puppet 3.0.0.rc5 → 3.0.0.rc7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/LICENSE +1 -1
- data/README_DEVELOPER.md +209 -1
- data/README_HIERA.md +148 -0
- data/Rakefile +25 -27
- data/bin/extlookup2hiera +56 -0
- data/conf/auth.conf +34 -34
- data/examples/hiera/README.md +91 -0
- data/examples/hiera/etc/hiera.yaml +15 -0
- data/examples/hiera/etc/hieradb/common.yaml +3 -0
- data/examples/hiera/etc/hieradb/dc1.yaml +6 -0
- data/examples/hiera/etc/hieradb/development.yaml +2 -0
- data/examples/hiera/etc/puppet.conf +3 -0
- data/examples/hiera/modules/data/manifests/common.pp +3 -0
- data/examples/hiera/modules/ntp/manifests/config.pp +5 -0
- data/examples/hiera/modules/ntp/manifests/data.pp +3 -0
- data/examples/hiera/modules/ntp/templates/ntp.conf.erb +3 -0
- data/examples/hiera/modules/users/manifests/common.pp +3 -0
- data/examples/hiera/modules/users/manifests/dc1.pp +3 -0
- data/examples/hiera/modules/users/manifests/development.pp +3 -0
- data/examples/hiera/site.pp +3 -0
- data/ext/build_defaults.yaml +23 -0
- data/ext/debian/README.Debian +8 -0
- data/ext/debian/README.source +2 -0
- data/ext/debian/TODO.Debian +1 -0
- data/ext/debian/changelog.erb +1104 -0
- data/ext/debian/compat +1 -0
- data/ext/debian/control +143 -0
- data/ext/debian/copyright +361 -0
- data/ext/debian/docs +1 -0
- data/ext/debian/fileserver.conf +17 -0
- data/ext/debian/puppet-common.dirs +8 -0
- data/ext/debian/puppet-common.install +4 -0
- data/ext/debian/puppet-common.lintian-overrides +5 -0
- data/ext/debian/puppet-common.manpages +2 -0
- data/ext/debian/puppet-common.postinst +35 -0
- data/ext/debian/puppet-common.postrm +32 -0
- data/ext/debian/puppet-el.dirs +1 -0
- data/ext/debian/puppet-el.emacsen-install +25 -0
- data/ext/debian/puppet-el.emacsen-remove +11 -0
- data/ext/debian/puppet-el.emacsen-startup +9 -0
- data/ext/debian/puppet-el.install +1 -0
- data/ext/debian/puppet-testsuite.install +2 -0
- data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
- data/ext/debian/puppet.conf +14 -0
- data/ext/debian/puppet.default +7 -0
- data/ext/debian/puppet.init +118 -0
- data/ext/debian/puppet.lintian-overrides +3 -0
- data/ext/debian/puppet.logrotate +11 -0
- data/ext/debian/puppet.manpages +32 -0
- data/ext/debian/puppet.postinst +20 -0
- data/ext/debian/puppet.postrm +20 -0
- data/ext/debian/puppet.preinst +20 -0
- data/ext/debian/puppetmaster-common.install +2 -0
- data/ext/debian/puppetmaster-common.manpages +2 -0
- data/ext/debian/puppetmaster-common.puppetqd.default +27 -0
- data/ext/debian/puppetmaster-common.puppetqd.init +84 -0
- data/ext/debian/puppetmaster-passenger.dirs +4 -0
- data/ext/debian/puppetmaster-passenger.postinst +66 -0
- data/ext/debian/puppetmaster-passenger.postrm +33 -0
- data/ext/debian/puppetmaster.README.debian +16 -0
- data/ext/debian/puppetmaster.default +38 -0
- data/ext/debian/puppetmaster.init +158 -0
- data/ext/debian/puppetmaster.lintian-overrides +3 -0
- data/ext/debian/puppetmaster.postinst +20 -0
- data/ext/debian/puppetmaster.postrm +5 -0
- data/ext/debian/puppetmaster.preinst +22 -0
- data/ext/debian/rules +128 -0
- data/ext/debian/source/format +1 -0
- data/ext/debian/source/options +1 -0
- data/ext/debian/vim-puppet.README.Debian +13 -0
- data/ext/debian/vim-puppet.dirs +3 -0
- data/ext/debian/vim-puppet.yaml +5 -0
- data/ext/debian/watch +2 -0
- data/ext/emacs/puppet-mode.el +1 -0
- data/ext/envpuppet +4 -0
- data/ext/envpuppet.bat +3 -2
- data/{conf → ext}/freebsd/puppetd +0 -0
- data/{conf → ext}/freebsd/puppetmasterd +0 -0
- data/{conf → ext}/gentoo/conf.d/puppet +0 -0
- data/{conf → ext}/gentoo/conf.d/puppetmaster +0 -0
- data/{conf → ext}/gentoo/init.d/puppet +0 -0
- data/{conf → ext}/gentoo/init.d/puppetmaster +0 -0
- data/{conf → ext}/gentoo/puppet/fileserver.conf +0 -0
- data/{conf → ext}/gentoo/puppet/puppet.conf +0 -0
- data/ext/ips/puppet-agent +49 -0
- data/ext/ips/puppet-master +44 -0
- data/ext/ips/puppet.conf +29 -0
- data/ext/ips/puppet.p5m.erb +12 -0
- data/ext/ips/puppetagent.xml +46 -0
- data/ext/ips/puppetmaster.xml +42 -0
- data/ext/ips/rules +19 -0
- data/ext/ips/transforms +34 -0
- data/{conf → ext}/osx/PackageInfo.plist +0 -0
- data/{conf → ext}/osx/createpackage.sh +1 -1
- data/ext/osx/file_mapping.yaml +33 -0
- data/ext/osx/preflight.erb +37 -0
- data/{tasks/rake/templates → ext/osx}/prototype.plist.erb +0 -0
