RubyGems - puppet - Versions diffs - 2.6.18 → 2.7.1 - Mend

puppet 2.6.18 → 2.7.1

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (1050) hide show

data/CHANGELOG +733 -187
data/LICENSE +13 -13
data/README.md +5 -9
data/Rakefile +1 -1
data/conf/auth.conf +8 -3
data/conf/redhat/puppet.spec +21 -110
data/conf/solaris/pkginfo +3 -4
data/conf/suse/puppet.spec +1 -1
data/ext/cert_inspector +140 -0
data/ext/nagios/naggen +12 -5
data/ext/puppet-test +11 -5
data/ext/vim/README +1 -2
data/ext/yaml_nodes.rb +11 -5
data/install.rb +1 -54
data/lib/puppet.rb +6 -10
data/lib/puppet/application.rb +23 -32
data/lib/puppet/application/agent.rb +228 -7
data/lib/puppet/application/apply.rb +108 -36
data/lib/puppet/application/catalog.rb +4 -0
data/lib/puppet/application/cert.rb +128 -17
data/lib/puppet/application/certificate.rb +18 -0
data/lib/puppet/application/certificate_request.rb +4 -0
data/lib/puppet/application/certificate_revocation_list.rb +4 -0
data/lib/puppet/application/config.rb +4 -0
data/lib/puppet/application/describe.rb +53 -0
data/lib/puppet/application/device.rb +255 -0
data/lib/puppet/application/doc.rb +92 -6
data/lib/puppet/application/face_base.rb +246 -0
data/lib/puppet/application/facts.rb +4 -0
data/lib/puppet/application/file.rb +4 -0
data/lib/puppet/application/filebucket.rb +102 -0
data/lib/puppet/application/help.rb +4 -0
data/lib/puppet/application/indirection_base.rb +4 -0
data/lib/puppet/application/inspect.rb +21 -23
data/lib/puppet/application/key.rb +4 -0
data/lib/puppet/application/kick.rb +131 -4
data/lib/puppet/application/man.rb +4 -0
data/lib/puppet/application/master.rb +108 -40
data/lib/puppet/application/node.rb +4 -0
data/lib/puppet/application/parser.rb +5 -0
data/lib/puppet/application/plugin.rb +3 -0
data/lib/puppet/application/queue.rb +75 -13
data/lib/puppet/application/report.rb +4 -0
data/lib/puppet/application/resource.rb +115 -23
data/lib/puppet/application/resource_type.rb +4 -0
data/lib/puppet/application/secret_agent.rb +6 -0
data/lib/puppet/application/status.rb +4 -0
data/lib/puppet/configurer.rb +57 -61
data/lib/puppet/configurer/fact_handler.rb +1 -6
data/lib/puppet/daemon.rb +2 -2
data/lib/puppet/defaults.rb +30 -88
data/lib/puppet/dsl/resource_type_api.rb +19 -31
data/lib/puppet/external/nagios/parser.rb +1 -1
data/lib/puppet/face.rb +12 -0
data/lib/puppet/face/catalog.rb +130 -0
data/lib/puppet/face/catalog/select.rb +49 -0
data/lib/puppet/face/certificate.rb +115 -0
data/lib/puppet/face/certificate_request.rb +55 -0
data/lib/puppet/face/certificate_revocation_list.rb +60 -0
data/lib/puppet/face/config.rb +45 -0
data/lib/puppet/face/facts.rb +81 -0
data/lib/puppet/face/file.rb +47 -0
data/lib/puppet/face/file/download.rb +54 -0
data/lib/puppet/face/file/store.rb +21 -0
data/lib/puppet/face/help.rb +131 -0
data/lib/puppet/face/help/action.erb +53 -0
data/lib/puppet/face/help/face.erb +79 -0
data/lib/puppet/face/help/global.erb +19 -0
data/lib/puppet/face/help/man.erb +136 -0
data/lib/puppet/face/key.rb +15 -0
data/lib/puppet/face/man.rb +93 -0
data/lib/puppet/face/node.rb +43 -0
data/lib/puppet/face/parser.rb +42 -0
data/lib/puppet/face/plugin.rb +55 -0
data/lib/puppet/face/report.rb +56 -0
data/lib/puppet/face/resource.rb +53 -0
data/lib/puppet/face/resource_type.rb +81 -0
data/lib/puppet/face/secret_agent.rb +54 -0
data/lib/puppet/face/status.rb +52 -0
data/lib/puppet/feature/ssh.rb +4 -0
data/lib/puppet/file_bucket/dipper.rb +3 -3
data/lib/puppet/file_bucket/file.rb +6 -5
data/lib/puppet/file_bucket/file/indirection_hooks.rb +9 -0
data/lib/puppet/file_serving/configuration.rb +1 -2
data/lib/puppet/file_serving/content.rb +2 -1
data/lib/puppet/file_serving/{terminus_selector.rb → indirection_hooks.rb} +3 -2
data/lib/puppet/file_serving/metadata.rb +2 -1
data/lib/puppet/file_serving/mount/modules.rb +5 -4
data/lib/puppet/indirector.rb +16 -43
data/lib/puppet/indirector/catalog/active_record.rb +1 -1
data/lib/puppet/indirector/catalog/compiler.rb +5 -15
data/lib/puppet/indirector/catalog/static_compiler.rb +137 -0
data/lib/puppet/indirector/certificate_request/ca.rb +8 -0
data/lib/puppet/indirector/certificate_status.rb +4 -0
data/lib/puppet/indirector/certificate_status/file.rb +82 -0
data/lib/puppet/indirector/certificate_status/rest.rb +10 -0
data/lib/puppet/indirector/couch.rb +5 -3
data/lib/puppet/indirector/exec.rb +3 -3
data/lib/puppet/indirector/face.rb +127 -0
data/lib/puppet/indirector/facts/network_device.rb +25 -0
data/lib/puppet/indirector/file.rb +79 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +0 -4
data/lib/puppet/indirector/indirection.rb +1 -2
data/lib/puppet/indirector/inventory/yaml.rb +81 -0
data/lib/puppet/indirector/report/processor.rb +0 -2
data/lib/puppet/indirector/request.rb +0 -4
data/lib/puppet/indirector/resource/ral.rb +0 -4
data/lib/puppet/indirector/resource_type/parser.rb +19 -3
data/lib/puppet/indirector/rest.rb +11 -5
data/lib/puppet/indirector/run/local.rb +0 -4
data/lib/puppet/indirector/ssl_file.rb +1 -5
data/lib/puppet/indirector/terminus.rb +3 -26
data/lib/puppet/indirector/yaml.rb +0 -5
data/lib/puppet/interface.rb +156 -0
data/lib/puppet/interface/action.rb +284 -0
data/lib/puppet/interface/action_builder.rb +74 -0
data/lib/puppet/interface/action_manager.rb +70 -0
data/lib/puppet/interface/documentation.rb +230 -0
data/lib/puppet/interface/face_collection.rb +137 -0
data/lib/puppet/interface/option.rb +108 -0
data/lib/puppet/interface/option_builder.rb +54 -0
data/lib/puppet/interface/option_manager.rb +67 -0
data/lib/puppet/metatype/manager.rb +20 -7
data/lib/puppet/module.rb +1 -1
data/lib/puppet/network/client.rb +179 -0
data/lib/puppet/network/client/ca.rb +56 -0
data/lib/puppet/network/client/file.rb +6 -0
data/lib/puppet/network/client/proxy.rb +27 -0
data/lib/puppet/network/client/report.rb +26 -0
data/lib/puppet/network/client/runner.rb +10 -0
data/lib/puppet/network/client/status.rb +4 -0
data/lib/puppet/network/format.rb +1 -1
data/lib/puppet/network/formats.rb +63 -0
data/lib/puppet/network/handler/ca.rb +106 -16
data/lib/puppet/network/handler/filebucket.rb +2 -4
data/lib/puppet/network/handler/fileserver.rb +3 -2
data/lib/puppet/network/handler/master.rb +5 -3
data/lib/puppet/network/handler/report.rb +0 -2
data/lib/puppet/network/handler/runner.rb +0 -2
data/lib/puppet/network/handler/status.rb +0 -2
data/lib/puppet/network/http/api/v1.rb +11 -3
data/lib/puppet/network/http/handler.rb +26 -35
data/lib/puppet/network/http/rack/rest.rb +2 -7
data/lib/puppet/network/http/webrick.rb +1 -2
data/lib/puppet/network/http_pool.rb +8 -17
data/lib/puppet/network/http_server/mongrel.rb +1 -0
data/lib/puppet/network/http_server/webrick.rb +155 -0
data/lib/puppet/network/rest_authconfig.rb +4 -3
data/lib/puppet/network/rest_authorization.rb +2 -2
data/lib/puppet/network/rights.rb +4 -9
data/lib/puppet/network/server.rb +1 -1
data/lib/puppet/network/xmlrpc/client.rb +211 -0
data/lib/puppet/node.rb +2 -1
data/lib/puppet/node/environment.rb +30 -3
data/lib/puppet/node/facts.rb +15 -15
data/lib/puppet/node/inventory.rb +7 -0
data/lib/puppet/parser/ast.rb +6 -2
data/lib/puppet/parser/ast/astarray.rb +12 -23
data/lib/puppet/parser/ast/caseopt.rb +12 -24
data/lib/puppet/parser/ast/definition.rb +17 -0
data/lib/puppet/parser/ast/hostclass.rb +29 -0
data/lib/puppet/parser/ast/leaf.rb +2 -2
data/lib/puppet/parser/ast/node.rb +20 -0
data/lib/puppet/parser/ast/resource.rb +42 -50
data/lib/puppet/parser/ast/resource_instance.rb +9 -0
data/lib/puppet/parser/ast/resource_override.rb +2 -3
data/lib/puppet/parser/ast/resource_reference.rb +1 -1
data/lib/puppet/parser/ast/top_level_construct.rb +4 -0
data/lib/puppet/parser/ast/vardef.rb +1 -1
data/lib/puppet/parser/compiler.rb +16 -17
data/lib/puppet/parser/functions/create_resources.rb +47 -0
data/lib/puppet/parser/functions/extlookup.rb +2 -7
data/lib/puppet/parser/functions/fqdn_rand.rb +2 -2
data/lib/puppet/parser/functions/sha1.rb +1 -1
data/lib/puppet/parser/grammar.ra +67 -144
data/lib/puppet/parser/lexer.rb +1 -1
data/lib/puppet/parser/parser.rb +1190 -1262
data/lib/puppet/parser/parser_support.rb +48 -73
data/lib/puppet/parser/resource.rb +2 -19
data/lib/puppet/parser/scope.rb +33 -103
data/lib/puppet/parser/templatewrapper.rb +21 -22
data/lib/puppet/parser/type_loader.rb +60 -35
data/lib/puppet/provider/aixobject.rb +393 -0
data/lib/puppet/provider/augeas/augeas.rb +37 -15
data/lib/puppet/provider/cisco.rb +9 -0
data/lib/puppet/provider/cron/crontab.rb +1 -7
