RubyGems - puppet - Versions diffs - 2.7.5 → 2.7.6 - Mend

puppet 2.7.5 → 2.7.6

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (140) hide show

data/CHANGELOG +121 -0
data/conf/redhat/puppet.spec +16 -7
data/lib/puppet.rb +1 -1
data/lib/puppet/application/cert.rb +17 -3
data/lib/puppet/application/device.rb +1 -0
data/lib/puppet/application/kick.rb +0 -2
data/lib/puppet/application/resource.rb +73 -66
data/lib/puppet/configurer/plugin_handler.rb +6 -2
data/lib/puppet/defaults.rb +60 -5
data/lib/puppet/face/ca.rb +11 -2
data/lib/puppet/face/certificate.rb +33 -4
data/lib/puppet/file_serving/fileset.rb +1 -1
data/lib/puppet/file_serving/indirection_hooks.rb +2 -2
data/lib/puppet/file_serving/metadata.rb +43 -4
data/lib/puppet/indirector.rb +0 -1
data/lib/puppet/indirector/request.rb +3 -4
data/lib/puppet/indirector/resource/active_record.rb +3 -10
data/lib/puppet/indirector/resource/ral.rb +2 -2
data/lib/puppet/indirector/rest.rb +1 -1
data/lib/puppet/network/handler/ca.rb +16 -106
data/lib/puppet/network/handler/master.rb +0 -3
data/lib/puppet/network/handler/runner.rb +1 -0
data/lib/puppet/parser/scope.rb +10 -0
data/lib/puppet/provider/file/posix.rb +72 -34
data/lib/puppet/provider/file/windows.rb +100 -0
data/lib/puppet/provider/group/windows_adsi.rb +2 -2
data/lib/puppet/provider/user/windows_adsi.rb +19 -4
data/lib/puppet/resource.rb +16 -0
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/ssl/certificate.rb +2 -2
data/lib/puppet/ssl/certificate_authority.rb +86 -10
data/lib/puppet/ssl/certificate_authority/interface.rb +64 -19
data/lib/puppet/ssl/certificate_factory.rb +112 -91
data/lib/puppet/ssl/certificate_request.rb +88 -1
data/lib/puppet/ssl/host.rb +20 -3
data/lib/puppet/type/file.rb +15 -34
data/lib/puppet/type/file/group.rb +11 -91
data/lib/puppet/type/file/mode.rb +11 -41
data/lib/puppet/type/file/owner.rb +18 -34
data/lib/puppet/type/file/source.rb +22 -7
data/lib/puppet/type/group.rb +4 -3
data/lib/puppet/type/user.rb +4 -1
data/lib/puppet/util.rb +59 -6
data/lib/puppet/util/adsi.rb +11 -0
data/lib/puppet/util/log.rb +4 -0
data/lib/puppet/util/log/destinations.rb +7 -1
data/lib/puppet/util/monkey_patches.rb +19 -0
data/lib/puppet/util/network_device/config.rb +4 -5
data/lib/puppet/util/settings.rb +5 -0
data/lib/puppet/util/suidmanager.rb +0 -1
data/lib/puppet/util/windows.rb +4 -0
data/lib/puppet/util/windows/error.rb +16 -0
data/lib/puppet/util/windows/security.rb +593 -0
data/spec/integration/defaults_spec.rb +27 -0
data/spec/integration/network/handler_spec.rb +1 -1
data/spec/integration/type/file_spec.rb +382 -145
data/spec/integration/util/windows/security_spec.rb +468 -0
data/spec/shared_behaviours/file_serving.rb +4 -3
data/spec/unit/application/agent_spec.rb +1 -0
data/spec/unit/application/device_spec.rb +5 -0
data/spec/unit/application/resource_spec.rb +62 -101
data/spec/unit/configurer/downloader_spec.rb +2 -2
data/spec/unit/configurer/plugin_handler_spec.rb +15 -8
data/spec/unit/configurer_spec.rb +2 -2
data/spec/unit/face/ca_spec.rb +34 -0
data/spec/unit/face/certificate_spec.rb +168 -1
data/spec/unit/file_serving/fileset_spec.rb +1 -1
data/spec/unit/file_serving/indirection_hooks_spec.rb +1 -1
data/spec/unit/file_serving/metadata_spec.rb +151 -107
data/spec/unit/indirector/certificate_request/ca_spec.rb +0 -3
