openvox 7.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +15 -0
- data/CODEOWNERS +11 -0
- data/CODE_OF_CONDUCT.md +70 -0
- data/CONTRIBUTING.md +161 -0
- data/Gemfile +82 -0
- data/Guardfile.example +76 -0
- data/LICENSE +202 -0
- data/README.md +68 -0
- data/Rakefile +160 -0
- data/bin/puppet +9 -0
- data/conf/environment.conf +18 -0
- data/conf/fileserver.conf +32 -0
- data/conf/hiera.yaml +11 -0
- data/conf/puppet.conf +6 -0
- data/examples/enc/regexp_nodes/classes/databases +2 -0
- data/examples/enc/regexp_nodes/classes/webservers +2 -0
- data/examples/enc/regexp_nodes/environment/development +2 -0
- data/examples/enc/regexp_nodes/parameters/service/prod +1 -0
- data/examples/enc/regexp_nodes/parameters/service/qa +3 -0
- data/examples/enc/regexp_nodes/parameters/service/sandbox +1 -0
- data/examples/enc/regexp_nodes/regexp_nodes.rb +270 -0
- data/examples/hiera/README.md +91 -0
- data/examples/hiera/etc/hiera.yaml +15 -0
- data/examples/hiera/etc/hieradb/common.yaml +3 -0
- data/examples/hiera/etc/hieradb/dc1.yaml +6 -0
- data/examples/hiera/etc/hieradb/development.yaml +2 -0
- data/examples/hiera/etc/puppet.conf +3 -0
- data/examples/hiera/modules/data/manifests/common.pp +4 -0
- data/examples/hiera/modules/ntp/manifests/config.pp +6 -0
- data/examples/hiera/modules/ntp/manifests/data.pp +4 -0
- data/examples/hiera/modules/ntp/templates/ntp.conf.erb +3 -0
- data/examples/hiera/modules/users/manifests/common.pp +4 -0
- data/examples/hiera/modules/users/manifests/dc1.pp +4 -0
- data/examples/hiera/modules/users/manifests/development.pp +4 -0
- data/examples/hiera/site.pp +3 -0
- data/examples/nagios/check_puppet.rb +123 -0
- data/ext/README.md +13 -0
- data/ext/build_defaults.yaml +18 -0
- data/ext/debian/puppet.default +4 -0
- data/ext/debian/puppet.init +113 -0
- data/ext/hiera/hiera.yaml +15 -0
- data/ext/osx/puppet.plist +32 -0
- data/ext/project_data.yaml +20 -0
- data/ext/redhat/client.init +169 -0
- data/ext/redhat/client.sysconfig +2 -0
- data/ext/solaris/smf/puppet +44 -0
- data/ext/solaris/smf/puppet.xml +46 -0
- data/ext/suse/client.init +141 -0
- data/ext/systemd/puppet.service +26 -0
- data/ext/windows/puppet_interactive.bat +6 -0
- data/ext/windows/puppet_shell.bat +9 -0
- data/ext/windows/run_puppet_interactive.bat +9 -0
- data/ext/windows/service/daemon.bat +6 -0
- data/ext/windows/service/daemon.rb +225 -0
- data/install.rb +499 -0
- data/lib/hiera/puppet_function.rb +84 -0
- data/lib/hiera/scope.rb +90 -0
- data/lib/hiera_puppet.rb +80 -0
- data/lib/puppet/agent/disabler.rb +53 -0
- data/lib/puppet/agent/locker.rb +46 -0
- data/lib/puppet/agent.rb +176 -0
- data/lib/puppet/application/agent.rb +523 -0
- data/lib/puppet/application/apply.rb +428 -0
- data/lib/puppet/application/catalog.rb +4 -0
- data/lib/puppet/application/config.rb +5 -0
- data/lib/puppet/application/describe.rb +253 -0
- data/lib/puppet/application/device.rb +439 -0
- data/lib/puppet/application/doc.rb +233 -0
- data/lib/puppet/application/epp.rb +5 -0
- data/lib/puppet/application/face_base.rb +276 -0
- data/lib/puppet/application/facts.rb +9 -0
- data/lib/puppet/application/filebucket.rb +318 -0
- data/lib/puppet/application/generate.rb +5 -0
- data/lib/puppet/application/help.rb +5 -0
- data/lib/puppet/application/indirection_base.rb +4 -0
- data/lib/puppet/application/lookup.rb +433 -0
- data/lib/puppet/application/module.rb +4 -0
- data/lib/puppet/application/node.rb +4 -0
- data/lib/puppet/application/parser.rb +5 -0
- data/lib/puppet/application/plugin.rb +4 -0
- data/lib/puppet/application/report.rb +4 -0
- data/lib/puppet/application/resource.rb +254 -0
- data/lib/puppet/application/script.rb +264 -0
- data/lib/puppet/application/ssl.rb +323 -0
- data/lib/puppet/application.rb +596 -0
- data/lib/puppet/application_support.rb +68 -0
- data/lib/puppet/coercion.rb +40 -0
- data/lib/puppet/compilable_resource_type.rb +15 -0
- data/lib/puppet/concurrent/lock.rb +16 -0
- data/lib/puppet/concurrent/synchronized.rb +15 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +17 -0
- data/lib/puppet/concurrent.rb +2 -0
- data/lib/puppet/configurer/downloader.rb +85 -0
- data/lib/puppet/configurer/fact_handler.rb +50 -0
- data/lib/puppet/configurer/plugin_handler.rb +59 -0
- data/lib/puppet/configurer.rb +755 -0
- data/lib/puppet/confine/any.rb +26 -0
- data/lib/puppet/confine/boolean.rb +45 -0
- data/lib/puppet/confine/exists.rb +19 -0
- data/lib/puppet/confine/false.rb +25 -0
- data/lib/puppet/confine/feature.rb +17 -0
- data/lib/puppet/confine/true.rb +26 -0
- data/lib/puppet/confine/variable.rb +59 -0
- data/lib/puppet/confine.rb +83 -0
- data/lib/puppet/confine_collection.rb +51 -0
- data/lib/puppet/confiner.rb +46 -0
- data/lib/puppet/context/trusted_information.rb +120 -0
- data/lib/puppet/context.rb +188 -0
- data/lib/puppet/daemon.rb +182 -0
- data/lib/puppet/data_binding.rb +14 -0
- data/lib/puppet/datatypes/error.rb +21 -0
- data/lib/puppet/datatypes/impl/error.rb +40 -0
- data/lib/puppet/datatypes.rb +213 -0
- data/lib/puppet/defaults.rb +2277 -0
- data/lib/puppet/environments.rb +601 -0
- data/lib/puppet/error.rb +138 -0
- data/lib/puppet/etc.rb +180 -0
- data/lib/puppet/external/dot.rb +325 -0
- data/lib/puppet/external/pson/common.rb +374 -0
- data/lib/puppet/external/pson/pure/generator.rb +395 -0
- data/lib/puppet/external/pson/pure/parser.rb +308 -0
- data/lib/puppet/external/pson/pure.rb +15 -0
- data/lib/puppet/external/pson/version.rb +8 -0
- data/lib/puppet/face/catalog/select.rb +49 -0
- data/lib/puppet/face/catalog.rb +165 -0
- data/lib/puppet/face/config.rb +267 -0
- data/lib/puppet/face/epp.rb +566 -0
- data/lib/puppet/face/facts.rb +174 -0
- data/lib/puppet/face/generate.rb +66 -0
- data/lib/puppet/face/help/action.erb +90 -0
- data/lib/puppet/face/help/face.erb +115 -0
- data/lib/puppet/face/help/global.erb +16 -0
- data/lib/puppet/face/help/man.erb +152 -0
- data/lib/puppet/face/help.rb +242 -0
- data/lib/puppet/face/module/changes.rb +43 -0
- data/lib/puppet/face/module/install.rb +146 -0
- data/lib/puppet/face/module/list.rb +272 -0
- data/lib/puppet/face/module/uninstall.rb +89 -0
- data/lib/puppet/face/module/upgrade.rb +87 -0
- data/lib/puppet/face/module.rb +19 -0
- data/lib/puppet/face/node/clean.rb +107 -0
- data/lib/puppet/face/node.rb +43 -0
- data/lib/puppet/face/parser.rb +227 -0
- data/lib/puppet/face/plugin.rb +60 -0
- data/lib/puppet/face/report.rb +54 -0
- data/lib/puppet/face/resource.rb +53 -0
- data/lib/puppet/face.rb +12 -0
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/feature/base.rb +76 -0
- data/lib/puppet/feature/bolt.rb +3 -0
- data/lib/puppet/feature/cfpropertylist.rb +3 -0
- data/lib/puppet/feature/eventlog.rb +5 -0
- data/lib/puppet/feature/hiera_eyaml.rb +3 -0
- data/lib/puppet/feature/hocon.rb +3 -0
- data/lib/puppet/feature/libuser.rb +8 -0
- data/lib/puppet/feature/msgpack.rb +3 -0
- data/lib/puppet/feature/pe_license.rb +4 -0
- data/lib/puppet/feature/selinux.rb +3 -0
- data/lib/puppet/feature/ssh.rb +3 -0
- data/lib/puppet/feature/telnet.rb +9 -0
- data/lib/puppet/feature/zlib.rb +5 -0
- data/lib/puppet/ffi/posix/constants.rb +14 -0
- data/lib/puppet/ffi/posix/functions.rb +24 -0
- data/lib/puppet/ffi/posix.rb +10 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/file_bucket/dipper.rb +174 -0
- data/lib/puppet/file_bucket/file.rb +129 -0
- data/lib/puppet/file_bucket.rb +4 -0
- data/lib/puppet/file_serving/base.rb +86 -0
- data/lib/puppet/file_serving/configuration/parser.rb +113 -0
- data/lib/puppet/file_serving/configuration.rb +113 -0
- data/lib/puppet/file_serving/content.rb +43 -0
- data/lib/puppet/file_serving/fileset.rb +186 -0
- data/lib/puppet/file_serving/http_metadata.rb +62 -0
- data/lib/puppet/file_serving/metadata.rb +171 -0
- data/lib/puppet/file_serving/mount/file.rb +122 -0
- data/lib/puppet/file_serving/mount/locales.rb +35 -0
- data/lib/puppet/file_serving/mount/modules.rb +26 -0
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_serving/mount/plugins.rb +35 -0
- data/lib/puppet/file_serving/mount/scripts.rb +24 -0
- data/lib/puppet/file_serving/mount/tasks.rb +23 -0
- data/lib/puppet/file_serving/mount.rb +38 -0
- data/lib/puppet/file_serving/terminus_helper.rb +31 -0
- data/lib/puppet/file_serving/terminus_selector.rb +31 -0
- data/lib/puppet/file_serving.rb +3 -0
- data/lib/puppet/file_system/file_impl.rb +188 -0
- data/lib/puppet/file_system/jruby.rb +23 -0
- data/lib/puppet/file_system/memory_file.rb +79 -0
- data/lib/puppet/file_system/memory_impl.rb +99 -0
- data/lib/puppet/file_system/path_pattern.rb +93 -0
- data/lib/puppet/file_system/posix.rb +47 -0
- data/lib/puppet/file_system/uniquefile.rb +188 -0
- data/lib/puppet/file_system/windows.rb +213 -0
- data/lib/puppet/file_system.rb +419 -0
- data/lib/puppet/forge/cache.rb +60 -0
- data/lib/puppet/forge/errors.rb +114 -0
- data/lib/puppet/forge/repository.rb +95 -0
- data/lib/puppet/forge.rb +259 -0
- data/lib/puppet/functions/abs.rb +61 -0
- data/lib/puppet/functions/alert.rb +14 -0
- data/lib/puppet/functions/all.rb +104 -0
- data/lib/puppet/functions/annotate.rb +108 -0
- data/lib/puppet/functions/any.rb +109 -0
- data/lib/puppet/functions/assert_type.rb +93 -0
- data/lib/puppet/functions/binary_file.rb +32 -0
- data/lib/puppet/functions/break.rb +47 -0
- data/lib/puppet/functions/call.rb +80 -0
- data/lib/puppet/functions/camelcase.rb +62 -0
- data/lib/puppet/functions/capitalize.rb +61 -0
- data/lib/puppet/functions/ceiling.rb +37 -0
- data/lib/puppet/functions/chomp.rb +57 -0
- data/lib/puppet/functions/chop.rb +67 -0
- data/lib/puppet/functions/compare.rb +125 -0
- data/lib/puppet/functions/contain.rb +55 -0
- data/lib/puppet/functions/convert_to.rb +34 -0
- data/lib/puppet/functions/crit.rb +14 -0
- data/lib/puppet/functions/debug.rb +14 -0
- data/lib/puppet/functions/defined.rb +159 -0
- data/lib/puppet/functions/dig.rb +67 -0
- data/lib/puppet/functions/downcase.rb +89 -0
- data/lib/puppet/functions/each.rb +167 -0
- data/lib/puppet/functions/emerg.rb +14 -0
- data/lib/puppet/functions/empty.rb +85 -0
- data/lib/puppet/functions/epp.rb +49 -0
- data/lib/puppet/functions/err.rb +14 -0
- data/lib/puppet/functions/eyaml_lookup_key.rb +102 -0
- data/lib/puppet/functions/filter.rb +137 -0
- data/lib/puppet/functions/find_file.rb +44 -0
