puppet 0.25.5 → 2.6.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +667 -0
- data/LICENSE +2 -2
- data/README +5 -1
- data/README.queueing +1 -1
- data/README.rst +7 -4
- data/Rakefile +6 -18
- data/bin/filebucket +0 -94
- data/bin/pi +2 -47
- data/bin/puppet +2 -69
- data/bin/puppetca +2 -100
- data/bin/puppetd +2 -158
- data/bin/puppetdoc +2 -63
- data/bin/puppetmasterd +2 -64
- data/bin/puppetqd +2 -51
- data/bin/puppetrun +2 -127
- data/bin/ralsh +2 -87
- data/conf/epm.list +2 -2
- data/conf/osx/PackageInfo.plist +1 -1
- data/conf/redhat/client.init +11 -8
- data/conf/redhat/puppet.conf +1 -1
- data/conf/redhat/puppet.spec +1 -1
- data/conf/redhat/rundir-perms.patch +13 -13
- data/conf/redhat/server.init +11 -5
- data/conf/solaris/pkginfo +2 -2
- data/conf/solaris/smf/puppetd.xml +3 -3
- data/conf/solaris/smf/puppetmasterd.xml +3 -3
- data/conf/suse/client.init +3 -2
- data/conf/suse/puppet.spec +22 -18
- data/conf/suse/server.init +12 -11
- data/examples/modules/sample-module/README.txt +3 -3
- data/examples/modules/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb +4 -4
- data/ext/extlookup.rb +94 -96
- data/ext/nagios/check_puppet.rb +94 -88
- data/ext/nagios/naggen +3 -3
- data/ext/puppet-test +27 -3
- data/ext/puppetlisten/puppetlisten.rb +39 -39
- data/ext/puppetlisten/puppetrun.rb +6 -6
- data/ext/puppetstoredconfigclean.rb +49 -43
- data/ext/pure_ruby_dsl/dsl_test.rb +7 -0
- data/ext/regexp_nodes/regexp_nodes.rb +133 -133
- data/ext/yaml_nodes.rb +99 -0
- data/install.rb +109 -118
- data/lib/puppet.rb +118 -131
- data/lib/puppet/agent.rb +86 -119
- data/lib/puppet/agent/locker.rb +28 -30
- data/lib/puppet/application.rb +276 -184
- data/lib/puppet/application/agent.rb +266 -0
- data/lib/puppet/application/apply.rb +165 -0
- data/lib/puppet/application/cert.rb +85 -0
- data/lib/puppet/application/describe.rb +203 -0
- data/lib/puppet/application/doc.rb +215 -0
- data/lib/puppet/application/filebucket.rb +73 -73
- data/lib/puppet/application/kick.rb +212 -0
- data/lib/puppet/application/master.rb +156 -0
- data/lib/puppet/application/queue.rb +91 -0
- data/lib/puppet/application/resource.rb +118 -0
- data/lib/puppet/configurer.rb +214 -197
- data/lib/puppet/configurer/downloader.rb +63 -63
- data/lib/puppet/configurer/fact_handler.rb +51 -51
- data/lib/puppet/configurer/plugin_handler.rb +19 -19
- data/lib/puppet/daemon.rb +100 -103
- data/lib/puppet/defaults.rb +793 -796
- data/lib/puppet/dsl.rb +5 -269
- data/lib/puppet/dsl/resource_api.rb +120 -0
- data/lib/puppet/dsl/resource_type_api.rb +40 -0
- data/lib/puppet/error.rb +34 -36
- data/lib/puppet/external/base64.rb +8 -8
- data/lib/puppet/external/dot.rb +262 -262
- data/lib/puppet/external/event-loop/better-definers.rb +297 -297
- data/lib/puppet/external/event-loop/event-loop.rb +264 -272
- data/lib/puppet/external/event-loop/signal-system.rb +161 -163
- data/lib/puppet/external/lock.rb +41 -41
- data/lib/puppet/external/nagios.rb +32 -32
- data/lib/puppet/external/nagios/base.rb +453 -458
- data/lib/puppet/external/nagios/parser.rb +264 -287
- data/lib/puppet/external/pson/common.rb +8 -5
- data/lib/puppet/external/pson/pure/generator.rb +26 -26
- data/lib/puppet/external/pson/pure/parser.rb +43 -48
- data/lib/puppet/feature/base.rb +21 -1
- data/lib/puppet/feature/pson.rb +4 -4
- data/lib/puppet/feature/rack.rb +14 -14
- data/lib/puppet/feature/rails.rb +23 -25
- data/lib/puppet/file_bucket.rb +4 -0
- data/lib/puppet/file_bucket/dipper.rb +99 -0
- data/lib/puppet/file_bucket/file.rb +136 -0
- data/lib/puppet/file_bucket/file/indirection_hooks.rb +9 -0
- data/lib/puppet/file_collection.rb +20 -20
- data/lib/puppet/file_collection/lookup.rb +11 -11
- data/lib/puppet/file_serving/base.rb +67 -71
- data/lib/puppet/file_serving/configuration.rb +84 -86
- data/lib/puppet/file_serving/configuration/parser.rb +103 -102
- data/lib/puppet/file_serving/content.rb +34 -33
- data/lib/puppet/file_serving/fileset.rb +131 -133
- data/lib/puppet/file_serving/indirection_hooks.rb +17 -17
- data/lib/puppet/file_serving/metadata.rb +98 -95
- data/lib/puppet/file_serving/mount.rb +22 -22
- data/lib/puppet/file_serving/mount/file.rb +101 -106
- data/lib/puppet/file_serving/mount/modules.rb +15 -15
- data/lib/puppet/file_serving/mount/plugins.rb +15 -16
- data/lib/puppet/file_serving/terminus_helper.rb +13 -13
- data/lib/puppet/indirector.rb +48 -49
- data/lib/puppet/indirector/active_record.rb +19 -19
- data/lib/puppet/indirector/catalog/active_record.rb +25 -25
- data/lib/puppet/indirector/catalog/compiler.rb +134 -145
- data/lib/puppet/indirector/catalog/rest.rb +1 -1
- data/lib/puppet/indirector/catalog/yaml.rb +13 -13
- data/lib/puppet/indirector/certificate/ca.rb +3 -3
- data/lib/puppet/indirector/certificate/file.rb +3 -3
- data/lib/puppet/indirector/certificate/rest.rb +8 -8
- data/lib/puppet/indirector/certificate_request/ca.rb +7 -7
- data/lib/puppet/indirector/certificate_request/file.rb +2 -2
- data/lib/puppet/indirector/certificate_request/rest.rb +3 -3
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +2 -2
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +2 -2
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +3 -3
- data/lib/puppet/indirector/couch.rb +76 -0
- data/lib/puppet/indirector/direct_file_server.rb +11 -11
- data/lib/puppet/indirector/envelope.rb +4 -4
- data/lib/puppet/indirector/exec.rb +38 -42
- data/lib/puppet/indirector/facts/active_record.rb +24 -24
- data/lib/puppet/indirector/facts/couch.rb +31 -0
- data/lib/puppet/indirector/facts/facter.rb +63 -61
- data/lib/puppet/indirector/facts/memory.rb +4 -4
- data/lib/puppet/indirector/facts/rest.rb +1 -1
- data/lib/puppet/indirector/facts/yaml.rb +2 -2
- data/lib/puppet/indirector/file.rb +67 -46
- data/lib/puppet/indirector/file_bucket_file/file.rb +146 -0
- data/lib/puppet/indirector/file_bucket_file/rest.rb +8 -0
- data/lib/puppet/indirector/file_content/file.rb +1 -1
- data/lib/puppet/indirector/file_content/file_server.rb +1 -1
- data/lib/puppet/indirector/file_content/rest.rb +1 -1
- data/lib/puppet/indirector/file_metadata/file.rb +11 -11
- data/lib/puppet/indirector/file_metadata/file_server.rb +1 -1
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -1
- data/lib/puppet/indirector/file_server.rb +44 -44
- data/lib/puppet/indirector/indirection.rb +249 -260
- data/lib/puppet/indirector/key/ca.rb +5 -5
- data/lib/puppet/indirector/key/file.rb +29 -29
- data/lib/puppet/indirector/ldap.rb +62 -64
- data/lib/puppet/indirector/memory.rb +13 -13
- data/lib/puppet/indirector/node/active_record.rb +6 -6
- data/lib/puppet/indirector/node/exec.rb +40 -44
- data/lib/puppet/indirector/node/ldap.rb +246 -212
- data/lib/puppet/indirector/node/memory.rb +5 -5
- data/lib/puppet/indirector/node/plain.rb +12 -12
- data/lib/puppet/indirector/node/rest.rb +2 -2
- data/lib/puppet/indirector/node/yaml.rb +2 -2
- data/lib/puppet/indirector/plain.rb +4 -4
- data/lib/puppet/indirector/queue.rb +49 -51
- data/lib/puppet/indirector/report/processor.rb +34 -37
- data/lib/puppet/indirector/report/rest.rb +3 -3
- data/lib/puppet/indirector/request.rb +171 -157
- data/lib/puppet/indirector/resource/ral.rb +48 -0
- data/lib/puppet/indirector/resource/rest.rb +5 -0
- data/lib/puppet/indirector/resource_type.rb +5 -0
- data/lib/puppet/indirector/resource_type/parser.rb +27 -0
- data/lib/puppet/indirector/resource_type/rest.rb +7 -0
- data/lib/puppet/indirector/rest.rb +83 -79
- data/lib/puppet/indirector/run/local.rb +8 -0
- data/lib/puppet/indirector/run/rest.rb +6 -0
- data/lib/puppet/indirector/ssl_file.rb +165 -165
- data/lib/puppet/indirector/status.rb +3 -0
- data/lib/puppet/indirector/status/local.rb +7 -0
- data/lib/puppet/indirector/status/rest.rb +5 -0
- data/lib/puppet/indirector/terminus.rb +129 -133
- data/lib/puppet/indirector/yaml.rb +47 -49
- data/lib/puppet/metatype/manager.rb +120 -114
- data/lib/puppet/module.rb +182 -124
- data/lib/puppet/network/authconfig.rb +146 -156
- data/lib/puppet/network/authorization.rb +63 -70
- data/lib/puppet/network/authstore.rb +226 -232
- data/lib/puppet/network/client.rb +141 -152
- data/lib/puppet/network/client/ca.rb +47 -49
- data/lib/puppet/network/client/file.rb +3 -3
- data/lib/puppet/network/client/proxy.rb +19 -19
- data/lib/puppet/network/client/report.rb +17 -21
- data/lib/puppet/network/client/runner.rb +5 -7
- data/lib/puppet/network/client/status.rb +1 -1
- data/lib/puppet/network/client_request.rb +20 -22
- data/lib/puppet/network/format.rb +79 -81
- data/lib/puppet/network/format_handler.rb +135 -130
- data/lib/puppet/network/formats.rb +128 -154
- data/lib/puppet/network/handler.rb +43 -46
- data/lib/puppet/network/handler/ca.rb +129 -135
- data/lib/puppet/network/handler/filebucket.rb +39 -170
- data/lib/puppet/network/handler/fileserver.rb +624 -656
- data/lib/puppet/network/handler/master.rb +62 -75
- data/lib/puppet/network/handler/report.rb +60 -67
- data/lib/puppet/network/handler/runner.rb +20 -20
- data/lib/puppet/network/handler/status.rb +9 -9
- data/lib/puppet/network/http.rb +12 -12
- data/lib/puppet/network/http/api/v1.rb +49 -44
- data/lib/puppet/network/http/compression.rb +111 -0
- data/lib/puppet/network/http/handler.rb +183 -183
- data/lib/puppet/network/http/mongrel.rb +46 -48
- data/lib/puppet/network/http/mongrel/rest.rb +73 -66
- data/lib/puppet/network/http/rack.rb +45 -45
- data/lib/puppet/network/http/rack/httphandler.rb +7 -7
- data/lib/puppet/network/http/rack/rest.rb +84 -61
- data/lib/puppet/network/http/rack/xmlrpc.rb +49 -49
- data/lib/puppet/network/http/webrick.rb +108 -112
- data/lib/puppet/network/http/webrick/rest.rb +60 -57
- data/lib/puppet/network/http_pool.rb +95 -83
- data/lib/puppet/network/http_server/mongrel.rb +90 -90
- data/lib/puppet/network/http_server/webrick.rb +139 -148
- data/lib/puppet/network/rest_authconfig.rb +76 -71
- data/lib/puppet/network/rest_authorization.rb +11 -13
- data/lib/puppet/network/rights.rb +217 -226
- data/lib/puppet/network/server.rb +147 -151
- data/lib/puppet/network/xmlrpc/client.rb +197 -205
- data/lib/puppet/network/xmlrpc/processor.rb +68 -72
- data/lib/puppet/network/xmlrpc/server.rb +10 -10
- data/lib/puppet/network/xmlrpc/webrick_servlet.rb +94 -100
- data/lib/puppet/node.rb +99 -107
- data/lib/puppet/node/environment.rb +109 -62
- data/lib/puppet/node/facts.rb +48 -43
- data/lib/puppet/parameter.rb +246 -498
- data/lib/puppet/parameter/value.rb +63 -0
- data/lib/puppet/parameter/value_collection.rb +143 -0
- data/lib/puppet/parser.rb +4 -0
- data/lib/puppet/parser/ast.rb +81 -67
- data/lib/puppet/parser/ast/arithmetic_operator.rb +27 -29
- data/lib/puppet/parser/ast/astarray.rb +50 -50
- data/lib/puppet/parser/ast/asthash.rb +37 -0
- data/lib/puppet/parser/ast/boolean_operator.rb +33 -35
- data/lib/puppet/parser/ast/branch.rb +29 -31
- data/lib/puppet/parser/ast/caseopt.rb +50 -56
- data/lib/puppet/parser/ast/casestatement.rb +30 -30
- data/lib/puppet/parser/ast/collection.rb +43 -37
- data/lib/puppet/parser/ast/collexpr.rb +66 -69
- data/lib/puppet/parser/ast/comparison_operator.rb +32 -35
- data/lib/puppet/parser/ast/else.rb +13 -13
- data/lib/puppet/parser/ast/function.rb +34 -43
- data/lib/puppet/parser/ast/ifstatement.rb +23 -27
- data/lib/puppet/parser/ast/in_operator.rb +24 -0
- data/lib/puppet/parser/ast/leaf.rb +173 -156
- data/lib/puppet/parser/ast/match_operator.rb +16 -19
- data/lib/puppet/parser/ast/minus.rb +13 -13
- data/lib/puppet/parser/ast/nop.rb +6 -6
- data/lib/puppet/parser/ast/not.rb +9 -9
- data/lib/puppet/parser/ast/relationship.rb +60 -0
- data/lib/puppet/parser/ast/resource.rb +58 -57
- data/lib/puppet/parser/ast/resource_defaults.rb +16 -16
- data/lib/puppet/parser/ast/resource_override.rb +51 -51
- data/lib/puppet/parser/ast/resource_reference.rb +17 -72
- data/lib/puppet/parser/ast/resourceparam.rb +20 -17
- data/lib/puppet/parser/ast/selector.rb +30 -34
- data/lib/puppet/parser/ast/tag.rb +16 -16
- data/lib/puppet/parser/ast/vardef.rb +20 -16
- data/lib/puppet/parser/collector.rb +181 -189
- data/lib/puppet/parser/compiler.rb +395 -364
- data/lib/puppet/parser/files.rb +65 -69
- data/lib/puppet/parser/functions.rb +85 -97
- data/lib/puppet/parser/functions/defined.rb +23 -23
- data/lib/puppet/parser/functions/fail.rb +2 -2
- data/lib/puppet/parser/functions/file.rb +21 -19
- data/lib/puppet/parser/functions/fqdn_rand.rb +7 -7
- data/lib/puppet/parser/functions/generate.rb +24 -26
- data/lib/puppet/parser/functions/include.rb +16 -18
- data/lib/puppet/parser/functions/inline_template.rb +16 -17
- data/lib/puppet/parser/functions/realize.rb +8 -8
- data/lib/puppet/parser/functions/regsubst.rb +74 -59
- data/lib/puppet/parser/functions/require.rb +35 -33
- data/lib/puppet/parser/functions/search.rb +5 -5
- data/lib/puppet/parser/functions/sha1.rb +3 -4
- data/lib/puppet/parser/functions/shellquote.rb +31 -33
- data/lib/puppet/parser/functions/split.rb +8 -8
- data/lib/puppet/parser/functions/sprintf.rb +10 -9
- data/lib/puppet/parser/functions/tag.rb +3 -3
- data/lib/puppet/parser/functions/tagged.rb +13 -13
- data/lib/puppet/parser/functions/template.rb +18 -19
- data/lib/puppet/parser/functions/versioncmp.rb +17 -14
- data/lib/puppet/parser/grammar.ra +485 -422
- data/lib/puppet/parser/lexer.rb +500 -442
