puppet 3.3.2 → 3.4.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CONTRIBUTING.md +22 -0
- data/Gemfile +11 -2
- data/README.md +13 -17
- data/README_DEVELOPER.md +1 -1
- data/Rakefile +1 -1
- data/examples/hiera/README.md +4 -4
- data/ext/debian/puppetmaster.init +1 -0
- data/ext/debian/rules +2 -5
- data/ext/nagios/check_puppet.rb +7 -7
- data/ext/osx/file_mapping.yaml +1 -1
- data/ext/osx/preflight.erb +34 -19
- data/ext/rack/{files/config.ru → config.ru} +0 -0
- data/ext/rack/{files/apache2.conf → example-passenger-vhost.conf} +6 -0
- data/ext/redhat/puppet.spec.erb +20 -2
- data/ext/systemd/{puppetagent.service → puppet.service} +0 -0
- data/lib/hiera_puppet.rb +2 -2
- data/lib/puppet/agent.rb +1 -6
- data/lib/puppet/application.rb +15 -2
- data/lib/puppet/application/agent.rb +2 -7
- data/lib/puppet/application/apply.rb +8 -13
- data/lib/puppet/application/cert.rb +47 -7
- data/lib/puppet/application/device.rb +1 -6
- data/lib/puppet/application/face_base.rb +1 -1
- data/lib/puppet/application/filebucket.rb +1 -1
- data/lib/puppet/application/inspect.rb +3 -12
- data/lib/puppet/application/master.rb +1 -6
- data/lib/puppet/application/queue.rb +1 -6
- data/lib/puppet/application/resource.rb +2 -6
- data/lib/puppet/coercion.rb +11 -0
- data/lib/puppet/configurer.rb +5 -3
- data/lib/puppet/configurer/downloader.rb +3 -1
- data/lib/puppet/configurer/plugin_handler.rb +10 -0
- data/lib/puppet/confine.rb +80 -0
- data/lib/puppet/{provider/confine → confine}/exists.rb +3 -3
- data/lib/puppet/{provider/confine → confine}/false.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/feature.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/true.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/variable.rb +2 -2
- data/lib/puppet/{provider/confine_collection.rb → confine_collection.rb} +4 -4
- data/lib/puppet/{provider/confiner.rb → confiner.rb} +4 -4
- data/lib/puppet/daemon.rb +2 -6
- data/lib/puppet/data_binding.rb +2 -30
- data/lib/puppet/defaults.rb +283 -174
- data/lib/puppet/error.rb +1 -0
- data/lib/puppet/external/nagios.rb +0 -2
- data/lib/puppet/external/nagios/base.rb +4 -3
- data/lib/puppet/external/nagios/grammar.ry +173 -112
- data/lib/puppet/external/nagios/parser.rb +233 -184
- data/lib/puppet/face/file/store.rb +1 -1
- data/lib/puppet/face/module/generate.rb +5 -7
- data/lib/puppet/face/parser.rb +12 -2
- data/lib/puppet/face/plugin.rb +6 -0
- data/lib/puppet/feature/base.rb +16 -0
- data/lib/puppet/feature/external_facts.rb +5 -0
- data/lib/puppet/feature/libuser.rb +1 -1
- data/lib/puppet/feature/msgpack.rb +1 -0
- data/lib/puppet/feature/rails.rb +2 -2
- data/lib/puppet/file_bucket/dipper.rb +8 -6
- data/lib/puppet/file_bucket/file.rb +17 -1
- data/lib/puppet/file_serving/base.rb +21 -10
- data/lib/puppet/file_serving/configuration.rb +5 -7
- data/lib/puppet/file_serving/configuration/parser.rb +1 -1
- data/lib/puppet/file_serving/content.rb +1 -1
- data/lib/puppet/file_serving/fileset.rb +3 -3
- data/lib/puppet/file_serving/metadata.rb +22 -18
- data/lib/puppet/file_serving/mount/file.rb +1 -1
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_system.rb +3 -0
- data/lib/puppet/file_system/file.rb +261 -0
- data/lib/puppet/file_system/file18.rb +5 -0
- data/lib/puppet/file_system/file19.rb +5 -0
- data/lib/puppet/file_system/file19windows.rb +113 -0
- data/lib/puppet/file_system/memory_file.rb +31 -0
- data/lib/puppet/file_system/tempfile.rb +20 -0
- data/lib/puppet/indirector/active_record.rb +1 -0
- data/lib/puppet/indirector/catalog/compiler.rb +28 -0
- data/lib/puppet/indirector/certificate_request/memory.rb +6 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +46 -2
- data/lib/puppet/indirector/direct_file_server.rb +2 -2
- data/lib/puppet/indirector/facts/facter.rb +25 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +60 -74
- data/lib/puppet/indirector/indirection.rb +5 -1
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/key/ca.rb +4 -0
- data/lib/puppet/indirector/key/file.rb +7 -3
- data/lib/puppet/indirector/key/memory.rb +6 -0
- data/lib/puppet/indirector/node/write_only_yaml.rb +2 -2
- data/lib/puppet/indirector/request.rb +17 -11
- data/lib/puppet/indirector/resource/ral.rb +5 -0
- data/lib/puppet/indirector/resource/rest.rb +1 -0
- data/lib/puppet/indirector/resource/store_configs.rb +4 -0
- data/lib/puppet/indirector/rest.rb +2 -1
- data/lib/puppet/indirector/ssl_file.rb +7 -7
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/indirector/yaml.rb +3 -3
- data/lib/puppet/interface/documentation.rb +4 -11
- data/lib/puppet/module.rb +19 -6
- data/lib/puppet/module_tool/applications/builder.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +1 -1
- data/lib/puppet/module_tool/checksums.rb +1 -1
- data/lib/puppet/module_tool/dependency.rb +7 -3
- data/lib/puppet/module_tool/metadata.rb +6 -2
- data/lib/puppet/module_tool/tar.rb +2 -1
- data/lib/puppet/module_tool/tar/gnu.rb +6 -2
- data/lib/puppet/module_tool/tar/mini.rb +2 -0
- data/lib/puppet/module_tool/tar/solaris.rb +2 -5
- data/lib/puppet/network/authconfig.rb +0 -2
- data/lib/puppet/network/authentication.rb +1 -1
- data/lib/puppet/network/authstore.rb +6 -7
- data/lib/puppet/network/format.rb +2 -3
- data/lib/puppet/network/format_handler.rb +16 -11
- data/lib/puppet/network/format_support.rb +14 -0
- data/lib/puppet/network/formats.rb +26 -0
- data/lib/puppet/network/http/connection.rb +8 -41
- data/lib/puppet/network/http/handler.rb +28 -32
- data/lib/puppet/network/http/webrick.rb +15 -22
- data/lib/puppet/network/http_pool.rb +43 -9
- data/lib/puppet/network/rights.rb +0 -0
- data/lib/puppet/node.rb +24 -8
- data/lib/puppet/node/environment.rb +18 -20
- data/lib/puppet/node/facts.rb +23 -6