- data/lib/puppet/functions/find_template.rb +63 -0
- data/lib/puppet/functions/flatten.rb +64 -0
- data/lib/puppet/functions/floor.rb +37 -0
- data/lib/puppet/functions/get.rb +150 -0
- data/lib/puppet/functions/getvar.rb +87 -0
- data/lib/puppet/functions/group_by.rb +62 -0
- data/lib/puppet/functions/hiera.rb +89 -0
- data/lib/puppet/functions/hiera_array.rb +81 -0
- data/lib/puppet/functions/hiera_hash.rb +92 -0
- data/lib/puppet/functions/hiera_include.rb +104 -0
- data/lib/puppet/functions/hocon_data.rb +41 -0
- data/lib/puppet/functions/import.rb +7 -0
- data/lib/puppet/functions/include.rb +53 -0
- data/lib/puppet/functions/index.rb +167 -0
- data/lib/puppet/functions/info.rb +14 -0
- data/lib/puppet/functions/inline_epp.rb +60 -0
- data/lib/puppet/functions/join.rb +56 -0
- data/lib/puppet/functions/json_data.rb +33 -0
- data/lib/puppet/functions/keys.rb +25 -0
- data/lib/puppet/functions/length.rb +44 -0
- data/lib/puppet/functions/lest.rb +55 -0
- data/lib/puppet/functions/lookup.rb +224 -0
- data/lib/puppet/functions/lstrip.rb +58 -0
- data/lib/puppet/functions/map.rb +135 -0
- data/lib/puppet/functions/match.rb +130 -0
- data/lib/puppet/functions/max.rb +183 -0
- data/lib/puppet/functions/min.rb +182 -0
- data/lib/puppet/functions/module_directory.rb +41 -0
- data/lib/puppet/functions/new.rb +1011 -0
- data/lib/puppet/functions/next.rb +33 -0
- data/lib/puppet/functions/notice.rb +14 -0
- data/lib/puppet/functions/partition.rb +62 -0
- data/lib/puppet/functions/reduce.rb +162 -0
- data/lib/puppet/functions/regsubst.rb +101 -0
- data/lib/puppet/functions/require.rb +77 -0
- data/lib/puppet/functions/return.rb +15 -0
- data/lib/puppet/functions/reverse_each.rb +94 -0
- data/lib/puppet/functions/round.rb +24 -0
- data/lib/puppet/functions/rstrip.rb +58 -0
- data/lib/puppet/functions/scanf.rb +44 -0
- data/lib/puppet/functions/size.rb +15 -0
- data/lib/puppet/functions/slice.rb +124 -0
- data/lib/puppet/functions/sort.rb +74 -0
- data/lib/puppet/functions/split.rb +76 -0
- data/lib/puppet/functions/step.rb +98 -0
- data/lib/puppet/functions/strftime.rb +212 -0
- data/lib/puppet/functions/strip.rb +58 -0
- data/lib/puppet/functions/then.rb +77 -0
- data/lib/puppet/functions/tree_each.rb +197 -0
- data/lib/puppet/functions/type.rb +72 -0
- data/lib/puppet/functions/unique.rb +132 -0
- data/lib/puppet/functions/unwrap.rb +59 -0
- data/lib/puppet/functions/upcase.rb +89 -0
- data/lib/puppet/functions/values.rb +25 -0
- data/lib/puppet/functions/versioncmp.rb +40 -0
- data/lib/puppet/functions/warning.rb +14 -0
- data/lib/puppet/functions/with.rb +32 -0
- data/lib/puppet/functions/yaml_data.rb +45 -0
- data/lib/puppet/functions.rb +862 -0
- data/lib/puppet/generate/models/type/property.rb +70 -0
- data/lib/puppet/generate/models/type/type.rb +65 -0
- data/lib/puppet/generate/templates/type/pcore.erb +42 -0
- data/lib/puppet/generate/type.rb +249 -0
- data/lib/puppet/gettext/config.rb +275 -0
- data/lib/puppet/gettext/module_translations.rb +42 -0
- data/lib/puppet/gettext/stubs.rb +11 -0
- data/lib/puppet/graph/key.rb +26 -0
- data/lib/puppet/graph/prioritizer.rb +29 -0
- data/lib/puppet/graph/rb_tree_map.rb +388 -0
- data/lib/puppet/graph/relationship_graph.rb +284 -0
- data/lib/puppet/graph/sequential_prioritizer.rb +31 -0
- data/lib/puppet/graph/simple_graph.rb +546 -0
- data/lib/puppet/graph.rb +9 -0
- data/lib/puppet/http/client.rb +525 -0
- data/lib/puppet/http/dns.rb +159 -0
- data/lib/puppet/http/errors.rb +48 -0
- data/lib/puppet/http/external_client.rb +88 -0
- data/lib/puppet/http/factory.rb +51 -0
- data/lib/puppet/http/pool.rb +172 -0
- data/lib/puppet/http/pool_entry.rb +17 -0
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +85 -0
- data/lib/puppet/http/resolver/server_list.rb +87 -0
- data/lib/puppet/http/resolver/settings.rb +23 -0
- data/lib/puppet/http/resolver/srv.rb +41 -0
- data/lib/puppet/http/resolver.rb +48 -0
- data/lib/puppet/http/response.rb +102 -0
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +77 -0
- data/lib/puppet/http/service/ca.rb +101 -0
- data/lib/puppet/http/service/compiler.rb +353 -0
- data/lib/puppet/http/service/file_server.rb +198 -0
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +64 -0
- data/lib/puppet/http/service.rb +182 -0
- data/lib/puppet/http/session.rb +122 -0
- data/lib/puppet/http/site.rb +42 -0
- data/lib/puppet/http.rb +46 -0
- data/lib/puppet/indirector/catalog/compiler.rb +431 -0
- data/lib/puppet/indirector/catalog/json.rb +40 -0
- data/lib/puppet/indirector/catalog/msgpack.rb +6 -0
- data/lib/puppet/indirector/catalog/rest.rb +49 -0
- data/lib/puppet/indirector/catalog/store_configs.rb +8 -0
- data/lib/puppet/indirector/catalog/yaml.rb +6 -0
- data/lib/puppet/indirector/code.rb +6 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +7 -0
- data/lib/puppet/indirector/data_binding/none.rb +8 -0
- data/lib/puppet/indirector/direct_file_server.rb +17 -0
- data/lib/puppet/indirector/envelope.rb +11 -0
- data/lib/puppet/indirector/errors.rb +5 -0
- data/lib/puppet/indirector/exec.rb +38 -0
- data/lib/puppet/indirector/face.rb +153 -0
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +117 -0
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/memory.rb +9 -0
- data/lib/puppet/indirector/facts/network_device.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +44 -0
- data/lib/puppet/indirector/facts/store_configs.rb +11 -0
- data/lib/puppet/indirector/facts/yaml.rb +29 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +262 -0
- data/lib/puppet/indirector/file_bucket_file/rest.rb +50 -0
- data/lib/puppet/indirector/file_bucket_file/selector.rb +53 -0
- data/lib/puppet/indirector/file_content/file.rb +7 -0
- data/lib/puppet/indirector/file_content/file_server.rb +7 -0
- data/lib/puppet/indirector/file_content/rest.rb +35 -0
- data/lib/puppet/indirector/file_content/selector.rb +30 -0
- data/lib/puppet/indirector/file_content.rb +5 -0
- data/lib/puppet/indirector/file_metadata/file.rb +7 -0
- data/lib/puppet/indirector/file_metadata/file_server.rb +7 -0
- data/lib/puppet/indirector/file_metadata/http.rb +47 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +56 -0
- data/lib/puppet/indirector/file_metadata/selector.rb +30 -0
- data/lib/puppet/indirector/file_metadata.rb +5 -0
- data/lib/puppet/indirector/file_server.rb +54 -0
- data/lib/puppet/indirector/generic_http.rb +5 -0
- data/lib/puppet/indirector/hiera.rb +100 -0
- data/lib/puppet/indirector/indirection.rb +372 -0
- data/lib/puppet/indirector/json.rb +79 -0
- data/lib/puppet/indirector/memory.rb +34 -0
- data/lib/puppet/indirector/msgpack.rb +83 -0
- data/lib/puppet/indirector/node/exec.rb +70 -0
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/memory.rb +10 -0
- data/lib/puppet/indirector/node/msgpack.rb +7 -0
- data/lib/puppet/indirector/node/plain.rb +21 -0
- data/lib/puppet/indirector/node/rest.rb +29 -0
- data/lib/puppet/indirector/node/store_configs.rb +8 -0
- data/lib/puppet/indirector/node/yaml.rb +7 -0
- data/lib/puppet/indirector/none.rb +9 -0
- data/lib/puppet/indirector/plain.rb +9 -0
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/msgpack.rb +11 -0
- data/lib/puppet/indirector/report/processor.rb +60 -0
- data/lib/puppet/indirector/report/rest.rb +42 -0
- data/lib/puppet/indirector/report/yaml.rb +34 -0
- data/lib/puppet/indirector/request.rb +194 -0
- data/lib/puppet/indirector/resource/ral.rb +66 -0
- data/lib/puppet/indirector/resource/store_configs.rb +12 -0
- data/lib/puppet/indirector/resource/validator.rb +8 -0
- data/lib/puppet/indirector/rest.rb +64 -0
- data/lib/puppet/indirector/store_configs.rb +30 -0
- data/lib/puppet/indirector/terminus.rb +176 -0
- data/lib/puppet/indirector/yaml.rb +63 -0
- data/lib/puppet/indirector.rb +61 -0
- data/lib/puppet/info_service/class_information_service.rb +109 -0
- data/lib/puppet/info_service/plan_information_service.rb +36 -0
- data/lib/puppet/info_service/task_information_service.rb +44 -0
- data/lib/puppet/info_service.rb +26 -0
- data/lib/puppet/interface/action.rb +406 -0
- data/lib/puppet/interface/action_builder.rb +161 -0
- data/lib/puppet/interface/action_manager.rb +98 -0
- data/lib/puppet/interface/documentation.rb +357 -0
- data/lib/puppet/interface/face_collection.rb +137 -0
- data/lib/puppet/interface/option.rb +172 -0
- data/lib/puppet/interface/option_builder.rb +105 -0
- data/lib/puppet/interface/option_manager.rb +106 -0
- data/lib/puppet/interface.rb +239 -0
- data/lib/puppet/loaders.rb +30 -0
- data/lib/puppet/metatype/manager.rb +197 -0
- data/lib/puppet/module/plan.rb +159 -0
- data/lib/puppet/module/task.rb +283 -0
- data/lib/puppet/module.rb +475 -0
- data/lib/puppet/module_tool/applications/application.rb +91 -0
- data/lib/puppet/module_tool/applications/checksummer.rb +62 -0
- data/lib/puppet/module_tool/applications/installer.rb +411 -0
- data/lib/puppet/module_tool/applications/uninstaller.rb +119 -0
- data/lib/puppet/module_tool/applications/unpacker.rb +100 -0
- data/lib/puppet/module_tool/applications/upgrader.rb +282 -0
- data/lib/puppet/module_tool/applications.rb +12 -0
- data/lib/puppet/module_tool/checksums.rb +49 -0
- data/lib/puppet/module_tool/contents_description.rb +89 -0
- data/lib/puppet/module_tool/dependency.rb +41 -0
- data/lib/puppet/module_tool/errors/base.rb +15 -0
- data/lib/puppet/module_tool/errors/installer.rb +93 -0
- data/lib/puppet/module_tool/errors/shared.rb +227 -0
- data/lib/puppet/module_tool/errors/uninstaller.rb +50 -0
- data/lib/puppet/module_tool/errors/upgrader.rb +63 -0
- data/lib/puppet/module_tool/errors.rb +11 -0
- data/lib/puppet/module_tool/install_directory.rb +45 -0
- data/lib/puppet/module_tool/installed_modules.rb +96 -0
- data/lib/puppet/module_tool/local_tarball.rb +90 -0
- data/lib/puppet/module_tool/metadata.rb +221 -0
- data/lib/puppet/module_tool/shared_behaviors.rb +181 -0
- data/lib/puppet/module_tool/tar/gnu.rb +19 -0
- data/lib/puppet/module_tool/tar/mini.rb +116 -0
- data/lib/puppet/module_tool/tar.rb +18 -0
- data/lib/puppet/module_tool.rb +194 -0
- data/lib/puppet/network/authconfig.rb +7 -0
- data/lib/puppet/network/authorization.rb +19 -0
- data/lib/puppet/network/client_request.rb +29 -0
- data/lib/puppet/network/format.rb +110 -0
- data/lib/puppet/network/format_handler.rb +108 -0