data/spec/unit/indirector/direct_file_server_spec.rb +10 -9
data/spec/unit/indirector/file_metadata/file_spec.rb +6 -4
data/spec/unit/indirector/request_spec.rb +13 -3
data/spec/unit/indirector/resource/active_record_spec.rb +4 -10
data/spec/unit/indirector/resource/ral_spec.rb +6 -4
data/spec/unit/indirector/rest_spec.rb +5 -6
data/spec/unit/network/handler/ca_spec.rb +86 -0
data/spec/unit/parser/collector_spec.rb +7 -7
data/spec/unit/parser/scope_spec.rb +20 -0
data/spec/unit/provider/file/posix_spec.rb +226 -0
data/spec/unit/provider/file/windows_spec.rb +136 -0
data/spec/unit/provider/group/windows_adsi_spec.rb +7 -2
data/spec/unit/provider/user/windows_adsi_spec.rb +36 -3
data/spec/unit/resource/catalog_spec.rb +20 -10
data/spec/unit/resource_spec.rb +55 -8
data/spec/unit/ssl/certificate_authority/interface_spec.rb +97 -54
data/spec/unit/ssl/certificate_authority_spec.rb +133 -23
data/spec/unit/ssl/certificate_factory_spec.rb +90 -70
data/spec/unit/ssl/certificate_request_spec.rb +62 -1
data/spec/unit/ssl/certificate_spec.rb +20 -14
data/spec/unit/ssl/host_spec.rb +52 -6
data/spec/unit/type/file/content_spec.rb +4 -4
data/spec/unit/type/file/group_spec.rb +34 -96
data/spec/unit/type/file/mode_spec.rb +88 -0
data/spec/unit/type/file/owner_spec.rb +32 -123
data/spec/unit/type/file/source_spec.rb +120 -41
data/spec/unit/type/file_spec.rb +1033 -753
data/spec/unit/type_spec.rb +19 -1
data/spec/unit/util/adsi_spec.rb +19 -0
data/spec/unit/util/log/destinations_spec.rb +75 -0
data/spec/unit/util/log_spec.rb +15 -0
data/spec/unit/util/network_device/config_spec.rb +7 -0
data/spec/unit/util/settings_spec.rb +10 -0
data/spec/unit/util_spec.rb +126 -13
data/test/language/functions.rb +0 -1
data/test/language/snippets.rb +0 -9
data/test/lib/puppettest/exetest.rb +1 -1
data/test/lib/puppettest/servertest.rb +0 -1
data/test/rails/rails.rb +0 -1
data/test/ral/type/filesources.rb +0 -60
metadata +13 -33
data/lib/puppet/network/client.rb +0 -174
data/lib/puppet/network/client/ca.rb +0 -56
data/lib/puppet/network/client/file.rb +0 -6
data/lib/puppet/network/client/proxy.rb +0 -27
data/lib/puppet/network/client/report.rb +0 -26
data/lib/puppet/network/client/runner.rb +0 -10
data/lib/puppet/network/client/status.rb +0 -4
data/lib/puppet/network/http_server.rb +0 -3
data/lib/puppet/network/http_server/mongrel.rb +0 -130
data/lib/puppet/network/http_server/webrick.rb +0 -155
data/lib/puppet/network/xmlrpc/client.rb +0 -211
data/lib/puppet/provider/file/win32.rb +0 -72
data/lib/puppet/sslcertificates.rb +0 -146
data/lib/puppet/sslcertificates/ca.rb +0 -375
data/lib/puppet/sslcertificates/certificate.rb +0 -255
data/lib/puppet/sslcertificates/inventory.rb +0 -38
data/lib/puppet/sslcertificates/support.rb +0 -146
data/spec/integration/network/client_spec.rb +0 -18
data/spec/unit/network/xmlrpc/client_spec.rb +0 -172
data/spec/unit/sslcertificates/ca_spec.rb +0 -106
data/test/certmgr/certmgr.rb +0 -308
data/test/certmgr/inventory.rb +0 -69
data/test/certmgr/support.rb +0 -105
data/test/network/client/ca.rb +0 -69
data/test/network/client/dipper.rb +0 -34
data/test/network/handler/ca.rb +0 -273
data/test/network/server/mongrel_test.rb +0 -99
data/test/network/server/webrick.rb +0 -111
data/test/network/xmlrpc/client.rb +0 -45