- data/lib/puppet/parser/parser.rb +1438 -1084
- data/lib/puppet/parser/parser_support.rb +227 -502
- data/lib/puppet/parser/relationship.rb +43 -0
- data/lib/puppet/parser/resource.rb +280 -375
- data/lib/puppet/parser/resource/param.rb +18 -18
- data/lib/puppet/parser/scope.rb +450 -447
- data/lib/puppet/parser/templatewrapper.rb +92 -94
- data/lib/puppet/parser/type_loader.rb +146 -0
- data/lib/puppet/parser/yaml_trimmer.rb +6 -8
- data/lib/puppet/property.rb +290 -453
- data/lib/puppet/property/ensure.rb +92 -0
- data/lib/puppet/property/keyvalue.rb +74 -82
- data/lib/puppet/property/list.rb +71 -81
- data/lib/puppet/property/ordered_list.rb +15 -15
- data/lib/puppet/provider.rb +229 -241
- data/lib/puppet/provider/augeas/augeas.rb +318 -320
- data/lib/puppet/provider/computer/computer.rb +13 -13
- data/lib/puppet/provider/confine.rb +63 -63
- data/lib/puppet/provider/confine/exists.rb +14 -14
- data/lib/puppet/provider/confine/false.rb +12 -12
- data/lib/puppet/provider/confine/feature.rb +10 -10
- data/lib/puppet/provider/confine/true.rb +13 -13
- data/lib/puppet/provider/confine/variable.rb +51 -54
- data/lib/puppet/provider/confine_collection.rb +38 -38
- data/lib/puppet/provider/confiner.rb +10 -14
- data/lib/puppet/provider/cron/crontab.rb +172 -173
- data/lib/puppet/provider/file/posix.rb +99 -0
- data/lib/puppet/provider/file/win32.rb +74 -0
- data/lib/puppet/provider/group/directoryservice.rb +6 -6
- data/lib/puppet/provider/group/groupadd.rb +18 -20
- data/lib/puppet/provider/group/ldap.rb +40 -43
- data/lib/puppet/provider/group/pw.rb +23 -23
- data/lib/puppet/provider/host/parsed.rb +51 -50
- data/lib/puppet/provider/ldap.rb +121 -123
- data/lib/puppet/provider/macauthorization/macauthorization.rb +263 -272
- data/lib/puppet/provider/mailalias/aliases.rb +34 -31
- data/lib/puppet/provider/maillist/mailman.rb +87 -93
- data/lib/puppet/provider/mcx/mcxcontent.rb +155 -151
- data/lib/puppet/provider/mount.rb +36 -40
- data/lib/puppet/provider/mount/parsed.rb +28 -26
- data/lib/puppet/provider/naginator.rb +46 -48
- data/lib/puppet/provider/nameservice.rb +215 -257
- data/lib/puppet/provider/nameservice/directoryservice.rb +455 -471
- data/lib/puppet/provider/nameservice/objectadd.rb +21 -21
- data/lib/puppet/provider/nameservice/pw.rb +13 -13
- data/lib/puppet/provider/package.rb +18 -20
- data/lib/puppet/provider/package/aix.rb +128 -0
- data/lib/puppet/provider/package/appdmg.rb +78 -82
- data/lib/puppet/provider/package/apple.rb +39 -40
- data/lib/puppet/provider/package/apt.rb +95 -104
- data/lib/puppet/provider/package/aptitude.rb +19 -21
- data/lib/puppet/provider/package/aptrpm.rb +70 -72
- data/lib/puppet/provider/package/blastwave.rb +88 -94
- data/lib/puppet/provider/package/darwinport.rb +67 -69
- data/lib/puppet/provider/package/dpkg.rb +123 -97
- data/lib/puppet/provider/package/fink.rb +66 -68
- data/lib/puppet/provider/package/freebsd.rb +38 -40
- data/lib/puppet/provider/package/gem.rb +98 -102
- data/lib/puppet/provider/package/hpux.rb +37 -39
- data/lib/puppet/provider/package/nim.rb +35 -0
- data/lib/puppet/provider/package/openbsd.rb +100 -75
- data/lib/puppet/provider/package/pkg.rb +108 -0
- data/lib/puppet/provider/package/pkgdmg.rb +95 -87
- data/lib/puppet/provider/package/portage.rb +101 -104
- data/lib/puppet/provider/package/ports.rb +71 -73
- data/lib/puppet/provider/package/portupgrade.rb +251 -0
- data/lib/puppet/provider/package/rpm.rb +113 -115
- data/lib/puppet/provider/package/rug.rb +46 -46
- data/lib/puppet/provider/package/sun.rb +135 -151
- data/lib/puppet/provider/package/sunfreeware.rb +5 -5
- data/lib/puppet/provider/package/up2date.rb +31 -31
- data/lib/puppet/provider/package/urpmi.rb +51 -51
- data/lib/puppet/provider/package/yum.rb +90 -98
- data/lib/puppet/provider/package/zypper.rb +52 -0
- data/lib/puppet/provider/parsedfile.rb +306 -329
- data/lib/puppet/provider/port/parsed.rb +5 -5
- data/lib/puppet/provider/selboolean/getsetsebool.rb +34 -34
- data/lib/puppet/provider/selmodule/semodule.rb +103 -111
- data/lib/puppet/provider/service/base.rb +134 -139
- data/lib/puppet/provider/service/bsd.rb +48 -0
- data/lib/puppet/provider/service/daemontools.rb +158 -162
- data/lib/puppet/provider/service/debian.rb +36 -36
- data/lib/puppet/provider/service/freebsd.rb +118 -38
- data/lib/puppet/provider/service/gentoo.rb +33 -39
- data/lib/puppet/provider/service/init.rb +125 -125
- data/lib/puppet/provider/service/launchd.rb +234 -254
- data/lib/puppet/provider/service/redhat.rb +58 -58
- data/lib/puppet/provider/service/runit.rb +74 -74
- data/lib/puppet/provider/service/smf.rb +81 -85
- data/lib/puppet/provider/service/src.rb +87 -0
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +73 -81
- data/lib/puppet/provider/sshkey/parsed.rb +24 -21
- data/lib/puppet/provider/user/directoryservice.rb +71 -71
- data/lib/puppet/provider/user/hpux.rb +20 -20
- data/lib/puppet/provider/user/ldap.rb +106 -110
- data/lib/puppet/provider/user/pw.rb +33 -37
- data/lib/puppet/provider/user/user_role_add.rb +168 -183
- data/lib/puppet/provider/user/useradd.rb +50 -51
- data/lib/puppet/provider/zfs/solaris.rb +35 -35
- data/lib/puppet/provider/zone/solaris.rb +206 -205
- data/lib/puppet/provider/zpool/solaris.rb +95 -97
- data/lib/puppet/rails.rb +115 -122
- data/lib/puppet/rails/benchmark.rb +43 -49
- data/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +8 -12
- data/lib/puppet/rails/database/002_remove_duplicated_index_on_all_tables.rb +8 -12
- data/lib/puppet/rails/database/003_add_environment_to_host.rb +6 -10
- data/lib/puppet/rails/database/schema.rb +100 -97
- data/lib/puppet/rails/fact_name.rb +1 -1
- data/lib/puppet/rails/fact_value.rb +5 -5
- data/lib/puppet/rails/host.rb +252 -249
- data/lib/puppet/rails/param_name.rb +15 -15
- data/lib/puppet/rails/param_value.rb +55 -55
- data/lib/puppet/rails/puppet_tag.rb +4 -4
- data/lib/puppet/rails/resource.rb +189 -203
- data/lib/puppet/rails/resource_tag.rb +19 -19
- data/lib/puppet/rails/source_file.rb +5 -5
- data/lib/puppet/reference/configuration.rb +53 -56
- data/lib/puppet/reference/function.rb +1 -1
- data/lib/puppet/reference/indirection.rb +13 -13
- data/lib/puppet/reference/metaparameter.rb +40 -40
- data/lib/puppet/reference/network.rb +16 -16
- data/lib/puppet/reference/providers.rb +97 -98
- data/lib/puppet/reference/report.rb +1 -1
- data/lib/puppet/reference/type.rb +67 -70
- data/lib/puppet/relationship.rb +65 -67
- data/lib/puppet/reports.rb +32 -34
- data/lib/puppet/reports/http.rb +22 -0
- data/lib/puppet/reports/log.rb +7 -6
- data/lib/puppet/reports/rrdgraph.rb +105 -114
- data/lib/puppet/reports/store.rb +53 -56
- data/lib/puppet/reports/tagmail.rb +149 -157
- data/lib/puppet/resource.rb +428 -194
- data/lib/puppet/resource/catalog.rb +496 -512
- data/lib/puppet/resource/status.rb +58 -0
- data/lib/puppet/resource/type.rb +311 -0
- data/lib/puppet/resource/type_collection.rb +217 -0
- data/lib/puppet/resource/type_collection_helper.rb +7 -0
- data/lib/puppet/run.rb +77 -0
- data/lib/puppet/simple_graph.rb +381 -413
- data/lib/puppet/ssl.rb +2 -1
- data/lib/puppet/ssl/base.rb +60 -43
- data/lib/puppet/ssl/certificate.rb +21 -21
- data/lib/puppet/ssl/certificate_authority.rb +215 -229
- data/lib/puppet/ssl/certificate_authority/interface.rb +84 -68
- data/lib/puppet/ssl/certificate_factory.rb +119 -119
- data/lib/puppet/ssl/certificate_request.rb +52 -45
- data/lib/puppet/ssl/certificate_revocation_list.rb +78 -78
- data/lib/puppet/ssl/host.rb +230 -228
- data/lib/puppet/ssl/inventory.rb +33 -33
- data/lib/puppet/ssl/key.rb +37 -37
- data/lib/puppet/sslcertificates.rb +124 -123
- data/lib/puppet/sslcertificates/ca.rb +327 -344
- data/lib/puppet/sslcertificates/certificate.rb +197 -224
- data/lib/puppet/sslcertificates/inventory.rb +27 -29
- data/lib/puppet/sslcertificates/support.rb +113 -119
- data/lib/puppet/status.rb +28 -0
- data/lib/puppet/transaction.rb +349 -696
- data/lib/puppet/transaction/change.rb +80 -85
- data/lib/puppet/transaction/event.rb +54 -14
- data/lib/puppet/transaction/event_manager.rb +99 -0
- data/lib/puppet/transaction/report.rb +121 -59
- data/lib/puppet/transaction/resource_harness.rb +150 -0
- data/lib/puppet/transportable.rb +215 -226
- data/lib/puppet/type.rb +1644 -1849
- data/lib/puppet/type/augeas.rb +153 -134
- data/lib/puppet/type/component.rb +63 -65
- data/lib/puppet/type/computer.rb +44 -44
- data/lib/puppet/type/cron.rb +364 -384
- data/lib/puppet/type/exec.rb +583 -521
- data/lib/puppet/type/file.rb +786 -823
- data/lib/puppet/type/file/checksum.rb +23 -240
- data/lib/puppet/type/file/content.rb +193 -129
- data/lib/puppet/type/file/ensure.rb +149 -153
- data/lib/puppet/type/file/group.rb +94 -104
- data/lib/puppet/type/file/mode.rb +109 -122
- data/lib/puppet/type/file/owner.rb +39 -131
- data/lib/puppet/type/file/selcontext.rb +69 -73
- data/lib/puppet/type/file/source.rb +165 -153
- data/lib/puppet/type/file/target.rb +56 -60
- data/lib/puppet/type/file/type.rb +18 -18
- data/lib/puppet/type/filebucket.rb +91 -92
- data/lib/puppet/type/group.rb +77 -82
- data/lib/puppet/type/host.rb +85 -85
- data/lib/puppet/type/k5login.rb +65 -65
- data/lib/puppet/type/macauthorization.rb +141 -143
- data/lib/puppet/type/mailalias.rb +37 -37
- data/lib/puppet/type/maillist.rb +51 -51
- data/lib/puppet/type/mcx.rb +62 -62
- data/lib/puppet/type/mount.rb +199 -193
- data/lib/puppet/type/notify.rb +33 -33
- data/lib/puppet/type/package.rb +301 -298
- data/lib/puppet/type/port.rb +4 -4
- data/lib/puppet/type/resources.rb +107 -123
- data/lib/puppet/type/schedule.rb +317 -326
- data/lib/puppet/type/selboolean.rb +19 -19
- data/lib/puppet/type/selmodule.rb +34 -34
- data/lib/puppet/type/service.rb +152 -152
- data/lib/puppet/type/ssh_authorized_key.rb +74 -78
- data/lib/puppet/type/sshkey.rb +52 -56
- data/lib/puppet/type/stage.rb +18 -0
- data/lib/puppet/type/tidy.rb +289 -300
- data/lib/puppet/type/user.rb +300 -312
- data/lib/puppet/type/yumrepo.rb +300 -335
- data/lib/puppet/type/zfs.rb +36 -36
- data/lib/puppet/type/zone.rb +376 -347
- data/lib/puppet/type/zpool.rb +71 -77
- data/lib/puppet/util.rb +383 -387
- data/lib/puppet/util/autoload.rb +125 -143
- data/lib/puppet/util/autoload/file_cache.rb +78 -101
- data/lib/puppet/util/backups.rb +66 -66
- data/lib/puppet/util/cacher.rb +112 -120
- data/lib/puppet/util/checksums.rb +119 -84
- data/lib/puppet/util/classgen.rb +157 -167
- data/lib/puppet/util/command_line.rb +95 -0
- data/lib/puppet/util/command_line/filebucket +97 -0
- data/lib/puppet/util/command_line/pi +48 -0
- data/lib/puppet/util/command_line/puppet +69 -0
- data/lib/puppet/util/command_line/puppetca +110 -0
- data/lib/puppet/util/command_line/puppetd +186 -0
- data/lib/puppet/util/command_line/puppetdoc +67 -0
- data/lib/puppet/util/command_line/puppetmasterd +65 -0
- data/lib/puppet/util/command_line/puppetqd +53 -0
- data/lib/puppet/util/command_line/puppetrun +128 -0
- data/lib/puppet/util/command_line/ralsh +89 -0
- data/lib/puppet/util/constant_inflector.rb +7 -7
- data/lib/puppet/util/diff.rb +59 -56
- data/lib/puppet/util/docs.rb +97 -99
- data/lib/puppet/util/errors.rb +53 -44
- data/lib/puppet/util/execution.rb +15 -15
- data/lib/puppet/util/feature.rb +62 -72
- data/lib/puppet/util/file_locking.rb +33 -33
- data/lib/puppet/util/fileparsing.rb +292 -318
- data/lib/puppet/util/filetype.rb +246 -263
- data/lib/puppet/util/graph.rb +16 -18
- data/lib/puppet/util/inifile.rb +170 -184
- data/lib/puppet/util/inline_docs.rb +26 -0
- data/lib/puppet/util/instance_loader.rb +58 -58
- data/lib/puppet/util/ldap/connection.rb +57 -59
- data/lib/puppet/util/ldap/generator.rb +31 -31
- data/lib/puppet/util/ldap/manager.rb +233 -235
- data/lib/puppet/util/loadedfile.rb +49 -51
- data/lib/puppet/util/log.rb +210 -494
- data/lib/puppet/util/log/destination.rb +49 -0
- data/lib/puppet/util/log/destinations.rb +217 -0
- data/lib/puppet/util/log_paths.rb +15 -17
- data/lib/puppet/util/logging.rb +34 -13
- data/lib/puppet/util/metaid.rb +15 -15
- data/lib/puppet/util/methodhelper.rb +24 -26
- data/lib/puppet/util/metric.rb +123 -125
- data/lib/puppet/util/monkey_patches.rb +21 -20
- data/lib/puppet/util/nagios_maker.rb +41 -41
- data/lib/puppet/util/package.rb +24 -26
- data/lib/puppet/util/pidlock.rb +49 -49
- data/lib/puppet/util/posix.rb +115 -115
- data/lib/puppet/util/provider_features.rb +147 -155
- data/lib/puppet/util/pson.rb +5 -5
- data/lib/puppet/util/queue.rb +55 -55
- data/lib/puppet/util/queue/stomp.rb +27 -27
- data/lib/puppet/util/rails/cache_accumulator.rb +49 -49
- data/lib/puppet/util/rails/collection_merger.rb +13 -13
- data/lib/puppet/util/rails/reference_serializer.rb +26 -26
- data/lib/puppet/util/rdoc.rb +77 -74
- data/lib/puppet/util/rdoc/code_objects.rb +235 -217
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +732 -676
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +38 -12
- data/lib/puppet/util/rdoc/parser.rb +418 -392
- data/lib/puppet/util/reference.rb +168 -174
- data/lib/puppet/util/resource_template.rb +17 -17
- data/lib/puppet/util/run_mode.rb +81 -0
- data/lib/puppet/util/selinux.rb +184 -200
- data/lib/puppet/util/settings.rb +886 -919
- data/lib/puppet/util/settings/boolean_setting.rb +20 -23