- data/lib/puppet/network/format_support.rb +139 -0
- data/lib/puppet/network/formats.rb +329 -0
- data/lib/puppet/network/http/api/indirected_routes.rb +277 -0
- data/lib/puppet/network/http/api/indirection_type.rb +32 -0
- data/lib/puppet/network/http/api/master/v3/environments.rb +3 -0
- data/lib/puppet/network/http/api/master/v3.rb +3 -0
- data/lib/puppet/network/http/api/master.rb +3 -0
- data/lib/puppet/network/http/api/server/v3/environments.rb +48 -0
- data/lib/puppet/network/http/api/server/v3.rb +39 -0
- data/lib/puppet/network/http/api/server.rb +10 -0
- data/lib/puppet/network/http/api.rb +39 -0
- data/lib/puppet/network/http/connection.rb +286 -0
- data/lib/puppet/network/http/error.rb +73 -0
- data/lib/puppet/network/http/handler.rb +215 -0
- data/lib/puppet/network/http/issues.rb +12 -0
- data/lib/puppet/network/http/memory_response.rb +13 -0
- data/lib/puppet/network/http/request.rb +71 -0
- data/lib/puppet/network/http/response.rb +23 -0
- data/lib/puppet/network/http/route.rb +101 -0
- data/lib/puppet/network/http.rb +28 -0
- data/lib/puppet/network/http_pool.rb +77 -0
- data/lib/puppet/network/uri.rb +18 -0
- data/lib/puppet/network.rb +3 -0
- data/lib/puppet/node/environment.rb +635 -0
- data/lib/puppet/node/facts.rb +165 -0
- data/lib/puppet/node/server_facts.rb +46 -0
- data/lib/puppet/node.rb +256 -0
- data/lib/puppet/pal/catalog_compiler.rb +108 -0
- data/lib/puppet/pal/compiler.rb +222 -0
- data/lib/puppet/pal/function_signature.rb +52 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +71 -0
- data/lib/puppet/pal/pal_api.rb +15 -0
- data/lib/puppet/pal/pal_impl.rb +590 -0
- data/lib/puppet/pal/plan_signature.rb +71 -0
- data/lib/puppet/pal/script_compiler.rb +73 -0
- data/lib/puppet/pal/task_signature.rb +58 -0
- data/lib/puppet/parameter/boolean.rb +15 -0
- data/lib/puppet/parameter/package_options.rb +31 -0
- data/lib/puppet/parameter/path.rb +57 -0
- data/lib/puppet/parameter/value.rb +91 -0
- data/lib/puppet/parameter/value_collection.rb +212 -0
- data/lib/puppet/parameter.rb +589 -0
- data/lib/puppet/parser/abstract_compiler.rb +36 -0
- data/lib/puppet/parser/ast/block_expression.rb +15 -0
- data/lib/puppet/parser/ast/branch.rb +19 -0
- data/lib/puppet/parser/ast/hostclass.rb +27 -0
- data/lib/puppet/parser/ast/leaf.rb +81 -0
- data/lib/puppet/parser/ast/node.rb +17 -0
- data/lib/puppet/parser/ast/pops_bridge.rb +245 -0
- data/lib/puppet/parser/ast/resource.rb +66 -0
- data/lib/puppet/parser/ast/resource_instance.rb +10 -0
- data/lib/puppet/parser/ast/resourceparam.rb +31 -0
- data/lib/puppet/parser/ast/top_level_construct.rb +4 -0
- data/lib/puppet/parser/ast.rb +61 -0
- data/lib/puppet/parser/catalog_compiler.rb +56 -0
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +39 -0
- data/lib/puppet/parser/compiler/catalog_validator.rb +33 -0
- data/lib/puppet/parser/compiler.rb +615 -0
- data/lib/puppet/parser/e4_parser_adapter.rb +60 -0
- data/lib/puppet/parser/files.rb +93 -0
- data/lib/puppet/parser/functions/assert_type.rb +60 -0
- data/lib/puppet/parser/functions/binary_file.rb +24 -0
- data/lib/puppet/parser/functions/break.rb +39 -0
- data/lib/puppet/parser/functions/contain.rb +30 -0
- data/lib/puppet/parser/functions/create_resources.rb +110 -0
- data/lib/puppet/parser/functions/defined.rb +107 -0
- data/lib/puppet/parser/functions/dig.rb +38 -0
- data/lib/puppet/parser/functions/digest.rb +5 -0
- data/lib/puppet/parser/functions/each.rb +104 -0
- data/lib/puppet/parser/functions/epp.rb +39 -0
- data/lib/puppet/parser/functions/fail.rb +11 -0
- data/lib/puppet/parser/functions/file.rb +33 -0
- data/lib/puppet/parser/functions/filter.rb +79 -0
- data/lib/puppet/parser/functions/find_file.rb +28 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +44 -0
- data/lib/puppet/parser/functions/generate.rb +37 -0
- data/lib/puppet/parser/functions/hiera.rb +103 -0
- data/lib/puppet/parser/functions/hiera_array.rb +92 -0
- data/lib/puppet/parser/functions/hiera_hash.rb +102 -0
- data/lib/puppet/parser/functions/hiera_include.rb +101 -0
- data/lib/puppet/parser/functions/include.rb +34 -0
- data/lib/puppet/parser/functions/inline_epp.rb +51 -0
- data/lib/puppet/parser/functions/inline_template.rb +26 -0
- data/lib/puppet/parser/functions/lest.rb +49 -0
- data/lib/puppet/parser/functions/lookup.rb +132 -0
- data/lib/puppet/parser/functions/map.rb +76 -0
- data/lib/puppet/parser/functions/match.rb +43 -0
- data/lib/puppet/parser/functions/md5.rb +5 -0
- data/lib/puppet/parser/functions/new.rb +991 -0
- data/lib/puppet/parser/functions/next.rb +38 -0
- data/lib/puppet/parser/functions/realize.rb +20 -0
- data/lib/puppet/parser/functions/reduce.rb +137 -0
- data/lib/puppet/parser/functions/regsubst.rb +62 -0
- data/lib/puppet/parser/functions/require.rb +40 -0
- data/lib/puppet/parser/functions/return.rb +92 -0
- data/lib/puppet/parser/functions/reverse_each.rb +83 -0
- data/lib/puppet/parser/functions/scanf.rb +38 -0
- data/lib/puppet/parser/functions/sha1.rb +5 -0
- data/lib/puppet/parser/functions/sha256.rb +5 -0
- data/lib/puppet/parser/functions/shellquote.rb +61 -0
- data/lib/puppet/parser/functions/slice.rb +39 -0
- data/lib/puppet/parser/functions/split.rb +28 -0
- data/lib/puppet/parser/functions/sprintf.rb +61 -0
- data/lib/puppet/parser/functions/step.rb +84 -0
- data/lib/puppet/parser/functions/strftime.rb +185 -0
- data/lib/puppet/parser/functions/tag.rb +12 -0
- data/lib/puppet/parser/functions/tagged.rb +21 -0
- data/lib/puppet/parser/functions/template.rb +39 -0
- data/lib/puppet/parser/functions/then.rb +73 -0
- data/lib/puppet/parser/functions/type.rb +53 -0
- data/lib/puppet/parser/functions/versioncmp.rb +30 -0
- data/lib/puppet/parser/functions/with.rb +28 -0
- data/lib/puppet/parser/functions.rb +321 -0
- data/lib/puppet/parser/parser_factory.rb +30 -0
- data/lib/puppet/parser/relationship.rb +84 -0
- data/lib/puppet/parser/resource/param.rb +35 -0
- data/lib/puppet/parser/resource.rb +351 -0
- data/lib/puppet/parser/scope.rb +1127 -0
- data/lib/puppet/parser/script_compiler.rb +123 -0
- data/lib/puppet/parser/templatewrapper.rb +104 -0
- data/lib/puppet/parser/type_loader.rb +150 -0
- data/lib/puppet/parser.rb +20 -0
- data/lib/puppet/plugins/configuration.rb +29 -0
- data/lib/puppet/plugins/syntax_checkers.rb +98 -0
- data/lib/puppet/plugins.rb +9 -0
- data/lib/puppet/pops/adaptable.rb +197 -0
- data/lib/puppet/pops/adapters.rb +156 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +719 -0
- data/lib/puppet/pops/evaluator/callable_signature.rb +107 -0
- data/lib/puppet/pops/evaluator/closure.rb +375 -0
- data/lib/puppet/pops/evaluator/collector_transformer.rb +234 -0
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +86 -0
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +29 -0
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +70 -0
- data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +38 -0
- data/lib/puppet/pops/evaluator/compare_operator.rb +254 -0
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +225 -0
- data/lib/puppet/pops/evaluator/epp_evaluator.rb +120 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +1317 -0
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +46 -0
- data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +82 -0
- data/lib/puppet/pops/evaluator/literal_evaluator.rb +100 -0
- data/lib/puppet/pops/evaluator/puppet_proc.rb +69 -0
- data/lib/puppet/pops/evaluator/relationship_operator.rb +185 -0
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +221 -0
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
- data/lib/puppet/pops/evaluator/runtime3_support.rb +535 -0
- data/lib/puppet/pops/functions/dispatch.rb +107 -0
- data/lib/puppet/pops/functions/dispatcher.rb +75 -0
- data/lib/puppet/pops/functions/function.rb +139 -0
- data/lib/puppet/pops/issue_reporter.rb +137 -0
- data/lib/puppet/pops/issues.rb +928 -0
- data/lib/puppet/pops/label_provider.rb +90 -0
- data/lib/puppet/pops/loader/base_loader.rb +178 -0
- data/lib/puppet/pops/loader/dependency_loader.rb +91 -0
- data/lib/puppet/pops/loader/gem_support.rb +51 -0
- data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
- data/lib/puppet/pops/loader/loader.rb +221 -0
- data/lib/puppet/pops/loader/loader_paths.rb +412 -0
- data/lib/puppet/pops/loader/module_loaders.rb +556 -0
- data/lib/puppet/pops/loader/predefined_loader.rb +28 -0
- data/lib/puppet/pops/loader/puppet_function_instantiator.rb +84 -0
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +93 -0
- data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +79 -0
- data/lib/puppet/pops/loader/ruby_data_type_instantiator.rb +39 -0
- data/lib/puppet/pops/loader/ruby_function_instantiator.rb +45 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +120 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +103 -0
- data/lib/puppet/pops/loader/simple_environment_loader.rb +20 -0
- data/lib/puppet/pops/loader/static_loader.rb +131 -0
- data/lib/puppet/pops/loader/task_instantiator.rb +44 -0
- data/lib/puppet/pops/loader/type_definition_instantiator.rb +100 -0
- data/lib/puppet/pops/loader/typed_name.rb +54 -0
- data/lib/puppet/pops/loader/uri_helper.rb +22 -0
- data/lib/puppet/pops/loaders.rb +546 -0
- data/lib/puppet/pops/lookup/configured_data_provider.rb +93 -0
- data/lib/puppet/pops/lookup/context.rb +199 -0
- data/lib/puppet/pops/lookup/data_adapter.rb +27 -0
- data/lib/puppet/pops/lookup/data_dig_function_provider.rb +145 -0
- data/lib/puppet/pops/lookup/data_hash_function_provider.rb +126 -0
- data/lib/puppet/pops/lookup/data_provider.rb +92 -0
- data/lib/puppet/pops/lookup/environment_data_provider.rb +35 -0
- data/lib/puppet/pops/lookup/explainer.rb +595 -0
- data/lib/puppet/pops/lookup/function_provider.rb +110 -0
- data/lib/puppet/pops/lookup/global_data_provider.rb +75 -0
- data/lib/puppet/pops/lookup/hiera_config.rb +775 -0
- data/lib/puppet/pops/lookup/interpolation.rb +155 -0
- data/lib/puppet/pops/lookup/invocation.rb +268 -0
- data/lib/puppet/pops/lookup/key_recorder.rb +18 -0
- data/lib/puppet/pops/lookup/location_resolver.rb +99 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +528 -0
- data/lib/puppet/pops/lookup/lookup_key.rb +99 -0
- data/lib/puppet/pops/lookup/lookup_key_function_provider.rb +92 -0
- data/lib/puppet/pops/lookup/module_data_provider.rb +89 -0