- data/lib/puppet/parameter.rb +15 -2
- data/lib/puppet/parameter/boolean.rb +5 -0
- data/lib/puppet/parameter/value_collection.rb +6 -4
- data/lib/puppet/parser/ast/resourceparam.rb +2 -1
- data/lib/puppet/parser/compiler.rb +25 -9
- data/lib/puppet/parser/files.rb +1 -1
- data/lib/puppet/parser/functions.rb +12 -21
- data/lib/puppet/parser/functions/collect.rb +6 -35
- data/lib/puppet/parser/functions/contain.rb +26 -0
- data/lib/puppet/parser/functions/create_resources.rb +5 -0
- data/lib/puppet/parser/functions/extlookup.rb +2 -2
- data/lib/puppet/parser/functions/file.rb +1 -1
- data/lib/puppet/parser/functions/{reject.rb → filter.rb} +13 -12
- data/lib/puppet/parser/functions/fqdn_rand.rb +13 -5
- data/lib/puppet/parser/functions/include.rb +18 -1
- data/lib/puppet/parser/functions/map.rb +44 -0
- data/lib/puppet/parser/functions/select.rb +6 -38
- data/lib/puppet/parser/lexer.rb +1 -1
- data/lib/puppet/parser/parser_support.rb +1 -1
- data/lib/puppet/parser/resource.rb +6 -45
- data/lib/puppet/parser/scope.rb +33 -2
- data/lib/puppet/parser/type_loader.rb +4 -60
- data/lib/puppet/pops/binder/bindings_loader.rb +1 -1
- data/lib/puppet/pops/binder/config/binder_config.rb +3 -3
- data/lib/puppet/pops/binder/hiera2/bindings_provider.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/confdir_hiera_scheme.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/module_hiera_scheme.rb +2 -2
- data/lib/puppet/pops/issues.rb +4 -0
- data/lib/puppet/pops/model/ast_transformer.rb +4 -1
- data/lib/puppet/pops/model/model_label_provider.rb +1 -1
- data/lib/puppet/pops/parser/egrammar.ra +5 -24
- data/lib/puppet/pops/parser/eparser.rb +859 -902
- data/lib/puppet/pops/parser/lexer.rb +48 -30
- data/lib/puppet/pops/parser/parser_support.rb +1 -1
- data/lib/puppet/pops/patterns.rb +4 -4
- data/lib/puppet/pops/utils.rb +1 -1
- data/lib/puppet/pops/validation/checker3_1.rb +25 -20
- data/lib/puppet/provider.rb +23 -6
- data/lib/puppet/provider/aixobject.rb +0 -0
- data/lib/puppet/provider/augeas/augeas.rb +21 -5
- data/lib/puppet/provider/confine.rb +5 -79
- data/lib/puppet/provider/cron/crontab.rb +0 -0
- data/lib/puppet/provider/exec.rb +9 -7
- data/lib/puppet/provider/exec/posix.rb +10 -1
- data/lib/puppet/provider/exec/windows.rb +1 -1
- data/lib/puppet/provider/file/posix.rb +1 -0
- data/lib/puppet/provider/file/windows.rb +16 -5
- data/lib/puppet/provider/group/aix.rb +0 -0
- data/lib/puppet/provider/group/windows_adsi.rb +33 -1
- data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
- data/lib/puppet/provider/mailalias/aliases.rb +0 -0
- data/lib/puppet/provider/maillist/mailman.rb +0 -0
- data/lib/puppet/provider/mount/parsed.rb +0 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
- data/lib/puppet/provider/package/appdmg.rb +1 -1
- data/lib/puppet/provider/package/apple.rb +1 -1
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/aptitude.rb +0 -0
- data/lib/puppet/provider/package/blastwave.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -1
- data/lib/puppet/provider/package/fink.rb +1 -1
- data/lib/puppet/provider/package/freebsd.rb +0 -0
- data/lib/puppet/provider/package/gem.rb +0 -0
- data/lib/puppet/provider/package/macports.rb +0 -0
- data/lib/puppet/provider/package/msi.rb +4 -10
- data/lib/puppet/provider/package/nim.rb +8 -8
- data/lib/puppet/provider/package/openbsd.rb +1 -1
- data/lib/puppet/provider/package/opkg.rb +0 -0
- data/lib/puppet/provider/package/pacman.rb +2 -2
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgutil.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +0 -0
- data/lib/puppet/provider/package/rpm.rb +39 -3
- data/lib/puppet/provider/package/sun.rb +3 -3
- data/lib/puppet/provider/package/sunfreeware.rb +0 -0
- data/lib/puppet/provider/package/windows.rb +12 -19
- data/lib/puppet/provider/package/windows/package.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/parsedfile.rb +0 -0
- data/lib/puppet/provider/port/parsed.rb +0 -0
- data/lib/puppet/provider/service/base.rb +0 -0
- data/lib/puppet/provider/service/bsd.rb +3 -3
- data/lib/puppet/provider/service/daemontools.rb +8 -8
- data/lib/puppet/provider/service/debian.rb +0 -0
- data/lib/puppet/provider/service/freebsd.rb +3 -3
- data/lib/puppet/provider/service/init.rb +5 -4
- data/lib/puppet/provider/service/launchd.rb +35 -24
- data/lib/puppet/provider/service/openbsd.rb +23 -0
- data/lib/puppet/provider/service/redhat.rb +0 -0
- data/lib/puppet/provider/service/runit.rb +3 -3
- data/lib/puppet/provider/service/smf.rb +0 -0
- data/lib/puppet/provider/service/src.rb +0 -0
- data/lib/puppet/provider/service/systemd.rb +0 -0
- data/lib/puppet/provider/service/upstart.rb +3 -3
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
- data/lib/puppet/provider/sshkey/parsed.rb +0 -0
- data/lib/puppet/provider/user/aix.rb +0 -0
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +1 -1
- data/lib/puppet/rails/benchmark.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -2
- data/lib/puppet/reference/indirection.rb +12 -14
- data/lib/puppet/relationship.rb +7 -4
- data/lib/puppet/reports.rb +2 -2
- data/lib/puppet/reports/rrdgraph.rb +1 -1
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +2 -2
- data/lib/puppet/resource.rb +66 -8
- data/lib/puppet/resource/catalog.rb +18 -25
- data/lib/puppet/resource/status.rb +10 -4
- data/lib/puppet/run.rb +6 -2
- data/lib/puppet/settings.rb +39 -119
- data/lib/puppet/settings/base_setting.rb +8 -9
- data/lib/puppet/settings/directory_setting.rb +8 -0
- data/lib/puppet/settings/file_setting.rb +35 -1
- data/lib/puppet/settings/priority_setting.rb +42 -0
- data/lib/puppet/ssl.rb +4 -0
- data/lib/puppet/ssl/certificate.rb +18 -0