- data/lib/puppet/util/settings/file_setting.rb +98 -99
- data/lib/puppet/util/settings/setting.rb +71 -87
- data/lib/puppet/util/storage.rb +73 -84
- data/lib/puppet/util/subclass_loader.rb +59 -66
- data/lib/puppet/util/suidmanager.rb +87 -84
- data/lib/puppet/util/tagging.rb +37 -39
- data/lib/puppet/util/user_attr.rb +14 -14
- data/lib/puppet/util/warnings.rb +20 -20
- data/lib/puppet/util/zaml.rb +242 -241
- data/man/man5/puppet.conf.5 +148 -76
- data/man/man8/filebucket.8 +6 -6
- data/man/man8/pi.8 +5 -5
- data/man/man8/puppet.8 +2 -73
- data/man/man8/puppetca.8 +47 -32
- data/man/man8/puppetd.8 +118 -76
- data/man/man8/puppetdoc.8 +16 -12
- data/man/man8/puppetmasterd.8 +4 -4
- data/man/man8/puppetqd.8 +4 -4
- data/man/man8/puppetrun.8 +23 -22
- data/man/man8/ralsh.8 +16 -17
- data/spec/fixtures/yaml/test.local.yaml +16 -0
- data/spec/integration/application/apply_spec.rb +33 -0
- data/spec/integration/configurer_spec.rb +35 -0
- data/spec/integration/defaults_spec.rb +258 -0
- data/spec/integration/file_serving/content_spec.rb +20 -0
- data/spec/integration/file_serving/fileset_spec.rb +14 -0
- data/spec/integration/file_serving/metadata_spec.rb +21 -0
- data/spec/integration/file_serving/terminus_helper_spec.rb +22 -0
- data/spec/integration/indirector/bucket_file/rest_spec.rb +68 -0
- data/spec/integration/indirector/catalog/compiler_spec.rb +68 -0
- data/spec/integration/indirector/catalog/queue_spec.rb +61 -0
- data/spec/integration/indirector/certificate/rest_spec.rb +68 -0
- data/spec/integration/indirector/certificate_request/rest_spec.rb +88 -0
- data/spec/integration/indirector/certificate_revocation_list/rest_spec.rb +76 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +73 -0
- data/spec/integration/indirector/file_content/file_server_spec.rb +94 -0
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +18 -0
- data/spec/integration/indirector/node/ldap_spec.rb +15 -0
- data/spec/integration/indirector/report/rest_spec.rb +96 -0
- data/spec/integration/indirector/rest_spec.rb +524 -0
- data/spec/integration/network/client_spec.rb +19 -0
- data/spec/integration/network/formats_spec.rb +110 -0
- data/spec/integration/network/handler_spec.rb +25 -0
- data/spec/integration/network/server/mongrel_spec.rb +66 -0
- data/spec/integration/network/server/webrick_spec.rb +85 -0
- data/spec/integration/node/environment_spec.rb +58 -0
- data/spec/integration/node/facts_spec.rb +47 -0
- data/spec/integration/node_spec.rb +93 -0
- data/spec/integration/parser/collector_spec.rb +38 -0
- data/spec/integration/parser/compiler_spec.rb +29 -0
- data/spec/integration/parser/functions/require_spec.rb +44 -0
- data/spec/integration/parser/parser_spec.rb +113 -0
- data/spec/integration/provider/mailalias/aliases_spec.rb +25 -0
- data/spec/integration/provider/package_spec.rb +26 -0
- data/spec/integration/provider/service/init_spec.rb +32 -0
- data/spec/integration/reference/providers_spec.rb +17 -0
- data/spec/integration/reports_spec.rb +18 -0
- data/spec/integration/resource/catalog_spec.rb +61 -0
- data/spec/integration/resource/type_collection_spec.rb +96 -0
- data/spec/integration/ssl/certificate_authority_spec.rb +135 -0
- data/spec/integration/ssl/certificate_request_spec.rb +61 -0
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +42 -0
- data/spec/integration/ssl/host_spec.rb +90 -0
- data/spec/integration/transaction/report_spec.rb +29 -0
- data/spec/integration/transaction_spec.rb +284 -0
- data/spec/integration/type/file_spec.rb +506 -0
- data/spec/integration/type/package_spec.rb +25 -0
- data/spec/integration/type/tidy_spec.rb +32 -0
- data/spec/integration/type_spec.rb +22 -0
- data/spec/integration/util/autoload_spec.rb +114 -0
- data/spec/integration/util/feature_spec.rb +54 -0
- data/spec/integration/util/file_locking_spec.rb +37 -0
- data/spec/integration/util/rdoc/parser_spec.rb +59 -0
- data/spec/integration/util/settings_spec.rb +30 -0
- data/spec/lib/puppet_spec/files.rb +16 -6
- data/spec/monkey_patches/add_confine_and_runnable_to_rspec_dsl.rb +27 -27
- data/spec/monkey_patches/alias_should_to_must.rb +4 -4
- data/spec/shared_behaviours/file_server_terminus.rb +28 -28
- data/spec/shared_behaviours/file_serving.rb +53 -53
- data/spec/shared_behaviours/memory_terminus.rb +22 -22
- data/spec/spec.opts +1 -0
- data/spec/spec_helper.rb +61 -18
- data/spec/spec_specs/runnable_spec.rb +95 -0
- data/spec/unit/agent/locker_spec.rb +100 -0
- data/spec/unit/agent_spec.rb +281 -0
- data/spec/unit/application/agent_spec.rb +588 -0
- data/spec/unit/application/apply_spec.rb +387 -0
- data/spec/unit/application/cert_spec.rb +194 -0
- data/spec/unit/application/describe_spec.rb +84 -0
- data/spec/unit/application/doc_spec.rb +368 -0
- data/spec/unit/application/filebucket_spec.rb +223 -0
- data/spec/unit/application/kick_spec.rb +313 -0
- data/spec/unit/application/master_spec.rb +453 -0
- data/spec/unit/application/queue_spec.rb +186 -0
- data/spec/unit/application/resource_spec.rb +233 -0
- data/spec/unit/application_spec.rb +531 -0
- data/spec/unit/configurer/downloader_spec.rb +188 -0
- data/spec/unit/configurer/fact_handler_spec.rb +164 -0
- data/spec/unit/configurer/plugin_handler_spec.rb +112 -0
- data/spec/unit/configurer_spec.rb +494 -0
- data/spec/unit/daemon_spec.rb +306 -0
- data/spec/unit/dsl/resource_api_spec.rb +181 -0
- data/spec/unit/dsl/resource_type_api_spec.rb +46 -0
- data/spec/unit/file_bucket/dipper_spec.rb +122 -0
- data/spec/unit/file_bucket/file_spec.rb +230 -0
- data/spec/unit/file_collection/lookup_spec.rb +46 -0
- data/spec/unit/file_collection_spec.rb +53 -0
- data/spec/unit/file_serving/base_spec.rb +132 -0
- data/spec/unit/file_serving/configuration/parser_spec.rb +181 -0
- data/spec/unit/file_serving/configuration_spec.rb +249 -0
- data/spec/unit/file_serving/content_spec.rb +118 -0
- data/spec/unit/file_serving/fileset_spec.rb +347 -0
- data/spec/unit/file_serving/indirection_hooks_spec.rb +63 -0
- data/spec/unit/file_serving/metadata_spec.rb +286 -0
- data/spec/unit/file_serving/mount/file_spec.rb +196 -0
- data/spec/unit/file_serving/mount/modules_spec.rb +63 -0
- data/spec/unit/file_serving/mount/plugins_spec.rb +61 -0
- data/spec/unit/file_serving/mount_spec.rb +32 -0
- data/spec/unit/file_serving/terminus_helper_spec.rb +98 -0
- data/spec/unit/indirector/active_record_spec.rb +76 -0
- data/spec/unit/indirector/catalog/active_record_spec.rb +141 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +275 -0
- data/spec/unit/indirector/catalog/queue_spec.rb +20 -0
- data/spec/unit/indirector/catalog/rest_spec.rb +11 -0
- data/spec/unit/indirector/catalog/yaml_spec.rb +25 -0
- data/spec/unit/indirector/certificate/ca_spec.rb +28 -0
- data/spec/unit/indirector/certificate/file_spec.rb +28 -0
- data/spec/unit/indirector/certificate/rest_spec.rb +58 -0
- data/spec/unit/indirector/certificate_request/ca_spec.rb +19 -0
- data/spec/unit/indirector/certificate_request/file_spec.rb +19 -0
- data/spec/unit/indirector/certificate_request/rest_spec.rb +23 -0
- data/spec/unit/indirector/certificate_revocation_list/ca_spec.rb +21 -0
- data/spec/unit/indirector/certificate_revocation_list/file_spec.rb +20 -0
- data/spec/unit/indirector/certificate_revocation_list/rest_spec.rb +23 -0
- data/spec/unit/indirector/code_spec.rb +33 -0
- data/spec/unit/indirector/direct_file_server_spec.rb +84 -0
- data/spec/unit/indirector/envelope_spec.rb +47 -0
- data/spec/unit/indirector/exec_spec.rb +56 -0
- data/spec/unit/indirector/facts/active_record_spec.rb +104 -0
- data/spec/unit/indirector/facts/couch_spec.rb +98 -0
- data/spec/unit/indirector/facts/facter_spec.rb +143 -0
- data/spec/unit/indirector/facts/rest_spec.rb +11 -0
- data/spec/unit/indirector/facts/yaml_spec.rb +26 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +290 -0
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +11 -0
- data/spec/unit/indirector/file_content/file_server_spec.rb +18 -0
- data/spec/unit/indirector/file_content/file_spec.rb +18 -0
- data/spec/unit/indirector/file_content/rest_spec.rb +11 -0
- data/spec/unit/indirector/file_metadata/file_server_spec.rb +18 -0
- data/spec/unit/indirector/file_metadata/file_spec.rb +52 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +9 -0
- data/spec/unit/indirector/file_server_spec.rb +267 -0
- data/spec/unit/indirector/file_spec.rb +181 -0
- data/spec/unit/indirector/indirection_spec.rb +795 -0
- data/spec/unit/indirector/key/ca_spec.rb +28 -0
- data/spec/unit/indirector/key/file_spec.rb +104 -0
- data/spec/unit/indirector/ldap_spec.rb +143 -0
- data/spec/unit/indirector/memory_spec.rb +29 -0
- data/spec/unit/indirector/node/active_record_spec.rb +41 -0
- data/spec/unit/indirector/node/exec_spec.rb +70 -0
- data/spec/unit/indirector/node/ldap_spec.rb +456 -0
- data/spec/unit/indirector/node/memory_spec.rb +19 -0
- data/spec/unit/indirector/node/plain_spec.rb +19 -0
- data/spec/unit/indirector/node/rest_spec.rb +13 -0
- data/spec/unit/indirector/node/yaml_spec.rb +25 -0
- data/spec/unit/indirector/plain_spec.rb +29 -0
- data/spec/unit/indirector/queue_spec.rb +123 -0
- data/spec/unit/indirector/report/processor_spec.rb +81 -0
- data/spec/unit/indirector/report/rest_spec.rb +28 -0
- data/spec/unit/indirector/request_spec.rb +304 -0
- data/spec/unit/indirector/resource/ral_spec.rb +129 -0
- data/spec/unit/indirector/resource/rest_spec.rb +11 -0
- data/spec/unit/indirector/resource_type/parser_spec.rb +75 -0
- data/spec/unit/indirector/resource_type/rest_spec.rb +15 -0
- data/spec/unit/indirector/rest_spec.rb +455 -0
- data/spec/unit/indirector/run/local_spec.rb +20 -0
- data/spec/unit/indirector/run/rest_spec.rb +11 -0
- data/spec/unit/indirector/ssl_file_spec.rb +281 -0
- data/spec/unit/indirector/status/rest_spec.rb +11 -0
- data/spec/unit/indirector/terminus_spec.rb +245 -0
- data/spec/unit/indirector/yaml_spec.rb +146 -0
- data/spec/unit/indirector_spec.rb +157 -0
- data/spec/unit/module_spec.rb +547 -0
- data/spec/unit/network/authconfig_spec.rb +292 -0
- data/spec/unit/network/authstore_spec.rb +370 -0
- data/spec/unit/network/client_spec.rb +45 -0
- data/spec/unit/network/format_handler_spec.rb +336 -0
- data/spec/unit/network/format_spec.rb +198 -0
- data/spec/unit/network/formats_spec.rb +337 -0
- data/spec/unit/network/handler/fileserver_spec.rb +172 -0
- data/spec/unit/network/http/api/v1_spec.rb +122 -0
- data/spec/unit/network/http/compression_spec.rb +199 -0
- data/spec/unit/network/http/handler_spec.rb +455 -0
- data/spec/unit/network/http/mongrel/rest_spec.rb +249 -0
- data/spec/unit/network/http/mongrel/{xmlrpc.rb → xmlrpc_spec.rb} +0 -0
- data/spec/unit/network/http/mongrel_spec.rb +131 -0
- data/spec/unit/network/http/rack/rest_spec.rb +249 -0
- data/spec/unit/network/http/rack/xmlrpc_spec.rb +157 -0
- data/spec/unit/network/http/rack_spec.rb +102 -0
- data/spec/unit/network/http/webrick/rest_spec.rb +180 -0
- data/spec/unit/network/http/webrick/{xmlrpc.rb → xmlrpc_spec.rb} +0 -0
- data/spec/unit/network/http/webrick_spec.rb +339 -0
- data/spec/unit/network/http_pool_spec.rb +206 -0
- data/spec/unit/network/http_spec.rb +35 -0
- data/spec/unit/network/rest_authconfig_spec.rb +148 -0
- data/spec/unit/network/rest_authorization_spec.rb +43 -0
- data/spec/unit/network/rights_spec.rb +519 -0
- data/spec/unit/network/server_spec.rb +534 -0
- data/spec/unit/network/xmlrpc/client_spec.rb +171 -0
- data/spec/unit/node/environment_spec.rb +248 -0
- data/spec/unit/node/facts_spec.rb +102 -0
- data/spec/unit/node_spec.rb +210 -0
- data/spec/unit/other/selinux_spec.rb +94 -0
- data/spec/unit/other/transbucket_spec.rb +188 -0
- data/spec/unit/other/transobject_spec.rb +112 -0
- data/spec/unit/parameter/value_collection_spec.rb +167 -0
- data/spec/unit/parameter/value_spec.rb +88 -0
- data/spec/unit/parameter_spec.rb +172 -0
- data/spec/unit/parser/ast/arithmetic_operator_spec.rb +73 -0
- data/spec/unit/parser/ast/astarray_spec.rb +72 -0
- data/spec/unit/parser/ast/asthash_spec.rb +98 -0
- data/spec/unit/parser/ast/boolean_operator_spec.rb +53 -0
- data/spec/unit/parser/ast/casestatement_spec.rb +161 -0
- data/spec/unit/parser/ast/collection_spec.rb +63 -0
- data/spec/unit/parser/ast/collexpr_spec.rb +115 -0
- data/spec/unit/parser/ast/comparison_operator_spec.rb +116 -0
- data/spec/unit/parser/ast/function_spec.rb +83 -0
- data/spec/unit/parser/ast/ifstatement_spec.rb +76 -0
- data/spec/unit/parser/ast/in_operator_spec.rb +60 -0
- data/spec/unit/parser/ast/leaf_spec.rb +362 -0
- data/spec/unit/parser/ast/match_operator_spec.rb +50 -0
- data/spec/unit/parser/ast/minus_spec.rb +36 -0
- data/spec/unit/parser/ast/nop_spec.rb +20 -0
- data/spec/unit/parser/ast/not_spec.rb +30 -0
- data/spec/unit/parser/ast/relationship_spec.rb +88 -0
- data/spec/unit/parser/ast/resource_defaults_spec.rb +22 -0
- data/spec/unit/parser/ast/resource_override_spec.rb +51 -0
- data/spec/unit/parser/ast/resource_reference_spec.rb +46 -0
- data/spec/unit/parser/ast/resource_spec.rb +120 -0
- data/spec/unit/parser/ast/selector_spec.rb +139 -0
- data/spec/unit/parser/ast/vardef_spec.rb +60 -0
- data/spec/unit/parser/ast_spec.rb +111 -0
- data/spec/unit/parser/collector_spec.rb +559 -0
- data/spec/unit/parser/compiler_spec.rb +754 -0
- data/spec/unit/parser/files_spec.rb +201 -0