data/lib/puppet/provider/exec/posix.rb +3 -6
data/lib/puppet/provider/exec/shell.rb +2 -11
data/lib/puppet/provider/file/posix.rb +1 -1
data/lib/puppet/provider/file/win32.rb +1 -1
data/lib/puppet/provider/group/aix.rb +141 -0
data/lib/puppet/provider/group/directoryservice.rb +0 -14
data/lib/puppet/provider/host/parsed.rb +23 -55
data/lib/puppet/provider/interface/base.rb +0 -0
data/lib/puppet/provider/interface/cisco.rb +27 -0
data/lib/puppet/provider/mcx/mcxcontent.rb +57 -96
data/lib/puppet/provider/mount/parsed.rb +1 -1
data/lib/puppet/provider/naginator.rb +1 -9
data/lib/puppet/provider/nameservice/directoryservice.rb +41 -26
data/lib/puppet/provider/network_device.rb +68 -0
data/lib/puppet/provider/package/appdmg.rb +13 -13
data/lib/puppet/provider/package/aptitude.rb +0 -1
data/lib/puppet/provider/package/pip.rb +109 -0
data/lib/puppet/provider/package/pkgdmg.rb +24 -32
data/lib/puppet/provider/package/pkgutil.rb +175 -0
data/lib/puppet/provider/package/yum.rb +8 -1
data/lib/puppet/provider/service/daemontools.rb +1 -1
data/lib/puppet/provider/service/launchd.rb +1 -1
data/lib/puppet/provider/service/smf.rb +3 -3
data/lib/puppet/provider/service/upstart.rb +73 -0
data/lib/puppet/provider/ssh_authorized_key/parsed.rb +9 -10
data/lib/puppet/provider/user/aix.rb +353 -0
data/lib/puppet/provider/user/directoryservice.rb +0 -14
data/lib/puppet/provider/user/user_role_add.rb +17 -32
data/lib/puppet/provider/vlan/cisco.rb +28 -0
data/lib/puppet/provider/zfs/solaris.rb +1 -1
data/lib/puppet/provider/zone/solaris.rb +3 -0
data/lib/puppet/provider/zpool/solaris.rb +7 -5
data/lib/puppet/rails.rb +1 -1
data/lib/puppet/rails/benchmark.rb +1 -1
data/lib/puppet/rails/fact_name.rb +1 -0
data/lib/puppet/rails/host.rb +0 -7
data/lib/puppet/reference/configuration.rb +26 -101
data/lib/puppet/reports/store.rb +3 -7
data/lib/puppet/resource.rb +1 -1
data/lib/puppet/resource/catalog.rb +86 -36
data/lib/puppet/resource/type.rb +10 -15
data/lib/puppet/resource/type_collection.rb +55 -63
data/lib/puppet/simple_graph.rb +370 -269
data/lib/puppet/ssl/base.rb +0 -8
data/lib/puppet/ssl/certificate.rb +0 -6
data/lib/puppet/ssl/certificate_authority.rb +24 -109
data/lib/puppet/ssl/certificate_authority/interface.rb +19 -66
data/lib/puppet/ssl/certificate_factory.rb +91 -112
data/lib/puppet/ssl/certificate_request.rb +15 -98
data/lib/puppet/ssl/certificate_revocation_list.rb +1 -1
data/lib/puppet/ssl/host.rb +85 -51
data/lib/puppet/ssl/inventory.rb +1 -1
data/lib/puppet/sslcertificates.rb +146 -0
data/lib/puppet/sslcertificates/ca.rb +375 -0
data/lib/puppet/sslcertificates/certificate.rb +255 -0
data/lib/puppet/sslcertificates/inventory.rb +38 -0
data/lib/puppet/sslcertificates/support.rb +146 -0
data/lib/puppet/status.rb +1 -1
data/lib/puppet/transaction.rb +163 -94
data/lib/puppet/transaction/event.rb +1 -1
data/lib/puppet/transaction/event_manager.rb +19 -3
data/lib/puppet/transaction/report.rb +9 -3
data/lib/puppet/type.rb +107 -62
data/lib/puppet/type/augeas.rb +10 -14
data/lib/puppet/type/cron.rb +13 -14
data/lib/puppet/type/exec.rb +0 -9
data/lib/puppet/type/file.rb +20 -29
data/lib/puppet/type/file/ctime.rb +1 -1
data/lib/puppet/type/file/ensure.rb +1 -1
data/lib/puppet/type/file/group.rb +1 -1
data/lib/puppet/type/file/mode.rb +1 -1
data/lib/puppet/type/file/mtime.rb +1 -1
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/file/source.rb +3 -3
data/lib/puppet/type/file/type.rb +1 -1
data/lib/puppet/type/group.rb +36 -0
data/lib/puppet/type/host.rb +18 -43
data/lib/puppet/type/interface.rb +109 -0
data/lib/puppet/type/k5login.rb +1 -4
data/lib/puppet/type/macauthorization.rb +3 -3
data/lib/puppet/type/mcx.rb +2 -21
data/lib/puppet/type/router.rb +14 -0
data/lib/puppet/type/schedule.rb +2 -0
data/lib/puppet/type/service.rb +2 -0
data/lib/puppet/type/sshkey.rb +6 -1
data/lib/puppet/type/tidy.rb +12 -12
data/lib/puppet/type/user.rb +36 -9
data/lib/puppet/type/vlan.rb +26 -0
data/lib/puppet/type/whit.rb +13 -1
data/lib/puppet/type/zfs.rb +100 -8
data/lib/puppet/type/zone.rb +45 -1
data/lib/puppet/type/zpool.rb +1 -0
data/lib/puppet/util.rb +63 -91
data/lib/puppet/util/autoload.rb +16 -14
data/lib/puppet/util/classgen.rb +13 -1
data/lib/puppet/util/command_line.rb +109 -22
data/lib/puppet/util/log.rb +1 -0
data/lib/puppet/util/log/destinations.rb +16 -4
data/lib/puppet/util/logging.rb +11 -0
data/lib/puppet/util/monkey_patches.rb +7 -77
data/lib/puppet/util/network_device.rb +17 -0
data/lib/puppet/util/network_device/base.rb +27 -0
data/lib/puppet/util/network_device/cisco.rb +4 -0
data/lib/puppet/util/network_device/cisco/device.rb +256 -0
data/lib/puppet/util/network_device/cisco/facts.rb +72 -0
data/lib/puppet/util/network_device/cisco/interface.rb +82 -0
data/lib/puppet/util/network_device/config.rb +93 -0
data/lib/puppet/util/network_device/ipcalc.rb +68 -0
data/lib/puppet/util/network_device/transport.rb +3 -0
data/lib/puppet/util/network_device/transport/base.rb +26 -0
data/lib/puppet/util/network_device/transport/ssh.rb +121 -0
data/lib/puppet/util/network_device/transport/telnet.rb +42 -0
data/lib/puppet/util/rdoc.rb +4 -10
data/lib/puppet/util/rdoc/parser.rb +34 -23
data/lib/puppet/util/reference.rb +7 -8
data/lib/puppet/util/selinux.rb +2 -2
data/lib/puppet/util/settings.rb +1 -6
data/lib/puppet/util/settings/file_setting.rb +0 -1
data/lib/puppet/util/suidmanager.rb +30 -79
data/lib/puppet/util/zaml.rb +41 -40
data/man/man5/puppet.conf.5 +291 -873
data/man/man8/filebucket.8 +47 -71
data/man/man8/pi.8 +44 -10
data/man/man8/puppet-agent.8 +154 -0
data/man/man8/puppet-apply.8 +75 -0
data/man/man8/puppet-catalog.8 +286 -0
data/man/man8/puppet-cert.8 +97 -0
data/man/man8/puppet-certificate.8 +229 -0
data/man/man8/puppet-certificate_request.8 +168 -0
data/man/man8/puppet-certificate_revocation_list.8 +165 -0
data/man/man8/puppet-config.8 +80 -0
data/man/man8/puppet-describe.8 +51 -0
data/man/man8/puppet-device.8 +86 -0
data/man/man8/puppet-doc.8 +101 -0
data/man/man8/puppet-facts.8 +217 -0
data/man/man8/puppet-file.8 +225 -0
data/man/man8/puppet-filebucket.8 +81 -0
data/man/man8/puppet-help.8 +71 -0
data/man/man8/puppet-inspect.8 +28 -0
data/man/man8/puppet-key.8 +126 -0
data/man/man8/puppet-kick.8 +95 -0
data/man/man8/puppet-man.8 +74 -0
data/man/man8/puppet-master.8 +74 -0
data/man/man8/puppet-node.8 +171 -0
data/man/man8/puppet-parser.8 +71 -0
data/man/man8/puppet-plugin.8 +77 -0
data/man/man8/puppet-queue.8 +55 -0
data/man/man8/puppet-report.8 +187 -0
data/man/man8/puppet-resource.8 +84 -0
data/man/man8/puppet-resource_type.8 +214 -0
data/man/man8/puppet-secret_agent.8 +74 -0
data/man/man8/puppet-status.8 +150 -0
data/man/man8/puppet.8 +2 -2
data/man/man8/puppetca.8 +64 -136
data/man/man8/puppetd.8 +99 -228
data/man/man8/puppetdoc.8 +41 -48
data/man/man8/puppetmasterd.8 +54 -32
data/man/man8/puppetqd.8 +45 -10
data/man/man8/puppetrun.8 +56 -134
data/man/man8/ralsh.8 +48 -49
data/spec/fixtures/faulty_face/puppet/face/syntax.rb +8 -0
data/spec/fixtures/integration/provider/mailalias/aliases/test1 +28 -0
data/spec/fixtures/unit/parser/lexer/aliastest.pp +16 -0
data/spec/fixtures/unit/parser/lexer/append.pp +11 -0
data/spec/fixtures/unit/parser/lexer/argumentdefaults.pp +14 -0
data/spec/fixtures/unit/parser/lexer/arithmetic_expression.pp +8 -0
data/spec/fixtures/unit/parser/lexer/arraytrailingcomma.pp +3 -0
data/spec/fixtures/unit/parser/lexer/casestatement.pp +65 -0
data/spec/fixtures/unit/parser/lexer/classheirarchy.pp +15 -0
data/spec/fixtures/unit/parser/lexer/classincludes.pp +17 -0
data/spec/fixtures/unit/parser/lexer/classpathtest.pp +11 -0
data/spec/fixtures/unit/parser/lexer/collection.pp +10 -0
data/spec/fixtures/unit/parser/lexer/collection_override.pp +8 -0
data/spec/fixtures/unit/parser/lexer/collection_within_virtual_definitions.pp +20 -0
data/spec/fixtures/unit/parser/lexer/componentmetaparams.pp +11 -0
data/spec/fixtures/unit/parser/lexer/componentrequire.pp +8 -0
data/spec/fixtures/unit/parser/lexer/deepclassheirarchy.pp +23 -0
data/spec/fixtures/unit/parser/lexer/defineoverrides.pp +17 -0
data/spec/fixtures/unit/parser/lexer/emptyclass.pp +9 -0
data/spec/fixtures/unit/parser/lexer/emptyexec.pp +3 -0
data/spec/fixtures/unit/parser/lexer/emptyifelse.pp +9 -0
data/spec/fixtures/unit/parser/lexer/falsevalues.pp +3 -0
data/spec/fixtures/unit/parser/lexer/filecreate.pp +11 -0
data/spec/fixtures/unit/parser/lexer/fqdefinition.pp +5 -0
data/spec/fixtures/unit/parser/lexer/fqparents.pp +11 -0
data/spec/fixtures/unit/parser/lexer/funccomma.pp +5 -0