- data/lib/puppet/ssl/certificate_authority.rb +101 -72
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +44 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +21 -17
- data/lib/puppet/ssl/certificate_factory.rb +38 -12
- data/lib/puppet/ssl/certificate_request.rb +201 -47
- data/lib/puppet/ssl/certificate_request_attributes.rb +34 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +2 -2
- data/lib/puppet/ssl/host.rb +21 -10
- data/lib/puppet/ssl/inventory.rb +6 -10
- data/lib/puppet/ssl/key.rb +1 -1
- data/lib/puppet/ssl/oids.rb +78 -0
- data/lib/puppet/ssl/validator.rb +41 -97
- data/lib/puppet/ssl/validator/default_validator.rb +153 -0
- data/lib/puppet/ssl/validator/no_validator.rb +17 -0
- data/lib/puppet/status.rb +4 -0
- data/lib/puppet/test/test_helper.rb +5 -0
- data/lib/puppet/transaction.rb +13 -0
- data/lib/puppet/transaction/event.rb +8 -3
- data/lib/puppet/transaction/report.rb +6 -2
- data/lib/puppet/transaction/resource_harness.rb +173 -115
- data/lib/puppet/type.rb +30 -13
- data/lib/puppet/type/augeas.rb +12 -46
- data/lib/puppet/type/component.rb +1 -7
- data/lib/puppet/type/cron.rb +0 -0
- data/lib/puppet/type/exec.rb +13 -1
- data/lib/puppet/type/file.rb +19 -10
- data/lib/puppet/type/file/checksum.rb +0 -0
- data/lib/puppet/type/file/content.rb +3 -0
- data/lib/puppet/type/file/ensure.rb +33 -15
- data/lib/puppet/type/file/group.rb +0 -0
- data/lib/puppet/type/file/mode.rb +6 -2
- data/lib/puppet/type/file/owner.rb +0 -0
- data/lib/puppet/type/file/source.rb +65 -14
- data/lib/puppet/type/file/target.rb +6 -6
- data/lib/puppet/type/file/type.rb +0 -0
- data/lib/puppet/type/filebucket.rb +0 -0
- data/lib/puppet/type/group.rb +18 -0
- data/lib/puppet/type/host.rb +0 -0
- data/lib/puppet/type/k5login.rb +4 -4
- data/lib/puppet/type/mailalias.rb +0 -0
- data/lib/puppet/type/maillist.rb +0 -0
- data/lib/puppet/type/mount.rb +15 -1
- data/lib/puppet/type/package.rb +7 -1
- data/lib/puppet/type/port.rb +0 -0
- data/lib/puppet/type/schedule.rb +9 -4
- data/lib/puppet/type/service.rb +1 -1
- data/lib/puppet/type/sshkey.rb +0 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type/yumrepo.rb +8 -6
- data/lib/puppet/type/zpool.rb +0 -0
- data/lib/puppet/util.rb +4 -31
- data/lib/puppet/util/adsi.rb +73 -17
- data/lib/puppet/util/autoload.rb +3 -3
- data/lib/puppet/util/backups.rb +4 -4
- data/lib/puppet/util/cacher.rb +7 -13
- data/lib/puppet/util/checksums.rb +2 -2
- data/lib/puppet/util/classgen.rb +3 -1
- data/lib/puppet/util/colors.rb +1 -0
- data/lib/puppet/util/command_line.rb +5 -0
- data/lib/puppet/util/docs.rb +33 -27
- data/lib/puppet/util/execution.rb +42 -18
- data/lib/puppet/util/filetype.rb +3 -3
- data/lib/puppet/util/instance_loader.rb +2 -2
- data/lib/puppet/util/instrumentation.rb +23 -42
- data/lib/puppet/util/instrumentation/data.rb +11 -4
- data/lib/puppet/util/instrumentation/indirection_probe.rb +11 -4
- data/lib/puppet/util/instrumentation/instrumentable.rb +7 -14
- data/lib/puppet/util/instrumentation/listener.rb +15 -8
- data/lib/puppet/util/instrumentation/listeners/log.rb +4 -10
- data/lib/puppet/util/instrumentation/listeners/performance.rb +8 -14
- data/lib/puppet/util/limits.rb +12 -0
- data/lib/puppet/util/lockfile.rb +2 -2
- data/lib/puppet/util/log.rb +14 -6
- data/lib/puppet/util/log/destinations.rb +23 -1
- data/lib/puppet/util/metric.rb +9 -3
- data/lib/puppet/util/monkey_patches.rb +7 -2
- data/lib/puppet/util/network_device/config.rb +1 -1
- data/lib/puppet/util/plugins.rb +1 -1
- data/lib/puppet/util/posix.rb +0 -0
- data/lib/puppet/util/profiler.rb +7 -2
- data/lib/puppet/util/provider_features.rb +2 -2
- data/lib/puppet/util/rdoc.rb +28 -30
- data/lib/puppet/util/rdoc/code_objects.rb +75 -25
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +1 -1
- data/lib/puppet/util/rdoc/parser.rb +12 -487
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +477 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb +19 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/storage.rb +2 -2
- data/lib/puppet/util/suidmanager.rb +1 -1
- data/lib/puppet/util/tag_set.rb +29 -0
- data/lib/puppet/util/tagging.rb +8 -24
- data/lib/puppet/util/watched_file.rb +1 -1
- data/lib/puppet/util/watcher.rb +1 -1
- data/lib/puppet/util/windows.rb +3 -0
- data/lib/puppet/util/windows/access_control_entry.rb +84 -0
- data/lib/puppet/util/windows/access_control_list.rb +106 -0
- data/lib/puppet/util/windows/file.rb +213 -0
- data/lib/puppet/util/windows/process.rb +199 -0
- data/lib/puppet/util/windows/root_certs.rb +52 -37
- data/lib/puppet/util/windows/security.rb +270 -245
- data/lib/puppet/util/windows/security_descriptor.rb +62 -0
- data/lib/puppet/util/windows/sid.rb +26 -4
- data/lib/puppet/version.rb +2 -2
- data/spec/fixtures/releases/jamtur01-apache/lib/puppet/provider/a2mod/debian.rb +1 -1
- data/spec/fixtures/unit/indirector/{hiera → data_binding/hiera}/global.yaml +0 -0
- data/spec/fixtures/unit/indirector/data_binding/hiera/invalid.yaml +1 -0
- data/spec/fixtures/unit/module/trailing-comma.json +24 -0
- data/spec/fixtures/unit/util/monkey_patches/x509.pem +32 -0
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/doc_spec.rb +1 -1
- data/spec/integration/configurer_spec.rb +4 -2
- data/spec/integration/data_binding.rb +100 -0
- data/spec/integration/indirector/catalog/compiler_spec.rb +16 -13
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -5
- data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
- data/spec/integration/node/facts_spec.rb +1 -1
- data/spec/integration/node_spec.rb +1 -1
- data/spec/integration/parser/compiler_spec.rb +90 -0
- data/spec/integration/parser/parser_spec.rb +2 -2
- data/spec/integration/provider/cron/crontab_spec.rb +3 -5
