puppet-http 0.1.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9bd4d0b16f3c260e8cdd6169558c17fbefea51df
+  data.tar.gz: 388fdcef73102773b2a39e77fbdcdb59ae0b97fd
+SHA512:
+  metadata.gz: f439cd956ff2d9645265a3960e434a2546e956d5425e14f65c9cf158471427ae952af100690d5824a89060b2da6b3410f62b716317cb04da5b9b287848212fe7
+  data.tar.gz: 0b7b43fae48dc74504bba87517bfe807f0e109a61ec091b3f7da8df78b4a97a9b0df7ecf2f2f098e9151b675a890b973d6bfff3dfb5fb35caad768411b90a5fb

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+.idea
+*.gem
+*.DS_Store

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 1.8.7
+before_install: gem install bundler -v 1.10.5

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in puppet-http.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 DeathKing<deathking0622@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,115 @@
+# puppet-http
+
+**DO CONSIDER TWICE BEFORE USING IN PRODUCTION ENVIRONMENT!!!**
+
+Certificates are never nightmares! This gem allows your Puppet agent talk to master via HTTP easily, thus you won't
+get any trouble in certificate issuing.
+
+## Installation
+
+```
+$ gem install 'puppet-http'
+```
+
+## Usage
+
+As to agent side, just using:
+
+```
+$ puppet http_agent the-rest-option-as-usual
+```
+
+The usage of master side depends on how you boot the master. If you trigger master via commandline, namely, using
+WEBrick mode, just type:
+
+```
+$ puppet http_master the-rest-option-as-usual
+```
+
+If you run your master as a Rack middleware, the steps are as follows:
+
+  1. turn off your frond-end web server SSL features!
+  2. edit your `config.ru` file, add a line `require 'puppet/http'` at the very beginning, and also change
+  `$0 = "master"` into `$0 = "http_master"`.
+  
+Here's a modified `config.ru` example:
+
+```ruby
+# a config.ru, for use with every rack-compatible webserver.
+# SSL needs to be handled outside this, though.
+
+# if puppet is not in your RUBYLIB:
+# $LOAD_PATH.unshift('/opt/puppet/lib')
+
+require 'puppet/http'  # <-- add this line
+
+$0 = "http_master"     # <-- change this line
+
+# if you want debugging:
+# ARGV << "--debug"
+
+ARGV << "--rack"
+
+# Rack applications typically don't start as root.  Set --confdir and --vardir
+# to prevent reading configuration from ~puppet/.puppet/puppet.conf and writing
+# to ~puppet/.puppet
+ARGV << "--confdir" << "/etc/puppet"
+ARGV << "--vardir"  << "/var/lib/puppet"
+
+# NOTE: it's unfortunate that we have to use the "CommandLine" class
+#  here to launch the app, but it contains some initialization logic
+#  (such as triggering the parsing of the config file) that is very
+#  important.  We should do something less nasty here when we've
+#  gotten our API and settings initialization logic cleaned up.
+#
+# Also note that the "$0 = master" line up near the top here is
+#  the magic that allows the CommandLine class to know that it's
+#  supposed to be running master.
+#
+# --cprice 2012-05-22
+
+require 'puppet/util/command_line'
+# we're usually running inside a Rack::Builder.new {} block,
+# therefore we need to call run *here*.
+run Puppet::Util::CommandLine.new.execute
+```
+
+## TODO
+
+Maybe we need some tests?
+
+## Mechanism 
+
+Somehow, Puppet will search certain places to find out a what so called `ApplicationSubcommand`. If there's a file 
+whose name is `my_app.rb` under the relative path `lib\puppet\application\` to following paths:
+
+  1. all the gems' directory
+  2. Puppet modules' directory
+  3. `libdirs`
+  4. the `$LOAD_PATH` of Ruby interpreter
+
+In addition, the file `my_app.rb` is supposed to:
+ 
+  1. be a subclass(directly or indirectly) of `Puppet::Application`
+  2. define under the namespace `Puppet::Application`
+  3. have a CamlCase class name
+
+For example, the class definition of `my_app.rb` should be:
+
+```ruby
+class Puppet::Application::MyApp < Puppet::Application
+
+# Your code goes here
+```
+
+Thus, when you boot puppet using `puppet my_app`, the file will be loaded and executed. We use this way to load 
+customize script and perform some dirty monkey patchings to disable the Puppet SSL feature.
+
+## Development && Contributing
+
+Feel free to report bugs and send pull request!
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "puppet/http"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/ext/rack/config.ru