data/spec/fixtures/unit/parser/lexer/hash.pp +33 -0
data/spec/fixtures/unit/parser/lexer/ifexpression.pp +12 -0
data/spec/fixtures/unit/parser/lexer/implicititeration.pp +15 -0
data/spec/fixtures/unit/parser/lexer/multilinecomments.pp +10 -0
data/spec/fixtures/unit/parser/lexer/multipleclass.pp +9 -0
data/spec/fixtures/unit/parser/lexer/multipleinstances.pp +7 -0
data/spec/fixtures/unit/parser/lexer/multisubs.pp +13 -0
data/spec/fixtures/unit/parser/lexer/namevartest.pp +9 -0
data/spec/fixtures/unit/parser/lexer/scopetest.pp +13 -0
data/spec/fixtures/unit/parser/lexer/selectorvalues.pp +49 -0
data/spec/fixtures/unit/parser/lexer/simpledefaults.pp +5 -0
data/spec/fixtures/unit/parser/lexer/simpleselector.pp +38 -0
data/spec/fixtures/unit/parser/lexer/singleary.pp +19 -0
data/spec/fixtures/unit/parser/lexer/singlequote.pp +11 -0
data/spec/fixtures/unit/parser/lexer/singleselector.pp +22 -0
data/spec/fixtures/unit/parser/lexer/subclass_name_duplication.pp +11 -0
data/spec/fixtures/unit/parser/lexer/tag.pp +9 -0
data/spec/fixtures/unit/parser/lexer/tagged.pp +35 -0
data/spec/fixtures/unit/parser/lexer/virtualresources.pp +14 -0
data/spec/fixtures/unit/provider/host/parsed/valid_hosts +19 -0
data/spec/fixtures/unit/provider/mount/parsed/aix.filesystems +144 -0
data/spec/fixtures/unit/provider/mount/parsed/aix.mount +7 -0
data/spec/fixtures/unit/provider/mount/parsed/darwin.mount +6 -0
data/spec/fixtures/unit/provider/mount/parsed/freebsd.fstab +8 -0
data/spec/fixtures/unit/provider/mount/parsed/freebsd.mount +3 -0
data/spec/fixtures/unit/provider/mount/parsed/hpux.mount +17 -0
data/spec/fixtures/unit/provider/mount/parsed/linux.fstab +11 -0
data/spec/fixtures/unit/provider/mount/parsed/linux.mount +5 -0
data/spec/fixtures/unit/provider/mount/parsed/netbsd.fstab +9 -0
data/spec/fixtures/unit/provider/mount/parsed/netbsd.mount +8 -0
data/spec/fixtures/unit/provider/mount/parsed/openbsd.fstab +4 -0
data/spec/fixtures/unit/provider/mount/parsed/openbsd.mount +4 -0
data/spec/fixtures/unit/provider/mount/parsed/solaris.fstab +11 -0
data/spec/fixtures/unit/provider/mount/parsed/solaris.mount +6 -0
data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys +7 -0
data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys1 +3 -0
data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys2 +1 -0
data/spec/fixtures/unit/reports/tagmail/tagmail_failers.conf +3 -0
data/spec/fixtures/unit/reports/tagmail/tagmail_passers.conf +30 -0
data/spec/fixtures/unit/util/rdoc/basic.pp +16 -0
data/spec/integration/application/apply_spec.rb +2 -5
data/spec/integration/application/doc_spec.rb +5 -6
data/spec/integration/configurer_spec.rb +10 -6
data/spec/integration/defaults_spec.rb +18 -52
data/spec/integration/faces/documentation_spec.rb +55 -0
data/spec/integration/file_serving/content_spec.rb +10 -3
data/spec/integration/file_serving/fileset_spec.rb +2 -3
data/spec/integration/file_serving/metadata_spec.rb +10 -3
data/spec/integration/file_serving/terminus_helper_spec.rb +2 -3
data/spec/integration/indirector/catalog/compiler_spec.rb +7 -12
data/spec/integration/indirector/catalog/queue_spec.rb +3 -4
data/spec/integration/indirector/direct_file_server_spec.rb +2 -2
data/spec/integration/indirector/file_content/file_server_spec.rb +7 -7
data/spec/integration/indirector/file_metadata/file_server_spec.rb +2 -2
data/spec/integration/indirector/node/ldap_spec.rb +3 -4
data/spec/integration/network/client_spec.rb +18 -0
data/spec/integration/network/formats_spec.rb +3 -4
data/spec/integration/network/handler_spec.rb +3 -4
data/spec/integration/network/server/mongrel_spec.rb +3 -4
data/spec/integration/network/server/webrick_spec.rb +4 -4
data/spec/integration/node/environment_spec.rb +2 -3
data/spec/integration/node/facts_spec.rb +6 -6
data/spec/integration/node_spec.rb +16 -16
data/spec/integration/parser/collector_spec.rb +3 -4
data/spec/integration/parser/compiler_spec.rb +43 -3
data/spec/integration/parser/functions/require_spec.rb +2 -3
data/spec/integration/parser/functions_spec.rb +3 -4
data/spec/integration/parser/parser_spec.rb +7 -6
data/spec/integration/parser/ruby_manifest_spec.rb +2 -3
data/spec/integration/provider/mailalias/aliases_spec.rb +5 -19
data/spec/integration/provider/mount_spec.rb +2 -2
data/spec/integration/provider/package_spec.rb +3 -4
data/spec/integration/provider/service/init_spec.rb +4 -6
data/spec/integration/reference/providers_spec.rb +2 -3
data/spec/integration/reports_spec.rb +2 -2
data/spec/integration/resource/catalog_spec.rb +6 -7
data/spec/integration/resource/type_collection_spec.rb +2 -3
data/spec/integration/ssl/certificate_authority_spec.rb +7 -7
data/spec/integration/ssl/certificate_request_spec.rb +7 -7
data/spec/integration/ssl/certificate_revocation_list_spec.rb +2 -2
data/spec/integration/ssl/host_spec.rb +4 -4
data/spec/integration/transaction/report_spec.rb +3 -3
data/spec/integration/transaction_spec.rb +61 -6
data/spec/integration/type/file_spec.rb +10 -8
data/spec/integration/type/package_spec.rb +2 -3
data/spec/integration/type/tidy_spec.rb +2 -3
data/spec/integration/type_spec.rb +2 -14
data/spec/integration/util/autoload_spec.rb +2 -3
data/spec/integration/util/feature_spec.rb +2 -3
data/spec/integration/util/file_locking_spec.rb +3 -4
data/spec/integration/util/rdoc/parser_spec.rb +3 -4
data/spec/integration/util/settings_spec.rb +2 -3
data/spec/lib/matchers/json.rb +111 -0
data/spec/lib/puppet/face/basetest.rb +46 -0
data/spec/lib/puppet/face/huzzah.rb +7 -0
data/spec/lib/puppet/face/version_matching.rb +12 -0
data/spec/lib/puppet_spec/files.rb +38 -5
data/spec/lib/puppet_spec/fixtures.rb +28 -0
data/spec/lib/puppet_spec/matchers.rb +87 -0
data/spec/lib/puppet_spec/verbose.rb +0 -0
data/spec/monkey_patches/alias_should_to_must.rb +0 -0
data/spec/monkey_patches/publicize_methods.rb +0 -0
data/spec/shared_behaviours/all_parsedfile_providers.rb +21 -0
data/spec/shared_behaviours/an_indirector_face.rb +6 -0
data/spec/shared_behaviours/documentation_on_faces.rb +263 -0
data/spec/shared_behaviours/file_server_terminus.rb +1 -1
data/spec/shared_behaviours/file_serving.rb +61 -70
data/spec/shared_behaviours/memory_terminus.rb +0 -0
data/spec/shared_behaviours/path_parameters.rb +0 -0
data/spec/shared_behaviours/things_that_declare_options.rb +150 -0
data/spec/spec.opts +0 -2
data/spec/spec_helper.rb +33 -75
data/spec/unit/agent/locker_spec.rb +2 -3
data/spec/unit/agent_spec.rb +2 -2
data/spec/unit/application/agent_spec.rb +51 -76
data/spec/unit/application/apply_spec.rb +86 -150
data/spec/unit/application/cert_spec.rb +8 -30
data/spec/unit/application/certificate_spec.rb +20 -0
data/spec/unit/application/config_spec.rb +9 -0
data/spec/unit/application/describe_spec.rb +2 -3
data/spec/unit/application/device_spec.rb +342 -0
data/spec/unit/application/doc_spec.rb +11 -18
data/spec/unit/application/face_base_spec.rb +360 -0
data/spec/unit/application/facts_spec.rb +27 -0
data/spec/unit/application/filebucket_spec.rb +7 -18
data/spec/unit/application/indirection_base_spec.rb +42 -0
data/spec/unit/application/inspect_spec.rb +7 -13
data/spec/unit/application/kick_spec.rb +15 -38
data/spec/unit/application/master_spec.rb +25 -81
data/spec/unit/application/queue_spec.rb +12 -22
data/spec/unit/application/resource_spec.rb +19 -53
data/spec/unit/application/secret_agent_spec.rb +32 -0
data/spec/unit/application_spec.rb +65 -34
data/spec/unit/configurer/downloader_spec.rb +2 -3
data/spec/unit/configurer/fact_handler_spec.rb +39 -46
data/spec/unit/configurer/plugin_handler_spec.rb +2 -3
data/spec/unit/configurer_spec.rb +329 -411
data/spec/unit/daemon_spec.rb +7 -14
data/spec/unit/dsl/resource_api_spec.rb +2 -3
data/spec/unit/dsl/resource_type_api_spec.rb +24 -37
data/spec/unit/face/catalog_spec.rb +7 -0
data/spec/unit/face/certificate_request_spec.rb +7 -0
data/spec/unit/face/certificate_revocation_list_spec.rb +7 -0
data/spec/unit/face/certificate_spec.rb +23 -0
data/spec/unit/face/config_spec.rb +24 -0
data/spec/unit/face/facts_spec.rb +23 -0
data/spec/unit/face/file_spec.rb +12 -0
data/spec/unit/face/help_spec.rb +129 -0
data/spec/unit/face/key_spec.rb +7 -0
data/spec/unit/face/node_spec.rb +7 -0
data/spec/unit/face/plugin_spec.rb +10 -0
data/spec/unit/face/report_spec.rb +7 -0
data/spec/unit/face/resource_spec.rb +7 -0
data/spec/unit/face/resource_type_spec.rb +7 -0
data/spec/unit/face/secret_agent_spec.rb +25 -0
data/spec/unit/face_spec.rb +1 -0
data/spec/unit/file_bucket/dipper_spec.rb +7 -8