- data/spec/integration/resource/catalog_spec.rb +1 -1
- data/spec/integration/ssl/autosign_spec.rb +90 -0
- data/spec/integration/ssl/certificate_authority_spec.rb +62 -69
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -1
- data/spec/integration/ssl/host_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +13 -13
- data/spec/integration/type/exec_spec.rb +2 -2
- data/spec/integration/type/file_spec.rb +287 -45
- data/spec/integration/type/tidy_spec.rb +3 -3
- data/spec/integration/util/rdoc/parser_spec.rb +236 -35
- data/spec/integration/util/settings_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +22 -0
- data/spec/integration/util/windows/security_spec.rb +316 -106
- data/spec/lib/matchers/containment_matchers.rb +52 -0
- data/spec/lib/puppet_spec/compiler.rb +6 -0
- data/spec/lib/puppet_spec/files.rb +20 -21
- data/spec/shared_behaviours/documentation_on_faces.rb +3 -3
- data/spec/shared_behaviours/file_server_terminus.rb +2 -2
- data/spec/shared_contexts/platform.rb +1 -0
- data/spec/spec_helper.rb +13 -1
- data/spec/unit/agent_spec.rb +0 -12
- data/spec/unit/application/agent_spec.rb +4 -4
- data/spec/unit/application/apply_spec.rb +18 -2
- data/spec/unit/application/cert_spec.rb +8 -6
- data/spec/unit/application/device_spec.rb +1 -1
- data/spec/unit/application/filebucket_spec.rb +1 -1
- data/spec/unit/application/inspect_spec.rb +1 -1
- data/spec/unit/application_spec.rb +24 -0
- data/spec/unit/configurer/downloader_spec.rb +8 -7
- data/spec/unit/configurer/fact_handler_spec.rb +23 -0
- data/spec/unit/configurer/plugin_handler_spec.rb +7 -2
- data/spec/unit/configurer_spec.rb +15 -5
- data/spec/unit/{provider/confine → confine}/exists_spec.rb +12 -12
- data/spec/unit/{provider/confine → confine}/false_spec.rb +9 -9
- data/spec/unit/{provider/confine → confine}/feature_spec.rb +10 -10
- data/spec/unit/{provider/confine → confine}/true_spec.rb +7 -7
- data/spec/unit/{provider/confine → confine}/variable_spec.rb +16 -16
- data/spec/unit/{provider/confine_collection_spec.rb → confine_collection_spec.rb} +30 -30
- data/spec/unit/{provider/confine_spec.rb → confine_spec.rb} +11 -11
- data/spec/unit/{provider/confiner_spec.rb → confiner_spec.rb} +4 -4
- data/spec/unit/face/parser_spec.rb +54 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/base_spec.rb +32 -9
- data/spec/unit/file_serving/configuration_spec.rb +7 -7
- data/spec/unit/file_serving/content_spec.rb +12 -7
- data/spec/unit/file_serving/fileset_spec.rb +57 -27
- data/spec/unit/file_serving/metadata_spec.rb +74 -12
- data/spec/unit/file_serving/mount/file_spec.rb +10 -10
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +73 -0
- data/spec/unit/file_system/file_spec.rb +486 -0
- data/spec/unit/file_system/tempfile_spec.rb +48 -0
- data/spec/unit/graph/relationship_graph_spec.rb +0 -6
- data/spec/unit/hiera_puppet_spec.rb +2 -2
- data/spec/unit/indirector/catalog/compiler_spec.rb +15 -19
- data/spec/unit/indirector/certificate_status/file_spec.rb +30 -40
- data/spec/unit/indirector/data_binding/hiera_spec.rb +95 -2
- data/spec/unit/indirector/direct_file_server_spec.rb +6 -6
- data/spec/unit/indirector/facts/facter_spec.rb +33 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +61 -52
- data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
- data/spec/unit/indirector/file_server_spec.rb +4 -4
- data/spec/unit/indirector/json_spec.rb +4 -4
- data/spec/unit/indirector/key/file_spec.rb +13 -14
- data/spec/unit/indirector/resource/ral_spec.rb +7 -0
- data/spec/unit/indirector/resource/store_configs_spec.rb +11 -0
- data/spec/unit/indirector/rest_spec.rb +7 -3
- data/spec/unit/indirector/ssl_file_spec.rb +14 -17
- data/spec/unit/indirector/yaml_spec.rb +4 -4
- data/spec/unit/module_spec.rb +43 -15
- data/spec/unit/module_tool/tar/gnu_spec.rb +2 -2
- data/spec/unit/module_tool/tar/solaris_spec.rb +2 -2
- data/spec/unit/module_tool/tar_spec.rb +45 -0
- data/spec/unit/network/authconfig_spec.rb +2 -1
- data/spec/unit/network/authentication_spec.rb +2 -2
- data/spec/unit/network/format_handler_spec.rb +2 -2
- data/spec/unit/network/formats_spec.rb +24 -0
- data/spec/unit/network/http/connection_spec.rb +76 -199
- data/spec/unit/network/http/handler_spec.rb +33 -34
- data/spec/unit/network/http_pool_spec.rb +8 -5
- data/spec/unit/node/environment_spec.rb +76 -90
- data/spec/unit/node/facts_spec.rb +20 -3
- data/spec/unit/node_spec.rb +43 -0
- data/spec/unit/parameter/boolean_spec.rb +22 -12
- data/spec/unit/parser/ast/resourceparam_spec.rb +51 -0
- data/spec/unit/parser/compiler_spec.rb +103 -35
- data/spec/unit/parser/eparser_adapter_spec.rb +12 -12
- data/spec/unit/parser/files_spec.rb +11 -11
- data/spec/unit/parser/functions/contain_spec.rb +185 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +13 -5
- data/spec/unit/parser/functions/generate_spec.rb +1 -1
- data/spec/unit/parser/functions_spec.rb +2 -2
- data/spec/unit/parser/lexer_spec.rb +1 -1
- data/spec/unit/parser/methods/each_spec.rb +1 -1
- data/spec/unit/parser/methods/{select_spec.rb → filter_spec.rb} +11 -11
- data/spec/unit/parser/methods/map_spec.rb +95 -0
- data/spec/unit/parser/methods/reduce_spec.rb +12 -11
- data/spec/unit/parser/methods/shared.rb +5 -5
- data/spec/unit/parser/methods/slice_spec.rb +13 -13
- data/spec/unit/parser/parser_spec.rb +1 -1
- data/spec/unit/parser/resource/param_spec.rb +44 -0
- data/spec/unit/parser/resource_spec.rb +16 -15
- data/spec/unit/pops/model/ast_transformer_spec.rb +18 -4
- data/spec/unit/pops/parser/lexer_spec.rb +22 -5
- data/spec/unit/pops/parser/parse_calls_spec.rb +5 -5
- data/spec/unit/pops/transformer/transform_calls_spec.rb +6 -6
- data/spec/unit/pops/transformer/transform_containers_spec.rb +2 -2