@@ -0,0 +1,38 @@
+# a config.ru, for use with every rack-compatible webserver.
+# SSL needs to be handled outside this, though.
+
+# if puppet is not in your RUBYLIB:
+# $LOAD_PATH.unshift('/opt/puppet/lib')
+
+require 'puppet/http'  # <-- this line is newly added
+
+$0 = "http_master"     # <-- this line has been modified
+
+# if you want debugging:
+# ARGV << "--debug"
+
+ARGV << "--rack"
+
+# Rack applications typically don't start as root.  Set --confdir and --vardir
+# to prevent reading configuration from ~puppet/.puppet/puppet.conf and writing
+# to ~puppet/.puppet
+ARGV << "--confdir" << "/etc/puppet"
+ARGV << "--vardir"  << "/var/lib/puppet"
+
+# NOTE: it's unfortunate that we have to use the "CommandLine" class
+#  here to launch the app, but it contains some initialization logic
+#  (such as triggering the parsing of the config file) that is very
+#  important.  We should do something less nasty here when we've
+#  gotten our API and settings initialization logic cleaned up.
+#
+# Also note that the "$0 = master" line up near the top here is
+#  the magic that allows the CommandLine class to know that it's
+#  supposed to be running master.
+#
+# --cprice 2012-05-22
+
+require 'puppet/util/command_line'
+# we're usually running inside a Rack::Builder.new {} block,
+# therefore we need to call run *here*.
+run Puppet::Util::CommandLine.new.execute
+

data/lib/puppet/application/http_agent.rb

@@ -0,0 +1,15 @@
+require 'puppet/application/agent'
+require 'puppet/patch'
+
+class Puppet::Application::HttpAgent < Puppet::Application::Agent
+
+  def wait_for_certificates
+    # Logging is necessary to make user aware of they are currently using an unsafe transmission.
+    Puppet.debug "Puppet HTTPAgent won't fetch certificate."
+  end
+
+  def fingerprint
+    raise RuntimeError, "HTTPAgent has no fingerprint."
+  end
+
+end

data/lib/puppet/application/http_master.rb

@@ -0,0 +1,35 @@
+require 'puppet/patch'
+require 'puppet/application/master'
+
+class Puppet::Application::HttpMaster < Puppet::Application::Master
+
+  def setup_ssl
+    # Logging is necessary to make user aware of they are currently using an unsafe transmission.
+    Puppet.debug "Puppet HTTPMaster won't setup SSL environment."
+  end
+
+  def main
+    require 'etc'
+
+    if Puppet.features.root?
+      begin
+        Puppet::Util.chuser
+      rescue => detail
+        Puppet.log_exception(detail, "Could not change user to #{Puppet[:user]}: #{detail}")
+        exit(39)
+      end
+    end
+
+    if options[:rack]
+      start_rack_master
+    else
+      start_webrick_master
+    end
+  end
+
+  def start_webrick_master
+    require 'puppet/patch/webrick'
+    super
+  end
+
+end

data/lib/puppet/http.rb

@@ -0,0 +1,9 @@
+# Here's the situation: Puppet will search all the gems directory to find a validate
+# *ApplicationSubcommand*. But some how, rack use Bundler to load the gem. In this
+# situation, the Puppet autoloader won't search bundler directory to get the file we
+# want. So we have to inject our gem directory to $LOAD_PATH so that enables
+# *http_master*. Maybe we have a better way to do that, right?  -- DeathKing 2015-09-08
+
+if defined? ::Bundler
+  $LOAD_PATH.unshift(File.expand_path(__FILE__) + "../")
+end