- data/ext/packaging/README-Solaris.md +117 -0
- data/ext/packaging/README.md +89 -0
- data/ext/packaging/tasks/00_utils.rb +236 -0
- data/ext/packaging/tasks/10_setupvars.rake +62 -0
- data/ext/packaging/tasks/apple.rake +201 -0
- data/ext/packaging/tasks/clean.rake +5 -0
- data/ext/packaging/tasks/deb.rake +105 -0
- data/ext/packaging/tasks/gem.rake +52 -0
- data/ext/packaging/tasks/ips.rake +78 -0
- data/ext/packaging/tasks/mock.rake +88 -0
- data/ext/packaging/tasks/release.rake +20 -0
- data/ext/packaging/tasks/rpm.rake +39 -0
- data/ext/packaging/tasks/ship.rake +34 -0
- data/ext/packaging/tasks/sign.rake +76 -0
- data/ext/packaging/tasks/tar.rake +20 -0
- data/ext/project_data.yaml +25 -0
- data/ext/rack/files/apache2.conf +2 -1
- data/{conf → ext}/redhat/client.init +0 -0
- data/{conf → ext}/redhat/client.sysconfig +0 -0
- data/{conf → ext}/redhat/fileserver.conf +0 -0
- data/{conf → ext}/redhat/logrotate +0 -0
- data/{conf → ext}/redhat/puppet.conf +0 -0
- data/{conf/redhat/puppet.spec → ext/redhat/puppet.spec.erb} +140 -33
- data/{conf → ext}/redhat/queue.init +0 -0
- data/{conf → ext}/redhat/rundir-perms.patch +0 -0
- data/{conf → ext}/redhat/server.init +0 -0
- data/{conf → ext}/redhat/server.sysconfig +0 -0
- data/{conf → ext}/solaris/pkginfo +0 -0
- data/{conf → ext}/solaris/smf/puppetd.xml +0 -0
- data/{conf → ext}/solaris/smf/puppetmasterd.xml +0 -0
- data/{conf → ext}/solaris/smf/svc-puppetd +0 -0
- data/{conf → ext}/solaris/smf/svc-puppetmasterd +0 -0
- data/{conf → ext}/suse/client.init +0 -0
- data/{conf → ext}/suse/fileserver.conf +0 -0
- data/{conf → ext}/suse/logrotate +0 -0
- data/{conf → ext}/suse/puppet.conf +0 -0
- data/{conf → ext}/suse/puppet.spec +1 -1
- data/{conf → ext}/suse/server.init +0 -0
- data/ext/systemd/puppetagent.service +13 -0
- data/ext/systemd/puppetmaster.service +13 -0
- data/{conf → ext}/windows/eventlog/Rakefile +0 -0
- data/{conf → ext}/windows/eventlog/puppetres.dll +0 -0
- data/{conf → ext}/windows/eventlog/puppetres.mc +0 -0
- data/ext/windows/service/daemon.bat +6 -0
- data/ext/windows/service/daemon.rb +90 -0
- data/install.rb +22 -32
- data/lib/hiera/backend/puppet_backend.rb +102 -0
- data/lib/hiera/scope.rb +42 -0
- data/lib/hiera_puppet.rb +89 -0
- data/lib/puppet.rb +1 -1
- data/lib/puppet/agent.rb +2 -2
- data/lib/puppet/agent/locker.rb +12 -9
- data/lib/puppet/application.rb +10 -8
- data/lib/puppet/application/agent.rb +12 -8
- data/lib/puppet/application/apply.rb +2 -2
- data/lib/puppet/application/cert.rb +6 -6
- data/lib/puppet/application/certificate.rb +1 -4
- data/lib/puppet/application/describe.rb +1 -1
- data/lib/puppet/application/device.rb +5 -2
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/face_base.rb +3 -13
- data/lib/puppet/application/filebucket.rb +1 -1
- data/lib/puppet/application/inspect.rb +1 -1
- data/lib/puppet/application/kick.rb +4 -2
- data/lib/puppet/application/master.rb +2 -2
- data/lib/puppet/application/queue.rb +3 -1
- data/lib/puppet/application/resource.rb +1 -1
- data/lib/puppet/configurer.rb +11 -7
- data/lib/puppet/configurer/downloader.rb +1 -4
- data/lib/puppet/daemon.rb +4 -4
- data/lib/puppet/defaults.rb +64 -60
- data/lib/puppet/external/dot.rb +1 -1
- data/lib/puppet/external/pson/common.rb +15 -0
- data/lib/puppet/external/pson/pure.rb +0 -62
- data/lib/puppet/external/pson/pure/generator.rb +1 -1
- data/lib/puppet/external/pson/pure/parser.rb +2 -2
- data/lib/puppet/face/ca.rb +19 -14
- data/lib/puppet/face/config.rb +2 -2
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/help/man.erb +3 -6
- data/lib/puppet/face/module/install.rb +1 -1
- data/lib/puppet/face/module/list.rb +1 -1
- data/lib/puppet/face/module/uninstall.rb +1 -1
- data/lib/puppet/face/node.rb +1 -1
- data/lib/puppet/face/node/clean.rb +30 -25
- data/lib/puppet/feature/base.rb +0 -3
- data/lib/puppet/feature/rails.rb +2 -1
- data/lib/puppet/file_serving/terminus_selector.rb +1 -1
- data/lib/puppet/indirector/catalog/active_record.rb +5 -0
- data/lib/puppet/indirector/catalog/static_compiler.rb +2 -3
- data/lib/puppet/indirector/certificate/disabled_ca.rb +22 -0
- data/lib/puppet/indirector/certificate_request/disabled_ca.rb +22 -0
- data/lib/puppet/indirector/certificate_revocation_list/disabled_ca.rb +22 -0
- data/lib/puppet/indirector/face.rb +3 -3