- data/spec/unit/pops/validator/validator_spec.rb +31 -0
- data/spec/unit/provider/augeas/augeas_spec.rb +57 -2
- data/spec/unit/provider/exec/posix_spec.rb +8 -3
- data/spec/unit/provider/file/posix_spec.rb +2 -2
- data/spec/unit/provider/group/windows_adsi_spec.rb +70 -3
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +3 -3
- data/spec/unit/provider/package/apt_spec.rb +1 -1
- data/spec/unit/provider/package/msi_spec.rb +15 -42
- data/spec/unit/provider/package/openbsd_spec.rb +3 -3
- data/spec/unit/provider/package/rpm_spec.rb +56 -13
- data/spec/unit/provider/package/windows_spec.rb +15 -19
- data/spec/unit/provider/service/base_spec.rb +1 -1
- data/spec/unit/provider/service/daemontools_spec.rb +18 -8
- data/spec/unit/provider/service/freebsd_spec.rb +3 -3
- data/spec/unit/provider/service/gentoo_spec.rb +5 -2
- data/spec/unit/provider/service/init_spec.rb +17 -17
- data/spec/unit/provider/service/launchd_spec.rb +76 -23
- data/spec/unit/provider/service/openbsd_spec.rb +125 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +12 -5
- data/spec/unit/provider/service/upstart_spec.rb +4 -4
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +4 -4
- data/spec/unit/provider/zone/solaris_spec.rb +1 -1
- data/spec/unit/provider_spec.rb +2 -2
- data/spec/unit/reports/http_spec.rb +19 -34
- data/spec/unit/reports/store_spec.rb +2 -2
- data/spec/unit/resource/catalog_spec.rb +81 -11
- data/spec/unit/resource/status_spec.rb +11 -1
- data/spec/unit/resource/type_spec.rb +30 -1
- data/spec/unit/resource_spec.rb +40 -4
- data/spec/unit/settings/file_setting_spec.rb +2 -2
- data/spec/unit/settings/path_setting_spec.rb +2 -2
- data/spec/unit/settings/priority_setting_spec.rb +66 -0
- data/spec/unit/settings_spec.rb +16 -31
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +30 -0
- data/spec/unit/ssl/certificate_authority_spec.rb +129 -134
- data/spec/unit/ssl/certificate_factory_spec.rb +18 -0
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +61 -0
- data/spec/unit/ssl/certificate_request_spec.rb +103 -0
- data/spec/unit/ssl/certificate_spec.rb +31 -18
- data/spec/unit/ssl/host_spec.rb +34 -8
- data/spec/unit/ssl/inventory_spec.rb +27 -62
- data/spec/unit/ssl/key_spec.rb +4 -4
- data/spec/unit/ssl/oids_spec.rb +48 -0
- data/spec/unit/ssl/validator_spec.rb +49 -6
- data/spec/unit/status_spec.rb +9 -0
- data/spec/unit/transaction/event_spec.rb +1 -9
- data/spec/unit/transaction/report_spec.rb +20 -1
- data/spec/unit/transaction/resource_harness_spec.rb +60 -210
- data/spec/unit/transaction_spec.rb +54 -8
- data/spec/unit/type/component_spec.rb +2 -2
- data/spec/unit/type/exec_spec.rb +14 -7
- data/spec/unit/type/file/content_spec.rb +13 -2
- data/spec/unit/type/file/ctime_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +48 -2
- data/spec/unit/type/file/mtime_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +177 -7
- data/spec/unit/type/file_spec.rb +63 -71
- data/spec/unit/type/group_spec.rb +20 -0
- data/spec/unit/type/k5login_spec.rb +3 -3
- data/spec/unit/type/mount_spec.rb +53 -0
- data/spec/unit/type/nagios_spec.rb +216 -0
- data/spec/unit/type/package_spec.rb +7 -1
- data/spec/unit/type/schedule_spec.rb +6 -0
- data/spec/unit/type/service_spec.rb +3 -3
- data/spec/unit/type/tidy_spec.rb +14 -14
- data/spec/unit/type/user_spec.rb +9 -0
- data/spec/unit/type_spec.rb +86 -4
- data/spec/unit/util/adsi_spec.rb +120 -12
- data/spec/unit/util/autoload_spec.rb +14 -14
- data/spec/unit/util/backups_spec.rb +29 -21
- data/spec/unit/util/checksums_spec.rb +2 -1
- data/spec/unit/util/command_line_spec.rb +41 -0
- data/spec/unit/util/docs_spec.rb +91 -0
- data/spec/unit/util/execution_spec.rb +26 -2
- data/spec/unit/util/filetype_spec.rb +7 -7
- data/spec/unit/util/lockfile_spec.rb +2 -2
- data/spec/unit/util/log/destinations_spec.rb +32 -0
- data/spec/unit/util/monkey_patches_spec.rb +41 -0
- data/spec/unit/util/pidlock_spec.rb +6 -6
- data/spec/unit/util/rdoc/parser_spec.rb +15 -13
- data/spec/unit/util/rdoc_spec.rb +18 -24
- data/spec/unit/util/resource_template_spec.rb +3 -3
- data/spec/unit/util/selinux_spec.rb +4 -2
- data/spec/unit/util/storage_spec.rb +4 -4
- data/spec/unit/util/suidmanager_spec.rb +7 -0
- data/spec/unit/util/tag_set_spec.rb +46 -0
- data/spec/unit/util/tagging_spec.rb +82 -45
- data/spec/unit/util/watcher_spec.rb +4 -1
- data/spec/unit/util/windows/access_control_entry_spec.rb +67 -0
- data/spec/unit/util/windows/access_control_list_spec.rb +133 -0
- data/spec/unit/util/windows/root_certs_spec.rb +10 -8
- data/spec/unit/util/windows/security_descriptor_spec.rb +117 -0
- data/spec/unit/util/windows/sid_spec.rb +69 -0
- data/spec/unit/util_spec.rb +7 -7
- data/tasks/ci.rake +17 -36
- metadata +2811 -2746
- checksums.yaml +0 -7
- data/examples/mac_automount.pp +0 -16
- data/examples/mcx_dock_absent.pp +0 -4
- data/examples/mcx_dock_default.pp +0 -118
- data/examples/mcx_dock_full.pp +0 -125
- data/examples/mcx_dock_invalid.pp +0 -9
- data/examples/mcx_nogroup.pp +0 -118
- data/examples/mcx_notexists_absent.pp +0 -4
- data/ext/rack/README +0 -58
- data/ext/rack/manifest.pp +0 -59
- data/lib/puppet/external/lock.rb +0 -63
- data/lib/puppet/indirector/hiera.rb +0 -39
- data/lib/puppet/parser/functions/foreach.rb +0 -95
- data/spec/integration/network/server/webrick_spec.rb +0 -76
- data/spec/integration/parser/functions_spec.rb +0 -16
- data/spec/unit/indirector/hiera_spec.rb +0 -154
- data/spec/unit/parser/methods/collect_spec.rb +0 -153
- data/spec/unit/parser/methods/foreach_spec.rb +0 -91
- data/spec/unit/parser/methods/reject_spec.rb +0 -73
- data/spec/unit/resource/resource_type.json +0 -34
@@ -0,0 +1,42 @@
|
|
1
|
+
require 'puppet/settings/base_setting'