data/lib/puppet/sslcertificates/certificate.rb DELETED

@@ -1,255 +0,0 @@
-class Puppet::SSLCertificates::Certificate
-  SSLCertificates = Puppet::SSLCertificates
-  attr_accessor :certfile, :keyfile, :name, :dir, :hash, :type
-  attr_accessor :key, :cert, :csr, :cacert
-  @@params2names = {
-    :name       => "CN",
-    :state      => "ST",
-    :country    => "C",
-    :email      => "emailAddress",
-    :org        => "O",
-    :city       => "L",
-    :ou         => "OU"
-  }
-  def certname
-    OpenSSL::X509::Name.new self.subject
-  end
-  def delete
-    [@certfile,@keyfile].each { |file|
-      File.unlink(file) if FileTest.exists?(file)
-    }
-    if @hash
-      File.unlink(@hash) if FileTest.symlink?(@hash)
-    end
-  end
-  def exists?
-    FileTest.exists?(@certfile)
-  end
-  def getkey
-    self.mkkey unless FileTest.exists?(@keyfile)
-    if @password
-      @key = OpenSSL::PKey::RSA.new(
-        File.read(@keyfile),
-        @password
-      )
-    else
-      @key = OpenSSL::PKey::RSA.new(
-        File.read(@keyfile)
-      )
-    end
-  end
-  def initialize(hash)
-    raise Puppet::Error, "You must specify the common name for the certificate" unless hash.include?(:name)
-    @name = hash[:name]
-    # init a few variables
-    @cert = @key = @csr = nil
-    if hash.include?(:cert)
-      @certfile = hash[:cert]
-      @dir = File.dirname(@certfile)
-    else
-      @dir = hash[:dir] || Puppet[:certdir]
-      @certfile = File.join(@dir, @name)
-    end
-    @cacertfile ||= File.join(Puppet[:certdir], "ca.pem")
-    Puppet.recmkdir(@dir) unless FileTest.directory?(@dir)
-    unless @certfile =~ /\.pem$/
-      @certfile += ".pem"
-    end
-    @keyfile = hash[:key] || File.join(
-      Puppet[:privatekeydir], [@name,"pem"].join(".")
-    )
-    Puppet.recmkdir(@dir) unless FileTest.directory?(@dir)
-    [@keyfile].each { |file|
-      dir = File.dirname(file)
-      Puppet.recmkdir(dir) unless FileTest.directory?(dir)
-    }
-    @ttl = hash[:ttl] || 365 * 24 * 60 * 60
-    @selfsign = hash[:selfsign] || false
-    @encrypt = hash[:encrypt] || false
-    @replace = hash[:replace] || false
-    @issuer = hash[:issuer] || nil
-    if hash.include?(:type)
-      case hash[:type]
-      when :ca, :client, :server; @type = hash[:type]
-      else
-        raise "Invalid Cert type #{hash[:type]}"
-      end
-    else
-      @type = :client
-    end
-    @params = {:name => @name}
-    [:state, :country, :email, :org, :ou].each { |param|
-      @params[param] = hash[param] if hash.include?(param)
-    }
-    if @encrypt
-      if @encrypt =~ /^\//
-        File.open(@encrypt) { |f|
-          @password = f.read.chomp
-        }
-      else
-        raise Puppet::Error, ":encrypt must be a path to a pass phrase file"
-      end
-    else
-      @password = nil
-    end
-    @selfsign = hash.include?(:selfsign) && hash[:selfsign]
-  end
-  # this only works for servers, not for users
-  def mkcsr
-    self.getkey unless @key
-    name = OpenSSL::X509::Name.new self.subject
-    @csr = OpenSSL::X509::Request.new
-    @csr.version = 0
-    @csr.subject = name
-    @csr.public_key = @key.public_key
-    @csr.sign(@key, OpenSSL::Digest::SHA1.new)
-    #File.open(@csrfile, "w") { |f|
-    #    f << @csr.to_pem
-    #}
-    raise Puppet::Error, "CSR sign verification failed" unless @csr.verify(@key.public_key)
-    @csr
-  end
-  def mkkey
-    # @key is the file
-    @key = OpenSSL::PKey::RSA.new(1024)
-#            { |p,n|
-#                case p
-#                when 0; Puppet.info "key info: ."  # BN_generate_prime
-#                when 1; Puppet.info "key info: +"  # BN_generate_prime
-#                when 2; Puppet.info "key info: *"  # searching good prime,
-#                                          # n = #of try,
-#                                          # but also data from BN_generate_prime
-#                when 3; Puppet.info "key info: \n" # found good prime, n==0 - p, n==1 - q,
-#                                          # but also data from BN_generate_prime
-#                else;   Puppet.info "key info: *"  # BN_generate_prime
-#                end
-#            }
-  if @password
-  #        passwdproc = proc { @password }
-    keytext = @key.export(
-      OpenSSL::Cipher::DES.new(:EDE3, :CBC),
-      @password
-      )
-      File.open(@keyfile, "w", 0400) { |f|
-        f << keytext
-      }
-    else
-      File.open(@keyfile, "w", 0400) { |f|
-        f << @key.to_pem
-      }
-    end
-    #cmd = "#{ossl} genrsa -out #{@key} 1024"
-  end
-  def mkselfsigned
-    self.getkey unless @key
-    raise Puppet::Error, "Cannot replace existing certificate" if @cert
-    args = {
-      :name => self.certname,
-      :ttl => @ttl,
-      :issuer => nil,
-      :serial => 0x0,
-      :publickey => @key.public_key
-    }
-    if @type
-      args[:type] = @type
-    else
-      args[:type] = :server
-    end
-    @cert = SSLCertificates.mkcert(args)
-    @cert.sign(@key, OpenSSL::Digest::SHA1.new) if @selfsign
-    @cert
-  end
-  def subject(string = false)
-    subj = @@params2names.collect { |param, name|
-      [name, @params[param]] if @params.include?(param)
-    }.reject { |ary| ary.nil? }
-    if string
-      return "/" + subj.collect { |ary|
-        "%s=%s" % ary
-      }.join("/") + "/"
-    else
-      return subj
-    end
-  end
-  # verify that we can track down the cert chain or whatever
-  def verify
-    "openssl verify -verbose -CAfile /home/luke/.puppet/ssl/certs/ca.pem -purpose sslserver culain.madstop.com.pem"
-  end
-  def write
-    files = {
-      @certfile => @cert,
-      @keyfile => @key,
-    }
-    files[@cacertfile] = @cacert if defined?(@cacert)
-    files.each { |file,thing|
-      if thing
-        next if FileTest.exists?(file)
-        text = nil
-        if thing.is_a?(OpenSSL::PKey::RSA) and @password
-          text = thing.export(
-            OpenSSL::Cipher::DES.new(:EDE3, :CBC),
-            @password
-          )
-        else
-          text = thing.to_pem
-        end
-        File.open(file, "w", 0660) { |f| f.print text }
-      end
-    }
-    SSLCertificates.mkhash(Puppet[:certdir], @cacert, @cacertfile) if defined?(@cacert)
-  end
-end