- data/spec/unit/parser/functions/defined_spec.rb +50 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +62 -0
- data/spec/unit/parser/functions/generate_spec.rb +41 -0
- data/spec/unit/parser/functions/inline_template_spec.rb +59 -0
- data/spec/unit/parser/functions/realize_spec.rb +51 -0
- data/spec/unit/parser/functions/regsubst_spec.rb +192 -0
- data/spec/unit/parser/functions/require_spec.rb +74 -0
- data/spec/unit/parser/functions/shellquote_spec.rb +81 -0
- data/spec/unit/parser/functions/split_spec.rb +49 -0
- data/spec/unit/parser/functions/sprintf_spec.rb +41 -0
- data/spec/unit/parser/functions/tag_spec.rb +24 -0
- data/spec/unit/parser/functions/template_spec.rb +62 -0
- data/spec/unit/parser/functions/versioncmp_spec.rb +29 -0
- data/spec/unit/parser/functions_spec.rb +102 -0
- data/spec/unit/parser/lexer_spec.rb +646 -0
- data/spec/unit/parser/parser_spec.rb +412 -0
- data/spec/unit/parser/relationship_spec.rb +70 -0
- data/spec/unit/parser/resource_spec.rb +564 -0
- data/spec/unit/parser/scope_spec.rb +629 -0
- data/spec/unit/parser/templatewrapper_spec.rb +144 -0
- data/spec/unit/parser/type_loader_spec.rb +201 -0
- data/spec/unit/property/ensure_spec.rb +13 -0
- data/spec/unit/property/keyvalue_spec.rb +168 -0
- data/spec/unit/property/list_spec.rb +166 -0
- data/spec/unit/property/ordered_list_spec.rb +64 -0
- data/spec/unit/property_spec.rb +410 -0
- data/spec/unit/provider/augeas/augeas_spec.rb +413 -0
- data/spec/unit/provider/confine/exists_spec.rb +81 -0
- data/spec/unit/provider/confine/false_spec.rb +53 -0
- data/spec/unit/provider/confine/feature_spec.rb +60 -0
- data/spec/unit/provider/confine/true_spec.rb +53 -0
- data/spec/unit/provider/confine/variable_spec.rb +107 -0
- data/spec/unit/provider/confine_collection_spec.rb +134 -0
- data/spec/unit/provider/confine_spec.rb +78 -0
- data/spec/unit/provider/confiner_spec.rb +63 -0
- data/spec/unit/provider/group/groupadd_spec.rb +31 -0
- data/spec/unit/provider/group/ldap_spec.rb +105 -0
- data/spec/unit/provider/ldap_spec.rb +248 -0
- data/spec/unit/provider/macauthorization_spec.rb +147 -0
- data/spec/unit/provider/mcx/mcxcontent_spec.rb +175 -0
- data/spec/unit/provider/mount/parsed_spec.rb +193 -0
- data/spec/unit/provider/mount_spec.rb +130 -0
- data/spec/unit/provider/naginator_spec.rb +58 -0
- data/spec/unit/provider/package/aix_spec.rb +66 -0
- data/spec/unit/provider/package/apt_spec.rb +145 -0
- data/spec/unit/provider/package/dpkg_spec.rb +225 -0
- data/spec/unit/provider/package/gem_spec.rb +87 -0
- data/spec/unit/provider/package/hpux_spec.rb +52 -0
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pkg_spec.rb +63 -0
- data/spec/unit/provider/package/pkgdmg_spec.rb +84 -0
- data/spec/unit/provider/package/zypper_spec.rb +81 -0
- data/spec/unit/provider/parsedfile_spec.rb +95 -0
- data/spec/unit/provider/selboolean_spec.rb +37 -0
- data/spec/unit/provider/selmodule_spec.rb +66 -0
- data/spec/unit/provider/service/daemontools_spec.rb +166 -0
- data/spec/unit/provider/service/debian_spec.rb +89 -0
- data/spec/unit/provider/service/init_spec.rb +168 -0
- data/spec/unit/provider/service/launchd_spec.rb +200 -0
- data/spec/unit/provider/service/redhat_spec.rb +121 -0
- data/spec/unit/provider/service/runit_spec.rb +140 -0
- data/spec/unit/provider/service/src_spec.rb +97 -0
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +228 -0
- data/spec/unit/provider/sshkey/parsed_spec.rb +38 -0
- data/spec/unit/provider/user/hpux_spec.rb +25 -0
- data/spec/unit/provider/user/ldap_spec.rb +279 -0
- data/spec/unit/provider/user/user_role_add_spec.rb +249 -0
- data/spec/unit/provider/user/useradd_spec.rb +115 -0
- data/spec/unit/provider/zfs/solaris_spec.rb +99 -0
- data/spec/unit/provider/zone/solaris_spec.rb +55 -0
- data/spec/unit/provider/zpool/solaris_spec.rb +179 -0
- data/spec/unit/provider_spec.rb +31 -0
- data/spec/unit/puppet_spec.rb +12 -0
- data/spec/unit/rails/host_spec.rb +163 -0
- data/spec/unit/rails/param_value_spec.rb +49 -0
- data/spec/unit/rails/resource_spec.rb +123 -0
- data/spec/unit/rails_spec.rb +258 -0
- data/spec/unit/relationship_spec.rb +236 -0
- data/spec/unit/reports/http_spec.rb +56 -0
- data/spec/unit/reports/tagmail_spec.rb +94 -0
- data/spec/unit/reports_spec.rb +61 -0
- data/spec/unit/resource/catalog_spec.rb +1078 -0
- data/spec/unit/resource/status_spec.rb +103 -0
- data/spec/unit/resource/type_collection_helper_spec.rb +25 -0
- data/spec/unit/resource/type_collection_spec.rb +432 -0
- data/spec/unit/resource/type_spec.rb +722 -0
- data/spec/unit/resource_spec.rb +818 -0
- data/spec/unit/run_spec.rb +137 -0
- data/spec/unit/simple_graph_spec.rb +544 -0
- data/spec/unit/ssl/base_spec.rb +43 -0
- data/spec/unit/ssl/certificate_authority/interface_spec.rb +333 -0
- data/spec/unit/ssl/certificate_authority_spec.rb +772 -0
- data/spec/unit/ssl/certificate_factory_spec.rb +107 -0
- data/spec/unit/ssl/certificate_request_spec.rb +220 -0
- data/spec/unit/ssl/certificate_revocation_list_spec.rb +168 -0
- data/spec/unit/ssl/certificate_spec.rb +124 -0
- data/spec/unit/ssl/host_spec.rb +707 -0
- data/spec/unit/ssl/inventory_spec.rb +180 -0
- data/spec/unit/ssl/key_spec.rb +198 -0
- data/spec/unit/status_spec.rb +31 -0
- data/spec/unit/transaction/change_spec.rb +193 -0
- data/spec/unit/transaction/event_manager_spec.rb +260 -0
- data/spec/unit/transaction/event_spec.rb +108 -0
- data/spec/unit/transaction/report_spec.rb +234 -0
- data/spec/unit/transaction/resource_harness_spec.rb +401 -0
- data/spec/unit/transaction_spec.rb +452 -0
- data/spec/unit/transportable_spec.rb +0 -0
- data/spec/unit/type/augeas_spec.rb +122 -0
- data/spec/unit/type/component_spec.rb +63 -0
- data/spec/unit/type/computer_spec.rb +81 -0
- data/spec/unit/type/cron_spec.rb +33 -0
- data/spec/unit/type/exec_spec.rb +162 -0
- data/spec/unit/type/file/checksum_spec.rb +73 -0
- data/spec/unit/type/file/content_spec.rb +460 -0
- data/spec/unit/type/file/ensure_spec.rb +84 -0
- data/spec/unit/type/file/group_spec.rb +123 -0
- data/spec/unit/type/file/owner_spec.rb +150 -0
- data/spec/unit/type/file/selinux_spec.rb +83 -0
- data/spec/unit/type/file/source_spec.rb +272 -0
- data/spec/unit/type/file_spec.rb +1070 -0
- data/spec/unit/type/filebucket_spec.rb +74 -0
- data/spec/unit/type/group_spec.rb +57 -0
- data/spec/unit/type/macauthorization_spec.rb +111 -0
- data/spec/unit/type/maillist_spec.rb +42 -0
- data/spec/unit/type/mcx_spec.rb +100 -0
- data/spec/unit/type/mount_spec.rb +261 -0
- data/spec/unit/type/nagios_spec.rb +63 -0
- data/spec/unit/type/noop_metaparam_spec.rb +37 -0
- data/spec/unit/type/package_spec.rb +240 -0
- data/spec/unit/type/resources_spec.rb +102 -0
- data/spec/unit/type/schedule_spec.rb +333 -0
- data/spec/unit/type/selboolean_spec.rb +45 -0
- data/spec/unit/type/selmodule_spec.rb +18 -0
- data/spec/unit/type/service_spec.rb +222 -0
- data/spec/unit/type/ssh_authorized_key_spec.rb +152 -0
- data/spec/unit/type/stage_spec.rb +9 -0
- data/spec/unit/type/tidy_spec.rb +424 -0
- data/spec/unit/type/user_spec.rb +281 -0
- data/spec/unit/type/zfs_spec.rb +45 -0
- data/spec/unit/type/zone_spec.rb +60 -0
- data/spec/unit/type/zpool_spec.rb +110 -0
- data/spec/unit/type_spec.rb +566 -0
- data/spec/unit/util/autoload/file_cache_spec.rb +159 -0
- data/spec/unit/util/autoload_spec.rb +120 -0
- data/spec/unit/util/backups_spec.rb +159 -0
- data/spec/unit/util/cache_accumulator_spec.rb +75 -0
- data/spec/unit/util/cacher_spec.rb +185 -0
- data/spec/unit/util/checksums_spec.rb +153 -0
- data/spec/unit/util/command_line_spec.rb +108 -0
- data/spec/unit/util/constant_inflector_spec.rb +70 -0
- data/spec/unit/util/errors_spec.rb +38 -0
- data/spec/unit/util/feature_spec.rb +72 -0
- data/spec/unit/util/file_locking_spec.rb +156 -0
- data/spec/unit/util/filetype_spec.rb +100 -0
- data/spec/unit/util/inline_docs_spec.rb +32 -0
- data/spec/unit/util/json_spec.rb +21 -0
- data/spec/unit/util/ldap/connection_spec.rb +169 -0
- data/spec/unit/util/ldap/generator_spec.rb +54 -0
- data/spec/unit/util/ldap/manager_spec.rb +654 -0
- data/spec/unit/util/loadedfile_spec.rb +65 -0
- data/spec/unit/util/log/destinations_spec.rb +24 -0
- data/spec/unit/util/log_spec.rb +215 -0
- data/spec/unit/util/logging_spec.rb +95 -0
- data/spec/unit/util/metric_spec.rb +95 -0
- data/spec/unit/util/monkey_patches_spec.rb +7 -0
- data/spec/unit/util/nagios_maker_spec.rb +126 -0
- data/spec/unit/util/package_spec.rb +21 -0
- data/spec/unit/util/posix_spec.rb +256 -0
- data/spec/unit/util/queue/stomp_spec.rb +140 -0
- data/spec/unit/util/queue_spec.rb +96 -0
- data/spec/unit/util/rdoc/parser_spec.rb +540 -0
- data/spec/unit/util/rdoc_spec.rb +165 -0
- data/spec/unit/util/reference_serializer_spec.rb +52 -0
- data/spec/unit/util/resource_template_spec.rb +58 -0
- data/spec/unit/util/run_mode_spec.rb +51 -0
- data/spec/unit/util/selinux_spec.rb +278 -0
- data/spec/unit/util/settings/file_setting_spec.rb +256 -0
- data/spec/unit/util/settings_spec.rb +1099 -0
- data/spec/unit/util/storage_spec.rb +235 -0
- data/spec/unit/util/tagging_spec.rb +102 -0
- data/spec/unit/util/user_attr_spec.rb +47 -0
- data/spec/unit/util/warnings_spec.rb +39 -0
- data/spec/unit/util/zaml_spec.rb +38 -0
- data/tasks/rake/git_workflow.rake +1 -1
- data/tasks/rake/sign.rake +2 -2
- data/test/certmgr/ca.rb +61 -61
- data/test/certmgr/certmgr.rb +292 -283
- data/test/certmgr/inventory.rb +44 -42
- data/test/certmgr/support.rb +78 -77
- data/test/data/providers/ssh_authorized_key/parsed/authorized_keys +1 -1
- data/test/data/snippets/hash.pp +33 -0
- data/test/language/ast.rb +68 -117
- data/test/language/ast/variable.rb +14 -15
- data/test/language/functions.rb +404 -463
- data/test/language/parser.rb +670 -1135
- data/test/language/scope.rb +198 -402
- data/test/language/snippets.rb +439 -447
- data/test/language/transportable.rb +67 -66
- data/test/lib/puppettest.rb +260 -268
- data/test/lib/puppettest/certificates.rb +51 -53
- data/test/lib/puppettest/exetest.rb +107 -111
- data/test/lib/puppettest/fakes.rb +153 -158
- data/test/lib/puppettest/fileparsing.rb +17 -17
- data/test/lib/puppettest/filetesting.rb +204 -213
- data/test/lib/puppettest/parsertesting.rb +382 -365
- data/test/lib/puppettest/railstesting.rb +49 -50
- data/test/lib/puppettest/reporttesting.rb +10 -10
- data/test/lib/puppettest/resourcetesting.rb +45 -36
- data/test/lib/puppettest/runnable_test.rb +36 -28
- data/test/lib/puppettest/servertest.rb +54 -51
- data/test/lib/puppettest/support/assertions.rb +48 -55
- data/test/lib/puppettest/support/helpers.rb +12 -16
- data/test/lib/puppettest/support/resources.rb +23 -25
- data/test/lib/puppettest/support/utils.rb +138 -148
- data/test/lib/puppettest/testcase.rb +15 -17
- data/test/lib/rake/puppet_test_loader.rb +1 -3
- data/test/lib/rake/puppet_testtask.rb +10 -10
- data/test/network/authconfig.rb +48 -50
- data/test/network/authorization.rb +114 -113
- data/test/network/authstore.rb +454 -406
- data/test/network/client/ca.rb +46 -48
- data/test/network/client/dipper.rb +22 -22
- data/test/network/client_request.rb +20 -20
- data/test/network/handler/ca.rb +251 -252
- data/test/network/handler/fileserver.rb +1071 -1001
- data/test/network/handler/master.rb +58 -58
- data/test/network/handler/report.rb +64 -64
- data/test/network/handler/runner.rb +8 -8
- data/test/network/rights.rb +22 -19
- data/test/network/server/mongrel_test.rb +87 -87
- data/test/network/server/webrick.rb +99 -87
- data/test/network/xmlrpc/client.rb +30 -30
- data/test/network/xmlrpc/processor.rb +52 -53
- data/test/network/xmlrpc/server.rb +10 -11
- data/test/network/xmlrpc/webrick_servlet.rb +21 -18
- data/test/other/provider.rb +69 -84
- data/test/other/puppet.rb +61 -76
- data/test/other/relationships.rb +73 -65
- data/test/other/report.rb +88 -187
- data/test/other/transactions.rb +363 -885
- data/test/puppet/defaults.rb +51 -54
- data/test/puppet/errortest.rb +8 -8
- data/test/puppet/tc_suidmanager.rb +106 -103
- data/test/rails/rails.rb +8 -9
- data/test/rails/railsparameter.rb +60 -54
- data/test/ral/manager/attributes.rb +262 -260
- data/test/ral/manager/instances.rb +77 -78
- data/test/ral/manager/manager.rb +36 -36
- data/test/ral/manager/provider.rb +56 -79
- data/test/ral/manager/type.rb +308 -449
- data/test/ral/providers/cron/crontab.rb +561 -545
- data/test/ral/providers/group.rb +203 -212
- data/test/ral/providers/host/parsed.rb +189 -180
- data/test/ral/providers/mailalias/aliases.rb +40 -40
- data/test/ral/providers/nameservice.rb +21 -21
- data/test/ral/providers/package.rb +207 -214
- data/test/ral/providers/package/aptitude.rb +75 -63
- data/test/ral/providers/package/aptrpm.rb +84 -72
- data/test/ral/providers/parsedfile.rb +510 -509
- data/test/ral/providers/port/parsed.rb +5 -5
- data/test/ral/providers/provider.rb +421 -421
- data/test/ral/providers/service/base.rb +59 -53
- data/test/ral/providers/sshkey/parsed.rb +86 -83
- data/test/ral/providers/user.rb +471 -451
- data/test/ral/providers/user/useradd.rb +168 -177
- data/test/ral/type/cron.rb +406 -393
- data/test/ral/type/exec.rb +721 -641
- data/test/ral/type/file.rb +827 -896
- data/test/ral/type/file/target.rb +295 -251
- data/test/ral/type/fileignoresource.rb +232 -205
- data/test/ral/type/filesources.rb +446 -485