- data/lib/puppet/indirector/facts/active_record.rb +5 -0
- data/lib/puppet/indirector/facts/facter.rb +1 -4
- data/lib/puppet/indirector/facts/inventory_active_record.rb +6 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +2 -1
- data/lib/puppet/indirector/indirection.rb +2 -2
- data/lib/puppet/indirector/key/disabled_ca.rb +22 -0
- data/lib/puppet/indirector/node/active_record.rb +5 -0
- data/lib/puppet/indirector/request.rb +4 -0
- data/lib/puppet/indirector/resource/active_record.rb +5 -0
- data/lib/puppet/network/authentication.rb +30 -0
- data/lib/puppet/network/http.rb +0 -13
- data/lib/puppet/network/http/connection.rb +10 -2
- data/lib/puppet/network/http/handler.rb +8 -0
- data/lib/puppet/network/http/mongrel/rest.rb +5 -0
- data/lib/puppet/network/http/rack/rest.rb +7 -0
- data/lib/puppet/network/http/webrick.rb +3 -6
- data/lib/puppet/network/http/webrick/rest.rb +4 -0
- data/lib/puppet/network/server.rb +9 -33
- data/lib/puppet/node.rb +1 -1
- data/lib/puppet/node/facts.rb +0 -1
- data/lib/puppet/parser/compiler.rb +1 -1
- data/lib/puppet/parser/functions.rb +12 -1
- data/lib/puppet/parser/functions/hiera.rb +8 -0
- data/lib/puppet/parser/functions/hiera_array.rb +8 -0
- data/lib/puppet/parser/functions/hiera_hash.rb +8 -0
- data/lib/puppet/parser/functions/hiera_include.rb +11 -0
- data/lib/puppet/parser/functions/shellquote.rb +21 -29
- data/lib/puppet/parser/lexer.rb +2 -1
- data/lib/puppet/parser/scope.rb +8 -0
- data/lib/puppet/provider/exec/windows.rb +1 -1
- data/lib/puppet/provider/group/groupadd.rb +2 -3
- data/lib/puppet/provider/package/pkg.rb +37 -10
- data/lib/puppet/provider/service/daemontools.rb +1 -1
- data/lib/puppet/provider/service/launchd.rb +1 -1
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/runit.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +8 -3
- data/lib/puppet/provider/user/windows_adsi.rb +11 -0
- data/lib/puppet/provider/zfs/zfs.rb +29 -2
- data/lib/puppet/provider/zone/solaris.rb +144 -39
- data/lib/puppet/provider/zpool/zpool.rb +7 -10
- data/lib/puppet/settings.rb +50 -86
- data/lib/puppet/settings/duration_setting.rb +34 -0
- data/lib/puppet/settings/terminus_setting.rb +16 -0
- data/lib/puppet/ssl/base.rb +49 -9
- data/lib/puppet/ssl/certificate.rb +13 -9
- data/lib/puppet/ssl/certificate_authority.rb +4 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +10 -17
- data/lib/puppet/ssl/certificate_factory.rb +4 -21
- data/lib/puppet/ssl/certificate_request.rb +1 -10
- data/lib/puppet/ssl/certificate_revocation_list.rb +1 -3
- data/lib/puppet/ssl/digest.rb +20 -0
- data/lib/puppet/ssl/host.rb +31 -6
- data/lib/puppet/test/test_helper.rb +1 -1
- data/lib/puppet/transaction/report.rb +2 -1
- data/lib/puppet/type.rb +1 -1
- data/lib/puppet/type/augeas.rb +1 -1
- data/lib/puppet/type/cron.rb +1 -1
- data/lib/puppet/type/exec.rb +7 -8
- data/lib/puppet/type/file.rb +1 -1
- data/lib/puppet/type/file/content.rb +2 -2
- data/lib/puppet/type/file/ensure.rb +1 -1
- data/lib/puppet/type/file/mode.rb +1 -1
- data/lib/puppet/type/file/selcontext.rb +6 -2
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/schedule.rb +1 -1
- data/lib/puppet/type/scheduled_task.rb +1 -1
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/zone.rb +126 -253
- data/lib/puppet/util.rb +10 -23
- data/lib/puppet/util/adsi.rb +22 -14
- data/lib/puppet/util/log/destinations.rb +7 -0
- data/lib/puppet/util/log/rate_limited_logger.rb +40 -0
- data/lib/puppet/util/metric.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +8 -0
- data/lib/puppet/util/platform.rb +7 -0
- data/lib/puppet/util/selinux.rb +31 -36
- data/lib/puppet/util/windows/error.rb +1 -1
- data/lib/puppet/util/windows/process.rb +3 -3
- data/lib/puppet/util/windows/security.rb +7 -7
- data/lib/puppet/util/windows/user.rb +65 -2
- data/lib/puppet/util/zaml.rb +90 -46
- data/lib/puppet/version.rb +1 -1
- data/spec/fixtures/hiera.yaml +9 -0
- data/spec/fixtures/manifests/site.pp +0 -0
- data/spec/integration/defaults_spec.rb +25 -11
- data/spec/integration/faces/ca_spec.rb +11 -16
- data/spec/integration/network/server/webrick_spec.rb +14 -27
- data/spec/integration/node_spec.rb +4 -1
- data/spec/integration/parser/functions/require_spec.rb +3 -3
- data/spec/integration/parser/undef_param_spec.rb +88 -0
- data/spec/integration/provider/mount_spec.rb +4 -1