data/lib/puppet/sslcertificates/inventory.rb DELETED

@@ -1,38 +0,0 @@
-# A module for keeping track of all the certificates issued by the CA, ever
-# Maintains the file "$cadir/inventory.txt"
-module Puppet::SSLCertificates
-  module Inventory
-    # Add CERT to the inventory of issued certs in '$cadir/inventory.txt'
-    # If no inventory exists yet, build an inventory and list all the
-    # certificates that have been signed so far
-    def self.add(cert)
-      inited = false
-      inited = true if FileTest.exists?(Puppet[:cert_inventory])
-      Puppet.settings.write(:cert_inventory, "a") do |f|
-        f.puts((inited ? nil : self.init).to_s + format(cert))
-      end
-    end
-    private
-    def self.init
-      inv = "# Inventory of signed certificates\n"
-      inv += "# SERIAL NOT_BEFORE NOT_AFTER SUBJECT\n"
-      Dir.glob(File::join(Puppet[:signeddir], "*.pem")) do |f|
-        inv += format(OpenSSL::X509::Certificate.new(File::read(f))) + "\n"
-      end
-      inv
-    end
-    def self.format(cert)
-      iso = '%Y-%m-%dT%H:%M:%S%Z'
-      return "0x%04x %s %s %s" % [cert.serial,
-                    cert.not_before.strftime(iso),
-                    cert.not_after.strftime(iso),
-                    cert.subject]
-    end
-  end
-end