data/spec/unit/file_bucket/file_spec.rb +7 -16
data/spec/unit/file_collection/lookup_spec.rb +2 -3
data/spec/unit/file_collection_spec.rb +2 -3
data/spec/unit/file_serving/base_spec.rb +2 -3
data/spec/unit/file_serving/configuration/parser_spec.rb +2 -3
data/spec/unit/file_serving/configuration_spec.rb +31 -40
data/spec/unit/file_serving/content_spec.rb +6 -3
data/spec/unit/file_serving/fileset_spec.rb +2 -3
data/spec/unit/file_serving/{terminus_selector_spec.rb → indirection_hooks_spec.rb} +14 -13
data/spec/unit/file_serving/metadata_spec.rb +6 -3
data/spec/unit/file_serving/mount/file_spec.rb +2 -3
data/spec/unit/file_serving/mount/modules_spec.rb +2 -11
data/spec/unit/file_serving/mount/plugins_spec.rb +2 -3
data/spec/unit/file_serving/mount_spec.rb +2 -3
data/spec/unit/file_serving/terminus_helper_spec.rb +2 -2
data/spec/unit/indirector/active_record_spec.rb +5 -7
data/spec/unit/indirector/catalog/active_record_spec.rb +2 -3
data/spec/unit/indirector/catalog/compiler_spec.rb +30 -50
data/spec/unit/indirector/catalog/queue_spec.rb +2 -3
data/spec/unit/indirector/catalog/rest_spec.rb +2 -3
data/spec/unit/indirector/catalog/yaml_spec.rb +2 -3
data/spec/unit/indirector/certificate/ca_spec.rb +2 -2
data/spec/unit/indirector/certificate/file_spec.rb +2 -2
data/spec/unit/indirector/certificate/rest_spec.rb +2 -3
data/spec/unit/indirector/certificate_request/ca_spec.rb +47 -2
data/spec/unit/indirector/certificate_request/file_spec.rb +2 -2
data/spec/unit/indirector/certificate_request/rest_spec.rb +2 -3
data/spec/unit/indirector/certificate_revocation_list/ca_spec.rb +2 -2
data/spec/unit/indirector/certificate_revocation_list/file_spec.rb +2 -2
data/spec/unit/indirector/certificate_revocation_list/rest_spec.rb +2 -3
data/spec/unit/indirector/certificate_status/file_spec.rb +187 -0
data/spec/unit/indirector/certificate_status/rest_spec.rb +14 -0
data/spec/unit/indirector/code_spec.rb +6 -8
data/spec/unit/indirector/direct_file_server_spec.rb +6 -7
data/spec/unit/indirector/envelope_spec.rb +2 -3
data/spec/unit/indirector/exec_spec.rb +12 -13
data/spec/unit/indirector/face_spec.rb +68 -0
data/spec/unit/indirector/facts/active_record_spec.rb +2 -3
data/spec/unit/indirector/facts/couch_spec.rb +71 -66
data/spec/unit/indirector/facts/facter_spec.rb +2 -2
data/spec/unit/indirector/facts/inventory_active_record_spec.rb +20 -20
data/spec/unit/indirector/facts/network_device_spec.rb +89 -0
data/spec/unit/indirector/facts/rest_spec.rb +2 -3
data/spec/unit/indirector/facts/yaml_spec.rb +2 -3
data/spec/unit/indirector/file_bucket_file/file_spec.rb +17 -18
data/spec/unit/indirector/file_bucket_file/rest_spec.rb +2 -3
data/spec/unit/indirector/file_content/file_server_spec.rb +2 -2
data/spec/unit/indirector/file_content/file_spec.rb +2 -2
data/spec/unit/indirector/file_content/rest_spec.rb +2 -3
data/spec/unit/indirector/file_metadata/file_server_spec.rb +2 -2
data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
data/spec/unit/indirector/file_metadata/rest_spec.rb +2 -3
data/spec/unit/indirector/file_server_spec.rb +8 -7
data/spec/unit/indirector/file_spec.rb +179 -0
data/spec/unit/indirector/indirection_spec.rb +3 -24
data/spec/unit/indirector/inventory/yaml_spec.rb +220 -0
data/spec/unit/indirector/key/ca_spec.rb +2 -2
data/spec/unit/indirector/key/file_spec.rb +2 -2
data/spec/unit/indirector/ldap_spec.rb +6 -8
data/spec/unit/indirector/memory_spec.rb +5 -7
data/spec/unit/indirector/node/active_record_spec.rb +2 -3
data/spec/unit/indirector/node/exec_spec.rb +3 -4
data/spec/unit/indirector/node/ldap_spec.rb +3 -4
data/spec/unit/indirector/node/memory_spec.rb +2 -3
data/spec/unit/indirector/node/plain_spec.rb +2 -3
data/spec/unit/indirector/node/rest_spec.rb +2 -3
data/spec/unit/indirector/node/yaml_spec.rb +2 -3
data/spec/unit/indirector/plain_spec.rb +5 -7
data/spec/unit/indirector/queue_spec.rb +11 -14
data/spec/unit/indirector/report/processor_spec.rb +7 -9
data/spec/unit/indirector/report/rest_spec.rb +2 -3
data/spec/unit/indirector/report/yaml_spec.rb +3 -4
data/spec/unit/indirector/request_spec.rb +3 -25
data/spec/unit/indirector/resource/ral_spec.rb +3 -4
data/spec/unit/indirector/resource/rest_spec.rb +2 -3
data/spec/unit/indirector/resource_type/parser_spec.rb +87 -13
data/spec/unit/indirector/resource_type/rest_spec.rb +2 -3
data/spec/unit/indirector/rest_spec.rb +45 -16
data/spec/unit/indirector/run/local_spec.rb +2 -3
data/spec/unit/indirector/run/rest_spec.rb +2 -3
data/spec/unit/indirector/ssl_file_spec.rb +9 -27
data/spec/unit/indirector/status/rest_spec.rb +2 -3
data/spec/unit/indirector/terminus_spec.rb +180 -187
data/spec/unit/indirector/yaml_spec.rb +9 -23
data/spec/unit/indirector_spec.rb +61 -79
data/spec/unit/interface/action_builder_spec.rb +214 -0
data/spec/unit/interface/action_manager_spec.rb +282 -0
data/spec/unit/interface/action_spec.rb +545 -0
data/spec/unit/interface/documentation_spec.rb +34 -0
data/spec/unit/interface/face_collection_spec.rb +180 -0
data/spec/unit/interface/option_builder_spec.rb +77 -0
data/spec/unit/interface/option_spec.rb +100 -0
data/spec/unit/interface_spec.rb +228 -0
data/spec/unit/module_spec.rb +34 -10
data/spec/unit/network/authconfig_spec.rb +3 -4
data/spec/unit/network/authstore_spec.rb +3 -4
data/spec/unit/network/client_spec.rb +45 -0
data/spec/unit/network/format_handler_spec.rb +2 -3
data/spec/unit/network/format_spec.rb +2 -3
data/spec/unit/network/formats_spec.rb +107 -3
data/spec/unit/network/handler/fileserver_spec.rb +3 -4
data/spec/unit/network/http/api/v1_spec.rb +61 -27
data/spec/unit/network/http/compression_spec.rb +2 -3
data/spec/unit/network/http/handler_spec.rb +78 -109
data/spec/unit/network/http/mongrel/rest_spec.rb +3 -4
data/spec/unit/network/http/mongrel_spec.rb +6 -6
data/spec/unit/network/http/rack/rest_spec.rb +2 -20
data/spec/unit/network/http/rack/xmlrpc_spec.rb +2 -3
data/spec/unit/network/http/rack_spec.rb +2 -3
data/spec/unit/network/http/webrick/rest_spec.rb +3 -4
data/spec/unit/network/http/webrick_spec.rb +4 -8
data/spec/unit/network/http_pool_spec.rb +82 -95
data/spec/unit/network/http_spec.rb +2 -2
data/spec/unit/network/rest_authconfig_spec.rb +9 -42
data/spec/unit/network/rights_spec.rb +6 -7
data/spec/unit/network/server_spec.rb +2 -2
data/spec/unit/network/xmlrpc/client_spec.rb +172 -0
data/spec/unit/node/environment_spec.rb +63 -7
data/spec/unit/node/facts_spec.rb +9 -13
data/spec/unit/node_spec.rb +5 -13
data/spec/unit/other/selinux_spec.rb +2 -3
data/spec/unit/other/transbucket_spec.rb +2 -3
data/spec/unit/other/transobject_spec.rb +2 -3
data/spec/unit/parameter/path_spec.rb +2 -2
data/spec/unit/parameter/value_collection_spec.rb +2 -3
data/spec/unit/parameter/value_spec.rb +2 -3
data/spec/unit/parameter_spec.rb +2 -3
data/spec/unit/parser/ast/arithmetic_operator_spec.rb +2 -13
data/spec/unit/parser/ast/astarray_spec.rb +18 -36
data/spec/unit/parser/ast/asthash_spec.rb +4 -4
data/spec/unit/parser/ast/boolean_operator_spec.rb +2 -3
data/spec/unit/parser/ast/casestatement_spec.rb +17 -14
data/spec/unit/parser/ast/collection_spec.rb +2 -3
data/spec/unit/parser/ast/collexpr_spec.rb +2 -3
data/spec/unit/parser/ast/comparison_operator_spec.rb +4 -5
data/spec/unit/parser/ast/definition_spec.rb +21 -0
data/spec/unit/parser/ast/function_spec.rb +3 -4
data/spec/unit/parser/ast/hostclass_spec.rb +72 -0
data/spec/unit/parser/ast/ifstatement_spec.rb +2 -3
data/spec/unit/parser/ast/in_operator_spec.rb +2 -3
data/spec/unit/parser/ast/leaf_spec.rb +23 -19
data/spec/unit/parser/ast/match_operator_spec.rb +2 -3
data/spec/unit/parser/ast/minus_spec.rb +2 -3
data/spec/unit/parser/ast/node_spec.rb +30 -0
data/spec/unit/parser/ast/nop_spec.rb +2 -3
data/spec/unit/parser/ast/not_spec.rb +2 -3
data/spec/unit/parser/ast/relationship_spec.rb +2 -3
data/spec/unit/parser/ast/resource_defaults_spec.rb +2 -3
data/spec/unit/parser/ast/resource_override_spec.rb +2 -3
data/spec/unit/parser/ast/resource_reference_spec.rb +21 -8
data/spec/unit/parser/ast/resource_spec.rb +24 -13
data/spec/unit/parser/ast/selector_spec.rb +3 -4
data/spec/unit/parser/ast/vardef_spec.rb +15 -9
data/spec/unit/parser/ast_spec.rb +2 -3
data/spec/unit/parser/collector_spec.rb +2 -3
data/spec/unit/parser/compiler_spec.rb +62 -35
data/spec/unit/parser/files_spec.rb +2 -3
data/spec/unit/parser/functions/create_resources_spec.rb +137 -0
data/spec/unit/parser/functions/defined_spec.rb +5 -3
data/spec/unit/parser/functions/extlookup_spec.rb +10 -10