- data/spec/integration/ssl/certificate_authority_spec.rb +18 -0
- data/spec/lib/puppet_spec/files.rb +3 -3
- data/spec/lib/puppet_spec/settings.rb +0 -1
- data/spec/shared_contexts/platform.rb +8 -0
- data/spec/spec_helper.rb +6 -0
- data/spec/unit/agent/locker_spec.rb +8 -2
- data/spec/unit/application/agent_spec.rb +29 -7
- data/spec/unit/application/apply_spec.rb +1 -1
- data/spec/unit/application/device_spec.rb +18 -1
- data/spec/unit/application/face_base_spec.rb +16 -2
- data/spec/unit/application/kick_spec.rb +8 -0
- data/spec/unit/application/queue_spec.rb +5 -0
- data/spec/unit/application_spec.rb +13 -23
- data/spec/unit/configurer/downloader_spec.rb +2 -11
- data/spec/unit/configurer_spec.rb +6 -0
- data/spec/unit/face/node_spec.rb +1 -1
- data/spec/unit/hiera/backend/puppet_backend_spec.rb +140 -0
- data/spec/unit/hiera/scope_spec.rb +62 -0
- data/spec/unit/hiera_puppet_spec.rb +111 -0
- data/spec/unit/indirector/catalog/active_record_spec.rb +4 -0
- data/spec/unit/indirector/catalog/static_compiler_spec.rb +194 -0
- data/spec/unit/indirector/certificate/disabled_ca_spec.rb +33 -0
- data/spec/unit/indirector/certificate_request/disabled_ca_spec.rb +33 -0
- data/spec/unit/indirector/certificate_revocation_list/disabled_ca_spec.rb +33 -0
- data/spec/unit/indirector/facts/active_record_spec.rb +37 -26
- data/spec/unit/indirector/facts/inventory_active_record_spec.rb +5 -0
- data/spec/unit/indirector/hiera_spec.rb +2 -1
- data/spec/unit/indirector/key/disabled_ca_spec.rb +33 -0
- data/spec/unit/indirector/node/active_record_spec.rb +7 -0
- data/spec/unit/indirector/request_spec.rb +22 -0
- data/spec/unit/indirector/resource/active_record_spec.rb +5 -0
- data/spec/unit/module_tool/application_spec.rb +1 -1
- data/spec/unit/network/authentication_spec.rb +86 -0
- data/spec/unit/network/http/connection_spec.rb +21 -0
- data/spec/unit/network/http/handler_spec.rb +12 -0
- data/spec/unit/network/http/rack/rest_spec.rb +7 -0
- data/spec/unit/network/http/webrick_spec.rb +11 -26
- data/spec/unit/network/server_spec.rb +79 -192
- data/spec/unit/node/facts_spec.rb +2 -2
- data/spec/unit/parser/ast/vardef_spec.rb +4 -4
- data/spec/unit/parser/files_spec.rb +3 -0
- data/spec/unit/parser/functions/defined_spec.rb +5 -5
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -1
- data/spec/unit/parser/functions/hiera_array_spec.rb +23 -0
- data/spec/unit/parser/functions/hiera_hash_spec.rb +19 -0
- data/spec/unit/parser/functions/hiera_include_spec.rb +19 -0
- data/spec/unit/parser/functions/hiera_spec.rb +21 -0
- data/spec/unit/parser/functions/include_spec.rb +3 -3
- data/spec/unit/parser/functions/realize_spec.rb +3 -3
- data/spec/unit/parser/functions/require_spec.rb +5 -5
- data/spec/unit/parser/functions/shellquote_spec.rb +0 -4
- data/spec/unit/parser/functions_spec.rb +6 -10
- data/spec/unit/parser/lexer_spec.rb +13 -0
- data/spec/unit/parser/scope_spec.rb +16 -1
- data/spec/unit/provider/exec/posix_spec.rb +7 -6
- data/spec/unit/provider/group/groupadd_spec.rb +36 -30
- data/spec/unit/provider/package/pkg_spec.rb +16 -2
- data/spec/unit/provider/service/redhat_spec.rb +2 -2
- data/spec/unit/provider/sshkey/parsed_spec.rb +4 -0
- data/spec/unit/provider/user/user_role_add_spec.rb +125 -126
- data/spec/unit/provider/user/useradd_spec.rb +147 -118
- data/spec/unit/provider/user/windows_adsi_spec.rb +22 -0
- data/spec/unit/provider/zone/solaris_spec.rb +126 -7
- data/spec/unit/provider/zpool/zpool_spec.rb +4 -3
- data/spec/unit/puppet_spec.rb +7 -0
- data/spec/unit/settings/duration_setting_spec.rb +45 -0
- data/spec/unit/settings/terminus_setting_spec.rb +28 -0
- data/spec/unit/settings_spec.rb +21 -23
- data/spec/unit/ssl/base_spec.rb +68 -19
- data/spec/unit/ssl/certificate_authority/interface_spec.rb +19 -30
- data/spec/unit/ssl/certificate_authority_spec.rb +3 -2
- data/spec/unit/ssl/certificate_factory_spec.rb +15 -6
- data/spec/unit/ssl/certificate_request_spec.rb +80 -113
- data/spec/unit/ssl/certificate_revocation_list_spec.rb +1 -1
- data/spec/unit/ssl/certificate_spec.rb +26 -2
- data/spec/unit/ssl/digest_spec.rb +35 -0
- data/spec/unit/ssl/host_spec.rb +73 -27
- data/spec/unit/ssl/key_spec.rb +0 -4
- data/spec/unit/type/exec_spec.rb +1 -1
- data/spec/unit/type/file_spec.rb +2 -1
- data/spec/unit/type/scheduled_task_spec.rb +2 -2