|
2
|
+
|
3
|
+
# A setting that represents a scheduling priority, and evaluates to an
|
4
|
+
# OS-specific priority level.
|
5
|
+
class Puppet::Settings::PrioritySetting < Puppet::Settings::BaseSetting
|
6
|
+
PRIORITY_MAP =
|
7
|
+
if Puppet::Util::Platform.windows?
|
8
|
+
require 'win32/process'
|
9
|
+
{
|
10
|
+
:high => Process::HIGH_PRIORITY_CLASS,
|
11
|
+
:normal => Process::NORMAL_PRIORITY_CLASS,
|
12
|
+
:low => Process::BELOW_NORMAL_PRIORITY_CLASS,
|
13
|
+
:idle => Process::IDLE_PRIORITY_CLASS
|
14
|
+
}
|
15
|
+
else
|
16
|
+
{
|
17
|
+
:high => -10,
|
18
|
+
:normal => 0,
|
19
|
+
:low => 10,
|
20
|
+
:idle => 19
|
21
|
+
}
|
22
|
+
end
|
23
|
+
|
24
|
+
def type
|
25
|
+
:priority
|
26
|
+
end
|
27
|
+
|
28
|
+
def munge(value)
|
29
|
+
return unless value
|
30
|
+
|
31
|
+
case
|
32
|
+
when value.is_a?(Integer)
|
33
|
+
value
|
34
|
+
when (value.is_a?(String) and value =~ /\d+/)
|
35
|
+
value.to_i
|
36
|
+
when (value.is_a?(String) and PRIORITY_MAP[value.to_sym])
|
37
|
+
PRIORITY_MAP[value.to_sym]
|
38
|
+
else
|
39
|
+
raise Puppet::Settings::ValidationError, "Invalid priority format '#{value.inspect}' for parameter: #{@name}"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
data/lib/puppet/ssl.rb
CHANGED
@@ -44,4 +44,22 @@ DOC
|
|
44
44
|
def unmunged_name
|
45
45
|
self.class.name_from_subject(content.subject)
|
46
46
|
end
|
47
|
+
|
48
|
+
# Any extensions registered with custom OIDs as defined in module
|
49
|
+
# Puppet::SSL::Oids may be looked up here.
|
50
|
+
#
|
51
|
+
# A cert with a 'pp_uuid' extension having the value 'abcd' would return:
|
52
|
+
#
|
53
|
+
# [{ 'oid' => 'pp_uuid', 'value' => 'abcd'}]
|
54
|
+
#
|
55
|
+
# @return [Array<Hash{String => String}>] An array of two element hashes,
|
56
|
+
# with key/value pairs for the extension's oid, and its value.
|
57
|
+
def custom_extensions
|
58
|
+
custom_exts = content.extensions.select do |ext|
|
59
|
+
Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
|
60
|
+
Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
|
61
|
+
end
|
62
|
+
|
63
|
+
custom_exts.map { |ext| {'oid' => ext.oid, 'value' => ext.value} }
|
64
|
+
end
|
47
65
|
end
|
@@ -1,4 +1,3 @@
|
|
1
|
-
require 'monitor'
|
2
1
|
require 'puppet/ssl/host'
|
3
2
|
require 'puppet/ssl/certificate_request'
|
4
3
|
require 'puppet/ssl/certificate_signer'
|
@@ -26,10 +25,9 @@ class Puppet::SSL::CertificateAuthority
|
|
26
25
|
require 'puppet/ssl/inventory'
|
27
26
|
require 'puppet/ssl/certificate_revocation_list'
|
28
27
|
require 'puppet/ssl/certificate_authority/interface'
|
28
|
+
require 'puppet/ssl/certificate_authority/autosign_command'
|
29
29
|
require 'puppet/network/authstore'
|
30
30
|
|
31
|
-
extend MonitorMixin
|
32
|
-
|
33
31
|
class CertificateVerificationError < RuntimeError
|
34
32
|
attr_accessor :error_code
|
35
33
|
|
@@ -39,9 +37,7 @@ class Puppet::SSL::CertificateAuthority
|
|
39
37
|
end
|
40
38
|
|
41
39
|
def self.singleton_instance
|
42
|
-
|
43
|
-
@singleton_instance ||= new
|
44
|
-
end
|
40
|
+
@singleton_instance ||= new
|
45
41
|
end
|
46
42
|
|
47
43
|
class CertificateSigningError < RuntimeError
|
@@ -53,67 +49,56 @@ class Puppet::SSL::CertificateAuthority
|
|
53
49
|
end
|
54
50
|
|
55
51
|
def self.ca?
|
56
|
-
|
57
|
-
|
58
|
-
true
|
52
|
+
# running as ca? - ensure boolean answer
|
53
|
+
!!(Puppet[:ca] && Puppet.run_mode.master?)
|
59
54
|
end
|
60
55
|
|
61
|
-
# If this process can function as a CA, then return a singleton
|
62
|
-
# instance.
|
56
|
+
# If this process can function as a CA, then return a singleton instance.
|
63
57
|
def self.instance
|
64
|
-
|
65
|
-
|
66
|
-
singleton_instance
|
58
|
+
ca? ? singleton_instance : nil
|
67
59
|
end
|
68
60
|
|
69
61
|
attr_reader :name, :host
|
70
62
|
|
71
|
-
#
|
72
|
-
#
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
# If autosign is configured, then autosign all CSRs that match our configuration.
|
80
|
-
def autosign
|
81
|
-
return unless auto = autosign?