- data/test/ral/type/host.rb +124 -153
- data/test/ral/type/mailalias.rb +28 -31
- data/test/ral/type/port.rb +7 -7
- data/test/ral/type/resources.rb +88 -93
- data/test/ral/type/service.rb +19 -19
- data/test/ral/type/sshkey.rb +120 -160
- data/test/ral/type/user.rb +132 -414
- data/test/ral/type/yumrepo.rb +95 -92
- data/test/ral/type/zone.rb +316 -287
- data/test/test +1 -1
- data/test/util/classgen.rb +182 -167
- data/test/util/execution.rb +18 -18
- data/test/util/fileparsing.rb +580 -540
- data/test/util/inifile.rb +117 -106
- data/test/util/instance_loader.rb +29 -29
- data/test/util/log.rb +202 -198
- data/test/util/metrics.rb +51 -51
- data/test/util/package.rb +11 -12
- data/test/util/pidlock.rb +115 -115
- data/test/util/settings.rb +613 -557
- data/test/util/storage.rb +71 -88
- data/test/util/subclass_loader.rb +69 -72
- data/test/util/utiltest.rb +204 -203
- metadata +493 -395
- data/lib/puppet/agent/runner.rb +0 -65
- data/lib/puppet/application/pi.rb +0 -214
- data/lib/puppet/application/puppet.rb +0 -181
- data/lib/puppet/application/puppetca.rb +0 -71
- data/lib/puppet/application/puppetd.rb +0 -250
- data/lib/puppet/application/puppetdoc.rb +0 -224
- data/lib/puppet/application/puppetmasterd.rb +0 -168
- data/lib/puppet/application/puppetqd.rb +0 -96
- data/lib/puppet/application/puppetrun.rb +0 -210
- data/lib/puppet/application/ralsh.rb +0 -152
- data/lib/puppet/checksum.rb +0 -57
- data/lib/puppet/indirector/checksum/file.rb +0 -33
- data/lib/puppet/indirector/runner/rest.rb +0 -7
- data/lib/puppet/network/client/dipper.rb +0 -85
- data/lib/puppet/network/client/resource.rb +0 -38
- data/lib/puppet/network/handler/resource.rb +0 -190
- data/lib/puppet/parser/ast/definition.rb +0 -207
- data/lib/puppet/parser/ast/hostclass.rb +0 -95
- data/lib/puppet/parser/ast/node.rb +0 -42
- data/lib/puppet/parser/interpreter.rb +0 -84
- data/lib/puppet/parser/loaded_code.rb +0 -119
- data/lib/puppet/parser/resource/reference.rb +0 -99
- data/lib/puppet/resource/reference.rb +0 -90
- data/lib/puppet/util/config_store.rb +0 -61
- data/spec/integration/application/puppet.rb +0 -33
- data/spec/integration/bin/puppetmasterd.rb +0 -122
- data/spec/integration/checksum.rb +0 -48
- data/spec/integration/configurer.rb +0 -18
- data/spec/integration/defaults.rb +0 -230
- data/spec/integration/file_serving/content.rb +0 -20
- data/spec/integration/file_serving/fileset.rb +0 -14
- data/spec/integration/file_serving/metadata.rb +0 -21
- data/spec/integration/file_serving/terminus_helper.rb +0 -22
- data/spec/integration/indirector/catalog/compiler.rb +0 -67
- data/spec/integration/indirector/catalog/queue.rb +0 -61
- data/spec/integration/indirector/certificate/rest.rb +0 -70
- data/spec/integration/indirector/certificate_request/rest.rb +0 -88
- data/spec/integration/indirector/certificate_revocation_list/rest.rb +0 -76
- data/spec/integration/indirector/direct_file_server.rb +0 -73
- data/spec/integration/indirector/file_content/file_server.rb +0 -94
- data/spec/integration/indirector/file_metadata/file_server.rb +0 -18
- data/spec/integration/indirector/node/ldap.rb +0 -15
- data/spec/integration/indirector/report/rest.rb +0 -94
- data/spec/integration/indirector/rest.rb +0 -523
- data/spec/integration/network/client.rb +0 -19
- data/spec/integration/network/formats.rb +0 -110
- data/spec/integration/network/handler.rb +0 -25
- data/spec/integration/network/server/mongrel.rb +0 -66
- data/spec/integration/network/server/webrick.rb +0 -86
- data/spec/integration/node.rb +0 -93
- data/spec/integration/node/environment.rb +0 -58
- data/spec/integration/node/facts.rb +0 -47
- data/spec/integration/parser/compiler.rb +0 -29
- data/spec/integration/parser/functions/require.rb +0 -86
- data/spec/integration/provider/mailalias/aliases.rb +0 -25
- data/spec/integration/provider/package.rb +0 -26
- data/spec/integration/provider/service/init.rb +0 -32
- data/spec/integration/reference/providers.rb +0 -17
- data/spec/integration/reports.rb +0 -18
- data/spec/integration/resource/catalog.rb +0 -61
- data/spec/integration/ssl/certificate_authority.rb +0 -135
- data/spec/integration/ssl/certificate_request.rb +0 -61
- data/spec/integration/ssl/certificate_revocation_list.rb +0 -42
- data/spec/integration/ssl/host.rb +0 -90
- data/spec/integration/transaction.rb +0 -66
- data/spec/integration/transaction/report.rb +0 -29
- data/spec/integration/type.rb +0 -22
- data/spec/integration/type/file.rb +0 -477
- data/spec/integration/type/package.rb +0 -25
- data/spec/integration/type/tidy.rb +0 -27
- data/spec/integration/util/autoload.rb +0 -114
- data/spec/integration/util/feature.rb +0 -54
- data/spec/integration/util/file_locking.rb +0 -37
- data/spec/integration/util/settings.rb +0 -27
- data/spec/unit/agent.rb +0 -259
- data/spec/unit/agent/locker.rb +0 -100
- data/spec/unit/agent/runner.rb +0 -118
- data/spec/unit/application.rb +0 -420
- data/spec/unit/application/filebucket.rb +0 -220
- data/spec/unit/application/pi.rb +0 -84
- data/spec/unit/application/puppet.rb +0 -399
- data/spec/unit/application/puppetca.rb +0 -142
- data/spec/unit/application/puppetd.rb +0 -502
- data/spec/unit/application/puppetdoc.rb +0 -360
- data/spec/unit/application/puppetmasterd.rb +0 -457
- data/spec/unit/application/puppetqd.rb +0 -186
- data/spec/unit/application/puppetrun.rb +0 -289
- data/spec/unit/application/ralsh.rb +0 -254
- data/spec/unit/configurer.rb +0 -339
- data/spec/unit/configurer/downloader.rb +0 -188
- data/spec/unit/configurer/fact_handler.rb +0 -164
- data/spec/unit/configurer/plugin_handler.rb +0 -112
- data/spec/unit/daemon.rb +0 -287
- data/spec/unit/file_collection.rb +0 -53
- data/spec/unit/file_collection/lookup.rb +0 -46
- data/spec/unit/file_serving/base.rb +0 -132
- data/spec/unit/file_serving/configuration.rb +0 -249
- data/spec/unit/file_serving/configuration/parser.rb +0 -181
- data/spec/unit/file_serving/content.rb +0 -110
- data/spec/unit/file_serving/fileset.rb +0 -347
- data/spec/unit/file_serving/indirection_hooks.rb +0 -63
- data/spec/unit/file_serving/metadata.rb +0 -286
- data/spec/unit/file_serving/mount.rb +0 -32
- data/spec/unit/file_serving/mount/file.rb +0 -196
- data/spec/unit/file_serving/mount/modules.rb +0 -63
- data/spec/unit/file_serving/mount/plugins.rb +0 -61
- data/spec/unit/file_serving/terminus_helper.rb +0 -98
- data/spec/unit/indirector.rb +0 -157
- data/spec/unit/indirector/active_record.rb +0 -76
- data/spec/unit/indirector/catalog/active_record.rb +0 -141
- data/spec/unit/indirector/catalog/compiler.rb +0 -261
- data/spec/unit/indirector/catalog/queue.rb +0 -20
- data/spec/unit/indirector/catalog/rest.rb +0 -11
- data/spec/unit/indirector/catalog/yaml.rb +0 -25
- data/spec/unit/indirector/certificate/ca.rb +0 -28
- data/spec/unit/indirector/certificate/file.rb +0 -28
- data/spec/unit/indirector/certificate/rest.rb +0 -57
- data/spec/unit/indirector/certificate_request/ca.rb +0 -19
- data/spec/unit/indirector/certificate_request/file.rb +0 -19
- data/spec/unit/indirector/certificate_request/rest.rb +0 -23
- data/spec/unit/indirector/certificate_revocation_list/ca.rb +0 -21
- data/spec/unit/indirector/certificate_revocation_list/file.rb +0 -20
- data/spec/unit/indirector/certificate_revocation_list/rest.rb +0 -23
- data/spec/unit/indirector/checksum/file.rb +0 -139
- data/spec/unit/indirector/code.rb +0 -33
- data/spec/unit/indirector/direct_file_server.rb +0 -84
- data/spec/unit/indirector/envelope.rb +0 -47
- data/spec/unit/indirector/exec.rb +0 -56
- data/spec/unit/indirector/facts/active_record.rb +0 -104
- data/spec/unit/indirector/facts/facter.rb +0 -142
- data/spec/unit/indirector/facts/rest.rb +0 -11
- data/spec/unit/indirector/facts/yaml.rb +0 -26
- data/spec/unit/indirector/file.rb +0 -161
- data/spec/unit/indirector/file_content/file.rb +0 -18
- data/spec/unit/indirector/file_content/file_server.rb +0 -18
- data/spec/unit/indirector/file_content/rest.rb +0 -11
- data/spec/unit/indirector/file_metadata/file.rb +0 -52
- data/spec/unit/indirector/file_metadata/file_server.rb +0 -18
- data/spec/unit/indirector/file_metadata/rest.rb +0 -9
- data/spec/unit/indirector/file_server.rb +0 -267
- data/spec/unit/indirector/indirection.rb +0 -795
- data/spec/unit/indirector/key/ca.rb +0 -28
- data/spec/unit/indirector/key/file.rb +0 -104
- data/spec/unit/indirector/ldap.rb +0 -143
- data/spec/unit/indirector/memory.rb +0 -29
- data/spec/unit/indirector/node/active_record.rb +0 -34
- data/spec/unit/indirector/node/exec.rb +0 -69
- data/spec/unit/indirector/node/ldap.rb +0 -458
- data/spec/unit/indirector/node/memory.rb +0 -19
- data/spec/unit/indirector/node/plain.rb +0 -19
- data/spec/unit/indirector/node/rest.rb +0 -13
- data/spec/unit/indirector/node/yaml.rb +0 -25
- data/spec/unit/indirector/plain.rb +0 -29
- data/spec/unit/indirector/queue.rb +0 -123
- data/spec/unit/indirector/report/processor.rb +0 -81
- data/spec/unit/indirector/report/rest.rb +0 -28
- data/spec/unit/indirector/request.rb +0 -308
- data/spec/unit/indirector/rest.rb +0 -403
- data/spec/unit/indirector/runner/rest.rb +0 -11
- data/spec/unit/indirector/ssl_file.rb +0 -280
- data/spec/unit/indirector/terminus.rb +0 -245
- data/spec/unit/indirector/yaml.rb +0 -145
- data/spec/unit/module.rb +0 -247
- data/spec/unit/network/authconfig.rb +0 -292
- data/spec/unit/network/authstore.rb +0 -370
- data/spec/unit/network/client.rb +0 -45
- data/spec/unit/network/client/dipper.rb +0 -16
- data/spec/unit/network/format.rb +0 -191
- data/spec/unit/network/format_handler.rb +0 -327
- data/spec/unit/network/formats.rb +0 -365
- data/spec/unit/network/handler/fileserver.rb +0 -176
- data/spec/unit/network/http.rb +0 -35
- data/spec/unit/network/http/api/v1.rb +0 -122
- data/spec/unit/network/http/handler.rb +0 -458
- data/spec/unit/network/http/mongrel.rb +0 -131
- data/spec/unit/network/http/mongrel/rest.rb +0 -232
- data/spec/unit/network/http/rack.rb +0 -102
- data/spec/unit/network/http/rack/rest.rb +0 -199
- data/spec/unit/network/http/rack/xmlrpc.rb +0 -157
- data/spec/unit/network/http/webrick.rb +0 -339
- data/spec/unit/network/http/webrick/rest.rb +0 -157
- data/spec/unit/network/http_pool.rb +0 -206
- data/spec/unit/network/rest_authconfig.rb +0 -146
- data/spec/unit/network/rest_authorization.rb +0 -43
- data/spec/unit/network/rights.rb +0 -519
- data/spec/unit/network/server.rb +0 -534
- data/spec/unit/network/xmlrpc/client.rb +0 -171
- data/spec/unit/node.rb +0 -200
- data/spec/unit/node/environment.rb +0 -187
- data/spec/unit/node/facts.rb +0 -97
- data/spec/unit/other/checksum.rb +0 -92
- data/spec/unit/other/selinux.rb +0 -85
- data/spec/unit/other/transbucket.rb +0 -188
- data/spec/unit/other/transobject.rb +0 -112
- data/spec/unit/parameter.rb +0 -405
- data/spec/unit/parser/ast.rb +0 -41
- data/spec/unit/parser/ast/arithmetic_operator.rb +0 -73
- data/spec/unit/parser/ast/astarray.rb +0 -72
- data/spec/unit/parser/ast/boolean_operator.rb +0 -53
- data/spec/unit/parser/ast/casestatement.rb +0 -135
- data/spec/unit/parser/ast/collection.rb +0 -63
- data/spec/unit/parser/ast/collexpr.rb +0 -115
- data/spec/unit/parser/ast/comparison_operator.rb +0 -92
- data/spec/unit/parser/ast/definition.rb +0 -213
- data/spec/unit/parser/ast/function.rb +0 -83
- data/spec/unit/parser/ast/hostclass.rb +0 -148
- data/spec/unit/parser/ast/ifstatement.rb +0 -76
- data/spec/unit/parser/ast/leaf.rb +0 -298
- data/spec/unit/parser/ast/match_operator.rb +0 -50
- data/spec/unit/parser/ast/minus.rb +0 -36
- data/spec/unit/parser/ast/node.rb +0 -145
- data/spec/unit/parser/ast/nop.rb +0 -20
- data/spec/unit/parser/ast/not.rb +0 -30
- data/spec/unit/parser/ast/resource.rb +0 -103
- data/spec/unit/parser/ast/resource_override.rb +0 -51
- data/spec/unit/parser/ast/resource_reference.rb +0 -69
- data/spec/unit/parser/ast/selector.rb +0 -155
- data/spec/unit/parser/ast/vardef.rb +0 -47
- data/spec/unit/parser/collector.rb +0 -556
- data/spec/unit/parser/compiler.rb +0 -604
- data/spec/unit/parser/files.rb +0 -190
- data/spec/unit/parser/functions.rb +0 -83
- data/spec/unit/parser/functions/fqdn_rand.rb +0 -62
- data/spec/unit/parser/functions/generate.rb +0 -41
- data/spec/unit/parser/functions/inline_template.rb +0 -59
- data/spec/unit/parser/functions/realize.rb +0 -51
- data/spec/unit/parser/functions/regsubst.rb +0 -168
- data/spec/unit/parser/functions/require.rb +0 -69
- data/spec/unit/parser/functions/shellquote.rb +0 -92
- data/spec/unit/parser/functions/split.rb +0 -51
- data/spec/unit/parser/functions/sprintf.rb +0 -42
- data/spec/unit/parser/functions/template.rb +0 -62
- data/spec/unit/parser/functions/versioncmp.rb +0 -29
- data/spec/unit/parser/interpreter.rb +0 -147
- data/spec/unit/parser/lexer.rb +0 -731
- data/spec/unit/parser/loaded_code.rb +0 -215
- data/spec/unit/parser/parser.rb +0 -423
- data/spec/unit/parser/resource.rb +0 -529
- data/spec/unit/parser/resource/reference.rb +0 -111
- data/spec/unit/parser/scope.rb +0 -387
- data/spec/unit/parser/templatewrapper.rb +0 -134
- data/spec/unit/property.rb +0 -305
- data/spec/unit/property/keyvalue.rb +0 -168
- data/spec/unit/property/list.rb +0 -166
- data/spec/unit/property/ordered_list.rb +0 -64
- data/spec/unit/provider.rb +0 -31
- data/spec/unit/provider/augeas/augeas.rb +0 -413