- data/spec/unit/type/zone_spec.rb +52 -10
- data/spec/unit/util/adsi_spec.rb +19 -0
- data/spec/unit/util/checksums_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +1 -1
- data/spec/unit/util/log/destinations_spec.rb +1 -0
- data/spec/unit/util/log/rate_limited_logger_spec.rb +51 -0
- data/spec/unit/util/logging_spec.rb +6 -6
- data/spec/unit/util/selinux_spec.rb +24 -32
- data/spec/unit/util/zaml_spec.rb +94 -6
- data/spec/unit/util_spec.rb +17 -0
- data/spec/watchr.rb +2 -6
- data/tasks/{rake/manpages.rake → manpages.rake} +0 -0
- data/tasks/{rake/parser.rake → parser.rake} +0 -0
- metadata +1003 -119
- data/CHANGELOG +0 -9233
- data/conf/osx/preflight +0 -24
- data/lib/puppet/network/http/mongrel.rb +0 -35
- data/lib/puppet/util/config_timeout.rb +0 -24
- data/spec/unit/network/http/mongrel/rest_spec.rb +0 -257
- data/spec/unit/network/http/mongrel_spec.rb +0 -91
- data/spec/unit/network/http_spec.rb +0 -31
- data/spec/unit/util/config_timeout_spec.rb +0 -57
- data/tasks/rake/apple.rake +0 -176
- data/tasks/rake/changelog.rake +0 -15
- data/tasks/rake/ci.rake +0 -22
- data/tasks/rake/dailybuild.rake +0 -9
- data/tasks/rake/gem.rake +0 -63
- data/tasks/rake/git_workflow.rake +0 -134
- data/tasks/rake/metrics.rake +0 -14
- data/tasks/rake/sign.rake +0 -14
- data/tasks/rake/testbranch.rake +0 -16
- data/tasks/rake/yard.rake +0 -11
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'puppet/settings/base_setting'
|
2
|
+
|
3
|
+
# A setting that represents a span of time, and evaluates to an integer
|
4
|
+
# number of seconds after being parsed
|
5
|
+
class Puppet::Settings::DurationSetting < Puppet::Settings::BaseSetting
|
6
|
+
# How we convert from various units to seconds.
|
7
|
+
UNITMAP = {
|
8
|
+
# 365 days isn't technically a year, but is sufficient for most purposes
|
9
|
+
"y" => 365 * 24 * 60 * 60,
|
10
|
+
"d" => 24 * 60 * 60,
|
11
|
+
"h" => 60 * 60,
|
12
|
+
"m" => 60,
|
13
|
+
"s" => 1
|
14
|
+
}
|
15
|
+
|
16
|
+
# A regex describing valid formats with groups for capturing the value and units
|
17
|
+
FORMAT = /^(\d+)(y|d|h|m|s)?$/
|
18
|
+
|
19
|
+
def type
|
20
|
+
:duration
|
21
|
+
end
|
22
|
+
|
23
|
+
# Convert the value to an integer, parsing numeric string with units if necessary.
|
24
|
+
def munge(value)
|
25
|
+
case
|
26
|
+
when value.is_a?(Integer)
|
27
|
+
value
|
28
|
+
when (value.is_a?(String) and value =~ FORMAT)
|
29
|
+
$1.to_i * UNITMAP[$2 || 's']
|
30
|
+
else
|
31
|
+
raise Puppet::Settings::ValidationError, "Invalid duration format '#{value.inspect}' for parameter: #{@name}"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'puppet/settings/base_setting'
|
2
|
+
|
3
|
+
class Puppet::Settings::TerminusSetting < Puppet::Settings::BaseSetting
|
4
|
+
def munge(value)
|
5
|
+
case value
|
6
|
+
when '', nil
|
7
|
+
nil
|
8
|
+
when String
|
9
|
+
value.intern
|
10
|
+
when Symbol
|
11
|
+
value
|
12
|
+
else
|
13
|
+
raise Puppet::Settings::ValidationError, "Invalid terminus setting: #{value}"
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
data/lib/puppet/ssl/base.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'openssl'
|
2
2
|
require 'puppet/ssl'
|
3
|
+
require 'puppet/ssl/digest'
|
3
4
|
|
4
5
|
# The base class for wrapping SSL instances.
|
5
6
|
class Puppet::SSL::Base
|
@@ -46,6 +47,28 @@ class Puppet::SSL::Base
|
|
46
47
|
self.class.validate_certname(@name)
|
47
48
|
end
|
48
49
|
|
50
|
+
# Method to extract a 'name' from the subject of a certificate
|
51
|
+
def self.name_from_subject(subject)
|
52
|
+
subject.to_s.sub(/\/CN=/i, '')
|
53
|
+
end
|
54
|
+
|
55
|
+
# Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
|
56
|
+
def self.from_instance(instance, name = nil)
|
57
|
+
raise ArgumentError, "Object must be an instance of #{wrapped_class}, #{instance.class} given" unless instance.is_a? wrapped_class
|
58
|
+
raise ArgumentError, "Name must be supplied if it cannot be determined from the instance" if name.nil? and !instance.respond_to?(:subject)
|
59
|
+
|
60
|
+
name ||= name_from_subject(instance.subject)
|
61
|
+
result = new(name)
|
62
|
+
result.content = instance
|
63
|
+
result
|
64
|
+
end
|
65
|
+
|
66
|
+
# Convert a string into an instance
|
67
|
+
def self.from_s(string, name = nil)
|
68
|
+
instance = wrapped_class.new(string)
|
69
|
+
from_instance(instance, name)