- data/lib/puppet/pops/lookup/sub_lookup.rb +92 -0
- data/lib/puppet/pops/lookup.rb +97 -0
- data/lib/puppet/pops/merge_strategy.rb +441 -0
- data/lib/puppet/pops/migration/migration_checker.rb +58 -0
- data/lib/puppet/pops/model/ast.pp +669 -0
- data/lib/puppet/pops/model/ast.rb +4675 -0
- data/lib/puppet/pops/model/ast_transformer.rb +131 -0
- data/lib/puppet/pops/model/factory.rb +1155 -0
- data/lib/puppet/pops/model/model_label_provider.rb +134 -0
- data/lib/puppet/pops/model/model_tree_dumper.rb +445 -0
- data/lib/puppet/pops/model/pn_transformer.rb +385 -0
- data/lib/puppet/pops/model/tree_dumper.rb +59 -0
- data/lib/puppet/pops/parser/code_merger.rb +29 -0
- data/lib/puppet/pops/parser/egrammar.ra +889 -0
- data/lib/puppet/pops/parser/eparser.rb +3184 -0
- data/lib/puppet/pops/parser/epp_parser.rb +51 -0
- data/lib/puppet/pops/parser/epp_support.rb +265 -0
- data/lib/puppet/pops/parser/evaluating_parser.rb +162 -0
- data/lib/puppet/pops/parser/heredoc_support.rb +153 -0
- data/lib/puppet/pops/parser/interpolation_support.rb +249 -0
- data/lib/puppet/pops/parser/lexer2.rb +777 -0
- data/lib/puppet/pops/parser/lexer_support.rb +221 -0
- data/lib/puppet/pops/parser/locatable.rb +23 -0
- data/lib/puppet/pops/parser/locator.rb +357 -0
- data/lib/puppet/pops/parser/parser_support.rb +251 -0
- data/lib/puppet/pops/parser/pn_parser.rb +317 -0
- data/lib/puppet/pops/parser/slurp_support.rb +118 -0
- data/lib/puppet/pops/patterns.rb +60 -0
- data/lib/puppet/pops/pcore.rb +135 -0
- data/lib/puppet/pops/pn.rb +236 -0
- data/lib/puppet/pops/puppet_stack.rb +61 -0
- data/lib/puppet/pops/resource/param.rb +55 -0
- data/lib/puppet/pops/resource/resource_type_impl.rb +294 -0
- data/lib/puppet/pops/resource/resource_type_set.pcore +22 -0
- data/lib/puppet/pops/semantic_error.rb +29 -0
- data/lib/puppet/pops/serialization/abstract_reader.rb +180 -0
- data/lib/puppet/pops/serialization/abstract_writer.rb +222 -0
- data/lib/puppet/pops/serialization/deserializer.rb +80 -0
- data/lib/puppet/pops/serialization/extension.rb +158 -0
- data/lib/puppet/pops/serialization/from_data_converter.rb +224 -0
- data/lib/puppet/pops/serialization/instance_reader.rb +19 -0
- data/lib/puppet/pops/serialization/instance_writer.rb +14 -0
- data/lib/puppet/pops/serialization/json.rb +297 -0
- data/lib/puppet/pops/serialization/json_path.rb +127 -0
- data/lib/puppet/pops/serialization/object.rb +70 -0
- data/lib/puppet/pops/serialization/serializer.rb +140 -0
- data/lib/puppet/pops/serialization/time_factory.rb +67 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +313 -0
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
- data/lib/puppet/pops/serialization.rb +43 -0
- data/lib/puppet/pops/time/timespan.rb +716 -0
- data/lib/puppet/pops/time/timestamp.rb +160 -0
- data/lib/puppet/pops/types/annotatable.rb +36 -0
- data/lib/puppet/pops/types/annotation.rb +71 -0
- data/lib/puppet/pops/types/class_loader.rb +132 -0
- data/lib/puppet/pops/types/implementation_registry.rb +134 -0
- data/lib/puppet/pops/types/iterable.rb +365 -0
- data/lib/puppet/pops/types/p_binary_type.rb +232 -0
- data/lib/puppet/pops/types/p_init_type.rb +238 -0
- data/lib/puppet/pops/types/p_meta_type.rb +94 -0
- data/lib/puppet/pops/types/p_object_type.rb +1117 -0
- data/lib/puppet/pops/types/p_object_type_extension.rb +228 -0
- data/lib/puppet/pops/types/p_runtime_type.rb +115 -0
- data/lib/puppet/pops/types/p_sem_ver_range_type.rb +190 -0
- data/lib/puppet/pops/types/p_sem_ver_type.rb +155 -0
- data/lib/puppet/pops/types/p_sensitive_type.rb +83 -0
- data/lib/puppet/pops/types/p_timespan_type.rb +192 -0
- data/lib/puppet/pops/types/p_timestamp_type.rb +73 -0
- data/lib/puppet/pops/types/p_type_set_type.rb +387 -0
- data/lib/puppet/pops/types/p_uri_type.rb +190 -0
- data/lib/puppet/pops/types/puppet_object.rb +40 -0
- data/lib/puppet/pops/types/recursion_guard.rb +136 -0
- data/lib/puppet/pops/types/ruby_generator.rb +472 -0
- data/lib/puppet/pops/types/ruby_method.rb +31 -0
- data/lib/puppet/pops/types/string_converter.rb +1134 -0
- data/lib/puppet/pops/types/tree_iterators.rb +254 -0
- data/lib/puppet/pops/types/type_acceptor.rb +25 -0
- data/lib/puppet/pops/types/type_asserter.rb +47 -0
- data/lib/puppet/pops/types/type_assertion_error.rb +27 -0
- data/lib/puppet/pops/types/type_calculator.rb +822 -0
- data/lib/puppet/pops/types/type_conversion_error.rb +15 -0
- data/lib/puppet/pops/types/type_factory.rb +631 -0
- data/lib/puppet/pops/types/type_formatter.rb +801 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1096 -0
- data/lib/puppet/pops/types/type_parser.rb +683 -0
- data/lib/puppet/pops/types/type_set_reference.rb +59 -0
- data/lib/puppet/pops/types/type_with_members.rb +43 -0
- data/lib/puppet/pops/types/types.rb +3633 -0
- data/lib/puppet/pops/utils.rb +119 -0
- data/lib/puppet/pops/validation/checker4_0.rb +1148 -0
- data/lib/puppet/pops/validation/tasks_checker.rb +93 -0
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +45 -0
- data/lib/puppet/pops/validation.rb +459 -0
- data/lib/puppet/pops/visitable.rb +6 -0
- data/lib/puppet/pops/visitor.rb +122 -0
- data/lib/puppet/pops.rb +121 -0
- data/lib/puppet/property/boolean.rb +7 -0
- data/lib/puppet/property/ensure.rb +106 -0
- data/lib/puppet/property/keyvalue.rb +158 -0
- data/lib/puppet/property/list.rb +70 -0
- data/lib/puppet/property/ordered_list.rb +29 -0
- data/lib/puppet/property.rb +611 -0
- data/lib/puppet/provider/aix_object.rb +485 -0
- data/lib/puppet/provider/command.rb +25 -0
- data/lib/puppet/provider/confine.rb +6 -0
- data/lib/puppet/provider/exec/posix.rb +60 -0
- data/lib/puppet/provider/exec/shell.rb +25 -0
- data/lib/puppet/provider/exec/windows.rb +55 -0
- data/lib/puppet/provider/exec.rb +105 -0
- data/lib/puppet/provider/file/posix.rb +144 -0
- data/lib/puppet/provider/file/windows.rb +152 -0
- data/lib/puppet/provider/group/aix.rb +99 -0
- data/lib/puppet/provider/group/directoryservice.rb +22 -0
- data/lib/puppet/provider/group/groupadd.rb +174 -0
- data/lib/puppet/provider/group/ldap.rb +48 -0
- data/lib/puppet/provider/group/pw.rb +51 -0
- data/lib/puppet/provider/group/windows_adsi.rb +113 -0
- data/lib/puppet/provider/ldap.rb +141 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +512 -0
- data/lib/puppet/provider/nameservice/objectadd.rb +22 -0
- data/lib/puppet/provider/nameservice/pw.rb +21 -0
- data/lib/puppet/provider/nameservice.rb +293 -0
- data/lib/puppet/provider/network_device.rb +74 -0
- data/lib/puppet/provider/package/aix.rb +169 -0
- data/lib/puppet/provider/package/appdmg.rb +111 -0
- data/lib/puppet/provider/package/apple.rb +47 -0
- data/lib/puppet/provider/package/apt.rb +262 -0
- data/lib/puppet/provider/package/aptitude.rb +35 -0
- data/lib/puppet/provider/package/aptrpm.rb +83 -0
- data/lib/puppet/provider/package/blastwave.rb +112 -0
- data/lib/puppet/provider/package/dnf.rb +50 -0
- data/lib/puppet/provider/package/dnfmodule.rb +141 -0
- data/lib/puppet/provider/package/dpkg.rb +192 -0
- data/lib/puppet/provider/package/fink.rb +97 -0
- data/lib/puppet/provider/package/freebsd.rb +47 -0
- data/lib/puppet/provider/package/gem.rb +293 -0
- data/lib/puppet/provider/package/hpux.rb +44 -0
- data/lib/puppet/provider/package/macports.rb +110 -0
- data/lib/puppet/provider/package/nim.rb +291 -0
- data/lib/puppet/provider/package/openbsd.rb +260 -0
- data/lib/puppet/provider/package/opkg.rb +82 -0
- data/lib/puppet/provider/package/pacman.rb +273 -0
- data/lib/puppet/provider/package/pip.rb +346 -0
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pip3.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +295 -0
- data/lib/puppet/provider/package/pkgdmg.rb +153 -0
- data/lib/puppet/provider/package/pkgin.rb +87 -0
- data/lib/puppet/provider/package/pkgng.rb +173 -0
- data/lib/puppet/provider/package/pkgutil.rb +187 -0
- data/lib/puppet/provider/package/portage.rb +310 -0
- data/lib/puppet/provider/package/ports.rb +91 -0
- data/lib/puppet/provider/package/portupgrade.rb +240 -0
- data/lib/puppet/provider/package/puppet_gem.rb +34 -0
- data/lib/puppet/provider/package/puppetserver_gem.rb +171 -0
- data/lib/puppet/provider/package/rpm.rb +250 -0
- data/lib/puppet/provider/package/rug.rb +51 -0
- data/lib/puppet/provider/package/sun.rb +133 -0
- data/lib/puppet/provider/package/sunfreeware.rb +9 -0
- data/lib/puppet/provider/package/tdnf.rb +28 -0
- data/lib/puppet/provider/package/up2date.rb +40 -0
- data/lib/puppet/provider/package/urpmi.rb +55 -0
- data/lib/puppet/provider/package/windows/exe_package.rb +106 -0
- data/lib/puppet/provider/package/windows/msi_package.rb +70 -0
- data/lib/puppet/provider/package/windows/package.rb +110 -0
- data/lib/puppet/provider/package/windows.rb +130 -0
- data/lib/puppet/provider/package/yum.rb +387 -0
- data/lib/puppet/provider/package/zypper.rb +206 -0
- data/lib/puppet/provider/package.rb +59 -0
- data/lib/puppet/provider/package_targetable.rb +69 -0
- data/lib/puppet/provider/parsedfile.rb +490 -0
- data/lib/puppet/provider/service/base.rb +139 -0
- data/lib/puppet/provider/service/bsd.rb +51 -0
- data/lib/puppet/provider/service/daemontools.rb +193 -0
- data/lib/puppet/provider/service/debian.rb +75 -0
- data/lib/puppet/provider/service/freebsd.rb +143 -0
- data/lib/puppet/provider/service/gentoo.rb +45 -0
- data/lib/puppet/provider/service/init.rb +192 -0
- data/lib/puppet/provider/service/launchd.rb +384 -0
- data/lib/puppet/provider/service/openbsd.rb +100 -0
- data/lib/puppet/provider/service/openrc.rb +71 -0
- data/lib/puppet/provider/service/openwrt.rb +36 -0
- data/lib/puppet/provider/service/rcng.rb +51 -0
- data/lib/puppet/provider/service/redhat.rb +72 -0
- data/lib/puppet/provider/service/runit.rb +106 -0
- data/lib/puppet/provider/service/service.rb +68 -0
- data/lib/puppet/provider/service/smf.rb +317 -0
- data/lib/puppet/provider/service/src.rb +147 -0
- data/lib/puppet/provider/service/systemd.rb +232 -0
- data/lib/puppet/provider/service/upstart.rb +385 -0
- data/lib/puppet/provider/service/windows.rb +182 -0
- data/lib/puppet/provider/user/aix.rb +361 -0
- data/lib/puppet/provider/user/directoryservice.rb +680 -0
- data/lib/puppet/provider/user/hpux.rb +95 -0
- data/lib/puppet/provider/user/ldap.rb +132 -0
- data/lib/puppet/provider/user/openbsd.rb +77 -0