- data/spec/unit/provider/confine.rb +0 -78
- data/spec/unit/provider/confine/exists.rb +0 -81
- data/spec/unit/provider/confine/false.rb +0 -53
- data/spec/unit/provider/confine/feature.rb +0 -60
- data/spec/unit/provider/confine/true.rb +0 -53
- data/spec/unit/provider/confine/variable.rb +0 -107
- data/spec/unit/provider/confine_collection.rb +0 -134
- data/spec/unit/provider/confiner.rb +0 -63
- data/spec/unit/provider/group/groupadd.rb +0 -31
- data/spec/unit/provider/group/ldap.rb +0 -105
- data/spec/unit/provider/ldap.rb +0 -248
- data/spec/unit/provider/macauthorization.rb +0 -147
- data/spec/unit/provider/mcx/mcxcontent.rb +0 -175
- data/spec/unit/provider/mount.rb +0 -130
- data/spec/unit/provider/mount/parsed.rb +0 -194
- data/spec/unit/provider/naginator.rb +0 -58
- data/spec/unit/provider/package/apt.rb +0 -138
- data/spec/unit/provider/package/dpkg.rb +0 -170
- data/spec/unit/provider/package/gem.rb +0 -87
- data/spec/unit/provider/package/hpux.rb +0 -52
- data/spec/unit/provider/package/pkgdmg.rb +0 -73
- data/spec/unit/provider/parsedfile.rb +0 -95
- data/spec/unit/provider/selboolean.rb +0 -37
- data/spec/unit/provider/selmodule.rb +0 -66
- data/spec/unit/provider/service/daemontools.rb +0 -166
- data/spec/unit/provider/service/debian.rb +0 -89
- data/spec/unit/provider/service/init.rb +0 -121
- data/spec/unit/provider/service/launchd.rb +0 -200
- data/spec/unit/provider/service/redhat.rb +0 -96
- data/spec/unit/provider/service/runit.rb +0 -140
- data/spec/unit/provider/ssh_authorized_key/parsed.rb +0 -206
- data/spec/unit/provider/sshkey/parsed.rb +0 -38
- data/spec/unit/provider/user/hpux.rb +0 -25
- data/spec/unit/provider/user/ldap.rb +0 -279
- data/spec/unit/provider/user/user_role_add.rb +0 -249
- data/spec/unit/provider/user/useradd.rb +0 -115
- data/spec/unit/provider/zfs/solaris.rb +0 -99
- data/spec/unit/provider/zone/solaris.rb +0 -42
- data/spec/unit/provider/zpool/solaris.rb +0 -179
- data/spec/unit/rails.rb +0 -133
- data/spec/unit/rails/host.rb +0 -163
- data/spec/unit/rails/param_value.rb +0 -49
- data/spec/unit/rails/resource.rb +0 -107
- data/spec/unit/relationship.rb +0 -236
- data/spec/unit/reports.rb +0 -61
- data/spec/unit/resource.rb +0 -495
- data/spec/unit/resource/catalog.rb +0 -1053
- data/spec/unit/resource/reference.rb +0 -111
- data/spec/unit/simple_graph.rb +0 -551
- data/spec/unit/ssl/certificate.rb +0 -124
- data/spec/unit/ssl/certificate_authority.rb +0 -741
- data/spec/unit/ssl/certificate_authority/interface.rb +0 -269
- data/spec/unit/ssl/certificate_factory.rb +0 -107
- data/spec/unit/ssl/certificate_request.rb +0 -193
- data/spec/unit/ssl/certificate_revocation_list.rb +0 -168
- data/spec/unit/ssl/host.rb +0 -704
- data/spec/unit/ssl/inventory.rb +0 -180
- data/spec/unit/ssl/key.rb +0 -198
- data/spec/unit/transaction.rb +0 -146
- data/spec/unit/transaction/change.rb +0 -187
- data/spec/unit/transaction/event.rb +0 -25
- data/spec/unit/transaction/report.rb +0 -40
- data/spec/unit/type.rb +0 -426
- data/spec/unit/type/augeas.rb +0 -106
- data/spec/unit/type/component.rb +0 -63
- data/spec/unit/type/computer.rb +0 -78
- data/spec/unit/type/cron.rb +0 -33
- data/spec/unit/type/exec.rb +0 -116
- data/spec/unit/type/file.rb +0 -810
- data/spec/unit/type/file/checksum.rb +0 -28
- data/spec/unit/type/file/content.rb +0 -297
- data/spec/unit/type/file/ensure.rb +0 -84
- data/spec/unit/type/file/group.rb +0 -123
- data/spec/unit/type/file/owner.rb +0 -143
- data/spec/unit/type/file/selinux.rb +0 -84
- data/spec/unit/type/file/source.rb +0 -264
- data/spec/unit/type/filebucket.rb +0 -74
- data/spec/unit/type/group.rb +0 -39
- data/spec/unit/type/macauthorization.rb +0 -111
- data/spec/unit/type/maillist.rb +0 -42
- data/spec/unit/type/mcx.rb +0 -100
- data/spec/unit/type/mount.rb +0 -211
- data/spec/unit/type/nagios.rb +0 -63
- data/spec/unit/type/noop_metaparam.rb +0 -37
- data/spec/unit/type/package.rb +0 -236
- data/spec/unit/type/resources.rb +0 -89
- data/spec/unit/type/schedule.rb +0 -333
- data/spec/unit/type/selboolean.rb +0 -45
- data/spec/unit/type/selmodule.rb +0 -18
- data/spec/unit/type/service.rb +0 -230
- data/spec/unit/type/ssh_authorized_key.rb +0 -140
- data/spec/unit/type/tidy.rb +0 -422
- data/spec/unit/type/user.rb +0 -285
- data/spec/unit/type/zfs.rb +0 -45
- data/spec/unit/type/zone.rb +0 -20
- data/spec/unit/type/zpool.rb +0 -110
- data/spec/unit/util/autoload.rb +0 -133
- data/spec/unit/util/autoload/file_cache.rb +0 -183
- data/spec/unit/util/backups.rb +0 -159
- data/spec/unit/util/cache_accumulator.rb +0 -69
- data/spec/unit/util/cacher.rb +0 -185
- data/spec/unit/util/checksums.rb +0 -113
- data/spec/unit/util/constant_inflector.rb +0 -70
- data/spec/unit/util/feature.rb +0 -72
- data/spec/unit/util/file_locking.rb +0 -115
- data/spec/unit/util/filetype.rb +0 -100
- data/spec/unit/util/json.rb +0 -21
- data/spec/unit/util/ldap/connection.rb +0 -169
- data/spec/unit/util/ldap/generator.rb +0 -54
- data/spec/unit/util/ldap/manager.rb +0 -654
- data/spec/unit/util/loadedfile.rb +0 -65
- data/spec/unit/util/log.rb +0 -202
- data/spec/unit/util/metric.rb +0 -95
- data/spec/unit/util/monkey_patches.rb +0 -103
- data/spec/unit/util/nagios_maker.rb +0 -126
- data/spec/unit/util/package.rb +0 -21
- data/spec/unit/util/posix.rb +0 -256
- data/spec/unit/util/queue.rb +0 -96
- data/spec/unit/util/queue/stomp.rb +0 -140
- data/spec/unit/util/reference_serializer.rb +0 -52
- data/spec/unit/util/resource_template.rb +0 -58
- data/spec/unit/util/selinux.rb +0 -280
- data/spec/unit/util/settings.rb +0 -1058
- data/spec/unit/util/settings/file_setting.rb +0 -248
- data/spec/unit/util/storage.rb +0 -248
- data/spec/unit/util/tagging.rb +0 -102
- data/spec/unit/util/user_attr.rb +0 -47
- data/spec/unit/util/warnings.rb +0 -39
- data/spec/unit/util/zaml.rb +0 -38
- data/test/language/ast/casestatement.rb +0 -103
- data/test/language/ast/resource.rb +0 -58
- data/test/language/ast/resource_reference.rb +0 -77
- data/test/language/ast/selector.rb +0 -61
- data/test/language/resource.rb +0 -172
- data/test/lib/puppettest/support/collection.rb +0 -29
- data/test/network/client/resource.rb +0 -52
- data/test/network/handler/bucket.rb +0 -313
- data/test/network/handler/resource.rb +0 -250
- data/test/other/dsl.rb +0 -215
- data/test/other/events.rb +0 -124
- data/test/ral/type/group.rb +0 -170
data/lib/puppet/ssl/inventory.rb
CHANGED
@@ -3,50 +3,50 @@ require 'puppet/ssl/certificate'
|
|
3
3
|
|
4
4
|
# Keep track of all of our known certificates.
|
5
5
|
class Puppet::SSL::Inventory
|
6
|
-
|
6
|
+
attr_reader :path
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
# Add a certificate to our inventory.
|
9
|
+
def add(cert)
|
10
|
+
cert = cert.content if cert.is_a?(Puppet::SSL::Certificate)
|
11
11
|
|
12
|
-
|
13
|
-
|
12
|
+
# Create our file, if one does not already exist.
|
13
|
+
rebuild unless FileTest.exist?(@path)
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
end
|
15
|
+
Puppet.settings.write(:cert_inventory, "a") do |f|
|
16
|
+
f.print format(cert)
|
18
17
|
end
|
18
|
+
end
|
19
19
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
def initialize
|
27
|
-
@path = Puppet[:cert_inventory]
|
28
|
-
end
|
20
|
+
# Format our certificate for output.
|
21
|
+
def format(cert)
|
22
|
+
iso = '%Y-%m-%dT%H:%M:%S%Z'
|
23
|
+
"0x%04x %s %s %s\n" % [cert.serial, cert.not_before.strftime(iso), cert.not_after.strftime(iso), cert.subject]
|
24
|
+
end
|
29
25
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
Puppet.notice "Rebuilding inventory file"
|
26
|
+
def initialize
|
27
|
+
@path = Puppet[:cert_inventory]
|
28
|
+
end
|
34
29
|
|
35
|
-
|
36
|
-
|
37
|
-
|
30
|
+
# Rebuild the inventory from scratch. This should happen if
|
31
|
+
# the file is entirely missing or if it's somehow corrupted.
|
32
|
+
def rebuild
|
33
|
+
Puppet.notice "Rebuilding inventory file"
|
38
34
|
|
39
|
-
|
35
|
+
Puppet.settings.write(:cert_inventory) do |f|
|
36
|
+
f.print "# Inventory of signed certificates\n# SERIAL NOT_BEFORE NOT_AFTER SUBJECT\n"
|
40
37
|
end
|
41
38
|
|
42
|
-
|
43
|
-
|
44
|
-
|
39
|
+
Puppet::SSL::Certificate.search("*").each { |cert| add(cert) }
|
40
|
+
end
|
41
|
+
|
42
|
+
# Find the serial number for a given certificate.
|
43
|
+
def serial(name)
|
44
|
+
return nil unless FileTest.exist?(@path)
|
45
45
|
|
46
|
-
|
47
|
-
|
46
|
+
File.readlines(@path).each do |line|
|
47
|
+
next unless line =~ /^(\S+).+\/CN=#{name}$/
|
48
48
|
|
49
|
-
|
50
|
-
end
|
49
|
+
return Integer($1)
|
51
50
|
end
|
51
|
+
end
|
52
52
|
end
|
data/lib/puppet/ssl/key.rb
CHANGED
@@ -3,54 +3,54 @@ require 'puppet/indirector'
|
|
3
3
|
|
4
4
|
# Manage private and public keys as a pair.
|
5
5
|
class Puppet::SSL::Key < Puppet::SSL::Base
|
6
|
-
|
6
|
+
wraps OpenSSL::PKey::RSA
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
extend Puppet::Indirector
|
9
|
+
indirects :key, :terminus_class => :file
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
11
|
+
# Because of how the format handler class is included, this
|
12
|
+
# can't be in the base class.
|
13
|
+
def self.supported_formats
|
14
|
+
[:s]
|
15
|
+
end
|
16
16
|
|
17
|
-
|
17
|
+
attr_accessor :password_file
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
19
|
+
# Knows how to create keys with our system defaults.
|
20
|
+
def generate
|
21
|
+
Puppet.info "Creating a new SSL key for #{name}"
|
22
|
+
@content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
|
23
|
+
end
|
24
24
|
|
25
|
-
|
26
|
-
|
25
|
+
def initialize(name)
|
26
|
+
super
|
27
27
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
end
|
28
|
+
if ca?
|
29
|
+
@password_file = Puppet[:capass]
|
30
|
+
else
|
31
|
+
@password_file = Puppet[:passfile]
|
33
32
|
end
|
33
|
+
end
|
34
34
|
|
35
|
-
|
36
|
-
|
35
|
+
def password
|
36
|
+
return nil unless password_file and FileTest.exist?(password_file)
|
37
37
|
|
38
|
-
|
39
|
-
|
38
|
+
::File.read(password_file)
|
39
|
+
end
|
40
40
|
|
41
|
-
|
42
|
-
|
43
|
-
|
41
|
+
# Optionally support specifying a password file.
|
42
|
+
def read(path)
|
43
|
+
return super unless password_file
|
44
44
|
|
45
|
-
|
46
|
-
|
47
|
-
|
45
|
+
#@content = wrapped_class.new(::File.read(path), password)
|
46
|
+
@content = wrapped_class.new(::File.read(path), password)
|
47
|
+
end
|
48
48
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
end
|
49
|
+
def to_s
|
50
|
+
if pass = password
|
51
|
+
@content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), pass)
|
52
|
+
else
|
53
|
+
return super
|
55
54
|
end
|
55
|
+
end
|
56
56
|
end
|
@@ -5,141 +5,142 @@ require 'puppet'
|
|
5
5
|
raise Puppet::Error, "You must have the Ruby openssl library installed" unless Puppet.features.openssl?
|
6
6
|
|
7
7
|
module Puppet::SSLCertificates
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
cert.not_after = from + hash[:ttl]
|
30
|
-
cert.version = 2 # X509v3
|
31
|
-
|
32
|
-
cert.public_key = hash[:publickey]
|
33
|
-
cert.serial = hash[:serial]
|
34
|
-
|
35
|
-
basic_constraint = nil
|
36
|
-
key_usage = nil
|
37
|
-
ext_key_usage = nil
|
38
|
-
subject_alt_name = []
|
39
|
-
|
40
|
-
ef = OpenSSL::X509::ExtensionFactory.new
|
41
|
-
|
42
|
-
ef.subject_certificate = cert
|
43
|
-
|
44
|
-
if hash[:issuer]
|
45
|
-
ef.issuer_certificate = hash[:issuer]
|
46
|
-
else
|
47
|
-
ef.issuer_certificate = cert
|
48
|
-
end
|
49
|
-
|
50
|
-
ex = []
|
51
|
-
case hash[:type]
|
52
|
-
when :ca
|
53
|
-
basic_constraint = "CA:TRUE"
|
54
|
-
key_usage = %w{cRLSign keyCertSign}
|
55
|
-
when :terminalsubca
|
56
|
-
basic_constraint = "CA:TRUE,pathlen:0"
|
57
|
-
key_usage = %w{cRLSign keyCertSign}
|
58
|
-
when :server
|
59
|
-
basic_constraint = "CA:FALSE"
|
60
|
-
dnsnames = Puppet[:certdnsnames]
|
61
|
-
name = hash[:name].to_s.sub(%r{/CN=},'')
|
62
|
-
if dnsnames != ""
|
63
|
-
dnsnames.split(':').each { |d| subject_alt_name << 'DNS:' + d }
|
64
|
-
subject_alt_name << 'DNS:' + name # Add the fqdn as an alias
|
65
|
-
elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server
|
66
|
-
subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias
|
67
|
-
subject_alt_name << 'DNS:' + name # Add the fqdn as an alias
|
68
|
-
subject_alt_name << 'DNS:' + name.sub(/^[^.]+./, "puppet.") # add puppet.domain as an alias
|
69
|
-
end
|
70
|
-
key_usage = %w{digitalSignature keyEncipherment}
|
71
|
-
ext_key_usage = %w{serverAuth clientAuth emailProtection}
|
72
|
-
when :ocsp
|
73
|
-
basic_constraint = "CA:FALSE"
|
74
|
-
key_usage = %w{nonRepudiation digitalSignature}
|
75
|
-
ext_key_usage = %w{serverAuth OCSPSigning}
|
76
|
-
when :client
|
77
|
-
basic_constraint = "CA:FALSE"
|
78
|
-
key_usage = %w{nonRepudiation digitalSignature keyEncipherment}
|
79
|
-
ext_key_usage = %w{clientAuth emailProtection}
|
80
|
-
ex << ef.create_extension("nsCertType", "client,email")
|
81
|
-
else
|
82
|
-
raise Puppet::Error, "unknown cert type '%s'" % hash[:type]
|
83
|
-
end
|
8
|
+
#def self.mkcert(type, name, dnsnames, ttl, issuercert, issuername, serial, publickey)
|
9
|
+
def self.mkcert(hash)
|
10
|
+
[:type, :name, :ttl, :issuer, :serial, :publickey].each { |param|
|
11
|
+
raise ArgumentError, "mkcert called without #{param}" unless hash.include?(param)