data/lib/puppet/sslcertificates/support.rb DELETED

@@ -1,146 +0,0 @@
-require 'puppet/sslcertificates'
-# A module to handle reading of certificates.
-module Puppet::SSLCertificates::Support
-  class MissingCertificate < Puppet::Error; end
-  class InvalidCertificate < Puppet::Error; end
-  attr_reader :cacert
-  # Some metaprogramming to create methods for retrieving and creating keys.
-  # This probably isn't fewer lines than defining each separately...
-  def self.keytype(name, options, &block)
-    var = "@#{name}"
-    maker = "mk_#{name}"
-    reader = "read_#{name}"
-    unless param = options[:param]
-      raise ArgumentError, "You must specify the parameter for the key"
-    end
-    unless klass = options[:class]
-      raise ArgumentError, "You must specify the class for the key"
-    end
-    # Define the method that creates it.
-    define_method(maker, &block)
-    # Define the reading method.
-    define_method(reader) do
-      return nil unless FileTest.exists?(Puppet[param]) or rename_files_with_uppercase(Puppet[param])
-      begin
-        instance_variable_set(var, klass.new(File.read(Puppet[param])))
-      rescue => detail
-        raise InvalidCertificate, "Could not read #{param}: #{detail}"
-      end
-    end
-    # Define the overall method, which just calls the reader and maker
-    # as appropriate.
-    define_method(name) do
-      unless cert = instance_variable_get(var)
-        unless cert = send(reader)
-          cert = send(maker)
-          Puppet.settings.write(param) { |f| f.puts cert.to_pem }
-        end
-        instance_variable_set(var, cert)
-      end
-      cert
-    end
-  end
-  # The key pair.
-  keytype :key, :param => :hostprivkey, :class => OpenSSL::PKey::RSA do
-    Puppet.info "Creating a new SSL key at #{Puppet[:hostprivkey]}"
-    key = OpenSSL::PKey::RSA.new(Puppet[:keylength])
-    # Our key meta programming can only handle one file, so we have
-    # to separately write out the public key.
-    Puppet.settings.write(:hostpubkey) do |f|
-      f.print key.public_key.to_pem
-    end
-    return key
-  end
-  # Our certificate request
-  keytype :csr, :param => :hostcsr, :class => OpenSSL::X509::Request do
-    Puppet.info "Creating a new certificate request for #{Puppet[:certname]}"
-    csr = OpenSSL::X509::Request.new
-    csr.version = 0
-    csr.subject = OpenSSL::X509::Name.new([["CN", Puppet[:certname]]])
-    csr.public_key = key.public_key
-    csr.sign(key, OpenSSL::Digest::MD5.new)
-    return csr
-  end
-  keytype :cert, :param => :hostcert, :class => OpenSSL::X509::Certificate do
-    raise MissingCertificate, "No host certificate"
-  end
-  keytype :ca_cert, :param => :localcacert, :class => OpenSSL::X509::Certificate do
-    raise MissingCertificate, "No CA certificate"
-  end
-  # Request a certificate from the remote system.  This does all of the work
-  # of creating the cert request, contacting the remote system, and
-  # storing the cert locally.
-  def requestcert
-    begin
-      cert, cacert = caclient.getcert(@csr.to_pem)
-    rescue => detail
-      puts detail.backtrace if Puppet[:trace]
-      raise Puppet::Error.new("Certificate retrieval failed: #{detail}")
-    end
-    if cert.nil? or cert == ""
-      return nil
-    end
-    Puppet.settings.write(:hostcert) do |f| f.print cert end
-    Puppet.settings.write(:localcacert) do |f| f.print cacert end
-    #File.open(@certfile, "w", 0644) { |f| f.print cert }
-    #File.open(@cacertfile, "w", 0644) { |f| f.print cacert }
-    begin
-      @cert = OpenSSL::X509::Certificate.new(cert)
-      @cacert = OpenSSL::X509::Certificate.new(cacert)
-      retrieved = true
-    rescue => detail
-      raise Puppet::Error.new(
-        "Invalid certificate: #{detail}"
-      )
-    end
-    raise Puppet::DevError, "Received invalid certificate" unless @cert.check_private_key(@key)
-    retrieved
-  end
-  # A hack method to deal with files that exist with a different case.
-  # Just renames it; doesn't read it in or anything.
-  def rename_files_with_uppercase(file)
-    dir = File.dirname(file)
-    short = File.basename(file)
-    # If the dir isn't present, we clearly don't have the file.
-    #return nil unless FileTest.directory?(dir)
-    raise ArgumentError, "Tried to fix SSL files to a file containing uppercase" unless short.downcase == short
-    return false unless File.directory?(dir)
-    real_file = Dir.entries(dir).reject { |f| f =~ /^\./ }.find do |other|
-      other.downcase == short
-    end
-    return nil unless real_file
-    full_file = File.join(dir, real_file)
-    Puppet.notice "Fixing case in #{full_file}; renaming to #{file}"
-    File.rename(full_file, file)
-    true
-  end
-end

data/spec/integration/network/client_spec.rb DELETED

@@ -1,18 +0,0 @@
-#!/usr/bin/env rspec
-require 'spec_helper'
-require 'puppet/network/client'
-describe Puppet::Network::Client do
-  %w{ca file report runner status}.each do |name|
-    it "should have a #{name} client" do
-      Puppet::Network::Client.client(name).should be_instance_of(Class)
-    end
-    [:name, :handler, :drivername].each do |data|
-      it "should have a #{data} value for the #{name} client" do
-        Puppet::Network::Client.client(name).send(data).should_not be_nil
-      end
-    end
-  end
-end