data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -13
data/spec/unit/parser/functions/generate_spec.rb +5 -3
data/spec/unit/parser/functions/include_spec.rb +5 -3
data/spec/unit/parser/functions/inline_template_spec.rb +6 -17
data/spec/unit/parser/functions/realize_spec.rb +5 -3
data/spec/unit/parser/functions/regsubst_spec.rb +5 -3
data/spec/unit/parser/functions/require_spec.rb +5 -3
data/spec/unit/parser/functions/shellquote_spec.rb +8 -6
data/spec/unit/parser/functions/split_spec.rb +5 -3
data/spec/unit/parser/functions/sprintf_spec.rb +5 -3
data/spec/unit/parser/functions/tag_spec.rb +5 -3
data/spec/unit/parser/functions/template_spec.rb +6 -21
data/spec/unit/parser/functions/versioncmp_spec.rb +5 -3
data/spec/unit/parser/functions_spec.rb +2 -3
data/spec/unit/parser/lexer_spec.rb +3 -7
data/spec/unit/parser/parser_spec.rb +71 -90
data/spec/unit/parser/relationship_spec.rb +2 -3
data/spec/unit/parser/resource_spec.rb +6 -65
data/spec/unit/parser/scope_spec.rb +28 -179
data/spec/unit/parser/templatewrapper_spec.rb +25 -43
data/spec/unit/parser/type_loader_spec.rb +120 -78
data/spec/unit/property/ensure_spec.rb +2 -3
data/spec/unit/property/keyvalue_spec.rb +4 -8
data/spec/unit/property/list_spec.rb +2 -3
data/spec/unit/property/ordered_list_spec.rb +2 -3
data/spec/unit/property_spec.rb +2 -3
data/spec/unit/provider/augeas/augeas_spec.rb +80 -3
data/spec/unit/provider/cisco_spec.rb +16 -0
data/spec/unit/provider/confine/exists_spec.rb +2 -3
data/spec/unit/provider/confine/false_spec.rb +2 -3
data/spec/unit/provider/confine/feature_spec.rb +2 -3
data/spec/unit/provider/confine/true_spec.rb +2 -3
data/spec/unit/provider/confine/variable_spec.rb +2 -3
data/spec/unit/provider/confine_collection_spec.rb +2 -3
data/spec/unit/provider/confine_spec.rb +2 -3
data/spec/unit/provider/confiner_spec.rb +2 -3
data/spec/unit/provider/exec/posix_spec.rb +2 -2
data/spec/unit/provider/exec/shell_spec.rb +2 -2
data/spec/unit/provider/group/groupadd_spec.rb +2 -3
data/spec/unit/provider/group/ldap_spec.rb +2 -2
data/spec/unit/provider/host/parsed_spec.rb +197 -0
data/spec/unit/provider/interface/cisco_spec.rb +58 -0
data/spec/unit/provider/ldap_spec.rb +2 -2
data/spec/unit/provider/macauthorization_spec.rb +2 -2
data/spec/unit/provider/mcx/mcxcontent_spec.rb +2 -21
data/spec/unit/provider/mount/parsed_spec.rb +61 -86
data/spec/unit/provider/mount_spec.rb +2 -3
data/spec/unit/provider/naginator_spec.rb +2 -3
data/spec/unit/provider/nameservice/directoryservice_spec.rb +2 -63
data/spec/unit/provider/network_device_spec.rb +153 -0
data/spec/unit/provider/package/aix_spec.rb +2 -3
data/spec/unit/provider/package/apt_spec.rb +2 -3
data/spec/unit/provider/package/dpkg_spec.rb +2 -3
data/spec/unit/provider/package/freebsd_spec.rb +2 -3
data/spec/unit/provider/package/gem_spec.rb +2 -3
data/spec/unit/provider/package/hpux_spec.rb +2 -3
data/spec/unit/provider/package/macports_spec.rb +2 -2
data/spec/unit/provider/package/nim_spec.rb +2 -3
data/spec/unit/provider/package/pip_spec.rb +180 -0
data/spec/unit/provider/package/pkg_spec.rb +2 -3
data/spec/unit/provider/package/pkgdmg_spec.rb +49 -56
data/spec/unit/provider/package/pkgutil_spec.rb +182 -0
data/spec/unit/provider/package/yum_spec.rb +66 -0
data/spec/unit/provider/package/zypper_spec.rb +2 -3
data/spec/unit/provider/parsedfile_spec.rb +2 -3
data/spec/unit/provider/selboolean_spec.rb +2 -3
data/spec/unit/provider/selmodule_spec.rb +2 -2
data/spec/unit/provider/service/daemontools_spec.rb +2 -2
data/spec/unit/provider/service/debian_spec.rb +2 -2
data/spec/unit/provider/service/freebsd_spec.rb +2 -3
data/spec/unit/provider/service/init_spec.rb +3 -3
data/spec/unit/provider/service/launchd_spec.rb +2 -2
data/spec/unit/provider/service/redhat_spec.rb +2 -2
data/spec/unit/provider/service/runit_spec.rb +2 -2
data/spec/unit/provider/service/smf_spec.rb +137 -0
data/spec/unit/provider/service/src_spec.rb +7 -7
data/spec/unit/provider/service/upstart.rb +48 -0
data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +28 -47
data/spec/unit/provider/sshkey/parsed_spec.rb +2 -3
data/spec/unit/provider/user/hpux_spec.rb +2 -3
data/spec/unit/provider/user/ldap_spec.rb +2 -2
data/spec/unit/provider/user/user_role_add_spec.rb +15 -53
data/spec/unit/provider/user/useradd_spec.rb +2 -3
data/spec/unit/provider/vlan/cisco_spec.rb +56 -0
data/spec/unit/provider/zfs/solaris_spec.rb +4 -4
data/spec/unit/provider/zone/solaris_spec.rb +2 -3
data/spec/unit/provider/zpool/solaris_spec.rb +33 -4
data/spec/unit/provider_spec.rb +2 -3
data/spec/unit/puppet/provider/README.markdown +4 -0
data/spec/unit/puppet/type/README.markdown +4 -0
data/spec/unit/puppet_spec.rb +2 -2
data/spec/unit/rails/host_spec.rb +2 -11
data/spec/unit/rails/param_value_spec.rb +2 -3
data/spec/unit/rails/resource_spec.rb +2 -3
data/spec/unit/rails_spec.rb +2 -3
data/spec/unit/relationship_spec.rb +2 -2
data/spec/unit/reports/http_spec.rb +2 -3
data/spec/unit/reports/rrdgraph_spec.rb +2 -3
data/spec/unit/reports/store_spec.rb +2 -17
data/spec/unit/reports/tagmail_spec.rb +4 -8
data/spec/unit/reports_spec.rb +2 -3
data/spec/unit/resource/catalog_spec.rb +15 -74
data/spec/unit/resource/status_spec.rb +3 -4
data/spec/unit/resource/type_collection_helper_spec.rb +2 -3
data/spec/unit/resource/type_collection_spec.rb +69 -81
data/spec/unit/resource/type_spec.rb +26 -44
data/spec/unit/resource_spec.rb +3 -4
data/spec/unit/run_spec.rb +2 -3
data/spec/unit/simple_graph_spec.rb +434 -80
data/spec/unit/ssl/base_spec.rb +3 -4
data/spec/unit/ssl/certificate_authority/interface_spec.rb +56 -96
data/spec/unit/ssl/certificate_authority_spec.rb +71 -246
data/spec/unit/ssl/certificate_factory_spec.rb +72 -93
data/spec/unit/ssl/certificate_request_spec.rb +11 -76
data/spec/unit/ssl/certificate_revocation_list_spec.rb +4 -5
data/spec/unit/ssl/certificate_spec.rb +2 -34
data/spec/unit/ssl/host_spec.rb +202 -207
data/spec/unit/ssl/inventory_spec.rb +4 -5
data/spec/unit/ssl/key_spec.rb +2 -3
data/spec/unit/sslcertificates/ca_spec.rb +110 -0
data/spec/unit/status_spec.rb +8 -5
data/spec/unit/transaction/event_manager_spec.rb +2 -3
data/spec/unit/transaction/event_spec.rb +7 -8
data/spec/unit/transaction/report_spec.rb +25 -14
data/spec/unit/transaction/resource_harness_spec.rb +2 -4
data/spec/unit/transaction_spec.rb +31 -28
data/spec/unit/transportable_spec.rb +0 -0
data/spec/unit/type/augeas_spec.rb +3 -4
data/spec/unit/type/component_spec.rb +2 -3
data/spec/unit/type/computer_spec.rb +2 -3
data/spec/unit/type/cron_spec.rb +12 -3
data/spec/unit/type/exec_spec.rb +2 -32
data/spec/unit/type/file/checksum_spec.rb +2 -3
data/spec/unit/type/file/content_spec.rb +2 -3
data/spec/unit/type/file/ctime.rb +2 -3
data/spec/unit/type/file/ensure_spec.rb +2 -3
data/spec/unit/type/file/group_spec.rb +2 -3
data/spec/unit/type/file/mtime.rb +2 -3
data/spec/unit/type/file/owner_spec.rb +2 -3
data/spec/unit/type/file/selinux_spec.rb +2 -3
data/spec/unit/type/file/source_spec.rb +9 -10
data/spec/unit/type/file/type.rb +2 -3
data/spec/unit/type/file_spec.rb +15 -30
data/spec/unit/type/filebucket_spec.rb +2 -3
data/spec/unit/type/group_spec.rb +4 -5
data/spec/unit/type/host_spec.rb +129 -0
data/spec/unit/type/interface_spec.rb +98 -0
data/spec/unit/type/macauthorization_spec.rb +2 -3
data/spec/unit/type/maillist_spec.rb +2 -3
data/spec/unit/type/mcx_spec.rb +2 -23
data/spec/unit/type/mount_spec.rb +41 -18
data/spec/unit/type/nagios_spec.rb +2 -3
data/spec/unit/type/noop_metaparam_spec.rb +2 -3
data/spec/unit/type/package_spec.rb +2 -3
data/spec/unit/type/resources_spec.rb +3 -4
data/spec/unit/type/schedule_spec.rb +19 -12
data/spec/unit/type/selboolean_spec.rb +2 -3
data/spec/unit/type/selmodule_spec.rb +2 -3
data/spec/unit/type/service_spec.rb +6 -3
data/spec/unit/type/ssh_authorized_key_spec.rb +2 -3
data/spec/unit/type/sshkey_spec.rb +70 -0
data/spec/unit/type/stage_spec.rb +2 -3
data/spec/unit/type/tidy_spec.rb +4 -4
data/spec/unit/type/user_spec.rb +2 -11
data/spec/unit/type/vlan_spec.rb +45 -0
data/spec/unit/type/whit_spec.rb +4 -5
data/spec/unit/type/zfs_spec.rb +2 -3
data/spec/unit/type/zone_spec.rb +22 -3
data/spec/unit/type/zpool_spec.rb +2 -3
data/spec/unit/type_spec.rb +2 -69
data/spec/unit/util/autoload/file_cache_spec.rb +2 -3
data/spec/unit/util/autoload_spec.rb +6 -7
data/spec/unit/util/backups_spec.rb +2 -3
data/spec/unit/util/cache_accumulator_spec.rb +2 -3
data/spec/unit/util/cacher_spec.rb +3 -4
data/spec/unit/util/checksums_spec.rb +2 -2
data/spec/unit/util/command_line_spec.rb +11 -8