|
70
|
+
end
|
71
|
+
|
49
72
|
# Read content from disk appropriately.
|
50
73
|
def read(path)
|
51
74
|
@content = wrapped_class.new(File.read(path))
|
@@ -64,18 +87,35 @@ class Puppet::SSL::Base
|
|
64
87
|
end
|
65
88
|
|
66
89
|
def fingerprint(md = :SHA256)
|
67
|
-
# ruby 1.8.x openssl digest constants are string
|
68
|
-
# but in 1.9.x they are symbols
|
69
90
|
mds = md.to_s.upcase
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
91
|
+
digest(mds).to_hex
|
92
|
+
end
|
93
|
+
|
94
|
+
def digest(algorithm=nil)
|
95
|
+
unless algorithm
|
96
|
+
algorithm = digest_algorithm
|
76
97
|
end
|
77
98
|
|
78
|
-
|
99
|
+
Puppet::SSL::Digest.new(algorithm, content.to_der)
|
100
|
+
end
|
101
|
+
|
102
|
+
def digest_algorithm
|
103
|
+
# The signature_algorithm on the X509 cert is a combination of the digest
|
104
|
+
# algorithm and the encryption algorithm
|
105
|
+
# e.g. md5WithRSAEncryption, sha256WithRSAEncryption
|
106
|
+
# Unfortunately there isn't a consistent pattern
|
107
|
+
# See RFCs 3279, 5758
|
108
|
+
digest_re = Regexp.union(
|
109
|
+
/ripemd160/i,
|
110
|
+
/md[245]/i,
|
111
|
+
/sha\d*/i
|
112
|
+
)
|
113
|
+
ln = content.signature_algorithm
|
114
|
+
if match = digest_re.match(ln)
|
115
|
+
match[0].downcase
|
116
|
+
else
|
117
|
+
raise Puppet::Error, "Unknown signature algorithm '#{ln}'"
|
118
|
+
end
|
79
119
|
end
|
80
120
|
|
81
121
|
private
|
@@ -12,15 +12,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
|
|
12
12
|
extend Puppet::Indirector
|
13
13
|
indirects :certificate, :terminus_class => :file
|
14
14
|
|
15
|
-
# Convert a string into an instance.
|
16
|
-
def self.from_s(string)
|
17
|
-
instance = wrapped_class.new(string)
|
18
|
-
name = instance.subject.to_s.sub(/\/CN=/i, '').downcase
|
19
|
-
result = new(name)
|
20
|
-
result.content = instance
|
21
|
-
result
|
22
|
-
end
|
23
|
-
|
24
15
|
# Because of how the format handler class is included, this
|
25
16
|
# can't be in the base class.
|
26
17
|
def self.supported_formats
|
@@ -37,4 +28,17 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
|
|
37
28
|
return nil unless content
|
38
29
|
content.not_after
|
39
30
|
end
|
31
|
+
|
32
|
+
def near_expiration?(interval = nil)
|
33
|
+
return false unless expiration
|
34
|
+
interval ||= Puppet[:certificate_expire_warning]
|
35
|
+
# Certificate expiration timestamps are always in UTC
|
36
|
+
expiration < Time.now.utc + interval
|
37
|
+
end
|
38
|
+
|
39
|
+
# This name is what gets extracted from the subject before being passed
|
40
|
+
# to the constructor, so it's not downcased
|
41
|
+
def unmunged_name
|
42
|
+
self.class.name_from_subject(content.subject)
|
43
|
+
end
|
40
44
|
end
|
@@ -323,6 +323,10 @@ class Puppet::SSL::CertificateAuthority
|
|
323
323
|
raise CertificateSigningError.new(hostname), "CSR subject contains a wildcard, which is not allowed: #{csr.content.subject.to_s}"
|
324
324
|
end
|
325
325
|
|
326
|
+
unless csr.content.verify(csr.content.public_key)
|
327
|
+
raise CertificateSigningError.new(hostname), "CSR contains a public key that does not correspond to the signing key"
|
328
|
+
end
|
329
|
+
|
326
330
|
unless csr.subject_alt_names.empty?
|
327
331
|
# If you alt names are allowed, they are required. Otherwise they are
|
328
332
|
# disallowed. Self-signed certs are implicitly trusted, however.
|
@@ -16,17 +16,10 @@ module Puppet
|
|
16
16
|
raise ArgumentError, "You must provide hosts or --all when using #{method}"
|
17
17
|
end
|
18
18
|
|
19
|
-
|
20
|
-
return send(method, ca) if respond_to?(method)
|
19
|
+
return send(method, ca) if respond_to?(method)
|
21
20
|
|
22
|
-
|
23
|
-
|
24
|
-
end
|
25
|
-
rescue InterfaceError
|
26
|
-
raise
|
27
|
-
rescue => detail
|
28
|
-
Puppet.log_exception(detail, "Could not call #{method}: #{detail}")
|
29
|
-
raise
|
21
|
+
(subjects == :all ? ca.list : subjects).each do |host|
|
22
|
+
ca.send(method, host)
|
30
23
|
end
|
31
24
|
end
|
32
25
|
|
@@ -41,7 +34,7 @@ module Puppet
|
|
41
34
|
def initialize(method, options)
|
42
35
|
self.method = method
|
43
36
|
self.subjects = options.delete(:to)
|
44
|
-
@digest = options.delete(:digest)
|
37
|
+
@digest = options.delete(:digest)
|
45
38
|
@options = options
|
46
39
|
end
|
47
40
|
|
@@ -102,12 +95,12 @@ module Puppet
|
|
102
95
|
end
|
103
96
|
|
104
97
|
def format_host(ca, host, type, info, width)
|
105
|
-
|
98
|
+
cert, verify_error = info
|
106
99
|
alt_names = case type
|
107
100
|
when :signed
|
108
|
-
|
101
|
+
cert.subject_alt_names
|
109
102
|
when :request
|
110
|
-
|
103
|
+
cert.subject_alt_names
|
111
104
|
else
|
112
105
|
[]
|
113
106
|
end
|
@@ -119,7 +112,7 @@ module Puppet
|
|
119
112
|
glyph = {:signed => '+', :request => ' ', :invalid => '-'}[type]
|
120
113
|
|
121
114
|
name = host.inspect.ljust(width)