data/lib/puppet/http/version.rb

@@ -0,0 +1,5 @@
+module Puppet
+  module Http
+    VERSION = "0.1.3"
+  end
+end

data/lib/puppet/patch.rb

@@ -0,0 +1 @@
+require 'puppet/patch/http_pool'

data/lib/puppet/patch/http_connection.rb

@@ -0,0 +1,12 @@
+require 'puppet/network/http/connection'
+
+module Puppet::Network::HTTP
+  class HttpConnection < Connection
+
+    def initialize(host, port, options = {})
+      verify = Puppet::SSL::Validator.no_validator
+      super host, port, options.merge(:use_ssl => false, :verify => verify)
+    end
+
+  end
+end

data/lib/puppet/patch/http_pool.rb

@@ -0,0 +1,11 @@
+require 'puppet/network/http_pool'
+require 'puppet/patch/http_connection'
+
+module Puppet::Network::HttpPool
+
+  # Ya, this is a magic trick yet to be dangerous. Be very careful because this might infect
+  # both self.http_instance and self.http_ssl_instance. After execute this code, that two
+  # methods both return a HTTP connection in any condition.
+  @http_client_class = Puppet::Network::HTTP::HttpConnection
+
+end

data/lib/puppet/patch/webrick.rb

@@ -0,0 +1,39 @@
+require 'puppet/network/http/webrick'
+
+class Puppet::Network::HTTP::WEBrick
+
+  def listen(address, port)
+    @server = create_server(address, port)
+
+    # @server.listeners.each { |l| l.start_immediately = false }
+
+    @server.mount('/', Puppet::Network::HTTP::WEBrickREST)
+
+    raise "WEBrick server is already listening" if @listening
+    @listening = true
+    @thread = Thread.new do
+      @server.start do |sock|
+        timeout = 10.0
+        if ! IO.select([sock],nil,nil,timeout)
+          raise "Client did not send data within %.1f seconds of connecting" % timeout
+        end
+        # sock.accept
+        @server.run(sock)
+      end
+    end
+    sleep 0.1 until @server.status == :Running
+  end
+
+  def create_server(address, port)
+    arguments = {:BindAddress => address, :Port => port, :DoNotReverseLookup => true}
+    arguments.merge!(setup_logger)
+    # arguments.merge!(setup_ssl)
+
+    BasicSocket.do_not_reverse_lookup = true
+
+    server = WEBrick::HTTPServer.new(arguments)
+    # server.ssl_context.ciphers = CIPHERS
+    server
+  end
+
+end

data/puppet-http.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'puppet/http/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "puppet-http"
+  spec.version       = Puppet::Http::VERSION
+  spec.authors       = ["DeathKing"]
+  spec.email         = ["deathking0622@gmail.com"]
+
+  spec.summary       = %q{Enable Puppet master/agent communicate via HTTP.}
+  spec.description   = %q{Enable Puppet master/agent communicate via HTTP.}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+
+  # We have to carefully deal with puppet dependency, because it seems that Gem couldn't recognize
+  # Puppet installed via install.rb script which will cause a gem install then. For now, we just assume
+  # user have already installed Puppet.   -- DeathKing 2015-09-06
+
+  # spec.add_runtime_dependency "puppet"
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: puppet-http
+version: !ruby/object:Gem::Version
+  version: 0.1.3
+platform: ruby
+authors:
+- DeathKing
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-09-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Enable Puppet master/agent communicate via HTTP.
+email:
+- deathking0622@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- ext/rack/config.ru
+- lib/puppet/application/http_agent.rb
+- lib/puppet/application/http_master.rb
+- lib/puppet/http.rb
+- lib/puppet/http/version.rb
+- lib/puppet/patch.rb
+- lib/puppet/patch/http_connection.rb
+- lib/puppet/patch/http_pool.rb
+- lib/puppet/patch/webrick.rb
+- puppet-http.gemspec
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Enable Puppet master/agent communicate via HTTP.
+test_files: []