|
12
|
+
}
|
13
|
+
|
14
|
+
cert = OpenSSL::X509::Certificate.new
|
15
|
+
# Make the certificate valid as of yesterday, because
|
16
|
+
# so many people's clocks are out of sync.
|
17
|
+
from = Time.now - (60*60*24)
|
18
|
+
|
19
|
+
cert.subject = hash[:name]
|
20
|
+
if hash[:issuer]
|
21
|
+
cert.issuer = hash[:issuer].subject
|
22
|
+
else
|
23
|
+
# we're a self-signed cert
|
24
|
+
cert.issuer = hash[:name]
|
25
|
+
end
|
26
|
+
cert.not_before = from
|
27
|
+
cert.not_after = from + hash[:ttl]
|
28
|
+
cert.version = 2 # X509v3
|
84
29
|
|
85
|
-
|
86
|
-
|
87
|
-
ex << ef.create_extension("basicConstraints", basic_constraint, true)
|
88
|
-
ex << ef.create_extension("subjectKeyIdentifier", "hash")
|
30
|
+
cert.public_key = hash[:publickey]
|
31
|
+
cert.serial = hash[:serial]
|
89
32
|
|
90
|
-
|
91
|
-
|
92
|
-
|
33
|
+
basic_constraint = nil
|
34
|
+
key_usage = nil
|
35
|
+
ext_key_usage = nil
|
36
|
+
subject_alt_name = []
|
93
37
|
|
94
|
-
|
95
|
-
# ex << ef.create_extension("crlDistributionPoints",
|
96
|
-
# @ca_config[:cdp_location])
|
97
|
-
#end
|
38
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
98
39
|
|
99
|
-
|
100
|
-
# ex << ef.create_extension("authorityInfoAccess",
|
101
|
-
# "OCSP;" << @ca_config[:ocsp_location])
|
102
|
-
#end
|
103
|
-
cert.extensions = ex
|
40
|
+
ef.subject_certificate = cert
|
104
41
|
|
105
|
-
|
106
|
-
|
42
|
+
if hash[:issuer]
|
43
|
+
ef.issuer_certificate = hash[:issuer]
|
44
|
+
else
|
45
|
+
ef.issuer_certificate = cert
|
46
|
+
end
|
107
47
|
|
108
|
-
|
48
|
+
ex = []
|
49
|
+
case hash[:type]
|
50
|
+
when :ca
|
51
|
+
basic_constraint = "CA:TRUE"
|
52
|
+
key_usage = %w{cRLSign keyCertSign}
|
53
|
+
when :terminalsubca
|
54
|
+
basic_constraint = "CA:TRUE,pathlen:0"
|
55
|
+
key_usage = %w{cRLSign keyCertSign}
|
56
|
+
when :server
|
57
|
+
basic_constraint = "CA:FALSE"
|
58
|
+
dnsnames = Puppet[:certdnsnames]
|
59
|
+
name = hash[:name].to_s.sub(%r{/CN=},'')
|
60
|
+
if dnsnames != ""
|
61
|
+
dnsnames.split(':').each { |d| subject_alt_name << 'DNS:' + d }
|
62
|
+
subject_alt_name << 'DNS:' + name # Add the fqdn as an alias
|
63
|
+
elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server
|
64
|
+
subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias
|
65
|
+
subject_alt_name << 'DNS:' + name # Add the fqdn as an alias
|
66
|
+
subject_alt_name << 'DNS:' + name.sub(/^[^.]+./, "puppet.") # add puppet.domain as an alias
|
67
|
+
end
|
68
|
+
key_usage = %w{digitalSignature keyEncipherment}
|
69
|
+
ext_key_usage = %w{serverAuth clientAuth emailProtection}
|
70
|
+
when :ocsp
|
71
|
+
basic_constraint = "CA:FALSE"
|
72
|
+
key_usage = %w{nonRepudiation digitalSignature}
|
73
|
+
ext_key_usage = %w{serverAuth OCSPSigning}
|
74
|
+
when :client
|
75
|
+
basic_constraint = "CA:FALSE"
|
76
|
+
key_usage = %w{nonRepudiation digitalSignature keyEncipherment}
|
77
|
+
ext_key_usage = %w{clientAuth emailProtection}
|
78
|
+
ex << ef.create_extension("nsCertType", "client,email")
|
79
|
+
else
|
80
|
+
raise Puppet::Error, "unknown cert type '#{hash[:type]}'"
|
109
81
|
end
|
110
82
|
|
111
|
-
def self.mkhash(dir, cert, certfile)
|
112
|
-
# Make sure the hash is zero-padded to 8 chars
|
113
|
-
hash = "%08x" % cert.issuer.hash
|
114
|
-
hashpath = nil
|
115
|
-
10.times { |i|
|
116
|
-
path = File.join(dir, "%s.%s" % [hash, i])
|
117
|
-
if FileTest.exists?(path)
|
118
|
-
if FileTest.symlink?(path)
|
119
|
-
dest = File.readlink(path)
|
120
|
-
if dest == certfile
|
121
|
-
# the correct link already exists
|
122
|
-
hashpath = path
|
123
|
-
break
|
124
|
-
else
|
125
|
-
next
|
126
|
-
end
|
127
|
-
else
|
128
|
-
next
|
129
|
-
end
|
130
|
-
end
|
131
|
-
|
132
|
-
File.symlink(certfile, path)
|
133
83
|
|
84
|
+
ex << ef.create_extension(
|
85
|
+
"nsComment",
|
86
|
+
|
87
|
+
"Puppet Ruby/OpenSSL Generated Certificate")
|
88
|
+
ex << ef.create_extension("basicConstraints", basic_constraint, true)
|
89
|
+
ex << ef.create_extension("subjectKeyIdentifier", "hash")
|
90
|
+
|
91
|
+
ex << ef.create_extension("keyUsage", key_usage.join(",")) if key_usage
|
92
|
+
ex << ef.create_extension("extendedKeyUsage", ext_key_usage.join(",")) if ext_key_usage
|
93
|
+
ex << ef.create_extension("subjectAltName", subject_alt_name.join(",")) if ! subject_alt_name.empty?
|
94
|
+
|
95
|
+
#if @ca_config[:cdp_location] then
|
96
|
+
# ex << ef.create_extension("crlDistributionPoints",
|
97
|
+
# @ca_config[:cdp_location])
|
98
|
+
#end
|
99
|
+
|
100
|
+
#if @ca_config[:ocsp_location] then
|
101
|
+
# ex << ef.create_extension("authorityInfoAccess",
|
102
|
+
# "OCSP;" << @ca_config[:ocsp_location])
|
103
|
+
#end
|
104
|
+
cert.extensions = ex
|
105
|
+
|
106
|
+
# for some reason this _must_ be the last extension added
|
107
|
+
ex << ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") if hash[:type] == :ca
|
108
|
+
|
109
|
+
cert
|
110
|
+
end
|
111
|
+
|
112
|
+
def self.mkhash(dir, cert, certfile)
|
113
|
+
# Make sure the hash is zero-padded to 8 chars
|
114
|
+
hash = "%08x" % cert.issuer.hash
|
115
|
+
hashpath = nil
|
116
|
+
10.times { |i|
|
117
|
+
path = File.join(dir, "#{hash}.#{i}")
|
118
|
+
if FileTest.exists?(path)
|
119
|
+
if FileTest.symlink?(path)
|
120
|
+
dest = File.readlink(path)
|
121
|
+
if dest == certfile
|
122
|
+
# the correct link already exists
|
134
123
|
hashpath = path
|
135
124
|
break
|
136
|
-
|
125
|
+
else
|
126
|
+
next
|
127
|
+
end
|
128
|
+
else
|
129
|
+
next
|
130
|
+
end
|
131
|
+
end
|
137
132
|
|
133
|
+
File.symlink(certfile, path)
|
138
134
|
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
135
|
+
hashpath = path
|
136
|
+
break
|
137
|
+
}
|
138
|
+
|
139
|
+
|
140
|
+
hashpath
|
141
|
+
end
|
142
|
+
require 'puppet/sslcertificates/certificate'
|
143
|
+
require 'puppet/sslcertificates/inventory'
|
144
|
+
require 'puppet/sslcertificates/ca'
|
144
145
|
end
|
145
146
|
|
@@ -1,398 +1,381 @@
|
|
1
1
|
require 'sync'
|
2
2
|
|
3
3
|
class Puppet::SSLCertificates::CA
|
4
|
-
|
4
|
+
include Puppet::Util::Warnings
|
5
5
|
|
6
|
-
|
7
|
-
|
6
|
+
Certificate = Puppet::SSLCertificates::Certificate
|
7
|
+
attr_accessor :keyfile, :file, :config, :dir, :cert, :crl
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
def certfile
|
10
|
+
@config[:cacert]
|
11
|
+
end
|
12
|
+
|
13
|
+
# Remove all traces of a given host. This is kind of hackish, but, eh.
|
14
|
+
def clean(host)
|
15
|
+
host = host.downcase
|
16
|
+
[:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir].each do |name|
|
17
|
+
dir = Puppet[name]
|
12
18
|
|
13
|
-
|
14
|
-
def clean(host)
|
15
|
-
host = host.downcase
|
16
|
-
[:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir].each do |name|
|
17
|
-
dir = Puppet[name]
|
18
|
-
|
19
|
-
file = File.join(dir, host + ".pem")
|
20
|
-
|
21
|
-
if FileTest.exists?(file)
|
22
|
-
begin
|
23
|
-
if Puppet[:name] == "puppetca"
|
24
|
-
puts "Removing %s" % file
|
25
|
-
else
|
26
|
-
Puppet.info "Removing %s" % file
|
27
|
-
end
|
28
|
-
File.unlink(file)
|
29
|
-
rescue => detail
|
30
|
-
raise Puppet::Error, "Could not delete %s: %s" %
|
31
|
-
[file, detail]
|
32
|
-
end
|
33
|
-
end
|
19
|
+
file = File.join(dir, host + ".pem")
|
34
20
|
|
21
|
+
if FileTest.exists?(file)
|
22
|
+
begin
|
23
|
+
if Puppet[:name] == "cert"
|
24
|
+
puts "Removing #{file}"
|
25
|
+
else
|
26
|
+
Puppet.info "Removing #{file}"
|
27
|
+
end
|
28
|
+
File.unlink(file)
|
29
|
+
rescue => detail
|
30
|
+
raise Puppet::Error, "Could not delete #{file}: #{detail}"
|
35
31
|
end
|
36
|
-
|
32
|
+
end
|
37
33
|
|
38
|
-
def host2csrfile(hostname)
|
39
|
-
File.join(Puppet[:csrdir], [hostname.downcase, "pem"].join("."))
|
40
34
|
end
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
35
|
+
end
|
36
|
+
|
37
|
+
def host2csrfile(hostname)
|
38
|
+
File.join(Puppet[:csrdir], [hostname.downcase, "pem"].join("."))
|
39
|
+
end
|
40
|
+
|
41
|
+
# this stores signed certs in a directory unrelated to
|
42
|
+
# normal client certs
|
43
|
+
def host2certfile(hostname)
|
44
|
+
File.join(Puppet[:signeddir], [hostname.downcase, "pem"].join("."))
|
45
|
+
end
|
46
|
+
|
47
|
+
# Turn our hostname into a Name object
|
48
|
+
def thing2name(thing)
|
49
|
+
thing.subject.to_a.find { |ary|
|
50
|
+
ary[0] == "CN"
|
51
|
+
}[1]
|
52
|
+
end
|
53
|
+
|
54
|
+
def initialize(hash = {})
|
55
|
+
Puppet.settings.use(:main, :ca, :ssl)
|
56
|
+
self.setconfig(hash)
|
57
|
+
|
58
|
+
if Puppet[:capass]
|
59
|
+
if FileTest.exists?(Puppet[:capass])
|
60
|
+
#puts "Reading #{Puppet[:capass]}"
|
61
|
+
#system "ls -al #{Puppet[:capass]}"
|
62
|
+
#File.read Puppet[:capass]
|
63
|
+
@config[:password] = self.getpass
|
64
|
+
else
|
65
|
+
# Don't create a password if the cert already exists
|
66
|
+
@config[:password] = self.genpass unless FileTest.exists?(@config[:cacert])
|
67
|
+
end
|
46
68
|
end
|
47
69
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
70
|
+
self.getcert
|
71
|
+
init_crl
|
72
|
+
unless FileTest.exists?(@config[:serial])
|
73
|
+
Puppet.settings.write(:serial) do |f|
|
74
|
+
f << "%04X" % 1
|
75
|
+
end
|
53
76
|
end
|
77
|
+
end
|
54
78
|
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
if Puppet[:capass]
|
60
|
-
if FileTest.exists?(Puppet[:capass])
|
61
|
-
#puts "Reading %s" % Puppet[:capass]
|
62
|
-
#system "ls -al %s" % Puppet[:capass]
|
63
|
-
#File.read Puppet[:capass]
|
64
|
-
@config[:password] = self.getpass
|
65
|
-
else
|
66
|
-
# Don't create a password if the cert already exists
|
67
|
-
unless FileTest.exists?(@config[:cacert])
|
68
|
-
@config[:password] = self.genpass
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
79
|
+
# Generate a new password for the CA.
|
80
|
+
def genpass
|
81
|
+
pass = ""
|
82
|
+
20.times { pass += (rand(74) + 48).chr }
|
72
83
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
f << "%04X" % 1
|
78
|
-
end
|
79
|
-
end
|
84
|
+
begin
|
85
|
+
Puppet.settings.write(:capass) { |f| f.print pass }
|
86
|
+
rescue Errno::EACCES => detail
|
87
|
+
raise Puppet::Error, detail.to_s
|
80
88
|
end
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
raise Puppet::Error, detail.to_s
|
91
|
-
end
|
92
|
-
return pass
|
89
|
+
pass
|
90
|
+
end
|
91
|
+
|
92
|
+
# Get the CA password.
|
93
|
+
def getpass
|
94
|
+
if @config[:capass] and File.readable?(@config[:capass])
|
95
|
+
return File.read(@config[:capass])
|
96
|
+
else
|
97
|
+
raise Puppet::Error, "Could not decrypt CA key with password: #{detail}"
|
93
98
|
end
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
99
|
+
end
|
100
|
+
|
101
|
+
# Get the CA cert.
|
102
|
+
def getcert
|
103
|
+
if FileTest.exists?(@config[:cacert])
|
104
|
+
@cert = OpenSSL::X509::Certificate.new(
|
105
|
+
File.read(@config[:cacert])
|
106
|
+
)
|
107
|
+
else
|
108
|
+
self.mkrootcert
|
102
109
|
end
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
110
|
+
end
|
111
|
+
|
112
|
+
# Retrieve a client's CSR.
|
113
|
+
def getclientcsr(host)
|
114
|
+
csrfile = host2csrfile(host)
|
115
|
+
return nil unless File.exists?(csrfile)
|
116
|
+
|
117
|
+
OpenSSL::X509::Request.new(File.read(csrfile))
|
118
|
+
end
|
119
|
+
|
120
|
+
# Retrieve a client's certificate.
|
121
|
+
def getclientcert(host)
|
122
|
+
certfile = host2certfile(host)
|
123
|
+
return [nil, nil] unless File.exists?(certfile)
|
124
|
+
|
125
|
+
[OpenSSL::X509::Certificate.new(File.read(certfile)), @cert]
|
126
|
+
end
|
127
|
+
|
128
|
+
# List certificates waiting to be signed. This returns a list of hostnames, not actual
|
129
|
+
# files -- the names can be converted to full paths with host2csrfile.
|
130
|
+
def list(dummy_argument=:work_arround_for_ruby_GC_bug)
|
131
|
+
return Dir.entries(Puppet[:csrdir]).find_all { |file|
|
132
|
+
file =~ /\.pem$/
|
133
|
+
}.collect { |file|
|
134
|
+
file.sub(/\.pem$/, '')
|
135
|
+
}
|
136
|
+
end
|
137
|
+
|
138
|
+
# List signed certificates. This returns a list of hostnames, not actual
|
139
|
+
# files -- the names can be converted to full paths with host2csrfile.
|
140
|
+
def list_signed(dummy_argument=:work_arround_for_ruby_GC_bug)
|
141
|
+
return Dir.entries(Puppet[:signeddir]).find_all { |file|
|
142
|
+
file =~ /\.pem$/
|
143
|
+
}.collect { |file|
|
144
|
+
file.sub(/\.pem$/, '')