data/spec/unit/util/constant_inflector_spec.rb +2 -2
data/spec/unit/util/errors_spec.rb +2 -3
data/spec/unit/util/execution_spec.rb +2 -3
data/spec/unit/util/execution_stub_spec.rb +2 -3
data/spec/unit/util/feature_spec.rb +2 -3
data/spec/unit/util/file_locking_spec.rb +4 -5
data/spec/unit/util/filetype_spec.rb +2 -3
data/spec/unit/util/inline_docs_spec.rb +2 -3
data/spec/unit/util/ldap/connection_spec.rb +2 -2
data/spec/unit/util/ldap/generator_spec.rb +2 -2
data/spec/unit/util/ldap/manager_spec.rb +2 -2
data/spec/unit/util/loadedfile_spec.rb +2 -3
data/spec/unit/util/log/destinations_spec.rb +2 -3
data/spec/unit/util/log_spec.rb +6 -7
data/spec/unit/util/logging_spec.rb +27 -3
data/spec/unit/util/metric_spec.rb +2 -3
data/spec/unit/util/monkey_patches_spec.rb +48 -10
data/spec/unit/util/nagios_maker_spec.rb +2 -2
data/spec/unit/util/network_device/cisco/device_spec.rb +408 -0
data/spec/unit/util/network_device/cisco/facts_spec.rb +63 -0
data/spec/unit/util/network_device/cisco/interface_spec.rb +89 -0
data/spec/unit/util/network_device/config_spec.rb +102 -0
data/spec/unit/util/network_device/ipcalc_spec.rb +63 -0
data/spec/unit/util/network_device/transport/base_spec.rb +42 -0
data/spec/unit/util/network_device/transport/ssh_spec.rb +219 -0
data/spec/unit/util/network_device/transport/telnet_spec.rb +76 -0
data/spec/unit/util/network_device_spec.rb +50 -0
data/spec/unit/util/package_spec.rb +2 -3
data/spec/unit/util/posix_spec.rb +2 -3
data/spec/unit/util/pson_spec.rb +3 -4
data/spec/unit/util/queue/stomp_spec.rb +4 -5
data/spec/unit/util/queue_spec.rb +2 -3
data/spec/unit/util/rdoc/parser_spec.rb +17 -12
data/spec/unit/util/rdoc_spec.rb +19 -58
data/spec/unit/util/reference_serializer_spec.rb +2 -3
data/spec/unit/util/resource_template_spec.rb +2 -3
data/spec/unit/util/run_mode_spec.rb +2 -3
data/spec/unit/util/selinux_spec.rb +4 -5
data/spec/unit/util/settings/file_setting_spec.rb +2 -7
data/spec/unit/util/settings_spec.rb +2 -24
data/spec/unit/util/storage_spec.rb +2 -3
data/spec/unit/util/tagging_spec.rb +2 -2
data/spec/unit/util/user_attr_spec.rb +2 -3
data/spec/unit/util/warnings_spec.rb +2 -3
data/spec/unit/util/zaml_spec.rb +23 -53
data/spec/watchr.rb +146 -0
data/tasks/rake/gem.rake +5 -4
data/tasks/rake/git_workflow.rake +62 -51
data/tasks/rake/manpages.rake +69 -0
data/test/certmgr/certmgr.rb +308 -0
data/test/certmgr/inventory.rb +69 -0
data/test/certmgr/support.rb +105 -0
data/test/data/providers/host/parsed/valid_hosts +19 -0
data/test/language/ast.rb +1 -1
data/test/language/ast/variable.rb +1 -1
data/test/language/functions.rb +8 -9
data/test/language/parser.rb +44 -52
data/test/language/scope.rb +13 -24
data/test/language/snippets.rb +11 -2
data/test/language/transportable.rb +1 -1
data/test/lib/puppettest.rb +2 -2
data/test/lib/puppettest/exetest.rb +1 -1
data/test/lib/puppettest/parsertesting.rb +5 -8
data/test/lib/puppettest/servertest.rb +1 -0
data/test/lib/puppettest/support/assertions.rb +6 -1
data/test/lib/puppettest/support/utils.rb +0 -19
data/test/network/authconfig.rb +1 -1
data/test/network/authorization.rb +1 -1
data/test/network/authstore.rb +1 -1
data/test/network/client/ca.rb +69 -0
data/test/network/client/dipper.rb +34 -0
data/test/network/client_request.rb +1 -1
data/test/network/handler/ca.rb +273 -0
data/test/network/handler/fileserver.rb +1 -1
data/test/network/handler/master.rb +13 -9
data/test/network/handler/report.rb +1 -1
data/test/network/handler/runner.rb +1 -1
data/test/network/rights.rb +1 -1
data/test/network/server/mongrel_test.rb +99 -0
data/test/network/server/webrick.rb +128 -0
data/test/network/xmlrpc/client.rb +45 -0
data/test/network/xmlrpc/processor.rb +1 -1
data/test/network/xmlrpc/server.rb +1 -1
data/test/network/xmlrpc/webrick_servlet.rb +1 -1
data/test/other/provider.rb +1 -1
data/test/other/puppet.rb +1 -1
data/test/other/relationships.rb +11 -18
data/test/other/report.rb +1 -1
data/test/other/transactions.rb +2 -35
data/test/puppet/defaults.rb +1 -1
data/test/puppet/errortest.rb +1 -1
data/test/puppet/tc_suidmanager.rb +120 -0
data/test/rails/rails.rb +2 -1
data/test/rails/railsparameter.rb +2 -2
data/test/ral/manager/attributes.rb +1 -1
data/test/ral/manager/instances.rb +1 -1
data/test/ral/manager/manager.rb +1 -1
data/test/ral/manager/provider.rb +1 -1
data/test/ral/manager/type.rb +1 -1
data/test/ral/providers/cron/crontab.rb +1 -1
data/test/ral/providers/group.rb +1 -1
data/test/ral/providers/host/parsed.rb +1 -203
data/test/ral/providers/mailalias/aliases.rb +1 -1
data/test/ral/providers/nameservice.rb +1 -1
data/test/ral/providers/package.rb +1 -1
data/test/ral/providers/package/aptitude.rb +1 -1
data/test/ral/providers/package/aptrpm.rb +1 -1
data/test/ral/providers/parsedfile.rb +1 -1
data/test/ral/providers/port/parsed.rb +1 -1
data/test/ral/providers/provider.rb +1 -1
data/test/ral/providers/service/base.rb +1 -1
data/test/ral/providers/sshkey/parsed.rb +1 -1
data/test/ral/providers/user.rb +1 -1
data/test/ral/providers/user/useradd.rb +1 -1
data/test/ral/type/cron.rb +1 -1
data/test/ral/type/exec.rb +1 -42
data/test/ral/type/file.rb +1 -1
data/test/ral/type/file/target.rb +6 -19
data/test/ral/type/fileignoresource.rb +1 -1
data/test/ral/type/filesources.rb +61 -1
data/test/ral/type/host.rb +1 -1
data/test/ral/type/mailalias.rb +1 -1
data/test/ral/type/port.rb +1 -1
data/test/ral/type/resources.rb +1 -1
data/test/ral/type/service.rb +1 -1
data/test/ral/type/sshkey.rb +1 -1
data/test/ral/type/user.rb +1 -1
data/test/ral/type/yumrepo.rb +1 -1
data/test/ral/type/zone.rb +1 -1
data/test/test +2 -2
data/test/util/classgen.rb +1 -1
data/test/util/execution.rb +1 -1
data/test/util/fileparsing.rb +1 -1
data/test/util/inifile.rb +1 -1
data/test/util/instance_loader.rb +1 -1
data/test/util/log.rb +1 -1
data/test/util/metrics.rb +1 -1
data/test/util/package.rb +1 -1
data/test/util/pidlock.rb +1 -1
data/test/util/settings.rb +1 -1
data/test/util/storage.rb +1 -1
data/test/util/subclass_loader.rb +1 -1
data/test/util/utiltest.rb +1 -1
metadata +312 -48
data/CHANGELOG.old +0 -1705
data/CONTRIBUTING.md +0 -299
data/COPYING +0 -340
data/README.queueing +0 -126
data/ext/upload_facts.rb +0 -120
data/ext/vim/ftplugin/puppet.vim +0 -94
data/ext/vim/indent/puppet.vim +0 -76
data/lib/puppet/indirector/errors.rb +0 -5
data/lib/puppet/indirector/facts/inventory_service.rb +0 -20
data/lib/puppet/indirector/file_bucket_file/selector.rb +0 -53
data/lib/puppet/indirector/file_content/selector.rb +0 -30
data/lib/puppet/indirector/file_metadata/selector.rb +0 -30
data/lib/puppet/indirector/resource/validator.rb +0 -8
data/lib/puppet/util/command_line/filebucket +0 -97
data/lib/puppet/util/command_line/pi +0 -48
data/lib/puppet/util/command_line/puppet +0 -73
data/lib/puppet/util/command_line/puppetca +0 -131
data/lib/puppet/util/command_line/puppetd +0 -188
data/lib/puppet/util/command_line/puppetdoc +0 -67
data/lib/puppet/util/command_line/puppetmasterd +0 -70
data/lib/puppet/util/command_line/puppetqd +0 -53
data/lib/puppet/util/command_line/puppetrun +0 -125
data/lib/puppet/util/command_line/ralsh +0 -89
data/spec/integration/file_bucket/file_spec.rb +0 -44
data/spec/integration/indirector/bucket_file/rest_spec.rb +0 -77
data/spec/integration/indirector/certificate/rest_spec.rb +0 -69
data/spec/integration/indirector/certificate_request/rest_spec.rb +0 -89
data/spec/integration/indirector/certificate_revocation_list/rest_spec.rb +0 -85
data/spec/integration/indirector/report/rest_spec.rb +0 -93
data/spec/shared_behaviours/file_serving_model.rb +0 -73
data/spec/unit/indirector/facts/inventory_service_spec.rb +0 -22
data/spec/unit/indirector/file_bucket_file/selector_spec.rb +0 -29
data/spec/unit/indirector/file_content/selector_spec.rb +0 -10
data/spec/unit/indirector/file_metadata/selector_spec.rb +0 -11
data/spec/unit/network/handler/ca_spec.rb +0 -87
data/spec/unit/network/rest_authorization_spec.rb +0 -43
data/spec/unit/provider/package/appdmg_spec.rb +0 -42
data/spec/unit/type/k5login_spec.rb +0 -115
data/spec/unit/util/suidmanager_spec.rb +0 -220
data/spec/unit/util_spec.rb +0 -104

data/lib/puppet/sslcertificates/ca.rb ADDED

@@ -0,0 +1,375 @@
+require 'sync'
+class Puppet::SSLCertificates::CA
+  include Puppet::Util::Warnings
+  Certificate = Puppet::SSLCertificates::Certificate
+  attr_accessor :keyfile, :file, :config, :dir, :cert, :crl
+  def certfile
+    @config[:cacert]
+  end
+  # Remove all traces of a given host.  This is kind of hackish, but, eh.
