_key)
|
280
|
+
client_chain = verify_cert_with_store(store, client_cert)
|
281
|
+
|
282
|
+
if !private_key.is_a?(OpenSSL::PKey::RSA) && !private_key.is_a?(OpenSSL::PKey::EC)
|
283
|
+
raise Puppet::SSL::SSLError, _("Unsupported key '%{type}'") % { type: private_key.class.name }
|
284
|
+
end
|
285
|
+
|
286
|
+
unless client_cert.check_private_key(private_key)
|
287
|
+
raise Puppet::SSL::SSLError, _("The certificate for '%{name}' does not match its private key") % { name: subject(client_cert) }
|
288
|
+
end
|
289
|
+
|
290
|
+
client_chain
|
291
|
+
end
|
292
|
+
|
293
|
+
def verify_cert_with_store(store, cert)
|
294
|
+
# StoreContext#initialize accepts a chain argument, but it's set to [] because
|
295
|
+
# puppet requires any intermediate CA certs needed to complete the client's
|
296
|
+
# chain to be in the CA bundle that we downloaded from the server, and
|
297
|
+
# they've already been added to the store. See PUP-9500.
|
298
|
+
|
299
|
+
store_context = OpenSSL::X509::StoreContext.new(store, cert, [])
|
300
|
+
unless store_context.verify
|
301
|
+
current_cert = store_context.current_cert
|
302
|
+
|
303
|
+
# If the client cert's intermediate CA is not in the CA bundle, then warn,
|
304
|
+
# but don't error, because SSL allows the client to send an incomplete
|
305
|
+
# chain, and have the server resolve it.
|
306
|
+
if store_context.error == OpenSSL::X509::V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
|
307
|
+
Puppet.warning _("The issuer '%{issuer}' of certificate '%{subject}' cannot be found locally") % {
|
308
|
+
issuer: issuer(current_cert), subject: subject(current_cert)
|
309
|
+
}
|
310
|
+
else
|
311
|
+
raise_cert_verify_error(store_context, current_cert)
|
312
|
+
end
|
313
|
+
end
|
314
|
+
|
315
|
+
# resolved chain from leaf to root
|
316
|
+
store_context.chain
|
317
|
+
end
|
318
|
+
|
319
|
+
def raise_cert_verify_error(store_context, current_cert)
|
320
|
+
message =
|
321
|
+
case store_context.error
|
322
|
+
when OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID
|
323
|
+
_("The certificate '%{subject}' is not yet valid, verify time is synchronized") % { subject: subject(current_cert) }
|
324
|
+
when OpenSSL::X509::V_ERR_CERT_HAS_EXPIRED
|
325
|
+
_("The certificate '%{subject}' has expired, verify time is synchronized") % { subject: subject(current_cert) }
|
326
|
+
when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
|
327
|
+
_("The CRL issued by '%{issuer}' is not yet valid, verify time is synchronized") % { issuer: issuer(current_cert) }
|
328
|
+
when OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED
|
329
|
+
_("The CRL issued by '%{issuer}' has expired, verify time is synchronized") % { issuer: issuer(current_cert) }
|
330
|
+
when OpenSSL::X509::V_ERR_CERT_SIGNATURE_FAILURE
|
331
|
+
_("Invalid signature for certificate '%{subject}'") % { subject: subject(current_cert) }
|
332
|
+
when OpenSSL::X509::V_ERR_CRL_SIGNATURE_FAILURE
|
333
|
+
_("Invalid signature for CRL issued by '%{issuer}'") % { issuer: issuer(current_cert) }
|
334
|
+
when OpenSSL::X509::V_ERR_UNABLE_TO_GET_ISSUER_CERT
|
335
|
+
_("The issuer '%{issuer}' of certificate '%{subject}' is missing") % {
|
336
|
+
issuer: issuer(current_cert), subject: subject(current_cert) }
|
337
|
+
when OpenSSL::X509::V_ERR_UNABLE_TO_GET_CRL
|
338
|
+
_("The CRL issued by '%{issuer}' is missing") % { issuer: issuer(current_cert) }
|
339
|
+
when OpenSSL::X509::V_ERR_CERT_REVOKED
|
340
|
+
_("Certificate '%{subject}' is revoked") % { subject: subject(current_cert) }
|
341
|
+
else
|
342
|
+
# error_string is labeled ASCII-8BIT, but is encoded based on Encoding.default_external
|
343
|
+
err_utf8 = Puppet::Util::CharacterEncoding.convert_to_utf_8(store_context.error_string)
|
344
|
+
_("Certificate '%{subject}' failed verification (%{err}): %{err_utf8}") % {
|
345
|
+
subject: subject(current_cert), err: store_context.error, err_utf8: err_utf8 }
|
346
|
+
end
|
347
|
+
|
348
|
+
raise Puppet::SSL::CertVerifyError.new(message, store_context.error, current_cert)
|
349
|
+
end
|
350
|
+
end
|