|
145
|
+
}
|
146
|
+
end
|
147
|
+
|
148
|
+
# Create the root certificate.
|
149
|
+
def mkrootcert
|
150
|
+
# Make the root cert's name the FQDN of the host running the CA.
|
151
|
+
name = Facter["hostname"].value
|
152
|
+
if domain = Facter["domain"].value
|
153
|
+
name += ".#{domain}"
|
113
154
|
end
|
114
155
|
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
156
|
+
cert = Certificate.new(
|
157
|
+
|
158
|
+
:name => name,
|
159
|
+
:cert => @config[:cacert],
|
160
|
+
:encrypt => @config[:capass],
|
161
|
+
:key => @config[:cakey],
|
162
|
+
:selfsign => true,
|
163
|
+
:ttl => ttl,
|
164
|
+
|
165
|
+
:type => :ca
|
166
|
+
)
|
167
|
+
|
168
|
+
# This creates the cakey file
|
169
|
+
Puppet::Util::SUIDManager.asuser(Puppet[:user], Puppet[:group]) do
|
170
|
+
@cert = cert.mkselfsigned
|
123
171
|
end
|
124
|
-
|
125
|
-
|
126
|
-
def getclientcert(host)
|
127
|
-
certfile = host2certfile(host)
|
128
|
-
unless File.exists?(certfile)
|
129
|
-
return [nil, nil]
|
130
|
-
end
|
131
|
-
|
132
|
-
return [OpenSSL::X509::Certificate.new(File.read(certfile)), @cert]
|
172
|
+
Puppet.settings.write(:cacert) do |f|
|
173
|
+
f.puts @cert.to_pem
|
133
174
|
end
|
134
|
-
|
135
|
-
|
136
|
-
# files -- the names can be converted to full paths with host2csrfile.
|
137
|
-
def list(dummy_argument=:work_arround_for_ruby_GC_bug)
|
138
|
-
return Dir.entries(Puppet[:csrdir]).find_all { |file|
|
139
|
-
file =~ /\.pem$/
|
140
|
-
}.collect { |file|
|
141
|
-
file.sub(/\.pem$/, '')
|
142
|
-
}
|
175
|
+
Puppet.settings.write(:capub) do |f|
|
176
|
+
f.puts @cert.public_key
|
143
177
|
end
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
178
|
+
cert
|
179
|
+
end
|
180
|
+
|
181
|
+
def removeclientcsr(host)
|
182
|
+
csrfile = host2csrfile(host)
|
183
|
+
raise Puppet::Error, "No certificate request for #{host}" unless File.exists?(csrfile)
|
184
|
+
|
185
|
+
File.unlink(csrfile)
|
186
|
+
end
|
187
|
+
|
188
|
+
# Revoke the certificate with serial number SERIAL issued by this
|
189
|
+
# CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons
|
190
|
+
def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
|
191
|
+
time = Time.now
|
192
|
+
revoked = OpenSSL::X509::Revoked.new
|
193
|
+
revoked.serial = serial
|
194
|
+
revoked.time = time
|
195
|
+
enum = OpenSSL::ASN1::Enumerated(reason)
|
196
|
+
ext = OpenSSL::X509::Extension.new("CRLReason", enum)
|
197
|
+
revoked.add_extension(ext)
|
198
|
+
@crl.add_revoked(revoked)
|
199
|
+
store_crl
|
200
|
+
end
|
201
|
+
|
202
|
+
# Take the Puppet config and store it locally.
|
203
|
+
def setconfig(hash)
|
204
|
+
@config = {}
|
205
|
+
Puppet.settings.params("ca").each { |param|
|
206
|
+
param = param.intern if param.is_a? String
|
207
|
+
if hash.include?(param)
|
208
|
+
@config[param] = hash[param]
|
209
|
+
Puppet[param] = hash[param]
|
210
|
+
hash.delete(param)
|
211
|
+
else
|
212
|
+
@config[param] = Puppet[param]
|
213
|
+
end
|
214
|
+
}
|
215
|
+
|
216
|
+
if hash.include?(:password)
|
217
|
+
@config[:password] = hash[:password]
|
218
|
+
hash.delete(:password)
|
153
219
|
end
|
154
220
|
|
155
|
-
#
|
156
|
-
def mkrootcert
|
157
|
-
# Make the root cert's name the FQDN of the host running the CA.
|
158
|
-
name = Facter["hostname"].value
|
159
|
-
if domain = Facter["domain"].value
|
160
|
-
name += "." + domain
|
161
|
-
end
|
162
|
-
cert = Certificate.new(
|
163
|
-
:name => name,
|
164
|
-
:cert => @config[:cacert],
|
165
|
-
:encrypt => @config[:capass],
|
166
|
-
:key => @config[:cakey],
|
167
|
-
:selfsign => true,
|
168
|
-
:ttl => ttl,
|
169
|
-
:type => :ca
|
170
|
-
)
|
221
|
+
raise ArgumentError, "Unknown parameters #{hash.keys.join(",")}" if hash.length > 0
|
171
222
|
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
Puppet.settings.write(:cacert) do |f|
|
177
|
-
f.puts @cert.to_pem
|
178
|
-
end
|
179
|
-
Puppet.settings.write(:capub) do |f|
|
180
|
-
f.puts @cert.public_key
|
181
|
-
end
|
182
|
-
return cert
|
183
|
-
end
|
223
|
+
[:cadir, :csrdir, :signeddir].each { |dir|
|
224
|
+
raise Puppet::DevError, "#{dir} is undefined" unless @config[dir]
|
225
|
+
}
|
226
|
+
end
|
184
227
|
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
File.unlink(csrfile)
|
228
|
+
# Sign a given certificate request.
|
229
|
+
def sign(csr)
|
230
|
+
unless csr.is_a?(OpenSSL::X509::Request)
|
231
|
+
raise Puppet::Error,
|
232
|
+
"CA#sign only accepts OpenSSL::X509::Request objects, not #{csr.class}"
|
192
233
|
end
|
193
234
|
|
194
|
-
|
195
|
-
# CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons
|
196
|
-
def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
|
197
|
-
time = Time.now
|
198
|
-
revoked = OpenSSL::X509::Revoked.new
|
199
|
-
revoked.serial = serial
|
200
|
-
revoked.time = time
|
201
|
-
enum = OpenSSL::ASN1::Enumerated(reason)
|
202
|
-
ext = OpenSSL::X509::Extension.new("CRLReason", enum)
|
203
|
-
revoked.add_extension(ext)
|
204
|
-
@crl.add_revoked(revoked)
|
205
|
-
store_crl
|
206
|
-
end
|
235
|
+
raise Puppet::Error, "CSR sign verification failed" unless csr.verify(csr.public_key)
|
207
236
|
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
@config[param] = hash[param]
|
215
|
-
Puppet[param] = hash[param]
|
216
|
-
hash.delete(param)
|
217
|
-
else
|
218
|
-
@config[param] = Puppet[param]
|
219
|
-
end
|
220
|
-
}
|
221
|
-
|
222
|
-
if hash.include?(:password)
|
223
|
-
@config[:password] = hash[:password]
|
224
|
-
hash.delete(:password)
|
225
|
-
end
|
237
|
+
serial = nil
|
238
|
+
Puppet.settings.readwritelock(:serial) { |f|
|
239
|
+
serial = File.read(@config[:serial]).chomp.hex
|
240
|
+
# increment the serial
|
241
|
+
f << "%04X" % (serial + 1)
|
242
|
+
}
|
226
243
|
|
227
|
-
if hash.length > 0
|
228
|
-
raise ArgumentError, "Unknown parameters %s" % hash.keys.join(",")
|
229
|
-
end
|
230
244
|
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
245
|
+
newcert = Puppet::SSLCertificates.mkcert(
|
246
|
+
|
247
|
+
:type => :server,
|
248
|
+
:name => csr.subject,
|
249
|
+
:ttl => ttl,
|
250
|
+
:issuer => @cert,
|
251
|
+
:serial => serial,
|
252
|
+
|
253
|
+
:publickey => csr.public_key
|
254
|
+
)
|
237
255
|
|
238
|
-
# Sign a given certificate request.
|
239
|
-
def sign(csr)
|
240
|
-
unless csr.is_a?(OpenSSL::X509::Request)
|
241
|
-
raise Puppet::Error,
|
242
|
-
"CA#sign only accepts OpenSSL::X509::Request objects, not %s" %
|
243
|
-
csr.class
|
244
|
-
end
|
245
256
|
|
246
|
-
|
247
|
-
raise Puppet::Error, "CSR sign verification failed"
|
248
|
-
end
|
257
|
+
sign_with_key(newcert)
|
249
258
|
|
250
|
-
|
251
|
-
Puppet.settings.readwritelock(:serial) { |f|
|
252
|
-
serial = File.read(@config[:serial]).chomp.hex
|
253
|
-
# increment the serial
|
254
|
-
f << "%04X" % (serial + 1)
|
255
|
-
}
|
256
|
-
|
257
|
-
newcert = Puppet::SSLCertificates.mkcert(
|
258
|
-
:type => :server,
|
259
|
-
:name => csr.subject,
|
260
|
-
:ttl => ttl,
|
261
|
-
:issuer => @cert,
|
262
|
-
:serial => serial,
|
263
|
-
:publickey => csr.public_key
|
264
|
-
)
|
259
|
+
self.storeclientcert(newcert)
|
265
260
|
|
261
|
+
[newcert, @cert]
|
262
|
+
end
|
266
263
|
|
267
|
-
|
264
|
+
# Store the client's CSR for later signing. This is called from
|
265
|
+
# server/ca.rb, and the CSRs are deleted once the certificate is actually
|
266
|
+
# signed.
|
267
|
+
def storeclientcsr(csr)
|
268
|
+
host = thing2name(csr)
|
268
269
|
|
269
|
-
|
270
|
+
csrfile = host2csrfile(host)
|
271
|
+
raise Puppet::Error, "Certificate request for #{host} already exists" if File.exists?(csrfile)
|
270
272
|
|
271
|
-
|
273
|
+
Puppet.settings.writesub(:csrdir, csrfile) do |f|
|
274
|
+
f.print csr.to_pem
|
272
275
|
end
|
276
|
+
end
|
273
277
|
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
def storeclientcsr(csr)
|
278
|
-
host = thing2name(csr)
|
278
|
+
# Store the certificate that we generate.
|
279
|
+
def storeclientcert(cert)
|
280
|
+
host = thing2name(cert)
|
279
281
|
|
280
|
-
|
281
|
-
|
282
|
-
raise Puppet::Error, "Certificate request for %s already exists" % host
|
283
|
-
end
|
282
|
+
certfile = host2certfile(host)
|
283
|
+
Puppet.notice "Overwriting signed certificate #{certfile} for #{host}" if File.exists?(certfile)
|
284
284
|
|
285
|
-
|
286
|
-
|
287
|
-
|
285
|
+
Puppet::SSLCertificates::Inventory::add(cert)
|
286
|
+
Puppet.settings.writesub(:signeddir, certfile) do |f|
|
287
|
+
f.print cert.to_pem
|
288
288
|
end
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
289
|
+
end
|
290
|
+
|
291
|
+
# TTL for new certificates in seconds. If config param :ca_ttl is set,
|
292
|
+
# use that, otherwise use :ca_days for backwards compatibility
|
293
|
+
def ttl
|
294
|
+
days = @config[:ca_days]
|
295
|
+
if days && days.size > 0
|
296
|
+
warnonce "Parameter ca_ttl is not set. Using depecated ca_days instead."
|
297
|
+
return @config[:ca_days] * 24 * 60 * 60
|
298
|
+
else
|
299
|
+
ttl = @config[:ca_ttl]
|
300
|
+
if ttl.is_a?(String)
|
301
|
+
unless ttl =~ /^(\d+)(y|d|h|s)$/
|
302
|
+
raise ArgumentError, "Invalid ca_ttl #{ttl}"
|
303
303
|
end
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
|
312
|
-
|
304
|
+
case $2
|
305
|
+
when 'y'
|
306
|
+
unit = 365 * 24 * 60 * 60
|
307
|
+
when 'd'
|
308
|
+
unit = 24 * 60 * 60
|
309
|
+
when 'h'
|
310
|
+
unit = 60 * 60
|
311
|
+
when 's'
|
312
|
+
unit = 1
|
313
313
|
else
|
314
|
-
|
315
|
-
if ttl.is_a?(String)
|
316
|
-
unless ttl =~ /^(\d+)(y|d|h|s)$/
|
317
|
-
raise ArgumentError, "Invalid ca_ttl #{ttl}"
|
318
|
-
end
|
319
|
-
case $2
|
320
|
-
when 'y'
|
321
|
-
unit = 365 * 24 * 60 * 60
|
322
|
-
when 'd'
|
323
|
-
unit = 24 * 60 * 60
|
324
|
-
when 'h'
|
325
|
-
unit = 60 * 60
|
326
|
-
when 's'
|
327
|
-
unit = 1
|
328
|
-
else
|
329
|
-
raise ArgumentError, "Invalid unit for ca_ttl #{ttl}"
|
330
|
-
end
|
331
|
-
return $1.to_i * unit
|
332
|
-
else
|
333
|
-
return ttl
|
334
|
-
end
|
314
|
+
raise ArgumentError, "Invalid unit for ca_ttl #{ttl}"
|
335
315
|
end
|
316
|
+
return $1.to_i * unit
|
317
|
+
else
|
318
|
+
return ttl
|
319
|
+
end
|
336
320
|
end
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
321
|
+
end
|
322
|
+
|
323
|
+
private
|
324
|
+
def init_crl
|
325
|
+
if FileTest.exists?(@config[:cacrl])
|
326
|
+
@crl = OpenSSL::X509::CRL.new(
|
327
|
+
File.read(@config[:cacrl])
|
328
|
+
)
|
329
|
+
else
|
330
|
+
# Create new CRL
|
331
|
+
@crl = OpenSSL::X509::CRL.new
|
332
|
+
@crl.issuer = @cert.subject
|
333
|
+
@crl.version = 1
|
334
|
+
store_crl
|
335
|
+
@crl
|
352
336
|
end
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
337
|
+
end
|
338
|
+
|
339
|
+
def store_crl
|
340
|
+
# Increment the crlNumber
|
341
|
+
e = @crl.extensions.find { |e| e.oid == 'crlNumber' }
|
342
|
+
ext = @crl.extensions.reject { |e| e.oid == 'crlNumber' }
|
343
|
+
crlNum = OpenSSL::ASN1::Integer(e ? e.value.to_i + 1 : 0)
|
344
|
+
ext << OpenSSL::X509::Extension.new("crlNumber", crlNum)
|
345
|
+
@crl.extensions = ext
|
346
|
+
|
347
|
+
# Set last/next update
|
348
|
+
now = Time.now
|
349
|
+
@crl.last_update = now
|
350
|
+
# Keep CRL valid for 5 years
|
351
|
+
@crl.next_update = now + 5 * 365*24*60*60
|
352
|
+
|
353
|
+
sign_with_key(@crl)
|
354
|
+
Puppet.settings.write(:cacrl) do |f|
|
355
|
+
f.puts @crl.to_pem
|
356
|
+
end
|
357
|
+
end
|
358
|
+
|
359
|
+
def sign_with_key(signable, digest = OpenSSL::Digest::SHA1.new)
|
360
|
+
cakey = nil
|
361
|
+
if @config[:password]
|
362
|
+
begin
|
363
|
+
cakey = OpenSSL::PKey::RSA.new(
|
364
|
+
File.read(@config[:cakey]), @config[:password]
|
365
|
+
)
|
366
|
+
rescue
|
367
|
+
raise Puppet::Error,
|
368
|
+
"Decrypt of CA private key with password stored in @config[:capass] not possible"
|
369
|
+
end
|
370
|
+
else
|
371
|
+
cakey = OpenSSL::PKey::RSA.new(
|
372
|
+
File.read(@config[:cakey])
|
373
|
+
)
|
372
374
|
end
|
373
375
|
|
374
|
-
|
375
|
-
cakey = nil
|
376
|
-
if @config[:password]
|
377
|
-
begin
|
378
|
-
cakey = OpenSSL::PKey::RSA.new(
|
379
|
-
File.read(@config[:cakey]), @config[:password]
|
380
|
-
)
|
381
|
-
rescue
|
382
|
-
raise Puppet::Error,
|
383
|
-
"Decrypt of CA private key with password stored in @config[:capass] not possible"
|
384
|
-
end
|
385
|
-
else
|
386
|
-
cakey = OpenSSL::PKey::RSA.new(
|
387
|
-
File.read(@config[:cakey])
|
388
|
-
)
|
389
|
-
end
|
390
|
-
|
391
|
-
unless @cert.check_private_key(cakey)
|
392
|
-
raise Puppet::Error, "CA Certificate is invalid"
|
393
|
-
end
|
376
|
+
raise Puppet::Error, "CA Certificate is invalid" unless @cert.check_private_key(cakey)
|
394
377
|
|
395
|
-
|
396
|
-
|
378
|
+
signable.sign(cakey, digest)
|
379
|
+
end
|
397
380
|
end
|
398
381
|
|