|
122
|
-
fingerprint =
|
115
|
+
fingerprint = cert.digest(@digest).to_s
|
123
116
|
|
124
117
|
explanation = "(#{verify_error})" if verify_error
|
125
118
|
|
@@ -146,8 +139,8 @@ module Puppet
|
|
146
139
|
# Print certificate information.
|
147
140
|
def fingerprint(ca)
|
148
141
|
(subjects == :all ? ca.list + ca.waiting?: subjects).each do |host|
|
149
|
-
if
|
150
|
-
puts "#{host} #{
|
142
|
+
if cert = (Puppet::SSL::Certificate.indirection.find(host) || Puppet::SSL::CertificateRequest.indirection.find(host))
|
143
|
+
puts "#{host} #{cert.digest(@digest)}"
|
151
144
|
else
|
152
145
|
Puppet.err "Could not find certificate for #{host}"
|
153
146
|
end
|
@@ -3,20 +3,14 @@ require 'puppet/ssl'
|
|
3
3
|
# The tedious class that does all the manipulations to the
|
4
4
|
# certificate to correctly sign it. Yay.
|
5
5
|
module Puppet::SSL::CertificateFactory
|
6
|
-
|
7
|
-
UNITMAP = {
|
8
|
-
"y" => 365 * 24 * 60 * 60,
|
9
|
-
"d" => 24 * 60 * 60,
|
10
|
-
"h" => 60 * 60,
|
11
|
-
"s" => 1
|
12
|
-
}
|
13
|
-
|
14
|
-
def self.build(cert_type, csr, issuer, serial)
|
6
|
+
def self.build(cert_type, csr, issuer, serial, ttl = nil)
|
15
7
|
# Work out if we can even build the requested type of certificate.
|
16
8
|
build_extensions = "build_#{cert_type.to_s}_extensions"
|
17
9
|
respond_to?(build_extensions) or
|
18
10
|
raise ArgumentError, "#{cert_type.to_s} is an invalid certificate type!"
|
19
11
|
|
12
|
+
raise ArgumentError, "Certificate TTL must be an integer" unless ttl.nil? || ttl.is_a?(Fixnum)
|
13
|
+
|
20
14
|
# set up the certificate, and start building the content.
|
21
15
|
cert = OpenSSL::X509::Certificate.new
|
22
16
|
|
@@ -32,7 +26,7 @@ module Puppet::SSL::CertificateFactory
|
|
32
26
|
# clock fail, and better than having every cert we generate expire a day
|
33
27
|
# before the user expected it to when they asked for "one year".
|
34
28
|
cert.not_before = Time.now - (60*60*24)
|
35
|
-
cert.not_after = Time.now + ttl
|
29
|
+
cert.not_after = Time.now + (ttl || Puppet[:ca_ttl])
|
36
30
|
|
37
31
|
add_extensions_to(cert, csr, issuer, send(build_extensions))
|
38
32
|
|
@@ -86,17 +80,6 @@ module Puppet::SSL::CertificateFactory
|
|
86
80
|
end
|
87
81
|
end
|
88
82
|
|
89
|
-
# TTL for new certificates in seconds.
|
90
|
-
def self.ttl
|
91
|
-
ttl = Puppet.settings[:ca_ttl]
|
92
|
-
|
93
|
-
return ttl unless ttl.is_a?(String)
|
94
|
-
|
95
|
-
raise ArgumentError, "Invalid ca_ttl #{ttl}" unless ttl =~ /^(\d+)(y|d|h|s)$/
|
96
|
-
|
97
|
-
$1.to_i * UNITMAP[$2]
|
98
|
-
end
|
99
|
-
|
100
83
|
# Woot! We're a CA.
|
101
84
|
def self.build_ca_extensions
|
102
85
|
{
|
@@ -20,15 +20,6 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
|
20
20
|
|
21
21
|
indirects :certificate_request, :terminus_class => :file, :extend => AutoSigner
|
22
22
|
|
23
|
-
# Convert a string into an instance.
|
24
|
-
def self.from_s(string)
|
25
|
-
instance = wrapped_class.new(string)
|
26
|
-
name = instance.subject.to_s.sub(/\/CN=/i, '').downcase
|
27
|
-
result = new(name)
|
28
|
-
result.content = instance
|
29
|
-
result
|
30
|
-
end
|
31
|
-
|
32
23
|
# Because of how the format handler class is included, this
|
33
24
|
# can't be in the base class.
|
34
25
|
def self.supported_formats
|
@@ -73,7 +64,7 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
|
73
64
|
raise Puppet::Error, "CSR sign verification failed; you need to clean the certificate request for #{name} on the server" unless csr.verify(key.public_key)
|
74
65
|
|
75
66
|
@content = csr
|
76
|
-
Puppet.info "Certificate Request fingerprint (
|
67
|
+
Puppet.info "Certificate Request fingerprint (#{digest.name}): #{digest.to_hex}"
|
77
68
|
@content
|
78
69
|
end
|
79
70
|
|
@@ -12,9 +12,7 @@ class Puppet::SSL::CertificateRevocationList < Puppet::SSL::Base