|
82
|
-
|
83
|
-
store = nil
|
84
|
-
store = autosign_store(auto) if auto != true
|
85
|
-
|
86
|
-
Puppet::SSL::CertificateRequest.indirection.search("*").each do |csr|
|
87
|
-
if auto == true or store.allowed?(csr.name, "127.1.1.1")
|
88
|
-
Puppet.info "Autosigning #{csr.name}"
|
89
|
-
sign(csr.name)
|
90
|
-
end
|
63
|
+
# If autosign is configured, autosign the csr we are passed.
|
64
|
+
# @param csr [Puppet::SSL::CertificateRequest] The csr to sign.
|
65
|
+
# @return [Void]
|
66
|
+
# @api private
|
67
|
+
def autosign(csr)
|
68
|
+
if autosign?(csr)
|
69
|
+
Puppet.info "Autosigning #{csr.name}"
|
70
|
+
sign(csr.name)
|
91
71
|
end
|
92
72
|
end
|
93
73
|
|
94
|
-
#
|
95
|
-
|
74
|
+
# Determine if a CSR can be autosigned by the autosign store or autosign command
|
75
|
+
#
|
76
|
+
# @param csr [Puppet::SSL::CertificateRequest] The CSR to check
|
77
|
+
# @return [true, false]
|
78
|
+
# @api private
|
79
|
+
def autosign?(csr)
|
96
80
|
auto = Puppet[:autosign]
|
97
|
-
return false if ['false', false].include?(auto)
|
98
|
-
return true if ['true', true].include?(auto)
|
99
81
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
82
|
+
decider = case auto
|
83
|
+
when 'false', false, nil
|
84
|
+
AutosignNever.new
|
85
|
+
when 'true', true
|
86
|
+
AutosignAlways.new
|
87
|
+
else
|
88
|
+
file = Puppet::FileSystem::File.new(auto)
|
89
|
+
if file.executable?
|
90
|
+
Puppet::SSL::CertificateAuthority::AutosignCommand.new(auto)
|
91
|
+
elsif file.exist?
|
92
|
+
AutosignConfig.new(file)
|
93
|
+
else
|
94
|
+
AutosignNever.new
|
95
|
+
end
|
96
|
+
end
|
112
97
|
|
113
|
-
|
98
|
+
decider.allowed?(csr)
|
114
99
|
end
|
115
100
|
|
116
|
-
#
|
101
|
+
# Retrieves (or creates, if necessary) the certificate revocation list.
|
117
102
|
def crl
|
118
103
|
unless defined?(@crl)
|
119
104
|
unless @crl = Puppet::SSL::CertificateRevocationList.indirection.find(Puppet::SSL::CA_NAME)
|
@@ -125,12 +110,12 @@ class Puppet::SSL::CertificateAuthority
|
|
125
110
|
@crl
|
126
111
|
end
|
127
112
|
|
128
|
-
#
|
113
|
+
# Delegates this to our Host class.
|
129
114
|
def destroy(name)
|
130
115
|
Puppet::SSL::Host.destroy(name)
|
131
116
|
end
|
132
117
|
|
133
|
-
#
|
118
|
+
# Generates a new certificate.
|
134
119
|
# @return Puppet::SSL::Certificate
|
135
120
|
def generate(name, options = {})
|
136
121
|
raise ArgumentError, "A Certificate already exists for #{name}" if Puppet::SSL::Certificate.indirection.find(name)
|
@@ -187,7 +172,7 @@ class Puppet::SSL::CertificateAuthority
|
|
187
172
|
20.times { pass += (rand(74) + 48).chr }
|
188
173
|
|
189
174
|
begin
|
190
|
-
Puppet.settings.
|
175
|
+
Puppet.settings.setting(:capass).open('w') { |f| f.print pass }
|
191
176
|
rescue Errno::EACCES => detail
|
192
177
|
raise Puppet::Error, "Could not write CA password: #{detail}"
|
193
178
|
end
|
@@ -222,26 +207,27 @@ class Puppet::SSL::CertificateAuthority
|
|
222
207
|
# Read the next serial from the serial file, and increment the
|
223
208
|
# file so this one is considered used.
|
224
209
|
def next_serial
|
225
|
-
serial =
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
210
|
+
serial = 1
|
211
|
+
Puppet.settings.setting(:serial).exclusive_open('a+') do |f|
|
212
|
+
f.rewind
|
213
|
+
serial = f.read.chomp.hex
|
214
|
+
if serial == 0
|
215
|
+
serial = 1
|
216
|
+
end
|
231
217
|
|
232
|
-
|
233
|
-
|
218
|
+
f.truncate(0)
|
219
|
+
f.rewind
|
234
220
|
|
235
221
|
# We store the next valid serial, not the one we just used.
|
236
222
|
f << "%04X" % (serial + 1)
|
237
|
-
|
223
|
+
end
|
238
224
|
|
239
225
|
serial
|
240
226
|
end
|
241
227
|
|
242
228
|
# Does the password file exist?
|
243
229
|
def password?
|
244
|
-
|
230
|
+
Puppet::FileSystem::File.exist? Puppet[:capass]
|
245
231
|
end
|
246
232
|
|
247
233
|
# Print a given host's certificate as text.
|
@@ -323,8 +309,11 @@ class Puppet::SSL::CertificateAuthority
|
|
323
309
|
|
324
310
|
def check_internal_signing_policies(hostname, csr, allow_dns_alt_names)
|
325
311
|
# Reject unknown request extensions.
|
326
|
-
unknown_req = csr.request_extensions.
|
327
|
-
|
312
|
+
unknown_req = csr.request_extensions.reject do |x|
|
313
|
+
RequestExtensionWhitelist.include? x["oid"] or
|
314
|
+
Puppet::SSL::Oids.subtree_of?('ppRegCertExt', x["oid"], true) or
|
315
|
+
Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', x["oid"], true)
|
316
|
+
end
|
328
317
|
|
329
318
|
if unknown_req and not unknown_req.empty?
|
330
319
|
names = unknown_req.map {|x| x["oid"] }.sort.uniq.join(", ")
|
@@ -393,7 +382,7 @@ class Puppet::SSL::CertificateAuthority
|
|
393
382
|
#
|
394
383
|
# @return [OpenSSL::X509::Store]
|
395
384
|
def x509_store(options = {})
|
396
|
-
if (options[:cache])
|
385
|
+
if (options[:cache])
|
397
386
|
return @x509store unless @x509store.nil?
|
398
387
|
@x509store = create_x509_store
|
399
388
|
else
|
@@ -407,11 +396,13 @@ class Puppet::SSL::CertificateAuthority
|
|
407
396
|
#
|
408
397
|
# @return [OpenSSL::X509::Store]
|
409
398
|
def create_x509_store
|
410
|
-
store = OpenSSL::X509::Store.new
|
411
|
-
store.add_file
|
412
|
-
store.add_crl
|
399
|
+
store = OpenSSL::X509::Store.new()
|
400
|
+
store.add_file(Puppet[:cacert])
|
401
|
+
store.add_crl(crl.content) if self.crl
|
413
402
|
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
414
|
-
|
403
|
+
if Puppet.settings[:certificate_revocation]
|
404
|
+
store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | OpenSSL::X509::V_FLAG_CRL_CHECK
|
405
|
+
end
|
415
406
|
store
|
416
407
|
end
|
417
408
|
private :create_x509_store
|
@@ -472,4 +463,42 @@ class Puppet::SSL::CertificateAuthority
|
|
472
463
|
def waiting?