+  def clean(host)
+    host = host.downcase
+    [:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir].each do |name|
+      dir = Puppet[name]
+      file = File.join(dir, host + ".pem")
+      if FileTest.exists?(file)
+        begin
+          if Puppet[:name] == "cert"
+            puts "Removing #{file}"
+          else
+            Puppet.info "Removing #{file}"
+          end
+          File.unlink(file)
+        rescue => detail
+          raise Puppet::Error, "Could not delete #{file}: #{detail}"
+        end
+      end
+    end
+  end
+  def host2csrfile(hostname)
+    File.join(Puppet[:csrdir], [hostname.downcase, "pem"].join("."))
+  end
+  # this stores signed certs in a directory unrelated to
+  # normal client certs
+  def host2certfile(hostname)
+    File.join(Puppet[:signeddir], [hostname.downcase, "pem"].join("."))
+  end
+  # Turn our hostname into a Name object
+  def thing2name(thing)
+    thing.subject.to_a.find { |ary|
+      ary[0] == "CN"
+    }[1]
+  end
+  def initialize(hash = {})
+    Puppet.settings.use(:main, :ca, :ssl)
+    self.setconfig(hash)
+    if Puppet[:capass]
+      if FileTest.exists?(Puppet[:capass])
+        #puts "Reading #{Puppet[:capass]}"
+        #system "ls -al #{Puppet[:capass]}"
+        #File.read Puppet[:capass]
+        @config[:password] = self.getpass
+      else
+        # Don't create a password if the cert already exists
+        @config[:password] = self.genpass unless FileTest.exists?(@config[:cacert])
+      end
+    end
+    self.getcert
+    init_crl
+    unless FileTest.exists?(@config[:serial])
+      Puppet.settings.write(:serial) do |f|
+        f << "%04X" % 1
+      end
+    end
+  end
+  # Generate a new password for the CA.
+  def genpass
+    pass = ""
+    20.times { pass += (rand(74) + 48).chr }
+    begin
+      Puppet.settings.write(:capass) { |f| f.print pass }
+    rescue Errno::EACCES => detail
+      raise Puppet::Error, detail.to_s
+    end
+    pass
+  end
+  # Get the CA password.
+  def getpass
+    if @config[:capass] and File.readable?(@config[:capass])
+      return File.read(@config[:capass])
+    else
+      raise Puppet::Error, "Could not decrypt CA key with password: #{detail}"
+    end
+  end
+  # Get the CA cert.
+  def getcert
+    if FileTest.exists?(@config[:cacert])
+      @cert = OpenSSL::X509::Certificate.new(
+        File.read(@config[:cacert])
+      )
+    else
+      self.mkrootcert
+    end
+  end
+  # Retrieve a client's CSR.
+  def getclientcsr(host)
+    csrfile = host2csrfile(host)
+    return nil unless File.exists?(csrfile)
+    OpenSSL::X509::Request.new(File.read(csrfile))
+  end
+  # Retrieve a client's certificate.
+  def getclientcert(host)
+    certfile = host2certfile(host)
+    return [nil, nil] unless File.exists?(certfile)
+    [OpenSSL::X509::Certificate.new(File.read(certfile)), @cert]
+  end
+  # List certificates waiting to be signed.  This returns a list of hostnames, not actual
+  # files -- the names can be converted to full paths with host2csrfile.
+  def list(dummy_argument=:work_arround_for_ruby_GC_bug)
+    return Dir.entries(Puppet[:csrdir]).find_all { |file|
+      file =~ /\.pem$/
+    }.collect { |file|
+      file.sub(/\.pem$/, '')
+    }
+  end
+  # List signed certificates.  This returns a list of hostnames, not actual
+  # files -- the names can be converted to full paths with host2csrfile.
+  def list_signed(dummy_argument=:work_arround_for_ruby_GC_bug)
+    return Dir.entries(Puppet[:signeddir]).find_all { |file|
+      file =~ /\.pem$/
+    }.collect { |file|
+      file.sub(/\.pem$/, '')
+    }
+  end
+  # Create the root certificate.
+  def mkrootcert
+    # Make the root cert's name "Puppet CA: " plus the FQDN of the host running the CA.
+    name = "Puppet CA: #{Facter["hostname"].value}"
+    if domain = Facter["domain"].value
+      name += ".#{domain}"
+    end
+    cert = Certificate.new(
+      :name => name,
+      :cert => @config[:cacert],
+      :encrypt => @config[:capass],
+      :key => @config[:cakey],
+      :selfsign => true,
+      :ttl => ttl,
+      :type => :ca
+    )
+    # This creates the cakey file
+    Puppet::Util::SUIDManager.asuser(Puppet[:user], Puppet[:group]) do
+      @cert = cert.mkselfsigned
+    end
+    Puppet.settings.write(:cacert) do |f|
+      f.puts @cert.to_pem
+    end
+    Puppet.settings.write(:capub) do |f|
+      f.puts @cert.public_key
+    end
+    cert
+  end
+  def removeclientcsr(host)
+    csrfile = host2csrfile(host)
+    raise Puppet::Error, "No certificate request for #{host}" unless File.exists?(csrfile)
+    File.unlink(csrfile)
+  end
+  # Revoke the certificate with serial number SERIAL issued by this
+  # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons
+  def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
+    time = Time.now
+    revoked = OpenSSL::X509::Revoked.new
+    revoked.serial = serial
+    revoked.time = time
+    enum = OpenSSL::ASN1::Enumerated(reason)
+    ext = OpenSSL::X509::Extension.new("CRLReason", enum)
+    revoked.add_extension(ext)
+    @crl.add_revoked(revoked)
+    store_crl
+  end
+  # Take the Puppet config and store it locally.
+  def setconfig(hash)
+    @config = {}
+    Puppet.settings.params("ca").each { |param|
+      param = param.intern if param.is_a? String
+      if hash.include?(param)
+        @config[param] = hash[param]
+        Puppet[param] = hash[param]
+        hash.delete(param)
+      else
+        @config[param] = Puppet[param]
+      end
+    }
+    if hash.include?(:password)
+      @config[:password] = hash[:password]
+      hash.delete(:password)
+    end
+    raise ArgumentError, "Unknown parameters #{hash.keys.join(",")}" if hash.length > 0
+    [:cadir, :csrdir, :signeddir].each { |dir|
+      raise Puppet::DevError, "#{dir} is undefined" unless @config[dir]
+    }
+  end
+  # Sign a given certificate request.
+  def sign(csr)
+    unless csr.is_a?(OpenSSL::X509::Request)
+      raise Puppet::Error,
+        "CA#sign only accepts OpenSSL::X509::Request objects, not #{csr.class}"
+    end
+    raise Puppet::Error, "CSR sign verification failed" unless csr.verify(csr.public_key)
+    serial = nil
+    Puppet.settings.readwritelock(:serial) { |f|
+      serial = File.read(@config[:serial]).chomp.hex
+      # increment the serial
+      f << "%04X" % (serial + 1)
+    }
+    newcert = Puppet::SSLCertificates.mkcert(
+      :type => :server,
+      :name => csr.subject,
+      :ttl => ttl,
+      :issuer => @cert,
+      :serial => serial,
+      :publickey => csr.public_key
+    )
+    sign_with_key(newcert)
+    self.storeclientcert(newcert)
+    [newcert, @cert]
+  end
+  # Store the client's CSR for later signing.  This is called from
+  # server/ca.rb, and the CSRs are deleted once the certificate is actually
+  # signed.