|
|
12
12
|
|
13
13
|
# Convert a string into an instance.
|
14
14
|
def self.from_s(string)
|
15
|
-
|
16
|
-
crl.content = wrapped_class.new(string)
|
17
|
-
crl
|
15
|
+
super(string, 'foo') # The name doesn't matter
|
18
16
|
end
|
19
17
|
|
20
18
|
# Because of how the format handler class is included, this
|
@@ -0,0 +1,20 @@
|
|
1
|
+
class Puppet::SSL::Digest
|
2
|
+
attr_reader :digest
|
3
|
+
|
4
|
+
def initialize(algorithm, content)
|
5
|
+
algorithm ||= 'SHA256'
|
6
|
+
@digest = OpenSSL::Digest.new(algorithm, content)
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
"(#{name}) #{to_hex}"
|
11
|
+
end
|
12
|
+
|
13
|
+
def to_hex
|
14
|
+
@digest.hexdigest.scan(/../).join(':').upcase
|
15
|
+
end
|
16
|
+
|
17
|
+
def name
|
18
|
+
@digest.name.upcase
|
19
|
+
end
|
20
|
+
end
|
data/lib/puppet/ssl/host.rb
CHANGED
@@ -54,7 +54,7 @@ class Puppet::SSL::Host
|
|
54
54
|
CertificateRequest.indirection.terminus_class = terminus
|
55
55
|
CertificateRevocationList.indirection.terminus_class = terminus
|
56
56
|
|
57
|
-
host_map = {:ca => :file, :file => nil, :rest => :rest}
|
57
|
+
host_map = {:ca => :file, :disabled_ca => nil, :file => nil, :rest => :rest}
|
58
58
|
if term = host_map[terminus]
|
59
59
|
self.indirection.terminus_class = term
|
60
60
|
else
|
@@ -94,7 +94,7 @@ class Puppet::SSL::Host
|
|
94
94
|
# We are the CA, so we don't have read/write access to the normal certificates.
|
95
95
|
:only => [:ca],
|
96
96
|
# We have no CA, so we just look in the local file store.
|
97
|
-
:none => [:
|
97
|
+
:none => [:disabled_ca]
|
98
98
|
}
|
99
99
|
|
100
100
|
# Specify how we expect to interact with our certificate authority.
|
@@ -276,14 +276,39 @@ ERROR_STRING
|
|
276
276
|
pson_hash[:state] = my_state
|
277
277
|
pson_hash[:desired_state] = desired_state if desired_state
|
278
278
|
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
279
|
+
thing_to_use = (my_state == 'requested') ? certificate_request : my_cert
|
280
|
+
|
281
|
+
# this is for backwards-compatibility
|
282
|
+
# we should deprecate it and transition people to using
|
283
|
+
# pson[:fingerprints][:default]
|
284
|
+
# It appears that we have no internal consumers of this api
|
285
|
+
# --jeffweiss 30 aug 2012
|
286
|
+
pson_hash[:fingerprint] = thing_to_use.fingerprint
|
287
|
+
|
288
|
+
# The above fingerprint doesn't tell us what message digest algorithm was used
|
289
|
+
# No problem, except that the default is changing between 2.7 and 3.0. Also, as
|
290
|
+
# we move to FIPS 140-2 compliance, MD5 is no longer allowed (and, gasp, will
|
291
|
+
# segfault in rubies older than 1.9.3)
|
292
|
+
# So, when we add the newer fingerprints, we're explicit about the hashing
|
293
|
+
# algorithm used.
|
294
|
+
# --jeffweiss 31 july 2012
|
295
|
+
pson_hash[:fingerprints] = {}
|
296
|
+
pson_hash[:fingerprints][:default] = thing_to_use.fingerprint
|
297
|
+
|
298
|
+
suitable_message_digest_algorithms.each do |md|
|
299
|
+
pson_hash[:fingerprints][md] = thing_to_use.fingerprint md
|
283
300
|
end
|
301
|
+
pson_hash[:dns_alt_names] = thing_to_use.subject_alt_names
|
284
302
|
|
285
303
|
pson_hash.to_pson(*args)
|
286
304
|
end
|
305
|
+
|
306
|
+
# eventually we'll probably want to move this somewhere else or make it
|
307
|
+
# configurable
|
308
|
+
# --jeffweiss 29 aug 2012
|
309
|
+
def suitable_message_digest_algorithms
|
310
|
+
[:SHA1, :SHA256, :SHA512]
|
311
|
+
end
|
287
312
|
|
288
313
|
# Attempt to retrieve a cert, if we don't already have one.
|
289
314
|
def wait_for_cert(time)
|
@@ -134,7 +134,6 @@ module Puppet::Test
|
|
134
134
|
|
135
135
|
def self.app_defaults_for_tests()
|
136
136
|
{
|
137
|
-
:run_mode => :user,
|
138
137
|
:logdir => "/dev/null",
|
139
138
|
:confdir => "/dev/null",
|
140
139
|
:vardir => "/dev/null",
|
@@ -145,6 +144,7 @@ module Puppet::Test
|
|
145
144
|
private_class_method :app_defaults_for_tests
|
146
145
|
|
147
146
|
def self.initialize_settings_before_each()
|
147
|
+
Puppet.settings.preferred_run_mode = "user"
|
148
148
|
# Initialize "app defaults" settings to a good set of test values
|
149
149
|
app_defaults_for_tests.each do |key, value|
|
150
150
|
Puppet.settings.set_value(key, value, :application_defaults)
|
@@ -11,7 +11,8 @@ class Puppet::Transaction::Report
|
|
11
11
|
indirects :report, :terminus_class => :processor
|
12
12
|
|
13
13
|
attr_accessor :configuration_version, :host, :environment
|
14
|
-
attr_reader :resource_statuses, :logs, :metrics, :time, :kind, :status
|
14
|
+
attr_reader :resource_statuses, :logs, :metrics, :time, :kind, :status,
|
15
|
+
:puppet_version, :report_format
|
15
16
|
|
16
17
|
# This is necessary since Marshall doesn't know how to
|
17
18
|
# dump hash with default proc (see below @records)
|
data/lib/puppet/type.rb
CHANGED
@@ -413,7 +413,7 @@ class Type
|
|
413
413
|
# make sure the parameter doesn't have any errors
|
414
414
|
property.value = value
|
415
415
|
rescue => detail
|
416
|
-
error = Puppet::Error.new("Parameter #{name} failed: #{detail}")
|
416
|
+
error = Puppet::Error.new("Parameter #{name} failed on #{ref}: #{detail}")
|
417
417
|
error.set_backtrace(detail.backtrace)
|
418
418
|
raise error
|
419
419
|
end
|