|
473
464
|
Puppet::SSL::CertificateRequest.indirection.search("*").collect { |r| r.name }
|
474
465
|
end
|
466
|
+
|
467
|
+
# @api private
|
468
|
+
class AutosignAlways
|
469
|
+
def allowed?(csr)
|
470
|
+
true
|
471
|
+
end
|
472
|
+
end
|
473
|
+
|
474
|
+
# @api private
|
475
|
+
class AutosignNever
|
476
|
+
def allowed?(csr)
|
477
|
+
false
|
478
|
+
end
|
479
|
+
end
|
480
|
+
|
481
|
+
# @api private
|
482
|
+
class AutosignConfig
|
483
|
+
def initialize(config_file)
|
484
|
+
@config = config_file
|
485
|
+
end
|
486
|
+
|
487
|
+
def allowed?(csr)
|
488
|
+
autosign_store.allowed?(csr.name, '127.1.1.1')
|
489
|
+
end
|
490
|
+
|
491
|
+
private
|
492
|
+
|
493
|
+
def autosign_store
|
494
|
+
auth = Puppet::Network::AuthStore.new
|
495
|
+
@config.each_line do |line|
|
496
|
+
next if line =~ /^\s*#/
|
497
|
+
next if line =~ /^\s*$/
|
498
|
+
auth.allow(line.chomp)
|
499
|
+
end
|
500
|
+
|
501
|
+
auth
|
502
|
+
end
|
503
|
+
end
|
475
504
|
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require 'puppet/ssl/certificate_authority'
|
2
|
+
|
3
|
+
# This class wraps a given command and invokes it with a CSR name and body to
|
4
|
+
# determine if the given CSR should be autosigned
|
5
|
+
#
|
6
|
+
# @api private
|
7
|
+
class Puppet::SSL::CertificateAuthority::AutosignCommand
|
8
|
+
|
9
|
+
class CheckFailure < Puppet::Error; end
|
10
|
+
|
11
|
+
def initialize(path)
|
12
|
+
@path = path
|
13
|
+
end
|
14
|
+
|
15
|
+
# Run the autosign command with the given CSR name as an argument and the
|
16
|
+
# CSR body on stdin.
|
17
|
+
#
|
18
|
+
# @param name [String] The CSR name to check for autosigning
|
19
|
+
# @return [true, false] If the CSR should be autosigned
|
20
|
+
def allowed?(csr)
|
21
|
+
name = csr.name
|
22
|
+
cmd = [@path, name]
|
23
|
+
|
24
|
+
output = Puppet::FileSystem::Tempfile.open('puppet-csr') do |csr_file|
|
25
|
+
csr_file.write(csr.to_s)
|
26
|
+
csr_file.flush
|
27
|
+
|
28
|
+
execute_options = {:stdinfile => csr_file.path, :combine => true, :failonfail => false}
|
29
|
+
Puppet::Util::Execution.execute(cmd, execute_options)
|
30
|
+
end
|
31
|
+
|
32
|
+
output.chomp!
|
33
|
+
|
34
|
+
Puppet.debug "Autosign command '#{@path}' exit status: #{output.exitstatus}"
|
35
|
+
Puppet.debug "Autosign command '#{@path}' output: #{output}"
|
36
|
+
|
37
|
+
case output.exitstatus
|
38
|
+
when 0
|
39
|
+
true
|
40
|
+
else
|
41
|
+
false
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -4,7 +4,9 @@ module Puppet
|
|
4
4
|
# This class is basically a hidden class that knows how to act on the
|
5
5
|
# CA. Its job is to provide a CLI-like interface to the CA class.
|
6
6
|
class Interface
|
7
|
-
INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint]
|
7
|
+
INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint, :reinventory]
|
8
|
+
|
9
|
+
SUBJECTLESS_METHODS = [:list, :reinventory]
|
8
10
|
|
9
11
|
class InterfaceError < ArgumentError; end
|
10
12
|
|
@@ -12,14 +14,17 @@ module Puppet
|
|
12
14
|
|
13
15
|
# Actually perform the work.
|
14
16
|
def apply(ca)
|
15
|
-
unless subjects
|
17
|
+
unless subjects || SUBJECTLESS_METHODS.include?(method)
|
16
18
|
raise ArgumentError, "You must provide hosts or --all when using #{method}"
|
17
19
|
end
|
18
20
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
21
|
+
# if the interface implements the method, use it instead of the ca's method
|
22
|
+
if respond_to?(method)
|
23
|
+
send(method, ca)
|
24
|
+
else
|
25
|
+
(subjects == :all ? ca.list : subjects).each do |host|
|
26
|
+
ca.send(method, host)
|
27
|
+
end
|
23
28
|
end
|
24
29
|
end
|
25
30
|
|
@@ -66,14 +71,11 @@ module Puppet
|
|
66
71
|
end
|
67
72
|
|
68
73
|
if verify_error
|
69
|
-
|
70
|
-
certs[:invalid][host] = [cert, verify_error]
|
74
|
+
certs[:invalid][host] = [ Puppet::SSL::Certificate.indirection.find(host), verify_error ]
|
71
75
|
elsif signed.include?(host)
|
72
|
-
|
73
|
-
certs[:signed][host] = cert
|
76
|
+
certs[:signed][host] = Puppet::SSL::Certificate.indirection.find(host)
|
74
77
|
else
|
75
|
-
|
76
|
-
certs[:request][host] = req
|
78
|
+
certs[:request][host] = Puppet::SSL::CertificateRequest.indirection.find(host)
|
77
79
|
end
|
78
80
|
end
|
79
81
|
|
@@ -147,7 +149,7 @@ module Puppet
|
|
147
149
|
end
|
148
150
|
end
|
149
151
|
|
150
|
-
#
|
152
|
+
# Signs given certificates or waiting of subjects == :all
|
151
153
|
def sign(ca)
|
152
154
|
list = subjects == :all ? ca.waiting? : subjects
|
153
155
|
raise InterfaceError, "No waiting certificate requests to sign" if list.empty?
|
@@ -156,15 +158,17 @@ module Puppet
|
|
156
158
|
end
|
157
159
|
end
|
158
160
|
|
161
|
+
def reinventory(ca)
|
162
|
+
ca.inventory.rebuild
|
163
|
+
end
|
164
|
+
|
159
165
|
# Set the list of hosts we're operating on. Also supports keywords.
|
160
166
|
def subjects=(value)
|
161
|
-
unless value == :all
|
167
|
+
unless value == :all || value == :signed || value.is_a?(Array)
|
162
168
|
raise ArgumentError, "Subjects must be an array or :all; not #{value}"
|
163
169
|
end
|
164
170
|
|
165
|
-
|
166
|
-
|
167
|
-
@subjects = value
|
171
|
+
@subjects = (value == []) ? nil : value
|
168
172
|
end
|
169
173
|
end
|
170
174
|
end
|