- data/lib/puppet/provider/user/pw.rb +108 -0
- data/lib/puppet/provider/user/user_role_add.rb +239 -0
- data/lib/puppet/provider/user/useradd.rb +406 -0
- data/lib/puppet/provider/user/windows_adsi.rb +172 -0
- data/lib/puppet/provider.rb +612 -0
- data/lib/puppet/reference/configuration.rb +97 -0
- data/lib/puppet/reference/function.rb +17 -0
- data/lib/puppet/reference/indirection.rb +71 -0
- data/lib/puppet/reference/metaparameter.rb +33 -0
- data/lib/puppet/reference/providers.rb +117 -0
- data/lib/puppet/reference/report.rb +20 -0
- data/lib/puppet/reference/type.rb +109 -0
- data/lib/puppet/relationship.rb +84 -0
- data/lib/puppet/reports/http.rb +44 -0
- data/lib/puppet/reports/log.rb +14 -0
- data/lib/puppet/reports/store.rb +68 -0
- data/lib/puppet/reports.rb +93 -0
- data/lib/puppet/resource/catalog.rb +654 -0
- data/lib/puppet/resource/status.rb +229 -0
- data/lib/puppet/resource/type.rb +425 -0
- data/lib/puppet/resource/type_collection.rb +231 -0
- data/lib/puppet/resource.rb +663 -0
- data/lib/puppet/runtime.rb +65 -0
- data/lib/puppet/scheduler/job.rb +53 -0
- data/lib/puppet/scheduler/scheduler.rb +44 -0
- data/lib/puppet/scheduler/splay_job.rb +32 -0
- data/lib/puppet/scheduler/timer.rb +13 -0
- data/lib/puppet/scheduler.rb +16 -0
- data/lib/puppet/settings/alias_setting.rb +37 -0
- data/lib/puppet/settings/array_setting.rb +17 -0
- data/lib/puppet/settings/autosign_setting.rb +22 -0
- data/lib/puppet/settings/base_setting.rb +223 -0
- data/lib/puppet/settings/boolean_setting.rb +32 -0
- data/lib/puppet/settings/certificate_revocation_setting.rb +21 -0
- data/lib/puppet/settings/config_file.rb +146 -0
- data/lib/puppet/settings/directory_setting.rb +18 -0
- data/lib/puppet/settings/duration_setting.rb +32 -0
- data/lib/puppet/settings/enum_setting.rb +16 -0
- data/lib/puppet/settings/environment_conf.rb +224 -0
- data/lib/puppet/settings/errors.rb +11 -0
- data/lib/puppet/settings/file_or_directory_setting.rb +40 -0
- data/lib/puppet/settings/file_setting.rb +241 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/settings/ini_file.rb +226 -0
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/path_setting.rb +8 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +43 -0
- data/lib/puppet/settings/server_list_setting.rb +29 -0
- data/lib/puppet/settings/string_setting.rb +9 -0
- data/lib/puppet/settings/symbolic_enum_setting.rb +17 -0
- data/lib/puppet/settings/terminus_setting.rb +14 -0
- data/lib/puppet/settings/ttl_setting.rb +51 -0
- data/lib/puppet/settings/value_translator.rb +14 -0
- data/lib/puppet/settings.rb +1642 -0
- data/lib/puppet/ssl/base.rb +149 -0
- data/lib/puppet/ssl/certificate.rb +96 -0
- data/lib/puppet/ssl/certificate_request.rb +324 -0
- data/lib/puppet/ssl/certificate_request_attributes.rb +37 -0
- data/lib/puppet/ssl/certificate_signer.rb +39 -0
- data/lib/puppet/ssl/digest.rb +20 -0
- data/lib/puppet/ssl/error.rb +26 -0
- data/lib/puppet/ssl/oids.rb +197 -0
- data/lib/puppet/ssl/openssl_loader.rb +24 -0
- data/lib/puppet/ssl/ssl_context.rb +25 -0
- data/lib/puppet/ssl/ssl_provider.rb +350 -0
- data/lib/puppet/ssl/state_machine.rb +474 -0
- data/lib/puppet/ssl/verifier.rb +142 -0
- data/lib/puppet/ssl.rb +23 -0
- data/lib/puppet/syntax_checkers/base64.rb +40 -0
- data/lib/puppet/syntax_checkers/epp.rb +34 -0
- data/lib/puppet/syntax_checkers/json.rb +35 -0
- data/lib/puppet/syntax_checkers/pp.rb +34 -0
- data/lib/puppet/syntax_checkers.rb +3 -0
- data/lib/puppet/test/test_helper.rb +265 -0
- data/lib/puppet/thread_local.rb +4 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +220 -0
- data/lib/puppet/transaction/event.rb +168 -0
- data/lib/puppet/transaction/event_manager.rb +179 -0
- data/lib/puppet/transaction/persistence.rb +119 -0
- data/lib/puppet/transaction/report.rb +504 -0
- data/lib/puppet/transaction/resource_harness.rb +323 -0
- data/lib/puppet/transaction.rb +491 -0
- data/lib/puppet/trusted_external.rb +41 -0
- data/lib/puppet/type/component.rb +89 -0
- data/lib/puppet/type/exec.rb +720 -0
- data/lib/puppet/type/file/checksum.rb +50 -0
- data/lib/puppet/type/file/checksum_value.rb +54 -0
- data/lib/puppet/type/file/content.rb +176 -0
- data/lib/puppet/type/file/ctime.rb +21 -0
- data/lib/puppet/type/file/data_sync.rb +98 -0
- data/lib/puppet/type/file/ensure.rb +195 -0
- data/lib/puppet/type/file/group.rb +48 -0
- data/lib/puppet/type/file/mode.rb +189 -0
- data/lib/puppet/type/file/mtime.rb +19 -0
- data/lib/puppet/type/file/owner.rb +51 -0
- data/lib/puppet/type/file/selcontext.rb +142 -0
- data/lib/puppet/type/file/source.rb +379 -0
- data/lib/puppet/type/file/target.rb +88 -0
- data/lib/puppet/type/file/type.rb +20 -0
- data/lib/puppet/type/file.rb +1133 -0
- data/lib/puppet/type/filebucket.rb +121 -0
- data/lib/puppet/type/group.rb +237 -0
- data/lib/puppet/type/notify.rb +47 -0
- data/lib/puppet/type/package.rb +713 -0
- data/lib/puppet/type/resources.rb +187 -0
- data/lib/puppet/type/schedule.rb +441 -0
- data/lib/puppet/type/service.rb +309 -0
- data/lib/puppet/type/stage.rb +27 -0
- data/lib/puppet/type/tidy.rb +376 -0
- data/lib/puppet/type/user.rb +859 -0
- data/lib/puppet/type/whit.rb +34 -0
- data/lib/puppet/type.rb +2676 -0
- data/lib/puppet/util/at_fork/noop.rb +18 -0
- data/lib/puppet/util/at_fork/solaris.rb +160 -0
- data/lib/puppet/util/at_fork.rb +35 -0
- data/lib/puppet/util/autoload.rb +215 -0
- data/lib/puppet/util/backups.rb +86 -0
- data/lib/puppet/util/character_encoding.rb +80 -0
- data/lib/puppet/util/checksums.rb +376 -0
- data/lib/puppet/util/classgen.rb +228 -0
- data/lib/puppet/util/colors.rb +100 -0
- data/lib/puppet/util/command_line/puppet_option_parser.rb +87 -0
- data/lib/puppet/util/command_line/trollop.rb +825 -0
- data/lib/puppet/util/command_line.rb +196 -0
- data/lib/puppet/util/constant_inflector.rb +24 -0
- data/lib/puppet/util/diff.rb +81 -0
- data/lib/puppet/util/docs.rb +128 -0
- data/lib/puppet/util/errors.rb +159 -0
- data/lib/puppet/util/execution.rb +424 -0
- data/lib/puppet/util/execution_stub.rb +26 -0
- data/lib/puppet/util/feature.rb +129 -0
- data/lib/puppet/util/file_watcher.rb +28 -0
- data/lib/puppet/util/fileparsing.rb +408 -0
- data/lib/puppet/util/filetype.rb +358 -0
- data/lib/puppet/util/http_proxy.rb +4 -0
- data/lib/puppet/util/inifile.rb +340 -0
- data/lib/puppet/util/instance_loader.rb +66 -0
- data/lib/puppet/util/json.rb +92 -0
- data/lib/puppet/util/json_lockfile.rb +44 -0
- data/lib/puppet/util/ldap/connection.rb +73 -0
- data/lib/puppet/util/ldap/generator.rb +42 -0
- data/lib/puppet/util/ldap/manager.rb +284 -0
- data/lib/puppet/util/ldap.rb +2 -0
- data/lib/puppet/util/libuser.conf +15 -0
- data/lib/puppet/util/libuser.rb +12 -0
- data/lib/puppet/util/limits.rb +12 -0
- data/lib/puppet/util/lockfile.rb +66 -0
- data/lib/puppet/util/log/destination.rb +49 -0
- data/lib/puppet/util/log/destinations.rb +253 -0
- data/lib/puppet/util/log.rb +427 -0
- data/lib/puppet/util/logging.rb +300 -0
- data/lib/puppet/util/metaid.rb +21 -0
- data/lib/puppet/util/metric.rb +65 -0
- data/lib/puppet/util/monkey_patches.rb +122 -0
- data/lib/puppet/util/multi_match.rb +51 -0
- data/lib/puppet/util/network_device/base.rb +23 -0
- data/lib/puppet/util/network_device/config.rb +105 -0
- data/lib/puppet/util/network_device/transport/base.rb +26 -0
- data/lib/puppet/util/network_device/transport.rb +5 -0
- data/lib/puppet/util/network_device.rb +17 -0
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/package.rb +40 -0
- data/lib/puppet/util/pidlock.rb +102 -0
- data/lib/puppet/util/platform.rb +70 -0
- data/lib/puppet/util/plist.rb +161 -0
- data/lib/puppet/util/posix.rb +203 -0
- data/lib/puppet/util/profiler/aggregate.rb +85 -0
- data/lib/puppet/util/profiler/around_profiler.rb +67 -0
- data/lib/puppet/util/profiler/logging.rb +48 -0
- data/lib/puppet/util/profiler/object_counts.rb +17 -0
- data/lib/puppet/util/profiler/wall_clock.rb +35 -0
- data/lib/puppet/util/profiler.rb +53 -0
- data/lib/puppet/util/provider_features.rb +179 -0
- data/lib/puppet/util/psych_support.rb +30 -0
- data/lib/puppet/util/rdoc/code_objects.rb +295 -0
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +912 -0
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +1085 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +259 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
- data/lib/puppet/util/rdoc/parser.rb +12 -0
- data/lib/puppet/util/rdoc.rb +53 -0
- data/lib/puppet/util/reference.rb +119 -0
- data/lib/puppet/util/resource_template.rb +61 -0
- data/lib/puppet/util/retry_action.rb +46 -0
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/rubygems.rb +67 -0
- data/lib/puppet/util/run_mode.rb +122 -0
- data/lib/puppet/util/selinux.rb +297 -0
- data/lib/puppet/util/skip_tags.rb +13 -0
- data/lib/puppet/util/splayer.rb +18 -0
- data/lib/puppet/util/storage.rb +100 -0
- data/lib/puppet/util/suidmanager.rb +166 -0
- data/lib/puppet/util/symbolic_file_mode.rb +156 -0
- data/lib/puppet/util/tag_set.rb +27 -0
- data/lib/puppet/util/tagging.rb +132 -0
- data/lib/puppet/util/terminal.rb +16 -0
- data/lib/puppet/util/user_attr.rb +21 -0
- data/lib/puppet/util/warnings.rb +31 -0
- data/lib/puppet/util/watched_file.rb +37 -0
- data/lib/puppet/util/watcher/change_watcher.rb +33 -0
- data/lib/puppet/util/watcher/periodic_watcher.rb +37 -0
- data/lib/puppet/util/watcher/timer.rb +19 -0
- data/lib/puppet/util/watcher.rb +17 -0
- data/lib/puppet/util/windows/access_control_entry.rb +84 -0
- data/lib/puppet/util/windows/access_control_list.rb +113 -0
- data/lib/puppet/util/windows/adsi.rb +654 -0
- data/lib/puppet/util/windows/com.rb +225 -0
- data/lib/puppet/util/windows/daemon.rb +343 -0
- data/lib/puppet/util/windows/error.rb +84 -0
- data/lib/puppet/util/windows/eventlog.rb +187 -0
- data/lib/puppet/util/windows/file.rb +355 -0
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +201 -0
- data/lib/puppet/util/windows/process.rb +364 -0
- data/lib/puppet/util/windows/registry.rb +441 -0
- data/lib/puppet/util/windows/root_certs.rb +108 -0
- data/lib/puppet/util/windows/security.rb +907 -0
- data/lib/puppet/util/windows/security_descriptor.rb +62 -0
- data/lib/puppet/util/windows/service.rb +696 -0
- data/lib/puppet/util/windows/sid.rb +289 -0
- data/lib/puppet/util/windows/string.rb +15 -0