+  def storeclientcsr(csr)
+    host = thing2name(csr)
+    csrfile = host2csrfile(host)
+    raise Puppet::Error, "Certificate request for #{host} already exists" if File.exists?(csrfile)
+    Puppet.settings.writesub(:csrdir, csrfile) do |f|
+      f.print csr.to_pem
+    end
+  end
+  # Store the certificate that we generate.
+  def storeclientcert(cert)
+    host = thing2name(cert)
+    certfile = host2certfile(host)
+    Puppet.notice "Overwriting signed certificate #{certfile} for #{host}" if File.exists?(certfile)
+    Puppet::SSLCertificates::Inventory::add(cert)
+    Puppet.settings.writesub(:signeddir, certfile) do |f|
+      f.print cert.to_pem
+    end
+  end
+  # TTL for new certificates in seconds. If config param :ca_ttl is set,
+  # use that, otherwise use :ca_days for backwards compatibility
+  def ttl
+    days = @config[:ca_days]
+    if days && days.size > 0
+      warnonce "Parameter ca_ttl is not set. Using depecated ca_days instead."
+      return @config[:ca_days] * 24 * 60 * 60
+    else
+      ttl = @config[:ca_ttl]
+      if ttl.is_a?(String)
+        unless ttl =~ /^(\d+)(y|d|h|s)$/
+          raise ArgumentError, "Invalid ca_ttl #{ttl}"
+        end
+        case $2
+        when 'y'
+          unit = 365 * 24 * 60 * 60
+        when 'd'
+          unit = 24 * 60 * 60
+        when 'h'
+          unit = 60 * 60
+        when 's'
+          unit = 1
+        else
+          raise ArgumentError, "Invalid unit for ca_ttl #{ttl}"
+        end
+        return $1.to_i * unit
+      else
+        return ttl
+      end
+    end
+  end
+  private
+  def init_crl
+    if FileTest.exists?(@config[:cacrl])
+      @crl = OpenSSL::X509::CRL.new(
+        File.read(@config[:cacrl])
+      )
+    else
+      # Create new CRL
+      @crl = OpenSSL::X509::CRL.new
+      @crl.issuer = @cert.subject
+      @crl.version = 1
+      store_crl
+      @crl
+    end
+  end
+  def store_crl
+    # Increment the crlNumber
+    e = @crl.extensions.find { |e| e.oid == 'crlNumber' }
+    ext = @crl.extensions.reject { |e| e.oid == 'crlNumber' }
+    crlNum = OpenSSL::ASN1::Integer(e ? e.value.to_i + 1 : 0)
+    ext << OpenSSL::X509::Extension.new("crlNumber", crlNum)
+    @crl.extensions = ext
+    # Set last/next update
+    now = Time.now
+    @crl.last_update = now
+    # Keep CRL valid for 5 years
+    @crl.next_update = now + 5 * 365*24*60*60
+    sign_with_key(@crl)
+    Puppet.settings.write(:cacrl) do |f|
+      f.puts @crl.to_pem
+    end
+  end
+  def sign_with_key(signable, digest = OpenSSL::Digest::SHA1.new)
+    cakey = nil
+    if @config[:password]
+      begin
+        cakey = OpenSSL::PKey::RSA.new(
+          File.read(@config[:cakey]), @config[:password]
+        )
+      rescue
+        raise Puppet::Error,
+          "Decrypt of CA private key with password stored in @config[:capass] not possible"
+      end
+    else
+      cakey = OpenSSL::PKey::RSA.new(
+        File.read(@config[:cakey])
+      )
+    end
+    raise Puppet::Error, "CA Certificate is invalid" unless @cert.check_private_key(cakey)
+    signable.sign(cakey, digest)
+  end
+end

data/lib/puppet/sslcertificates/certificate.rb ADDED

@@ -0,0 +1,255 @@
+class Puppet::SSLCertificates::Certificate
+  SSLCertificates = Puppet::SSLCertificates
+  attr_accessor :certfile, :keyfile, :name, :dir, :hash, :type
+  attr_accessor :key, :cert, :csr, :cacert
+  @@params2names = {
+    :name       => "CN",
+    :state      => "ST",
+    :country    => "C",
+    :email      => "emailAddress",
+    :org        => "O",
+    :city       => "L",
+    :ou         => "OU"
+  }
+  def certname
+    OpenSSL::X509::Name.new self.subject
+  end
+  def delete
+    [@certfile,@keyfile].each { |file|
+      File.unlink(file) if FileTest.exists?(file)
+    }
+    if @hash
+      File.unlink(@hash) if FileTest.symlink?(@hash)
+    end
+  end
+  def exists?
+    FileTest.exists?(@certfile)
+  end
+  def getkey
+    self.mkkey unless FileTest.exists?(@keyfile)
+    if @password
+      @key = OpenSSL::PKey::RSA.new(
+        File.read(@keyfile),
+        @password
+      )
+    else
+      @key = OpenSSL::PKey::RSA.new(
+        File.read(@keyfile)
+      )
+    end
+  end
+  def initialize(hash)
+    raise Puppet::Error, "You must specify the common name for the certificate" unless hash.include?(:name)
+    @name = hash[:name]
+    # init a few variables
+    @cert = @key = @csr = nil
+    if hash.include?(:cert)
+      @certfile = hash[:cert]
+      @dir = File.dirname(@certfile)
+    else
+      @dir = hash[:dir] || Puppet[:certdir]
+      @certfile = File.join(@dir, @name)
+    end
+    @cacertfile ||= File.join(Puppet[:certdir], "ca.pem")
+    Puppet.recmkdir(@dir) unless FileTest.directory?(@dir)
+    unless @certfile =~ /\.pem$/
+      @certfile += ".pem"
+    end
+    @keyfile = hash[:key] || File.join(
+      Puppet[:privatekeydir], [@name,"pem"].join(".")
+    )
+    Puppet.recmkdir(@dir) unless FileTest.directory?(@dir)
+    [@keyfile].each { |file|
+      dir = File.dirname(file)
+      Puppet.recmkdir(dir) unless FileTest.directory?(dir)
+    }
+    @ttl = hash[:ttl] || 365 * 24 * 60 * 60
+    @selfsign = hash[:selfsign] || false
+    @encrypt = hash[:encrypt] || false
+    @replace = hash[:replace] || false
+    @issuer = hash[:issuer] || nil
+    if hash.include?(:type)
+      case hash[:type]
+      when :ca, :client, :server; @type = hash[:type]
+      else
+        raise "Invalid Cert type #{hash[:type]}"
+      end
+    else
+      @type = :client
+    end
+    @params = {:name => @name}
+    [:state, :country, :email, :org, :ou].each { |param|
+      @params[param] = hash[param] if hash.include?(param)
+    }
+    if @encrypt
+      if @encrypt =~ /^\//
+        File.open(@encrypt) { |f|
+          @password = f.read.chomp
+        }
+      else
+        raise Puppet::Error, ":encrypt must be a path to a pass phrase file"
+      end
+    else
+      @password = nil
+    end
+    @selfsign = hash.include?(:selfsign) && hash[:selfsign]
+  end
+  # this only works for servers, not for users
+  def mkcsr
+    self.getkey unless @key
+    name = OpenSSL::X509::Name.new self.subject
+    @csr = OpenSSL::X509::Request.new
+    @csr.version = 0
+    @csr.subject = name
+    @csr.public_key = @key.public_key
+    @csr.sign(@key, OpenSSL::Digest::SHA1.new)
+    #File.open(@csrfile, "w") { |f|
+    #    f << @csr.to_pem
+    #}
+    raise Puppet::Error, "CSR sign verification failed" unless @csr.verify(@key.public_key)
+    @csr
+  end
+  def mkkey
+    # @key is the file
+    @key = OpenSSL::PKey::RSA.new(1024)
+#            { |p,n|
+#                case p
+#                when 0; Puppet.info "key info: ."  # BN_generate_prime
+#                when 1; Puppet.info "key info: +"  # BN_generate_prime
+#                when 2; Puppet.info "key info: *"  # searching good prime,
+#                                          # n = #of try,
+#                                          # but also data from BN_generate_prime
+#                when 3; Puppet.info "key info: \n" # found good prime, n==0 - p, n==1 - q,
+#                                          # but also data from BN_generate_prime
+#                else;   Puppet.info "key info: *"  # BN_generate_prime
+#                end
+#            }
+  if @password
+  #        passwdproc = proc { @password }
+    keytext = @key.export(
+      OpenSSL::Cipher::DES.new(:EDE3, :CBC),
+      @password
+      )
+      File.open(@keyfile, "w", 0400) { |f|
+        f << keytext
+      }
+    else
+      File.open(@keyfile, "w", 0400) { |f|
+        f << @key.to_pem
+      }
+    end
+    #cmd = "#{ossl} genrsa -out #{@key} 1024"
+  end
+  def mkselfsigned
+    self.getkey unless @key
+    raise Puppet::Error, "Cannot replace existing certificate" if @cert
+    args = {
+      :name => self.certname,
+      :ttl => @ttl,
+      :issuer => nil,
+      :serial => 0x0,
+      :publickey => @key.public_key
+    }
+    if @type
+      args[:type] = @type
+    else
+      args[:type] = :server
+    end
+    @cert = SSLCertificates.mkcert(args)
+    @cert.sign(@key, OpenSSL::Digest::SHA1.new) if @selfsign
+    @cert
+  end
+  def subject(string = false)
+    subj = @@params2names.collect { |param, name|
+      [name, @params[param]] if @params.include?(param)
+    }.reject { |ary| ary.nil? }
+    if string
+      return "/" + subj.collect { |ary|
+        "%s=%s" % ary
+      }.join("/") + "/"
+    else
+      return subj
+    end
+  end
+  # verify that we can track down the cert chain or whatever
+  def verify
+    "openssl verify -verbose -CAfile /home/luke/.puppet/ssl/certs/ca.pem -purpose sslserver culain.madstop.com.pem"
+  end
+  def write
+    files = {
+      @certfile => @cert,
+      @keyfile => @key,
+    }
+    files[@cacertfile] = @cacert if defined?(@cacert)
+    files.each { |file,thing|
+      if thing
+        next if FileTest.exists?(file)
+        text = nil
+        if thing.is_a?(OpenSSL::PKey::RSA) and @password
+          text = thing.export(
+            OpenSSL::Cipher::DES.new(:EDE3, :CBC),
+            @password
+          )
+        else
+          text = thing.to_pem
+        end
+        File.open(file, "w", 0660) { |f| f.print text }
+      end
+    }
+    SSLCertificates.mkhash(Puppet[:certdir], @cacert, @cacertfile) if defined?(@cacert)
+  end
+end