- data/lib/puppet/util/windows/user.rb +550 -0
- data/lib/puppet/util/windows.rb +51 -0
- data/lib/puppet/util/yaml.rb +65 -0
- data/lib/puppet/util.rb +808 -0
- data/lib/puppet/vendor/require_vendored.rb +4 -0
- data/lib/puppet/vendor.rb +57 -0
- data/lib/puppet/version.rb +95 -0
- data/lib/puppet/x509/cert_provider.rb +369 -0
- data/lib/puppet/x509/pem_store.rb +55 -0
- data/lib/puppet/x509.rb +11 -0
- data/lib/puppet.rb +345 -0
- data/lib/puppet_pal.rb +8 -0
- data/lib/puppet_x.rb +14 -0
- data/locales/config.yaml +29 -0
- data/locales/en/puppet.po +19 -0
- data/locales/puppet.pot +20 -0
- data/man/man5/puppet.conf.5 +2198 -0
- data/man/man8/puppet-agent.8 +203 -0
- data/man/man8/puppet-apply.8 +100 -0
- data/man/man8/puppet-catalog.8 +291 -0
- data/man/man8/puppet-config.8 +151 -0
- data/man/man8/puppet-describe.8 +51 -0
- data/man/man8/puppet-device.8 +119 -0
- data/man/man8/puppet-doc.8 +46 -0
- data/man/man8/puppet-epp.8 +377 -0
- data/man/man8/puppet-facts.8 +234 -0
- data/man/man8/puppet-filebucket.8 +166 -0
- data/man/man8/puppet-generate.8 +84 -0
- data/man/man8/puppet-help.8 +67 -0
- data/man/man8/puppet-lookup.8 +107 -0
- data/man/man8/puppet-module.8 +325 -0
- data/man/man8/puppet-node.8 +163 -0
- data/man/man8/puppet-parser.8 +130 -0
- data/man/man8/puppet-plugin.8 +73 -0
- data/man/man8/puppet-report.8 +127 -0
- data/man/man8/puppet-resource.8 +88 -0
- data/man/man8/puppet-script.8 +70 -0
- data/man/man8/puppet-ssl.8 +63 -0
- data/man/man8/puppet.8 +28 -0
- data/tasks/benchmark.rake +180 -0
- data/tasks/ci.rake +24 -0
- data/tasks/generate_ast_model.rake +90 -0
- data/tasks/generate_cert_fixtures.rake +194 -0
- data/tasks/manpages.rake +67 -0
- data/tasks/memwalk.rake +195 -0
- data/tasks/parallel.rake +410 -0
- data/tasks/parser.rake +22 -0
- data/tasks/yard.rake +59 -0
- metadata +1324 -0
@@ -0,0 +1,474 @@
|
|
1
|
+
require_relative '../../puppet/ssl'
|
2
|
+
require_relative '../../puppet/util/pidlock'
|
3
|
+
|
4
|
+
# This class implements a state machine for bootstrapping a host's CA and CRL
|
5
|
+
# bundles, private key and signed client certificate. Each state has a frozen
|
6
|
+
# SSLContext that it uses to make network connections. If a state makes progress
|
7
|
+
# bootstrapping the host, then the state will generate a new frozen SSLContext
|
8
|
+
# and pass that to the next state. For example, the NeedCACerts state will load
|
9
|
+
# or download a CA bundle, and generate a new SSLContext containing those CA
|
10
|
+
# certs. This way we're sure about which SSLContext is being used during any
|
11
|
+
# phase of the bootstrapping process.
|
12
|
+
#
|
13
|
+
# @api private
|
14
|
+
class Puppet::SSL::StateMachine
|
15
|
+
class SSLState
|
16
|
+
attr_reader :ssl_context
|
17
|
+
|
18
|
+
def initialize(machine, ssl_context)
|
19
|
+
@machine = machine
|
20
|
+
@ssl_context = ssl_context
|
21
|
+
@cert_provider = machine.cert_provider
|
22
|
+
@ssl_provider = machine.ssl_provider
|
23
|
+
end
|
24
|
+
|
25
|
+
def to_error(message, cause)
|
26
|
+
detail = Puppet::Error.new(message)
|
27
|
+
detail.set_backtrace(cause.backtrace)
|
28
|
+
Error.new(@machine, message, detail)
|
29
|
+
end
|
30
|
+
|
31
|
+
def log_error(message)
|
32
|
+
# When running daemonized we set stdout to /dev/null, so write to the log instead
|
33
|
+
if Puppet[:daemonize]
|
34
|
+
Puppet.err(message)
|
35
|
+
else
|
36
|
+
$stdout.puts(message)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# Load existing CA certs or download them. Transition to NeedCRLs.
|
42
|
+
#
|
43
|
+
class NeedCACerts < SSLState
|
44
|
+
def initialize(machine)
|
45
|
+
super(machine, nil)
|
46
|
+
@ssl_context = @ssl_provider.create_insecure_context
|
47
|
+
end
|
48
|
+
|
49
|
+
def next_state
|
50
|
+
Puppet.debug("Loading CA certs")
|
51
|
+
|
52
|
+
cacerts = @cert_provider.load_cacerts
|
53
|
+
if cacerts
|
54
|
+
next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
|
55
|
+
else
|
56
|
+
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
57
|
+
_, pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
|
58
|
+
if @machine.ca_fingerprint
|
59
|
+
actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex
|
60
|
+
expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase
|
61
|
+
if actual_digest == expected_digest
|
62
|
+
Puppet.info(_("Verified CA bundle with digest (%{digest_type}) %{actual_digest}") %
|
63
|
+
{ digest_type: @machine.digest, actual_digest: actual_digest })
|
64
|
+
else
|
65
|
+
e = Puppet::Error.new(_("CA bundle with digest (%{digest_type}) %{actual_digest} did not match expected digest %{expected_digest}") % { digest_type: @machine.digest, actual_digest: actual_digest, expected_digest: expected_digest })
|
66
|
+
return Error.new(@machine, e.message, e)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
cacerts = @cert_provider.load_cacerts_from_pem(pem)
|
71
|
+
# verify cacerts before saving
|
72
|
+
next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
|
73
|
+
@cert_provider.save_cacerts(cacerts)
|
74
|
+
end
|
75
|
+
|
76
|
+
NeedCRLs.new(@machine, next_ctx)
|
77
|
+
rescue OpenSSL::X509::CertificateError => e
|
78
|
+
Error.new(@machine, e.message, e)
|
79
|
+
rescue Puppet::HTTP::ResponseError => e
|
80
|
+
if e.response.code == 404
|
81
|
+
to_error(_('CA certificate is missing from the server'), e)
|
82
|
+
else
|
83
|
+
to_error(_('Could not download CA certificate: %{message}') % { message: e.message }, e)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
# If revocation is enabled, load CRLs or download them, using the CA bundle
|
89
|
+
# from the previous state. Transition to NeedKey. Even if Puppet[:certificate_revocation]
|
90
|
+
# is leaf or chain, disable revocation when downloading the CRL, since 1) we may
|
91
|
+
# not have one yet or 2) the connection will fail if NeedCACerts downloaded a new CA
|
92
|
+
# for which we don't have a CRL
|
93
|
+
#
|
94
|
+
class NeedCRLs < SSLState
|
95
|
+
def next_state
|
96
|
+
Puppet.debug("Loading CRLs")
|
97
|
+
|
98
|
+
case Puppet[:certificate_revocation]
|
99
|
+
when :chain, :leaf
|
100
|
+
crls = @cert_provider.load_crls
|
101
|
+
if crls
|
102
|
+
next_ctx = @ssl_provider.create_root_context(cacerts: ssl_context[:cacerts], crls: crls)
|
103
|
+
|
104
|
+
crl_ttl = Puppet[:crl_refresh_interval]
|
105
|
+
if crl_ttl
|
106
|
+
last_update = @cert_provider.crl_last_update
|
107
|
+
now = Time.now
|
108
|
+
if last_update.nil? || now.to_i > last_update.to_i + crl_ttl
|
109
|
+
# set last updated time first, then make a best effort to refresh
|
110
|
+
@cert_provider.crl_last_update = now
|
111
|
+
next_ctx = refresh_crl(next_ctx, last_update)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
else
|
115
|
+
next_ctx = download_crl(@ssl_context, nil)
|
116
|
+
end
|
117
|
+
else
|
118
|
+
Puppet.info("Certificate revocation is disabled, skipping CRL download")
|
119
|
+
next_ctx = @ssl_provider.create_root_context(cacerts: ssl_context[:cacerts], crls: [])
|
120
|
+
end
|
121
|
+
|
122
|
+
NeedKey.new(@machine, next_ctx)
|
123
|
+
rescue OpenSSL::X509::CRLError => e
|
124
|
+
Error.new(@machine, e.message, e)
|
125
|
+
rescue Puppet::HTTP::ResponseError => e
|
126
|
+
if e.response.code == 404
|
127
|
+
to_error(_('CRL is missing from the server'), e)
|
128
|
+
else
|
129
|
+
to_error(_('Could not download CRLs: %{message}') % { message: e.message }, e)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
private
|
134
|
+
|
135
|
+
def refresh_crl(ssl_ctx, last_update)
|
136
|
+
Puppet.info(_("Refreshing CRL"))
|
137
|
+
|
138
|
+
# return the next_ctx containing the updated crl
|
139
|
+
download_crl(ssl_ctx, last_update)
|
140
|
+
rescue Puppet::HTTP::ResponseError => e
|
141
|
+
if e.response.code == 304
|
142
|
+
Puppet.info(_("CRL is unmodified, using existing CRL"))
|
143
|
+
else
|
144
|
+
Puppet.info(_("Failed to refresh CRL, using existing CRL: %{message}") % {message: e.message})
|
145
|
+
end
|
146
|
+
|
147
|
+
# return the original ssl_ctx
|
148
|
+
ssl_ctx
|
149
|
+
rescue Puppet::HTTP::HTTPError => e
|
150
|
+
Puppet.warning(_("Failed to refresh CRL, using existing CRL: %{message}") % {message: e.message})
|
151
|
+
|
152
|
+
# return the original ssl_ctx
|
153
|
+
ssl_ctx
|
154
|
+
end
|
155
|
+
|
156
|
+
def download_crl(ssl_ctx, last_update)
|
157
|
+
route = @machine.session.route_to(:ca, ssl_context: ssl_ctx)
|
158
|
+
_, pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
|
159
|
+
crls = @cert_provider.load_crls_from_pem(pem)
|
160
|
+
# verify crls before saving
|
161
|
+
next_ctx = @ssl_provider.create_root_context(cacerts: ssl_ctx[:cacerts], crls: crls)
|
162
|
+
@cert_provider.save_crls(crls)
|
163
|
+
|
164
|
+
next_ctx
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
168
|
+
# Load or generate a private key. If the key exists, try to load the client cert
|
169
|
+
# and transition to Done. If the cert is mismatched or otherwise fails valiation,
|
170
|
+
# raise an error. If the key doesn't exist yet, generate one, and save it. If the
|
171
|
+
# cert doesn't exist yet, transition to NeedSubmitCSR.
|
172
|
+
#
|
173
|
+
class NeedKey < SSLState
|
174
|
+
def next_state
|
175
|
+
Puppet.debug(_("Loading/generating private key"))
|
176
|
+
|
177
|
+
password = @cert_provider.load_private_key_password
|
178
|
+
key = @cert_provider.load_private_key(Puppet[:certname], password: password)
|
179
|
+
if key
|
180
|
+
cert = @cert_provider.load_client_cert(Puppet[:certname])
|
181
|
+
if cert
|
182
|
+
next_ctx = @ssl_provider.create_context(
|
183
|
+
cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: key, client_cert: cert
|
184
|
+
)
|
185
|
+
return Done.new(@machine, next_ctx)
|
186
|
+
end
|
187
|
+
else
|
188
|
+
if Puppet[:key_type] == 'ec'
|
189
|
+
Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] }
|
190
|
+
key = OpenSSL::PKey::EC.generate(Puppet[:named_curve])
|
191
|
+
else
|
192
|
+
Puppet.info _("Creating a new RSA SSL key for %{name}") % { name: Puppet[:certname] }
|
193
|
+
key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
|
194
|
+
end
|
195
|
+
|
196
|
+
@cert_provider.save_private_key(Puppet[:certname], key, password: password)
|
197
|
+
end
|
198
|
+
|
199
|
+
NeedSubmitCSR.new(@machine, @ssl_context, key)
|
200
|
+
end
|
201
|
+
end
|
202
|
+
|
203
|
+
# Base class for states with a private key.
|
204
|
+
#
|
205
|
+
class KeySSLState < SSLState
|
206
|
+
attr_reader :private_key
|
207
|
+
|
208
|
+
def initialize(machine, ssl_context, private_key)
|
209
|
+
super(machine, ssl_context)
|
210
|
+
@private_key = private_key
|
211
|
+
end
|
212
|
+
end
|
213
|
+
|
214
|
+
# Generate and submit a CSR using the CA cert bundle and optional CRL bundle
|
215
|
+
# from earlier states. If the request is submitted, proceed to NeedCert,
|
216
|
+
# otherwise Wait. This could be due to the server already having a CSR
|
217
|
+
# for this host (either the same or different CSR content), having a
|
218
|
+
# signed certificate, or a revoked certificate.
|
219
|
+
#
|
220
|
+
class NeedSubmitCSR < KeySSLState
|
221
|
+
def next_state
|
222
|
+
Puppet.debug(_("Generating and submitting a CSR"))
|
223
|
+
|
224
|
+
csr = @cert_provider.create_request(Puppet[:certname], @private_key)
|
225
|
+
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
226
|
+
route.put_certificate_request(Puppet[:certname], csr, ssl_context: @ssl_context)
|
227
|
+
@cert_provider.save_request(Puppet[:certname], csr)
|
228
|
+
NeedCert.new(@machine, @ssl_context, @private_key)
|
229
|
+
rescue Puppet::HTTP::ResponseError => e
|
230
|
+
if e.response.code == 400
|
231
|
+
NeedCert.new(@machine, @ssl_context, @private_key)
|
232
|
+
else
|
233
|
+
to_error(_("Failed to submit the CSR, HTTP response was %{code}") % { code: e.response.code }, e)
|
234
|
+
end
|
235
|
+
end
|
236
|
+
end
|
237
|
+
|
238
|
+
# Attempt to load or retrieve our signed cert.
|
239
|
+
#
|
240
|
+
class NeedCert < KeySSLState
|
241
|
+
def next_state
|
242
|
+
Puppet.debug(_("Downloading client certificate"))
|
243
|
+
|
244
|
+
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
245
|
+
cert = OpenSSL::X509::Certificate.new(
|
246
|
+
route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1]
|
247
|
+
)
|
248
|
+
Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
|
249
|
+
# verify client cert before saving
|
250
|
+
next_ctx = @ssl_provider.create_context(
|
251
|
+
cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
|
252
|
+
)
|
253
|
+
@cert_provider.save_client_cert(Puppet[:certname], cert)
|
254
|
+
@cert_provider.delete_request(Puppet[:certname])
|
255
|
+
Done.new(@machine, next_ctx)
|
256
|
+
rescue Puppet::SSL::SSLError => e
|
257
|
+
Error.new(@machine, e.message, e)
|
258
|
+
rescue OpenSSL::X509::CertificateError => e
|
259
|
+
Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e)
|
260
|
+
rescue Puppet::HTTP::ResponseError => e
|
261
|
+
if e.response.code == 404
|
262
|
+
Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
|
263
|
+
$stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] }
|
264
|
+
Wait.new(@machine)
|
265
|
+
else
|
266
|
+
to_error(_("Failed to retrieve certificate for %{certname}: %{message}") %
|
267
|
+
{certname: Puppet[:certname], message: e.response.message}, e)
|
268
|
+
end
|
269
|
+
end
|
270
|
+
end
|
271
|
+
|
272
|
+
# We cannot make progress, so wait if allowed to do so, or exit.
|
273
|
+
#
|
274
|
+
class Wait < SSLState
|
275
|
+
def initialize(machine)
|
276
|
+
super(machine, nil)
|
277
|
+
end
|
278
|
+
|
279
|
+
def next_state
|
280
|
+
time = @machine.waitforcert
|
281
|
+
if time < 1
|
282
|
+
log_error(_("Exiting now because the waitforcert setting is set to 0."))
|
283
|
+
exit(1)
|
284
|
+
elsif Time.now.to_i > @machine.wait_deadline
|
285
|
+
log_error(_("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}). Exiting now because the maxwaitforcert timeout has been exceeded.") % {name: Puppet[:certname] })
|
286
|
+
exit(1)
|
287
|
+
else
|
288
|
+
Puppet.info(_("Will try again in %{time} seconds.") % {time: time})
|
289
|
+
|
290
|
+
# close http/tls and session state before sleeping
|
291
|
+
Puppet.runtime[:http].close
|
292
|
+
@machine.session = Puppet.runtime[:http].create_session
|
293
|
+
|
294
|
+
@machine.unlock
|
295
|
+
Kernel.sleep(time)
|
296
|
+
NeedLock.new(@machine)
|
297
|
+
end
|
298
|
+
end
|
299
|
+
end
|
300
|
+
|
301
|
+
# Acquire the ssl lock or return LockFailure causing us to exit.
|
302
|
+
#
|
303
|
+
class NeedLock < SSLState
|
304
|
+
def initialize(machine)
|
305
|
+
super(machine, nil)
|
306
|
+
end
|
307
|
+
|
308
|
+
def next_state
|
309
|
+
if @machine.lock
|
310
|
+
# our ssl directory may have been cleaned while we were
|
311
|
+
# sleeping, start over from the top
|
312
|
+
NeedCACerts.new(@machine)
|
313
|
+
elsif @machine.waitforlock < 1
|
314
|
+
LockFailure.new(@machine, _("Another puppet instance is already running and the waitforlock setting is set to 0; exiting"))
|
315
|
+
elsif Time.now.to_i >= @machine.waitlock_deadline
|
316
|
+
LockFailure.new(@machine, _("Another puppet instance is already running and the maxwaitforlock timeout has been exceeded; exiting"))
|
317
|
+
else
|
318
|
+
Puppet.info _("Another puppet instance is already running; waiting for it to finish")
|
319
|
+
Puppet.info _("Will try again in %{time} seconds.") % {time: @machine.waitforlock}
|
320
|
+
Kernel.sleep @machine.waitforlock
|
321
|
+
|
322
|
+
# try again
|
323
|
+
self
|
324
|
+
end
|
325
|
+
end
|
326
|
+
end
|
327
|
+
|
328
|
+
# We failed to acquire the lock, so exit
|
329
|
+
#
|
330
|
+
class LockFailure < SSLState
|
331
|
+
attr_reader :message
|
332
|
+
|
333
|
+
def initialize(machine, message)
|
334
|
+
super(machine, nil)
|
335
|
+
@message = message
|
336
|
+
end
|
337
|
+
end
|
338
|
+
|
339
|
+
# We cannot make progress due to an error.
|
340
|
+
#
|
341
|
+
class Error < SSLState
|
342
|
+
attr_reader :message, :error
|
343
|
+
|
344
|
+
def initialize(machine, message, error)
|
345
|
+
super(machine, nil)
|
346
|
+
@message = message
|
347
|
+
@error = error
|
348
|
+
end
|
349
|
+
|
350
|
+
def next_state
|
351
|
+
Puppet.log_exception(@error, @message)
|
352
|
+
Wait.new(@machine)
|
353
|
+
end
|
354
|
+
end
|
355
|
+
|
356
|
+
# We have a CA bundle, optional CRL bundle, a private key and matching cert
|
357
|
+
# that chains to one of the root certs in our bundle.
|
358
|
+
#
|
359
|
+
class Done < SSLState; end
|
360
|
+
|
361
|
+
attr_reader :waitforcert, :wait_deadline, :waitforlock, :waitlock_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
|
362
|
+
attr_accessor :session
|
363
|
+
|
364
|
+
# Construct a state machine to manage the SSL initialization process. By
|
365
|
+
# default, if the state machine encounters an exception, it will log the
|
366
|
+
# exception and wait for `waitforcert` seconds and retry, restarting from the
|
367
|
+
# beginning of the state machine.
|
368
|
+
#
|
369
|
+
# However, if `onetime` is true, then the state machine will raise the first
|
370
|
+
# error it encounters, instead of waiting. Otherwise, if `waitforcert` is 0,
|
371
|
+
# then then state machine will exit instead of wait.
|
372
|
+
#
|
373
|
+
# @param waitforcert [Integer] how many seconds to wait between attempts
|
374
|
+
# @param maxwaitforcert [Integer] maximum amount of seconds to wait for the
|
375
|
+
# server to sign the certificate request
|
376
|
+
# @param waitforlock [Integer] how many seconds to wait between attempts for
|
377
|
+
# acquiring the ssl lock
|
378
|
+
# @param maxwaitforlock [Integer] maximum amount of seconds to wait for an
|
379
|
+
# already running process to release the ssl lock
|
380
|
+
# @param onetime [Boolean] whether to run onetime
|
381
|
+
# @param lockfile [Puppet::Util::Pidlock] lockfile to protect against
|
382
|
+
# concurrent modification by multiple processes
|
383
|
+
# @param cert_provider [Puppet::X509::CertProvider] cert provider to use
|
384
|
+
# to load and save X509 objects.
|
385
|
+
# @param ssl_provider [Puppet::SSL::SSLProvider] ssl provider to use
|
386
|
+
# to construct ssl contexts.
|
387
|
+
# @param digest [String] digest algorithm to use for certificate fingerprinting
|
388
|
+
# @param ca_fingerprint [String] optional fingerprint to verify the
|
389
|
+
# downloaded CA bundle
|
390
|
+
def initialize(waitforcert: Puppet[:waitforcert],
|
391
|
+
maxwaitforcert: Puppet[:maxwaitforcert],
|
392
|
+
waitforlock: Puppet[:waitforlock],
|
393
|
+
maxwaitforlock: Puppet[:maxwaitforlock],
|
394
|
+
onetime: Puppet[:onetime],
|
395
|
+
cert_provider: Puppet::X509::CertProvider.new,
|
396
|
+
ssl_provider: Puppet::SSL::SSLProvider.new,
|
397
|
+
lockfile: Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile]),
|
398
|
+
digest: 'SHA256',
|
399
|
+
ca_fingerprint: Puppet[:ca_fingerprint])
|
400
|
+
@waitforcert = waitforcert
|
401
|
+
@wait_deadline = Time.now.to_i + maxwaitforcert
|
402
|
+
@waitforlock = waitforlock
|
403
|
+
@waitlock_deadline = Time.now.to_i + maxwaitforlock
|
404
|
+
@onetime = onetime
|
405
|
+
@cert_provider = cert_provider
|
406
|
+
@ssl_provider = ssl_provider
|
407
|
+
@lockfile = lockfile
|
408
|
+
@digest = digest
|
409
|
+
@ca_fingerprint = ca_fingerprint
|
410
|
+
@session = Puppet.runtime[:http].create_session
|
411
|
+
end
|
412
|
+
|
413
|
+
# Run the state machine for CA certs and CRLs.
|
414
|
+
#
|
415
|
+
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
416
|
+
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
417
|
+
# @api private
|
418
|
+
def ensure_ca_certificates
|
419
|
+
final_state = run_machine(NeedLock.new(self), NeedKey)
|
420
|
+
final_state.ssl_context
|
421
|
+
end
|
422
|
+
|
423
|
+
# Run the state machine for CA certs and CRLs.
|
424
|
+
#
|
425
|
+
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
426
|
+
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
427
|
+
# @api private
|
428
|
+
def ensure_client_certificate
|
429
|
+
final_state = run_machine(NeedLock.new(self), Done)
|
430
|
+
ssl_context = final_state.ssl_context
|
431
|
+
@ssl_provider.print(ssl_context, @digest)
|
432
|
+
ssl_context
|
433
|
+
end
|
434
|
+
|
435
|
+
def lock
|
436
|
+
@lockfile.lock
|
437
|
+
end
|
438
|
+
|
439
|
+
def unlock
|
440
|
+
@lockfile.unlock
|
441
|
+
end
|
442
|
+
|
443
|
+
private
|
444
|
+
|
445
|
+
def run_machine(state, stop)
|
446
|
+
loop do
|
447
|
+
state = run_step(state)
|
448
|
+
|
449
|
+
case state
|
450
|
+
when stop
|
451
|
+
break
|
452
|
+
when LockFailure
|
453
|
+
raise Puppet::Error, state.message
|
454
|
+
when Error
|
455
|
+
if @onetime
|
456
|
+
Puppet.log_exception(state.error)
|
457
|
+
raise state.error
|
458
|
+
end
|
459
|
+
else
|
460
|
+
# fall through
|
461
|
+
end
|
462
|
+
end
|
463
|
+
|
464
|
+
state
|
465
|
+
ensure
|
466
|
+
@lockfile.unlock if @lockfile.locked?
|
467
|
+
end
|
468
|
+
|
469
|
+
def run_step(state)
|
470
|
+
state.next_state
|
471
|
+
rescue => e
|
472
|
+
state.to_error(e.message, e)
|
473
|
+
end
|
474
|
+
end
|
@@ -0,0 +1,142 @@
|
|
1
|
+
require_relative '../../puppet/ssl'
|
2
|
+
|
3
|
+
# Verify an SSL connection.
|
4
|
+
#
|
5
|
+
# @api private
|
6
|
+
class Puppet::SSL::Verifier
|
7
|
+
|
8
|
+
FIVE_MINUTES_AS_SECONDS = 5 * 60
|
9
|
+
|
10
|
+
attr_reader :ssl_context
|
11
|
+
|
12
|
+
# Create a verifier using an `ssl_context`.
|
13
|
+
#
|
14
|
+
# @param hostname [String] FQDN of the server we're attempting to connect to
|
15
|
+
# @param ssl_context [Puppet::SSL::SSLContext] ssl_context containing CA certs,
|
16
|
+
# CRLs, etc needed to verify the server's certificate chain
|
17
|
+
# @api private
|
18
|
+
def initialize(hostname, ssl_context)
|
19
|
+
@hostname = hostname
|
20
|
+
@ssl_context = ssl_context
|
21
|
+
end
|
22
|
+
|
23
|
+
# Return true if `self` is reusable with `verifier` meaning they
|
24
|
+
# are using the same `ssl_context`, so there's no loss of security
|
25
|
+
# when using a cached connection.
|
26
|
+
#
|
27
|
+
# @param verifier [Puppet::SSL::Verifier] the verifier to compare against
|
28
|
+
# @return [Boolean] return true if a cached connection can be used, false otherwise
|
29
|
+
# @api private
|
30
|
+
def reusable?(verifier)
|
31
|
+
verifier.instance_of?(self.class) &&
|
32
|
+
verifier.ssl_context.object_id == @ssl_context.object_id
|
33
|
+
end
|
34
|
+
|
35
|
+
# Configure the `http` connection based on the current `ssl_context`.
|
36
|
+
#
|
37
|
+
# @param http [Net::HTTP] connection
|
38
|
+
# @api private
|
39
|
+
def setup_connection(http)
|
40
|
+
http.cert_store = @ssl_context[:store]
|
41
|
+
http.cert = @ssl_context[:client_cert]
|
42
|
+
http.key = @ssl_context[:private_key]
|
43
|
+
# default to VERIFY_PEER
|
44
|
+
http.verify_mode = if !@ssl_context[:verify_peer]
|
45
|
+
OpenSSL::SSL::VERIFY_NONE
|
46
|
+
else
|
47
|
+
OpenSSL::SSL::VERIFY_PEER
|
48
|
+
end
|
49
|
+
http.verify_callback = self
|
50
|
+
end
|
51
|
+
|
52
|
+
# This method is called if `Net::HTTP#start` raises an exception, which
|
53
|
+
# could be a result of an openssl error during cert verification, due
|
54
|
+
# to ruby's `Socket#post_connection_check`, or general SSL connection
|
55
|
+
# error.
|
56
|
+
#
|
57
|
+
# @param http [Net::HTTP] connection
|
58
|
+
# @param error [OpenSSL::SSL::SSLError] connection error
|
59
|
+
# @raise [Puppet::SSL::CertVerifyError] SSL connection failed due to a
|
60
|
+
# verification error with the server's certificate or chain
|
61
|
+
# @raise [Puppet::Error] server hostname does not match certificate
|
62
|
+
# @raise [OpenSSL::SSL::SSLError] low-level SSL connection failure
|
63
|
+
# @api private
|
64
|
+
def handle_connection_error(http, error)
|
65
|
+
raise @last_error if @last_error
|
66
|
+
|
67
|
+
# ruby can pass SSL validation but fail post_connection_check
|
68
|
+
peer_cert = http.peer_cert
|
69
|
+
if peer_cert && !OpenSSL::SSL.verify_certificate_identity(peer_cert, @hostname)
|
70
|
+
raise Puppet::SSL::CertMismatchError.new(peer_cert, @hostname)
|
71
|
+
else
|
72
|
+
raise error
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
# OpenSSL will call this method with the verification result for each cert in
|
77
|
+
# the server's chain, working from the root CA to the server's cert. If
|
78
|
+
# preverify_ok is `true`, then that cert passed verification. If it's `false`
|
79
|
+
# then the current verification error is contained in `store_context.error`.
|
80
|
+
# and the current cert is in `store_context.current_cert`.
|
81
|
+
#
|
82
|
+
# If this method returns `false`, then verification stops and ruby will raise
|
83
|
+
# an `OpenSSL::SSL::Error` with "certificate verification failed". If this
|
84
|
+
# method returns `true`, then verification continues.
|
85
|
+
#
|
86
|
+
# If this method ignores a verification error, such as the cert's CRL will be
|
87
|
+
# valid within the next 5 minutes, then this method may be called with a
|
88
|
+
# different verification error for the same cert.
|
89
|
+
#
|
90
|
+
# WARNING: If `store_context.error` returns `OpenSSL::X509::V_OK`, don't
|
91
|
+
# assume verification passed. Ruby 2.4+ implements certificate hostname
|
92
|
+
# checking by default, and if the cert doesn't match the hostname, then the
|
93
|
+
# error will be V_OK. Always use `preverify_ok` to determine if verification
|
94
|
+
# succeeded or not.
|
95
|
+
#
|
96
|
+
# @param preverify_ok [Boolean] if `true` the current certificate in `store_context`
|
97
|
+
# was verified. Otherwise, check for the current error in `store_context.error`
|
98
|
+
# @param store_context [OpenSSL::X509::StoreContext] The context holding the
|
99
|
+
# verification result for one certificate
|
100
|
+
# @return [Boolean] If `true`, continue verifying the chain, even if that means
|
101
|
+
# ignoring the current verification error. If `false`, abort the connection.
|
102
|
+
#
|
103
|
+
# @api private
|
104
|
+
def call(preverify_ok, store_context)
|
105
|
+
return true if preverify_ok
|
106
|
+
|
107
|
+
peer_cert = store_context.current_cert
|
108
|
+
|
109
|
+
case store_context.error
|
110
|
+
when OpenSSL::X509::V_OK
|
111
|
+
# chain is from leaf to root, opposite of the order that `call` is invoked
|
112
|
+
chain_cert = store_context.chain.first
|
113
|
+
|
114
|
+
# ruby 2.4 doesn't compare certs based on value, so force to DER byte array
|
115
|
+
if peer_cert && chain_cert && peer_cert.to_der == chain_cert.to_der && !OpenSSL::SSL.verify_certificate_identity(peer_cert, @hostname)
|
116
|
+
@last_error = Puppet::SSL::CertMismatchError.new(peer_cert, @hostname)
|
117
|
+
return false
|
118
|
+
end
|
119
|
+
|
120
|
+
# ruby-openssl#74ef8c0cc56b840b772240f2ee2b0fc0aafa2743 now sets the
|
121
|
+
# store_context error when the cert is mismatched
|
122
|
+
when OpenSSL::X509::V_ERR_HOSTNAME_MISMATCH
|
123
|
+
@last_error = Puppet::SSL::CertMismatchError.new(peer_cert, @hostname)
|
124
|
+
return false
|
125
|
+
|
126
|
+
when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
|
127
|
+
crl = store_context.current_crl
|
128
|
+
if crl && crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
|
129
|
+
Puppet.debug("Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}")
|
130
|
+
return true
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
# TRANSLATORS: `error` is an untranslated message from openssl describing why a certificate in the server's chain is invalid, and `subject` is the identity/name of the failed certificate
|
135
|
+
@last_error = Puppet::SSL::CertVerifyError.new(
|
136
|
+
_("certificate verify failed [%{error} for %{subject}]") %
|
137
|
+
{ error: store_context.error_string, subject: peer_cert.subject.to_utf8 },
|
138
|
+
store_context.error, peer_cert
|
139
|
+
)
|
140
|
+
false
|
141
|
+
end
|
142
|
+
end
|
data/lib/puppet/ssl.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Just to make the constants work out.
|
2
|
+
require_relative '../puppet'
|
3
|
+
require_relative 'ssl/openssl_loader'
|
4
|
+
|
5
|
+
# Responsible for bootstrapping an agent's certificate and private key, generating
|
6
|
+
# SSLContexts for use in making HTTPS connections, and handling CSR attributes and
|
7
|
+
# certificate extensions.
|
8
|
+
#
|
9
|
+
# @see Puppet::SSL::SSLProvider
|
10
|
+
# @api private
|
11
|
+
module Puppet::SSL
|
12
|
+
CA_NAME = "ca".freeze
|
13
|
+
|
14
|
+
require_relative 'ssl/oids'
|
15
|
+
require_relative 'ssl/error'
|
16
|
+
require_relative 'ssl/ssl_context'
|
17
|
+
require_relative 'ssl/verifier'
|
18
|
+
require_relative 'ssl/ssl_provider'
|
19
|
+
require_relative 'ssl/state_machine'
|
20
|
+
require_relative 'ssl/certificate'
|
21
|
+
require_relative 'ssl/certificate_request'
|
22
|
+
require_relative 'ssl/certificate_request_attributes'
|
23
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# A syntax checker for Base64.
|
2
|
+
# @api public
|
3
|
+
require_relative '../../puppet/syntax_checkers'
|
4
|
+
require 'base64'
|
5
|
+
class Puppet::SyntaxCheckers::Base64 < Puppet::Plugins::SyntaxCheckers::SyntaxChecker
|
6
|
+
|
7
|
+
# Checks the text for BASE64 syntax issues and reports them to the given acceptor.
|
8
|
+
# This checker allows the most relaxed form of Base64, including newlines and missing padding.
|
9
|
+
# It also accept URLsafe input.
|
10
|
+
#
|
11
|
+
# @param text [String] The text to check
|
12
|
+
# @param syntax [String] The syntax identifier in mime style (e.g. 'base64', 'text/xxx+base64')
|
13
|
+
# @param acceptor [#accept] A Diagnostic acceptor
|
14
|
+
# @param source_pos [Puppet::Pops::Adapters::SourcePosAdapter] A source pos adapter with location information
|
15
|
+
# @api public
|
16
|
+
#
|
17
|
+
def check(text, syntax, acceptor, source_pos)
|
18
|
+
raise ArgumentError.new(_("Base64 syntax checker: the text to check must be a String.")) unless text.is_a?(String)
|
19
|
+
raise ArgumentError.new(_("Base64 syntax checker: the syntax identifier must be a String, e.g. json, data+json")) unless syntax.is_a?(String)
|
20
|
+
raise ArgumentError.new(_("Base64 syntax checker: invalid Acceptor, got: '%{klass}'.") % { klass: acceptor.class.name }) unless acceptor.is_a?(Puppet::Pops::Validation::Acceptor)
|
21
|
+
cleaned_text = text.gsub(/[\r?\n[:blank:]]/, '')
|
22
|
+
begin
|
23
|
+
# Do a strict decode64 on text with all whitespace stripped since the non strict version
|
24
|
+
# simply skips all non base64 characters
|
25
|
+
Base64.strict_decode64(cleaned_text)
|
26
|
+
rescue
|
27
|
+
msg = if (cleaned_text.bytes.to_a.size * 8) % 6 != 0
|
28
|
+
_("Base64 syntax checker: Cannot parse invalid Base64 string - padding is not correct")
|
29
|
+
else
|
30
|
+
_("Base64 syntax checker: Cannot parse invalid Base64 string - contains letters outside strict base 64 range (or whitespace)")
|
31
|
+
end
|
32
|
+
|
33
|
+
# TODO: improve the pops API to allow simpler diagnostic creation while still maintaining capabilities
|
34
|
+
# and the issue code. (In this case especially, where there is only a single error message being issued).
|
35
|
+
#
|
36
|
+
issue = Puppet::Pops::Issues::issue(:ILLEGAL_BASE64) { msg }
|
37
|
+
acceptor.accept(Puppet::Pops::Validation::Diagnostic.new(:error, issue, source_pos.file, source_pos, {}))
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|